Menu Reference LCOS 10.0

Menu Reference LCOS 10.0
LCOS 10.0
Menu Reference
Menu Reference
Contents
Contents
1 Introduction......................................................................................................................20
1.1 About this documentation.......................................................................................................................20
Components of the documentation...................................................................................................20
LCOS, the operating system of the LANCOM devices.........................................................................21
Validity.............................................................................................................................................21
This documentation was created by…..............................................................................................21
1.2 Configuration with Telnet ........................................................................................................................21
Open Telnet session..........................................................................................................................21
Changing the console language........................................................................................................21
Close the Telnet session....................................................................................................................22
Structure of the command-line interface...........................................................................................22
1.3 Command-line commands.......................................................................................................................22
Parameter overview for the ping command.......................................................................................25
Parameter overview for the trace command......................................................................................27
Overview of IPv6-specific show commands.......................................................................................29
Functions for editing commands.......................................................................................................32
Function keys for the command line..................................................................................................32
Character set for sending SMS..........................................................................................................35
1.4 Configuration with WEBconfig ................................................................................................................36
2 Setup.................................................................................................................................37
2.1 Name.......................................................................................................................................................37
2.2 WAN........................................................................................................................................................37
2.2.2 Dialup-Peers............................................................................................................................37
2.2.3 RoundRobin.............................................................................................................................40
2.2.4 Layer........................................................................................................................................41
2.2.5 PPP..........................................................................................................................................44
2.2.6 Incoming calling numbers........................................................................................................49
2.2.7 Dial prefix ..............................................................................................................................49
2.2.8 Scripts......................................................................................................................................50
2.2.9 Protect.....................................................................................................................................50
2.2.10 Callback attempts..................................................................................................................51
2.2.11 Router interface.....................................................................................................................51
2.2.13 Manual dialing.......................................................................................................................53
2.2.18 Backup-Delay-Seconds...........................................................................................................54
2.2.19 DSL-Broadband-Peers............................................................................................................54
2.2.20 IP-List....................................................................................................................................58
2.2.21 PPTP peers.............................................................................................................................61
2.2.22 RADIUS..................................................................................................................................63
2.2.23 Polling table...........................................................................................................................70
2.2.24 Backup peers.........................................................................................................................73
2
Menu Reference
Contents
2.2.25 Action table...........................................................................................................................74
2.2.26 MTU-List................................................................................................................................79
2.2.30 Additional PPTP gateways......................................................................................................80
2.2.31 PPTP source check...............................................................................................................101
2.2.35 L2TP endpoints....................................................................................................................101
2.2.36 L2TP-Additional-Gateways...................................................................................................105
2.2.37 L2TP-Peers...........................................................................................................................120
2.2.38 L2TP source check................................................................................................................121
2.2.40 DS-Lite-Tunnel.....................................................................................................................121
2.2.45 X.25-Bridge..........................................................................................................................122
2.2.50 EoGRE-Tunnel......................................................................................................................131
2.2.51 GRE-Tunnel..........................................................................................................................134
2.2.53 SSL-for-Action-Table............................................................................................................137
2.2.60 VLANs..................................................................................................................................141
2.3 Charges.................................................................................................................................................142
2.3.1 Budget-Units..........................................................................................................................142
2.3.2 Days-per-Period.....................................................................................................................142
2.3.3 Spare-Units............................................................................................................................143
2.3.4 Router-Units..........................................................................................................................143
2.3.5 Table budget..........................................................................................................................143
2.3.6 Total-Units.............................................................................................................................144
2.3.7 Time-Table.............................................................................................................................144
2.3.8 DSL-Broadband-Minutes-Budget............................................................................................145
2.3.9 Spare-DSL-Broadband-Minutes..............................................................................................145
2.3.10 Router-DSL-Broadband-Budget............................................................................................146
2.3.11 Reserve-DSL-Broadband-Budget..........................................................................................146
2.3.12 Activate-Additional-Budget..................................................................................................146
2.3.13 Dialup-Minutes-Budget........................................................................................................146
2.3.14 Spare-Dialup-Minutes..........................................................................................................147
2.3.15 Dialup-Minutes-Active..........................................................................................................147
2.3.16 Reset-Budgets......................................................................................................................147
2.3.17 Volume-Budgets..................................................................................................................147
2.3.18 Free networks......................................................................................................................149
2.3.19 Budget-Control....................................................................................................................149
2.3.20 Charging-Email....................................................................................................................151
2.4 LAN.......................................................................................................................................................151
2.4.2 MAC-Address.........................................................................................................................151
2.4.3 Heap-Reserve.........................................................................................................................151
2.4.8 Trace-MAC.............................................................................................................................152
2.4.9 Trace-Level.............................................................................................................................152
2.4.10 IEEE802.1x...........................................................................................................................153
2.4.11 Linkup-Report-Delay-ms.......................................................................................................156
2.4.12 HNAT...................................................................................................................................156
2.4.13.11.1 Interface bundling.......................................................................................................157
3
Menu Reference
Contents
2.7 TCP-IP....................................................................................................................................................163
2.7.1 Operating..............................................................................................................................163
2.7.6 Access-List.............................................................................................................................164
2.7.7 DNS-Default...........................................................................................................................165
2.7.8 DNS-Backup...........................................................................................................................165
2.7.9 NBNS-Default........................................................................................................................165
2.7.10 NBNS-Backup......................................................................................................................166
2.7.11 ARP-Aging-Minutes.............................................................................................................166
2.7.16 ARP-Table............................................................................................................................166
2.7.17 Loopback-List.......................................................................................................................168
2.7.20 Non-Loc.-ARP-Replies..........................................................................................................169
2.7.21 Alive-Test.............................................................................................................................169
2.7.22 ICMP-on-ARP-Timeout.........................................................................................................172
2.7.30 Network list.........................................................................................................................172
2.8 IP router................................................................................................................................................176
2.8.1 Operating..............................................................................................................................176
2.8.2 IP-Routing-Table....................................................................................................................176
2.8.5 Proxy-ARP..............................................................................................................................179
2.8.6 Send ICMP redirect................................................................................................................179
2.8.7 Routing method.....................................................................................................................180
2.8.8 RIP.........................................................................................................................................182
2.8.9 1-N-NAT................................................................................................................................200
2.8.10 Firewall................................................................................................................................209
2.8.11 Start-WAN-Pool...................................................................................................................234
2.8.12 Ende-WAN-Pool...................................................................................................................234
2.8.13 Default-Time-List..................................................................................................................234
2.8.14 Usage-Default-Timetable......................................................................................................236
2.8.19 N-N-NAT..............................................................................................................................236
2.8.20 Load balancer......................................................................................................................238
2.8.21 VRRP....................................................................................................................................243
2.8.22 WAN-Tag-Creation...............................................................................................................246
2.8.23 Tag table..............................................................................................................................247
2.9 SNMP....................................................................................................................................................250
2.9.1 Send-Traps.............................................................................................................................250
2.9.3 Administrator.........................................................................................................................250
2.9.4 Location.................................................................................................................................251
2.9.5 Register-Monitor....................................................................................................................251
2.9.6 Delete monitor.......................................................................................................................251
2.9.11 Comment-1..........................................................................................................................251
2.9.12 Comment-2..........................................................................................................................252
2.9.13 Comment-3..........................................................................................................................252
2.9.14 Comment-4..........................................................................................................................252
2.9.16 Comment-5..........................................................................................................................253
2.9.17 Comment-6..........................................................................................................................253
4
Menu Reference
Contents
2.9.18 Comment-7..........................................................................................................................253
2.9.19 Comment-8..........................................................................................................................253
2.9.20 Full host MIB.......................................................................................................................254
2.9.21 Port......................................................................................................................................254
2.9.23 Public-Comment-1...............................................................................................................254
2.9.24 Public-Comment-2...............................................................................................................255
2.9.25 Public-Comment-3...............................................................................................................255
2.9.26 Public-Comment-4...............................................................................................................255
2.9.27 Communities........................................................................................................................255
2.9.28 Groups.................................................................................................................................256
2.9.29 Access..................................................................................................................................258
2.9.30 Views...................................................................................................................................261
2.9.32 SNMPv3-Users....................................................................................................................262
2.9.34 Target-Address.....................................................................................................................265
2.9.35 Target-Params......................................................................................................................266
2.9.37 Admitted-Protocols..............................................................................................................269
2.9.38 Allow admins .....................................................................................................................269
2.9.39 SNMPv3-Admin-Authentication .........................................................................................270
2.9.40 SNMPv3-Admin-Privacy ......................................................................................................270
2.9.41 Operating............................................................................................................................270
2.10 DHCP...................................................................................................................................................271
2.10.6 Max. lease time minutes......................................................................................................271
2.10.7 Default lease time minutes...................................................................................................271
2.10.8 DHCP table..........................................................................................................................272
2.10.9 Hosts...................................................................................................................................274
2.10.10 Alias-List............................................................................................................................275
2.10.18 Ports..................................................................................................................................276
2.10.19 User class identifier............................................................................................................277
2.10.20 Network list.......................................................................................................................277
2.10.21 Additional options.............................................................................................................285
2.10.22 Vendor class identifier........................................................................................................287
2.10.23 RADIUS accounting ...........................................................................................................287
2.10.25 LMC options.......................................................................................................................293
2.11 Config..................................................................................................................................................294
2.11.4 Maximum connections.........................................................................................................294
2.11.5 Config-Aging-Minutes..........................................................................................................294
2.11.6 Language.............................................................................................................................294
2.11.7 Login errors.........................................................................................................................295
2.11.8 Lock minutes........................................................................................................................295
2.11.9 Admin.-EAZ-MSN.................................................................................................................296
2.11.10 Display contrast.................................................................................................................296
2.11.12 WLAN-authentication pages only.......................................................................................296
2.11.13 TFTP client.........................................................................................................................297
2.11.15 Access table.......................................................................................................................299
5
Menu Reference
Contents
2.11.16 Screen height.....................................................................................................................305
2.11.17 Prompt...............................................................................................................................306
2.11.18 LED test.............................................................................................................................306
2.11.20 Cron table..........................................................................................................................307
2.11.21 Admins..............................................................................................................................311
2.11.23 Telnet port.........................................................................................................................314
2.11.27 Predef.-Admins..................................................................................................................314
2.11.28 SSH....................................................................................................................................315
2.11.29 Telnet-SSL..........................................................................................................................321
2.11.31 Anti-theft protection..........................................................................................................326
2.11.32 Reset button......................................................................................................................329
2.11.33 Outband aging minutes.....................................................................................................330
2.11.34 Telnet-Operating...............................................................................................................331
2.11.36 TFTP-Operating ................................................................................................................331
2.11.39 License expiry email...........................................................................................................331
2.11.40 Crash message...................................................................................................................332
2.11.41 Admin gender....................................................................................................................332
2.11.42 Assert action......................................................................................................................332
2.11.43 Function keys.....................................................................................................................333
2.11.45 Configuration date.............................................................................................................334
2.11.50 LL2M.................................................................................................................................334
2.11.51 Sync...................................................................................................................................335
2.11.55 SSL-for-Cron-Table.............................................................................................................342
2.11.60 CPU load interval...............................................................................................................347
2.11.65 Error aging minutes...........................................................................................................347
2.11.71 Save bootlog......................................................................................................................347
2.11.72 Save eventlog....................................................................................................................348
2.11.73 Sort-menu..........................................................................................................................348
2.11.80 Authentication...................................................................................................................349
2.11.81 Radius................................................................................................................................349
2.11.90 LED mode..........................................................................................................................354
2.11.91 LED off seconds.................................................................................................................354
2.11.92 Rollout agent.....................................................................................................................355
2.11.93 Enforce-Password-Rules ...................................................................................................363
2.12 WLAN..................................................................................................................................................364
2.12.3 Heap reserve........................................................................................................................364
2.12.8 Access mode........................................................................................................................364
2.12.12 IAPP protocol.....................................................................................................................365
2.12.13 IAPP-Announce-Interval.....................................................................................................365
2.12.14 IAPP-Handover-Timeout.....................................................................................................365
2.12.26 Inter-SSID-Traffic................................................................................................................366
2.12.27 Supervise stations..............................................................................................................366
2.12.29 RADIUS access check.........................................................................................................367
2.12.36 Country..............................................................................................................................373
6
Menu Reference
Contents
2.12.38 ARP handling.....................................................................................................................373
2.12.41 Mail address......................................................................................................................374
2.12.44 Allow-Illegal-Association-Without-Authentication..............................................................374
2.12.45 RADIUS accounting............................................................................................................375
2.12.46 Indoor-Only-Operation.......................................................................................................379
2.12.47 Idle timeout.......................................................................................................................379
2.12.50 Signal averaging................................................................................................................380
2.12.51 Rate adaption....................................................................................................................381
2.12.60 IAPP-IP-Network................................................................................................................382
2.12.70 VLAN-Groupkey-Mapping..................................................................................................383
2.12.71 VLAN no interstation traffic................................................................................................384
2.12.80 Dual roaming.....................................................................................................................384
2.12.85 SPMK caching....................................................................................................................385
2.12.86 Paket-Capture....................................................................................................................386
2.12.87 Client Steering...................................................................................................................387
2.12.89 Access rules.......................................................................................................................389
2.12.100 Card-Reinit-Cycle.............................................................................................................392
2.12.101 Noise-Calibration-Cycle....................................................................................................392
2.12.103 Trace-MAC.......................................................................................................................393
2.12.105 Therm.-Recal.-Cycle..........................................................................................................393
2.12.109 Noise offsets....................................................................................................................394
2.12.110 Trace level........................................................................................................................395
2.12.111 Noise immunity................................................................................................................396
2.12.114 Aggregate-Retry-Limit......................................................................................................398
2.12.115 Omit-Global-Crypto-Sequence-Check...............................................................................398
2.12.116 Trace packets...................................................................................................................399
2.12.117 WPA-Handshake-Delay-ms...............................................................................................399
2.12.118 WPA-Handshake-Timeout-Override-ms............................................................................399
2.12.120 Rx-Aggregate-Flush-Timeout-ms......................................................................................400
2.12.123 Aggregate-Time-Limit-us..................................................................................................400
2.12.124 Trace-Mgmt-Packets........................................................................................................400
2.12.125 Trace-Data-Packets..........................................................................................................401
2.12.130 DFS..................................................................................................................................401
2.12.131 Blink mode.......................................................................................................................407
2.12.248 Wireless-IDS.....................................................................................................................409
2.13 LANCAPI..............................................................................................................................................424
2.13.1 Access list............................................................................................................................424
2.13.3 UDP port..............................................................................................................................426
2.13.6 Interface list.........................................................................................................................426
2.13.7 Priority list............................................................................................................................428
2.14 Time.....................................................................................................................................................429
2.14.1 Fetch method.......................................................................................................................429
2.14.2 Current time.........................................................................................................................430
2.14.3 Time call number.................................................................................................................430
7
Menu Reference
Contents
2.14.5 Call attempts.......................................................................................................................430
2.14.7 UTC in seconds....................................................................................................................430
2.14.10 Time zone..........................................................................................................................430
2.14.11 Daylight-saving time..........................................................................................................431
2.14.12 DST clock changes.............................................................................................................431
2.14.13 Get time.............................................................................................................................433
2.14.15 Holidays.............................................................................................................................433
2.14.16 Timeframe..........................................................................................................................434
2.15 LCR......................................................................................................................................................435
2.15.1 Router usage.......................................................................................................................435
2.15.2 Lancapi usage......................................................................................................................435
2.15.4 Time list...............................................................................................................................436
2.16 NetBIOS...............................................................................................................................................438
2.16.1 Operating............................................................................................................................438
2.16.2 Scope ID..............................................................................................................................439
2.16.4 remote sites.........................................................................................................................439
2.16.5 Group list.............................................................................................................................440
2.16.6 Host list...............................................................................................................................442
2.16.7 Server list.............................................................................................................................444
2.16.8 Watchdogs...........................................................................................................................446
2.16.9 Update.................................................................................................................................446
2.16.10 WAN-Update-Minutes........................................................................................................447
2.16.11 Validity..............................................................................................................................447
2.16.12 Networks...........................................................................................................................447
2.16.13 Browser list........................................................................................................................448
2.16.14 Support browsing..............................................................................................................450
2.17 DNS.....................................................................................................................................................450
2.17.1 Operating............................................................................................................................451
2.17.2 Domain................................................................................................................................451
2.17.3 DHCP usage.........................................................................................................................451
2.17.4 NetBIOS usage.....................................................................................................................452
2.17.5 DNS-List...............................................................................................................................452
2.17.6 Filter list...............................................................................................................................453
2.17.7 Lease time...........................................................................................................................455
2.17.8 Dyn.-DNS-List.......................................................................................................................456
2.17.9 DNS destinations.................................................................................................................457
2.17.10 Service location list............................................................................................................458
2.17.11 Dynamic SRV list................................................................................................................459
2.17.12 Resolve domain..................................................................................................................460
2.17.13 Sub domains......................................................................................................................460
2.17.14 Forwarder..........................................................................................................................461
2.17.15 Tag configuration...............................................................................................................462
2.17.16 Alias-List ..........................................................................................................................464
2.17.20 Syslog................................................................................................................................465
8
Menu Reference
Contents
2.18 Accounting..........................................................................................................................................468
2.18.1 Operating............................................................................................................................468
2.18.2 Save to flashROM................................................................................................................469
2.18.3 Sort by.................................................................................................................................469
2.18.4 Current user.........................................................................................................................469
2.18.5 Accounting list.....................................................................................................................471
2.18.6 Delete-Accounting-List.........................................................................................................472
2.18.7 Create snapshot...................................................................................................................472
2.18.8 Time snapshot......................................................................................................................473
2.18.9 Last snapshot.......................................................................................................................475
2.18.10 Discriminator.....................................................................................................................476
2.19 VPN.....................................................................................................................................................477
2.19.3 Isakmp.................................................................................................................................477
2.19.4 Proposals.............................................................................................................................480
2.19.5 Certificates and keys............................................................................................................492
2.19.7 Layer....................................................................................................................................495
2.19.8 Operating............................................................................................................................497
2.19.9 VPN peers............................................................................................................................498
2.19.10 AggrMode-Proposal-List-Default........................................................................................504
2.19.11 AggrMode-IKE-Group-Default............................................................................................504
2.19.12 Additional gateways..........................................................................................................505
2.19.13 MainMode-Proposal-List-Default........................................................................................523
2.19.14 MainMode-IKE-Group-Default............................................................................................524
2.19.16 NAT-T-Operating................................................................................................................524
2.19.17 Simple-Cert-RAS-Operating................................................................................................525
2.19.19 QuickMode-Proposal-List-Default.......................................................................................525
2.19.20 QuickMode-PFS-Group-Default..........................................................................................525
2.19.21 QuickMode-Shorthold-Time-Default...................................................................................526
2.19.22 Allow-Remote-Network-Selection.......................................................................................526
2.19.23 Establish-SAs-Collectively...................................................................................................527
2.19.24 Max-Concurrent-Connections.............................................................................................527
2.19.25 Flexible-ID-Comparison......................................................................................................528
2.19.26 NAT-T port for rekeying......................................................................................................528
2.19.27 SSL encapsulation allowed.................................................................................................528
2.19.28 myVPN...............................................................................................................................529
2.19.30 Anti-Replay-Window-Size...................................................................................................534
2.19.35 Networks...........................................................................................................................534
2.19.36 IKEv2.................................................................................................................................538
2.19.64 OCSP-Client.......................................................................................................................576
2.20 LAN-Bridge..........................................................................................................................................576
2.20.1 Protocol version...................................................................................................................577
2.20.2 Bridge priority......................................................................................................................577
2.20.4 Encapsulation table.............................................................................................................577
2.20.5 Max-Age..............................................................................................................................578
9
Menu Reference
Contents
2.20.6 Hello-Time...........................................................................................................................578
2.20.7 Forward delay......................................................................................................................579
2.20.8 Isolated mode......................................................................................................................579
2.20.10 Protocol table....................................................................................................................579
2.20.11 Port data............................................................................................................................584
2.20.12 Aging time.........................................................................................................................587
2.20.13 Priority mapping................................................................................................................587
2.20.20 Spanning tree....................................................................................................................588
2.20.30 IGMP snooping..................................................................................................................593
2.20.40 DHCP-Snooping.................................................................................................................599
2.20.41 DHCPv6-Snooping..............................................................................................................602
2.20.42 RA-Snooping......................................................................................................................605
2.20.43 PPPoE snooping.................................................................................................................606
2.21 HTTP....................................................................................................................................................609
2.21.1 Document root.....................................................................................................................609
2.21.2 Page headers.......................................................................................................................610
2.21.3 Font family...........................................................................................................................610
2.21.5 Page headers.......................................................................................................................610
2.21.6 Error page style....................................................................................................................611
2.21.7 Port......................................................................................................................................611
2.21.9 Max-Tunnel-Connections.....................................................................................................611
2.21.10 Tunnel-Idle-Timeout...........................................................................................................612
2.21.11 Session timeout..................................................................................................................612
2.21.13 Standard design.................................................................................................................612
2.21.14 Show device information....................................................................................................613
2.21.14.2 Position...........................................................................................................................614
2.21.16 Keep-Server-Ports-Open.....................................................................................................615
2.21.20 Rollout-Wizard...................................................................................................................616
2.21.21 Max-HTTP-Job-Count.........................................................................................................623
2.21.22 Disable-Password-Autocompletion.....................................................................................623
2.21.30 File server..........................................................................................................................623
2.21.40 SSL.....................................................................................................................................624
2.22 SYSLOG................................................................................................................................................629
2.22.1 Operating............................................................................................................................629
2.22.2 SYSLOG table.......................................................................................................................630
2.22.3 Facility-Mapper....................................................................................................................632
2.22.4 Port......................................................................................................................................633
2.22.5 Messages-Table-Order.........................................................................................................633
2.22.6 Backup interval....................................................................................................................634
2.22.7 Backup active.......................................................................................................................634
2.22.8 Log-CLI-Changes..................................................................................................................634
2.22.9 Max-Message-Age...............................................................................................................635
2.22.10 Remove-Old-Messages.......................................................................................................635
2.22.11 Max. age unit....................................................................................................................635
10
Menu Reference
Contents
2.22.12 Critical prio........................................................................................................................636
2.23 Interfaces.............................................................................................................................................636
2.23.1 S0........................................................................................................................................637
2.23.4 DSL......................................................................................................................................639
2.23.6 ADSL interface.....................................................................................................................642
2.23.7 Modem-Mobile....................................................................................................................644
2.23.8 VDSL....................................................................................................................................646
2.23.18 Permanent L1 activation....................................................................................................648
2.23.19 PCM-SYNC-SOURCE...........................................................................................................649
2.23.20 WLAN................................................................................................................................649
2.23.21 LAN interfaces...................................................................................................................786
2.23.30 Ethernet ports....................................................................................................................790
2.23.40 Modem..............................................................................................................................794
2.23.41 3G/4G................................................................................................................................798
2.23.51 Analog .............................................................................................................................806
2.23.52 Monitor-Capacity...............................................................................................................808
2.23.90 Bluetooth ..........................................................................................................................808
2.24 Public-Spot-Module.............................................................................................................................812
2.24.1 Authentication mode...........................................................................................................812
2.24.2 User table............................................................................................................................812
2.24.3 Provider table......................................................................................................................814
2.24.5 Traffic limit bytes.................................................................................................................819
2.24.6 Server subdir........................................................................................................................820
2.24.7 Accounting cycle..................................................................................................................820
2.24.8 Page table...........................................................................................................................820
2.24.9 Roaming secret....................................................................................................................822
2.24.12 Communication port..........................................................................................................823
2.24.14 Idle timeout.......................................................................................................................823
2.24.15 Port table...........................................................................................................................823
2.24.16 Auto-Cleanup-User-Table...................................................................................................824
2.24.17 Provide server database.....................................................................................................824
2.24.18 Disallow multiple login......................................................................................................825
2.24.19 Add user wizard.................................................................................................................825
2.24.20 VLAN table.........................................................................................................................834
2.24.21 Login-Page-Type................................................................................................................835
2.24.22 Device hostname................................................................................................................835
2.24.23 MAC address table.............................................................................................................836
2.24.24 MAC-Address-Check-Provider............................................................................................837
2.24.25 MAC-Address-Check-Cache-Time.......................................................................................837
2.24.26 Station-Table-Limit.............................................................................................................837
2.24.30 Free server.........................................................................................................................838
2.24.31 Free networks....................................................................................................................838
2.24.32 Free-Hosts-Minimum-TTL...................................................................................................839
2.24.33 Login text...........................................................................................................................840
11
Menu Reference
Contents
2.24.34 WAN connection................................................................................................................840
2.24.35 Print-Logo-And-Headerboard.............................................................................................840
2.24.36 User-Must-Accept-GTC.......................................................................................................841
2.24.37 Print-Logout-Link...............................................................................................................841
2.24.38 LBS-Tracking......................................................................................................................842
2.24.39 LBS tracking list.................................................................................................................842
2.24.40 XML interface....................................................................................................................842
2.24.41 Authentication modules.....................................................................................................843
2.24.42 WISPr.................................................................................................................................873
2.24.43 Advertisement....................................................................................................................876
2.24.44 Manage user wizard..........................................................................................................879
2.24.47 Check origin VLAN.............................................................................................................886
2.24.48 Circuit-IDs..........................................................................................................................886
2.24.49 Brute force protection........................................................................................................887
2.24.50 Auto-Re-Login....................................................................................................................888
2.24.51 Redirect TLS connections....................................................................................................890
2.24.52 Monitor-Capacity .............................................................................................................890
2.24.53 SSL for page table..............................................................................................................891
2.24.55 Accept CoA........................................................................................................................895
2.24.60 Login text...........................................................................................................................895
2.24.61 Login instructions..............................................................................................................896
2.25 RADIUS................................................................................................................................................897
2.25.4 Auth.-Timeout......................................................................................................................897
2.25.5 Auth.-Retry..........................................................................................................................897
2.25.9 Backup-Query-Strategy........................................................................................................898
2.25.10 Server................................................................................................................................898
2.25.19 Dyn-Auth...........................................................................................................................932
2.25.20 RADSEC.............................................................................................................................937
2.26 NTP......................................................................................................................................................941
2.26.2 Operating............................................................................................................................941
2.26.3 BC-Mode..............................................................................................................................941
2.26.4 BC-Interval...........................................................................................................................942
2.26.7 RQ-Interval..........................................................................................................................942
2.26.11 RQ-Address........................................................................................................................942
2.26.12 RQ tries..............................................................................................................................943
2.27 Mail.....................................................................................................................................................944
2.27.1 SMTP server.........................................................................................................................944
2.27.2 SMTP port............................................................................................................................944
2.27.3 POP3 server.........................................................................................................................944
2.27.4 POP3 port............................................................................................................................945
2.27.5 User name...........................................................................................................................945
2.27.6 Password.............................................................................................................................945
2.27.7 E-mail sender.......................................................................................................................946
2.27.8 Send again (min)..................................................................................................................946
12
Menu Reference
Contents
2.27.9 Hold time (hrs.)....................................................................................................................946
2.27.10 Buffers...............................................................................................................................947
2.27.11 Loopback-Addr..................................................................................................................947
2.27.12 SMTP-use-TLS....................................................................................................................947
2.27.13 SMTP-Authentication.........................................................................................................948
2.30 IEEE802.1x...........................................................................................................................................948
2.30.3 RADIUS server......................................................................................................................949
2.30.4 Ports....................................................................................................................................951
2.30.11 Supplicant-Setup ..............................................................................................................955
2.31 PPPoE-Server.......................................................................................................................................959
2.31.1 Operating............................................................................................................................959
2.31.2 Name list.............................................................................................................................960
2.31.3 Service.................................................................................................................................960
2.31.4 Session limit.........................................................................................................................961
2.31.5 Ports....................................................................................................................................961
2.31.6 AC-Name.............................................................................................................................962
2.32 VLAN...................................................................................................................................................962
2.32.1 Networks.............................................................................................................................962
2.32.2 Port table.............................................................................................................................964
2.32.4 Operating............................................................................................................................966
2.32.5 Tag value.............................................................................................................................966
2.33 Call-Manager.......................................................................................................................................967
2.33.1 Operating............................................................................................................................967
2.33.2 General................................................................................................................................967
2.33.3 Users....................................................................................................................................978
2.33.4 Lines..................................................................................................................................1004
2.33.5 Call router..........................................................................................................................1033
2.33.7 Groups...............................................................................................................................1039
2.33.8 Logging.............................................................................................................................1042
2.33.10 DECT................................................................................................................................1043
2.33.11 SIP server .......................................................................................................................1046
2.34 Printer................................................................................................................................................1052
2.34.1 Printer................................................................................................................................1052
2.34.2 Access list..........................................................................................................................1054
2.35 ECHO server.......................................................................................................................................1055
2.35.1 Operating..........................................................................................................................1055
2.35.2 Access table.......................................................................................................................1056
2.35.3 TCP timeout.......................................................................................................................1057
2.36 Performance monitoring....................................................................................................................1058
2.36.2 RttMonAdmin....................................................................................................................1058
2.36.3 RttMonEchoAdmin.............................................................................................................1059
2.36.4 RttMonStatistics.................................................................................................................1061
2.37 WLAN management...........................................................................................................................1065
2.37.1 AP configuration................................................................................................................1066
13
Menu Reference
Contents
2.37.5 CAPWAP-Port.....................................................................................................................1188
2.37.6 Autoaccept-AP...................................................................................................................1189
2.37.7 Accept-AP..........................................................................................................................1189
2.37.8 Provide-default-configuration............................................................................................1190
2.37.9 Disconnect AP....................................................................................................................1191
2.37.10 News...............................................................................................................................1191
2.37.19 Start-automatic-radio-field-optimization..........................................................................1194
2.37.21 Access rules.....................................................................................................................1195
2.37.27 Central firmware management.........................................................................................1198
2.37.29 Allow WAN connections...................................................................................................1207
2.37.30 Sync-WTP-Password.........................................................................................................1208
2.37.31 Interval-for-status-table-cleanup......................................................................................1208
2.37.32 License count...................................................................................................................1208
2.37.33 License limit.....................................................................................................................1208
2.37.34 WLC cluster......................................................................................................................1209
2.37.35 RADIUS-Server-Profiles.....................................................................................................1213
2.37.36 CAPWAP-Operating.........................................................................................................1216
2.37.37 Preference........................................................................................................................1216
2.37.40 Client Steering.................................................................................................................1217
2.38 LLDP..................................................................................................................................................1221
2.38.1 Message-TX-Interval..........................................................................................................1221
2.38.2 Message-Tx-Hold-Multiplier...............................................................................................1221
2.38.3 Reinit-Delay.......................................................................................................................1222
2.38.4 TX delay.............................................................................................................................1222
2.38.5 Notification-Interval...........................................................................................................1222
2.38.6 Ports..................................................................................................................................1223
2.38.7 Management-Addresses....................................................................................................1225
2.38.8 Protocols............................................................................................................................1226
2.38.9 Immediate delete...............................................................................................................1227
2.38.10 Operating........................................................................................................................1227
2.39 Certificates.........................................................................................................................................1228
2.39.1 SCEP-Client........................................................................................................................1228
2.39.2 SCEP-CA.............................................................................................................................1240
2.39.3 CRLs...................................................................................................................................1270
2.39.6 OCSP-Client.......................................................................................................................1272
2.40 GPS....................................................................................................................................................1276
2.40.1 Operating..........................................................................................................................1276
2.41 UTM...................................................................................................................................................1276
2.41.2 Content-Filter.....................................................................................................................1277
2.42 ADSL..................................................................................................................................................1327
2.42.1 Trace mode........................................................................................................................1327
2.44 CWMP...............................................................................................................................................1328
2.44.2 Operating..........................................................................................................................1328
2.44.3 Allow file download...........................................................................................................1328
14
Menu Reference
Contents
2.44.4 Inform retry limit................................................................................................................1329
2.44.5 Source address...................................................................................................................1329
2.44.6 ACS URL.............................................................................................................................1330
2.44.7 ACS username....................................................................................................................1330
2.44.8 ACS password....................................................................................................................1330
2.44.9 Periodic inform activated...................................................................................................1330
2.44.10 Periodic inform interval....................................................................................................1331
2.44.11 Periodic inform time.........................................................................................................1331
2.44.12 Connection request username..........................................................................................1332
2.44.13 Updates managed............................................................................................................1332
2.44.14 Allow user change...........................................................................................................1332
2.44.18 Data model ....................................................................................................................1333
2.44.19 Local port.......................................................................................................................1333
2.44.20 Connection request password ........................................................................................1333
2.44.23 Configuration managed .................................................................................................1333
2.44.26 SSL...................................................................................................................................1334
2.45 SLA monitor......................................................................................................................................1338
2.45.1 ICMP ................................................................................................................................1338
2.45.2 Event count.......................................................................................................................1343
2.45.3 Startup delay ...................................................................................................................1344
2.52 COM-Ports.........................................................................................................................................1344
2.52.1 Devices..............................................................................................................................1344
2.52.2 COM-port server................................................................................................................1345
2.52.3 WAN..................................................................................................................................1355
2.53 Temperature-Monitor.........................................................................................................................1356
2.53.1 Upper-Limit-Degrees..........................................................................................................1356
2.53.2 Lower-Limit-Degrees..........................................................................................................1356
2.54 TACACS+...........................................................................................................................................1356
2.54.2 Authorization.....................................................................................................................1357
2.54.3 Accounting........................................................................................................................1357
2.54.6 Shared Secret.....................................................................................................................1357
2.54.7 Encryption..........................................................................................................................1358
2.54.9 Server................................................................................................................................1358
2.54.10 Fallback to local users......................................................................................................1359
2.54.11 SNMP-GET-Requests-Authorisation..................................................................................1360
2.54.12 SNMP-GET-Requests-Accounting.....................................................................................1360
2.54.13 Bypass-Tacacs-for-CRON-scripts-action-table...................................................................1361
2.54.14 Include-value-into-authorisation-request.........................................................................1361
2.56 Autoload............................................................................................................................................1362
2.56.1 Firmware-and-Loader.........................................................................................................1362
2.56.2 Config-and-script...............................................................................................................1363
2.59 WLAN management...........................................................................................................................1363
2.59.1 Static-WLC-Configuration...................................................................................................1363
2.59.4 AutoWDS...........................................................................................................................1365
15
Menu Reference
Contents
2.59.5 CAPWAP-Port.....................................................................................................................1367
2.59.6 Log events.........................................................................................................................1367
2.59.6 Log events.........................................................................................................................1368
2.60 Autoload............................................................................................................................................1368
2.60.1 Network.............................................................................................................................1368
2.60.3 License...............................................................................................................................1376
2.60.56 USB..................................................................................................................................1379
2.63 Paket-Capture....................................................................................................................................1380
2.63.1 LCOSCap-Operating...........................................................................................................1380
2.63.2 LCOSCap-Port....................................................................................................................1381
2.63.11 RPCap-Operating.............................................................................................................1381
2.63.12 RPCap-Port......................................................................................................................1381
2.64 PMS-Interface....................................................................................................................................1382
2.64.1 Operating..........................................................................................................................1382
2.64.2 PMS-Type...........................................................................................................................1382
2.64.3 PMS server IP address........................................................................................................1382
2.64.4 Loopback address..............................................................................................................1383
2.64.5 PMS port............................................................................................................................1383
2.64.6 Separator...........................................................................................................................1383
2.64.7 Charset..............................................................................................................................1384
2.64.8 Currency............................................................................................................................1384
2.64.10 Accounting......................................................................................................................1385
2.64.11 Login form.......................................................................................................................1386
2.64.12 Guest-name-case-sensitive...............................................................................................1390
2.64.13 Multi-Login......................................................................................................................1390
2.64.15 Rate ...............................................................................................................................1390
2.70 IPv6...................................................................................................................................................1392
2.70.1 Tunnel................................................................................................................................1393
2.70.2 Router-Advertisement........................................................................................................1403
2.70.3 DHCPv6.............................................................................................................................1417
2.70.4 Network.............................................................................................................................1436
2.70.5 Firewall..............................................................................................................................1441
2.70.6 LAN interfaces...................................................................................................................1465
2.70.7 WAN interfaces..................................................................................................................1469
2.70.10 Operating........................................................................................................................1474
2.70.11 Forwarding......................................................................................................................1474
2.70.12 Router..............................................................................................................................1474
2.70.13 ICMPv6............................................................................................................................1476
2.70.14 RAS interface...................................................................................................................1477
2.71 IEEE802.11u......................................................................................................................................1480
2.71.1 ANQP profiles....................................................................................................................1481
2.71.3 Venue name.......................................................................................................................1483
2.71.4 Cellular-Network-Information-List......................................................................................1485
2.71.5 Network-Authentication-Type............................................................................................1486
16
Menu Reference
Contents
2.71.6 ANQP-General...................................................................................................................1487
2.71.7 Hotspot2.0.........................................................................................................................1492
2.71.8 Auth parameter..................................................................................................................1496
2.71.9 NAI realms.........................................................................................................................1497
2.83 SMS...................................................................................................................................................1499
2.83.1 SMSC address....................................................................................................................1499
2.83.2 Inbox limit.........................................................................................................................1500
2.83.3 Outbox limit.......................................................................................................................1500
2.83.4 Outbox preservation...........................................................................................................1501
2.83.5 Mail-Forward-Addr............................................................................................................1501
2.83.6 SMS-Forward-Addr............................................................................................................1501
2.83.7 SMS-Forward-Limit............................................................................................................1502
2.83.8 Syslog................................................................................................................................1502
2.83.9 Max-Send-Attempts ..........................................................................................................1502
2.88 Wireless ePaper.................................................................................................................................1503
2.88.1 Operating..........................................................................................................................1503
2.88.2 Port....................................................................................................................................1503
2.88.3 Channel.............................................................................................................................1504
2.93 Routing protocols..............................................................................................................................1504
2.93.1 BGP...................................................................................................................................1504
2.93.2 Route monitor....................................................................................................................1554
2.96 Iperf...................................................................................................................................................1557
2.96.1 Server daemon...................................................................................................................1557
2.96.2 IPv4-WAN-Access..............................................................................................................1558
2.96.3 IPv4-Access-List.................................................................................................................1559
2.97 Battery Pack.......................................................................................................................................1560
2.97.1 Operating..........................................................................................................................1560
2.97.2 E-mail address...................................................................................................................1560
2.97.3 Restart...............................................................................................................................1561
2.97.4 Alerting..............................................................................................................................1561
2.97.5 Discharge...........................................................................................................................1562
2.100 LBS..................................................................................................................................................1562
2.100.1 Operating........................................................................................................................1563
2.100.2 Description......................................................................................................................1563
2.100.3 Floor................................................................................................................................1563
2.100.4 Height..............................................................................................................................1564
2.100.5 Coordinates.....................................................................................................................1564
2.100.6 LBS server address...........................................................................................................1565
2.100.7 LBS server port.................................................................................................................1565
2.100.9 TLS client settings............................................................................................................1565
2.100.10 Loopback address..........................................................................................................1569
2.100.11 Cache operating.............................................................................................................1569
2.100.12 Cache size......................................................................................................................1570
2.100.13 User name ...................................................................................................................1570
17
Menu Reference
Contents
2.100.14 Password......................................................................................................................1570
2.100.15 Aggregation .................................................................................................................1570
2.100.16 Measurements-Fields....................................................................................................1571
2.101 Layer-7 app detection......................................................................................................................1574
2.101.1 Operating........................................................................................................................1574
2.101.2 IP port applications..........................................................................................................1574
2.101.4 Port table.........................................................................................................................1575
2.101.5 Status-Update-In-Minute.................................................................................................1576
2.101.6 Max queue length............................................................................................................1576
2.101.7 Reset statistics.................................................................................................................1577
2.101.8 HTTP-HTTPS tracking........................................................................................................1577
2.101.11 VLAN.............................................................................................................................1578
2.101.12 Save-In-Min...................................................................................................................1579
2.102 LMC.................................................................................................................................................1579
2.102.1 Operating........................................................................................................................1579
2.102.7 Delete certificate..............................................................................................................1580
2.102.12 Loopback address..........................................................................................................1580
2.102.13 Configuration via DHCP.................................................................................................1580
2.102.14 DHCP status...................................................................................................................1581
2.102.15 LMC domain.................................................................................................................1581
2.103 Provisioning server .........................................................................................................................1582
2.103.1 Operating.......................................................................................................................1582
2.103.2 Port ................................................................................................................................1582
2.103.3 Url .................................................................................................................................1582
2.103.4 Url-via-DHCP ..................................................................................................................1583
2.103.5 Secure port ....................................................................................................................1583
2.103.6 Polling-In-Minutes..........................................................................................................1583
2.103.7 Update server ................................................................................................................1584
2.104 Bonjour proxy..................................................................................................................................1584
2.104.1 Operating........................................................................................................................1584
2.104.2 Query client interval.........................................................................................................1584
2.104.3 Network list.....................................................................................................................1585
2.104.4 Service list........................................................................................................................1587
2.104.5 Services............................................................................................................................1587
2.104.6 Query client.....................................................................................................................1588
2.104.7 Instance limit...................................................................................................................1590
2.104.8 Auto-query services..........................................................................................................1590
2.200 Sip-Alg.............................................................................................................................................1590
2.200.1 Operating........................................................................................................................1591
2.200.2 Firewall-Overrule..............................................................................................................1591
3 Firmware.......................................................................................................................1592
3.1 Version table........................................................................................................................................1592
3.1.1 Ifc........................................................................................................................................1592
3.1.2 Module................................................................................................................................1592
18
Menu Reference
Contents
3.1.3 Version................................................................................................................................1592
3.1.4 Serial number.......................................................................................................................1592
3.2 Table-Firmsafe.....................................................................................................................................1593
3.2.1 Position................................................................................................................................1593
3.2.2 Status..................................................................................................................................1593
3.2.3 Version................................................................................................................................1593
3.2.4 Date.....................................................................................................................................1594
3.2.5 Size......................................................................................................................................1594
3.2.6 Index...................................................................................................................................1594
3.3 Mode firmsafe.....................................................................................................................................1594
3.4 Timeout-Firmsafe.................................................................................................................................1595
3.5 Secure upload......................................................................................................................................1595
3.5.4 LTK hash..............................................................................................................................1596
3.7 Feature-Word.......................................................................................................................................1596
4 Other.............................................................................................................................1597
4.1 Manual dialing....................................................................................................................................1597
4.1.1 Establish..............................................................................................................................1597
4.1.2 Disconnect...........................................................................................................................1597
4.1.4 Test call...............................................................................................................................1597
4.2 System-Boot.........................................................................................................................................1598
4.5 Cold boot.............................................................................................................................................1598
4.6 Call-Manager.......................................................................................................................................1598
4.6.1 Line......................................................................................................................................1598
4.6.2 Groups.................................................................................................................................1598
4.7 Flash restore........................................................................................................................................1599
4.8 Enable-Tests........................................................................................................................................1599
19
Menu Reference
1 Introduction
1 Introduction
1.1 About this documentation
Components of the documentation
The documentation of your device consists of the following parts:
Installation Guide
The Quickstart user guide answers the following questions:
a
a
a
a
a
a
Which software has to be installed to carry out a configuration?
How is the device connected up?
How can the device be contacted with LANconfig, WEBconfig or via the serial interface?
How do I start the Setup Wizard (e. g. to set up Internet access)?
How do I reset the device?
Where can I find information and support?
User Manual or Quick Reference Guide
The User Manual or the Quick Reference contains all of the information required to setup your device quickly. It also
contains all of the important technical specifications.
Manual on PBX functions (only for models with VoIP support)
The PBX Functions manual gives you detailed step-by-step instructions on commissioning a VoIP router as a PBX (private
branch exchange) for a single location. Also described are the main operating instructions for users, and how to connect
terminal equipment.
Reference manual
The Reference Manual goes into detail on topics that apply to a variety of models. The descriptions in the Reference
Manual are based predominantly to the configuration with LANconfig. Also given for each LANconfig dialog is the
corresponding path to find the parameters when working with WEBconfig, for example:
LANconfig: Wireless LAN / 802.11i/WEP / WPA or Private WEP settings
WEBconfig: LCOS Menu Tree / Setup / Interfaces / WLAN / Encryption
The paths for configuration via CLI/Telnet can be derived from this and are therefore not listed explicitly listed. The Telnet
path to the encryption setting is, for example:
cd /Setup/Interfaces/WLAN/Encryption
Menu Reference
The Menu Reference comprehensively describes all of the parameters in LCOS, the operating system used by the devices.
This guide is an aid to users during the configuration of devices by means of WEBconfig or the telnet console. The
parameters are listed in the alphabetical order of the paths as they appear when carrying out a configuration with
WEBconfig. Each parameter is described briefly and the possible values for input are listed, as are the default values.
5
20
All documents for your product which are not shipped in printed form are available as a PDF file from
www.lancom.eu/en/download or on the data medium supplied with your product.
Menu Reference
1 Introduction
LCOS, the operating system of the LANCOM devices
All routers, gateways, controllers and access points from LANCOM Systems work with the same operating system: LCOS.
A proprietary development of LANCOM, this operating system is highly resistant to external attack and provides a high
level of security.
The consistent use of LCOS also ensures that operation is easy and uniform between products. The extensive feature set
with all products is immediately available. Free, regular software updates are constantly under development.
Validity
This Menu Reference Guide applies to all devices with firmware version 8.82 or later.
The functions and settings described in this Menu Reference Guide are not all supported by all models or all firmware
versions.
This documentation was created by…
...members of our staff from a variety of departments in order to ensure you the best possible support when using your
product. If you should find any mistakes, have a criticism, or wish to suggest any improvements, please do not hesitate
to contact us.
E-Mail: [email protected]
5
If you have any questions on the content in this manual, or if you require any further support, our Internet server
www.lancom.eu is available to you around the clock. The 'Support' section will help you with many answers to
frequently asked questions (FAQs). Furthermore, the knowledge base offers you a large reserve of information.
The latest drivers, firmware, utilities and documentation are constantly available for download. You can also
refer to LANCOM support. For telephone numbers and contact addresses for LANCOM Support, please refer to
the enclosed leaflet or the LANCOM Web site.
1.2 Configuration with Telnet
Open Telnet session
To commence the configuration, start Telnet from the Windows command line with command:
a C:\>telnet 10.0.0.1
Telnet establishes a connection to the device with the IP address entered.
After entering the password (assuming one has been set to protect the configuration) all of the configuration commands
are available to you.
5
Linux and Unix additionally support Telnet sessions via SSL-encrypted connections. Depending on the distribution
it may be necessary to replace the standard Telnet application with an SSL-capable version. Start the encrypted
Telnet connection with the following command:
a C:\>telnet -z ssl 10.0.0.1 telnets
Changing the console language
Terminal mode is available in English or German. The devices are set with English as the standard console language. .
If necessary, change the console language with the following commands:
WEBconfig: /Setup/Config-Module/Language
21
Menu Reference
1 Introduction
Close the Telnet session
To close the Telnet session, enter the command exit at the command prompt:
a C:\>exit
Structure of the command-line interface
The command-line interface is always structured as follows:
a Status
Contains the status and statistics of all internal modules in the device
a Setup
Contains all adjustable parameters of all internal modules in the device
a Firmware
Contains the firmware management
a Other
Contains actions for establishing and terminating connections, reset, reboot and upload.
1.3 Command-line commands
The command-line interface can be operated with the following DOS- or UNIX-style commands. The LCOS menu commands
that are available to you can be displayed at any time by entering HELP at the command line.
5
Supervisor rights are necessary to execute some commands.
Command
Description
beginscript
Resets the console session to script mode. In this state, commands entered are not transferred
directly to the device's configuration RAM but initially to the device's script memory.
cd [PATH]
Switch to the current directory.
Various abbreviations can be used, such as replacing " cd ../.." with "cd ...", etc.
default [-r] [PATH]
22
Resets individual parameters, tables or entire menu trees back to their default configuration.
If PATH indicates a branch of the menu tree, then the option -r (recursive) must be
entered.
Menu Reference
1 Introduction
Command
Description
del [PATH]*
Deletes the table in the branch of the menu tree defined with Path.
deletebootlog
Clears the contents of the persistent boot log memory.
dir [PATH] list [PATH] ls [PATH] ll
[PATH]
Displays the current directory content.
do [PATH] [<Parameter>]
Executes the action [PATH] in the current directory. Other parameters can be entered in
addition.
echo <ARG>...
Display argument on console
exit/quit/x
Ends the command line session
feature <code>
Activation of a software feature with the feature code as entered
flash Yes/No
Changes to the configuration using commands in the command line are written directly to
the boot-resistant Flash memory of the devices as standard (flash yes). If updating the
configuration is suppressed in Flash (flash no), changes are only stored in RAM (deleted on
booting).
getenv <NAME>
Display environment variable (no line feed)
history
Displays a list of recently executed commands. Command !# can be used to directly call
the list commands using their number (#): For example, !3 runs the third list command.
killscript
Deletes the script session contents yet to be processed. The script session is selected by its
name.
loadconfig
Load configuration into device via TFTP client
loadfirmware
Load firmware into device via TFTP client
loadscript
Load script into device via TFTP client
passwd
Change password
passwd -n new [old]
Change password (no prompt)
ping [IP address or name]
Sends an ICMP echo request to the IP address specified. For more information about the
command and the specifics of pinging IPv6 addresses, see the section Parameter overview
for the ping command on page 25.
ping -6 [IPv6 address]%[Scope]
The suffix parameter "-a" lists the SNMP IDs associated with the content of the query. The
output begins with the SNMP ID of the device followed by the SNMP ID of the current menu.
The SNMP IDs of the subordinate items can be read from the individual entries.
printenv
Display the entire environment
readconfig
Display of the entire configuration in the device syntax
readmib
Display of the SNMP Management Information Base
readscript [-n] [-d] [-c] [-m] [PATH]
In a console session, the readscript command generates a text dump of all commands and
parameters required to configure the device in its current state.
Release [ -x] <Interface 1> ...
<Interface n>
The DHCPv6 client returns its IPv6 address and/or its prefix to the DHCPv6 server. It then
submits a new request for an address or prefix to the DHCPv6 server. Depending on the
provider, the server assigns a new address to the client, or reassigns the previous one.
Whether the client receives a different address or prefix is determined solely by the server.
The option switch -x suppresses the confirmation message.
The * wildcard applies the command on all of the interfaces and prefix delegations.
repeat <INTERVAL> <Command>
Release IPv6 address: Repeats the command every INTERVAL seconds until the process is
ended with new input
sleep [-u] value[suffix]
Delays the processing of configuration commands by a particular time or terminates them
at a particular time. Valid suffixes are s, m and h for seconds, minutes and hours. If no
suffix is defined, the command uses milliseconds. With option switch -u, the sleep command
23
Menu Reference
1 Introduction
Command
Description
accepts times in format MM/DD/YYYY hh:mm:ss (English) or in format
TT.MM.JJJJ hh:mm:ss (German). Times will only be accepted if the system time
has been set.
stop
Ends the PING command
set [PATH] <value(s)>
Sets a configuration parameter to a particular value.
If the configuration parameter is a table value, a value must be specified for each column.
Entering the * character leaves any existing table entry unchanged.
set [PATH] ?
Listing of the possible input values for a configuration parameter.
If no name is specified, the possible input values for all configuration parameters in the
current directory are listed.
setenv <NAME> <VALUE>
Set environment variable
show <Options>
Display of special internal data. For information on displaying IPv6-specific data, read the
section Overview of IPv6-specific show commands on page 29.
show ? displays all available information, such as most recent boot processes (’bootlog’),
firewall filter rules (’filter’), VPN rules (’VPN’) and memory usage (’mem’ and ’heap’)
smssend [-s <SMSC-Number>] (-d
<Destination>) (-t <Text>)
Available only on devices with 3G/4G WWAN module: Sends a text message to the destination
number entered.
a -s <SMSC-Number>: Alternative SMSC phone number (optional). If you omit
this part of the command, the device uses the phone number stored on the USIM card
or that configured under SNMP ID 2.83.
a -d <Destination>: Destination phone number
a -t <Text>: Contents of the message with <=160 characters For an overview of
available characters, see the section Character set for sending SMS on page 35. Special
characters must be in UTF8 encoded form.
sysinfo
Display of system information (e.g. hardware/software version)
testmail
Sends an e-mail. See 'testmail ?' for parameters
time
Set time (DD.MM.YYYY hh:mm:ss)
trace […]
Configuration of the diagnostics display. For further information on this command refer to
the section Parameter overview for the trace command on page 27.
unsetenv <NAME>
Delete environment variable
who
List active sessions
writeconfig
Load a new configuration file in the device syntax. All subsequent lines are interpreted as
configuration values until two blank lines occur
writeflash
Load a new firmware file (only via TFTP)
!!
Repeat last command
!<num>
Repeat command <num> times
!<prefix>
Repeat last command beginning with <prefix>
#<blank>
Comment
a PATH:
a Path name for a menu or parameter, separated by / or \
a .. means one level higher
a . means the current level
a VALUE:
24
Menu Reference
1 Introduction
a Possible input value
a "" is a blank input value
a NAME:
a Sequence of characters (made up of _ 0..9 A..Z)
a First character cannot be a digit
a Case insensitive
All commands and directory/parameter names can be entered using their short-forms as long as they are unambiguous.
For example, command ”sysinfo” can be shortened to ”sys” and ”cd Management” to ”c ma”. Input ”cd
/s” is not valid, however, since it corresponds to both ”cd /Setup” and ”cd /Status”.
Directories can be addressed with the corresponding SNMP ID. For example, the command "cd /2/8/10/2" has
the same effect as "cd /Setup/IP-router/Firewall/Rules".
Multiple values in a table row can be changed with one command, for example in the rules table of the firewall:
a set WINS UDP sets the protocol of the WINS rule to UDP
a set WINS UDP ANYHOST sets the protocol of the WINS rule to UDP and the destination to ANY-HOST
a set WINS * ANYHOST also sets the destination of the WINS rule to ANYHOST; the asterisk means that the
protocol remains unchanged
The values in a table row can alternatively be addressed via the column name or the position number in curly brackets.
The command set ? in the table shows the name, the possible input values and the position number for each column.
For example, in the rules table of the firewall, the destination has the number 4:
a set WINS {4} ANYHOST sets the destination of the WINS rule to ANYHOST
a set WINS {destination} ANYHOST also sets the destination of the WINS rule to ANYHOST
a set WINS {dest} ANYHOST sets the destination of the WINS rule to ANYHOST, because specifying "dest"
here is sufficient to uniquely identify the column name.
Names that contain spaces must be enclosed within quotation marks (““).
A command-specific help function is available for actions and commands (call the function with a question mark as the
parameter). For example, ping ? shows the options of the integrated ping command.
Enter ? on the command line for a complete listing of the console commands available.
Parameter overview for the ping command
The ping command entered at the command prompt of a Telnet or terminal connection sends an "ICMP echo-request"
packet to the destination address of the host to be checked. If the receiver supports the protocol and it is not filtered
out in the firewall, the destination host will respond with an "ICMP echo reply". If the target computer is not reachable,
the last device before the host responds with a "network unreachable" or "host unreachable" message.
The syntax of the ping command is as follows:
ping [-fnqr] [-s n] [-i n] [-c n] [-a a.b.c.d] destination
The meaning of the optional parameters is explained in the following table:
Table 1: Overview of optional parameters for the ping command
Parameter
Meaning
-a a.b.c.d
Sets the ping's sender address (default: IP address of the device.
-a INT
Sets the intranet address of the device as the sender address
-a DMZ
Sets the DMZ address of the device as the sender address
-a LBx
Sets one of the 16 loopback addresses in the device as the sender address. Valid
values for x are the hexadecimal values 0 – f
25
Menu Reference
1 Introduction
Parameter
Meaning
-6 <IPv6-Address>%<Scope> Performs a ping command to the link-local address via the interface specified by
<scope>.
For IPv6, the scope of parameters is of central importance: IPv6 requires a link-local
address (fe80::/10) to be assigned to every network interface (logical or physical)
on which the IPv6 protocol is enabled, so you must specify the scope when pinging
a link-local address. This is the only way that the ping command knows which
interface it should send the packet to. A percent sign (%) separates the name of
the interface from the IPv6 address.
Examples:
a ping -6 fe80::1%INTRANET
Ping the link-local address "fe80::1", which is accessible via the interface and/or
the network "INTRANET".
a ping -6 2001:db8::1
Pings the global IPv6 address '2001:db8::1".
26
-6 <Loopback-Interface>
Sets an IPv6 loopback interface as the sender address.
-f
flood ping: Sends a large number of pings in a short time. Can be used to test
network bandwidth, for example. WARNING: flood ping can easily be misinterpreted
as a DoS attack.
-n
Returns the computer name of a specified IP address
-o
Immediately sends another request after a response
-q
Ping command returns no output to the console (quiet)
-r
Changes to traceroute mode: The route taken by the data packets underway to the
target computer is shown with all of the intermediate stations
-s n
Sets the packet size to n bytes (max. 65500)
-i n
Time between packets in seconds
-c n
Send n ping signals
Destination
Address or host name of the target computer
Menu Reference
1 Introduction
Parameter
Meaning
stop /<RETURN>
Entering "stop" or pressing the RETURN button terminates the ping command
Parameter overview for the trace command
5
The traces available for a particular model can be displayed by entering trace without any arguments.
Table 2: Overview of all possible traces
This parameter ...
...causes the following message in the trace:
Status
Connection status messages
Error
Connection error messages
PPP
PPP protocol negotiation
LCR
Least cost router
Script
Script negotiation
Firewall
Displays firewall events
RIP
IP routing information protocol
ARP
Address resolution protocol
ICMP
Internet control message protocol
IP masquerading
Events in the masquerading module
27
Menu Reference
1 Introduction
This parameter ...
...causes the following message in the trace:
DHCP
Dynamic host configuration protocol
NetBIOS
NetBIOS management
DNS
Domain name service protocol
Packet dump
Displays the first 64 bytes of a packet in hexadecimal
D-channel dump
Traces the D channel of the ISDN bus connected
ATM cell
ATM packet layer
ATM error
ATM error
ADSL
ADSL connection status
SMTP client
E-mail processing by the internal mail client
Mail client
E-mail processing by the internal mail client
SNTP
Simple network time protocol
NTP
Timeserver trace
Connact
Messages from the activity protocol
Cron
Activities of the scheduler (cron table)
RADIUS
RADIUS trace
Serial
Information on the state of the serial interface
USB
Information on the state of the USB interface
Load balancer
Information on load balancing
VRRP
Information on the virtual router redundancy protocol
Ethernet
Information on the Ethernet interfaces
VLAN
Information on virtual networks
IGMP
Information on the Internet group management protocol
WLAN
Information on activity in the wireless networks
WLAN-ACL
Status messages about MAC filtering rules.
4
28
The display depends on how the WLAN data trace is configured. If a MAC
address is specified there, the trace shows only the filter results relating
to that specific MAC address.
IAPP
Trace on inter access point protocol giving information on wireless LAN roaming.
DFS
Trace on dynamic frequency selection, automatic channel selection in the 5 GHz
wireless LAN band
Bridge
Information on the wireless LAN bridge
EAP
Trace on EAP, the key negotiation protocol used with WPA/802.11i and 802.1x
Spgtree
Information on spanning tree protocol
LANAUTH
LAN authentication (e.g. Public Spot)
SIP packet
SIP information that is exchanged between a VoIP router and a SIP provider or an
upstream SIP telephone system
VPN status
IPSec and IKE negotiations
VPN packet
IPSec and IKE packets
Menu Reference
1 Introduction
This parameter ...
...causes the following message in the trace:
GRE
Messages to GRE tunnels
XML-Interface-PbSpot
Messages from the Public Spot XML interface
hnat
Information on hardware NAT
IPv6 config
Information about the IPv6 configuration
IPv6 firewall
IPv6 firewall events
IPv6-Interfaces
Information about the IPv6 interfaces
IPv6-LAN-Packet
Data packets over the IPv6 LAN connection
IPv6 router
Information about the IPv6 routing
IPv6-WAN-Packet
Data packets over the IPv6 WAN connection
Overview of IPv6-specific show commands
Various IPv6 functions can be queried at the command line. The following command-line functions are available:
a
a
a
a
a
a
a
IPv6 addresses: show ipv6-addresses
IPv6 prefixes: show ipv6-prefixes
IPv6 interfaces: show ipv6-interfaces
IPv6 neighbor cache: show ipv6-neighbour-cache
IPv6 DHCP server show dhcp6-server
IPv6 DHCP client show dhcpv6-client
IPv6 route: show ipv6-route
Additionally, IPv6 communications can be followed with the trace command.
IPv6 addresses
The command show ipv6-addresses shows a list of IPv6 addresses that are currently being used. This is sorted
by interface. Note that an interface can have multiple IPv6 addresses. One of these addresses is always the link-local
address, which starts with fe80:.
The output is formatted as follows:
<Interface> :
<IPv6 address>, <status>, <attribute>, (<type>)
Table 3: Components of the command-line output show ipv6-addresses
Output
Comment
Interface
The name of the interface
IPv6 address
The IPv6 address
Status
The status field can contain the following values:
a TENTATIVE
Duplicate Address Detection (DAD) is currently checking the address. It is not yet available for
unicast.
a PREFERRED
The address is valid
a DEPRECATED
29
Menu Reference
1 Introduction
Output
Comment
The address is still valid, but it is being discontinued. The optimal status for communication is
PREFERRED.
a INVALID
The address is invalid and cannot be used for communication. An address given this status
after its lifetime has expired.
Attribute
Shows an attribute of the IPv6 address. Possible attributes are:
a None
No special attributes
a (ANYCAST)
This is an anycast address
a (AUTO CONFIG)
The address was retrieved by auto-configuration
a (NO DAD PERFORMED)
No DAD is performed
Type
The type of IP address
IPv6 prefixes
The command show ipv6-prefixes displays all known prefixes. These are sorted according to the following
criteria:
Delegated prefixes
All prefixes that the router has obtained by delegation.
Advertised prefixes
All prefixes that the router announces in its router advertisements.
Deprecated prefixes
All prefixes that are being discontinued. These may still be functional, but they will be deleted after a certain
time.
IPv6-Interfaces
The command show ipv6-interfaces displays a list of IPv6 interfaces and their status.
The output is formatted as follows:
<Interface> : <Status>, <Forwarding>, <Firewall>
Table 4: Components of the command-line output show ipv6-interfaces
Output
Comment
Interface
The name of the interface
Status
The status of the interface Possible entries are:
a oper status is up
a oper status is down
Forwarding
The forwarding status of the interface. Possible entries are:
a forwarding is enabled
a forwarding is disabled
30
Menu Reference
1 Introduction
Output
Comment
Firewall
The status of the firewall. Possible entries are:
a forwarding is enabled
a firewall is disabled
IPv6 neighbor cache
The command show ipv6-neighbor-cache displays the current neighbor cache.
The output is formatted as follows:
<IPv6 address> iface <interface> lladdr <MAC address> (<switch port>) <device type> <status>
src <source>
Table 5: Components of the command-line output show ipv6-neighbor-cache
Output
Comment
IPv6 address
The IPv6 address of the neighboring device
Interface
The interface where the neighbor is accessed
MAC address
The MAC address of the neighbor
Switch port
The switch port on which the neighbor was found
Device type
Neighbor's device type (host or router)
Status
The status of the connection to neighboring devices. Possible entries are:
a INCOMPLETE
Resolution of the address was still in progress and the link-layer address of the neighbor was
not yet determined.
a REACHABLE
The neighbor was reached in the last ten seconds.
a STALE
The neighbor is no longer qualified as REACHABLE, but an update will only be performed when
an attempt is made to reach it.
a DELAY
The neighbor is no longer qualified as REACHABLE, but data was recently sent to it; waiting
for verification by other protocols.
a PROBE
The neighbor is no longer qualified as REACHABLE. Neighbor solicitation probes are sent to it
to confirm availability.
Source
The IPv6 address at which the neighbor was detected.
IPv6 DHCP server
The command show dhcpv6-server displays the current status of the DHCP server. The display includes
information about the interface on which the server is active, which DNS server and prefixes it has, and what client
preferences it has.
IPv6 DHCP client
The command show dhcpv6-client displays the current status of the DHCP client. The display includes information
about the interface being used by the client and which prefixes and DNS server it is using.
31
Menu Reference
1 Introduction
IPv6 route
The command show ipv6-route displays the complete IPv6 routing table. Routers with fixed entered routes are
displayed with the suffix [static] and the dynamically obtained routes have the suffix [connected]. The loopback address
is marked [loopback]. Other automatically generated addresses have the suffix [local].
Functions for editing commands
The following commands can be used to edit commands on the command line. The “ESC key sequences” show (for
comparison) the shortcuts used on typical VT100/ANSI terminals:
Function
Esc key sequences
Description
Up arrow
ESC [A
In the list of commands last run, jumps one position up (in the direction of
older commands).
Down arrow
ESC [B
In the list of commands last run, jumps one position down (in the direction
of newer commands).
Right arrow
Ctrl-F ESC [C
Moves the insert cursor one position to the right.
Left arrow
Ctrl-B ESC [D
Moves the insert cursor one position to the left.
Home or Pos1
Ctrl-A ESC [A ESC [1˜ (
Moves the insert cursor to the first character in the line.
Close
Ctrl-E ESC [F ESC OF ESC [4˜
Moves the insert cursor to the last character in the line.
Ins
ESC [ ESC [2˜
Switches between input and overwrite modes.
Del
Ctrl-D ESC <BS> ESC [3˜
Deletes the character at the current position of the insert cursor or ends the
Telnet session if the line is blank.
erase
<BS><DEL>
Deletes the next character to the left of the insert cursor.
erase-bol
Ctrl-U
Deletes all characters to the left of the insert cursor.
erase-eol
Ctrl-K
Deletes all characters to the right of the insert cursor.
Tabulator
Completes the input from the current position of the insert cursor for a
command or path of the LCOS menu structure:
1. If there is only one possibility of completing the command/path, this is
accepted by the line.
2. If there is more than one possibility of completing the command/path,
this is indicated by an audible sound when pressing the Tab key. Pressing
the Tab key again displays a list of all possibilities to complete the entry.
Then enter e.g. another letter, to allow unambiguous completion of the
input.
3. If there is no possibility of completing the command/path, this is
indicated by an audible sound when pressing the Tab key. No further
actions are run.
Function keys for the command line
WEBconfig: Setup / Config / Function keys
The function keys enable the user to save frequently used command sequences and to call them easily from the command
line. In the appropriate table, commands are assigned to function keys F1 to F12 as they are entered in the command
line.
a Key
Name of function key.
Possible values:
a Selection from function keys F1 to F12.
32
Menu Reference
1 Introduction
Default:
a F1
a Figure
Description of the command/shortcut to be run on calling the function key in the command line.
Possible values:
a All commands/shortcuts possible in the command line
Default:
a Blank
Special values:
a
a
a
a
a
The caret symbol ^ is used to represent special control commands with ASCII values below 32.
^A stands for Ctrl-A (ASCII 1)
^Z stands for Ctrl-Z (ASCII 26)
^[ stands for Escape (ASCII 27)
^^ A double caret symbol stands for the caret symbol itself.
5
If a caret symbol is entered in a dialog field or editor followed directly by another character, the operating
system may possibly interpret this sequence as another special character. By entering caret + A the Windows
operating system outputs an Â. To enter the caret character itself, enter a space in front of the subsequent
characters. Sequence ^A is then formed from caret symbol + space + A.
Tab command when scripting
When working with scripts, the tab command enables the desired columns for the subsequent set command.
When you perform the configuration with a command line tool, you generally supplement the set command with the
values for the columns of the table.
For example, you set the values for the performance settings of a WLAN interface as follows:
> cd /Setup/Interfaces/WLAN/Performance
> set ?
Possible Entries for columns in Performance:
[1][Ifc]
: WLAN-1 (1)
[5][QoS]
: No (0), Yes (1)
[2][Tx-Bursting]
: 5 Chars from: 1234567890
> set WLAN-1 Yes *
In this example the Performance table has three columns:
a Ifc, the desired interface
a Enable or disable QoS
a The desired value for TX bursting
With the command set WLAN-1 Yes * you enable the QoS function for WLAN-1, and you leave the value for TX
bursting unchanged with the asterisk (*).
Working with the set command in this way is adequate for tables with only a few columns. However, tables with many
columns can pose a major challenge. For example, the table under Setup > Interfaces > WLAN > Transmission
contains 22 entries:
> cd /Setup/Interfaces/WLAN/Transmission
> set ?
Possible Entries for columns in Transmission:
33
Menu Reference
1 Introduction
[1][Ifc]
: WLAN-1 (1), WLAN-1-2 (16), WLAN-1-3 (17), WLAN-1-4 (18), WLAN-1-5
(19), WLAN-1-6 (20), WLAN-1-7 (21), WLAN-1-8 (22)
[2][Packet-Size]
: 5 Chars from: 1234567890
[3][Min-Tx-Rate]
: Auto (0), 1M (1), 2M (2), 5.5M (4), 11M (6), 6M (8), 9M (9), 12M
(10), 18M (11), 24M (12), 36M (13), 48M (14), 54M (15)
[9][Max-Tx-Rate]
: Auto (0), 1M (1), 2M (2), 5.5M (4), 11M (6), 6M (8), 9M (9), 12M
(10), 18M (11), 24M (12), 36M (13), 48M (14), 54M (15)
[4][Basic-Rate]
: 1M (1), 2M (2), 5.5M (4), 11M (6), 6M (8), 9M (9), 12M (10), 18M
(11), 24M (12), 36M (13), 48M (14), 54M (15)
[19][EAPOL-Rate]
: Like-Data (0), 1M (1), 2M (2), 5.5M (4), 11M (6), 6M (8), 9M
(9), 12M (10), 18M (11), 24M (12), 36M (13), 48M (14), 54M (15), HT-1-6.5M (28), HT-1-13M
(29), HT-1-19.5M (30),
HT-1-26M (31), HT-1-39M (32), HT-1-52M (33), HT-1-58.5M (34), HT-1-65M (35), HT-2-13M (36),
HT-2-26M (37), HT-2-39M (38), HT-2-52M (39), HT-2-78M (40), HT-2-104M (41), HT-2-117M
(42), HT-2-130M (43)
[12][Hard-Retries]
: 3 Chars from: 1234567890
[11][Soft-Retries]
: 3 Chars from: 1234567890
[7][11b-Preamble]
: Auto (0), Long (1)
[16][Min-HT-MCS]
: Auto (0), MCS-0/8 (1), MCS-1/9 (2), MCS-2/10 (3), MCS-3/11 (4),
MCS-4/12 (5), MCS-5/13 (6), MCS-6/14 (7), MCS-7/15 (8)
[17][Max-HT-MCS]
: Auto (0), MCS-0/8 (1), MCS-1/9 (2), MCS-2/10 (3), MCS-3/11 (4),
MCS-4/12 (5), MCS-5/13 (6), MCS-6/14 (7), MCS-7/15 (8)
[23][Use-STBC]
: No (0), Yes (1)
[24][Use-LDPC]
: No (0), Yes (1)
[13][Short-Guard-Interval] : Auto (0), No (1)
[18][Min-Spatial-Streams] : Auto (0), One (1), Two (2), Three (3)
[14][Max-Spatial-Streams] : Auto (0), One (1), Two (2), Three (3)
[15][Send-Aggregates]
: No (0), Yes (1)
[22][Receive-Aggregates]: No (0), Yes (1)
[20][Max-Aggr.-Packet-Count]
: 2 Chars from: 1234567890
[6][RTS-Threshold]
: 5 Chars from: 1234567890
[10][Min-Frag-Len]
: 5 Chars from: 1234567890
[21][ProbeRsp-Retries] : 3 Chars from: 1234567890
Use the following command to set the short guard interval in the transmission table for the WLAN-1-3 interface to No:
> set WLAN-1-3 * * * * * * * * * * * * No
5
The asterisks for the values after the column for the short guard interval are unnecessary in this example, as the
columns will be ignored when setting the new values.
As an alternative to this rather confusing and error-prone notation, you can use the tab command as the first step to
determine which columns are changed with the subsequent set command:
> tab Ifc short guard-Interval
> set WLAN-1-3 No
The tab command also makes it possible to change the order of the columns. The following example for the WLAN-1-3
interface sets the value for the short guard interval to No and the value for Use-LDPC to Yes, although the corresponding
columns in the table are displayed in a different order:
> tab Ifc short guard-Interval Use-LDPC
> set WLAN-1-3 No Yes
5
The tables may only contain only a selection of the columns, depending on the hardware model. The tab
command ignores columns which do not exist for that device. This gives you the option to develop unified scripts
for different hardware models. The tab instructions in the scripts reference the maximum number of required
columns. Depending on the model, the script only performs the set instructions for the existing columns.
You can also abbreviate the tabcommand with curly brackets. Use the following command to set the short guard
interval in the transmission table for the WLAN-1-3 interface to No:
> set WLAN-1-3 {short-guard} No
34
Menu Reference
1 Introduction
The curly brackets also enable you to change the order of the columns. The following example for the WLAN-1-3 interface
sets the value for the short guard interval to No and the value for Use-LDPC to Yes, although the corresponding
columns in the table are displayed in a different order:
> set WLAN-1-3 {Short-Guard-Interval} No {Use-LDPC} Yes
Character set for sending SMS
An SMS can contain a maximum of 160 characters (each of 7 bits = 1,120 bits). These are made up of the GSM basic
character set (total of 128 characters) as well as selected characters from the extended GSM character set. Although the
extended character set allows the use of some additional characters, these take up twice the space and correspondingly
reduce the maximum number of characters that the SMS can contain. Characters not implemented in the SMS module
are ignored by the device.
The following characters are defined in the GSM basic character set:
4
"SP" in the overview refers to the space character. "LF", "CR" and "ESC" refer to the control characters for the
line feed, the carriage return and the escape in the extended GSM character set.
The following characters are implemented from the extended GSM character set:
{|}[]~^\€
35
Menu Reference
1 Introduction
1.4 Configuration with WEBconfig
Device settings can be configured from any Web browser. The device contains an integrated configuration software
called WEBconfig. All you need to work with WEBconfig is a web browser. In a network with a DHCP server, you can
access the device simply by entering its IP address into your web browser.
Menu area “LCOS Menu Tree” provides the configuration parameters in the same structure as they are used under Telnet.
Clicking the question mark calls up help for each configuration parameter.
36
Menu Reference
2 Setup
2 Setup
This menu allows you to adjust the settings for this device.
2.1 Name
This field can be used to enter a name of your choice for this device.
Telnet path:
Setup
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.2 WAN
This menu contains the configuration of the Wide Area Network (WAN).
Telnet path:
Setup
2.2.2 Dialup-Peers
Here you configure the ISDN remote sites that your device is to connect to and exchange data with.
5
If two remote-site lists contain identical names for remote sites (e.g. DSL broadband remote sites and Dialup
peers), the device automatically takes the "fastest" interface when establishing the connection. The other interface
is available for backup purposes. If the list does not specify DSL broadband remote sites, access concentrators
or services, then the device connects to the first AC that responds to the request over the exchange. For an
existing DSLoL interface, the same entries apply as for a DSL interface. This information is entered into the list
of DSL broadband remote sites.
Telnet path:
Setup > WAN
37
Menu Reference
2 Setup
2.2.2.1 Remote site
Enter the name of the remote site here.
Telnet path:
Setup > WAN > Dialup-Peers
Possible values:
Select from the list of defined peers.
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.2.2 Dialup remote
A telephone number is only required if the remote is to be called. The field can be left empty if calls are to be received
only. Several numbers for the same remote can be entered in the round-robin list.
Telnet path:
Setup > WAN > Dialup-Peers
Possible values:
Max. 31 characters from 0123456789S*#-EF:
Default:
empty
2.2.2.3 B1-DT
The connection is terminated if it remains unused for the time set here.
Telnet path:
Setup > WAN > Dialup-Peers
Possible values:
0 … 9999
Default:
0
2.2.2.4 B2-DT
Hold time for bundling: When channels are bundled, the second B channel will be terminated if it is not used for the
time entered here.
Telnet path:
Setup > WAN > Dialup-Peers
38
Menu Reference
2 Setup
Possible values:
0 … 9999
Default:
0
2.2.2.5 Layer name
From the layer list, select an entry that is to be used for this remote site.
The layer list already contains a number of entries with popular standard settings. For example, you should use the
PPPHDLC entry to establish a PPP connection to an Internet provider.
Telnet path:
Setup > WAN > Dialup-Peers
Possible values:
Select from the list of defined layers
Max. 9 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.2.6 Callback
With callback activated, an incoming call from this remote site will not be answered, but it will be called back instead.
This is useful if, for example, telephone fees are to be avoided at the remote site.
Activate a check of the name if you want to be sure that the remote site is authenticated before the callback.
Select the fast option if the callback is to follow within seconds. The remote site must also support this method and the
'Expect callback' option must be activated. Additionally, the remote site must be entered into the number list.
5
5
The setting 'Name' offers the highest security if there is an entry in the numbers list and in the PPP list. The
setting 'LANCOM' enables the fastest method of call-back between two devices from LANCOM.
For Windows remote sites, ensure that you select the setting 'Name'.
Telnet path:
Setup > WAN > Dialup-Peers
Possible values:
No
There is no return call.
Auto
If the remote site is found in the numbers list, this number is called back. Initially the call is rejected
and, as soon as the channel is free again, a return call is made (after approx. 8 seconds). If the remote
site is not found in the numbers list, the DEFAULT remote site is initially taken and the return call is
negotiated during the protocol negotiation. The call is charged with one unit.
39
Menu Reference
2 Setup
Name
Before a return call is made, the protocol is always negotiated even if the remote site is found in the
numbers list (e.g. for Windows computers that dial-in to the device). Small call charges are incurred for
this.
fast
If the remote site is found in the numbers list, the return call is made quickly, i.e. the device sends a
special signal to the remote site and it calls back as soon as the channel is free again. The connection
is established within about 2 seconds. If the remote site does not cancel the call immediately after the
signal, then two seconds later it reverts to the normal return call procedure (lasts about 8 seconds). This
procedure is available with DSS1 connections only.
Looser
Use the "looser" option if a return call from the remote site is expected. This setting fulfills two jobs in
one. Firstly it ensures that a connection it established itself terminates if a call arrives from the remote
site that was just called, and secondly this setting activates the function that reacts to the procedure
for fast return calls. This means that to use fast return calls, the caller must be in 'Looser' mode and,
at the called party, the return call must be set to 'LANCOM'.
Default:
No
2.2.3 RoundRobin
If a remote site can be reached at various call numbers. you can enter these numbers into this list.
Telnet path:
Setup > WAN
2.2.3.1 Remote site
Here you select the name of a remote site from the list of remote sites.
Telnet path:
Setup > WAN > RoundRobin
Possible values:
Select from the list of defined peers.
Max. 18 characters from #[A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.3.2 Round-Robin
Specify here the other call numbers for this peer. Separate the individual call numbers with hyphens.
40
Menu Reference
2 Setup
Telnet path:
Setup > WAN > RoundRobin
Possible values:
Max. 53 characters from 0123456789S*#-EF:
Default:
empty
2.2.3.3 Head
Specify here whether the next connection is to be established to the number last reached successfully, or always to the
first number.
Telnet path:
Setup > WAN > RoundRobin
Possible values:
Last
First
Default:
Last
2.2.4 Layer
Here you collect individual protocols into 'layers' that are to be used to transfer data to other routers.
Telnet path:
Setup > WAN
2.2.4.1 Layer name
This name is used for selecting the layer in the list of remote stations.
Telnet path:
Setup > WAN > Layer
Possible values:
Max. 9 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
41
Menu Reference
2 Setup
2.2.4.2 Encaps.
Additional encapsulations can be set for data packets.
Telnet path:
Setup > WAN > Layer
Possible values:
TRANS
Transparent: No additional encapsulation
ETHER
Ethernet: Encapsulation as Ethernet frames.
LLC-MUX
Multiplexing via ATM with LLC/SNAP encapsulation as per RFC 2684. Several protocols can be transmitted
over the same VC (virtual channel).
VC-MUX
Multiplexing via ATM by establishing additional VCs as per RFC 2684.
Default:
ETHER
2.2.4.3 Lay-3
The following options are available for the network layer:
Telnet path:
Setup > WAN > Layer
Possible values:
PPP
The connection is established according to the PPP protocol (in synchronous mode, i.e. bit oriented).
The configuration data are taken from the PPP table.
APPP
AsyncPPP: Like 'PPP', but here the asynchronous mode is used instead. PPP works with characters.
SCPPP
PPP with its own script. The script is specified in the script list.
SCAPPP
AsyncPPP with its own script. The script is specified in the script list.
SCTRANS
Transparent with its own script. The script is specified in the script list.
DHCP
Allocation of network parameters by DHCP.
TRANS
Transparent: No additional header is inserted.
42
Menu Reference
2 Setup
Default:
PPP
2.2.4.4 Lay-2
This field configures the upper sublayer of the data link layer.
Telnet path:
Setup > WAN > Layer
Possible values:
PPPoE
PPP over Ethernet: PPP information is encapsulated in Ethernet frames
TRANS
Transparent: No additional header is inserted.
X.75LABP
Connections are established with X.75 and LAPM (Link Access Procedure Balanced).
Default:
X.75LABP
2.2.4.5 L2-Opt.
Here you can activate the compression of transmitted data and channel bundling. These options are only come into
effect if they are supported by the interfaces used and by the selected Layer 2 and Layer 3 protocols. For further information
please refer to section 'ISDN channel bundling with MLPPP'.
Telnet path:
Setup > WAN > Layer
Possible values:
None
compr.
Compression
bundle
Channel bundling
bnd+cmpr
Channel bundling + compression
Default:
None
43
Menu Reference
2 Setup
2.2.4.6 Lay-1
This field is used to configure the lower section of the security layer (the data link layer) for the WAN layer.
5
The range of available values depends on the hardware model at hand.
Telnet path:
Setup > WAN > Layer
Possible values:
AAL-5
ATM adaptation layer
ETH
Transparent Ethernet as per IEEE 802.3
HDLC56K
Securing and synchronization of data transmission as per HDLC (in 7 or 8-bit mode)
HDLC64K
Securing and synchronization of data transmission as per HDLC (in 7 or 8-bit mode)
V110_9K6
Transmission as per V.110 at max. 9,600 bps, e.g. for dialing in by HSCSD mobile phone
V110_19K2
Transmission as per V.110 at max. 19,200 bps
V110_38K4
Transmission as per V.110 at max. 38,400 bps
SERIAL
For connections by analog modem or cellular modem with AT interface. The modem can be connected
to the device at its serial interface (outband) or to a USB interface by means of a USB-to-serial adapter.
Some models feature a CardBus slot that accommodates suitable cards. Some models have an internal
integrated modem.
MODEM
For connections via the internal modem emulation when operating as a V.90 host modem over ISDN.
Operation of the internal modem may require an additional software option for the device.
VDSL
VDSL2 data transmission as per ITU G.993.2
Default:
HDLC64K
2.2.5 PPP
In order for the device to be able to establish PPP or PPTP connections, you must enter the corresponding parameters
(such as name and password) for each remote site into this list.
Telnet path:
Setup > WAN
44
Menu Reference
2 Setup
2.2.5.1 Remote site
Enter the name of the remote site here. This name has to agree with the entry in the list of peers/remote sites. You can
also select a name directly from the list of peers / remote sites.
Telnet path:
Setup > WAN > PPP
Possible values:
Select from the list of defined peers.
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
Possible values:
Special values:
DEFAULT
During PPP negotiations, a remote site dialing-in to the device logs on with its name. The device can
use the name to retrieve the permitted values for authentication from the PPP table. At the start of the
negotiation, the remote site occasionally cannot be identified by call number (ISDN dial-in), IP address
(PPTP dial-in ) or MAC address (PPPoE dial-in). It is thus not possible to determine the permitted protocols
in this first step. In these cases, authentication is performed first with those protocols enabled for the
remote site with name DEFAULT. If the remote site is authenticated successfully with these settings, the
protocols permitted for the remote site can also be determined.
If authentication uses a protocol entered under DEFAULT, but which is not permitted for the remote
site, then authentication is repeated with the permitted protocols.
2.2.5.2 Authent.request
Method for securing the PPP connection that the device expects from the remote site.
Telnet path:
Setup > WAN > PPP
Possible values:
MS-CHAPv2
MS-CHAP
CHAP
PAP
2.2.5.3 Password
Password transferred from your device to the remote site (if required). A '*' in the list indicates that an entry exists.
Telnet path:
Setup > WAN > PPP
45
Menu Reference
2 Setup
Possible values:
Max. 32 characters from #[A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_. `
Default:
empty
2.2.5.4 Time
Time between two tests of the connection with LCP (see also LCP). This time is entered in multiples of 10 seconds (e.g.
2 for 20 seconds). The value is also the time between two tests of the connection as per CHAP. This time is entered in
minutes. For remote sites running the Windows operating system the time must be set to 0.
Telnet path:
Setup > WAN > PPP
Possible values:
0 … 99
Default:
0
2.2.5.5 Try
Number of retries for the test attempt. Multiple retries reduces the impact from temporary line faults. The connection is
only terminated if all tries prove unsuccessful. The time between two retries is one tenth (1/10) of the time between two
tests. This value is also the maximum number of "Configure Requests" that the device sends before assuming a line fault
and tearing down the connection itself.
Telnet path:
Setup > WAN > PPP
Possible values:
0 … 99
Default:
5
2.2.5.6 User name
Name with which your device logs in to the remote site. If there is no entry here, your device's device name is used.
Telnet path:
Setup > WAN > PPP
Possible values:
Max. 64 characters from #[A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_. `
46
Menu Reference
2 Setup
Default:
empty
2.2.5.7 Conf
This parameter affects the mode of operation of the PPP. The parameter is defined in RFC 1661 and is not described in
further detail here. If you are unable to establish PPP connections, this RFC in conjunction with the PPP statistics of the
router provides information on fault rectification. The default settings are generally sufficient. This parameter can only
be changed with LANconfig, SNMP or TFTP.
Telnet path:
Setup > WAN > PPP
Possible values:
0 … 255
Default:
10
2.2.5.8 Fail
This parameter affects the mode of operation of the PPP. The parameter is defined in RFC 1661 and is not described in
further detail here. If you are unable to establish PPP connections, this RFC in conjunction with the PPP statistics of the
router provides information on fault rectification. The default settings are generally sufficient. This parameter can only
be changed with LANconfig, SNMP or TFTP.
Telnet path:
Setup > WAN > PPP
Possible values:
0 … 255
Default:
5
2.2.5.9 Term
This parameter affects the mode of operation of the PPP. The parameter is defined in RFC 1661 and is not described in
further detail here. If you are unable to establish PPP connections, this RFC in conjunction with the PPP statistics of the
router provides information. The default settings are generally sufficient. This parameter can only be changed with
LANconfig, SNMP or TFTP.
Telnet path:
Setup > WAN > PPP
Possible values:
0 … 255
47
Menu Reference
2 Setup
Default:
2
2.2.5.10 Rights
Specifies the protocols that can be routed to this remote site.
Telnet path:
Setup > WAN > PPP
Possible values:
IP
IP+NBT
IPX
IP+IPX
IP+NBT+IPX
Default:
IP
2.2.5.11 Authent-response
Method for securing the PPP connection that the device offers when dialing into a remote site.
5
The device only uses the protocols enabled here—other negotiations with the remote site are not possible.
Telnet path:
Setup > WAN > PPP
Possible values:
MS-CHAPv2
MS-CHAP
CHAP
PAP
Default:
MS-CHAPv2
MS-CHAP
CHAP
PAP
48
Menu Reference
2 Setup
2.2.6 Incoming calling numbers
Based on the telephone numbers in this list, your device can identify which remote site is making the incoming call.
Telnet path:
Setup > WAN
2.2.6.1 Dialup remote
Here you enter the call number that is transmitted when you are called from the remote site. Generally this is the number
of the remote site combined with the corresponding local area code with the leading zero, e.g. 0221445566. For remote
sites in other countries, you must add the corresponding country code with two leading zeros, e.g. 0049221445566.
Telnet path:
Setup > WAN > Incoming calling numbers
Possible values:
Max. 31 characters from 0123456789S*#-EF:
Default:
empty
2.2.6.2 Remote site
Enter the name of the relevant remote site. Once a device has identified a remote site by means of its call number, the
list of peers/remote sites is searched for an entry with that name and the associated settings are used for the connection.
Telnet path:
Setup > WAN > Incoming calling numbers
Possible values:
Select from the list of defined peers.
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.7 Dial prefix
The number entered here will be placed in front of all telephone numbers making outgoing calls.
5
This is useful, for example, if your device is operated in a PBX that requires an outside-line access code. This
number should be entered here.
Telnet path:
Setup > WAN
Possible values:
Max. 8 characters from [0-9]
49
Menu Reference
2 Setup
Default:
empty
2.2.8 Scripts
If a login script has to be processed when connecting to a remote site, enter the script here.
Telnet path:
Setup > WAN
2.2.8.1 Remote site
Enter the name of the remote site here. The remote site should already have been entered into the list of peers / remote
sites. You can also select an entry directly from the list of peers / remote sites.
Telnet path:
Setup > WAN > Scripts
Possible values:
Select from the list of defined peers.
Max. 18 characters from #[A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.8.2 Script
Specify here the login script for this peer. In order for this script to be used, a layer with the appropriate protocol for this
peer must be set up in the list or peers / remote sites.
Telnet path:
Setup > WAN > Scripts
Possible values:
Max. 58 characters from #[A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_. `
Default:
empty
2.2.9 Protect
Here you set the conditions to be satisfied in order for the device to accept incoming calls.
Telnet path:
Setup > WAN
50
Menu Reference
2 Setup
Possible values:
None
The device answers any call.
Number
The device will receive a call only if the caller's number is transmitted and if that number is in the number
list.
Screened
The machine will only accept a call if the caller is in the number list, the caller's number is transmitted,
and if the number has been checked by the exchange.
Default:
None
2.2.10 Callback attempts
Set the number of callback attempts for automatic callback connections.
Telnet path:
Setup > WAN
Possible values:
0…9
Default:
3
2.2.11 Router interface
Enter here further settings for each WAN interface used by the device, for example the calling numbers to be used.
Telnet path:
Setup > WAN
2.2.11.1 Ifc
WAN interface to which the settings in this entry apply.
Telnet path:
Setup > WAN > Router-Interface
51
Menu Reference
2 Setup
2.2.11.2 MSN/EAZ
Specify here for this interface the call numbers for which the device should accept incoming calls. As a rule these numbers
are the call numbers of the ISDN interface (MSN) without an area code, or the internal call number (internal MSN) behind
a PBX, as appropriate. Multiple number can be entered by separating them with a semi-colon. The first call number is
used for outgoing calls.
5
5
If you specify any number outside of your MSN number pool, the device will accept no calls at all.
If you do not enter a number here, the device will accept all calls.
Telnet path:
Setup > WAN > Router-Interface
Possible values:
Max. 30 characters from #0123456789
Default:
empty
2.2.11.3 CLIP
Activate this option if a peer called by the device should not see your call number.
5
This function must be supported by your network operator.
Telnet path:
Setup > WAN > Router-Interface
Possible values:
Yes
No
Default:
Yes
2.2.11.8 YC.
Y connection: This setting determines what happens when channel bundling is in operation and a request for a second
connection arrives.
5
Please note that channel bundling incurs costs for two connections. No further connections can be made over
LANCAPI! Only use channel bundling when the full transfer speed is required and used.
Telnet path:
Setup > WAN > Router-Interface
52
Menu Reference
2 Setup
Possible values:
Yes
The device interrupts channel bundling to establish the second connection to the other remote device.
If the second channel becomes free again, it is automatically used for channel bundling again (always
for static bundling, when required for dynamic bundling).
No
The device maintains the existing bundled connection; the second connection must wait.
Default:
Yes
2.2.11.9 Accept-calls
Specify here whether the device answers calls to this ISDN interface or not.
5
If you have specified a number for device configuration (Management / Admin), all calls with this number will
be accepted, whatever you select here.
Telnet path:
Setup > WAN > Router-Interface
Possible values:
all
None
Default:
all
2.2.13 Manual dialing
This menu contains the settings for manual dialing.
Telnet path:
Setup > WAN
2.2.13.1 Establish
Establishes a connection to the remote site which is entered as a parameter.
Telnet path:
Setup > WAN > Manual dialing
53
Menu Reference
2 Setup
Possible arguments:
<Remote>
Name of a remote site defined in the device.
2.2.13.2 Disconnect
Terminates a connection to the remote site which is entered as a parameter.
Telnet path:
Setup > WAN > Manual dialing
Possible arguments:
<Remote>
Name of a remote site defined in the device.
2.2.18 Backup-Delay-Seconds
Wait time before establishing a backup connection in case a remote site should fail.
Telnet path:
Setup > WAN
Possible values:
0 … 9999 Seconds
Default:
30
2.2.19 DSL-Broadband-Peers
Here you configure the DSL broadband remote sites that your device is to connect to and exchange data with.
Telnet path:
Setup > WAN
2.2.19.1 Remote site
Enter the name of the remote site here.
Telnet path:
Setup > WAN > DSL-Broadband-Peers
Possible values:
Select from the list of defined peers.
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
54
Menu Reference
2 Setup
Default:
empty
2.2.19.3 AC-Name
The parameters for 'Access Concentrator' and 'Service' are used to explicitly identify the Internet provider. These parameters
are communicated to you by your Internet provider.
Telnet path:
Setup > WAN > DSL-Broadband-Peers
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.2.19.5 Layer name
Select the communication layer to be used for this connection. How to configure this layer is described in the following
section.
Telnet path:
Setup > WAN > DSL-Broadband-Peers
Possible values:
Max. 9 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.19.9 AC-Name
The parameters for 'Access Concentrator' and 'Service' are used to explicitly identify the Internet provider. These parameters
are communicated to you by your Internet provider.
Telnet path:
Setup > WAN > DSL-Broadband-Peers
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
55
Menu Reference
2 Setup
2.2.19.10 Service name
The parameters for 'Access Concentrator' and 'Service' are used to explicitly identify the Internet provider. These parameters
are communicated to you by your Internet provider.
Telnet path:
Setup > WAN > DSL-Broadband-Peers
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.2.19.11 ATM-VPI
Enter the VPI (Virtual Path Identifier) and the VCI (Virtual Channel Identifier) for your ADSL connection here. These values
are communicated to you by your ADSL network operator. Typical values for VPI/VCI are, for example: 0/35, 0/38, 1/32,
8/35, 8/48.
Telnet path:
Setup > WAN > DSL-Broadband-Peer
Possible values:
0 … 999
Default:
0
2.2.19.12 ATM-VCI
Enter the VPI (Virtual Path Identifier) and the VCI (Virtual Channel Identifier) for your ADSL connection here. These values
are communicated to you by your ADSL network operator. Typical values for VPI/VCI are, for example: 0/35, 0/38, 1/32,
8/35, 8/48.
Telnet path:
Setup > WAN > DSL-Broadband-Peer
Possible values:
0 … 99999
Default:
0
2.2.19.13 user-def.-MAC
Enter the MAC address of your choice is a user-defined address is required.
56
Menu Reference
2 Setup
Telnet path:
Setup > WAN > DSL-Broadband-Peers
Possible values:
Max. 12 characters from [0-9][a-f]
Default:
000000000000
2.2.19.14 DSL-Ifc(s)
Enter the port number of the DSL port here. It is possible to make multiple entries. Separate the list entries either with
commas (1,2,3,4) or divide it into ranges (1-4). Activate channel bundling in the relevant layer to bundle the DSL lines.
Telnet path:
Setup > WAN > DSL-Broadband-Peers
Possible values:
Max. 8 characters from -,01234
Default:
0
2.2.19.15 MAC-Type
Here you select the MAC addresses which are to be used.
Telnet path:
Setup > WAN > DSL-Broadband-Peers
Possible values:
Global
If 'Global' is selected, the device MAC address is used for all connections.
Local
If 'Local' is selected, the device MAC addresses are used to form further virtual addresses for each WAN
connection.
user-def.
If a certain MAC address (user defined) is to be defined for the remote site, this can be entered into this
field.
Default:
Local
57
Menu Reference
2 Setup
2.2.19.16 VLAN-ID
Here you enter the specific ID of the VLAN to identify it explicitly on the DSL connection.
Telnet path:
Setup > WAN > DSL-Broadband-Peers
Possible values:
0 … 9999
Default:
0
2.2.19.17 Prio-Mapping
This entry controls how the priority mapping functions.
Telnet path:
Setup > WAN > DSL-Broadband-Peers
Possible values:
Off
Prio-mapping is disabled.
1TR-112
DSCP
Default:
Off
2.2.20 IP-List
If certain remote sites do not automatically transmit the IP parameters needed for a connection, then enter these values
here.
Use this table to configure the extranet address of a VPN tunnel, for example.
Telnet path:
Setup > WAN
2.2.20.1 Remote site
Enter the name for the remote station here.
When configuring a VPN tunnel, this entry corresponds to the appropriate service under Setup > VPN > VPN-Peers or
Setup > VPN > IKEv2 > Connections.
Telnet path:
Setup > WAN > IP-List
58
Menu Reference
2 Setup
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.20.2 IP address
If your Internet provider has supplied you with a fixed, publicly accessible IP address, you can enter this here. Otherwise
leave this field empty. If you use a private address range in your local network and the device is to be assigned with one
of these addresses, do not enter the address here but under intranet IP address instead.
Telnet path:
Setup > WAN > IP-List
Possible values:
Valid IPv4 address, max. 15 characters from [0-9].
Default:
0.0.0.0
2.2.20.3 IP-Netmask
Specify here the netmask associated with the address above.
Telnet path:
Setup > WAN > IP-List
Possible values:
Valid IPv4 address, max. 15 characters from [0-9].
Default:
0.0.0.0
2.2.20.4 Gateway
Enter the address of the standard gateway here.
Telnet path:
Setup > WAN > IP-List
Possible values:
Valid IPv4 address, max. 15 characters from [0-9].
Default:
0.0.0.0
59
Menu Reference
2 Setup
2.2.20.5 DNS-Default
Specify here the address of a name server to which DNS requests are to be forwarded. This field can be left empty if you
have an Internet provider or other remote site that automatically assigns a name server to the device when it logs in.
Telnet path:
Setup > WAN > IP-List
Possible values:
Valid IPv4 address, max. 15 characters from [0-9].
Default:
0.0.0.0
2.2.20.6 DNS-Backup
Specify here a name server to be used in case the first DNS server fails.
Telnet path:
Setup > WAN > IP-List
Possible values:
Valid IPv4 address, max. 15 characters from [0-9].
Default:
0.0.0.0
2.2.20.7 NBNS-Default
Specify here the address of a NetBIOS name server to which NBNS requests are to be forwarded. This field can be left
empty if you have an Internet provider or other remote site that automatically assigns a NetBIOS name server to the
device when it logs in.
Telnet path:
Setup > WAN > IP-List
Possible values:
Valid IPv4 address, max. 15 characters from [0-9].
Default:
0.0.0.0
2.2.20.8 NBNS-Backup
IP address of the NetBIOS name server for the forwarding of NetBIOS requests. Default: 0.0.0.0 The IP address of the
device in this network is communicated as the NBNS server if the NetBIOS proxy is activated for this network. If the
NetBIOS proxy is not active for this network, then the IP address in the global TCP/IP settings is communicated as the
NBNS server.
60
Menu Reference
2 Setup
Telnet path:
Setup > WAN > IP-List
Possible values:
Valid IPv4 address, max. 15 characters from [0-9].
Default:
0.0.0.0
2.2.20.9 Masq.-IP-Addr.
Almost all Internet providers usually have the remote device assign a dynamic IP address to your router when it establishes
the connection. If your Internet provider has assigned you static IP addresses, or if you wish to operate masquerading
for your VPN network, you assign it to the respective connection here. If the masquerading IP address is not set, then
the address assigned when the connection was established is used for masquerading.
4
4
You need to set a masquerading address for a VPN connection if you wish to mask a private network behind this
address in the VPN network.
This setting is also necessary if a private address (172.16.x.x) is assigned during PPP negotiation. Normal
masquerading is thus impossible as this type of address is filtered in the Internet.
Telnet path:
Setup > WAN > IP-List
Possible values:
Valid IPv4 address, max. 15 characters from [0-9].
Default:
0.0.0.0
2.2.21 PPTP peers
This table displays and adds the PPTP remote sites.
Telnet path:
Setup > WAN
2.2.21.1 Remote site
This name from the list of DSL broadband peers.
Telnet path:
Setup > WAN > PPTP-peers
Possible values:
Select from the list of defined peers.
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
61
Menu Reference
2 Setup
Default:
empty
2.2.21.3 Port
IP port used for running the PPTP protocol. According to the protocol standard, port '1,723' should always be specified.
Telnet path:
Setup > WAN > PPTP-peers
Possible values:
0 … 99999
Default:
0
2.2.21.4 SH time
This value specifies the number of seconds that pass before a connection to this remote site is terminated if no data is
being transferred.
Telnet path:
Setup > WAN > PPTP-peers
Possible values:
0 … 3600 Seconds
Default:
0
Special values:
9999
Connections are established immediately and without a time limit.
2.2.21.5 Rtg-Tag
Routing tag for this entry.
Telnet path:
Setup > WAN > PPTP-peers
Possible values:
0 … 65535
Default:
0
62
Menu Reference
2 Setup
2.2.21.6 IP address
Specify the IP address of the PPTP remote station here.
Telnet path:
Setup > WAN > PPTP-peers
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.2.21.7 Encryption
Here you enter the key length.
Telnet path:
Setup > WAN > PPTP-peers
Possible values:
Off
40-Bits
56-Bits
128-Bits
Default:
Off
2.2.22 RADIUS
This menu contains the settings for the RADIUS server.
Telnet path:
Setup > WAN
2.2.22.1 Operating
Switches RADIUS authentication on/off.
Telnet path:
Setup > WAN > RADIUS
63
Menu Reference
2 Setup
Possible values:
No
Yes
Exclusive
Default:
No
2.2.22.3 Auth.-Port
The TCP/UDP port over which the external RADIUS server can be reached.
Telnet path:
Setup > WAN > RADIUS
Possible values:
0 … 4294967295
Default:
1812
2.2.22.4 Key
Specify here the key (shared secret) of your RADIUS server from which users are managed centrally.
Telnet path:
Setup > WAN > RADIUS
Possible values:
Default:
0
2.2.22.5 PPP-Operation
When PPP remote sites dial in, the internal user authentication data from the PPP list, or alternatively an external RADIUS
server, can be used for authentication.
5
If you switch the PPP mode to 'Exclusive', the internal user authentication data is ignored, otherwise these have
priority.
Telnet path:
Setup > WAN > RADIUS
64
Menu Reference
2 Setup
Possible values:
Yes
Enables the use of an external RADIUS server for authentication of PPP remote sites. A matching entry
in the PPP list takes priority however.
No
No external RADIUS server is used for authentication of PPP remote sites.
Exclusive
Enables the use of an external RADIUS server as the only possibility for authenticating PPP remote sites.
The PPP list is ignored.
Default:
No
2.2.22.6 CLIP operation
When remote sites dial in, the internal call number list, or alternatively an external RADIUS server, can be used for
authentication.
5
The dial-in remote sites must be configured in the RADIUS server such that the name of the entry corresponds
to the call number of the remote site dialing in.
Telnet path:
Setup > WAN > RADIUS
Possible values:
Yes
Enables the use of an external RADIUS server for the authentication of dial-in remote sites. A matching
entry in the call number list takes priority however.
No
No external RADIUS server is used for authentication of dial-in remote sites.
Exclusive
Enables the use of an external RADIUS server as the only possibility for authenticating dial-in remote
sites. The call number list is ignored.
Default:
No
2.2.22.7 CLIP password
Password for the log-in of dial-in remote sites to the external RADIUS server.
5
The dial-in remote sites must be configured in the RADIUS server such that all the entries for all call numbers
use the password configured here.
65
Menu Reference
2 Setup
Telnet path:
Setup > WAN > RADIUS
Possible values:
Max. 31 characters from
Default:
empty
2.2.22.8 Loopback-Addr.
This is where you can configure an optional sender address to be used instead of the one otherwise automatically selected
for the destination address. If you have configured loopback addresses, you can specify them here as source address.
5
If the list of IP networks or loopback addresses contains an entry named 'DMZ' then the associated IP address
will be used.
Telnet path:
Setup > WAN > RADIUS
Possible values:
Name of the IP network whose address should be used, or any valid IP address
Special values:
INT
for the address of the first intranet
DMZ
for the address of the first DMZ
LB0 to LBF
for the 16 loopback addresses
2.2.22.9 Protocol
RADIUS over UDP or RADSEC over TCP with TLS can be used as the transmission protocol for authentication on an external
server.
Telnet path:
Setup > WAN > RADIUS
Possible values:
RADIUS
RADSEC
Default:
RADIUS
66
Menu Reference
2 Setup
2.2.22.10 Auth.-Protocols
Method for securing the PPP connection permitted by the external RADIUS server. Do not set a method here if the remote
site is an Internet provider that your device is to call.
5
If all methods are selected, the next available method of authentication is used if the previous one failed. If none
of the methods are selected, authentication is not requested from the remote site.
Telnet path:
Setup > WAN > RADIUS
Possible values:
MS-CHAPv2
MS-CHAP
CHAP
PAP
Default:
MS-CHAPv2
MS-CHAP
CHAP
PAP
2.2.22.11 Server host name
Enter the IP address (IPv4, IPv6) or the hostname of the RADIUS server to be used to centrally manage the users.
4
The RADIUS client automatically detects which address type is involved.
Telnet path:
Setup > WAN > RADIUS
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
Default:
empty
2.2.22.12 Attribute-Values
With this entry you configure the RADIUS attributes of the RADIUS server.
The attributes are specified in a semicolon-separated list of attribute numbers or names (according to RFC 2865, RFC
3162, RFC 4679, RFC 4818, RFC 7268) and a corresponding value in the form
<Attribute_1>=<Value_1>,<Attribute_2>=<Value_2>.
Variables can also be used as values (such as %n for the device name). Example: NAS-Identifier=%n.
67
Menu Reference
2 Setup
Telnet path:
Setup > WAN > RADIUS
Possible values:
Max. 128 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.2.22.20 L2TP-Operating
This item determines whether RADIUS should be used to authenticate the tunnel endpoint.
Telnet path:
Setup > WAN > RADIUS
Possible values:
No
There is no RADIUS authentication.
Yes
RADIUS authentication occurs if, in the table 'L2TP Endpoints', the field 'Auth-Peer' is set to 'Yes', but
no password was entered.
Exclusive
RADIUS authentication always occurs if, in the table 'L2TP Endpoints', the field 'Auth-Peer' is set to
'Yes', irrespective of whether a password was entered.
Default:
No
2.2.22.21 L2TP-Server-Hostname
IP address of the RADIUS server
5
The internal RADIUS server of the device does not support tunnel authentication. An external RADIUS server is
required for this purpose.
Telnet path:
Setup > WAN > RADIUS
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.22.22 L2TP-Auth.-Port
The UDP port of the RADIUS server.
68
Menu Reference
2 Setup
Telnet path:
Setup > WAN > RADIUS
Possible values:
0 … 65535
2.2.22.23 Loopback-Address
The sender address used for RADIUS requests.
Telnet path:
Setup > WAN > RADIUS
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
2.2.22.24 L2TP protocol
The protocol to be used.
Telnet path:
Setup > WAN > RADIUS
Possible values:
RADIUS
RADSEC
Default:
RADIUS
2.2.22.25 L2TP Secret
The shared secret between the device and the RADIUS server.
Telnet path:
Setup > WAN > RADIUS
Possible values:
Max. 64 characters from #[A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_. `
2.2.22.26 L2TP password
The password stored together with the host in the RADIUS server. After authentication, the password for the tunnel is
sent by the RADIUS server.
69
Menu Reference
2 Setup
Telnet path:
Setup > WAN > RADIUS
Possible values:
Max. 64 characters from #[A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_. `
2.2.22.27 L2TP attribute values
With this entry you configure the RADIUS attributes for the tunnel end point of the RADIUS server.
The attributes are specified in a semicolon-separated list of attribute numbers or names (according to RFC 2865, RFC
3162, RFC 4679, RFC 4818, RFC 7268) and a corresponding value in the form
<Attribute_1>=<Value_1>,<Attribute_2>=<Value_2>.
Variables can also be used as values (such as %n for the device name). Example: NAS-Identifier=%n.
Telnet path:
Setup > WAN > RADIUS
Possible values:
Max. 128 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.2.23 Polling table
In this table you can specify up to 4 IP addresses for non-PPP-based remote sites which are to be accessed for connection
monitoring purposes.
Telnet path:
Setup > WAN
2.2.23.1 Remote site
Name of the remote site which is to be checked with this entry.
Telnet path:
Setup > WAN > Polling-Table
Possible values:
Select from the list of defined peers.
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
70
Menu Reference
2 Setup
2.2.23.2 IP-address-1
IP addresses for targeting with ICMP requests to check the remote site.
Telnet path:
Setup > WAN > Polling-Table
Possible values:
Valid IP address
Default:
0.0.0.0
2.2.23.3 Time
Enter the ping interval here.
5
If you enter 0 here and for the re-tries, the default values will be used.
Telnet path:
Setup > WAN > Polling-Table
Possible values:
0 … 4294967295 Seconds
Default:
0
2.2.23.4 Try
If no reply to a ping is received then the remote site will be checked in shorter intervals. The device then tries to reach
the remote site once a second. The number of retries defines how many times these attempts are repeated.
Telnet path:
Setup > WAN > Polling-Table
Possible values:
0 … 255
Default:
0
Special values:
0
Uses the default value of 5 retries.
71
Menu Reference
2 Setup
2.2.23.5 IP-address-2
IP addresses for targeting with ICMP requests to check the remote site.
Telnet path:
Setup > WAN > Polling-Table
Possible values:
Valid IP address
Default:
0.0.0.0
2.2.23.6 IP-address-3
IP addresses for targeting with ICMP requests to check the remote site.
Telnet path:
Setup > WAN > Polling-Table
Possible values:
Valid IP address
Default:
0.0.0.0
2.2.23.7 IP-address-4
IP addresses for targeting with ICMP requests to check the remote site.
Telnet path:
Setup > WAN > Polling-Table
Possible values:
Valid IP address
Default:
0.0.0.0
2.2.23.8 Loopback-Addr.
Sender address sent with the ping; this is also the destination for the answering ping.
5
If the list of IP networks or loopback addresses contains an entry named 'DMZ' then the associated IP address
will be used.
Telnet path:
Setup > WAN > Polling-Table
72
Menu Reference
2 Setup
Possible values:
Name of the IP network whose address should be used, or any valid IP address
Special values:
INT
for the address of the first intranet
DMZ
for the address of the first DMZ
LB0 to LBF
for the 16 loopback addresses
2.2.23.9 Type
This setting influences the behavior of the polling.
Telnet path:
Setup > WAN > Polling-Table
Possible values:
Forced
The device polls in the given interval. This is the default behavior of LCOS versions <8.00, which did
not yet have this parameter.
Auto
The device only polls actively if it receives no data. ICMP packets received are not considered to be data
and are still ignored.
Default:
Forced
2.2.24 Backup peers
This table is used to specify a list of possible backup connections for each remote site.
Telnet path:
Setup > WAN
2.2.24.1 Remote site
Here you select the name of a remote site from the list of remote sites.
Telnet path:
Setup > WAN > Backup-Peers
Possible values:
Select from the list of backup peers.
73
Menu Reference
2 Setup
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.24.2 Alternative peers
Specify here one or more remote sites for backup connections.
Telnet path:
Setup > WAN > Backup-Peers
Possible values:
Select from the list of backup peers.
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.24.3 Head
Specify here whether the next connection is to be established to the number last reached successfully, or always to the
first number.
Telnet path:
Setup > WAN > Backup-Peers
Possible values:
First
Last
Default:
Last
2.2.25 Action table
With the action table you can define actions that are executed when the status of a WAN connection changes.
Telnet path:
Setup > WAN
74
Menu Reference
2 Setup
2.2.25.1 Index
The index gives the position of the entry in the table, and thus it must be unique. Entries in the action table are executed
consecutively as soon as there is a corresponding change in status of the WAN connection. The entry in the field 'Check
for' can be used to skip lines depending on the result of the action. The index sets the position of the entries in the table
(in ascending order) and thus significantly influences the behavior of actions when the option 'Check for' is used. The
index can also be used to actuate an entry in the action table via a cron job, for example to activate or deactivate an
entry at certain times.
Telnet path:
Setup > WAN > Action-Table
Possible values:
0 … 4294967295
Default:
0
2.2.25.2 Host name
Action name. This name can be referenced in the fields 'Action' and 'Check for' with the place holder %h (host name).
Telnet path:
Setup > WAN > Action-Table
Possible values:
Max. 64 characters
Default:
empty
2.2.25.3 Remote site
A change in status of this remote site triggers the action defined in this entry.
Telnet path:
Setup > WAN > Action-Table
Possible values:
Select from the list of defined peers.
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.25.4 Block time
Prevents this action from being repeated within the period defined here.
75
Menu Reference
2 Setup
Telnet path:
Setup > WAN > Action-Table
Possible values:
0 … 4294967295 Seconds
Default:
0
2.2.25.5 Condition
The action is triggered when the change in WAN-connection status set here occurs.
Telnet path:
Setup > WAN > Action-Table
Possible values:
Establish
The action is triggered when the connection has been established successfully.
Disconnect
The action is triggered when the device itself terminates the connection (e.g.by manual disconnection
or when the hold time expires).
Close
The action is triggered on disconnection (whatever the reason for this).
Error
This action is triggered on disconnects that were not initiated or expected by the device.
Establish failure
This action is triggered when a connection establishment was started but not successfully concluded.
Default:
Establish
2.2.25.6 Action
0 switches off the monitoring of the time budget. Only one action can be triggered per entry. The result of the actions
can be evaluated in the 'Check for' field.
Prefixes:
a exec: – This prefix initiates any command as it would be entered at the Telnet console. For example, the action
“exec:do /o/m/d” terminates all current connections.
a dnscheck: – This prefix initiates a DSN name resolution. For example, the action “dnscheck:myserver.dyndns.org”
requests the IP address of the indicated server.
a http: – This prefix initiates an HTTP-get request. A DynDNS update at dyndns.org is initiated with the following action:
http://username:[email protected]/nic/update?system=dyndns&hostname=%h&myip=%a (the
significance of the placeholders %h and %a are described in the following.)
a https: – Like 'http:', except that the connection is encrypted.
76
Menu Reference
2 Setup
a gnudip: – This prefix initiates a request to the corresponding DynDNS server via the GnuDIP protocol. For example,
you can use the following action to use the GnuDIP protocol to execute a DynDNS update at a DynDNS provider:
gnudip://gnudipsrv?method=tcp&user=myserver&domn=mydomain.org&pass=password&reqc=0&addr=%a
a repeat: – This prefix together with a time in seconds repeats all actions with the condition "Establish" as soon as the
connection has been established. For example, the action 'repeat 300' causes all of the establish actions to be
repeated every 5 minutes.
a mailto: – This prefix causes an e-mail to be sent. For example, you can use the following action to send an e-mail to
the system administrator when a connection is terminated: mailto:[email protected]?subject=VPN connection
broken at %t?body=VPN connection to branch office 1 was broken.
Optional variables for the actions:
a
a
a
a
a
a
a
a
a
%a – WAN IP address of the WAN connection relating to the action.
%H – Host name of the WAN connection relating to the action.
%h – Like %h, except the hostname is in small letters
%c – Connection name of the WAN connection relating to the action.
%n – Device name
%s – Device serial number
%m – Device MAC address (as in Sysinfo)
%t – Time and date in the format YYYY-MM-DD hh:mm:ss
%e – Description of the error that was reported when connection establishment failed.
Telnet path:
Setup > WAN > Action-Table
Possible values:
Max. 250 characters
Default:
empty
2.2.25.7 Check for
The result of the action can be evaluated here to determine the number of lines to be skipped in the processing of the
action table.
Prefixes/suffixes:
a contains= – This prefix checks if the result of the action contains the defined string.
a isequal= – This prefix checks if the result of the action is exactly equal to the defined string.
a ?skipiftrue= – This suffix skips the defined number of lines in the list of actions if the result of the "contains" or
"isequal" query is TRUE.
a ?skipiffalse= – This suffix skips the defined number of lines in the list of actions if the result of the "contains" or
"isequal" query is FALSE.
Optional variables for the actions:
a
a
a
a
a
a
a
%a – WAN IP address of the WAN connection relating to the action.
%H – Host name of the WAN connection relating to the action.
%h – Like %h, except the hostname is in small letters
%c – Connection name of the WAN connection relating to the action.
%n – Device name
%s – Device serial number
%m – Device MAC address (as in Sysinfo)
77
Menu Reference
2 Setup
a %t – Time and date in the format YYYY-MM-DD hh:mm:ss
a %e – Description of the error that was reported when connection establishment failed.
Telnet path:
Setup > WAN > Action-Table
Possible values:
Max. 50 characters
Default:
empty
2.2.25.8 Operating
Activates or deactivates this entry.
Telnet path:
Setup > WAN > Action-Table
Possible values:
Yes
No
Default:
Yes
2.2.25.9 Owner
Owner of the action. The exec actions are executed with the rights of the owner. If the owner does not have the necessary
rights (e.g. administrators with write access) then the action will not be carried out.
Telnet path:
Setup > WAN > Action-Table
Possible values:
Select from the administrators defined in the device
Max. 16 characters
Default:
root
2.2.25.10 Routing-Tag
Routing tags are used to associate actions in the action table with a specific WAN connection. The device performs the
action over the connection that is marked with this routing tag.
78
Menu Reference
2 Setup
Telnet path:
Setup > WAN > Action-Table
Possible values:
0 … 65535
Default:
0
2.2.26 MTU-List
This table allows you to set alternative MTU (Maximum Transfer Unit) values to those automatically negotiated by default.
Telnet path:
Setup > WAN
2.2.26.1 Remote site
Enter the name of the remote site here. This name has to agree with the entry in the list of peers/remote sites. You can
also select a name directly from the list of peers / remote sites.
Telnet path:
Setup > WAN > MTU-List
Possible values:
Select from the list of defined peers.
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.26.2 MTU
Here you can manually define a maximum MTU per connection in addition to the automatic MTU settings. Enter the
maximum IP packet length/size in bytes. Smaller values lead to greater fragmentation of the payload data.
Telnet path:
Setup > WAN > MTU-List
Possible values:
0 … 9999 Bytes
Default:
0
79
Menu Reference
2 Setup
2.2.30 Additional PPTP gateways
Here you can define up to 32 additional gateways to ensure the availability of PPTP peers. Each of the PPTP peers has
the possibility of using up to 33 gateways. The additional gateways can be defined in a supplementary list.
Telnet path:
Setup > WAN
2.2.30.1 Remote site
Here you select the PPTP remote site that this entry applies to.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Select from the list of defined PPTP remote stations.
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.30.2 Begin with
Here you select the order in which the entries are to be tried.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Last used
Selects the entry for the connection which was successfully used most recently.
First
Selects the first of the configured remote sites.
Random
Selects one of the configured remote sites at random. This setting provides an effective measure for
load balancing between the gateways at the headquarters.
Default:
Last used
2.2.30.3 Gateway -1
Enter the IP address of the additional gateway to be used for this PPTP remote station.
80
Menu Reference
2 Setup
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.4 Rtg-Tag-1
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.5 Gateway -2
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.6 Rtg-Tag-2
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
81
Menu Reference
2 Setup
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.7 Gateway -3
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.8 Rtg-Tag-3
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.9 Gateway -4
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
82
Menu Reference
2 Setup
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.10 Rtg-Tag-4
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.11 Gateway -5
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.12 Rtg-Tag-5
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
83
Menu Reference
2 Setup
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.13 Gateway -6
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.14 Rtg-Tag-6
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.15 Gateway -7
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
84
Menu Reference
2 Setup
Default:
empty
2.2.30.16 Rtg-Tag-7
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.17 Gateway -8
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.18 Rtg-Tag-8
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
85
Menu Reference
2 Setup
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.19 Gateway -9
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.20 Rtg-Tag-9
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.21 Gateway -10
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
86
Menu Reference
2 Setup
2.2.30.22 Rtg-Tag-10
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.23 Gateway -11
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.24 Rtg-Tag-11
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
87
Menu Reference
2 Setup
2.2.30.25 Gateway -12
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.26 Rtg-Tag-12
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.27 Gateway -13
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.28 Rtg-Tag-13
Enter the routing tag for setting the route to the relevant remote gateway.
88
Menu Reference
2 Setup
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.29 Gateway -14
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.30 Rtg-Tag-14
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.31 Gateway -15
Enter the IP address of the additional gateway to be used for this PPTP remote station.
89
Menu Reference
2 Setup
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.32 Rtg-Tag-15
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.33 Gateway -16
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.34 Rtg-Tag-16
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
90
Menu Reference
2 Setup
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.35 Gateway -17
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.36 Rtg-Tag-17
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.37 Gateway -18
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
91
Menu Reference
2 Setup
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.38 Rtg-Tag-18
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.39 Gateway -19
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.40 Rtg-Tag-19
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
92
Menu Reference
2 Setup
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.41 Gateway -20
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.42 Rtg-Tag-20
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.43 Gateway -21
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
93
Menu Reference
2 Setup
Default:
empty
2.2.30.44 Rtg-Tag-21
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.45 Gateway -22
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.46 Rtg-Tag-22
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
94
Menu Reference
2 Setup
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.47 Gateway -23
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.48 Rtg-Tag-23
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.49 Gateway -24
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
95
Menu Reference
2 Setup
2.2.30.50 Rtg-Tag-24
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.51 Gateway -25
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.52 Rtg-Tag-25
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
96
Menu Reference
2 Setup
2.2.30.53 Gateway -26
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.54 Rtg-Tag-26
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.55 Gateway -27
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.56 Rtg-Tag-27
Enter the routing tag for setting the route to the relevant remote gateway.
97
Menu Reference
2 Setup
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.57 Gateway -28
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.58 Rtg-Tag-28
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.59 Gateway -29
Enter the IP address of the additional gateway to be used for this PPTP remote station.
98
Menu Reference
2 Setup
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.60 Rtg-Tag-29
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.61 Gateway -30
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.62 Rtg-Tag-30
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
99
Menu Reference
2 Setup
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.63 Gateway -31
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.64 Rtg-Tag-31
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.30.65 Gateway -32
Enter the IP address of the additional gateway to be used for this PPTP remote station.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
100
Menu Reference
2 Setup
Possible values:
Valid IP address, max. 63 characters
Default:
empty
2.2.30.66 Rtg-Tag-32
Enter the routing tag for setting the route to the relevant remote gateway.
Telnet path:
Setup > WAN > Additional-PPTP-Gateways
Possible values:
0 … 65535
Default:
0
Special values:
0
The routing tag configured for this remote station in the PPTP connection list is taken for the associated
gateway.
2.2.31 PPTP source check
With this entry you specify the basis used by the PPTP (point-to-point tunneling protocol) to check incoming connections.
Telnet path:
Setup > WAN
Possible values:
Address
The PPTP checks the address only. This is the standard behavior of older versions of LCOS without this
parameter.
Tag+address
The PPTP checks the address and also the routing tag of interface to be used for the connection.
Default:
Address
2.2.35 L2TP endpoints
The table contains the basic settings for the configuration of an L2TP tunnel.
101
Menu Reference
2 Setup
5
To authenticate RAS connections by RADIUS and without configuring a router, this table needs a default entry
with the following values:
Identifier: DEFAULT
Poll: 20
Auth-peer: yes
Hide: no
All other values must remain empty. With 'Auth-Peer' set to 'No' in the DEFAULT entry, all hosts will be accepted
unchecked and only the PPP sessions are authenticated.
Telnet path:
Setup > WAN
2.2.35.1 Identifier
The name of the tunnel endpoint. If an authenticated L2TP tunnel is to be established between two devices, the entries
'Identifier' and 'Hostname' need to cross match.
Telnet path:
Setup > WAN > L2TP-Endpoints
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
2.2.35.2 IP address
The IP address of the tunnel endpoint. An FQDN can be specified instead of an IP address (IPv4 or IPv6).
Telnet path:
Setup > WAN > L2TP-Endpoints
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.35.3 Rtg-Tag
The tag assigned to the route to the tunnel endpoint is specified here.
Telnet path:
Setup > WAN > L2TP-Endpoints
Possible values:
0 … 65535
102
Menu Reference
2 Setup
2.2.35.4 Port
UDP port to be used.
Telnet path:
Setup > WAN > L2TP-Endpoints
Possible values:
0 … 65535
Default:
1701
2.2.35.5 Poll
The polling interval in seconds.
Telnet path:
Setup > WAN > L2TP-Endpoints
Possible values:
0 … 65535
Default:
20
2.2.35.6 Host name
User name for the authentication If an authenticated L2TP tunnel is to be established between two devices, the entries
'Identifier' and 'Hostname' need to cross match.
Telnet path:
Setup > WAN > L2TP-Endpoints
Possible values:
Max. 64 characters from #[A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_. `
2.2.35.7 Password
The password for the authentication This is also used to hide the tunnel negotiations, if the function is activated.
Telnet path:
Setup > WAN > L2TP-Endpoints
Possible values:
Max. 32 characters from #[A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_. `
103
Menu Reference
2 Setup
2.2.35.8 Auth-Peer
Specifies whether the remote station should be authenticated.
Telnet path:
Setup > WAN > L2TP-Endpoints
Possible values:
No
Yes
Default:
No
2.2.35.9 Hide
Specifies whether tunnel negotiations should be hidden by using the specified password.
Telnet path:
Setup > WAN > L2TP-Endpoints
Possible values:
No
Yes
Default:
No
2.2.35.10 Source address
Here you can optionally specify a loopback address for the device to use as the target address instead of the one that
would normally be selected automatically.
4
5
If the list of IP networks or source addresses contains an entry named 'DMZ', then the associated IP address will
be used.
If the source address set here is a loopback address, this will be used unmasked even on masked remote clients.
Telnet path:
Setup > WAN > L2TP-Endpoints
Possible values:
Valid entry from the list of possible addresses.
Name of the IP networks whose addresses are to be used.
"INT" for the address of the first intranet
104
Menu Reference
2 Setup
"DMZ" for the address of the first DMZ
LB0 to LBF for the 16 loopback addresses
Any valid IP address
empty
Default:
2.2.36 L2TP-Additional-Gateways
This table allows you to specify up to 32 redundant gateways for each L2TP tunnel.
Telnet path:
Setup > WAN
2.2.36.1 Identifier
The name of the tunnel endpoint as also used in the table of L2TP endpoints.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
2.2.36.2 Begin with
This setting specifies which redundant gateway is used first.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Last used
This selects the last successfully used gateway.
First
This always selects the first gateway.
Random
A random gateway is selected at each attempt.
Default:
Last used
105
Menu Reference
2 Setup
2.2.36.3 Gateway -1
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.4 Rtg-Tag-1
The routing tag of the route where Gateway-1 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.5 Gateway -2
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.6 Rtg-Tag-2
The routing tag of the route where Gateway-2 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.7 Gateway -3
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
106
Menu Reference
2 Setup
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.8 Rtg-Tag-3
The routing tag of the route where Gateway-3 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.9 Gateway -4
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.10 Rtg-Tag-4
The routing tag of the route where Gateway-4 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.11 Gateway -5
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
107
Menu Reference
2 Setup
2.2.36.12 Rtg-Tag-5
The routing tag of the route where Gateway-5 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.13 Gateway -6
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.14 Rtg-Tag-6
The routing tag of the route where Gateway-6 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.15 Gateway -7
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.16 Rtg-Tag-7
The routing tag of the route where Gateway-7 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
108
Menu Reference
2 Setup
Possible values:
0 … 65535
2.2.36.17 Gateway -8
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.18 Rtg-Tag-8
The routing tag of the route where Gateway-8 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.19 Gateway -9
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.20 Rtg-Tag-9
The routing tag of the route where Gateway-9 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
109
Menu Reference
2 Setup
2.2.36.21 Gateway -10
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.22 Rtg-Tag-10
The routing tag of the route where Gateway-10 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.23 Gateway -11
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.24 Rtg-Tag-11
The routing tag of the route where Gateway-11 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.25 Gateway -12
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
110
Menu Reference
2 Setup
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.26 Rtg-Tag-12
The routing tag of the route where Gateway-12 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.27 Gateway -13
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.28 Rtg-Tag-13
The routing tag of the route where Gateway-13 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.29 Gateway -14
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
111
Menu Reference
2 Setup
2.2.36.30 Rtg-Tag-14
The routing tag of the route where Gateway-14 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.31 Gateway -15
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.32 Rtg-Tag-15
The routing tag of the route where Gateway-15 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.33 Gateway -16
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.34 Rtg-Tag-16
The routing tag of the route where Gateway-16 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
112
Menu Reference
2 Setup
Possible values:
0 … 65535
2.2.36.35 Gateway -17
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.36 Rtg-Tag-17
The routing tag of the route where Gateway-17 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.37 Gateway -18
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.38 Rtg-Tag-18
The routing tag of the route where Gateway-18 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
113
Menu Reference
2 Setup
2.2.36.39 Gateway -19
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.40 Rtg-Tag-19
The routing tag of the route where Gateway-19 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.41 Gateway -20
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.42 Rtg-Tag-20
The routing tag of the route where Gateway-20 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.43 Gateway -21
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
114
Menu Reference
2 Setup
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.44 Rtg-Tag-21
The routing tag of the route where Gateway-21 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.45 Gateway -22
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.46 Rtg-Tag-22
The routing tag of the route where Gateway-22 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.47 Gateway -23
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
115
Menu Reference
2 Setup
2.2.36.48 Rtg-Tag-23
The routing tag of the route where Gateway-23 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.49 Gateway -24
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.50 Rtg-Tag-24
The routing tag of the route where Gateway-24 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.51 Gateway -25
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.52 Rtg-Tag-25
The routing tag of the route where Gateway-25 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
116
Menu Reference
2 Setup
Possible values:
0 … 65535
2.2.36.53 Gateway -26
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.54 Rtg-Tag-26
The routing tag of the route where Gateway-26 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.55 Gateway -27
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.56 Rtg-Tag-27
The routing tag of the route where Gateway-27 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
117
Menu Reference
2 Setup
2.2.36.57 Gateway -28
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.58 Rtg-Tag-28
The routing tag of the route where Gateway-28 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.59 Gateway -29
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.60 Rtg-Tag-29
The routing tag of the route where Gateway-29 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.61 Gateway -30
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
118
Menu Reference
2 Setup
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.62 Rtg-Tag-30
The routing tag of the route where Gateway-30 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.63 Gateway -31
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.2.36.64 Rtg-Tag-31
The routing tag of the route where Gateway-31 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.36.65 Gateway -32
The first alternative IP address (IPv4 or IPv6) or FQDN of the tunnel endpoint.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
119
Menu Reference
2 Setup
2.2.36.66 Rtg-Tag-32
The routing tag of the route where Gateway-32 can be reached.
Telnet path:
Setup > WAN > L2TP-Additional-Gateways
Possible values:
0 … 65535
2.2.37 L2TP-Peers
In this table, the tunnel endpoints are linked with the L2TP remote stations that are used in the routing table. An entry
in this table is required for outgoing connections if an incoming session should be assigned an idle timeout not equal
to zero, or if the use of a particular tunnel is to be forced.
Telnet path:
Setup > WAN
2.2.37.1 Remote site
Name of the L2TP remote station.
Telnet path:
Setup > WAN > L2TP-Peers
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
2.2.37.2 L2TP endpoint
Name of the tunnel endpoint
Telnet path:
Setup > WAN > L2TP-Peers
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
2.2.37.3 SH time
Idle timeout in seconds.
Telnet path:
Setup > WAN > L2TP-Peers
120
Menu Reference
2 Setup
Possible values:
0 … 9999
2.2.38 L2TP source check
The default setting checks the sender address of an incoming tunnel. The tunnel is established if the address is part of
the configured gateway for the tunnel or if no gateways have been configured at all. It is also possible to check the
routing tag of incoming packets. Note that only routing tags not equal to zero will be checked.
Telnet path:
Setup > WAN
Possible values:
Address
Tag+address
Default:
Address
2.2.40 DS-Lite-Tunnel
Dual-Stack Lite, abbreviated DS-Lite, is used so that Internet providers can supply their customers with access to IPv4
servers over an IPv6 connection. That is necessary, for example, if an Internet provider is forced to supply its customer
with an IPv6 address due to the limited availability of IPv4 addresses. In contrast to the other three IPv6 tunnel methods
"6in4", "6rd" and "6to4", DS-Lite is also used to transmit IPv4 packets on an IPv6 connection (IPv4 viaIPv6 tunnel).
For this, the device packages the IPv4 packets in an IPv4-in-IPv6 tunnel and transmits them unmasked to the provider,
who then performs a NAT with one of their own remaining IPv4 addresses.
To define a DS-Lite tunnel, all the device needs is the IPv6 address of the tunnel endpoint and the routing tag with which
it can reach this address.
Telnet path:
Setup > WAN
2.2.40.1 Name
Enter the name for the tunnel.
Telnet path:
Setup > WAN > DS-Lite-Tunnel
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
121
Menu Reference
2 Setup
2.2.40.2 Gateway address
This entry defines the address of the DS-Lite gateway, the so-called Address Family Transition Router (AFTR). Enter a
valid value from the following selection:
a One IPv6 address (e.g. 2001:db8::1)
a An FQDN (Fully Qualified Domain Name) that can be resolved by DNS, e.g., aftr.example.com
a The IPv6 unspecified address "::" determines that the device should retrieve the address of the AFTRs via DHCPv6
(factory setting).
a An empty field behaves the same as the entry "::".
Telnet path:
Setup > WAN > DS-Lite-Tunnel
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
Default:
empty
2.2.40.3 Rtg-Tag
Enter the routing tag where the device reaches the gateway.
Telnet path:
Setup > WAN > DS-Lite-Tunnel
Possible values:
Max. 5 characters from [0-9]
Default:
empty
2.2.45 X.25-Bridge
This menu contains the settings for the TCP-X.25 bridge.
Telnet path:
Setup > WAN
2.2.45.2 Outgoing calls
This table contains the settings for the incoming TCP connections (of the LAN remote site) and outgoing X.25 connections
(for the X.25 remote site).
Telnet path:
Setup > WAN > X.25-Bridge
122
Menu Reference
2 Setup
2.2.45.2.1 Name
Enter a name for the table entry or the X.25 connection that has to be configured.
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.2.45.2.2 Prio
Specify the priority of the selected X.25 connection. The lower the value, the higher the priority.
4
LCOS sorts the displayed table entries in descending order according to the priorities.
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
0 … 65535
Default:
0
2.2.45.2.3 Terminal IP
Enter the IPv4 address of the remote site in your LAN to be used to send data packets over the selected X.25 connection.
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
Max. 39 characters from [0-9][A-F][a-f]:.
Special values:
0.0.0.0
The TCP-X.25 bridge can be used for all remote sites, not only those in your LAN but also those from
the WAN.
Default:
0.0.0.0
2.2.45.2.4 Terminal port
Enter the port of the remote site in your LAN that the remote site can use to send data packets.
123
Menu Reference
2 Setup
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
0 … 65535
Special values:
0
The TCP-X.25 bridge allows connections using any port.
Default:
0
2.2.45.2.5 Loopback address
Specify the IPv4 address, which has an ARF context used by your device to receive connections from the terminal. The
loopback address replaces the entries for IP address and routing tag. The device selects the routing tag and its local
address based on the loopback address. If the loopback address is empty, the device accepts connections on any address
(even the WAN!).
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.45.2.6 Local port
Enter the TCP port which your device uses to make a connection to the X.25 remote site.
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
1 … 65535
Default:
1998
2.2.45.2.7 ISDN-remote
Enter the ISDN phone number of the X.25 remote site.
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
124
Menu Reference
2 Setup
Possible values:
Max. 21 characters [0-9]
Default:
0
2.2.45.2.8 ISDN local
Enter the ISDN phone number that your device uses as its outgoing number.
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
Max. 21 characters [0-9]
Default:
empty
2.2.45.2.9 X.25-Remote
Enter the X.25 address of the X.25 remote site.
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
Max. 14 characters [0-9]
Default:
empty
2.2.45.2.10 X.25-Local
Enter the X.25 address of the device.
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
Max. 14 characters [0-9]
Default:
empty
125
Menu Reference
2 Setup
2.2.45.2.11 Protocol-ID
Enter the X.25 protocol number. Your device enters this ID as bytes 0 to 3 in the X.25User data .
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
Max. 8 characters [0-9][a-f]
Default:
00000000
2.2.45.2.12 User data
You can store additional information in the X.25 data packets that your device transmits to the X.25 remote site.
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
Max. 8 characters [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`#
Default:
empty
2.2.45.2.13 Payload size
Specify the size of the X.25 payload. Only powers of two between 16 and 1,024 are allowed.
4
The X.25 standard makes it possible to specify different sizes for sent and received packets. The configuration
relates to both directions.
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
16 … 1024 Bytes
Default:
128
2.2.45.3 Incoming calls
This table contains a list of incoming calls.
Telnet path:
Setup > WAN > X.25-Bridge
126
Menu Reference
2 Setup
2.2.45.3.1 Name
This entry contains the name of the incoming call.
Telnet path:
Setup > WAN > X.25-Bridge > Incoming-Calls
2.2.45.3.2 ISDN-local
Enter the ISDN phone number that your device uses as its outgoing number.
Telnet path:
Setup > WAN > X.25-Bridge > Incoming-Calls
Possible values:
Max. 21 characters [0-9]
Default:
empty
2.2.45.3.3 ISDN-remote
Enter the ISDN phone number of the X.25 remote site.
Telnet path:
Setup > WAN > X.25-Bridge > Incoming-Calls
Possible values:
Max. 21 characters [0-9]
Default:
0
2.2.45.3.4 X.25-Local
Enter the X.25 address of the device.
Telnet path:
Setup > WAN > X.25-Bridge > Incoming-Calls
Possible values:
Max. 14 characters [0-9]
Default:
empty
127
Menu Reference
2 Setup
2.2.45.3.5 X.25-Remote
Enter the X.25 address of the X.25 remote site.
Telnet path:
Setup > WAN > X.25-Bridge > Incoming-Calls
Possible values:
Max. 14 characters [0-9]
Default:
empty
2.2.45.3.6 Protocol-ID
Enter the X.25 protocol number. Your device enters this ID as bytes 0 to 3 in the X.25-Userdata.
Telnet path:
Setup > WAN > X.25-Bridge > Incoming-Calls
Possible values:
Max. 8 characters [0-9][a-f]
Default:
00000000
2.2.45.3.7 User data
You can store additional information in the X.25 data packets that your device transmits to the X.25 remote site.
Telnet path:
Setup > WAN > X.25-Bridge > Incoming-Calls
Possible values:
Max. 8 characters [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`#
Default:
empty
2.2.45.3.7 Payload size
Specify the size of the X.25 payload. Only powers of two between 16 and 1,024 are allowed.
4
The X.25 standard makes it possible to specify different sizes for sent and received packets. The configuration
relates to both directions.
Telnet path:
Setup > WAN > X.25-Bridge > Incoming-Calls
128
Menu Reference
2 Setup
Possible values:
16 … 1024 Bytes
Default:
128
2.2.45.3.9 Terminal IP
Enter the IPv4 address of the remote site in your LAN to be used to send data packets over the selected X.25 connection.
Telnet path:
Setup > WAN > X.25-Bridge > Incoming-Calls
Possible values:
Max. 39 characters from [0-9][A-F][a-f]:.
Special values:
0.0.0.0
The TCP-X.25 bridge can be used for all remote sites, not only those in your LAN but also those from
the WAN.
Default:
0.0.0.0
2.2.45.3.10 Terminal port
Enter the port of the remote site in your LAN that the remote site can use to send data packets.
Telnet path:
Setup > WAN > X.25-Bridge > Incoming-Calls
Possible values:
0 … 65535
Special values:
0
The TCP-X.25 bridge allows connections using any port.
Default:
0
2.2.45.3.11 Loopback address
Specify the IPv4 address, which has an ARF context used by your device to receive connections from the terminal. The
loopback address replaces the entries for IP address and routing tag. The device selects the routing tag and its local
address based on the loopback address. If the loopback address is empty, the device accepts connections on any address
(even the WAN!).
129
Menu Reference
2 Setup
Telnet path:
Setup > WAN > X.25-Bridge > Outgoing-Calls
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.45.4 Disconnect delay
Using these parameters you define the time that the device waits after establishing the X.25 connection before it
disconnects the ISDN connection. Within this time period no other X.25 connections can be established without completely
re-establishing the ISDN connection.
Telnet path:
Setup > WAN > X.25-Bridge
Possible values:
0 … 99 Seconds
Special values:
0
This parameter disables the waiting period. The device disconnects ISDN connections in conjunction
with the X.25 connection.
Default:
5
2.2.45.5 Data trace
This parameter enables and disables the tracing of data packets that pass the X.25 bridge. The trace is output on the
console where you enabled the trace.
Telnet path:
Setup > WAN > X.25-Bridge
Possible values:
Off
The device does not output any traces.
On
The device does not output any trace data in the direction of the transmission and the number of the
data bytes. Example of a data trace:
[X.25-Bridge] 2014/01/15 13:55:39,331 Receiving 256 bytes of data from X.25.
130
Menu Reference
2 Setup
Advanced
Identical to On, although the device additionally outputs the data as a dump. Example for a data trace
with added dump output (excerpt):
[X.25-Bridge] 2014/01/15 13:55:39,331 Receiving 256 bytes of data from X.25.
Adr:= 04394380 Len:= 00000100 00000000: C2 79 .. 46 60 50 8C .. E3 B7 |
.6y..GF` P....... 00000010: 2D AE .. 24 5D E9 B6 .. 40 59 | -.0..U$] [email protected]
00000030: A5 36 .. 3C 6B 01 21 .. 9D 14 | .6.M..<k .!H..u.. 00000040: 94
38 .. 89 AA 54 22 .. 81 F7 | .8..2m.. T".=.... 00000050: E0 7C .. F3 28
B6 E8 .. 74 2F | .|.....( ..a]b.t/ [...]
Default:
Off
2.2.50 EoGRE-Tunnel
The current version of LCOS provides a number of "Ethernet over GRE" tunnels (EoGRE) to transmit Ethernet packets via
GRE. You configure the various EoGRE tunnels here.
Telnet path:
Setup > WAN
2.2.50.1 Interface
Name of the selected EoGRE tunnel.
Telnet path:
Setup > WAN > EoGRE-Tunnel
2.2.50.2 Operating
Activates or deactivates the EoGRE tunnel. Deactivated EoGRE tunnels do not send or receive any data.
Telnet path:
Setup > WAN > EoGRE-Tunnel
Possible values:
Yes
No
Default:
No
131
Menu Reference
2 Setup
2.2.50.3 IP address
Address of the EoGRE tunnel endpoint (valid IPv4 or IPv6 address or FQDN).
Telnet path:
Setup > WAN > EoGRE-Tunnel
Possible values:
Max. 64 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.50.4 Routing-Tag
Routing tag for the connection to the EoGRE tunnel endpoint.
Telnet path:
Setup > WAN > EoGRE-Tunnel
Possible values:
0 … 65535
Default:
0
2.2.50.5 Key present
Here you specify whether the GRE header should contain a key for data-flow control.
If you enable this feature, the device inserts the value set in the key field into the GRE header for this EoGRE tunnel. The
device only maps incoming data packets to this EoGRE tunnel if their GRE header contains an identical key value.
With this feature disabled, the GRE header of outgoing data packets does not contain a key value. The device only maps
incoming data packets to this EoGRE tunnel if their GRE header similarly does not contain a key value.
Telnet path:
Setup > WAN > EoGRE-Tunnel
Possible values:
Yes
No
Default:
No
132
Menu Reference
2 Setup
2.2.50.6 Key value
The key that assures data-flow control in this EoGRE tunnel.
Telnet path:
Setup > WAN > EoGRE-Tunnel
Possible values:
0 … 4294967295
Default:
0
2.2.50.7 Checksum
Here you specify whether the GRE header should contain a check sum.
With the check sum function enabled, the device calculates a checksum for the transmitted data and attaches this to
the GRE tunnel header. If the GRE header of incoming data contains a checksum, the device checks this against the
transmitted data. The device discards any data received with an erroneous or missing check sum.
With the checksum function disabled, the device sends all tunnel data without a checksum and it expected data packets
without a checksum. Incoming data packets with a checksum in the GRE header are discarded.
Telnet path:
Setup > WAN > EoGRE-Tunnel
Possible values:
Yes
No
Default:
No
2.2.50.8 Sequencing
Here you specify whether the GRE header contains information about the sequence of the data packets.
With this feature enabled, the device includes a counter in the GRE header of outgoing data packets in order to
communicate the sequence of the data packets to the EoGRE tunnel endpoint. The device analyses the sequence of
incoming data packets and drops packets with an incorrect or missing packet sequence.
Telnet path:
Setup > WAN > EoGRE-Tunnel
133
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
No
2.2.50.9 Loopback address
This entry contains the loopback address of the EoGRE tunnel.
Telnet path:
Setup > WAN > EoGRE-Tunnel
Possible values:
Max. 16 characters from [0-9].
Default:
empty
2.2.51 GRE-Tunnel
GRE is a tunneling protocol that encapsulates any layer-3 data packets (including IP, IPSec, ICMP, etc.) into virtual
point-to-point network connections. You configure the various GRE tunnels here.
Telnet path:
Setup > WAN
2.2.51.1 Remote site
The name of the remote station for this GRE tunnel. Use this name in the routing table in order to send data through
this GRE tunnel.
Telnet path:
Setup > WAN > GRE-Tunnel
2.2.51.3 IP address
Address of the GRE tunnel endpoint (valid IPv4 or IPv6 address or FQDN).
Telnet path:
Setup > WAN > GRE-Tunnel
134
Menu Reference
2 Setup
Possible values:
Max. 64 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.2.51.4 Routing-Tag
Routing tag for the connection to the GRE tunnel endpoint.
Telnet path:
Setup > WAN > GRE-Tunnel
Possible values:
0 … 65535
Default:
0
2.2.51.5 Key present
Here you specify whether the GRE header should contain a key for data-flow control.
If you enable this feature, the device inserts the value set in the key field into the GRE header for this GRE tunnel. The
device only maps incoming data packets to this GRE tunnel if their GRE header contains an identical key value.
With this feature disabled, the GRE header of outgoing data packets does not contain a key value. The device only maps
incoming data packets to this GRE tunnel if their GRE header similarly does not contain a key value.
Telnet path:
Setup > WAN > GRE-Tunnel
Possible values:
Yes
No
Default:
No
2.2.51.6 Key value
The key that assures data-flow control in this GRE tunnel.
Telnet path:
Setup > WAN > GRE-Tunnel
135
Menu Reference
2 Setup
Possible values:
0 … 4294967295
Default:
0
2.2.51.7 Checksum
Here you specify whether the GRE header should contain a check sum.
With the check sum function enabled, the device calculates a checksum for the transmitted data and attaches this to
the GRE tunnel header. If the GRE header of incoming data contains a checksum, the device checks this against the
transmitted data. The device discards any data received with an erroneous or missing check sum.
With the checksum function disabled, the device sends all tunnel data without a checksum and it expected data packets
without a checksum. Incoming data packets with a checksum in the GRE header are discarded.
Telnet path:
Setup > WAN > GRE-Tunnel
Possible values:
Yes
No
Default:
No
2.2.51.8 Sequencing
Here you specify whether the GRE header contains information about the sequence of the data packets.
With this feature enabled, the device includes a counter in the GRE header of outgoing data packets in order to
communicate the sequence of the data packets to the GRE tunnel endpoint. The device analyses the sequence of incoming
data packets and drops packets with an incorrect or missing packet sequence.
Telnet path:
Setup > WAN > GRE-Tunnel
Possible values:
Yes
No
Default:
No
136
Menu Reference
2 Setup
2.2.51.9 Source address
Here you can optionally specify a source address for the device to use as the target address instead of the one that would
normally be selected automatically.
4
If the list of IP networks or loopback addresses contains an entry named 'DMZ', then the associated IP address
will be used.
Telnet path:
Setup > WAN > GRE-Tunnel
Possible values:
Valid entry from the list of possible addresses.
Name of the IP networks whose addresses are to be used.
"INT" for the address of the first intranet
"DMZ" for the address of the first DMZ
LB0 to LBF for the 16 loopback addresses
Any valid IP address
empty
Default:
2.2.53 SSL-for-Action-Table
This menu contains the SSL settings for the action table.
Telnet path:
Setup > WAN
2.2.53.1 Versions
Here you select the encryption version(s) to be used.
Telnet path:
Setup > WAN > SSL-for-Action-Table
Possible values:
SSLv3
TLSv1
TLSv1.1
TLSv1.2
Default:
TLSv1
137
Menu Reference
2 Setup
2.2.53.2 Key-exchange algorithms
Here you select the algorithms to be used for the key exchange.
Telnet path:
Setup > WAN > SSL-for-Action-Table
Possible values:
RSA
DHE
ECDHE
Default:
RSA
DHE
ECDHE
2.2.53.3 Crypto algorithms
Here you select the encryption algorithms to be used.
Telnet path:
Setup > WAN > SSL-for-Action-Table
Possible values:
RC4-40
RC4-56
RC4-128
DES40
DES
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
Default:
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
138
Menu Reference
2 Setup
2.2.53.4 Hash algorithms
Here you select the hash algorithms to be used.
Telnet path:
Setup > WAN > SSL-for-Action-Table
Possible values:
MD5
SHA1
SHA-256
SHA-384
SHA2-256
SHA2-384
Default:
MD5
SHA1
SHA-256
SHA-384
SHA2-256
SHA2-384
2.2.53.5 Prefer PFS
Specify whether PFS (perfect forward secrecy) is enabled for the SSL/TLS secured connection.
5
To disable this function, uncheck the box.
Telnet path:
Setup > WAN > SSL-for-Action-Table
Possible values:
Yes
Default:
Yes
2.2.53.6 Renegotiations
Specify whether new negotiations are permitted for secure connections.
139
Menu Reference
2 Setup
Telnet path:
Setup > WAN > SSL-for-Action-Table
Possible values:
No
Forbidden
Allowed
Ignored
Default:
Allowed
2.2.53.7 Elliptic curves
Here you specify which elliptic curves are to be used for encryption.
Telnet path:
Setup > WAN > SSL-for-Action-Table
Possible values:
secp256r1
secp384r1
secp521r1
Default:
secp256r1
secp384r1
secp521r1
2.2.53.21 Signature hash algorithms
Use this entry to specify which hash algorithm is used to encrypt the signature.
Telnet path:
Setup > WAN > SSL-for-Action-Table
140
Menu Reference
2 Setup
Possible values:
MD5-RSA
SHA1-RSA
SHA224-RSA
SHA256-RSA
SHA384-RSA
SHA512-RSA
Default:
SHA1-RSA
SHA224-RSA
SHA256-RSA
SHA384-RSA
SHA512-RSA
2.2.60 VLANs
This menu contains the editable configuration of VLAN assignments for different Internet service providers.
Telnet path:
Setup > WAN
2.2.60.1 Provider list
This table contains the Internet service providers for whom VLANs should be checked in addition to VLAN 0. For this
check, LCOS uses the "User name" entry in the PPP list under Communication > Protocols.
Telnet path:
Setup > WAN > VLANs
2.2.60.1.1 Providers
Here you enter the user name specified under Communication > Protocols > PPP list in order to identify Internet
service providers that require the checking of additional VLANs.
5
"*" is defined as a wild card for this field so that, for example, entering "*@t-online.de" causes the setting
to be applied to all PPP list entries that end with @t-online.de.
Telnet path:
Setup > WAN > VLANs > Provider-List
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
141
Menu Reference
2 Setup
Default:
empty
2.2.60.1.2 VLAN-IDs
Here you specify the VLANs that are to be checked in addition to VLAN 0. The checking of additional VLANs only takes
place if the entry under Provider matches the user name in the PPP list.
5
You have the option of specifying a single VLAN or multiple comma-separated VLANs.
Telnet path:
Setup > WAN > VLANs > Provider-List
Possible values:
Max. 64 characters from [0-9]-,
Default:
empty
2.3 Charges
This menu contains the settings for charge management.
Telnet path:
Setup
2.3.1 Budget-Units
Specify here the maximum number of budget units that can be consumed in the time period defined above. Once this
limit is reached, the router establishes no further connections.
Telnet path:
Setup > Charges
Possible values:
max. 10 characters from [0-9]
Default:
830
2.3.2 Days-per-Period
Specify a period in days that will serve as the basis for the controlling the charges and time limits.
142
Menu Reference
2 Setup
Telnet path:
Setup > Charges
Possible values:
max. 10 characters from [0-9]
Default:
1
2.3.3 Spare-Units
Displays the number of charge units remaining for dial-in connections in the current period.
Telnet path:
Setup > Charges
2.3.4 Router-Units
Displays the number of minutes used by router connections in the current time period.
Telnet path:
Setup > Charges
2.3.5 Table budget
This table displays an overview of configured budgets for your interfaces, sorted by budget units.
Telnet path:
Setup > Charges
2.3.5.1 lfc.
The interface referred to by the entry.
Telnet path:
Setup > Charges > Table-Budget
2.3.5.2 Budget-Units
Displays the budget units used up for this interface.
Telnet path:
Setup > Charges > Table-Budget
143
Menu Reference
2 Setup
2.3.5.3 Spare-Units
Displays the remaining budgeted units for this interface.
Telnet path:
Setup > Charges > Table-Budget
2.3.5.4 Units
Displays the budgeted units used until now for this interface.
Telnet path:
Setup > Charges > Table-Budget
2.3.6 Total-Units
Displays the total of budgeted units used until now on all interfaces.
Telnet path:
Setup > Charges
2.3.7 Time-Table
This table displays an overview of configured budgets for your interfaces, sorted by budget minutes.
Telnet path:
Setup > Charges
2.3.7.1 lfc.
The interface referred to by the entry.
Telnet path:
Setup > Charges > Time-Table
2.3.7.2 Budget-minutes
Displays the budgeted minutes used up for this interface.
Telnet path:
Setup > Charges > Time-Table
144
Menu Reference
2 Setup
2.3.7.3 Spare-Minutes
Displays the remaining budgeted minutes for this interface.
Telnet path:
Setup > Charges > Time-Table
2.3.7.4 Minutes-active
Displays the budgeted minutes of activity for data connections on this interface.
Telnet path:
Setup > Charges > Time-Table
2.3.7.5 Minutes-passive
Displays the budgeted minutes that this interface was connected passively.
Telnet path:
Setup > Charges > Time-Table
2.3.8 DSL-Broadband-Minutes-Budget
Specify here the maximum number of online minutes that can be consumed in the time period defined above. Once this
limit is reached, the device establishes no further connections.
Telnet path:
Setup > Charges
Possible values:
max. 10 characters from [0-9]
Default:
600
2.3.9 Spare-DSL-Broadband-Minutes
Displays the number of minutes remaining for DSL broadband connections in the current period.
Telnet path:
Setup > Charges
145
Menu Reference
2 Setup
2.3.10 Router-DSL-Broadband-Budget
Displays the number of minutes used by DSL broadband connections in the current time period.
Telnet path:
Setup > Charges
2.3.11 Reserve-DSL-Broadband-Budget
Specify here the number of additional online minutes that are permitted within the above time period if the reserve is
activated.
Telnet path:
Setup > Charges
Possible values:
max. 10 characters from [0-9]
Default:
300
2.3.12 Activate-Additional-Budget
You can manually reset units, time and volume budgets.
Enter the name of the WAN connection as the parameter. You can reset all volume budgets with the parameter "*". If
you do not specify a parameter, you reset only the unit- and time counters.
5
By resetting the current budget, you remove any charge limiter that may be in effect.
Telnet path:
Setup > Charges
2.3.13 Dialup-Minutes-Budget
Specify here the maximum number of online minutes that can be consumed in the time period defined above. Once this
limit is reached, the device establishes no further connections.
Telnet path:
Setup > Charges
Possible values:
max. 10 characters from [0-9]
Default:
210
146
Menu Reference
2 Setup
2.3.14 Spare-Dialup-Minutes
Displays the number of minutes remaining for dial-in connections in the current period.
Telnet path:
Setup > Charges
Possible values:
max. 10 characters from [0-9]
Default:
210
2.3.15 Dialup-Minutes-Active
Displays the number of minutes used by dial-in connections in the current time period.
Telnet path:
Setup > Charges
2.3.16 Reset-Budgets
Some providers allow you an additional data volume or time limit if your budget is reached. This action can be used to
increase the volume- or time budget by an appropriate amount.
Specify the name of the WAN connection as well as the amount of the budget in MB as additional parameters. If you
do not specify a budget, you approve the full amount of the budget specified for this WAN connection.
5
By activating an additional budget, you remove any charge limiter that may be in effect.
Telnet path:
Setup > Charges
2.3.17 Volume-Budgets
Depending on your tariff plan, mobile or landline operators may activate bandwidth throttling if a certain data volume
is exceeded, also for flatrate plans. In this directory, you can set a data volume for each connection/remote station and
define an action that the device should perform when this limit is exceeded.
Telnet path:
Setup > Charges
2.3.17.1 Peer
Name of the remote station for which this data volume applies.
Select from the list of defined peers.
147
Menu Reference
2 Setup
Telnet path:
Setup > Charges > Volume-Budgets
Possible values:
max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.3.17.2 Limit-MB
Data volume in megabytes that applies to the specified remote station.
Telnet path:
Setup > Charges > Volume-Budgets
Possible values:
0 … 4294967295 MBytes
Default:
0
Special values:
0
No monitoring of data volume.
2.3.17.3 Action
Action to be executed by the device when the budget is exceeded.
You can also specify that the device should perform multiple actions. If they include the action disconnect, the device
performs this action as the last one.
Telnet path:
Setup > Charges > Volume-Budgets
Possible values:
syslog
The device stores a SYSLOG message (with the flag "Critical") that you can analyze with LANmonitor or
a special SYSLOG client.
mail
The device sends a message to the e-mail address that you specified under Setup > Charges >
Charging-Email.
disconnect
The device disconnects from the remote station.
5
148
The disconnect action activates the charge limiter. The device can no longer connect to this
remote until the end of the month unless you increase the volume budget for this remote site.
Menu Reference
2 Setup
2.3.18 Free networks
If data transfer to certain networks does not affect the volume budget for a remote site, you can exclude these networks
from the budgeting.
Telnet path:
Setup > Charges
2.3.18.1 Peer
Name of the remote station for which this exception applies. Select from the list of defined peers.
5
You can make multiple entries for each remote by suffixing the name of the remote station with the # character
and adding a number (e.g. "INTERNET", "INTERNET#1", "INTERNET#2", etc.). This is useful if you explicitly wish
to define an exception that is only temporarily active. When this exception is no longer valid, you delete only
the entry with the correspondingly numbered remote station.
Telnet path:
Setup > Charges > Free-Networks
Possible values:
max. 20 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.3.18.2 Free networks
Using this parameter, you can define individual IPv4 and IPv6 addresses as well as entire networks (for example by using
the prefix notation "192.168.1.0/24"), which are excluded from the budget monitoring.
5
Multiple values can be specified in a comma-separated list.
Telnet path:
Setup > Charges > Free-Networks
Possible values:
max. 100 characters from [0-9]/.
Default:
empty
2.3.19 Budget-Control
In this directory you specify when the device starts recording the budget each month.
Telnet path:
Setup > Charges
149
Menu Reference
2 Setup
2.3.19.1 Peer
Name of the remote station for which this time applies. Select from the list of defined peers.
5
You can use wildcards for the names of the remote stations. The wild card "*" in this case applies for all remote
stations.
Telnet path:
Setup > Charges > Budget-Control
Possible values:
max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.3.19.2 Day
Day of the month when the device resets the monthly data-volume budget monitoring.
Telnet path:
Setup > Charges > Budget-Control
Possible values:
1 … 31
Default:
1
2.3.19.3 Hour
Hour when the device resets the data-volume budget monitoring.
Telnet path:
Setup > Charges > Budget-Control
Possible values:
0 … 23
Default:
0
2.3.19.4 Minute
Minute when the device resets the data-volume budget monitoring.
Telnet path:
Setup > Charges > Budget-Control
150
Menu Reference
2 Setup
Possible values:
0 … 59
Default:
0
2.3.20 Charging-Email
If the device should send an e-mail when the volume of data is exceeded, specify the valid e-mail address here.
Telnet path:
Setup > Charges
Possible values:
max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.4 LAN
If the device should send an e-mail when the volume of data is exceeded, specify the valid e-mail address here.
Telnet path:
Setup
2.4.2 MAC-Address
This is the hardware address of the network adapter in your device.
Telnet path:
Setup > LAN
2.4.3 Heap-Reserve
The spare-heap value indicates how many blocks of the LAN heap are reserved for communication with the device over
HTTP(S)/Telnet(S)/SSH. This heap is used to maintain the device's accessibility even in case of maximum load (or if queue
blocks get lost). If the number of blocks in the heap falls below the specified value, received packets are dropped
immediately (except for TCP packets sent directly to the device).
Telnet path:
Setup > LAN
151
Menu Reference
2 Setup
Possible values:
0 … 999
Default:
10
2.4.8 Trace-MAC
Use this value to limit the Ethernet trace to those packets that have the specified MAC address as their source or destination
address.
Telnet path:
Setup > LAN
Possible values:
max. 16 characters from [A-F][a-f][0-9]
Default:
000000000000
Special values:
000000000000
If set to 000000000000, the Ethernet trace outputs all packets.
2.4.9 Trace-Level
The output of trace messages for the LAN-Data-Trace can be restricted to contain certain content only.
Telnet path:
Setup > LAN
Possible values:
0 … 255
Default:
255
Special values:
0
Reports that a packet has been received/sent.
1
Additionally the physical parameters of the packet (data rate, signal strength...)
2
Adds the MAC header
3
Adds the Layer-3 header (e.g. IP/IPX)
4
Adds the Layer-4 header (TCP, UDP...)
152
Menu Reference
2 Setup
5
Additionally the TCP/UDP payload
255
Output is not limited
2.4.10 IEEE802.1x
This menu contains the settings for the integrated 802.1x supplicant. The device requires these settings, for example, if
it is connected to an Ethernet switch with activated 802.1x authentication.
Telnet path:
Setup > LAN
2.4.10.1 Supplicant-Ifc-Setup
This table controls the function of the integrated 802.1x supplicant for the available LAN interfaces.
Telnet path:
Setup > LAN > IEEE802.1x
2.4.10.1.1 Ifc
Here you select the LAN interface that the settings for the 802.1x supplicant apply to. Choose from the LAN interfaces
available in the device, e.g. LAN-1 or LAN-2.
Telnet path:
Setup > LAN > IEEE802.1x > Supplicant-Ifc-Setup
2.4.10.1.2 Method
Here you select the method to be used by the 802.1x supplicant for authentication.
Telnet path:
Setup > LAN > IEEE802.1x > Supplicant-Ifc-Setup
Possible values:
None
The value "None" disables the 802.1x supplicant for the respective interface.
153
Menu Reference
2 Setup
MD5
TLS
TTLS/PAP>
TTLS/CHAP
TTLS/MSCHAP
TTLS/MSCHAPv2
TTLS/MD5
PEAP/MSCHAPv2
PEAP/GTC
Default:
None
2.4.10.1.3 Credentials
Depending on the EAP/802.1X method, enter the credentials necessary to login. TLS requires nothing to be entered here.
The authentication is carried out with the EAP/TLS certificate stored in the file system. For all other methods, enter the
user name and password in the format "user:password".
Telnet path:
Setup > LAN > IEEE802.1x > Supplicant-Ifc-Setup
Possible values:
max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.4.10.2 Authenticator-Ifc-Setup
This menu contains the settings for the RADIUS authentication of clients, which connect to the device via the LAN
interfaces.
Telnet path:
Setup > LAN > IEEE802.1x
2.4.10.2.1 Ifc
Name of the LAN interface.
Telnet path:
Setup > LAN > IEEE802.1x > Authenticator-Ifc-Setup
154
Menu Reference
2 Setup
2.4.10.2.2 Operating
This parameter specifies whether RADIUS authentication of clients is required on the selected LAN interface.
Telnet path:
Setup > LAN > IEEE802.1x > Authenticator-Ifc-Setup
Possible values:
No
Yes
Default:
No
2.4.10.2.3 Mode
This item sets whether one or more clients may login at this interface via IEEE 802.1X.
Telnet path:
Setup > LAN > IEEE802.1x > Authenticator-Ifc-Setup
Possible values:
Single host
Just one client may login to this interface.
Multiple host
Multiple clients may login to this interface. Just one client needs to successfully login to the interface.
The device automatically authenticates all other clients at this interface. However, if the connection to
the authenticated device is closed, all of the other clients are no longer able to use the connection.
Multiple auth
Multiple clients can login to this interface; each client must authenticate itself.
Default:
Single host
2.4.10.2.4 RADIUS server
This parameter specifies the RADIUS server to be used by the device to authenticate the LAN clients.
Telnet path:
Setup > LAN > IEEE802.1x > Authenticator-Ifc-Setup
Possible values:
Name from Setup > IEEE802.1x > RADIUS-Server
Valid IPv4/v6 address or FQDN, max. 16 characters from
#[A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_. `
155
Menu Reference
2 Setup
2.4.10.2.5 MAC-Auth.-Bypass
In order for a device that does not support IEEE 802.1X to authenticate at this interface, selecting this option takes the
MAC address of the device to be the user name and password.
5
The MAC address is easy to fake and does not protect against malicious attacks.
Telnet path:
Setup > LAN > IEEE802.1x > Authenticator-Ifc-Setup
Possible values:
No
MAC address authentication is not possible.
Yes
MAC address authentication is possible.
Default:
No
2.4.11 Linkup-Report-Delay-ms
This setting specifies the time (in milliseconds) after which the LAN module signals to the device that a link is "up" and
data transfer can begin.
Telnet path:
Setup > LAN > IEEE802.1x
Possible values:
0 … 4294967295
Default:
50
2.4.12 HNAT
With this setting you enable or disable the use of hardware NAT on the QVER platform. With HNAT enabled, the hardware
can handle the routing WAN connection data, which increases the throughput and reduces the CPU load on your device.
5
HNAT is only available on devices of the 1781 series with an Ethernet switch AR8327N as well as the WLC4006+.
Telnet path:
Setup > LAN > IEEE802.1x
156
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
No
2.4.13.11.1 Interface bundling
This table contains the settings for bundling the physical and logical interfaces.
By bundling interfaces, it is possible to transmit data packets on two paired interfaces. To do this, the device duplicates
outgoing data packets and transmits them on each of the two interfaces simultaneously. When receiving packets, the
device accepts the first incoming packets; duplicates are detected and discarded by the device.
Using interface bundling makes it possible to reduce packet failure rates and latency times for data transmissions,
although this does reduce the maximum bandwidth of the corresponding interface.
Telnet path:
Setup > LAN
2.4.13.1 Interfaces
This menu contains the settings for interface bundling.
Telnet path:
Setup > LAN > Interface-Bundling
2.4.13.1.1 Interface
This parameter indicates shows the logical cluster interface used for bundling the selected logical and physical interfaces
of the devices.
Telnet path:
Setup > LAN > Interface-bundling > Interfaces
Possible values:
BUNDLE-1
BUNDLE-2
2.4.13.1.2 Operating
Using this parameter, you enable or disable interface bundling.
157
Menu Reference
2 Setup
With bundling enabled, the device groups the selected device interfaces together into one common logical bundled
interface. In the disabled state the interfaces A and B that are selected in the corresponding table can still be used as
individual interfaces.
Telnet path:
Setup > LAN > Interface-bundling > Interfaces
Possible values:
Yes
No
Default:
No
2.4.13.1.3 Protocol
Set the protocol that is used for interface bundling using these parameters.
Telnet path:
Setup > LAN > Interface-bundling > Interfaces
Possible values:
PRP
Sets the Parallel Redundancy Protocol (PRP).
2.4.13.1.4 MAC address
Using this parameter you can set an alternative MAC address for use by the corresponding bundle interface.
Telnet path:
Setup > LAN > Interface-bundling > Interfaces
Possible values:
Max. 12 characters from [a-f][0-9]
Special values:
empty
If you leave this field empty, the device uses the system-wide MAC address.
Default:
Depends on the MAC address of your device
2.4.13.1.5 Interface-A
Using this parameter you select the 1st physical or logical link that this device bundles.
158
Menu Reference
2 Setup
Telnet path:
Setup > LAN > Interface-bundling > Interfaces
Possible values:
Select from the available interfaces.
Default:
WLAN-1
2.4.13.1.6 Interface-B
Using this parameter you select the 2nd physical or logical link that this device bundles.
Telnet path:
Setup > LAN > Interface-bundling > Interfaces
Possible values:
Select from the available interfaces.
Default:
WLAN-2
2.4.13.11 Interfaces
This menu contains the settings for PRP as the bundling protocol.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
2.4.13.11.1 Interfaces
This table contains the interfaces with all PRP-relevant settings.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
2.4.13.11.1.1 Interface
The parallel redundancy protocol (PRP) makes redundant transmissions on two (bundled) interfaces. To use this, you
select two interfaces which the device internally combines into one interface. The device duplicates outgoing packets so
that the packets are transmitted on each of the two interfaces. On the receiving side, the device recognizes the duplicates
and discards them. This leads to a reduced packet error rate and to lower latency on the bundled interface in comparison
to transmission on a single interface.
You enter the name for this interface here.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
159
Menu Reference
2 Setup
Possible values:
Max. 18 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
2.4.13.11.1.2 Duplicate-accept
Switches the forwarding of packet duplicates on or off.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
Possible values:
Special values:
Yes
No
2.4.13.11.1.3 Transparent mode
Switches the transparent operation mode on/off. If the transparent operation mode is enabled, the recipient of the PRP
packets forwards the packets with a redundancy control trailer.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
Possible values:
Yes
No
Default:
No
2.4.13.11.1.4 Life check interval
Specifies how often the device sends control packets.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
Possible values:
100 … 60000 Milliseconds
Default:
2000
160
Menu Reference
2 Setup
2.4.13.11.1.5 Node forget time
Enters the time until the device deletes a node from its node table or proxy node table.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
Possible values:
1000 … 3600000 Milliseconds
Default:
60000
2.4.13.11.1.6 Entry forget time
Specifies as of when the device deletes the entry from the duplicate-detection buffer.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
Possible values:
10 … 60000 Milliseconds
Default:
400
2.4.13.11.1.7 Node reboot interval
Specifies the time that a PRP device passively monitors a link until the device sends packets over the link.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
Possible values:
0 … 60000 Milliseconds
Default:
500
2.4.11.1.8 Dup elimination buffer size
Limits the number of entries in the duplicate-detection memory.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
Possible values:
16 … 65536 Entries/Nodes
161
Menu Reference
2 Setup
Default:
8192
2.4.13.11.1.9 Send supervision frames
Specifies the settings for sending supervision packets.
Telnet path:
LAN > Interface-bundling > PRP > Interfaces
Possible values:
0
None
1
Own MAC only
2
All-nodes
Default:
2
2.4.13.11.1.10 Node name
The node name is the identifier for the node. You can specify any name.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
Possible values:
Max. 32 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
2.4.13.11.1.11 Evaluate-Sup.-Frames
Switches the monitoring of control packets on or off.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
Possible values:
Yes
No
Default:
Yes
162
Menu Reference
2 Setup
2.4.13.11.1.248 Reordering-buffer-on
Enable or disable the PRP micro-reordering buffer here.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
Possible values:
No
PRP micro-reordering buffer off
Yes
PRP micro-reordering buffer on
Default:
No
2.4.13.11.1.249 Reordering-buffer-max-delay
Specify the maximum delay time for PRP frames here.
Telnet path:
Setup > LAN > Interface-bundling > PRP > Interfaces
Possible values:
Max. 10 characters from
[0-9]
Default:
50
2.7 TCP-IP
This menu contains the TCP/IP settings.
Telnet path:
Setup > LAN
2.7.1 Operating
Activates or deactivates the TCP-IP module.
Telnet path:
Setup > LAN > TCP-IP
163
Menu Reference
2 Setup
Possible values:
no
yes
Default:
yes
2.7.6 Access-List
The access list contains those stations that are to be granted access to the device's configuration. If the table contains
no entries, all stations can access the device.
Telnet path:
Setup > LAN > TCP-IP
2.7.6.1 IP-Address
Valid IP address of the station that is to be granted access to the device's configuration.
Telnet path:
Setup > LAN > TCP-IP > Access-List
2.7.6.2 IP-Netmask
Valid IP netmask of the station that is to be given access to the device's configuration.
Telnet path:
Setup > LAN > TCP-IP > Access-List
2.7.6.3 Rtg-Tag
Routing tag for selecting a specified route.
Telnet path:
Setup > LAN > TCP-IP > Access-List
Possible values:
max. 16 characters from [0-9]
Default:
empty
164
Menu Reference
2 Setup
2.7.6.4 Comment
This parameter allows you to enter a comment on the entry.
Telnet path:
Setup > TCP-IP > Access-List
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.7.7 DNS-Default
Specify here the address of a name server to which DNS requests are to be forwarded. This field can be left empty if you
have an Internet provider or other remote site that automatically assigns a name server to the device when it logs in.
Telnet path:
Setup > LAN > TCP-IP
Possible values:
max. 15 characters from [0-9].
Default:
0.0.0.0
2.7.8 DNS-Backup
Specify here a name server to be used in case the first DNS server fails.
Telnet path:
Setup > LAN > TCP-IP
Possible values:
max. 15 characters from [0-9].
Default:
0.0.0.0
2.7.9 NBNS-Default
Specify here the address of a NetBIOS name server to which NBNS requests are to be forwarded. This field can be left
empty if you have an Internet provider or other remote site that automatically assigns a NetBIOS name server to the
device when it logs in.
Telnet path:
Setup > LAN > TCP-IP
165
Menu Reference
2 Setup
Possible values:
max. 15 characters from [0-9].
Default:
0.0.0.0
2.7.10 NBNS-Backup
Specify here a NetBIOS name server to be used in case the first NBNS server fails.
Telnet path:
Setup > LAN > TCP-IP
Possible values:
max. 15 characters from [0-9].
Default:
0.0.0.0
2.7.11 ARP-Aging-Minutes
Here you can specify the time in minutes after which the ARP table is updated automatically, i.e. any addresses that
have not been contacted since the last update are removed from the list.
Telnet path:
Setup > LAN > TCP-IP
Possible values:
1 … 60 minutes
Default:
15
2.7.16 ARP-Table
The address resolution protocol (ARP) determines the MAC address for a particular IP address and stores this information
in the ARP table.
Telnet path:
Setup > LAN > TCP-IP
2.7.16.1 IP-Address
Valid IP address for which a MAC address was determined.
166
Menu Reference
2 Setup
Telnet path:
Setup > LAN > TCP-IP > ARP-Table
2.7.16.2 MAC-Address
MAC address matching the IP address in this entry.
Telnet path:
Setup > LAN > TCP-IP > ARP-Table
2.7.16.3 Last-access
The time when this station last access the network.
Telnet path:
Setup > LAN > TCP-IP > ARP-Table
2.7.16.5 Ethernet-Port
Physical interface connecting the station to the device.
Telnet path:
Setup > LAN > TCP-IP > ARP-Table
2.7.16.6 Peer
Select the remote device over which the station can be reached from the list of defined peers.
Telnet path:
Setup > LAN > TCP-IP > ARP-Table
2.7.16.7 VLAN-ID
VLAN ID of network where the station is located.
Telnet path:
Setup > LAN > TCP-IP > ARP-Table
2.7.16.8 Connector
Logical interface connecting the device.
167
Menu Reference
2 Setup
Telnet path:
Setup > LAN > TCP-IP > ARP-Table
2.7.17 Loopback-List
This table is used to configure alternative addresses.
Telnet path:
Setup > LAN > TCP-IP
2.7.17 Loopback-Addr.
You can optionally configure up to 16 loopback addresses here. The device considers each of these addresses to be its
own address and behaves as if it has received the packet from the LAN. This applies in particular to masked connections.
Answers to packets sent to a loopback address are not masked.
Telnet path:
Setup > LAN > TCP-IP > Loopback-List
Possible values:
Name of the IP networks whose address should be used.
"INT" for the address of the first intranet.
"DMZ" for the address of the first DMZ.
LB0 to LBF for the 16 loopback addresses.
Any valid IP address.
2.7.17.2 Name
You can enter a name with a max. 16 characters here.
Telnet path:
Setup > LAN > TCP-IP > Loopback-List
Possible values:
max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.7.17.3 Rtg tag
Here you specify the routing tag that identifies routes to remote gateways that are not configured with their own routing
tag (i.e. the routing tag is 0).
168
Menu Reference
2 Setup
Telnet path:
Setup > TCP-IP > Loopback-List
Possible values:
0 … 65,535
Default:
0
2.7.20 Non-Loc.-ARP-Replies
When this option is activate the device will reply to ARP requests for its address even if the sender address is not located
in its own local network.
Telnet path:
Setup > TCP-IP
2.7.21 Alive-Test
This menu contains the settings for the alive test. The alive test sends a ping to a destination address at configurable
intervals. If the destination does not respond, the device performs a reboot or other action according to defined criteria.
To configure the alive test you have to define the target address, the action to be performed, the combination of pings
and retries, and the threshold for triggering the defined action. The parameters required for this have the following
default values:
Fail-Limit
Default value: 10
Test Interval:
Default value: 10
Retry-Interval
Default value: 1
Retry-Count
Default value: 1
These settings cause the device to transmit a ping every 10 seconds (test interval). If this ping is not answered, the device
repeats the ping after 1 second (retry interval) and exactly one time (retry count). If this ping also goes unanswered, the
device considers the series to have failed. If 10 series in a row fail (fail limit) then the device triggers the defined action,
in this case after 10 x 10 seconds = 100 seconds.
Telnet path:
Setup > TCP-IP
2.7.21.1 Target address
The target IP address to which the device sends a ping.
169
Menu Reference
2 Setup
Telnet path:
Setup > TCP-IP > Alive-Test
2.7.21.2 Test Interval:
The time interval in seconds, in which the device sends a ping to the target address. If the ping is unanswered, the device
optionally repeats a set number of pings in the defined interval. With this configuration, the device forms a "series" of
ping attempts. Only when all pings go unanswered is the complete series evaluated as unsuccessful.
5
5
The product of the error limit and test interval defines the overall duration until rebooting or executing the action.
Select the test interval as a time which is greater than the product of the retry interval and retry count, so that
the desired number of retries can be performed within the test interval.
Telnet path:
Setup > TCP-IP > Alive-Test
Possible values:
0 … 4294967295 Seconds
Default:
10
2.7.21.3 Retry-Count
If a ping goes unanswered, this value defines the number of times that the device will repeat the ping to the target
address.
5
Set the retry count to a number such that the product of retry interval and retry count is less than the test interval.
This ensures that the desired number of retries can be performed within the test interval.
Telnet path:
Setup > TCP-IP > Alive-Test
Possible values:
0 … 4294967295 Seconds
Default:
1
Special values:
0
With a retry count of 0 the device sends no repeat pings.
2.7.21.4 Retry-Interval
If a ping goes unanswered, this value defines the time interval before the device repeats the ping to the target address.
170
Menu Reference
2 Setup
5
Set the retry interval to a number such that the product of retry interval and retry count is less than the test
interval. This ensures that the desired number of retries can be performed within the test interval.
Telnet path:
Setup > TCP-IP > Alive-Test
Possible values:
0 … 4294967295 Seconds
Default:
1
Special values:
0
With a retry interval of 0 the device sends no repeat pings.
2.7.21.5 Fail-Limit
This parameter defines the number of consecutive failed test series before the device is rebooted or the configured action
is executed.
5
The product of the error limit and test interval defines the overall duration until rebooting or executing the action.
Telnet path:
Setup > TCP-IP > Alive-Test
Possible values:
0 … 4294967295
Default:
10
2.7.21.6 Boot-Type
The device executes this action if the ping to the target address was unsuccessful.
Telnet path:
Setup > TCP-IP > Alive-Test
Possible values:
Cold boot
The device performs a cold boot.
Warm boot
The device performs a warm boot.
Action
The device performs a configurable action. Configure the action under
/Setup/TCP-IP/Alive-Test (also see Action).
171
Menu Reference
2 Setup
Default:
Warm boot
2.7.21.7 Action
Here you enter the action executed by the device when the target address is unreachable. You can use the same actions
as used in the cron table, i.e. executing CLI commands, HTTP requests, or sending messages.
5
The action set here will only be executed if the boot type is set to the value Action. The boot type is configured
under Setup > TCP-IP > Alive-Test > Boot-Type (also see Boot-Type).
Telnet path:
Setup > TCP-IP > Alive-Test
Possible values:
Max. 251 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.7.22 ICMP-on-ARP-Timeout
When the device receives a packet that it should transmit to the LAN, it uses ARP requests to determine the recipient.
If a request goes unanswered, the device returns a "ICMP host unreachable" message to the sender of the packet.
Telnet path:
Setup > TCP-IP
2.7.30 Network list
This table is used to define IP networks. These are referenced from other modules (DHCP server, RIP, NetBIOS, etc.) via
the network names.
Telnet path:
Setup > TCP-IP
2.7.30.1 Network name
Enter a unique name with max. 16 characters that the other modules (DHCP server, RIP, NetBIOS, etc.) can use to
reference the network.
Telnet path:
Setup > TCP-IP > Network-List
172
Menu Reference
2 Setup
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.7.30.2 IP address
If you use a private address range in your local network, then enter a valid and available IP address from this range here.
IP masquerading conceals these addresses from remote networks, and these see only the Internet IP address of the
corresponding remote station.
Telnet path:
Setup > TCP-IP > Network-List
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.7.30.3 IP-Netmask
If the intranet IP address you entered is an address from a private address range, then enter the associated netmask
here.
Telnet path:
Setup > TCP-IP > Network-List
Possible values:
Max. 16 characters from [0-9].
Default:
255.255.255.0
2.7.30.4 VLAN-ID
A single physical interface can be used to connect multiple separate VLANs (which were separated by a switch previously).
The router must be given its own address and/or its own network in each of these VLANs. For this purpose, the interfaces
and also a VLAN can be assigned to each network. If a packet is received on an interface with this VLAN ID, then the
packet is assigned to the respective network, i.e. the network is only accessible for packets that come from the same
VLAN. Packets coming from this network will be marked with this VLAN ID when being sent. A "0" stands for an untagged
network (no VLAN).
Please note: Changing the ID is very dangerous. It is very easy to lock yourself out of the device if you do not have
access to the VLAN. Also note that this setting affects all of the traffic managed by this network. This includes all packets
that are routed through this network.
173
Menu Reference
2 Setup
Telnet path:
Setup > TCP-IP > Network-List
Possible values:
0 … 4094
Default:
0
2.7.30.5 Interface
Here you select the interface that is to be allocated to the network.
4
The values for "x" in the list vary per model.
Telnet path:
Setup > TCP-IP > Network-List
Possible values:
LAN-1
LAN-x
WLAN-x-x
P2P-x-x
BRG-x
Default:
LAN-1
2.7.30.6 Src-check
This setting influences the address check by the firewall. "Loose" does not expect a return route, so any source address
is accepted when the device is contacted. Thus the device can be accessed directly, as before. 'Strict', on the other hand,
expects an explicit route if no IDS alerts are to be triggered.
Telnet path:
Setup > TCP-IP > Network-List
Possible values:
Loose
Strict
Default:
Loose
174
Menu Reference
2 Setup
2.7.30.7 Type
Use this item to choose the type of the network (Intranet or DMZ) or disable it.
Telnet path:
Setup > TCP-IP > Network-List
Possible values:
Deactivated
Intranet
DMZ
Default:
Intranet
2.7.30.8 Rtg-Tag
The interface tag that you enter here is a value that uniquely identifies the network. All packets received on this network
are marked internally with this tag. The interface tag enables the routes which are valid for this network to be separated
even without explicit firewall rules. This tag also has an influence on the routes propagated by IP and on the hosts and
groups visible to the NetBIOS proxy.
Telnet path:
Setup > TCP-IP > Network-List
Possible values:
0 … 65535
Default:
0
2.7.30.9 Comment
You can enter a comment here.
Telnet path:
Setup > TCP-IP > Network-List
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
175
Menu Reference
2 Setup
2.8 IP router
This menu contains the settings for the IP router.
Telnet path:
Setup
2.8.1 Operating
Switches the IP router on or off.
Telnet path:
Setup > IP-Router
Possible values:
Yes
The IP router is switched on.
No
The IP router is switched off.
Default:
No
2.8.2 IP-Routing-Table
In this table you enter the remote sites which are to be used for accessing certain networks or stations.
Telnet path:
Setup > IP-Router
2.8.2.1 IP address
This is where you specify the valid IP address as the destination address for this route. This can be an individual station
that you wish to integrate into your network, or an entire network that you wish to couple with your own network.
Telnet path:
Setup > IP-Router > IP-Routing-Table
176
Menu Reference
2 Setup
2.8.2.2 IP-Netmask
Specify here the netmask associated with the IP addresses entered. If you only need to translate one single IP address,
enter the netmask 255.255.255.255.
Telnet path:
Setup > IP-Router > IP-Routing-Table
2.8.2.3 Peer-or-IP
Select the router that the packets for this route should be forwarded to.
Here you select the name of a remote site from the list of remote sites.
If this route is to lead to another station in the local network, simply enter the station's IP address.
Telnet path:
Setup > IP-Router > IP-Routing-Table
2.8.2.4 Distance
Enter the number of hops to this router You do not normally need to set this value as it is managed by the router
automatically.
Telnet path:
Setup > IP-Router > IP-Routing-Table
Possible values:
0 … 16
Default:
0
2.8.2.5 Masquerade
You can use IP masquerading to hide a hide a logical network behind a single address (that of the router). If, for example,
you have an Internet connection, you can us it to connect your entire network to the Internet.
Most Internet providers assign a dynamic IP address to your router when it establishes the connection. If your Internet
provider has assigned fixed IP addresses, you can assign them to the relevant connection in the IP parameter list.
Select “on” to enable IP masquerading for all LAN interfaces. If you wish to assign fixed IP addresses to computers in
the demilitarized zone (DMZ) and yet you still wish to activate IP masquerading for the computers on the other LAN
interfaces (intranet), then select “Intranet”.
If you want this entry to mask a VPN connection, select “on”.
Telnet path:
Setup > IP-Router > IP-Routing-Table
177
Menu Reference
2 Setup
Possible values:
No
IP masking off
On
Intranet and DMZ masquerading
Intranet
Intranet - Intranet masquerading only
Default:
No
2.8.2.6 Operating
Specify the switch status here. The route can be activated and either always propagated via RIP or only propagated via
RIP when the destination network can be reached.
Telnet path:
Setup > IP-Router > IP-Routing-Table
Possible values:
Yes: The route is activated and will always be propagated by RIP (sticky).
Semi: The route can be activated and is propagated via RIP when the destination network can be
reached (conditional).
No: The route is off.
Default:
Yes: The route is activated and will always be propagated by RIP (sticky).
2.8.2.7 Comment
This field is available for comments.
Telnet path:
Setup > IP-Router > IP-Routing-Table
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
178
Menu Reference
2 Setup
2.8.2.8 Rtg-Tag
If you specify a routing tag for this route, then the route will be used exclusively for packets given the same tag by the
firewall or arriving from a network with the corresponding interface tag.
5
It follows that the use of routing tags only makes sense in combination with corresponding, decorative rules in
the firewall or tagged networks.
Telnet path:
Setup > IP-Router > IP-Routing-Table
Possible values:
0 … 65535
Default:
0
2.8.5 Proxy-ARP
This is where you can activate/deactivate the ARP mechanism . Use proxy ARP to integrate remote computers into your
local network as if they were connected locally.
Telnet path:
Setup > IP-Router
Possible values:
Yes
The proxy ARP mechanism is enabled.
No
The proxy ARP mechanism is disabled.
Default:
No
2.8.6 Send ICMP redirect
This is where you can chose if ICMP redirects should be sent.
Telnet path:
Setup > IP-Router
Possible values:
Yes
ICMP redirects are sent.
No
ICMP redirects are not sent.
179
Menu Reference
2 Setup
Default:
Yes
2.8.7 Routing method
This menu contains the configuration of the routing methods used by your IP router.
Telnet path:
Setup > IP-Router
2.8.7.1 Routing method
Controls the analysis of ToS or DiffServ fields.
Telnet path:
Setup > IP-Router > Routing-Method
Possible values:
Normal
The TOS/DiffServ field is ignored.
Type of service
The TOS/DiffServ field is regarded as a TOS field; the bits "low delay" and "high reliability" will be
evaluated.
DiffServ
The TOS/DiffServ field is regarded as a DiffServ field and evaluated as follows.
a CSx (including CS0 = BE): Normal transmission
a AFxx: Secure transmission
a EF: Preferred transmission
Default:
DiffServ
2.8.7.2 ICMP-Routing-Method
Specify if the router should transmit secure ICMP packets.
Telnet path:
Setup > IP-Router > Routing-Method
Possible values:
Normal
ICMP packets are transmitted unsecured.
180
Menu Reference
2 Setup
Secured
ICMP packets are transmitted secured.
Default:
Normal
2.8.7.3 SYN/ACK-Speedup
Specify if TCP SYN and ACK packets should be given preferential treatment when forwarding.
Telnet path:
Setup > IP-Router > Routing-Method
Possible values:
Yes
TCP-SYN and ACK packets are forwarded preferentially.
No
TCP-SYN and ACK packets are not forwarded preferentially.
Default:
Yes
2.8.7.4 L2-L3-Tagging
Specify what should happen with DiffServ layer 2 tags.
Telnet path:
Setup > IP-Router > Routing-Method
Possible values:
Ignore
Yes - Copy to layer 3
Auto - Copy automatically
Default:
Ignore
2.8.7.5 L3-L2-Tagging
Here you specify whether DiffServ layer 3 tags should be copied to layer 2.
181
Menu Reference
2 Setup
Telnet path:
Setup > IP-Router > Routing-Method
Possible values:
Yes
No
Default:
No
2.8.7.6 Route-Internal-Services
This is where you select whether the internal services are to be directed via the router.
5
You should treat the internal services VPN and PPTP specially since routing all packets without exception will
result in performance loss. The device only forwards the initial packets sent by these services to the router while
the connection is being established if you activate this option. Further packets are forwarded to the next port.
Telnet path:
Setup > IP-Router > Routing-Method
Possible values:
Yes
Packets for internal services are directed via the router.
No
Packets are returned straight to the sender.
Default:
No
2.8.8 RIP
This menu contains the RIP configuration for your IP router.
Telnet path:
Setup > IP-Router
2.8.8.2 R1-Mask
This setting is only required if you selected RIP-1 as RIP support. It affects how network masks are formed for routes
learned on the basis of RIP.
Telnet path:
Setup > IP-Router > RIP
182
Menu Reference
2 Setup
Possible values:
Class
Address
Class + address
Default:
Class
2.8.8.4 WAN sites
Here you configure the WAN-side RIP support separately for each remote site.
Telnet path:
Setup > IP-Router > RIP
2.8.8.4.1 Peer
From the list of specified peers, select the peer that sends the WAN-RIP packets that are to be learned.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Special values:
*
Multiple remote sites can be configured in one entry by using "*" as a place holder. If for example
multiple remote stations are to propagate their networks via WAN RIP, while the networks for all other
users and branch offices are defined statically, the appropriate remote stations can be given names
with the prefix "RIP_". To configure all of the remote stations, the WAN RIP table requires just a single
entry for remote station "RIP_*".
Default:
empty
2.8.8.4.2 RIP type
The RIP type details the RIP version with which the local routes are propagated.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
183
Menu Reference
2 Setup
Possible values:
Off
RIP-1
RIP-1 compatible
RIP-2
Default:
Off
2.8.8.4.3 RIP accept
The column RIP accept lists whether RIP from the WAN is to be accepted. The RIP type must be set for this.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
Possible values:
Yes
RIP is accepted from the WAN.
No
RIP is not accepted from the WAN.
Default:
No
2.8.8.4.4 Masquerade
The column Masquerade lists whether or not masquerading is performed on the connection and how it is carried out.
This entry makes it possible to start WAN RIP even in an empty routing table.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
Possible values:
Auto
The masquerade type is taken from the routing table. If there is no routing entry for the remote site,
then masquerading is not performed.
On
All connections are masqueraded.
Intranet
IP masquerading is used for connections from the intranet, connections from the DMZ pass through
transparently.
184
Menu Reference
2 Setup
Default:
On
2.8.8.4.5 Dft-Rtg-Tag
The column Default tag lists the valid "Default routing tag" for the WAN connection. All untagged routes are tagged
with this tag when sent on the WAN.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
Possible values:
0 … 65535
Default:
0
2.8.8.4.6 Rtg-Tag-List
The column Routing tags list details a comma-separated list of the tags that are accepted on the interface. If this list is
empty, then all tags are accepted. If at least one tag is in the list, then only the tags in this list are accepted. When
sending tagged routes on the WAN, only routes with valid tags are propagated.
All learned routes from the WAN are treated internally as untagged routes and propagated on the LAN with the default
tag (0). In the WAN, they are propagated with the tag with which they were learned.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
Possible values:
Max. 33 characters from [0-9],
Default:
empty
2.8.8.4.7 Poisoned reverse
Poisoned reverse prevents the formation of routing loops. An update is sent back to the router that propagated the route
to inform it that the network is unreachable at the associated interface.
However, this has a significant disadvantage over WAN connections: The central location transmits a high number of
routes which would then suffer from route poisoning, so leading to a heavy load on the available bandwidth. For this
reason, poisoned reverse can be manually activated for every LAN/WAN interface.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
185
Menu Reference
2 Setup
Possible values:
On
Off
Default:
Off
2.8.8.4.8 RFC2091
Other than in the LAN, WAN bandwidth limitations may make regular updates every 30 seconds undesirable. For this
reason, RFC 2091 requires that routes are transmitted to the WAN once only when the connection is established. After
this, updates only are transmitted (triggered updates).
Because updates are explicitly requested here, broadcasts or multicasts are not to be used for delivering RIP messages.
Instead, the the subsidiary device must be statically configured with the IP address of the next available router at the
central location. Due to these requests, the central router knows which subsidiary routers it has received update requests
from; it then sends any messages on route changes directly to the subsidiary device.
5
In a central gateway, the setting "RFC 2091" can always be off and the "Gateway" entry always set to 0.0.0.0
because the central gateway always considers the gateway as specified at the subsidiary.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
Possible values:
On
Off
Default:
Off
2.8.8.4.9 Gateway
Valid IP address of the nearest available router in the context of RFC 2091.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
Special values:
0.0.0.0
If 0.0.0.0 is entered, the gateway address is determined from PPP negotiation.
186
Menu Reference
2 Setup
5
5
5
In a router at the central location, RFC 2091 can be switched off and the gateway can remain
on 0.0.0.0 because the central location always observes the requests from the subsidiaries.
The device automatically reverts to standard RIP if the gateway indicated does not support RFC
2091.
In a central gateway, the setting "RFC 2091" can always be off and the "Gateway" entry always
set to 0.0.0.0 because the central gateway always considers the gateway as specified at
the subsidiary.
2.8.8.4.10 RX filter
From the list of specified TIP filters, select the filter that is to be used when receiving RIP packets.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.8.4.11 TX filter
From the list of specified TIP filters, select the filter that is to be used when sending RIP packets.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.8.4.12 RIP-Send
Specify whether RIP is to be propagated on the WAN routes. The RIP type must be set for this.
Telnet path:
Setup > IP-Router > RIP > WAN-Sites
187
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
No
2.8.8.4.13 Loopback address
Enter a loopback address here. Possible values are:
a The name of an ARF network
a Configured loopback address
a IPv4 address
Telnet path:
Setup > IP-Router > RIP > WAN-Table
Possible values:
Specify a valid IPv4 address here.
Default:
empty
2.8.8.5 LAN sites
This table is used to adjust RIP settings and to select the network that they apply to.
Telnet path:
Setup > IP-Router > RIP
2.8.8.5.1 Network name
Select here the name of the network to which the settings are to apply.
Telnet path:
Setup > IP-Router > RIP > LAN-Sites
188
Menu Reference
2 Setup
Possible values:
Intranet
DMZ
empty
Default:
2.8.8.5.2 RIP type
Specify whether the router should support IP-RIP or not. IP-RIP can be used to exchange routing information between
individual stations automatically.
Telnet path:
Setup > IP-Router > RIP > LAN-Sites
Possible values:
Off
RIP-1
RIP-1 compatible
RIP-2
Default:
Off
2.8.8.5.3 RIP accept
Specify here whether routes from this network should be learned or not.
Telnet path:
Setup > IP-Router > RIP > LAN-Sites
Possible values:
Yes
No
Default:
No
2.8.8.5.4 Propagate
This option defines whether the associated network is to be propagated to other networks.
Telnet path:
Setup > IP-Router > RIP > LAN-Sites
189
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
No
2.8.8.5.5 Dft-Rtg-Tag
Enter a value here for the default routing tag that is valid for the selected interface. Routes that have the interface tag
set will be propagated on this interface with the default routing tag. Routes learned by the interface that have this default
routing tag set will be added to the RIP table with the interface tag. In addition, unmarked routes (i.e. routes with tag
0) will not be propagated on this interface unless the interface itself has the tag 0.
Telnet path:
Setup > IP-Router > RIP > LAN-Sites
Possible values:
0 … 65535
Default:
0
2.8.8.5.6 Rtg-Tag-List
This field contains a comma-separated list of routing tags that are accepted by this interface. If this list is empty, then
all routes are accepted irrespective of their routing tags. If the list contains at least one tag, then only the tags in this
list are accepted. Similarly, when marked routes are being sent, only routes with permitted tags (i.e. those listed here)
are forwarded. The routing tag list corresponds insofar to the WAN RIP list with the difference that any realization using
standard routing is also taken into account. This means for example that, in the case of an interface tag '1' and the
standard routing tag '0', the tag '0' has to be included in the routing tag list because it is internally changed to tag '1'
when it is received. When transmitted, the internal tag '1' is converted into the external tag '0'. This measure is necessary
in order for a virtualized router to be able to work together with other routers in the LAN that do not support tagged
routes.
Telnet path:
Setup > IP-Router > RIP > LAN-Sites
Possible values:
Max. 33 characters from [0-9],
Default:
empty
190
Menu Reference
2 Setup
2.8.8.5.7 Poisoned reverse
Poisoned reverse prevents the formation of routing loops. An update is sent back to the router that propagated the route
to inform it that the network is unreachable at the associated interface.
However, this has a significant disadvantage over WAN connections: The central location transmits a high number of
routes which would then suffer from route poisoning, so leading to a heavy load on the available bandwidth. For this
reason, poisoned reverse can be manually activated for every LAN/WAN interface.
Telnet path:
Setup > IP-Router > RIP > LAN-Sites
Possible values:
Yes
No
Default:
No
2.8.8.5.10 RX filter
Specify here the filter to be applied when receiving (RX) RIP packets.
5
You must first define the filter in the RIP filter list in order to use it here.
Telnet path:
Setup > IP-Router > RIP > LAN-Sites
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.8.5.11 TX filter
Specify here the filter to be applied when sending (TX) RIP packets.
5
You must first define the filter in the RIP filter list in order to use it here.
Telnet path:
Setup > IP-Router > RIP > LAN-Sites
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
191
Menu Reference
2 Setup
2.8.8.5.12 RIP-Send
Specify here whether routes should be propagated in this network. The RIP type must be set for this.
Telnet path:
Setup > IP-Router > RIP > LAN-Sites
Possible values:
No
Yes
Default:
No
2.8.8.6 settings
The Routing Information Protocol (RIP) regularly provides neighboring routers with updates on the available networks
and the associated metrics (hops). RIP uses various timers to control the exchange of routing information.
Telnet path:
Setup > IP-Router > RIP
2.8.8.6.1 Update
The time between two regular updates. A random value of +/-5 seconds is always added to this value.
Telnet path:
Setup > IP-Router > RIP > Parameter
Possible values:
10 … 99 Seconds
Default:
30
2.8.8.6.2 Holddown
The holddown interval defines how many update intervals pass before a route from router A which is no longer being
propagated is replaced by an inferior route from router B.
The device will only accept a route from the same router that propagated the original route until the holddown interval
expires. Within this period, the device only accepts a route from another router if it is better than the former route.
Telnet path:
Setup > IP-Router > RIP > Parameter
Possible values:
0 … 99 as multiples of the update interval
192
Menu Reference
2 Setup
Default:
4
2.8.8.6.3 Invalidate
The invalidate interval defines the number of update intervals before a route is marked as invalid (unavailable) when it
stops being propagated by the router that originally reported it.
If the device learns of an equivalent or better route from another router within this time period, then this will be used
instead.
Telnet path:
Setup > IP-Router > RIP > Parameter
Possible values:
0 … 99 as multiples of the update interval
Default:
6
2.8.8.6.4 Flush
If a route in a router is not updated before the flush interval expires, then the route is deleted from the dynamic routing
table.
Telnet path:
Setup > IP-Router > RIP > Parameter
Possible values:
0 … 99 as multiples of the update interval
Default:
10
2.8.8.6.5 Upd-Delay
With a triggered update, changes to the metrics are immediately reported to the neighboring router. The system does
not wait until the next regular update. An update delay stops faulty configurations from causing excessive update
messages.
The update delay starts as soon as the routing table, or parts of it, are propagated. As long as this delay is running, new
routing information is accepted and entered into the table but it is not reported any further. The router actively reports
its current entries only after expiry of this delay.
The value set here sets the upper limit for the delay – the actual delay is a random value between one second and the
value set here.
Telnet path:
Setup > IP-Router > RIP > Parameter
193
Menu Reference
2 Setup
Possible values:
1 … 99 Seconds
Default:
5
2.8.8.6.6 Max-Hopcount
In some scenarios it may be desirable to use a larger maximum hop count than that intended by RIP (16). This value can
be adapted with the parameter Max Hopcount.
Telnet path:
Setup > IP-Router > RIP > Parameter
Possible values:
16 … 99
Default:
16
2.8.8.6.7 Routes-per-Frame
The number of routes that can be propagated in a single packet.
Telnet path:
Setup > IP-Router > RIP > Parameter
Possible values:
1 … 99
Default:
25
2.8.8.6.8 Inter-Packet-Delay
If the number of devices on the network is so high that they no longer fit into a single RIP packet, the sending router
divides this into multiple RIP packets. In order for low-end routers on the network to be able to handle the successive
RIP packets, you configure a delay in milliseconds between the individual RIP packets here.
Telnet path:
Setup > IP-Router > RIP > Parameter
Possible values:
Max. 3 characters from 0123456789
0 … 255 Milliseconds
Default:
0
194
Menu Reference
2 Setup
2.8.8.7 Filter
Routes learned from RIP can be filtered by their routing tag according to the settings for LAN and WAN RIP. Routes can
additionally be filtered by specifying network addresses (e.g. "Only learn routes in the network 192.168.0.0/255.255.0.0").
First of all a central table is used to define the filters that can then be used by entries in the LAN and WAN RIP table.
Filters defined in the filter table can be referenced in the columns for RX filter and TX filter in the LAN RIP and WAN RIP
tables. RX defines the networks from which routes can be learned or blocked, and TX defines the networks to which
propagation should be allowed or blocked.
Telnet path:
Setup > IP-Router > RIP
2.8.8.7.1 Name
Name of the filter.
5
The hash symbol # can be used to combine multiple entries into a single filter. Taken together, the entries LAN#1
and LAN#2 make up a filter "LAN" that can be called from the RIP table.
Telnet path:
Setup > IP-Router > RIP > Filter
Possible values:
Max. 18 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.8.7.2 Filter
Comma-separated list of networks that are to be accepted (+) or rejected (-).
5
5
The plus-sign for accepted networks is optional.
Filtering by routing tags is unaffected, i.e. if a tag for a route indicates that it is not to be learned or propagated,
then this cannot be forced by means of the filter table.
Telnet path:
Setup > IP-Router > RIP > Filter
Possible values:
Max. 64 characters from [0-9]+-,
Default:
empty
195
Menu Reference
2 Setup
2.8.8.8 Best routes
In large networks a destination network may be reachable via several gateways. If all these gateways propagate their
routes using RIP the device will learn several routes to the same destination. The preferred routes are stored in the "Best
Routes" table. This table contains the following entries:
a
a
a
a
a
a
a
a
a
a
IP address
IP-Netmask
Rtg-Tag
Gateway
Distance
Time
Peer
Port
VLAN-ID
Network name
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.8.1 IP address
The IP address of the network to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.8.2 IP-Netmask
The IP address of the network to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.8.3 Time
The time required to reach the network via this route.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.8.4 Distance
Th distance to the network to which the route belongs (i.e. the number of intermediate hops).
Telnet path:
Setup > IP-Router > RIP > Best-Routes
196
Menu Reference
2 Setup
2.8.8.8.5 Gateway
The gateway via which the network can be reached to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.8.6 Rtg-Tag
The routing tag of the network to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.8.8 Peer
Remote device that can be reached over this route.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.8.10 VLAN-ID
The VLAN ID of the network to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.8.11 Network name
The name of the network to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.8.12 Port
The (logical) LAN interface via which the route was learned.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
197
Menu Reference
2 Setup
2.8.8.9 All routes
In large networks a destination network may be reachable via several gateways. If all these gateways propagate their
routes using RIP the device will learn several routes to the same destination. These routes are stored in the "All Routes"
table. This table contains the following entries:
a
a
a
a
a
a
a
a
a
a
IP address
IP-Netmask
Rtg-Tag
Gateway
Distance
Time
Peer
Port
VLAN-ID
Network name
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.9.1 IP address
The IP address of the network to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.9.2 IP-Netmask
The IP address of the network to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.9.3 Time
The time required to reach the network via this route.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.9.4 Distance
Th distance to the network to which the route belongs (i.e. the number of intermediate hops).
Telnet path:
Setup > IP-Router > RIP > Best-Routes
198
Menu Reference
2 Setup
2.8.8.9.5 Gateway
The gateway via which the network can be reached to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.9.6 Rtg-Tag
The routing tag of the network to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.9.8 Peer
Remote device that can be reached over this route.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.9.10 VLAN-ID
The VLAN ID of the network to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.9.11 Network name
The name of the network to which the route belongs.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
2.8.8.9.12 Port
The (logical) LAN interface via which the route was learned.
Telnet path:
Setup > IP-Router > RIP > Best-Routes
199
Menu Reference
2 Setup
2.8.9 1-N-NAT
This menu contains the configuration of 1-N-NAT for your IP router.
Telnet path:
Setup > IP-Router
2.8.9.1 TCP-Aging-Seconds
Specify here how long an IPsec connection is inactive before the corresponding entry in the masquerading table is deleted.
Telnet path:
Setup > IP-Router > 1-N-NAT
Possible values:
0 … 65535 Seconds
Default:
300
2.8.9.2 UDP-Aging-Seconds
Specify here how long an IPsec connection is inactive before the corresponding entry in the masquerading table is deleted.
Telnet path:
Setup > IP-Router > 1-N-NAT
Possible values:
0 … 65535 Seconds
Default:
20
2.8.9.3 ICMP-Aging-Seconds
Specify here how long an IPSec connection is inactive before the corresponding entry in the masquerading table is
deleted.
Telnet path:
Setup > IP-Router > 1-N-NAT
Possible values:
0 … 65535 Seconds
Default:
10
200
Menu Reference
2 Setup
2.8.9.4 Service table
If you wish to make certain services or stations accessible from outside of your network (e.g. a web server), enter these
services and stations in this table.
Telnet path:
Setup > IP-Router > 1-N-NAT
2.8.9.4.1 D-port-from
Specify the port of the desired service here.
Telnet path:
Setup > IP-Router > 1-N-NAT > Service-Table
Possible values:
0 … 65535
Default:
0
2.8.9.4.2 Intranet-Address
Enter the valid IP address of the computer in the intranet providing the service.
Telnet path:
Setup > IP-Router > 1-N-NAT > Service-Table
Possible values:
0 … 65535
Default:
0
2.8.9.4.3 D-port-to
Specify the port of the desired service here.
Telnet path:
Setup > IP-Router > 1-N-NAT > Service-Table
Possible values:
0 … 65535
Default:
0
201
Menu Reference
2 Setup
2.8.9.4.4 Map-Port
Port used for forwarding the packet.
Telnet path:
Setup > IP-Router > 1-N-NAT > Service-Table
Possible values:
0 … 65535
Default:
0
2.8.9.4.5 Active
You can set this entry temporarily inactive without having to delete it.
Telnet path:
Setup > IP-Router > 1-N-NAT > Service-Table
Possible values:
Yes
Enables this entry.
No
Disables this entry.
Default:
Yes
2.8.9.4.6 Comment
This field is available for comments.
Telnet path:
Setup > IP-Router > 1-N-NAT > Service-Table
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.9.4.7 Peer
From the list of specified peers, select the peer that applies to this entry.
202
Menu Reference
2 Setup
Telnet path:
Setup > IP-Router > 1-N-NAT > Service-Table
2.8.9.4.8 Protocol
Here you define which protocol the dataset applies to.
Telnet path:
Setup > IP-Router > 1-N-NAT > Service-Table
Possible values:
TCP
UDP
TCP+UDP
Default:
TCP+UDP
2.8.9.4.9 WAN address
Here you define which WAN address the dataset applies to. Where more than one static IP address is available, specifying
this address enables a targeted port forwarding to be achieved for this address. If the address 0.0.0.0 is specified,
then the address assigned to the connection will continue to be used.
Telnet path:
Setup > IP-Router > 1-N-NAT > Service-Table
2.8.9.5 Table-1-N-NAT
The 1-N-NAT table shows the masked connections.
Telnet path:
Setup > IP-Router > 1-N-NAT
2.8.9.5.1 Intranet-Address
Shows the valid internal IP address of the station to which a masked connection has been stored.
Telnet path:
Setup > IP-Router > 1-N-NAT > Table-1-N-NAT
203
Menu Reference
2 Setup
2.8.9.5.2 Source-Port
Source port of the masked connection.
Telnet path:
Setup > IP-Router > 1-N-NAT > Table-1-N-NAT
2.8.9.5.3 Protocol
Protocol (UDP/TCP) used by the masked connection.
Telnet path:
Setup > IP-Router > 1-N-NAT > Table-1-N-NAT
2.8.9.5.4 Timeout
Lease period for the masked connection in seconds (set under TCP aging, UDP aging or ICMP aging).
Telnet path:
Setup > IP-Router > 1-N-NAT > Table-1-N-NAT
2.8.9.5.5 Handler
Handler required for masking, e.g. FTP
Telnet path:
Setup > IP-Router > 1-N-NAT > Table-1-N-NAT
2.8.9.5.6 Remote address
Valid remote IP address that the masked connection was connected to.
Telnet path:
Setup > IP-Router > 1-N-NAT > Table-1-N-NAT
2.8.9.5.7 WAN address
WAN address used for this connection.
Telnet path:
Setup > IP-Router > 1-N-NAT > Table-1-N-NAT
204
Menu Reference
2 Setup
2.8.9.6 Fragments
This setting controls the firewall's behavior regarding fragmented IP packets.
Telnet path:
Setup > IP-Router > 1-N-NAT
Possible values:
Filter
Fragments are always dropped (filtered).
Route
The fragments are demasked. However, the fragments must be received in their original order. In
addition, this settings allows only the individual fragments to be checked by the firewall, and not the
entire IP packet.
Reassemble
The fragments are stored temporarily until the IP packet can be reassembled in full. The fragments may
be received in any order. The firewall also checks the reassembled IP packet.
Default:
Reassemble
2.8.9.7 Fragment-Aging-Seconds
If an IP packet cannot be fully desmasked because fragments are missing, this time in seconds determines when the
incomplete fragments are dropped.
Telnet path:
Setup > IP-Router > 1-N-NAT
Possible values:
1 … 255
Default:
5
2.8.9.8 IPSec-Aging-Seconds
Specify here how long an IPSec connection is inactive before the corresponding entry in the masquerading table is
deleted.
Telnet path:
Setup > IP-Router > 1-N-NAT
Possible values:
0 … 65535 Seconds
Default:
2000
205
Menu Reference
2 Setup
2.8.9.9 IPSec-Table
The IPSec table displays the masked IPSec connections, including some of the connection parameters.
Telnet path:
Setup > IP-Router > 1-N-NAT
2.8.9.9.1 Remote address
Valid IP address of the remote VPN gateway
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.2 Local address
Valid IP address of the local VPN gateway (generally a VPN client in the local network)
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.3 rc-hi
The most significant 32 bits of the IKE cookie of the remote VPN gateway.
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.4 rc-lo
The least significant 32 bits of the IKE cookie of the remote VPN gateway
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.5 lc-hi
The most significant 32 bits of the IKE cookie of the local VPN gateway
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
206
Menu Reference
2 Setup
2.8.9.9.6 lc-lo
The least significant 32 bits of the IKE cookie of the local VPN gateway
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.7 Remote SPI
SPI used by the remote VPN gateway
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.8 Local SPI
SPI used by the local VPN gateway
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.9 Timeout
Timeout in seconds until the entry is deleted. The value is set under IPSec-Aging-Seconds. The default value is 2000
seconds.
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.10 Flags
Flags that describe the state of the connection:
0x01
Connection is inverse masqueraded.
0x02
Connection waits for SPI.
0x04
Other connections wait for SPI.
0x08
Aggressive mode connection.
0x10
NAT-traversal connection.
0x20
Session recovery
207
Menu Reference
2 Setup
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.11 CO
Connect timeout. Runs straight after the entry is created. If no SA is negotiated within 30 seconds (i.e. no ESP packet is
sent or received) the entry is deleted again.
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.12 NL
Local notification timeout. This timer is started when an IKE notification is received from the local VPN gateway. The
entry is deleted if no IKE or ESP packet is received from the remote site within 30 seconds.
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.13 NR
Remote notification timeout: Corresponds to the local notification timeout, except that in this case the notification was
received from the remote VPN gateway.
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.14 DP
DPD timeout: This timer is started when a DPD packet is received from one site. If no DPD packet is received from the
other site within 30 seconds the entry is removed.
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
2.8.9.9.15 WAN address
WAN address used for this connection.
Telnet path:
Setup > IP-Router > 1-N-NAT > IPSec-Table
208
Menu Reference
2 Setup
2.8.9.10 ID-Spoofing
NAT replaces the packet IDs in the outbound packets (ID spoofing). This enables fragmented packets to be transmitted
and it stops information on the internal network (packet IDs) from being leaked to the outside. If AH is being used, this
procedure should be avoided as the packet IDs are required by AH. For AH to function properly, ID spoofing can be
deactivated here.
Telnet path:
Setup > IP-Router > 1-N-NAT
Possible values:
Yes
No
Default:
Yes
2.8.10 Firewall
This menu contains the firewall configuration.
Telnet path:
Setup > IP-Router
2.8.10.1 Objects
Elements/objects that are to be used in the firewall rules table are defined in the objects table. Objects can be:
a
a
a
a
Individual computers (MAC or IP address , hostname)
Complete networks
Protocols
Services (ports or port areas, e.g. HTTP, Mail&News, FTP, ...)
Telnet path:
Setup > IP-Router > Firewall
2.8.10.1.1 Name
Specify here a unique name for this object.
Telnet path:
Setup > IP-Router > Firewall > Objects
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
209
Menu Reference
2 Setup
Default:
empty
2.8.10.1.2 Description
Objects can be combined and hierarchically structured in any way. For example, objects for the TCP and UDP protocols
can be defined first. Building upon this, objects can subsequently be created, for example, for FTP (= TCP + ports 20 and
21), HTTP (= TCP + port 80) and DNS (= TCP, UDP + port 53). These can in turn be combined into one object that contains
all the definitions of the individual objects.
Stations and services can be defined in the objects table according to the following rules.
Table 6: Objects for firewall actions
Description
Object-ID
Examples and comments
Local network
%L
remote sites
%H
Host name
%D
MAC address
%E
00:A0:57:01:02:03
IP address
%A
%A10.0.0.1, 10.0.0.2; %A0 (all addresses)
Netmask
%M
%M255.255.255.0
Name must be in DSL/ISDN/PPTP or VPN remote site list
Protocol (TCP/UDP/ICMP, %P
etc.)
%P6 (for TCP)
Service (port)
%S20-25 (for ports 20 to 25)
5
5
%S
Definitions of the same type can be created as comma-separated lists, such as host lists/address lists
(%A10.0.0.1, 10.0.0.2) or with ranges separated by hyphens, such as port lists (%S20-25). Specifying
"0" or an empty string denotes the Any object.
For configuration from the console (Telnet or terminal application), the combined parameters (port, destination,
source) must be enclosed with quotation marks ( ").
Telnet path:
Setup > IP-Router > Firewall > Objects
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.10.2 Rules
The rules table links various pieces of information on a firewall rule. The rule contains the protocol to be filtered, the
source, the destination and the firewall action to be executed. For every firewall rule there is also an on/off switch, a
priority, the option to link with other rules, and activation of the rule for VPN connections.
210
Menu Reference
2 Setup
LCOS has a special syntax to define firewall rules. This syntax enables the representation of complex interrelationships
for the testing and handling of data packets in the firewall with just a few characters. The rules are defined in the rules
table. Pre-defined objects can be stored in two further tables so that frequently used objects do not have to be entered
into the LCOS syntax every time:
The firewall actions are stored in the action table
The object table holds the stations and services
The definition of firewall rules can contain entries in the object table for protocols, services, stations and the action table
for firewall actions, and also direct definitions in the appropriate LCOS syntax (e.g. %P6 for TCP).
5
The objects from these tables can be used for rule definition, although this is not compulsory. They merely simplify
the use of frequently used objects. For direct input of level parameters in the LCOS syntax, the same rules apply
as specified in the following sections for protocols, source/destination and firewall actions.
Telnet path:
Setup > IP-Router > Firewall
2.8.10.2.1 Name
Specify here a unique name for this firewall rule.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.10.2.2 Prot.
Specification of the protocols for which this entry is to apply.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
Direct entry in LCOS syntax as described in the Objects table.
Link to an entry of the object table.
2.8.10.2.3 Source
Specification of the source stations for which this entry is to apply.
Telnet path:
Setup > IP-Router > Firewall > Rules
211
Menu Reference
2 Setup
Possible values:
Direct entry in LCOS syntax as described in the Objects table.
Link to an entry of the object table.
2.8.10.2.4 Destination
Specification of the destination stations for which this entry is to apply.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
Direct entry in LCOS syntax as described in the Objects table.
Link to an entry of the object table.
2.8.10.2.7 Action
Action to be run if the firewall rule applies to a packet.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
Direct entry in LCOS syntax as described in the Actions table.
Link to an entry of the action table.
2.8.10.2.8 Linked
Links the rule to other rules.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
No
Yes
Default:
No
212
Menu Reference
2 Setup
2.8.10.2.9 Prio
Priority of the rule.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
0 … 255
Default:
empty
2.8.10.2.10 Operating
Switches the rule on/off.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
No
Yes
Default:
Yes
2.8.10.2.11 VPN rule
Activates the rule for creating VPN rules.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
No
Yes
Default:
No
2.8.10.2.12 Stateful
When this option is enabled, a check is performed as to whether a connection is being established correctly. Erroneous
packets are dropped whilst the connection is being established. If this option is disabled, all packets for which this rule
applies are accepted.
213
Menu Reference
2 Setup
Furthermore, this option is enabled for the automatic protocol recognition for FTP, IRC, PPTP necessary to be able to
open a port in the firewall for each data connection.
The test for portscans/SYN flooding is also enabled/disabled with this option. This can exclude particular, heavily-frequented
servers from the test, meaning that limits for half-open connections (DOS) or port requests (IDS) do not have to be set
so high that they effectively become useless.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
No
Yes
Default:
Yes
2.8.10.2.13 Comment
This field is available for comments.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.10.2.14 Rtg-Tag
Routing tag for the rule.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
0 … 65535
Default:
0
2.8.10.2.15 Src-Tag
The source tag (the expected interface- or routing tag) is used to identify the ARF context from which a packet was
received. This can be used to restrict firewall rules to certain ARF contexts.
214
Menu Reference
2 Setup
1 to 65534
The firewall rule is applied if the expected interface- or routing tag is 1...65534.
Telnet path:
Setup > IP-Router > Firewall > Rules
Possible values:
0 … 65535
Default:
0
Special values:
0
Wildcard. The firewall rule is applied to all ARF contexts (the expected interface- or routing tag is
0...65535).
65535
The firewall rule is applied if the expected interface- or routing tag is 0.
2.8.10.3 Filter list
The filter list is generated from the rules in the firewall. The filters it contains are static and can only be changed when
firewall rules are added, edited or deleted..
Telnet path:
Setup > IP-Router > Firewall
2.8.10.3.1 Idx.
Index for this entry in the list.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.2 Prot.
TCP protocol for data packets processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.3 Source address
Valid source IP address for data packets processed by this entry.
215
Menu Reference
2 Setup
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.4 Source netmask
Source IP netmask for data packets processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.5 S-St.
Start address of range of source IP addresses whose data packets are processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.6 S-End
End address of the range of source IP addresses whose data packets are processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.7 Destination address
Valid destination IP address for data packets processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.8 Dst-netmask
Valid destination IP netmask for data packets processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.9 D-St.
Start address of range of destination IP addresses whose data packets are processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
216
Menu Reference
2 Setup
2.8.10.3.10 D-End
End address of range of destination IP addresses whose data packets are processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.11 Action
Action performed for the data packets processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.13 Source MAC
Source MAC address for data packets processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.14 Dst-MAC
Destination MAC address for data packets processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.15 Linked
Indicates whether further firewall rules are applied after this action.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.16 Prio
Priority for this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
217
Menu Reference
2 Setup
2.8.10.3.17 Rtg-Tag
This routing tag is added to data packets processed by this entry.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.3.18 Src-Tag
The source tag (the expected interface- or routing tag) is used to identify the ARF context from which a packet was
received.
Telnet path:
Setup > IP-Router > Firewall > Filter-List
2.8.10.4 Action table
A firewall action comprises of a condition, a limit, a packet action and other measures.
As with the elements of the object table, firewall actions can be given a name and be combined with each other in any
way recursively. The maximum recursion depth is limited to 16. They can also be entered into the actions field of the
rules table directly.
Telnet path:
Setup > IP-Router > Firewall
2.8.10.4.1 Name
Specify a unique name for this action.
Telnet path:
Setup > IP-Router > Firewall > Actions
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.10.4.2 Description
In the actions table, firewall actions are combined as any combination of conditions, limits, packet actions and other
measures.
A firewall action comprises of a condition, a limit, a packet action and other measures. In the actions table, firewall
actions are made up of combinations of any of the following elements:
Telnet path:
Setup > IP-Router > Firewall > Actions
218
Menu Reference
2 Setup
Possible values:
Conditions
Table 7: Conditions for firewall actions
Condition
Description
Object-ID
Connect filter
The filter is active if there is no physical connection to the destination of
the packet
@c
DiffServ filter
The filter is active if the packet contains the specified Differentiated Services @d
Code Point (DSCP)
Internet-Filter
The filter is active if the packet was received, or is to be sent, via the default @i
route
VPN-Filter
The filter is active if the packet was received, or is to be sent, via a VPN
connection
5
@v
If no further action is specified for the "Connect" or "Internet" filter, a combination of these
filters is implicitly adopted with the "Reject" action.
Limits
Each firewall action can be associated with a limit, which triggers the action if it is exceeded. Action
chains can be formed by combining multiple limits for a filter Limit objects are generally initiated with
%L followed by:
Table 8: Limit objects for firewall actions
Relation
Connection-related (c) or global (g)
Type
Data rate (d), number of packets (p), or packet rate (b)
Limit value
The filter is active if the packet was received, or is to be sent, via the default
route
Other parameters
e.g. time and size
2.8.10.5 Connection list
Established connections are entered into the connection list if the checked packet is accepted by the filter list. The
connection list records the source and destination, the protocol, and the port that a connection is currently allowed to
use. The list also indicates how long the entry remains in the list and which firewall rule generated the entry. This list is
highly dynamic and always "on the move".
Telnet path:
Setup > IP-Router > Firewall
2.8.10.5.1 Source address
A valid IP address of the station that established a connection.
Telnet path:
Setup > IP-Router > Firewall > Connection-List
219
Menu Reference
2 Setup
2.8.10.5.2 Destination address
A valid destination IP address to which a connection was established.
Telnet path:
Setup > IP-Router > Firewall > Connection-List
2.8.10.5.3 Prot.
Protocol allowed on this connection.
Telnet path:
Setup > IP-Router > Firewall > Connection-List
2.8.10.5.4 Source port
Source port of the station that established a connection.
Telnet path:
Setup > IP-Router > Firewall > Connection-List
2.8.10.5.5 Destination port
Destination port to which a connection was established.
Telnet path:
Setup > IP-Router > Firewall > Connection-List
2.8.10.5.6 Timeout
Lease for this entry in the table.
Telnet path:
Setup > IP-Router > Firewall > Connection-List
2.8.10.5.7 Flags
The flags are used to store information on the connection state and other (internal) information to a bit field.
The states can have the following values: New, establish, open, closing, closed, rejected (corresponding to the TCP flags:
SYN, SYN ACK, ACK, FIN, FIN ACK and RST).
UDP connections know the states, open and closing (the latter only if the UDP connection is linked by a stateful control
channel. This is the case with H.323, for example).
Telnet path:
Setup > IP-Router > Firewall > Connection-List
220
Menu Reference
2 Setup
Possible values:
00000001 TCP
SYN sent.
00000002 TCP
SYN/ACK received.
00000004 TCP
Waiting for server ACK
00000008 all
Connection open.
00000010 TCP
FIN received.
00000020 TCP
FIN sent.
00000040 TCP
RST sent or received.
00000080 TCP
Session being restored.
00000100 FTP
Passive FTP connection being established.
00000400 H.323
Related T.120 connection.
00000800
Connection via loopback interface.
00001000
Check linked rules.
00002000
Rule is linked.
00010000
Destination is on "local route".
00020000
Destination is on default route.
00040000
Destination is on VPN route.
00080000
No physical connection established.
00100000
Source is on default route.
00200000
Source is on VPN route.
00800000
No route to destination.
01000000
Contains global action with condition.
221
Menu Reference
2 Setup
2.8.10.5.8 Filter rule
Shows the filter rule that generated the entry.
Telnet path:
Setup > IP-Router > Firewall > Connection-List
2.8.10.5.9 Source route
Source route used to establish this connection.
Telnet path:
Setup > IP-Router > Firewall > Connection-List
2.8.10.5.10 Destination route
Destination route to which a connection was established.
Telnet path:
Setup > IP-Router > Firewall > Connection-List
2.8.10.5.11 Rtg-Tag
Connection routing tag.
Telnet path:
Setup > IP-Router > Firewall > Connection-List
2.8.10.6 Host blocking list
The port blocking list contains those stations that are blocked for a certain time due to a firewall event. This list is dynamic
and new entries can be added continuously by corresponding firewall events; entries disappear automatically after the
blocking time expires.
Telnet path:
Setup > IP-Router > Firewall
2.8.10.6.1 Source address
Valid source IP address that is blocked by this entry.
Telnet path:
Setup > IP-Router > Firewall > Host-Block-List
222
Menu Reference
2 Setup
2.8.10.6.2 Timeout
Lease for this entry in the table.
Telnet path:
Setup > IP-Router > Firewall > Host-Block-List
2.8.10.6.3 Filter rule
Shows the filter rule that generated the entry.
Telnet path:
Setup > IP-Router > Firewall > Host-Block-List
2.8.10.7 Port blocking list
The port blocking list contains those protocols and services that are blocked for a certain time due to a firewall event.
This list is dynamic and new entries can be added continuously by corresponding firewall events; entries disappear
automatically after the blocking time expires.
Telnet path:
Setup > IP-Router > Firewall
2.8.10.7.1 Destination address
Valid destination IP address that is blocked by this entry.
Telnet path:
Setup > IP-Router > Firewall > Port-Block-List
2.8.10.7.2 Prot.
Protocol that is blocked by this entry.
Telnet path:
Setup > IP-Router > Firewall > Port-Block-List
2.8.10.7.3 Destination port
Destination port blocked by this entry.
Telnet path:
Setup > IP-Router > Firewall > Port-Block-List
223
Menu Reference
2 Setup
2.8.10.7.4 Timeout
Lease for this entry in the table.
Telnet path:
Setup > IP-Router > Firewall > Port-Block-List
2.8.10.7.5 Filter rule
Shows the filter rule that generated the entry.
Telnet path:
Setup > IP-Router > Firewall > Port-Block-List
2.8.10.8 Max.-Half-Open-Conns.
Denial-of-Service attacks take advantage of inherent weaknesses in the TCP/IP protocol in combination with poor
implementations. Attacks which target these inherent weaknesses include SYN Flood and Smurf. Attacks which target
erroneous implementations include those operating with erroneously fragmented packets (e.g. Teardrop) or with fake
sender addresses (e.g. Land). Your device detects most of these attacks and reacts with appropriate countermeasures.
Telnet path:
Setup > IP-Router > Firewall
Possible values:
100 … 9999
Default:
100
2.8.10.9 DoS action
This is where you can specify what action should be taken with packets that activate or exceed the trigger. You can
transfer the packets, drop them uncommented or reject them using ICMP reject (i.e. the sender is informed).
Telnet path:
Setup > IP-Router > Firewall
Possible values:
Transmit
Drop
Reject
Default:
Drop
224
Menu Reference
2 Setup
2.8.10.10 Admin-Email
If you wish to be notified of predefined events (DoS, IDS or when limits are exceeded) you must specify a valid e-mail
address here.
5
For e-mail messaging, you have to enter the necessary settings into the main group Log & Trace in the subsection
"SMTP".
Telnet path:
Setup > IP-Router > Firewall
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.10.11 Operating
You can switch the entire firewall on or off here. The firewall inspects and counts every single incoming and outgoing
packet. Depending on the protocol in question, it temporarily opens the channels that are required by a local station for
processing a request. Furthermore individual networks, peers, services or protocols can be preferred, limited or blocked.
Telnet path:
Setup > IP-Router > Firewall
Possible values:
Yes
No
Default:
Yes
2.8.10.12 Port-Scan-Threshold
Intrusion-Detection-System (IDS). Your device detects most unauthorized intrusion attempts and can respond with
countermeasures that can be configured here.
Telnet path:
Setup > IP-Router > Firewall
Possible values:
50 … 9999
Default:
50
225
Menu Reference
2 Setup
2.8.10.13 IDS action
This is where you can specify what action should be taken with packets that activate or exceed the trigger. You can
transfer the packets, drop them uncommented or reject them using ICMP reject (i.e. the sender is informed).
Telnet path:
Setup > IP-Router > Firewall
Possible values:
Transmit
Drop
Reject
Default:
Drop
2.8.10.14 Ping block
A controversial method of increasing security is to conceal the router by not responding to ping and traceroute requests
(ping blocking). This is controversial because the failure to answer can also betray the existence of a device. If there truly
is no device present, the previous router will respond to the relevant packets with 'undeliverable' as it is unable to deliver
them. However, if the previous router no longer responds with a corresponding rejection, the packet is 'deliverable' and,
regardless of the recipient's subsequent behavior, is most certainly present. It is not possible to simulate the behavior
of the previous router without keeping your device offline or switching it off (and thus making it unreachable for the
services you yourself request).
Telnet path:
Setup > IP-Router > Firewall
Possible values:
Off
Always
WAN
Default route
Default:
Off
2.8.10.15 Stealth-Mode
A controversial method of increasing security is to conceal the router by not conforming to standards and rejecting TCP
and UDP requests, but by ignoring them (stealth mode) . This is controversial because the failure to answer can also
betray the existence of a device. If there truly is no device present, the previous router will respond to the relevant packets
with 'undeliverable' as it is unable to deliver them. However, if the previous router no longer responds with a corresponding
rejection, the packet is 'deliverable' and, regardless of the recipient's subsequent behavior, is most certainly present. It
is not possible to simulate the behavior of the previous router without keeping your device offline or switching it off (and
thus making it unreachable for the services you yourself request).
226
Menu Reference
2 Setup
Telnet path:
Setup > IP-Router > Firewall
Possible values:
Off
Always
WAN
Default route
Default:
Off
2.8.10.16 Auth-Port
Hiding TCP or UDP ports will cause problems on masked connections where so-called 'authenticate' or 'ident' queries,
as used by some mail and news servers to request additional information from users, are no longer rejected correctly.
These servers then time out, resulting in considerable delays in the delivery of mail or news. In order to overcome this
problem when stealth mode is switched on, stealth mode is deactivated temporarily for the port in question. The firewall
recognizes that the internal station's wish to establish contact with a mail (SMTP, POP3, IMAP2) or news server (NNTP)
and opens the port for 20 seconds. You can use this option to suppress the temporary deactivation of stealth mode for
the authentication port.
Telnet path:
Setup > IP-Router > Firewall
Possible values:
Yes
No
Default:
Yes
2.8.10.17 Deny-Session-Recover
The firewall opens appropriate channels for each session initiated and its associated connections (e.g. FTP with control
and data connections) for a certain period. If there is no communication over the connection for a defined period of time
(setting in the IP router masquerading), then the session is considered to be ended and the channels associated with
the connections are closed. Selecting 'session recover' determines the behavior of the firewall when receiving packets
which appear to belong to an earlier session. The packets are dropped or it is assumed that a session existed but that
no communication took place for too long. In this case, an equivalent session can be reestablished. The latter behavior
can in general be allowed or forbidden. Denial of a session can be restricted to the default route or to WAN sessions.
5
This setting has no effect if the default route points to the LAN.
Telnet path:
Setup > IP-Router > Firewall
227
Menu Reference
2 Setup
Possible values:
Off - always permitted
Always - always forbidden
WAN - forbidden over WAN
Default-route - forbidden on default route
Default:
Default-route - forbidden on default route
2.8.10.19 Open-Port-List
The port blocking list contains protocols and services that a firewall event has permitted for a certain time. This list is
dynamic and new entries can be added continuously by corresponding firewall events; entries disappear automatically
after the blocking time expires.
Telnet path:
Setup > IP-Router > Firewall
2.8.10.19.1 Source address
Valid source IP address that can be used by the open ports and protocols in this entry.
Telnet path:
Setup > IP-Router > Firewall > Open-Port-List
2.8.10.19.2 Destination address
Valid destination IP address to which a connection may be established using the open ports and protocols in this entry.
Telnet path:
Setup > IP-Router > Firewall > Open-Port-List
2.8.10.19.3 Prot.
Protocol opened by this entry.
Telnet path:
Setup > IP-Router > Firewall > Open-Port-List
2.8.10.19.5 Destination port
Destination port opened by this entry.
228
Menu Reference
2 Setup
Telnet path:
Setup > IP-Router > Firewall > Open-Port-List
2.8.10.19.6 Timeout
Lease for this entry in the table.
Telnet path:
Setup > IP-Router > Firewall > Open-Port-List
2.8.10.19.8 Filter rule
Shows the filter rule that generated the entry.
Telnet path:
Setup > IP-Router > Firewall > Open-Port-List
2.8.10.19.9 Source route
Source route used to establish this connection.
Telnet path:
Setup > IP-Router > Firewall > Open-Port-List
2.8.10.20 Applications
This menu contains the configuration of individual firewall applications.
Telnet path:
Setup > IP-Router > Firewall
2.8.10.20.1 FTP
This menu contains the configuration of FTP for your firewall.
Telnet path:
Setup > IP-Router > Firewall > Applications
2.8.10.20.1.1 FTP block
When an FTP session is identified on any port, the countermeasures configured here are taken. 'FTP block' specifies
whether and on what routes any type of FTP should be given special treatment.
229
Menu Reference
2 Setup
Telnet path:
Setup > IP-Router > Firewall > Applications > FTP
Possible values:
Off
Always
WAN
Default route
Default:
Off
2.8.10.20.1.2 Active-FTP-Block
When an FTP session is identified on any port, the countermeasures configured here are taken. 'Block active FTP' specifies
whether and on what routes active FTP should be given special treatment.
Telnet path:
Setup > IP-Router > Firewall > Applications > FTP
Possible values:
No
Always
WAN
Default route
Default:
No
2.8.10.20.1.3 Min-Port
When an FTP session is identified on any port, the countermeasures configured here are taken. 'Minimum port number'
specifies the smallest permitted port for active FTP.
Telnet path:
Setup > IP-Router > Firewall > Applications > FTP
Possible values:
1024 … 9999
Default:
1024
230
Menu Reference
2 Setup
2.8.10.20.1.4 Check-Host-IP
When an FTP session is identified on any port, the countermeasures configured here are taken. "Check host IP" specifies
whether and on what routes the address transmitted in the FTP command should be checked against the source address
of the FTP client. If it does not match, the countermeasures configured below will be taken. This check will of course be
skipped if a site-to-site transfer is to take place and is permitted es.
Telnet path:
Setup > IP-Router > Firewall > Applications > FTP
Possible values:
No
Always
WAN
Default route
Default:
Default route
2.8.10.20.1.5 FXP block
When an FTP session is identified on any port, the countermeasures configured here are taken. 'FXP block' specifies
whether site-to-site transfers (FXP) should be given special treatment.
Telnet path:
Setup > IP-Router > Firewall > Applications > FTP
Possible values:
No
Always
WAN
Default route
Default:
Default route
2.8.10.20.2 IRC
This menu contains the configuration of IRC for your firewall.
Telnet path:
Setup > IP-Router > Firewall > Applications
231
Menu Reference
2 Setup
2.8.10.20.2.1 IRC block
When an IRC session is identified on any port, the countermeasures configured here are taken. 'Block IRC' specifies
whether and on what routes any type of IRC should be given special treatment.
Telnet path:
Setup > IP-Router > Firewall > Applications > IRC
Possible values:
No
Always
WAN
Default route
Default:
No
2.8.10.20.2.2 DDC block
When an IRC session is identified on any port, the countermeasures configured here are taken. "Block DDC" specifies
whether and on what routes Direct-Data-Connect (private chats and file transfers) should be given special treatment.
Telnet path:
Setup > IP-Router > Firewall > Applications > IRC
Possible values:
No
Always
WAN
Default route
Default:
No
2.8.10.20.2.3 Min-Port
When an IRC session is identified on any port, the countermeasures configured here are taken. 'Minimum port number'
specifies the smallest permitted port for DDC.
Telnet path:
Setup > IP-Router > Firewall > Applications > IRC
Possible values:
1024 … 9999
Default:
1024
232
Menu Reference
2 Setup
2.8.10.20.2.4 Check-Host-IP
When an IRC session is identified on any port, the countermeasures configured here are taken. "Check-Host-IP" indicates
whether and on what routes the address transmitted in the DDC command should be checked against the source address
of the IRC client.
Telnet path:
Setup > IP-Router > Firewall > Applications > IRC
Possible values:
No
Always
WAN
Default route
Default:
Default route
2.8.10.20.3 H.323
This menu contains the H.323 settings.
Telnet path:
Setup > IP-Router > Firewall > Applications
2.8.10.20.3.1 H.323-Support
Enables or disables the support of the H.323 protocol.
Telnet path:
Setup > IP-Router > Firewall > Applications > H.323
Possible values:
No
Yes
Default:
Yes
2.8.10.20.10 Appl.-Action
When an IRC session is identified on any port, the countermeasures configured here are taken.
Telnet path:
Setup > IP-Router > Firewall > Applications
233
Menu Reference
2 Setup
Possible values:
Transmit
Drop
Reject
Default:
Reject
2.8.11 Start-WAN-Pool
Enter a range of IP addresses that should be assigned to users dialing into the device..
Each user is automatically assigned a free address from this range. As soon as a user disconnects from the device, the
assigned address is freed up and is available for other users.
Telnet path:
Setup > IP-Router
2.8.12 Ende-WAN-Pool
Enter a range of IP addresses that should be assigned to users dialing into the device..
Each user is automatically assigned a free address from this range. As soon as a user disconnects from the device, the
assigned address is freed up and is available for other users.
Telnet path:
Setup > IP-Router
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.8.13 Default-Time-List
Time-dependent control allows you to specify different destinations for the default route depending on the day of the
week and time.
Telnet path:
Setup > IP-Router
2.8.13.1 Index
Index for this entry in the list.
234
Menu Reference
2 Setup
Telnet path:
Setup > IP-Router > Default-Time-List
2.8.13.2 Days
Specify the days when this entry should be used.
Telnet path:
Setup > IP-Router > Default-Time-List
Possible values:
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
Holiday
2.8.13.3 Home
Used to specify the time period during which this entry should be used.
Telnet path:
Setup > IP-Router > Default-Time-List
Possible values:
00:00 … 23:59
Default:
0
2.8.13.4 Stop
Used to specify the time period during which this entry should be used.
Telnet path:
Setup > IP-Router > Default-Time-List
Possible values:
00:00 … 23:59
Default:
0.999305556
235
Menu Reference
2 Setup
2.8.13.5 Peer
The remote site specified here will become the default route after this entry becomes valid when the defined time period
is reached. Here you select the name of a remote site from the list of remote sites.
Telnet path:
Setup > IP-Router > Default-Time-List
2.8.14 Usage-Default-Timetable
Activates the time-dependent control of the default route. The default route is normally used to establish the connection
to an Internet provider. The time control allows you to select various Internet providers depending on the time, for
example to benefit from the most favorable provider at a certain time of day.
5
To make use of this mechanism, a default route must have been specified in the routing table. The router specified
in the default route is only used during those times that are not covered by the timed control table.
Telnet path:
Setup > IP-Router
Possible values:
Yes
No
Default:
No
2.8.19 N-N-NAT
The rules in the N:N-NAT table regulate the IP addresses to which source addresses or entire IP networks are translated.
These rules must be specified explicitly for each remote site because translation takes place after routing. The remote
site reaches the stations or networks at their translated IP address as specified.
Telnet path:
Setup > IP-Router
2.8.19.1 Idx.
The rules in the N:N-NAT table regulate the IP addresses to which source addresses or entire IP networks are translated.
These rules must be specified explicitly for each remote site because translation takes place after routing. The remote
site reaches the stations or networks at their translated IP address as specified.
Telnet path:
Setup > IP-Router > N-N-NAT
Possible values:
Max. 4 characters from [0-9]
236
Menu Reference
2 Setup
Default:
empty
2.8.19.2 Source address
Valid IP address of the computer or network that is to receive an alternative IP address.
Telnet path:
Setup > IP-Router > N-N-NAT
2.8.19.3 Source mask
Netmask of the source range.
Telnet path:
Setup > IP-Router > N-N-NAT
2.8.19.4 Destination station
From the list of specified remote stations, select the remote device that can be used to access the remote network.
Telnet path:
Setup > IP-Router > N-N-NAT
2.8.19.5 Mapped-Network
IP addresses or address range to be used for translation.
5
For the new network address, the same netmask is taken as used by the source address. The following applies
with the assignment of source and mapping addresses:
a When translating individual addresses, source and mapping can be assigned in any way.
a When entire address ranges are translated, the computer-related part of the IP address is used directly and
only the network-related part of the mapping address is appended. When assigning
10.0.0.0/255.255.255.0 to 192.168.1.0, the server in the LAN with the IP address
10.1.1.99 is necessarily assigned with the mapping address 192.168.1.99.
5
5
The address range for translation must be at least as large as the source address range.
Please note that the N:N mapping function is only effective when the firewall is activated.
Telnet path:
Setup > IP-Router > N-N-NAT
237
Menu Reference
2 Setup
2.8.20 Load balancer
This menu contains the configuration of load balancing for your IP router.
Telnet path:
Setup > IP-Router
2.8.20.1 Yes
This is where you can set parameters for load balancing. Load balancing can be used if your provider does not offer true
channel bundling. At least one virtual connection must be specified in the load balancing table for this. The maximum
number of remote sites that can be bundled depends on how many DSL ports are available for the type of device used.
Telnet path:
Setup > IP-Router > Load-Balancer
Possible values:
Yes
No
Default:
No
2.8.20.2 Bundle peers
If your Internet provider offers true channel bundling, it is possible for multiple connections to be combined with the
help of load balancing.
Telnet path:
Setup > IP-Router > Load-Balancer
Possible values:
Yes
No
Default:
No
2.8.20.2.1 Peer
Unique name for a virtual load-balancing remote site. This remote site can then be used in the routing table.
Telnet path:
Setup > IP-Router > Load-Balancer > Bundle-Peers
238
Menu Reference
2 Setup
2.8.20.2.2 Bundle-Peer-1
Name of a previously configured remote site to which the others are to be bundled.
Telnet path:
Setup > IP-Router > Load-Balancer > Bundle-Peers
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.20.2.3 Bundle-Peer-2
Name of a previously configured remote site to which the others are to be bundled.
Telnet path:
Setup > IP-Router > Load-Balancer > Bundle-Peers
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.20.2.4 Bundle-Peer-3
Name of a previously configured remote site to which the others are to be bundled.
Telnet path:
Setup > IP-Router > Load-Balancer > Bundle-Peers
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.20.2.5 Bundle-Peer-4
Name of a previously configured remote site to which the others are to be bundled.
Telnet path:
Setup > IP-Router > Load-Balancer > Bundle-Peers
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
239
Menu Reference
2 Setup
Default:
empty
2.8.20.2.10 Client binding
Here you enable or disable the client binding for each load balancer.
Telnet path:
Setup > IP-Router > Load-Balancer > Bundle-Peers
Possible values:
Yes
Client binding is enabled.
No
Client binding is disabled.
Default:
No
2.8.20.3 Client binding
In this menu, you can configure the client binding.
The use of load balancing leads to problems for servers that use an IP address to identify a logged-on user. If a user is
logged in to a web site, for example, and the load balancer then takes a different Internet connection, then the server
interprets this as a connection attempt by a user who is not logged on. In the best case the user sees a new login dialog,
but not the desired web page.
One possible workaround would be to use a firewall rule (policy based routing) to direct the traffic to this server over a
specific Internet connection. However, this would limit all of the traffic to that server to the bandwidth of a single
connection. What's more, there is no way to establish a backup if the first connection should fail.
In contrast to this, client binding does not monitor the individual TCP/IP sessions but the client that opened an Internet
connection in the initial session. It directs all subsequent sessions through this Internet connection, which corresponds
in principle to the policy-based routing mentioned above. How this is done depends on the protocol, i.e. it transports
only data of the same protocol type (e.g. HTTPS) over this Internet connection. If the client loads additional data via an
HTTP connection, it probably does this with a different connection.
To prevent data from being bottle-necked into this one Internet connection when it could easily be transferred via parallel
connections, a timer ensures that the load balancer distributes additional sessions between the available Internet
connections for a specified period. After the timer expires, the client binding forces a new session over the original
Internet connection and the timer is restarted. The server thus continues to recognize the login status for the user due
to the current IP address.
Telnet path:
Setup > IP-Router > Load-Balancer
240
Menu Reference
2 Setup
2.8.20.3.1 Protocols
In this table, you specify the protocols and the associated ports for monitoring by the client binding.
4
The table already contains the default entries
a HTTPS
a HTTP
a ANY
Telnet path:
Status > IP-Router > Load-Balancer > Client-Binding
2.8.20.3.1.1 Name
Enter a descriptive name for this entry.
Telnet path:
Setup > IP-Router > Load-Balancer > Client-Binding > Protocols
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]
Default:
empty
2.8.20.3.1.2 Protocol
Select the IP protocol number.
4
Learn more about IP protocol numbers in the online database of the IANA.
Telnet path:
Setup > IP-Router > Load-Balancer > Client-Binding > Protocols
Possible values:
Max. 3 characters from [0-255]
Special values:
0
All protocols
Default:
0
2.8.20.3.1.3 Port
Select the port.
241
Menu Reference
2 Setup
Telnet path:
Setup > IP-Router > Load-Balancer > Client-Binding > Protocols
Possible values:
Max. 5 characters from [0-65535]
Special values:
0
All ports
Default:
0
2.8.20.3.1.4 Operating
Here you enable or disable the client binding for this entry.
Telnet path:
Setup > IP-Router > Load-Balancer > Client-Binding > Protocols
Possible values:
Yes
Enables the entry
No
Disables the entry
Default:
Yes
2.8.20.3.2 Binding minutes
Specify the time in minutes for the binding entries to be valid for a client.
Telnet path:
Status > IP-Router > Load-Balancer > Client-Binding
Possible values:
Max. 3 characters from [0-999]
Special values:
0
Default:
30
242
Menu Reference
2 Setup
2.8.20.3.3 Balance seconds
To prevent data from flowing through this main-session Internet connection when it could easily be transferred via
parallel connections, a timer ensures that the load balancer distributes additional sessions between the available Internet
connections for a specified period. After the timer expires, the client binding forces a new session over the original
Internet connection and the timer is restarted. The server thus continues to recognize the login status for the user due
to the current IP address.
Here you specify the time in seconds, following the start of the main session, during which the load balancer is free to
distribute new sessions to other Internet connections.
Telnet path:
Status > IP-Router > Load-Balancer > Client-Binding
Possible values:
Max. 3 characters from [0-999]
Special values:
0
The timer is deactivated. All sessions are bound to the existing Internet connection.
Default:
10
2.8.21 VRRP
This menu contains the configuration of VRRP for your IP router.
Telnet path:
Setup > IP-Router
2.8.21.1 Operating
VRRP – Virtual Router Redundancy Protocol – enables multiple physical routers to appear as a single "virtual" router.
Of the existing physical routers, one is always the "master". The master is the only router that establishes a data connection
to the Internet, for example, and transfers data. Only when the master fails, for example as a result of a power outage
or if its Internet connection is dropped, will the other routers become active. They will then negotiate with the VRRP
protocol to determine which router should assume the role of master. The new master completely takes over the tasks
that were carried out by the previous master.
Telnet path:
Setup > IP-Router > VRRP
Possible values:
Yes
No
Default:
No
243
Menu Reference
2 Setup
2.8.21.2 VRRP list
In the VRRP list you can define and configure virtual routers.
Telnet path:
Setup > IP-Router > VRRP
2.8.21.2.1 Router ID
Unique ID for the virtual router.
Telnet path:
Setup > IP-Router > VRRP > VRRP-List
Possible values:
0 … 255
Default:
1
2.8.21.2.2 virt.-Address
IP address for the virtual router. All routers on which the virtual router is set up must assign this router the same IP
address.
Telnet path:
Setup > IP-Router > VRRP > VRRP-List
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.8.21.2.3 Prio
Main priority for the virtual router. Values between 0 and 255 are permitted. Priority is proportional to the value entered.
The values 0 and 255 have special meanings. '0' turns the virtual router off. '255' is only accepted when the virtual
router address is identical to the address of the interface that is connected to the router. If this is not the case, the router
will be reported by all other routers in their event logs.
Telnet path:
Setup > IP-Router > VRRP > VRRP-List
Possible values:
0 … 255
Default:
0
244
Menu Reference
2 Setup
2.8.21.2.4 B-Prio
Backup priority for the virtual router. Values between 0 and 255 are permitted. Priority is proportional to the value
entered. The values 0 and 255 have special meanings. 0 disables the virtual router in the event of backup. Checks are
conducted regularly in order to determine whether the standard connection can be reestablished. The interval is determined
by the Reconnect-Delay parameter. '255' is only accepted when the virtual router address is identical to the address of
the interface that is connected to the router. If this is not the case, the router will be reported by all other routers in their
event logs. When the backup connection cannot be established in backup mode, then the virtual router switches completely
to the standby mode and attempts to reestablish the standard or backup connection at regular intervals.
Telnet path:
Setup > IP-Router > VRRP > VRRP-List
Possible values:
0 … 255
Default:
0
2.8.21.2.5 Peer
The entry for the name of the remote site is optional. If a peer name is entered here it will be controlled by VRRP. If, for
example, the peer loses its Internet connection, the backup mode kicks in. If no peer is entered, VRRP can be used to
cover a hardware outage. The remote site can still also be assigned to other virtual routers.
Telnet path:
Setup > IP-Router > VRRP > VRRP-List
2.8.21.2.6 Comment
This is where you can insert a comment to describe the virtual router.
Telnet path:
Setup > IP-Router > VRRP > VRRP-List
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.8.21.3 Reconnect-Delay
The router will no longer be propagated if the backup connection could not be established. The reconnect delay specifies
after how many minutes such a router should in this case attempt to establish its main or backup connection. While the
attempt is being made, the router will not be propagated.
Telnet path:
Setup > IP-Router > VRRP
245
Menu Reference
2 Setup
Possible values:
0 … 999 Minutes
Default:
30
2.8.21.4 Advert.-Interval
The advertising interval shows how many seconds until a virtual router is propagated again. All routers in virtual router
system must be configured with the same value.
Telnet path:
Setup > IP-Router > VRRP
Possible values:
0 … 999 Seconds
Default:
1
2.8.21.5 Internal services
The Internal services checkbox controls how the router should behave when it is addressed via a virtual router address.
In the default 'on' position, the router reacts to DNS and NETBIOS services exactly as if it had been addressed via its
actual address. This only occurs when the device itself is the master of the virtual router. The "off" setting results in
RFC-compliant behavior, i.e. relevant packets are rejected.
Telnet path:
Setup > IP-Router > VRRP
Possible values:
Yes
Off
Default:
Yes
2.8.22 WAN-Tag-Creation
WAN tag creation defines the source for the assignment of interface tags. Besides assignment via the firewall or direct
assignment via the tag table, the interface tag can also be selected based on the effective routing table (static routing
entries plus routes learned via RIP). The tag selected from this routing table is is for the route that matches both the
remote site and the associated network. If the effective routing table contains more than one entry for a remote site with
the same network, the smallest tag is used.
246
Menu Reference
2 Setup
5
The interface tags determined via the tag table and on the basis of the routing table can be overwritten with an
appropriate entry in the firewall.
Telnet path:
Setup > IP-Router
Possible values:
Manual:
With this setting, the interface tags are determined solely by an entry in the tag table. The routing table
has no significance in the assignment of interfaces tags.
Auto
With this setting, the interface tags are determined initially by an entry in the Tag table. If no matching
entry is located there, the tag is determined based on the routing table.
Default:
Manual:
2.8.23 Tag table
The tag table enables inbound data packets to be directly assigned with an interface tag that depends on the remote
site.
Telnet path:
Setup > IP-Router
2.8.23.1 Peer
Name of the remote site whose packets are to be given interface tags when received.
5
Multiple remote sites can be configured in one entry by using "*" as a place holder. If, for example, several
remote sites (RAS users) of a company are to be tagged, all appropriate remote sites can be given a name with
the prefix "Company1_". To configure all of the remote sites, just one entry with remote site "Company1_*" can
be included in the tag table.
Telnet path:
Setup > IP-Router > Tag-Table
2.8.23.2 Rtg-Tag
This interface tag is assigned to the inbound packets of the remote site.
Telnet path:
Setup > IP-Router > Tag-Table
247
Menu Reference
2 Setup
Possible values:
0 … 65535
Default:
0
2.8.23.3 Start-WAN-Pool
The start WAN pool represents the beginning of the address pool for the remote site or group of remote sites (when
using placeholders to specify remote site). When RAS users dial in, the remote site is assigned an address from the
address pool defined here.
Telnet path:
Setup > IP-Router > Tag-Table
Possible values:
Max. 32 characters from [0-9].
Default:
0.0.0.0
2.8.23.4 Ende-WAN-Pool
The end WAN pool represents the end of the address pool for the remote site or group of remote sites (when using
placeholders to specify remote site). When RAS users dial in, the remote site is assigned an address from the address
pool defined here.
Telnet path:
Setup > IP-Router > Tag-Table
Possible values:
Max. 32 characters from [0-9].
Default:
0.0.0.0
Special values:
If the pool is empty (start and end addresses are 0.0.0.0), the global pool is used.
2.8.23.5 DNS-Default
Using this entry you configure the address that the remote station is given as its DNS server.
5
If the specified value is 0.0.0.0, your device assigns the DNS server that is configured in the setup menu
under TCP-IP/DNS-Default. If 0.0.0.0 is also entered there, your device assigns itself as the DNS server.
Telnet path:
Setup > IP-Router > Tag-Table
248
Menu Reference
2 Setup
Possible values:
Max. 32 characters from [0-9].
Default:
0.0.0.0
2.8.23.6 DNS-Backup
Using this entry you configure the address that the remote station is assigned as an alternate DNS server.
5
If the specified value is 0.0.0.0, your device assigns the alternate DNS server that is configured in the setup
menu under TCP-IP/DNS-Backup.
Telnet path:
Setup > IP-Router > Tag-Table
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.8.23.7 NBNS-Default
Using this entry you configure the address that the remote station is assigned as its NBNS server.
5
If the specified value is 0.0.0.0, your device assigns the NBNS server that is configured in the setup menu
under TCP-IP/NBNS-Default. If 0.0.0.0 is also entered there, your device assigns itself as the NBNS server,
if NetBIOS proxy is enabled.
Telnet path:
Setup > IP-Router > Tag-Table
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.8.23.8 NBNS-Backup
Using this entry you configure the address that the remote station is assigned as an alternate NBNS server.
5
If the specified value is 0.0.0.0, your device assigns the alternate DNS server that is configured in the setup
menu under TCP-IP/NBNS-Backup.
Telnet path:
Setup > IP-Router > Tag-Table
249
Menu Reference
2 Setup
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.9 SNMP
This menu contains the configuration of SNMP.
Telnet path:
Setup
2.9.1 Send-Traps
When serious errors occur, for example when an unauthorized attempt is made to access the device, it can send an error
message to one or more SNMP managers automatically. Activate the option and, in the IP traps table, enter the IP
addresses of those computers where the SNMP managers are installed.
Telnet path:
Setup > SNMP
Possible values:
Yes
No
Default:
No
2.9.3 Administrator
Name of the device administrator. For display purposes only.
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
250
Menu Reference
2 Setup
2.9.4 Location
Location information for this device. For display purposes only.
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.5 Register-Monitor
This action allows SNMP agents to log in to the device in order to subsequently receive SNMP traps. The command is
specified together with the IP address, the port and the MAC address of the SNMP agent. All three values can be replaced
with the wildcard *, in which case the device ascertains the values from the packets received from the SNMP agent.
5
A LANmonitor need not be explicitly logged in to the device. LANmonitor automatically transmits the login
information to the device when scanning for new devices.
Telnet path:
Setup > SNMP
Possible values:
<IP-Address|*>:<Port|*> <MAC-Address|*> <W>
<W> at the end of the command is necessary if registration is to be effected over a wireless LAN
connection.
2.9.6 Delete monitor
This action allows registered SNMP agents to be removed from the monitor list. The command is specified together with
the IP address and the port of the SNMP agent. All three values can be replaced with the wildcard "*", in which case
the device ascertains the values from the packets received from the SNMP agent.
Telnet path:
Setup > SNMP
Possible values:
<IP-Address|*>:<Port|*>
2.9.11 Comment-1
Comment on this device. For display purposes only.
251
Menu Reference
2 Setup
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.12 Comment-2
Comment on this device. For display purposes only.
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.13 Comment-3
Comment on this device. For display purposes only.
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.14 Comment-4
Comment on this device. For display purposes only.
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
252
Menu Reference
2 Setup
2.9.16 Comment-5
Comment on this device. For display purposes only.
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.17 Comment-6
Comment on this device. For display purposes only.
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.18 Comment-7
Comment on this device. For display purposes only.
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.19 Comment-8
Comment on this device. For display purposes only.
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
253
Menu Reference
2 Setup
Default:
empty
2.9.20 Full host MIB
Please select whether a full host MIB is used for the device.
Telnet path:
Setup > SNMP > Full-Host-MIB
Possible values:
Yes
No
Default:
No
2.9.21 Port
Using this parameter, you specifiy the port which external programs (such as LANmonitor) use to access the SNMP
service.
Telnet path:
Setup > SNMP
Possible values:
0 … 65535
Default:
161
2.9.23 Public-Comment-1
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
254
Menu Reference
2 Setup
2.9.24 Public-Comment-2
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.25 Public-Comment-3
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.26 Public-Comment-4
Telnet path:
Setup > SNMP
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.27 Communities
SNMP agents and SNMP managers belong to SNMP communities. These communities collect certain SNMP hosts into
groups, in part so that it is easier to manage them. On the other hand, SNMP communities offer a certain degree of
security because an SNMP agent only accepts SNMP requests from participants in a community that it knows.
This table is used to configure the SNMP communities.
4
The SNMP community public is set up by default, and this provides unrestricted SNMP read access.
Telnet path:
Setup > SNMP
255
Menu Reference
2 Setup
2.9.27.1 Name
Enter a descriptive name for this SNMP community.
Telnet path:
Setup > SNMP > Communities
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.9.27.3 Security-Name
Here you enter the name for the access policy that specifies the access rights for all community members.
Telnet path:
Setup > SNMP > Communities
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.9.27.8 Status
This entry is used to enable or disable this SNMP community.
Telnet path:
Setup > SNMP > Communities
Possible values:
Active
The community is enabled.
Inactive
The community is disabled.
Default:
Active
2.9.28 Groups
By configuring SNMP groups, it is easy to manage and assign the authentication and access rights of multiple users. By
default, the configuration is set up for SNMP access via LANmonitor.
256
Menu Reference
2 Setup
Telnet path:
Setup > SNMP
2.9.28.1 Security-Model
SNMPv3 introduced the principle of the “security model”, so that the SNMP configuration in LCOS primarily uses the
security model “SNMPv3”. However, for compatibility reasons it may be necessary to also take the versions SNMPv2c or
even SNMPv1 into account, and to select these as the “security model” accordingly.
You select a security model here as is appropriate.
Telnet path:
Setup > SNMP > Groups
Possible values:
SNMPv1
Data is transmitted by SNMPv1. Users are authenticated by the community string in the SNMP message
only. Communication is not encrypted. This corresponds to the security level “NoAuthNoPriv”.
SNMPv2
Data is transmitted by SNMPv2c. Users are authenticated by the community string in the SNMP message
only. Communication is not encrypted. This corresponds to the security level “NoAuthNoPriv”.
SNMPv3(USM)
Data is transmitted by SNMPv3. Users can authenticate and communicate according to the following
security levels:
NoAuthNoPriv
The authentication is performed by the specification and evaluation of the user name only. Data communication
is not encrypted.
AuthNoPriv
The authentication is performed with the hash algorithm HMAC-MD5 or HMAC-SHA. Data communication is
not encrypted.
AuthPriv
The authentication is performed with the hash algorithm HMAC-MD5 or HMAC-SHA. Data communication is
encrypted by DES or AES algorithms.
Default:
SNMPv3(USM)
2.9.28.2 Security-Name
Here you select a security name you assigned to an SNMP community. It is also possible to specify the name of an existing
configured user.
257
Menu Reference
2 Setup
Telnet path:
Setup > SNMP > Groups
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.28.3 Group-Name
Enter a descriptive name for this group. You will use this name when you go on to configure the access rights.
Telnet path:
Setup > SNMP > Groups
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.28.5 Status
Activates or deactivates this group configuration.
Telnet path:
Setup > SNMP > Groups
Possible values:
Active
Down
Default:
Active
2.9.29 Access
This table brings together the different configurations for access rights, security models, and views.
Telnet path:
Setup > SNMP
258
Menu Reference
2 Setup
2.9.29.1 Group-Name
Here you select the name of a group that is to receive these assess rights.
Telnet path:
Setup > SNMP > Access
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_.`
Default:
empty
2.9.29.3 Security model
Activate the appropriate security model here.
Telnet path:
Setup > SNMP > Access
Possible values:
Any
Any model is accepted.
SNMPv1
SNMPv1 is used.
SNMPv2
SNMPv2c is used.
SNMPv3(USM)
SNMPv3 is used.
Default:
Any
2.9.29.5 Read-View-Name
Set the view of the MIB entries for which this group is to receive read rights.
Telnet path:
Setup > SNMP > Access
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_.`
Default:
empty
259
Menu Reference
2 Setup
2.9.29.6 Write-View-Name
Set the view of the MIB entries for which this group is to receive write rights.
Telnet path:
Setup > SNMP > SNMPv3-Accesses
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_.`
Default:
empty
2.9.29.7 Notify-View-Name
Set the view of the MIB entries for which this group is to receive notify rights.
Telnet path:
Setup > SNMP > Access
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_.`
Default:
empty
2.9.29.9 Status
Activates or deactivates this entry.
Telnet path:
Setup > SNMP > Access
Possible values:
Active
Down
Default:
Active
2.9.29.10 Min-Security-Level
Specify the minimum security level for access and data transfer.
Telnet path:
Setup > SNMP > Access
260
Menu Reference
2 Setup
Possible values:
NoAuth-NoPriv
The SNMP request is valid without the use of specific authentication methods. Authentication merely
requires the user to belong to an SNMP community (for SNMPv1 and SNMPv2c) or to specify a valid
user name (for SNMPv3). Data transfer is not encrypted.
Auth-NoPriv
SNMP requests are only processed following authentication by means of the HMAC-MD5 or HMAC-SHA
algorithm, but data transfer is not encrypted.
Auth-Priv
SNMP requests are only processed following authentication by means of the HMAC-MD5 or HMAC-SHA
algorithm, and data transfer is encrypted by the DES or AES algorithm.
Default:
Auth-Priv
2.9.30 Views
This table is used to collect the different values or even entire branches of the device MIB, which each user is entitled
to view or change in keeping with their corresponding access rights.
Telnet path:
Setup > SNMP
2.9.30.1 View-Name
Give the view a descriptive name here.
Telnet path:
Setup > SNMP > Views
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.9.30.2 OID-Subtree
Use a comma-separated list of the relevant OIDs to decide which values and actions from the MIB are included in this
view.
4
The OIDs are taken from the device MIB, which you can download with WEBconfig under Extras > Get Device
SNMP MIB.
261
Menu Reference
2 Setup
Telnet path:
Setup > SNMP > Views
Possible values:
Max. 128 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.9.30.4 Type
Here you decide whether the OID subtrees specified in the following are “Included” or “Excluded” from the view.
Telnet path:
Setup > SNMP > Views
Possible values:
Included
This setting outputs MIB values.
Excluded
This setting blocks the output of MIB values.
Default:
Included
2.9.30.6 Status
Activates or deactivates this view.
Telnet path:
Setup > SNMP > Views
Possible values:
Active
Down
Default:
Active
2.9.32 SNMPv3-Users
This menu contains the user configuration.
262
Menu Reference
2 Setup
Telnet path:
Setup > SNMP
2.9.32.2 User name
Specify the SNMPv3 user name here.
Telnet path:
Setup > SNMP > SNMPv3-Users
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.32.5 Authentication-Protocol
Specify the method that the user is required to use to authenticate at the SNMP agent.
Telnet path:
Setup > SNMP > Users
Possible values:
None
Authentication of the user is not necessary.
HMAC-MD5
Authentication is performed using the hash algorithm HMAC-MD5-96 (hash length 128 bits).
HMAC-SHA
Authentication is performed using the hash algorithm HMAC-SHA-96 (hash length 160 bits).
Default:
HMAC-SHA
2.9.32.6 Authentication-Password
Enter the user password necessary for authentication here and repeat it in the box below.
Telnet path:
Setup > SNMP > Users
Possible values:
Max. 40 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
263
Menu Reference
2 Setup
Default:
empty
2.9.32.8 Privacy-Protocol
Specify which encryption method is used for encrypted communication with the user.
Telnet path:
Setup > SNMP > SNMPv3-Users
Possible values:
None
Communication is not encrypted.
DES
Encryption is performed with DES (key length 56 bits).
AES128
Encryption is performed with AES128 (key length 128 bits).
AES192
Encryption is performed with AES192 (key length 192 bits).
AES256
Encryption is performed with AES256 (key length 256 bits)
Default:
AES128
2.9.32.9 Privacy-Password
Enter the user password required by the encryption here and repeat it in the box below.
Telnet path:
Setup > SNMP > Users
Possible values:
Max. 40 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.32.13 Status
Activates or deactivates this user.
264
Menu Reference
2 Setup
Telnet path:
Setup > SNMP > Users
Possible values:
Active
Down
Default:
Active
2.9.34 Target-Address
The list of target addresses is used to configure the addresses of the recipients to whom the SNMP agent sends the
SNMP traps.
Telnet path:
Setup > SNMP
2.9.34.1 Target-Address-Name
Specify the target address name here.
Telnet path:
Setup > SNMP > Target-Address
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.9.34.3 Target-Transport-Address
Contains the IP address which the SNMP traps are sent to.
Telnet path:
Setup > SNMP > Target-Address
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
265
Menu Reference
2 Setup
2.9.34.7 Parameters-Name
Here you select the desired entry from the list of recipient parameters.
Telnet path:
Setup > SNMP > Target-Address
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.9.34.9 Status
Activates or deactivates this target address.
Telnet path:
Setup > SNMP > Target-Address
Possible values:
Active
Inactive
Default:
Active
2.9.34.10 Loopback-Addr.
Here you have the option to configure a sender address for the device to use in place of the one that would otherwise
be used automatically for this target address. If you have configured loopback addresses, specify them here as the
respective source address.
Telnet path:
Setup > SNMP > Target-Address
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.9.35 Target-Params
In this table you configure how the SNMP agent handles the SNMP traps that it sends to the recipient.
266
Menu Reference
2 Setup
Telnet path:
Setup > SNMP
2.9.35.1 Name
Give the entry a descriptive name here.
Telnet path:
Setup > SNMP > Target-Params
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.9.35.2 Message-Processing-Model
Here you specify the protocol for which the SNMP agent structures the message.
Telnet path:
Setup > SNMP > Target-Params
Possible values:
SNMPv1
SNMPv2c
SNMPv3
Default:
SNMPv3
2.9.35.3 Security model
Use this entry to specify the security model.
Telnet path:
Setup > SNMP > Target-Params
267
Menu Reference
2 Setup
Possible values:
SNMPv1
SNMPv2
SNMPv3(USM)
Default:
SNMPv3(USM)
2.9.35.4 Security-Name
Here you select a security name you assigned to an SNMP community. It is also possible to specify the name of an existing
configured user.
Telnet path:
Setup > SNMP > Target-Params
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.9.35.5 Security-Level
Set the security level that applies for the recipient to receive the SNMP trap.
Telnet path:
Setup > SNMP > Target-Params
Possible values:
NoAuth-NoPriv
The SNMP message is valid without the use of specific authentication methods. Authentication merely
requires the user to belong to an SNMP community (for SNMPv1 and SNMPv2c) or to specify a valid
user name (for SNMPv3). Data transfer is not encrypted.
Auth-NoPriv
SNMP requests are only processed following authentication by means of the HMAC-MD5 or HMAC-SHA
algorithm, but data transfer is not encrypted.
Auth-Priv
SNMP requests are only processed following authentication by means of the HMAC-MD5 or HMAC-SHA
algorithm, and data transfer is encrypted by the DES or AES algorithm.
Default:
NoAuth-NoPriv
268
Menu Reference
2 Setup
2.9.35.7 Status
Activates or deactivates this entry.
Telnet path:
Setup > SNMP > Target-Params
Possible values:
Active
Inactive
Default:
Active
2.9.37 Admitted-Protocols
Here you enable the SNMP versions supported by the device for SNMP requests and SNMP traps.
Telnet path:
Setup > SNMP
Possible values:
SNMPv1
SNMPv2
SNMPv3
Default:
SNMPv1
SNMPv2
SNMPv3
2.9.38 Allow admins
Enable this option if registered administrators should also have access via SNMPv3.
Telnet path:
Setup > SNMP
269
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
Yes
2.9.39 SNMPv3-Admin-Authentication
Sets the authorization method for administrators.
4
This value cannot be modified.
Telnet path:
Setup > SNMP
Possible values:
AUTH-HMAC-SHA
Default:
AUTH-HMAC-SHA
2.9.40 SNMPv3-Admin-Privacy
Specifies the encryption settings for administrators.
4
This value cannot be modified.
Telnet path:
Setup > SNMP
Possible values:
AES256
Default:
AES256
2.9.41 Operating
This entry enables or disables SNMP traps. Clear the checkbox to disable SNMP traps.
270
Menu Reference
2 Setup
Telnet path:
Setup > SNMP
Possible values:
No
Yes
Default:
Yes
2.10 DHCP
This menu contains the DHCP settings.
Telnet path:
Setup
2.10.6 Max. lease time minutes
When a client requests an IP address from a DHCP server, it can also ask for a lease period for the address. This values
governs the maximum length of lease that the client may request.
Telnet path:
Setup > DHCP
Possible values:
Max. 10 characters from [0-9]
Default:
6000
2.10.7 Default lease time minutes
When a client requests an address without asking for a specific lease period, the address will be assigned the value set
here as lease.
Telnet path:
Setup > DHCP
Possible values:
Max. 10 characters from [0-9]
271
Menu Reference
2 Setup
Default:
500
2.10.8 DHCP table
The DHCP table provides an overview of the IP addresses used in the IP networks. The DHCP table is purely a status table
where no parameters can be configured.
Telnet path:
Setup > DHCP
2.10.8.1 IP address
IP address used by the client.
Telnet path:
Setup > DHCP > DHCP-Table
2.10.8.2 MAC address
The client's MAC address.
Telnet path:
Setup > DHCP > DHCP-Table
2.10.8.3 Timeout
Lease for the address assignment in minutes.
Telnet path:
Setup > DHCP > DHCP-Table
2.10.8.4 Host name
Name of the client, if it was possible to determine this.
Telnet path:
Setup > DHCP > DHCP-Table
2.10.8.5 Type
The "Type" field indicates how the address was assigned.
272
Menu Reference
2 Setup
Telnet path:
Setup > DHCP > DHCP-Table
Possible values:
new
The client made the request for the first time. The DHCP checks that the address to be assigned to the
client is unique.
unkn.
When the server checked if the address was unique, it was found that the address had already been
assigned to another client. Unfortunately, the DHCP server does not have any way of obtaining further
information about this client.
stat.
A client has informed the DHCP server that it has a fixed IP address. This address may not be used for
any other clients in the network.
dyn.
The DHCP server has assigned an address to the client.
2.10.8.7 Ethernet port
Physical interface connecting the client to the device.
Telnet path:
Setup > DHCP > DHCP-Table
2.10.8.8 VLAN-ID
The VLAN ID used by the client.
Telnet path:
Setup > DHCP > DHCP-Table
2.10.8.9 Network name
Name of the IP network where the client is located.
Telnet path:
Setup > DHCP > DHCP-Table
2.10.8.10 LAN Ifc
The LAN interface that this entry refers to.
Telnet path:
Setup > DHCP > DHCP-Table
273
Menu Reference
2 Setup
2.10.8.11 Assignment
This column shows the time stamp (date and time in the format "dd.mm.yyyy hh:mm:ss") when the DHCP assignment
for the specified IP address was made.
Telnet path:
Setup > DHCP > DHCP-Table
2.10.9 Hosts
The bootstrap protocol (BOOTP) can be used to communicate a certain IP address and other parameters to a workstation
when it boots up. For this, the workstation's MAC address is entered in the hosts table.
Telnet path:
Setup > DHCP
2.10.9.1 MAC address
Enter the MAC address of the workstation to which an IP address is to be assigned.
Telnet path:
Setup > DHCP > Hosts
2.10.9.2 IP address
Enter the client IP address that is to be assigned to the client.
Telnet path:
Setup > DHCP > Hosts
2.10.9.3 Host name
Enter the name that is to be used to identify the station. If the station does not communicate its name, the device will
use the name entered here.
Telnet path:
Setup > DHCP > Hosts
Possible values:
Max. 30 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
274
Menu Reference
2 Setup
2.10.9.4 Image alias
If the client uses the BOOTP protocol, you can select a boot image that the client should use to load its operating system
from.
5
Enter the server providing the boot image and the name of the file on the server in the boot image table.
Telnet path:
Setup > DHCP > Hosts
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.10.9.5 Network name
Enter the name of a configured IP network here. Only if a requesting client is located in this IP network will it be assigned
the relevant IP address defined for the MAC address.
5
5
If the requesting client is located in an IP network for which there is no corresponding entry in the hosts table,
the client will be assigned an IP address from the address pool of the appropriate IP network.
Enter the server providing the boot image and the name of the file on the server in the boot image table.
Telnet path:
Setup > DHCP > Hosts
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
Special values:
empty
The IP address will be assigned if the IP address defined in this field belongs to the range of addresses
for the IP network where the requesting client is located.
2.10.10 Alias-List
The alias list defines the names for the boot images that are used to reference the images in the hosts table.
Telnet path:
Setup > DHCP
275
Menu Reference
2 Setup
2.10.10.1 Image alias
Enter any name you wish for this boot image. This name is used when you assign a boot image to a particular client in
the station list.
Telnet path:
Setup > DHCP > Alias-List
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.10.10.2 Image file
Enter the name of the file on the server containing the boot image.
Telnet path:
Setup > DHCP > Alias-List
Possible values:
Max. 60 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.10.10.3 Image server
Enter the IP address of the server that provides the boot image.
Telnet path:
Setup > DHCP > Alias-List
2.10.18 Ports
The port table is where the DHCP server is enabled for the appropriate logical interface of the device.
Telnet path:
Setup > DHCP
2.10.18.2 Port
Select the logical interface for which the DHCP server should be enabled or disabled.
Telnet path:
Setup > DHCP > Ports
276
Menu Reference
2 Setup
Possible values:
Select from the list of logical devices in this device, e.g. LAN-1, WLAN-1, P2P-1-1 etc.
2.10.18.3 Port
Enables or disables the DHCP server for the selected logical interface.
Telnet path:
Setup > DHCP > Ports
Possible values:
Yes
No
Default:
Yes
2.10.19 User class identifier
The DHCP client in the device can supplement the transmitted DHCP requests with additional information to simplify the
recognition of request within the network. The vendor class ID (DHCP option 60) shows the type of device. The vendor
class ID is always transmitted. The user class ID (DHCP option 77) specifies a user-defined string. The user class ID is
only transmitted when the user has configured a value.
Telnet path:
Setup > DHCP
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.10.20 Network list
DHCP settings for the IP networks are defined in this table. If multiple DHCP servers are active in a network, the stations
"divide" themselves equally between them. However, the DNS server in devices can only properly resolve the name of
the station which was assigned the address information by the DHCP server. In order for the DNS server to be able to
resolve the names of other DHCP servers, these can be operated in a cluster. In this operating mode, the DHCP server
monitors all DHCP negotiations in the network. It additionally supplements its table with the stations which are registered
at the other DHCP servers in the cluster.
A DHCP server's operation in the cluster can be activated or deactivated for each individual ARF network with the
associated DHCP settings.
277
Menu Reference
2 Setup
Telnet path:
Setup > DHCP
2.10.20.1 Network name
The name of the network which the DHCP server settings apply to.
Telnet path:
Setup > DHCP
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.10.20.2 Start address pool
The first IP address in the pool available to the clients. If no address is entered here the DHCP server takes the first
available IP address from the network (as determined by network address and netmask).
Telnet path:
Setup > DHCP > Network-List
2.10.20.3 End address pool
The last IP address in the pool available to the clients. If no address is entered here the DHCP server takes the last
available IP address from the network (as determined by network address and netmask).
Telnet path:
Setup > DHCP > Network-List
2.10.20.4 Netmask
Corresponding netmask for the address pool available to the clients. If no address is entered here the DHCP server uses
the netmask from the corresponding network.
Telnet path:
Setup > DHCP > Network-List
2.10.20.5 Broadcast address
As a rule, broadcast packets in a local network have an address which results from the valid IP addresses and the netmask.
In special cases (e.g. when using subnets for a selection of workstations) it may be necessary to use a different broadcast
278
Menu Reference
2 Setup
address. In this case the broadcast address is entered into the DHCP module. With the default value, the broadcast
address is found automatically.
5
We recommend that only experienced network specialists change the presetting for the broadcast address. Errors
in the configuration can lead to the establishment of undesired and costly connections.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.10.20.6 Gateway address
As standard, the DHCP server issues its own IP address as the gateway address to computers making requests. If necessary,
the IP address of another gateway can also be transmitted if a corresponding address is entered here.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.10.20.7 DNS-Default
IP address of the DNS name server that the requesting workstation should use.
5
If no default or backup DNS server is defined, the device will assign the requesting workstation its own IP address
in the relevant ARF network as (primary) DNS server.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.10.20.8 DNS-Backup
IP address of the backup DNS name server. The workstation will use this DNS server if the first DNS server fails
279
Menu Reference
2 Setup
5
If no default or backup DNS server is defined, the device will assign the requesting workstation its own IP address
in the relevant ARF network as (primary) DNS server.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.10.20.9 NBNS-Default
IP address of the NBNS name server that the requesting workstation should use.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.10.20.10 NBNS-Backup
IP address of the backup NBNS name server. The workstation will use this NBNS server if the first NBNS name server
fails
Telnet path:
Setup > DHCP > Network-List
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.10.20.11 Operating
DHCP server operating mode in this network. Depending on the operating mode, the DHCP server can enable/disable
itself. The DHCP statistics show whether the DHCP server is enabled.
5
Only use the setting "Yes" if you are certain that no other DHCP server is active in the LAN.
Only use the "client mode" setting if you are certain that another DHCP server is in the LAN and actively assigning
IP addresses.
280
Menu Reference
2 Setup
Telnet path:
Setup > DHCP > Network-List
Possible values:
No
DHCP server is permanently switched off.
Yes
DHCP server is permanently switched on. When this value is entered the server configuration (validity
of the address pool) is checked. If the configuration is correct then the device starts operating as a DHCP
server in the network. Errors in the configuration (e.g. invalid pool limits) will cause the DHCP server to
be deactivated. Only use this setting if you are certain that no other DHCP server is active in the LAN.
Automatic
With this setting, the device regularly searches the local network for other DHCP servers. The LAN-Rx/Tx
LED flashes briefly when this search is in progress. If another DHCP server is discovered the device
switches its own DHCP server off. If the LANCOM is not configured with an IP address, then it switches
into DHCP client mode and queries the LAN DHCP server for an IP address. This prevents unconfigured
devices introduced to the network from assigning addresses unintentionally. If no other DHCP server is
discovered the device switches its own DHCP server on. If another DHCP server is activated later, then
the DHCP server in the device will be disabled.
"Relay requests"
The DHCP server is active and receives requests from DHCP clients in the LAN. The device does not
respond to requests, but forwards them to a central DHCP server elsewhere in the network (DHCP relay
agent mode).
"Client mode"
The DHCP server is disabled, the device behaves as a DHCP client and obtains its address from another
DHCP server in the LAN. Only use this setting if you are certain that another DHCP server is in the LAN
and actively assigning IP addresses.
Default:
No
2.10.20.12 Broadcast bit
This setting decides whether the broadcast bit from clients is to be checked. If the bit is not checked then all DHCP
messages are sent as broadcasts.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Yes
No
Default:
No
281
Menu Reference
2 Setup
2.10.20.13 Master server
This is where the IP address for the upstream DHCP server is entered where DHCP requests are forwarded when the
mode "Relay requests" is selected for the network.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.10.20.14 Cache
This option allows the responses from the superordinate DHCP server to be stored in the device. Subsequent requests
can then be answered by the device itself. This option is useful if the superordinate DHCP server can only be reached via
a connection which incurs costs.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Yes
No
Default:
No
2.10.20.15 Adaptation
This option allows the responses from the superordinate DHCP server to be adapted to the local network. When activated,
the device adapts the responses from the superordinate DHCP server by replacing the following entries with its own
address (or local configured addresses):
Gateway
Netmask
Broadcast address
DNS server
NBNS server
Server ID
This option is worthwhile if the superordinate DHCP server does not permit the separate configuration for
DHCP clients in another network.
282
Menu Reference
2 Setup
Telnet path:
Setup > DHCP > Network-List
Possible values:
Yes
No
Default:
No
2.10.20.16 Cluster
This setting defines whether the DHCP server for this ARF network is to be operated separately or in the cluster.
5
If the lease time for the information supplied by DHCP expires, the station requests a renewal from the DHCP
server which supplied the original information. If the original DHCP server does not respond, the station then
emits its rebinding request as a broadcast to all available DHCP servers. DHCP servers in a cluster ignore renew
requests, which forces a rebinding. The resulting broadcast is used by all of the DHCP servers to update their
entries for the station. The only DHCP server to answer the rebind request is the one with which the station was
originally registered. If a station repeats its rebind request, the all DHCP servers in the cluster assume that the
original DHCP server is no longer active in the cluster, and they respond to the request. The responses received
by the station will have the same IP address, but the gateway and DNS server addresses may differ. From these
responses, the station selects a new DHCP server to connect with, and it updates its gateway and DNS server
(and other relevant parameters) accordingly.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Yes
With cluster mode activated, the DHCP server monitors all of the ongoing DHCP negotiations in the
network, and it additionally supplements its table with the stations which are registered at the other
DHCP servers in the cluster. These stations are flagged as "cache" in the DHCP table.
No
The DHCP server manages information only for the stations connected to it.
Default:
No
2.10.20.17 2nd master server
This is where the IP address for an alternative DHCP server is entered where DHCP requests are forwarded when the
mode "Relay requests" is selected for the network.
Telnet path:
Setup > DHCP > Network-List
283
Menu Reference
2 Setup
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.10.20.18 3rd master server
This is where the IP address for an alternative DHCP server is entered where DHCP requests are forwarded when the
mode "Relay requests" is selected for the network.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.10.20.19 4th master server
This is where the IP address for an alternative DHCP server is entered where DHCP requests are forwarded when the
mode "Relay requests" is selected for the network.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.10.20.20 Max.-Lease
In addition to the global maximum lease time configured under Setup > DHCP, it is possible to configure a maximum
lease time specifically for this DHCP network only.
Here you specify the maximum lease time that a client may request.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Max. 5 characters from [0-9]
Default:
0
284
Menu Reference
2 Setup
Special values:
0
There is no limit on the lease time that the DHCP client may request.
2.10.20.21 Def.-Lease
In addition to the global default lease time configured under Setup > DHCP, it is possible to configure a default lease
time specifically for this DHCP network only.
If a client requests IP-address data without specifying any particular lease time, the lease time set here is assigned to it.
Telnet path:
Setup > DHCP > Network-List
Possible values:
Max. 5 characters from [0-9]
Default:
0
Special values:
0
There is no limit on the lease time that can be assigned to the DHCP client.
2.10.21 Additional options
DHCP options can be used to send additional configuration parameters to the clients. The vendor class ID (DHCP option
60) shows e.g. the type of device. This table allows additional options for DHCP operations to be defined.
Telnet path:
Setup > DHCP
Possible values:
Max. 16 characters from [0-9].
Default:
0.0.0.0
2.10.21.1 Option number
Number of the option that should be sent to the DHCP client. The option number describes the transmitted information.
For example "17" (root path) is the path to a boot image that a PC without its own hard disk uses to obtains its operating
system via BOOTP.
5
You can find a list of all DHCP options in RFC 2132 – "DHCP Options and BOOTP Vendor Extensions" of the
Internet Engineering Task xml:lang="en"Force (IETF).
285
Menu Reference
2 Setup
Telnet path:
Setup > DHCP > Additional-Options
Possible values:
Max. 3 characters from [0-9]
Default:
empty
2.10.21.2 Network name
Name from the list of defined IP networks for the IP network where this DHCP option is to be used.
Telnet path:
Setup > DHCP > Additional-Options
Possible values:
Max. 3 characters from [0-9]
Default:
empty
Possible values:
Special values:
empty
If no network name is specified the DHCP option defined in this entry will be used in all IP networks.
2.10.21.3 Option value
This field defines the contents of the DHCP option. IP addresses are normally specified using the conventional IPv4
notation, e.g. 123.123.123.100. Integer tapes are usually entered in decimal digits and string types as simple
text. Multiple values in a single field are separated with commas, e.g.123.123.123.100, 123.123.123.200.
4
The maximum possible length value depends on the selected option number. RFC 2132 lists the maximum length
allowed for each option.
Telnet path:
Setup > DHCP > Additional-Options
Possible values:
Max. 251 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
286
Menu Reference
2 Setup
2.10.21.4 Option type
This value depends on the respective option. For option “35” according to RFC 1232, e.g. the ARP cache time is defined
as follows:
ARP Cache Timeout Option This option specifies the time out in seconds for ARP cache entries. The time is specified
as a 32-bit unsigned integer. The code for this option is 35, and its length is 4.
Code
Len
35
4
Time
t1
t2
t3
t4
This description tells you that this the type “32-bit integer” is used for this option.
5
You can find out the type of the option either from the corresponding RFC or from the manufacturer's
documentation of their DHCP options.
Telnet path:
Setup > DHCP > Additional-Options
Possible values:
String
Integer8
Integer16
Integer32
IP address
Default:
String
2.10.22 Vendor class identifier
The vendor class ID (DHCP option 60) shows the type of device. The vendor class ID is always transmitted.
Telnet path:
Setup > DHCP
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.10.23 RADIUS accounting
If RADIUS accounting is enabled and the DHCP server assigns an IP address to a DHCP client, the server sends a RADIUS
accounting start to the relevant accounting server (or the backup RADIUS server). If the DHCP lease expires
because no extension was requested, the DHCP server sends a RADIUS accounting stop. In between these
two events, the DHCP server regularly sends the RADIUS server a RADIUS accounting interim update
in a configurable interval.
287
Menu Reference
2 Setup
This menu contains the settings for the DHCP lease RADIUS accounting.
Telnet path:
Setup > DHCP
2.10.23.1 Operating
Enables or disables the RADIUS accounting on this DHCP network.
Telnet path:
Setup > DHCP > RADIUS-Accounting
Possible values:
No
RADIUS accounting is disabled for this network.
Yes
RADIUS accounting is enabled for this network.
Default:
No
2.10.23.2 Interim Interval
Here you specify the time interval in seconds after which the DHCP server sends a RADIUS interim update
to the accounting server.
Telnet path:
Setup > DHCP > RADIUS-Accounting
Possible values:
Max. 10 characters from [0-9]
2.10.23.20 Network list
This table contains the IP networks for the RADIUS accounting.
Telnet path:
Setup > DHCP > RADIUS-Accounting
2.10.23.20.1 Network name
Contains the name of the network.
288
Menu Reference
2 Setup
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.10.23.20.2 Server host name
Enter the host name of the RADIUS accounting server here.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
Default:
empty
2.10.23.20.3 Accnt.-Port
Enter the TCP port used by the RADIUS server to receive accounting information. That is usually the port “1813”.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
Max. 5 characters from [0-9]
Default:
1813
2.10.23.20.4 Secret
Enter the key (shared secret) for access to the RADIUS accounting server here. Ensure that this key is consistent with
that in the accounting server.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
289
Menu Reference
2 Setup
2.10.23.20.5 Loopback address
By default, the RADIUS server sends its replies back to the IP address of your device without having to enter it here. By
entering an optional alternative loopback address, you change the source address and route used by the device to
connect to the RADIUS server. This can be useful, for example, when the server is available over different paths and it
should use a specific path for its reply message.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.10.23.20.6 Protocol
Use this entry to specify the protocol used to communicate with the RADIUS accounting server.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
RADIUS
RADSEC
Default:
RADIUS
2.10.23.20.7 Attribute-Values
LCOS facilitates the configuration of the RADIUS attributes used to communicate with a RADIUS server (for authentication
and accounting).
The attributes are specified in a semicolon-separated list of attribute numbers or names along with a corresponding
value in the form <Attribute_1>=<Value_1>;<Attribute_2>=<Value_2>.
As the number of characters is limited, the name can abbreviated. The abbreviation must be unique, however. Examples:
a NAS-Port=1234 is not allowed, because the attribute is not unique (NAS-Port, NAS-Port-Id or
NAS-Port-Type).
a NAS-Id=ABCD is allowed, because the attribute is unique (NAS-Identifier).
Attribute values can be used to specify names or RFC-compliant numbers. For the device , the specifications
Service-Type=Framed and Service-Type=2 are identical.
Specifying a value in quotation marks ("<Value>") allows you to specify special characters such as spaces, semicolons
or equals signs. The quotation mark requires a leading backslash (\"), as does the backslash itself (\\).
The following variables are permitted as values:
290
Menu Reference
2 Setup
%n
Device name
%e
Serial number of the device
%%
Percent sign
%{name}
Original name of the attribute as transferred by the RADIUS application. This allows attributes to be set with
the original RADIUS attributes, for example: Called-Station-Id=%{NAS-Identifier} sets
the attribute Called-Station-Id to the value with the attribute NAS-Identifier.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
Max. 251 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.10.23.20.12 Backup server hostname
Enter the host name of the backup server here.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
Default:
empty
2.10.23.20.13 Backup-Accnt.-Port
Here you enter the backup port used by the backup RADIUS accounting server.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
Max. 5 characters from [0-9]
Default:
0
291
Menu Reference
2 Setup
2.10.23.20.14 Backup secret
Enter the key (shared secret) for access to the backup RADIUS accounting server here. Ensure that this key is consistent
with that in the accounting server.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.10.23.20.15 Backup-Loopback-Address
Specify a loopback address for the backup RADIUS accounting server.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.10.23.20.16 Backup-Protocol
Use this entry to specify the protocol used to communicate with the backup RADIUS accounting server.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
Possible values:
RADIUS
RADSEC
Default:
RADIUS
2.10.23.20.17 Backup attribute values
Here you specify the attribute values for the backup RADIUS accounting server.
Telnet path:
Setup > DHCP > > RADIUS-Accounting > Network-List
292
Menu Reference
2 Setup
Possible values:
Max. 251 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.10.25 LMC options
In this table, you configure the cloud parameters for the LMC (LANCOM Management Cloud).
Telnet path:
Setup > DHCP
2.10.25.1 Network name
Here you specify the network to which the device delivers the LMC domain via DHCP option 43.
Telnet path:
Setup > DHCP > LMC-Options
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.10.25.6 LMC domain
Enter the domain name for the LANCOM Management Cloud here.
By default, the domain is set to the public LMC for the first connection. If you wish to manage your device with your
own Management Cloud (private cloud or on-premises installation), please enter your LMC domain.
Telnet path:
Setup > DHCP > LMC-Options
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]/?.-;:@&=$_+!*'(),%
Default:
empty
293
Menu Reference
2 Setup
2.11 Config
Contains the general configuration settings.
Telnet path:
Setup
2.11.4 Maximum connections
The maximum number of simultaneous configuration connections to this device.
Telnet path:
Setup > Config
Possible values:
Max. 10 characters from [0-9]
Default:
0
Special values:
0
This value switches the restriction off.
2.11.5 Config-Aging-Minutes
Specify here the number of minutes after which an inactive TCP configuration connection (e.g. via telnet) is automatically
terminated.
Telnet path:
Setup > Config
Possible values:
Max. 10 characters from [0-9]
Default:
10
2.11.6 Language
Terminal mode is available in English or German. Devices are set with English as the default console language.
Telnet path:
Setup > Config
294
Menu Reference
2 Setup
Possible values:
Deutsch
English
5
Keep in mind that the language of the commands should be the same as the language of the
console, otherwise the commands will be ignored.
Default:
English
2.11.7 Login errors
In order to protect the configuration of your device against unauthorized access, the device can lock itself after repeated
incorrect attempts to log in. Use this setting to specify the number of incorrect login attempts that are allowed before
the device is locked.
Telnet path:
Setup > Config
Possible values:
Max. 16 characters from [0-9]
Default:
10
2.11.8 Lock minutes
In order to protect the configuration of your device against unauthorized access, the device can lock itself after repeated
incorrect attempts to log in. Enter the period for which the lock is to be active for. Access to the device will only be
possible after this period expires.
Telnet path:
Setup > Config
Possible values:
Max. 10 characters from [0-9]
Default:
45
Special values:
0
The value "0" switches the lock off.
295
Menu Reference
2 Setup
2.11.9 Admin.-EAZ-MSN
If the LANCAPI server is to receive incoming calls, enter your ISDN telephone number which is to receive the LANCAPI
calls into the "EAZ-MSNs" field. Multiple telephone numbers are separated by semicolons. If no telephone number is
entered here, LANCAPI receives calls on any of its ISDN telephone numbers.
Telnet path:
Setup > Config
Possible values:
Max. 31 characters from [0-9];
Default:
45
2.11.10 Display contrast
This item allows you to set the contrast for the display of the device.
Telnet path:
Setup > Config
Possible values:
C1 (low contrast) … C8 (high contrast)
Default:
C4
2.11.12 WLAN-authentication pages only
This setting gives you the option of restricting device access via the Public Spot interface to the Public Spot authentication
pages only. All other configuration protocols are automatically blocked.
5
Public Spot access to a Public Spot network's configuration (WEBconfig) should always be prohibited for security
reasons. We strongly recommend that you enable this setting for Public Spot scenarios!
Telnet path:
Setup > Config
Possible values:
No
Yes
Default:
No
296
Menu Reference
2 Setup
2.11.13 TFTP client
Default values for the device configuration, firmware and/or a script can be used if the latest configurations, firmware
versions and scripts are always stored under the same name in the same location. In this case, the simple commands
LoadConfig, LoadFirmware and LoadScript can be used to load the relevant files.
Telnet path:
Setup > Config
2.11.13.1 Config address
Default path for configuration files when the parameter -f is not specified for LoadConfig commands.
The path is specified with the notation //Server/Directory/File name
Telnet path:
Setup > Config > TFTP-Client
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.13.2 Config file name
Default name of the configuration file when the parameter -f is not specified for "LoadConfig" commands.
Telnet path:
Setup > Config > TFTP-Client
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.13.3 Firmware address
Default path for firmware files when the parameter -f is not specified for "LoadFirmware" commands.
The path is specified with the notation //Server/Directory/File name
Telnet path:
Setup > Config > TFTP-Client
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
297
Menu Reference
2 Setup
Default:
empty
2.11.13.4 Firmware file name
Default name of the firmware file when the parameter -f is not specified for "LoadFirmware" commands.
Telnet path:
Setup > Config > TFTP-Client
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.13.5 Bytes per hashmark
Number of bytes used per hashmark.
Telnet path:
Setup > Config > TFTP-Client
Possible values:
max. 6 Zeichen aus [0-9]
Default:
8192
2.11.13.6 Script address
Default path for scripts when the parameter -f is not specified for "LoadScript" commands.
The path is specified with the notation //Server/Directory/File name
Telnet path:
Setup > Config > TFTP-Client
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.13.7 Script file name
Default name of the script when the parameter -f is not specified for "LoadScript" commands.
298
Menu Reference
2 Setup
Telnet path:
Setup > Config > TFTP-Client
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.15 Access table
Here you can set the access rights separately for each network and configuration protocol. You can also set limitations
on the access to certain stations.
Telnet path:
Setup > Config
2.11.15.1 Ifc.
The interface that this entry refers to.
Telnet path:
Setup > Config > Access-Table
2.11.15.2 Telnet
Use this option to set the access rights for configuring the device via the TELNET protocol. This protocol is required for
text-based configuration of the device with the Telnet console, which is independent of the operating system.
Telnet path:
Setup > Config > Access-Table
Possible values:
VPN
Access is only possible via VPN.
4
VPN-capable devices only.
Yes
Access is generally possible.
4
By default via all interfaces except WAN.
Read
Access is read only.
299
Menu Reference
2 Setup
No
Access is not possible.
4
Default setting for the WAN interface.
Default:
Yes
No
2.11.15.3 TFTP
Use this option to set the access rights for configuring the device via the TFTP protocol (Trivial File Transfer Protocol).
This protocol is required, for example, for configuration using the LANconfig application.
Telnet path:
Setup > Config > Access-Table
Possible values:
VPN
Access is only possible via VPN.
4
VPN-capable devices only.
Yes
Access is generally possible.
4
By default via all interfaces except WAN.
Read
Access is read only.
No
Access is not possible.
4
Default:
Yes
No
300
Default setting for the WAN interface.
Menu Reference
2 Setup
2.11.15.4 HTTP
Use this option to set the access rights for configuring the device via the HTTP protocol (Hypertext Transfer Protocol).
This protocol is required for configuring the device via the implemented web-based browser interface independent of
the operating system.
Telnet path:
Setup > Config > Access-Table
Possible values:
VPN
Access is only possible via VPN.
4
VPN-capable devices only.
Yes
Access is generally possible.
4
By default via all interfaces except WAN.
Read
Access is read only.
No
Access is not possible.
4
Default setting for the WAN interface.
Default:
Yes
No
2.11.15.5 SNMP
Use this option to set the access rights for configuring the device via the SNMP protocol (SNMPv1 and SNMPv2). This
protocol is required, for example, for configuring the device using the LANmonitor application.
Telnet path:
Setup > Config > Access-Table
Possible values:
VPN
Access is only possible via VPN.
4
VPN-capable devices only.
301
Menu Reference
2 Setup
Yes
Access is generally possible.
4
By default via all interfaces except WAN.
Read
Access is read only.
No
Access is not possible.
4
Default setting for the WAN interface.
2.11.15.6 HTTPS
Use this option to set the access rights for configuring the device via the HTTPS protocol (Hypertext Transfer Protocol
Secure or HTTP via SSL). This protocol is required for configuring the device via the implemented web-browser interface
independent of the operating system.
Telnet path:
Setup > Config > Access-Table
Possible values:
VPN
Access is only possible via VPN.
4
VPN-capable devices only.
Yes
Access is generally possible.
4
By default via all interfaces except WAN.
Read
Access is read only.
No
Access is not possible.
4
Default:
Yes
No
302
Default setting for the WAN interface.
Menu Reference
2 Setup
2.11.15.7 Telnet-SSL
Use this option to set the access rights for configuring the device via the TELNET protocol. This protocol is required for
text-based configuration of the device with the Telnet console, which is independent of the operating system.
Telnet path:
Setup > Config > Access-Table
Possible values:
VPN
Access is only possible via VPN.
4
VPN-capable devices only.
Yes
Access is generally possible.
4
By default via all interfaces except WAN.
Read
Access is read only.
No
Access is not possible.
4
Default setting for the WAN interface.
Default:
Yes
No
2.11.15.8 SSH
Use this option to set the access rights for configuring the device via the TELNET/SSH protocol. This protocol is required
for configuring the device securely via the implemented Telnet console from text-based systems independent of the
operating system.
Telnet path:
Setup > Config > Access-Table
Possible values:
VPN
Access is only possible via VPN.
4
VPN-capable devices only.
303
Menu Reference
2 Setup
Yes
Access is generally possible.
4
By default via all interfaces except WAN.
Read
Access is read only.
No
Access is not possible.
4
Default setting for the WAN interface.
Default:
Yes
No
2.11.15.9 SNMPv3
Use this option to set the access rights for configuring the device via the SNMP protocol (SNMPv3). This protocol is
required, for example, for configuring the device using the LANmonitor application.
Telnet path:
Setup > Config > Access-Table
Possible values:
VPN
Access is only possible via VPN.
4
VPN-capable devices only.
Yes
Access is generally possible.
4
By default via all interfaces except WAN.
Read
Access is read only.
No
Access is not possible.
4
304
Default setting for the WAN interface.
Menu Reference
2 Setup
2.11.15.10 Config Sync
Indicates whether a config sync is possible (restricted) via this interface.
Telnet path:
Setup > Config > Access-Table
Possible values:
VPN
Access is only possible via VPN.
4
VPN-capable devices only.
Yes
Access is generally possible.
4
By default via all interfaces except WAN.
Read
Access is read only.
No
Access is not possible.
4
Default setting for the WAN interface.
Default:
Yes
No
2.11.16 Screen height
Specifies the maximum height of the screen in lines.
Telnet path:
Setup > Config
Possible values:
Max. 10 characters from [0-9]
Default:
24
Special values:
0
The device automatically sets the optimum screen height during login.
305
Menu Reference
2 Setup
2.11.17 Prompt
This value sets the prompt on the command line.
Telnet path:
Setup > Config
Possible values:
Max. 31 characters from [a-z]%
Default:
empty
Possible values:
%f
Starts a [Test] if you previously entered the command "flash no" on the command line. The command
"flash no" activates the test mode for the configuration changes outlined below. When test mode is
enabled, the device saves the changes to the configuration in RAM only. As the device's RAM is deleted
during a reboot, all of the configuration changes made in test mode are lost. The [Test] display alerts
the administrator about this potential loss of changes to the configuration.
%u
User name
%n
Device name
%p
Current path
%t
Current time
%o
Current operating time
2.11.18 LED test
Activates the test mode for the LEDs to test LED function in different colors.
Telnet path:
Setup > Config
Possible values:
Off
Switches all LEDs off.
Red
Switches all LEDs on that emit red.
Green
Switches all LEDs on that emit green.
Orange
Switches all LEDs on that emit orange.
306
Menu Reference
2 Setup
No_Test:
Normal LED operating mode.
Default:
No_Test:
2.11.20 Cron table
CRON jobs are used to carry out recurring tasks on a device automatically at certain times. If the installation features a
large number of active devices, all of which are subjected to the same CRON job at the same time (e.g. updating a
configuration by script), unpleasant side effects can result if, for example, all devices try to establish a VPN connection
at once. To avoid these effects, the CRON jobs can be set with a random delay time between 0 and 59 minutes.
Telnet path:
Setup > Config
2.11.20.1 Index
Index for this entry.
Telnet path:
Setup > Config > Cron-Table
2.11.20.2 Minute
The value defines the point in time when a command is to be executed. With no value entered, it is not included in the
controlling. A comma-separated list of values can be entered, or alternatively a range of minimum and maximum values.
Telnet path:
Setup > Config > Cron-Table
Possible values:
Max. 50 characters from [0-9],
Default:
empty
2.11.20.3 Hour
The value defines the point in time when a command is to be executed. With no value entered, it is not included in the
controlling. A comma-separated list of values can be entered, or alternatively a range of minimum and maximum values.
Telnet path:
Setup > Config > Cron-Table
307
Menu Reference
2 Setup
Possible values:
Max. 50 characters from [0-9],
Default:
empty
2.11.20.4 Day of week
The value defines the point in time when a command is to be executed. With no value entered, it is not included in the
controlling. A comma-separated list of values can be entered, or alternatively a range of minimum and maximum values.
Telnet path:
Setup > Config > Cron-Table
Possible values:
0
Sunday
1
Monday
2
Tuesday
3
Wednesday
4
Thursday
5
Friday
6
Saturday
empty
Default:
2.11.20.5 Day
The value defines the point in time when a command is to be executed. With no value entered, it is not included in the
controlling. A comma-separated list of values can be entered, or alternatively a range of minimum and maximum values.
Telnet path:
Setup > Config > Cron-Table
Possible values:
Max. 50 characters from [0-9],
Default:
empty
308
Menu Reference
2 Setup
2.11.20.6 Month
The value defines the point in time when a command is to be executed. With no value entered, it is not included in the
controlling. A comma-separated list of values can be entered, or alternatively a range of minimum and maximum values.
Telnet path:
Setup > Config > Cron-Table
Possible values:
1
2
3
4
5
6
7
8
9
10
11
12
empty
Default:
2.11.20.7 Command
The command to be executed or a comma-separated list of commands. Any command-line function can be executed.
Telnet path:
Setup > Config > Cron-Table
Possible values:
Max. 100 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.20.8 Basic
The time base field determines whether time control is based on real time or on the device's operating time.
Telnet path:
Setup > Config > Cron-Table
Possible values:
Real time
These rules evaluate all time/date information. Real-time based rules can be executed provided that the
device has a time from a relevant source, e.g. via NTP.
309
Menu Reference
2 Setup
Operation time
These rules only evaluate the minutes and hours since the last time the device was started.
Default:
Real time
2.11.20.9 Operating
Activates or deactivates the entry.
Telnet path:
Setup > Config > Cron-Table
Possible values:
Yes
No
Default:
Yes
2.11.20.10 Owner
An administrator defined in the device can be designated as owner of the CRON job. If an owner is specified, then the
CRON job commands will be executed with the rights of the owner.
Telnet path:
Setup > Config > Cron-Table
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.20.11 Variation
This specifies the maximum delay, from 0 to 65536 minutes, for the start of the CRON job after the set start time. The
actual delay time is determined randomly and lies between 0 and the time entered here.
5
Rules based on real-time can only be executed if the device has a time from a valid source, e.g. via NTP.
Telnet path:
Setup > Config > Cron-Table
310
Menu Reference
2 Setup
Possible values:
0 … 65535 Seconds
Default:
0
Special values:
When set to zero, the CRON job is executed at precisely the defined time.
2.11.20.12 Comment
This parameter is used to leave a comment about the entry in the CRON table.
Telnet path:
Setup > Config > Cron-Table
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.21 Admins
Here you can create additional administrator user accounts.
Telnet path:
Setup > Config
2.11.21.1 Administrator
Multiple administrators can be set up in the configuration of the device, each with different access rights. Up to 16
different administrators can be set up for a device.
5
Besides these administrators set up in the configuration, there is also the "root" administrator with the main
password for the device. This administrator always has full rights and cannot be deleted or renamed. To log in
as root administrator, enter the user name "root" in the login window or leave this field empty. As soon as a
password is set for the "root" administrator in the device's configuration, WEBconfig will display the button
Login that starts the login window. After entering the correct user name and password, the WEBconfig main
menu will appear. This menu only displays the options that are available to the administrator who is currently
logged in. If more than one administrator is set up in the admin table, the main menu features an additional
button 'Change administrator' which allows other users to log in (with different rights, if applicable).
Telnet path:
Setup > Config > Admins
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
311
Menu Reference
2 Setup
Default:
empty
2.11.21.2 Password
Password for this entry.
Telnet path:
Setup > Config > Admins
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.21.3 Function rights
Each administrator has "function rights" that determine personal access to certain functions such as the Setup Wizards.
You assign these function rights when you create a new administrator.
If you create a new administrator via Telnet, the following hexadecimal values are available to you. By entering one or
more of these values with set you set the function rights.
In WEBconfig you assign the function rights by selecting the appropriate check boxes in the menu shown below.
Telnet path:
Setup > Config > Admins
Possible values:
0x00000001
The user can run the Basic Wizard.
0x00000002
The user can run the Security Wizard.
0x00000004
The user can run the Internet Wizard.
0x00000008
The user can run the Wizard for selecting Internet providers.
0x00000010
The user can run the RAS Wizard.
0x00000020
The user can run the LAN-LAN Coupling Wizard.
0x00000040
The user can set the date and time (also applies for Telnet and TFTP).
0x00000080
The user can search for additional devices.
0x00000100
The user can run the WLAN Link test (also applies for Telnet).
312
Menu Reference
2 Setup
0x00000200
The user can run the a/b Wizard.
0x00000400
The user can run the WTP Assignment Wizard.
0x00000800
The user can run the Public Spot Wizard.
0x00001000
The user can run the WLAN Wizard.
0x00002000
The user can run the Rollout Wizard.
0x00004000
The user can run the Dynamic DNS Wizard.
0x00008000
The user can run the VoIP Call Manager Wizard.
0x00010000
The user can run the WLC Profile Wizard.
0x00020000
The user can use the integrated Telnet or SSH client.
0x00100000
The user can run the Public-Spot User management Wizard.
empty
Default:
2.11.21.4 Active
Activates or deactivates this function.
Telnet path:
Setup > Config > Admins
Possible values:
Yes
No
Default:
Yes
2.11.21.5 Access rights
Access to the internal functions can be configured for each interface separately:
a ISDN administration access
a LAN
a Wireless LAN (WLAN)
313
Menu Reference
2 Setup
a WAN (e.g. ISDN, DSL or ADSL)
Access to the network configuration can be further restricted so that, for example, configurations can only be edited
from certain IP addresses or LANCAPI clients. Furthermore, the following internal functions can be switched on/off
separately:
a
a
a
a
LANconfig (TFTP)
WEBconfig (HTTP/HTTPS)
SNMP
Terminal/Telnet
For devices supporting VPN, it is also possible for internal functions that operate over WAN interfaces to be restricted
to VPN connections only.
Telnet path:
Setup > Config > Admins
Possible values:
None
Admin-RO-Limit
Admin-RW-Limit
Admin-RO
Admin-RW
Supervisor
empty
Default:
2.11.23 Telnet port
This port is used for unencrypted configuration connections via Telnet.
Telnet path:
Setup > Config
Possible values:
Max. 10 characters from 0-9]
Default:
23
2.11.27 Predef.-Admins
Here you will find the predefined administrator account for the device. This administrator account is used when no user
name is defined when logging in.
Telnet path:
Setup > Config
314
Menu Reference
2 Setup
2.11.27.1 Name
Enter the name of the predefined administrator account here.
Telnet path:
Setup > Config > Predef.-Admins
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.28 SSH
This item manages the mechanisms used for SSH encryption. You can select which algorithms are supported in both
server and client mode.
Telnet path:
Setup > Config
2.11.28.1 Cipher-Algorithms
The cipher algorithms are used for encrypting and decrypting data. Select one or more of the available algorithms.
Telnet path:
Setup > Config > SSH
Possible values:
3des-cbc
3des-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
blowfish-ctr
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
chacha20-poly1305
aes128-gcm
aes256-gcm
Default:
3des-cbc
315
Menu Reference
2 Setup
3des-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
blowfish-ctr
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
2.11.28.2 MAC algorithms
MAC algorithms are used to check the integrity of messages. Select one or more of the available algorithms.
Telnet path:
Setup > Config > SSH
Possible values:
hmac-md5-96
hmac-md5
hmac-sha1-96
hmac-sha1
hmac-sha2-256-96
hmac-sha2-256
hmac-sha2-512-96
hmac-sha2-512
hmac-md5-96; hmac-md5; hmac-sha1-96; hmac-sha1; hmac-sha2-256-96; hmac-sha2-256;
hmac-sha2-512-96; hmac-sha2-512
Default:
hmac-md5-96; hmac-md5; hmac-sha1-96; hmac-sha1; hmac-sha2-256-96; hmac-sha2-256;
hmac-sha2-512-96; hmac-sha2-512
316
Menu Reference
2 Setup
2.11.28.3 Key-exchange algorithms
The MAC key exchange algorithms are used to negotiate the key algorithm. Select one or more of the available algorithms.
Telnet path:
Setup > Config > SSH
Possible values:
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2
curve25519-sha256
Default:
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
2.11.28.4 Host key algorithms
The host key algorithms are used to authenticate hosts. Select one or more of the available algorithms.
Telnet path:
Setup > Config > SSH
Possible values:
ssh-rsa
ssh-dss
ecdsa-sha2
ssh-ed25519
Default:
ssh-rsa
ssh-dss
2.11.28.5 Min-Hostkey-Length
This parameter defines the minimum length of your host keys.
317
Menu Reference
2 Setup
Telnet path:
Setup > Config > SSH
Possible values:
Max. 5 characters from [0-9]
Default:
512
2.11.28.6 Max-Hostkey-Length
This parameter defines the maximum length of your host keys.
Telnet path:
Setup > Config > SSH
Possible values:
Max. 5 characters from [0-9]
Default:
8192
2.11.28.7 DH-Groups
The Diffie-Hellman groups are used for the key exchange. Select one or more of the available groups.
Telnet path:
Setup > Config > SSH
Possible values:
Group-1
Group-5
Group-14
Group-15
Group-16
Group-1; Group-5; Group-14
Default:
Group-1; Group-5; Group-14
2.11.28.8 Compression
With this setting, you enable or disable compression of data packets for connections using SSH.
Telnet path:
Setup > Config > SSH
318
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
Yes
2.11.28.9 Elliptic curves
This is where you select the (NIST) curves used by the device for the elliptic curve cryptography (ECC).
4
All of the NIST curves given here are suitable for the ECDH key agreement, whereas host keys are based on the
curves nistp256 and nistp384.
Telnet path:
Setup > Config > SSH
Possible values:
nistp256
nistp384
nistp521
Default:
nistp256
nistp384
nistp521
2.11.28.10 SFTP server
This menu allows you to adjust the settings for the SFTP server.
Telnet path:
Setup > Config > SSH
2.11.28.10.1 Operating
You enable or disable the SFTP server with this setting.
Telnet path:
Setup > Config > SSH > SFTP-Server
319
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
Yes
2.11.28.11 Keepalive interval
Using this parameter, you configure the SSH keepalives for server-side connections. The parameter defines the interval
in which the internal LCOS SSH server sends keepalives to keep a connection open.
Telnet path:
Setup > Config > SSH
Possible values:
0 … 99999 Seconds
Special values:
0
This value disables the function.
Default:
60
2.11.28.12 Operating
Activate or deactivate the use of SSH here.
Telnet path:
Setup > Config > SSH
2.11.28.13 Port
Specify the SSH port.
Telnet path:
Setup > Config > SSH
Possible values:
Max. 5 characters from [0-9]
Default:
22
320
Menu Reference
2 Setup
2.11.28.14 Authentication methods
This menu contains the authentication methods for all interfaces
Telnet path:
Setup > Config > SSH
2.11.28.14.1 Ifc.
Shows the selected interface (e.g. "LAN").
Telnet path:
Setup > Config > SSH > Authentication-Methods
2.11.28.14.2 Methods
This entry is used to set the authentication method used for the selected interface (e.g. "LAN").
Telnet path:
Setup > Config > SSH > Authentication-Methods
Possible values:
All
All available methods are supported for the authentication.
Keyboard-Interactive
User input is required for authentication.
Password
A password is required for authentication.
Password+Keyboard-Interactive
A password and user input are required for authentication.
Password+Public-Key
A password in combination with a public SSH key are used for authentication.
Password+Keyboard-Interactive+Public-Key
A password in combination with user input and a public SSH key are used for authentication.
Default:
All
2.11.29 Telnet-SSL
The parameters for Telnet-SSL connections are specified here.
Telnet path:
Setup > Config
321
Menu Reference
2 Setup
2.11.29.2 Versions
This bitmask specifies which versions of the protocol are allowed.
Telnet path:
Setup > Config > Telnet-SSL
Possible values:
SSLv3
TLSv1
TLSv1.1
TLSv1.2
Default:
TLSv1
2.11.29.3 Key-exchange algorithms
This bitmask specifies which key-exchange methods are available.
Telnet path:
Setup > Config > Telnet-SSL
Possible values:
RSA
DHE
ECDHE
Default:
RSA
DHE
ECDHE
2.11.29.4 Crypro algorithms
This bitmask specifies which cryptographic algorithms are allowed.
Telnet path:
Setup > Config > Telnet-SSL
322
Menu Reference
2 Setup
Possible values:
RC4-40
RC4-56
RC4-128
DES40
DES
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
Default:
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
2.11.29.5 Hash algorithms
This bit mask specifies which hash algorithms are allowed and implies what HMAC algorithms used to protect of the
integrity of the messages.
Telnet path:
Setup > Config > Telnet-SSL
Possible values:
MD5
SHA1
SHA2-256
SHA2-384
Default:
MD5
SHA1
SHA2-256
SHA2-384
323
Menu Reference
2 Setup
2.11.29.6 Prefer PFS
When setting the cipher suite, the device usually takes over the same setting as the requesting client. Certain client
applications by default require a connection without perfect forward secrecy (PFS), even though both the device and the
client are PFS-capable.
This option means that your device always prefers to connect with PFS, regardless of the default setting of the client.
Telnet path:
Setup > Config > Telnet-SSL
Possible values:
On
Off
Default:
On
2.11.29.7 Renegotiations
This setting gives you control over whether the client can trigger a renegotiation of SSL/TLS.
Telnet path:
Setup > Config > Telnet-SSL
Possible values:
Forbidden
The device disconnects from the remote station if this requests a renegotiation.
Allowed
The device permits renegotiations with the remote station.
Ignored
The device ignores the request to renegotiate sent by the remote station.
Default:
Allowed
2.11.29.8 Elliptic curves
Here you specify which elliptic curves are to be used for encryption.
Telnet path:
Setup > Config > Telnet-SSL
324
Menu Reference
2 Setup
Possible values:
secp256r1
secp256r1 is used for encryption.
secp384r1
secp384r1 is used for encryption.
secp521r1
secp521r1 is used for encryption.
Default:
secp256r1
secp384r1
secp521r1
2.11.29.10 PORT
This port is used for encrypted configuration connections via telnet.
Telnet path:
Setup > Config > Telnet-SSL
Possible values:
0 … 65535
Default:
992
2.11.29.11 Operating
Enables or disables Telnet SSL.
Telnet path:
Setup > Config > Telnet-SSL
Possible values:
Yes
Telnet SSL is used.
No
Telnet SSL is disabled.
Default:
Yes
325
Menu Reference
2 Setup
2.11.29.22 Signature hash algorithms
Use this entry to specify which hash algorithm is used to encrypt the signature.
Telnet path:
Setup > Config > Telnet-SSL
Possible values:
MD5-RSA
SHA1-RSA
SHA224-RSA
SHA256-RSA
SHA384-RSA
SHA512-RSA
2.11.31 Anti-theft protection
After being stolen, the device can theoretically be operated at another location by unauthorized persons.
Password-protected device configurations do not stop third parties from operating RAS access, LAN connectivity or VPN
connections that are set up in the device: A thief could gain access to a protected network. The device’s operation can
be protected by various means; for example, it will cease to function if there is an interruption to the power supply, or
if the device is switched on in another location.
GPS location verification
GPS location verification enables a geographical position to be defined within the device. After being switched on the
device automatically activates the GPS module and checks if it is located at the "correct" position. The router module
only switches on if the check is positive. After location verification has been carried out the GPS module is switched off
again, unless it was activated manually. ISDN location verification can prevent the misuse of a router: Each time it is
switched on, the router carries out a check by making an ISDN telephone call to itself to ensure that it is installed at the
intended location. Only after successful location verification is the router module activated.
ISDN location verification
The device must be reachable from the public ISDN telephone network. The device needs two free B channels for the
duration of the check. If just one channel is free, e.g. one channel at a point-to-multipoint connection with two B channels
is being used for a telephone call, then the device cannot make a call to itself via ISDN.
Telnet path:
Setup > Config
2.11.31.1 Operating
Activate location verification with the "Enabled" option. ISDN location verification can prevent the misuse of a router.
Each time it is switched on, the router carries out a check by making an ISDN telephone call to itself to ensure that it is
installed at the intended location. Only after successful location verification is the router module activated. Prerequisites
for successful ISDN location verification: The device must be reachable from the public ISDN telephone network. The
device needs two free B channels for the duration of the check. If just one channel is free, e.g. one channel at a
point-to-multipoint connection with two B channels is being used for a telephone call, then the device cannot make a
call to itself via ISDN.
326
Menu Reference
2 Setup
Telnet path:
Setup > Config > Location-Verification
2.11.31.2 Called number
This call number is used as outgoing calling number when a call is made for ISDN location verification.
Telnet path:
Setup > Config > Location-Verification
Possible values:
Max. 14 characters from [0-9]
Default:
empty
2.11.31.3 Outgoing calling number
This number is called for ISDN location verification.
Telnet path:
Setup > Config > Location-Verification
Possible values:
Max. 14 characters from [0-9]
Default:
empty
2.11.31.4 Checked calling number
This call number is expected as outgoing call number for ISDN location verification.
Telnet path:
Setup > Config > Location-Verification
Possible values:
Max. 14 characters from [0-9]
Default:
empty
2.11.31.6 Method
Select the method for the location check.
327
Menu Reference
2 Setup
5
For a location check by GPS an appropriate GPS antenna must be connected to the AUX connector on the device.
Additionally, a SIM card for mobile telephone operation has to be inserted and the device must be logged on to
a mobile phone network. For ISDN location verification to function, the device must be reachable from the public
ISDN telephone network. The device needs two free B channels for the duration of the check. If just one channel
is free, e.g. one channel at a point-to-multipoint connection with two B channels is being used for a telephone
call, then the device cannot make a call to itself via ISDN.
Telnet path:
Setup > Config > Location-Verification
Possible values:
Basic call
'Self call' for a check via ISDN by means of a return call.
Facility
Call forwarding check via ISDN by requesting the call number from the exchange. No call-back is
necessary in this case.
GPS
GPS verification for a check on the geographical coordinates.
2.11.31.7 ISDN-lfc
The interface that this entry refers to.
Telnet path:
Setup > Config > Location-Verification
Possible values:
S0-1
S0-2
2.11.31.8 Variation
Deviation from the intended position in meters.
Telnet path:
Setup > Config > Location-Verification
2.11.31.9 Longitude
Longitude of the location where the device is to operate.
Telnet path:
Setup > Config > Location-Verification
328
Menu Reference
2 Setup
Possible values:
Max. 12 characters from [0-9].
Default:
empty
2.11.31.10 Latitude
Latitude of the location where the device is to operate.
Telnet path:
Setup > Config > Location-Verification
Possible values:
Max. 12 characters from [0-9].
Default:
empty
2.11.31.12 Get-GPS-position
This option allows the device to determine the geographical coordinates of its current location. Once the configuration
is written back to the device, the current longitude and latitude are entered automatically, assuming that location
verification is activated and a valid GPS position is available. Subsequently this option is automatically deactivated again.
Telnet path:
Setup > Config > Location-Verification
Possible values:
Yes
No
2.11.32 Reset button
The reset button offers two basic functions—boot (restart) and reset (to the factory settings)—which are called by
pressing the button for different lengths of time.
Some devices simply cannot be installed under lock and key. There is consequently a risk that the configuration will be
deleted by mistake if a co-worker presses the reset button too long. The behavior of the reset button is controlled with
this setting.
5
5
After a reset, the access point returns to "managed mode", in which case the configuration cannot be directly
accessed via the WLAN interface!
After resetting, the device starts completely unconfigured and all settings are lost. If possible be sure to backup
the current device configuration before resetting.
329
Menu Reference
2 Setup
5
The settings "Ignore" or "Boot only" makes it impossible to reset the configuration to the factory settings or to
load the rollout configuration with a reset. If the password is lost for a device with this setting, there is no way
to access the configuration! In this case the serial communications interface can be used to upload a new firmware
version to the device—this resets the device to its factory settings, which results in the deletion of the former
configuration. Instructions on firmware uploads via the serial configuration interface are available in the LCOS
reference manual.
Telnet path:
Setup > Config
Possible values:
Ignore
The button is ignored.
Boot only
With a suitable setting, the behavior of the reset button can be controlled; the button is then ignored
or a press of the button prompts a restart only, however long it is held down.
Reset or boot
With this setting, the reset button fulfills different functions depending upon how long the key remains
pressed:
Less than 5 seconds: Boot (restart), whereby the user-defined configuration is loaded from the
configuration memory. If the user-defined configuration is empty, then the customer-specific standard
settings (first memory space) are loaded instead. The loading of the customer-specific standard settings
is visible when all LEDs on the device light up briefly in red. Similarly, the factory settings are loaded if
the first memory space is empty.
Longer than 5 seconds until the first time that all device LEDs light up: Configuration reset (deletes the
configuration memory) followed by a restart. In this case the customer-specific standard settings (first
memory space) are loaded instead. The loading of the customer-specific standard settings is visible
when all LEDs on the device light up briefly in red. The factory settings are loaded if the first memory
space is empty.
Longer than 15 seconds until the second time that all device LEDs light up: Activating the rollout
configuration and deleting the user-defined configuration After restarting, the rollout configuration is
started from memory space 2. The loading of the rollout configuration is visible when all LEDs on the
device light up twice briefly in red. The factory settings are loaded if the second memory space is empty.
5
Further information about the different boot configurations are to be found in the reference
manual.
Ignore
The button is ignored.
Default:
Reset or boot
2.11.33 Outband aging minutes
Specify here the number of minutes after which an inactive serial connection (e.g. via Hyper Terminal) is automatically
terminated.
Telnet path:
Setup > Config
330
Menu Reference
2 Setup
Possible values:
Max. 10 characters from [0-9]
Default:
1
2.11.34 Telnet-Operating
This entry is used to enable or disable Telnet.
Telnet path:
Setup > Config
Possible values:
Yes
Telnet is enabled.
No
Telnet is disabled.
Default:
Yes
2.11.36 TFTP-Operating
The trivial file transfer protocol (TFTP) is a simpler variant of the file transfer protocol (FTP). In contrast to FTP, TFTP
permits the reading or writing of files via UDP only.
This entry is used to enable or disable TFTP.
Telnet path:
Setup > Config
Possible values:
No
Yes
Default:
Yes
2.11.39 License expiry email
The license to use a product can be restricted to a set validity period. You will be reminded of the license expiry date 30
days, one week and one day before it actually expires by an e-mail to the address configured here.
331
Menu Reference
2 Setup
Telnet path:
Setup > Config
2.11.40 Crash message
Here you specify the message that appears in the bootlog when the device crashes.
Telnet path:
Setup > Config
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
LCOS-Watchdog
2.11.41 Admin gender
Enter the gender of the Admin.
Telnet path:
Setup > Config
Possible values:
Unknown
Male
Female
Default:
Unknown
2.11.42 Assert action
This parameter affects the behavior of the device when it checks the firmware code.
5
The settings for this parameter are intended exclusively for development and support purposes. Do not alter the
pre-set values for these parameters. An irregular configuration may cause the devices to behave unexpectedly
during operations.
Telnet path:
Setup > Config
332
Menu Reference
2 Setup
Possible values:
log_only
reboot
Default:
log_only
2.11.43 Function keys
The function keys enable the user to save frequently used command sequences and to call them easily from the command
line. In the appropriate table, commands are assigned to function keys F1 to F12 as they are entered in the command
line.
Telnet path:
Setup > Config
2.11.43.1 Key
Name of function key.
Telnet path:
Setup > Config > Function-keys
Possible values:
F1
Function keys F1 to F12.
F2 – F12
Default:
F1
2.11.43.2 Figure
Description of the command/shortcut to be run on calling the function key in the command line.
Telnet path:
Setup > Config > Function-keys
Possible values:
All commands/shortcuts possible in the command line.
[A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
333
Menu Reference
2 Setup
Special values:
"^"
The caret symbol (^) is used to represent special control commands with ASCII values below 32.
Command
5
Meaning
^A
Ctrl-A (ASCII 1)
^Z
Ctrl-Z (ASCII 26)
^[
Escape (ASCII 27)
^M
Mention return/enter. This character is useful if you enter a command with the function key and
wish to send it immediately.
^^
A double caret symbol stands for the caret symbol itself.
If a caret symbol is entered in a dialog field or editor followed directly by another character, the
operating system may possibly interpret this sequence as another special character. By entering
caret + A the Windows operating system outputs an Â. To enter the caret character itself, enter
a space in front of the subsequent characters. Sequence ^A is then formed from caret symbol
+ space + A.
2.11.45 Configuration date
This parameter allows LANconfig to be used to set the date of a configuration.
4
This value exists only in the SNMP chain.
Telnet path:
Setup > Config > Config-Date
Possible values:
Valid configuration date
2.11.50 LL2M
The menu contains the settings for LANCOM layer-2 management.
Telnet path:
Setup > Config
2.11.50.1 Operating
Enables/disables the LL2M server. An LL2M client can contact an enabled LL2M server for the duration of the time limit
following device boot/power-on.
Telnet path:
Setup > Config > LL2M
334
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
Yes
2.11.50.2 Time limit
Defines the period in seconds during which an enabled LL2M server can be contacted by an LL2M client after device
boot/power-on. The LL2M server is disabled automatically after expiry of the time limit.
Telnet path:
Setup > Config > LL2M
Possible values:
0 … 4294967295
Default:
0
Special values:
0
This value disables the time limit. In this state the LL2MServer remains permanently active.
2.11.51 Sync
In this directory, you configure the automatic configuration synchronization.
Telnet path:
Setup > Config
2.11.51.1 Operating
Activates or deactivates the automatic configuration synchronization.
Telnet path:
Setup > Config > Sync
335
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
No
2.11.51.2 New cluster
Here you can configure the scope of a configuration synchronization.
Telnet path:
Setup > Config > Sync
2.11.51.2.1 Name
Enter an identifier for this entry.
Telnet path:
Setup > Config > Sync > New Cluster
Possible values:
Max. 254 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
Default
2.11.51.2.2 Cluster members
This table lists devices that participate in the automatic configuration synchronization.
Telnet path:
Setup > Config > Sync > New Cluster
2.11.51.2.2.1 Idx.
Index for this entry in the list.
Telnet path:
Setup > Config > Sync > New Cluster > Group Members
Possible values:
Max. 5 characters from 0123456789
336
Menu Reference
2 Setup
Default:
empty
2.11.51.2.2.2 Address
IP address of the corresponding device.
Telnet path:
Setup > Config > Sync > New Cluster > Group Members
Possible values:
Max. 63 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Possible arguments:
IPv4 address
IPv6 address
Default:
empty
2.11.51.2.3 Menu nodes
Here you configure which configuration items are to be contained in the automatic configuration synchronization. This
enables you to include or exclude values, tables, and entire menus.
Telnet path:
Setup > Config > Sync > New Cluster
2.11.51.2.3.1 Idx.
Index for this entry in the list.
Telnet path:
Setup > Config > Sync > New Cluster > Menu Nodes
Possible values:
Max. 5 characters from 0123456789
Default:
empty
2.11.51.2.3.2 Include
Specify here whether the specified menu node is included in or excluded from the automatic configuration synchronization.
Telnet path:
Setup > Config > Sync > New Cluster > Menu Nodes
337
Menu Reference
2 Setup
Possible values:
Include
Exclude
Default:
Include
2.11.51.2.3.3 Path
Enter the path to the menu node. This can be a value, a table, or a complete menu.
Telnet path:
Setup > Config > Sync > New Cluster > Menu Nodes
Possible values:
Max. 127 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
/Setup
2.11.51.2.3.4 SNMP OID
Show the SNMP-ID of the specified menu node.
4
The display is updated after you save the entry.
Telnet path:
Setup > Config > Sync > New Cluster > Menu Nodes
Possible values:
2
Default:
2
2.11.51.2.4 Ignored rows
If you include a table into the automatic configuration synchronization, this item is used to determine which rows of this
table are to be excluded from it.
Telnet path:
Setup > Config > Sync > New Cluster
338
Menu Reference
2 Setup
2.11.51.2.4.1 Idx.
Index for this entry in the list.
Telnet path:
Setup > Config > Sync > New Cluster > Ignored Rows
Possible values:
Max. 5 characters from 0123456789
Default:
empty
2.11.51.2.4.2 Row index
Here you specify the row number (index) to be excluded from the automatic configuration synchronization.
Telnet path:
Setup > Config > Sync > New Cluster > Ignored Rows
Possible values:
Max. 127 characters from [A-Z][a-z][0-9]#@{|}~!"$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.51.2.4.3 Path
Specify the path to the node of the table that is contained in the automatic configuration synchronization.
Telnet path:
Setup > Config > Sync > New Cluster > Ignored Rows
Possible values:
Max. 127 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
/Setup
2.11.51.2.4.4 SNMP OID
Show the SNMP-ID of the specified table node.
4
The display is updated after you save the entry.
Telnet path:
Setup > Config > Sync > New Cluster > Ignored Rows
339
Menu Reference
2 Setup
Possible values:
2
Default:
2
2.11.51.2.5 Home
Starts the automatic configuration synchronization for this entry.
Telnet path:
Setup > Config > Sync > New Cluster
2.11.51.3 TLS connections
In this directory, you specify the address and port to be used by the device to accept incoming configuration changes.
Telnet path:
Setup > Config > Sync
2.11.51.3.1 Port
Specify the port to be used by the device to receive incoming configuration changes.
Telnet path:
Setup > Config > Sync > TLS-Connections
Possible values:
Max. 5 characters from [0-9]
0 … 65535
Default:
1941
2.11.51.3.2 Loopback address
Specify the loopback address to be used by the device to receive incoming configuration changes.
Telnet path:
Setup > Config > Sync > TLS-Connections
Possible values:
Max. 39 characters from [A-Z][a-z][0-9].-:%
340
Menu Reference
2 Setup
Possible arguments:
Name of the IP networks whose address should be used
“INT” for the address of the first Intranet
“DMZ” for the address of the first DMZ
LBO ... LBF for the 16 loopback addresses
Any valid IPv4 or IPv6 address
Default:
empty
2.11.51.4 Renew snapshot
In this directory you configure the snapshots.
Telnet path:
Setup > Config > Sync > Renew-Snapshot
2.11.51.4.1 Modification limit
Enter the modification limit here.
Telnet path:
Setup > Config > Sync > Renew-Snapshot
Possible values:
Max. 10 characters from 0123456789
Special values:
0
This value disables the function.
Default:
2048
2.11.51.4.2 Kept modifications
This value specifies the number of kept modifications.
Telnet path:
Setup > Config > Sync > Renew-Snapshot
Possible values:
Max. 10 characters from 0123456789
0 … 4294967295 Powers of two
Special values:
0
This value disables the function.
341
Menu Reference
2 Setup
Default:
256
2.11.51.4.3 Renew snapshot
This action renews the snapshot.
Telnet path:
Setup > Config > Sync > Renew-Snapshot
2.11.51.5 Local configuration
In this directory you specify the number of applied and detected modifications.
Telnet path:
Setup > Config > Sync > Local Config
2.11.51.5.1 Detected modifications
Specify the number of detected modifications.
Telnet path:
Setup > Config > Sync > Local Config
Possible values:
Max. 10 characters from 0123456789
2.11.51.5.2 Applied modifications
Specify the number of applied modifications.
Telnet path:
Setup > Config > Sync > Local Config
Possible values:
Max. 10 characters from 0123456789
2.11.55 SSL-for-Cron-Table
This menu contains the settings of the Secure Sockets Layer for the links in the cron table.
Telnet path:
Setup > Config
342
Menu Reference
2 Setup
2.11.55.1 Versions
SSL is an encryption protocol that is widely used for secure data transmission over the Internet. SSL was initially developed
until version 3. After the renaming to TLS, the developers reverted to version 1. This makes TLS the successor to SSL3.
Telnet path:
Setup > Config > SSL-for-Cron-Table
Possible values:
SSLv3
TLSv1
TLSv1.1
TLSv1.2
Default:
TLSv1
2.11.55.2 Key-exchange algorithms
Here you choose between three different key exchange techniques. You can select multiple techniques. All three are
selected by default.
Devices that communicate via an SSL-secured connection regularly exchange encryption keys.
Telnet path:
Setup > Config > SSL-for-Cron-Table
Possible values:
RSA
DHE
ECDHE
Default:
RSA
DHE
ECDHE
2.11.55.3 Crypto algorithms
Here you choose between different cryptographic algorithms. You can select multiple algorithms.
The crypto algorithm is a complex translation rule that converts the transmitted information piece by piece into data
packets that are of no value to eavesdroppers. The verified recipient reconstructs the original message using a cryptic
key.
343
Menu Reference
2 Setup
Telnet path:
Setup > Config > SSL-for-Cron-Table
Possible values:
RC4-40
RC4-56
RC4-128
DES40
DES
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
Default:
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
2.11.55.4 Hash algorithms
Here you choose between different hash algorithms. You can select multiple algorithms. All of them are selected by
default.
The sent message packets contain checksums for the detection of transmission errors and manipulations. These checksums
formed with what are known as hash algorithms. Cryptological hash algorithms are considered to be highly reliable.
Telnet path:
Setup > Config > SSL-for-Cron-Table
Possible values:
MD5
SHA1
SHA-256
SHA-384
SHA2-256
SHA2-384
Default:
MD5
SHA1
344
Menu Reference
2 Setup
SHA-256
SHA-384
SHA2-256
SHA2-384
2.11.55.5 Prefer PFS
The keys used for encoding are constantly changed. If you prefer PFS, an attacker who knows a key can only decode the
part of the message encoded with that key. It is impossible to deduce the other keys that were used.
Telnet path:
Setup > Config > SSL-for-Cron-Table
Possible values:
Yes
Default:
Yes
2.11.55.6 Renegotiations
Specify whether renegotiations are allowed, prohibited, or ignored.
SSL has a security loophole in the form of what is called a renegotiation attack. If you fear an attack of this type, you
prohibit renegotiation in general. This then also prevents legal renegotiations!
Telnet path:
Setup > Config > SSL-for-Cron-Table
Possible values:
Allowed
Forbidden
Ignored
Default:
Allowed
2.11.55.7 Elliptic curves
Here you choose between three different elliptic curves. You can select multiple curves. All three are selected by default.
345
Menu Reference
2 Setup
Crypto-algorithms are usually executed within mathematical bodies. A mathematical body can be implemented with
prime number modules and by means of a discrete elliptic curve.
The mathematical operations on elliptic curves are more complex to compute than operations in finite bodies of a
comparable size. The shorter keys, however, allow crypto-systems based on elliptic curves to be faster than crypto-systems
of comparable security levels based on a prime number module.
Telnet path:
Setup > Config > SSL-for-Cron-Table
Possible values:
secp256r1
secp384r1
secp521r1
Default:
secp256r1
secp384r1
secp521r1
2.11.55.21 Signature hash algorithms
Here you choose from various signature hash algorithms. You can select multiple algorithms.
Digital signatures are provided with a checksum for the purpose of detecting erroneous transmission or targeted
manipulation. This checksum is formed by what are known as hash algorithms. Cryptological hash algorithms are
considered to be highly reliable.
Telnet path:
Setup > Config > SSL-for-Cron-Table
Possible values:
MD5-RSA
SHA1-RSA
SHA224-RSA
SHA256-RSA
SHA384-RSA
SHA512-RSA
Default:
SHA1-RSA
SHA224-RSA
SHA256-RSA
SHA384-RSA
346
Menu Reference
2 Setup
SHA512-RSA
2.11.60 CPU load interval
You can select the time interval for averaging the CPU load. The CPU load displayed in LANmonitor, in the status area,
in the display (if fitted), or by SNMP tools is a value which is averaged over the time interval set here. The status area
under WEBconfig or CLI additionally display the CPU load values for all four of the optional averaging periods.
Telnet path:
Setup > Config
Possible values:
T1s (arithmetic mean)
T5s (arithmetic mean)
T60s (moving average)
T300s (moving average)
Default:
T60s (moving average)
2.11.65 Error aging minutes
Here you set the length of time in minutes after which the device deletes VPN errors from the status table.
4
To document sporadic errors, disable this option with the entry 0.
Telnet path:
Setup > Config
Possible values:
Max. 4 characters from 0123456789
Default:
0
Special values:
0
Disables this option. Errors will remain in the status table.
2.11.71 Save bootlog
This parameter enables or disables the boot-persistent storage of SYSLOG messages to the flash memory of the device.
Bootlog information is not lost even when restarting after a loss of mains power. The bootlog contains information about
the boot processes of the device.
347
Menu Reference
2 Setup
5
If necessary, delte the persistent bootlog memory by entering the command deletebootlog anywhere on
the command line.
Telnet path:
Setup > Config
Possible values:
Yes
No
Default:
Yes
2.11.72 Save eventlog
This parameter enables or disables the boot-persistent storage of event log messages to the flash memory of the device.
Event log information is retained even when restarting after a loss of mains power. The event log contains the information
from the table Status > Config > Event-Log. This table stores information on administrator logins and logouts, and
on upload and download operations of configurations and firmware files.
5
If necessary, delte the persistent event log memory by entering the command deleteeventlog anywhere
on the command line.
Telnet path:
Setup > Config
Possible values:
Yes
No
Default:
Yes
2.11.73 Sort-menu
Using this parameter, you specify whether the device displays menu items in ascending alphabetical order on the console
by default. The setting corresponds to the option switch -s when listing menu or table contents.
Telnet path:
Setup > Config
348
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
No
2.11.80 Authentication
Various options are available to authenticate with the device and access the management interface.
5
5
Since the RADIUS protocol does not allow for a change of passwords, the users logged in via RADIUS cannot
change their password in the device.
To manage the necessary data for the RADIUS server, go to Setup > Config > Radius > Server. To manage
the necessary data for the TACACS+ server, go to Setup > Tacacs+ > Server.
Telnet path:
Setup > Config
Possible values:
Internal
The device manages the users internally in the table Setup > Config > Admins.
Radius
A RADIUS server handles the management of the users.
TACACS+
A TACACS+ server handles the management of the users.
Default:
Internal
2.11.81 Radius
If the user has to login to the management interface by authenticating via a RADIUS server, you enter the related server
data and the user/administration data here.
Telnet path:
Setup > Config
2.11.81.1 Server
This table contains the settings for the RADIUS server.
349
Menu Reference
2 Setup
Telnet path:
Setup > Config > Radius
2.11.81.1.1 Name
Enter a name for the RADIUS server.
Telnet path:
Setup > Config > Radius > Server
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.81.1.2 Server
Enter the IPv4 address of the RADIUS server here.
Telnet path:
Setup > Config > Radius > Server
Possible values:
Max. 64 characters from [0-9].
Default:
empty
2.11.81.1.3 Port
Specify here the port used by the RADIUS server to communicate with the device.
Telnet path:
Setup > Config > Radius > Server
Possible values:
Max. 5 characters from [0-9]
Default:
1812
2.11.81.1.4 Protocol
Specify here the protocol used by the RADIUS server to communicate with the device.
350
Menu Reference
2 Setup
Telnet path:
Setup > Config > Radius > Server
Possible values:
RADIUS
RADSEC
Default:
RADIUS
2.11.81.1.5 Loopback address
Here you can optionally specify a source address for the device to use as the target address instead of the one that would
normally be selected automatically.
Telnet path:
Setup > Config > Radius > Server
Possible values:
Name of the IP networks whose addresses are to be used by the device.
"INT" for the address of the first intranet.
"DMZ" for the address of the first DMZ.
5
If the list of IP networks or loopback addresses contains an entry named "DMZ", then the
associated IP address will be used.
LB0 – LBF for one of the 16 loopback addresses
Any valid IP address.
empty
Default:
2.11.81.1.6 Secret
Enter the password for accessing the RADIUS server and repeat it in the second input field.
Telnet path:
Setup > Config > Radius > Server
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
351
Menu Reference
2 Setup
2.11.81.1.7 Backup
Specify the name of the alternative RADIUS server to which the device forwards requests when the first RADIUS server
cannot be reached.
5
The backup server requires an additional entry in the Server table.
Telnet path:
Setup > Config > Radius > Server
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.81.1.8 Category
Set the category for which the RADIUS server applies.
You can select No, one or both categories.
Telnet path:
Setup > Config > Radius > Server
Possible values:
Authentication
Accounting
Default:
Authentication
2.11.81.1.9 Attribute-Values
With this entry you configure the RADIUS attributes of the RADIUS server.
The attributes are specified in a semicolon-separated list of attribute numbers or names (according to RFC 2865, RFC
3162, RFC 4679, RFC 4818, RFC 7268) and a corresponding value in the form
<Attribute_1>=<Value_1>,<Attribute_2>=<Value_2>.
Variables can also be used as values (such as %n for the device name). Example: NAS-Identifier=%n.
Telnet path:
Setup > Config > Radius > Server
Possible values:
Max. 128 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
352
Menu Reference
2 Setup
2.11.81.2 Access rights transfer
The RADIUS server stores the user authorization. When a request arrives, the RADIUS server returns the access rights,
privileges and the login data to the device, which then logs in the user with the appropriate rights.
Normally access rights are set in the RADIUS management privilege level (attribute 136), so that the device only needs
to map the returned value to its internal access rights (option mapped). The attribute can have the following values,
which are mapped by the device:
Attribute
Access rights
1
User, read-only
3
User, write-only
5
Admin, read-only, no trace rights
7
Admin, read and write, no trace rights
9
Admin, read-only
11
Admin, read and write
15
Supervisor
5
The device maps all other values to 'no access'.
However, it may be that the RADIUS server additionally needs to transfer privileges, or that attribute 136 is already used
for other purposes and/or for vendor-specific authorization attributes. If this is the case, you should select Vendor-Specific
attributes. These attributes are specified as follows, based on the vendor ID '2356':
a Privileges ID: 11
a Function rights ID: 12
The values transferred for access rights are identical to those mentioned above. If the RADIUS server should also transfer
privileges, you achieve this as follows:
1. Open the device console.
2. Change to the directory Setup > Config > Admins.
3. The command set ? shows you the current mapping of privileges to the corresponding hexadecimal code (e.g.
Device-Search (0x80)).
4. In order to combine privileges, you add their hex values.
5. You can use this decimal value as the Privileges ID to transfer the corresponding privileges.
6. You can use this decimal value as the Privileges ID to transfer the corresponding privileges.
Telnet path:
Setup > Config > Radius
Possible values:
Vendor specific
Mapped
Shell privilege
Default:
Vendor specific
353
Menu Reference
2 Setup
2.11.81.3 Accounting
Here you specify whether the device should record the user's session. In this case it stores the session data including the
start time, end time, user name, authentication mode and, if available, the port used.
Telnet path:
Setup > Config > Radius
Possible values:
No
Yes
Default:
No
2.11.90 LED mode
You set the operating mode of the device LEDs here.
The "LED-Test" function is available despite the LEDs being disabled.
Telnet path:
Setup > Config
Possible values:
On
The LEDs are always enabled, also after rebooting the device.
Off
The LEDs are all off. Even after restarting the device, the LEDs remain off.
Timed off
After a reboot, the LEDs are enabled for a certain period of time and are then turned off. This is useful
for the LEDs to indicate critical errors during the restart process.
Default:
On
2.11.91 LED off seconds
You specify the delay in seconds after which the LEDs are disabled following a restart.
4
If you change this value and save it within the previously set time, you should restart the timer.
Telnet path:
Setup > Config
354
Menu Reference
2 Setup
Possible values:
Max. 4 characters 0123456789
Default:
300
2.11.92 Rollout agent
This menu allows you to configure the settings for the rollout agent.
Telnet path:
Setup > Config
2.11.92.1 Operating
This entry determines how the rollout agent operates.
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
No
The rollout agent is disabled.
Yes
The rollout agent is enabled and transmits the rollout data that is configured in the device to the rollout
server.
DHCP initiated
The rollout agent is enabled. It processes the information received from the DHCP server in the DHCP
option 43.
4
The “DHCP-initiated” operating mode does not overwrite manually configured attributes. This
makes it possible to perform a comprehensive pre-configuration based on the latest contact
information for the rollout server (address, login data) as communicated by the DHCP server.
Default:
DHCP initiated
2.11.92.2 Configuration server
Use this entry to specify the address of the rollout server that is responsible for rolling out the configuration.
4
An entry can take the following forms:
a IP address (HTTP, HTTPS, TFTP)
a FQDN
355
Menu Reference
2 Setup
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.92.3 Firmware server
Use this entry to specify the address of the rollout server that is responsible for rolling out the firmware.
4
An entry can take the following forms:
a IP address (HTTP, HTTPS, TFTP)
a FQDN
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.92.4 User name
Set the user name used by the rollout agent to log on to the rollout server.
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.92.5 Password
Set the user password used by the rollout agent to log on to the rollout server.
Telnet path:
Setup > Config > Rollout-Agent
356
Menu Reference
2 Setup
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.92.6 Project number
This entry specifies the rollout project number for the rollout agent.
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.92.7 Additional parameter
Use this entry to specify any additional parameters that the rollout agent should transfer to the rollout server.
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.92.8 Reboot time
Here you set the time after which the device reboots after a rollout.
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
Max. 10 characters from [0-9]
Default:
0
357
Menu Reference
2 Setup
2.11.92.9 Request-Interval
If a configuration fails, the time in seconds you set here is the delay before a request for a configuration rollout is repeated.
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
Max. 10 characters from [0-9]
Default:
0
Special values:
0
The next attempt starts in 1 minute.
2.11.92.10 TAN
Use this entry to specify the rollout TAN.
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.92.11 Device number
Contains the device number of the device that is running the rollout agent.
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
Max. 255 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.11.92.12 Request delay
This entry contains the delay time in seconds for a rollout request.
Telnet path:
Setup > Config > Rollout-Agent
358
Menu Reference
2 Setup
Possible values:
Max. 10 characters from [0-9]
Default:
0
2.11.92.13 Request time random
With this entry, you specify that the request for a rollout takes place after a random delay. This setting prevents all of
the devices involved in the rollout from requesting a configuration from the LSR server all at the same time.
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
No
Yes
Default:
No
2.11.92.14 Omit certificate check
Specifies whether a server certificate verification is carried out on HTTPS connections.
Telnet path:
Setup > Config > Rollout-Agent
Possible values:
No
A certificate check is carried out.
Yes
No certificate check is carried out.
Default:
No
2.11.92.15 SSL
This menu contains the SSL configuration for the Rollout Agent.
Telnet path:
Setup > Config > Rollout-Agent
359
Menu Reference
2 Setup
2.11.92.15.1 Versions
This entry is used to select the SSL version(s) for the Rollout Agent.
Telnet path:
Setup > Config > Rollout-Agent > SSL
Possible values:
SSLv3
TLSv1
TLSv1.1
TLSv1.2
Default:
TLSv1
2.11.92.15.2 Key-exchange algorithms
This is where you specify the algorithms for the key exchange.
Telnet path:
Setup > Config > Rollout-Agent > SSL
Possible values:
RSA
DHE
ECDHE
Default:
RSA
DHE
ECDHE
2.11.92.15.3 Crypto algorithms
This entry specifies which cryptographic algorithms are allowed.
Telnet path:
Setup > Config > Rollout-Agent > SSL
360
Menu Reference
2 Setup
Possible values:
RC4-40
RC4-56
RC4-128
DES40
DES
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
Default:
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
2.11.92.15.4 Hash algorithms
Here, select the hash algorithms for the SSL/TLS connection.
Telnet path:
Setup > Config > Rollout-Agent > SSL
Possible values:
MD5
SHA1
SHA-256
SHA-384
SHA2-256
SHA2-384
Default:
MD5
SHA1
SHA-256
SHA-384
SHA2-256
361
Menu Reference
2 Setup
SHA2-384
2.11.92.15.5 Prefer PFS
This option means that your device always prefers to connect with PFS, regardless of the default setting of the client.
Telnet path:
Setup > Config > Rollout-Agent > SSL
Possible values:
Yes
No
Default:
Yes
2.11.92.15.6 Renegotiations
Here you select whether new negotiations are allowed.
Telnet path:
Setup > Config > Rollout-Agent > SSL
Possible values:
Forbidden
Allowed
Ignored
Default:
Allowed
2.11.92.15.7 Elliptic curves
Here you specify which elliptic curves are to be used for encryption.
Telnet path:
Setup > Config > Rollout-Agent > SSL
362
Menu Reference
2 Setup
Possible values:
secp256r1
secp384r1
secp521r1
Default:
secp256r1
secp384r1
secp521r1
2.11.92.15.21 Signature hash algorithms
Here, select the hash algorithms for the SSL/TLS signature.
Telnet path:
Setup > Config > Rollout-Agent > SSL
Possible values:
MD5-RSA
SHA1-RSA
SHA-224-RSA
SHA-256-RSA
SHA-384-RSA
SHA-512-RSA
Default:
MD5-RSA
SHA1-RSA
SHA-224-RSA
SHA-256-RSA
SHA-384-RSA
SHA-512-RSA
2.11.93 Enforce-Password-Rules
This entry gives you the option to disable or enable the enforcing of password rules.
Telnet path:
Setup > Config
363
Menu Reference
2 Setup
Possible values:
No
Password rules enforcement is disabled.
Yes
Password rules enforcement is enabled.
Default:
Yes
2.12 WLAN
This menu contains the settings for wireless LAN networks.
Telnet path:
Setup
2.12.3 Heap reserve
The heap reserve specifies how many blocks in the LAN heap can be reserved for direct communication (Telnet) with the
device. If the number of blocks in the heap falls below the specified value, received packets are dropped immediately
(except for TCP packets sent directly to the device).
Telnet path:
Setup > WLAN
Possible values:
Max. 3 characters from [0-9]
Default:
10
2.12.8 Access mode
You can limit the data traffic between the wireless LAN and its local network by excluding certain stations from transferring
data, or you can approve specific stations only.
Telnet path:
Setup > WLAN
364
Menu Reference
2 Setup
Possible values:
Filter out data from listed stations, transfer all other.
Transfer data from the listed stations, authenticate all others via RADIUS or filter them out.
Default:
Filter out data from listed stations, transfer all other.
2.12.12 IAPP protocol
Access points use the Access Point Protocol (IAPP) to exchange information about their associated clients. This information
is used in particular when clients roam between different access points. The new access point informs the former one
of the handover, so that the former access point can delete the client from its station table.
Telnet path:
Setup > WLAN
Possible values:
Yes
No
Default:
Yes
2.12.13 IAPP-Announce-Interval
This is the interval (in seconds) with which the access points broadcast their SSIDs.
Telnet path:
Setup > WLAN
Possible values:
Max. 10 characters from [0-9]
Default:
120
2.12.14 IAPP-Handover-Timeout
If the handover is successful, the new access point informs the former access point that a certain client is now associated
with another access point. This information enables the former access point to delete the client from its station table.
This stops packets being (unnecessarily) forwarded to the client. For this time space (in milliseconds) the new access
point waits before contacting the former access point again. After trying five times the new access point stops these
attempts.
365
Menu Reference
2 Setup
Telnet path:
Setup > WLAN
Possible values:
Max. 10 characters from [0-9]
Default:
1000
2.12.26 Inter-SSID-Traffic
Depending on the application, it may be required that the WLAN clients connected to an access point can—or expressly
cannot—communicate with other clients. Communications between clients in different SSIDs can be allowed or stopped
with this option. For models with multiple WLAN modules, this setting applies globally to all WLANs and all modules.
5
Communications between clients in a logical WLAN is controlled separately by the logical WLAN settings
(Inter-Station-Traffic). If the Inter-SSID-Traffic is activated and the Inter-Station-Traffic deactivated, a client in
one logical WLAN can communicate with clients in another logical WLAN. This option can be prevented with
the VLAN settings or protocol filter.
Telnet path:
Setup > WLAN
Possible values:
Yes
No
Default:
Yes
2.12.27 Supervise stations
In particular for public WLAN access points (public spots), the charging of usage fees requires the recognition of stations
that are no longer active. Monitoring involves the access point regularly sending packets to logged-in stations. If the
stations do not answer these packets, then the charging systems recognizes the station as no longer active.
Telnet path:
Setup > WLAN
Possible values:
On
Off
Default:
Off
366
Menu Reference
2 Setup
2.12.29 RADIUS access check
This menu contains the settings for the RADIUS access checking.
Telnet path:
Setup > WLAN
Possible values:
On
Off
Default:
Off
2.12.29.2 Auth.-Port
Port for communication with the RADIUS server during authentication
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
0 … 65535
Default:
1812
2.12.29.3 Secret
Password used to access the RADIUS server
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.12.29.5 Backup auth. port
Port for communication with the backup RADIUS server during authentication.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
367
Menu Reference
2 Setup
Possible values:
0 … 65535
Default:
1812
2.12.29.6 Backup secret
Password used to access the backup RADIUS server.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.12.29.7 Response lifetime
This value defines the lifetime for an entry stored on the device for a MAC check that was rejected by the RADIUS server.
If a RADIUS server is used to check the MAC addresses of wireless clients, the device forwards all requests from wireless
clients to the RADIUS server. If a MAC address is listed in the RADIUS server as blocked, then the reject response from
the RADIUS server is stored in the device for the time set here. If the device receives repeated requests from blocked
MAC addresses, the requests are not forwarded to the RADIUS server.
5
Recently cached MAC address entries can be viewed in the table 1.3.48 RADIUS-Cache.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
0 … 4294967295
Default:
15
2.12.29.8 Password source
Here you specify whether the device uses the shared secret or the MAC address as the password during authentication
at the RADIUS server.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
368
Menu Reference
2 Setup
Possible values:
Secret
MAC address
Default:
Secret
2.12.29.9 Recheck cycle
If you select a value greater than zero, the device checks your MAC address not only at login but also during the connection
in the specified cycle in seconds. If you specify zero, the MAC address is only checked at login. Cyclical rechecking enables
the device to recognize, for example, a change in bandwidth limits for a MAC address. In this case the client remains
logged on and the connection remains intact.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
0 … 4294967295
Default:
0
2.12.29.10 Provide server database
Activate this option if the MAC address list is provided by a RADIUS server.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
No
Yes
Default:
Yes
2.12.29.11 Loopback address
Here you have the option to configure a sender address for the device to use in place of the one that would otherwise
be used automatically for this target address.
If you have configured loopback addresses, you can specify them here as source address.
369
Menu Reference
2 Setup
5
If there is an interface named "DMZ", then its address is used.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
Name of the IP networks whose addresses are to be used.
"INT" for the address of the first intranet.
"DMZ" for the address of the first DMZ.
LB0 to LBF for the 16 loopback addresses.
Any valid IP address.
empty
Default:
2.12.29.12 Backup-Loopback-Address
Here you have the option to configure a sender address for the device to use in place of the one that would otherwise
be used automatically for this target address.
If you have configured loopback addresses, you can specify them here as source address.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
Name of the IP networks whose addresses are to be used.
"INT" for the address of the first intranet.
"DMZ" for the address of the first DMZ.
LB0 to LBF for the 16 loopback addresses.
Any valid IP address.
empty
Default:
2.12.29.13 Protocol
Protocol for communication between the backup RADIUS server and the clients.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
370
Menu Reference
2 Setup
Possible values:
RADIUS
RADSEC
Default:
RADIUS
2.12.29.14 Backup-Protocol
Protocol for communication between the backup RADIUS server and the clients.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
RADIUS
RADSEC
Default:
RADIUS
2.12.29.15 Force recheck
Using this action you manually trigger an immediate RADIUS access check. You can enter optional parameters for the
command in the input field. The command expects one or more MAC addresses of registered clients as an argument.
For these clients, the initial check of their MAC address using the RADIUS server will be repeated. Multiple MAC addresses
can be separated with spaces.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
MAC address(es) of registered clients using spaces as separators.
empty
Default:
2.12.29.16 Server host name
Here you enter the IP address (IPv4, IPv6) or hostname of the backup RADIUS server used by the RADIUS client to check
the authorization of WLAN clients by means of the MAC address (authentication).
4
The RADIUS client automatically detects which address type is involved.
371
Menu Reference
2 Setup
4
4
To use the RADIUS functionality for WLAN clients, in LANconfig you go to Wireless LAN > Stations and, for
the Filter stations parameter, you select the option "Transfer data from the listed stations, authenticate all
others via RADIUS or filter them out“. You also need to set the general values for retry and timeout in the RADIUS
section.
In the RADIUS server, you must enter the WLAN clients as follows:
a The user name is the MAC address in the format AABBCC-DDEEFF.
a The password for all users is identical to the key (shared secret) for the RADIUS server.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
Default:
empty
2.12.29.17 Backup server hostname
Here you enter the IP address (IPv4, IPv6) or hostname of the backup RADIUS server used by the RADIUS client to check
the authorization of WLAN clients by means of the MAC address (authentication).
4
The RADIUS client automatically detects which address type is involved.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
Default:
empty
2.12.29.18 Attribute-Values
With this entry you configure the RADIUS attributes of the RADIUS server.
The attributes are specified in a semicolon-separated list of attribute numbers or names (according to RFC 2865, RFC
3162, RFC 4679, RFC 4818, RFC 7268) and a corresponding value in the form
<Attribute_1>=<Value_1>,<Attribute_2>=<Value_2>.
Variables can also be used as values (such as %n for the device name). Example: NAS-Identifier=%n.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
Max. 128 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
372
Menu Reference
2 Setup
Default:
empty
2.12.29.19 Backup attribute values
With this entry you configure the RADIUS attributes of the RADIUS server.
The attributes are specified in a semicolon-separated list of attribute numbers or names (according to RFC 2865, RFC
3162, RFC 4679, RFC 4818, RFC 7268) and a corresponding value in the form
<Attribute_1>=<Value_1>,<Attribute_2>=<Value_2>.
Variables can also be used as values (such as %n for the device name). Example: NAS-Identifier=%n.
Telnet path:
Setup > WLAN > RADIUS-Access-Check
Possible values:
Max. 128 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.12.36 Country
The device needs to be set with the country where it is operating in order for the WLAN to use the parameters approved
for the location.
5
If you select the value unknown, the device allows only those parameters that are approved worldwide!
Telnet path:
Setup > WLAN
Possible values:
Select from the list of countries.
Europe
Default:
Europe
2.12.38 ARP handling
A station in the LAN attempting to establish a connection to a WLAN station which is in power-save mode will often fail
or only succeed after a considerable delay. The reason is that the delivery of broadcasts (such as ARP requests) to stations
in power-save mode cannot be guaranteed by the base station.
If you activate ARP handling, the base station responds to ARP requests on behalf of the stations associated with it, thus
providing greater reliability in these cases.
373
Menu Reference
2 Setup
5
As of LCOS version 8.00, this switch activates a similar treatment for IPv6 neighbor solicitations.
Telnet path:
Setup > WLAN
Possible values:
On
Off
Default:
On
2.12.41 Mail address
Information about events in the WLAN is sent to this e-mail address.
5
An SMTP account must be set up to make use of the e-mail function.
Telnet path:
Setup > WLAN
Possible values:
Max. 254 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.12.44 Allow-Illegal-Association-Without-Authentication
The ability of the device to associate with a WLAN without authentication is enabled or disabled with this parameter.
Telnet path:
Setup > WLAN
Possible values:
Yes
No
Default:
No
374
Menu Reference
2 Setup
2.12.45 RADIUS accounting
The accounting function in the device can be used to check the budgets of associated wireless LAN clients, among other
things. Wireless Internet Service Providers (WISPs) use this option as a part of their accounting procedure. Accounting
periods generally switch at the end of the month. A suitable action will cause the accounting session to be restarted at
this time. Existing WLAN connections remain intact. A cron job can be used to automate a restart.
Telnet path:
Setup > WLAN
Possible values:
Yes
No
Default:
No
2.12.45.8 Interim-Update-Period
The accounting function in the device can be used to check the budgets of associated wireless LAN clients, among other
things. Wireless Internet Service Providers (WISPs) use this option as a part of their accounting procedure. Accounting
periods generally switch at the end of the month. A suitable action will cause the accounting session to be restarted at
this time. Existing WLAN connections remain intact. A cron job can be used to automate a restart.
Telnet path:
Setup > WLAN > RADIUS-Accounting
Possible values:
0 … 4289999999
Default:
0
2.12.45.9 Excluded VLAN
Here you enter the ID of the VLAN that the device is to exclude from RADIUS accounting. The RADIUS server then receives
no information about the traffic in that VLAN.
Telnet path:
Setup > WLAN > RADIUS-Accounting
Possible values:
0 … 9999
Default:
0
375
Menu Reference
2 Setup
2.12.45.14 Restart accounting
This feature allows the device to end all running wireless LAN accounting sessions by sending an 'accounting stop' to
the RADIUS server. This is helpful, for example, at the end of a billing period.
Telnet path:
Setup > WLAN > RADIUS-Accounting
2.12.45.17 Servers
This table provides the option to specify alternative RADIUS accounting servers for logical WLAN interfaces. This means
that you can use special accounting servers for selected WLAN interfaces instead of the globally specified server.
Telnet path:
Setup > WLAN > RADIUS-Accounting
2.12.45.17.1 Name
Name of the RADIUS server performing the accounting for WLAN clients. The name entered here is used to reference
that server from other tables.
Telnet path:
Setup > WLAN > RADIUS-Accounting > Servers
Possible values:
Max. 16 characters from [0-9][A-Z]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.12.45.17.3 Port
Port for communication with the RADIUS server during accounting
Telnet path:
Setup > WLAN > RADIUS-Accounting > Servers
Possible values:
0 … 65535
Default:
0
2.12.45.17.4 Key value
Enter the key (shared secret) for access to the accounting server here. Ensure that this key is consistent with that specified
in the accounting server.
376
Menu Reference
2 Setup
Telnet path:
Setup > WLAN > RADIUS-Accounting > Servers
Possible values:
Any valid shared secret, max. 64 characters from
[A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.12.45.17.5 Loopback-Addr.
You have the option to enter a different address here (name or IP) to which the RADIUS accounting server sends its reply
message. To do this, select from:
a Name of the IP network (ARF network), whose address should be used.
a INT for the address of the first Intranet
a DMZ for the address of the first DMZ
5
If an interface with the name "DMZ" already exists, the device will select that address instead.
a LB0…LBF for one of the 16 loopback addresses or its name
a Any IPv4 address
5
If the source address set here is a loopback address, these will be used on the remote client. unmasked !
By default, the server sends its replies back to the IP address of your device without having to enter it here. By entering
an optional loopback address you change the source address and route used by the device to connect to the server. This
can be useful, for example, when the server is available over different paths and it should use a specific path for its reply
message.
Telnet path:
Setup > WLAN > RADIUS-Accounting > Servers
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.12.45.17.6 Protocol
Using this item you specify the protocol that the accounting server uses.
Telnet path:
Setup > WLAN > RADIUS-Accounting > Servers
377
Menu Reference
2 Setup
Possible values:
RADIUS
RADSEC
Default:
RADIUS
2.12.45.17.7 Backup
Enter the name of the RADIUS backup server used for the accounting of WLAN clients if the actual accounting server is
not available. This allows you to specify a backup chaining of multiple backup servers.
Telnet path:
Setup > WLAN > RADIUS-Accounting > Servers
Possible values:
Name from Setup > WLAN > RADIUS-Accounting > Server
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.12.45.17.8 Host name
Here you enter the IPv4 or IPv6 address or the hostname of the RADIUS server used by the RADIUS client for the accounting
of WLAN clients.
4
4
The RADIUS client automatically detects which address type is involved.
You also need to set the general values for retry and timeout in the RADIUS section.
Telnet path:
Setup > WLAN > RADIUS-Accounting > Servers
Possible values:
IPv4/IPv6 address or hostname, max. 64 characters from [A-Z][a-z][0-9].-:%
Default:
empty
2.12.45.17.9 Attribute-Values
With this entry you configure the RADIUS attributes of the RADIUS server.
378
Menu Reference
2 Setup
The attributes are specified in a semicolon-separated list of attribute numbers or names (according to RFC 2865, RFC
3162, RFC 4679, RFC 4818, RFC 7268) and a corresponding value in the form
<Attribute_1>=<Value_1>,<Attribute_2>=<Value_2>.
Variables can also be used as values (such as %n for the device name). Example: NAS-Identifier=%n.
Telnet path:
Setup > WLAN > RADIUS-Accounting > Servers
Possible values:
Max. 128 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.12.46 Indoor-Only-Operation
If indoor-only operation is activated, the 5-GHz-band channels are limited to the 5.15 - 5.25 GHz spectrum (channels
36-48) in ETSI countries. Radar detection (DFS) is switched off and the mandatory interruption after 24 hours is no longer
in effect. This mode reduces the risk of interruption due to false radar detections. In the 2.4-GHz band in France, the
channels 8 to 13 are also permitted, meaning that more channels are available.
5
Indoor operation may only be activated if the base station and all other stations are operated within an enclosed
space.
Telnet path:
Setup > WLAN
Possible values:
On
Off
Default:
Off
2.12.47 Idle timeout
This is the time in seconds during which the access point cannot receive any packets after a client is disconnected.
Telnet path:
Setup > WLAN
Possible values:
Max. 10 characters from [0-9]
Default:
3600
379
Menu Reference
2 Setup
2.12.50 Signal averaging
This menu contains the settings for signal averaging.
5
The settings for signal averaging are intended exclusively for development and support purposes. Do not alter
the pre-set values for these parameters. An irregular configuration may cause the devices to behave unexpectedly
during operations.
Telnet path:
Setup > WLAN
2.12.50.1 Method
Method for signal averaging.
5
The settings for signal averaging are intended exclusively for development and support purposes. Do not alter
the pre-set values for these parameters. An irregular configuration may cause the devices to behave unexpectedly
during operations.
Telnet path:
Setup > WLAN > Signal-Averaging
Possible values:
Standard
Filtered
Default:
Standard
2.12.50.2 Standard parameters
This menu contains the configuration of the default parameters for signal averaging.
5
The settings for signal averaging are intended exclusively for development and support purposes. Do not alter
the pre-set values for these parameters. An irregular configuration may cause the devices to behave unexpectedly
during operations.
Telnet path:
Setup > WLAN > Signal-Averaging
Possible values:
Standard
Filtered
Default:
Standard
380
Menu Reference
2 Setup
2.12.50.2.1 Factor
Factor for the signal averaging.
5
The settings for signal averaging are intended exclusively for development and support purposes. Do not alter
the pre-set values for these parameters. An irregular configuration may cause the devices to behave unexpectedly
during operations.
Telnet path:
Setup > WLAN > Signal-Averaging > Standard-Parameters
Possible values:
Max. 3 characters from [0-9]
Default:
4
2.12.51 Rate adaption
This menu contains the settings for the rate-adaption algorithm.
Telnet path:
Setup > WLAN
2.12.51.2 Initial rate
The initial rate determines the starting bit rate that the algorithm uses to determine the optimal bit rate.
Telnet path:
Setup > WLAN > Rate-Adaptation
Possible values:
Minimum
RSSI-dependent
Default:
Minimum
2.12.51.3 Ministrel averaging factor
The averaging factor used for recalculating the net rates for each bit rate according to the Minstrel method.
Telnet path:
Setup > WLAN > Rate-Adaptation
Possible values:
0 … 99
381
Menu Reference
2 Setup
Default:
75
2.12.51.4 Standard averaging factor
The averaging factor used for recalculating the net rates for each bit rate according to the standard method.
Telnet path:
Setup > WLAN > Rate-Adaptation
Possible values:
0 … 99
Default:
0
2.12.51.5 Method
Sets the method of rate adaptation.
Telnet path:
Setup > WLAN > Rate-Adaptation
Possible values:
Standard
Minstrel
Default:
Minstrel
2.12.60 IAPP-IP-Network
Here you select the ARF network which is to be used as the IAPP-IP network.
Telnet path:
Setup > WLAN
Possible values:
Select from the list of ARF networks defined in the device.
empty
Default:
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
382
Menu Reference
2 Setup
Default:
empty
Special values:
empty
If no IAPP-IP network is defined, IAPP announcements are transmitted on all of the defined ARF networks.
2.12.70 VLAN-Groupkey-Mapping
This table contains the mapping of VLAN group keys to the logical WLAN networks.
Telnet path:
Setup > WLAN
2.12.70.1 Network
Contains the name of a WLAN network registered in the device.
Telnet path:
Setup > WLAN > VLAN-groupkey-mapping
2.12.70.2 VLAN-ID
Contains the VLAN ID assigned to the logical WLAN network.
Telnet path:
Setup > WLAN > VLAN-groupkey-mapping
Possible values:
1 … 4094
Default:
1
2.12.70.3 Groupkey index
The table contains the group key index.
Telnet path:
Setup > WLAN > VLAN-groupkey-mapping
Possible values:
1…3
383
Menu Reference
2 Setup
2.12.71 VLAN no interstation traffic
This table contains combinations of SSIDs and VLANs for which data exchange between clients should be prohibited.
Telnet path:
Setup > WLAN
2.12.71.1 Network
From the list of available SSIDs, select the network for which data exchange between clients should be prohibited.
Telnet path:
Setup > WLAN > VLAN-No-Interstation-Traffic
2.12.71.2 VLAN-ID
Here you specify the VLAN ID for which data exchange between clients should be prohibited.
Telnet path:
Setup > WLAN > VLAN-No-Interstation-Traffic
Possible values:
1 … 4094
Default:
0
2.12.80 Dual roaming
Here is where you manage the roaming behavior of devices with multiple WLAN modules.
Telnet path:
Setup > WLAN
Possible values:
1…3
2.12.80.1 Group
Determines whether all WLAN modules participate in dual-roaming.
Telnet path:
Setup > WLAN > Dual-Roaming
384
Menu Reference
2 Setup
Possible values:
Off
WLAN-1 + WLAN-2
Default:
Off
2.12.80.2 Block time ms
Using this setting you specify the lockout period for time-staggered roaming of the WLAN modules in dual-radio clients.
If you enable dual roaming, your dual-radio device operates both WLAN modules in client mode. With dual roaming,
this increases the probability that at least one of the modules has a connection when changing between two cells. The
lockout time describes the time (in milliseconds) within which a WLAN module does not perform any roaming operation
or background scanning after the other WLAN module has successfully established a new connection.
Telnet path:
Setup > WLAN > Dual-Roaming
Possible values:
0 … 4294967295 Milliseconds
Default:
100
2.12.85 SPMK caching
Manage PMK-caching here.
Telnet path:
Setup > WLAN
2.12.85.1 Default lifetime
Specifies the duration in seconds that the WLAN client stores the negotiated PMK.
5
Make sure that the time set here matches the session timeout in the accept message that the access point or
RADIUS server sends to the WLAN client. Once this time has expired, the access point or RADIUS server requires
a re-authentication.
Telnet path:
Setup > WLAN > PMK-Caching
Possible values:
0 … 4294967295 Milliseconds
385
Menu Reference
2 Setup
Default:
0
Special values:
0
The negotiated PMK expires immediately.
2.12.85.2 Max.-Entries
Use this entry to specify how many entries are contained in the PMK cache.
Telnet path:
Setup > WLAN > PMK-Caching
Possible values:
Max. 10 characters from [0-9]
Default:
4096
2.12.86 Paket-Capture
This menu contains the settings for packet capturing.
Telnet path:
Setup > WLAN
2.12.86.1 WLAN-Capture-Format
Using this setting you specify the format used by the packet capture function to store the WLAN-specific information in
the capture file.
The selection of the appropriate capture format depends on the transmission standard in your WLAN network and the
scope of the information that you would like to capture. The IEEE 802.11 standard with its numerous extensions has
grown over many years. However, the capture formats that were developed in parallel are not flexible enough to cater
optimally for every extension (particularly 802.11n). For this reason there is no universal capture format which is equally
suitable for all standards. However, there are recommendations that cover a wide spectrum of standards: Radiotap and
PPI.
Telnet path:
Setup > WLAN > Packet-Capture
Possible values:
Radiotap
Uses the radiotap header. Radiotap is a widely accepted format on Linux and BSD WLAN drivers which
enables the creation of compact captures due to its flexible structure. With radiotap you can record a
large amount of WLAN-specific information with a high compression rate. This also applies to data
packets from 802.11n compliant connections. Limitations only arise when recording antenna-specific
386
Menu Reference
2 Setup
RSSI and signal strength as well as aggregations (A-MPDU). If you do not require detailed WLAN-specific
information for this, choose the PPI format instead.
AVS
Uses the AVS header. The AVS header is a newer development of the PRISM header, and is used by
LCOS as the standard header up to version 8.60. However, since AVS is also unable to process information
from 802.11n compliant connections, you should choose the more powerful radiotap header.
PPI
Uses the Wireshark priority PPI header. Use this setting if you want to analyze the capture file with
Wireshark. PPI offers similar functions as radiotap but can also bypass its limitations on the recording
of information about 802.11n compliant connections. A disadvantage to radiotap is, however, the
weaker compression and less detailed header structure.
PRISM
Uses the classic PRISM header. Only use this setting if you want to analyze the capture file with a
program which does not support any of the other formats. PRISM is not suitable for recording information
from 802.11n compliant connections. In the meantime this is considered obsolete and should no longer
be used.
Plain
Disables all headers. Use this setting if you are only interested in the packet data itself.
Default:
Radiotap
2.12.87 Client Steering
This is where you specify the 'WLAN band steering' settings of the WLAN clients registered at the access point.
Telnet path:
Setup > WLAN
2.12.87.1 Operating
This option enables 'client steering' in the access point.
Telnet path:
Setup > WLAN > Client-Steering
Possible values:
Yes
No
Default:
No
387
Menu Reference
2 Setup
2.12.87.3 Preferred-Band
Set here the preferred frequency band to which the access point steers the WLAN client.
Telnet path:
Setup > WLAN > Client-Steering
Possible values:
5GHz
2.4GHz
Default:
5GHz
2.12.87.4 Proberequest-Ageout-Seconds
Set the time (in seconds) that the WLAN client connection should be stored in the access point. When this time expires,
the access point deletes the entry from the table.
5
This value should be set to a low value if you are using clients in the WLAN that frequently switch from dual-band
to single-band mode.
Telnet path:
Setup > WLAN > Client-Steering
Possible values:
Max. 10 characters from [0-9]
Default:
120
Special values:
0
The visible probe requests are deemed invalid immediately.
2.12.87.5 Initial block time
If an access point with a 5-GHz DFS radio module is put into operation for the first time, and also following a restart, it
cannot detect any dual-band capable WLAN clients during the DFS scan. As a result, the access point cannot direct a
WLAN client to a preferred 5-GHz band. Instead, the 2.4-GHz radio module would answer the client request and forward
it to the 2.4-GHz band.
By setting an initial block time, the radio module that is configured to 2.4-GHz only starts after the specified delay.
4
Registration of a purely 2.4-GHz WLAN client also occurs after this delay time. If no 5-GHz WLAN clients are
present in the network, the delay time should be set to 0 seconds.
Telnet path:
Setup > WLAN > Client-Steering
388
Menu Reference
2 Setup
Possible values:
Max. 10 characters from 0123456789
Special values:
0
This value disables the delay.
Default:
10
2.12.89 Access rules
You can limit the data traffic between the wireless LAN and its local network by excluding certain stations from transferring
data, or you can approve specific stations only.
Telnet path:
Setup > WLAN
2.12.89.1 MAC address pattern
Enter the MAC address of a station.
4
It is possible to use wildcards.
Telnet path:
Setup > WLAN > Access rules
Possible values:
Max. 20 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Possible arguments:
MAC address
MAC address of the WLAN client for this entry. The following entries are possible:
Individual MAC address
A MAC address in the format 00a057112233, 00-a0-57-11-22-33 or 00:a0:57:11:22:33.
Wildcards
The wildcards '*' and '?' uses to specify MAC address ranges, e.g. 00a057*, 00-a0-57-11-??-??
or 00:a0:??:11:*.
Vendor ID
The device contains a list of the major manufacturer OUIs (organizationally unique identifier). The MAC
address range is valid if this entry matches the first three bytes of the MAC address of the WLAN client.
4
It is possible to use wildcards.
389
Menu Reference
2 Setup
2.12.89.2 Name
You can enter any name you wish for any station. This enables you to assign MAC addresses more easily to specific
stations or users.
Telnet path:
Setup > WLAN > Access rules
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
2.12.89.3 Comment
You can enter any comment you wish for any station. This enables you to assign MAC addresses more easily to specific
stations or users.
Telnet path:
Setup > WLAN > Access rules
Possible values:
Max. 30 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
2.12.89.4 WPA passphrase
Here you may enter a separate passphrase for each entry that is used in a 802.11i/WPA/AES-PSK-secured network. If no
separate passphrase is specified for this MAC address, the passphrases stored in the 802.11i/WEP area will be used for
each logical wireless LAN network.
5
4
The passphrases should consist of a random string at least 22 characters long, corresponding to a cryptographic
strength of 128 bits.
This field has no significance for networks secured by WEP.
Telnet path:
Setup > WLAN > Access rules
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
2.12.89.5 Tx-Limit
Bandwidth restriction for registering WLAN clients. A client communicates its setting to the AP when logging on. This
then uses uses these two values to set the minimum bandwidth.
5
The significance of the Rx and Tx values depends on the device's operating mode. In this case, as an AP Rx stands
for "Send data" and Tx stands for "Receive data".
Telnet path:
Setup > WLAN > Access rules
390
Menu Reference
2 Setup
Possible values:
Max. 9 characters from 0123456789
0 … 999999999
Default:
0
Special values:
0
No limit
2.12.89.6 Rx-Limit
Bandwidth restriction for registering WLAN clients. A client communicates its setting to the AP when logging on. This
then uses uses these two values to set the minimum bandwidth.
5
The significance of the Rx and Tx values depends on the device's operating mode. In this case, as an AP Rx stands
for "Send data" and Tx stands for "Receive data".
Telnet path:
Setup > WLAN > Access rules
Possible values:
Max. 9 characters from 0123456789
0 … 999999999
Default:
0
Special values:
0
No limit
2.12.89.7 VLAN-ID
The device assigns this VLAN ID to packets received by the WLAN client and containing the MAC address entered here.
Telnet path:
Setup > WLAN > Access rules
Possible values:
Max. 4 characters from 0123456789
0 … 4096
Default:
0
391
Menu Reference
2 Setup
Special values:
0
No limit
2.12.89.9 SSID pattern
For WLAN clients with the appropriate MAC addresses, this entry allows them to access this SSID or it restricts them to
it.
4
The use of wildcards makes it possible to allow access to multiple SSIDs.
Telnet path:
Setup > WLAN > Access rules
Possible values:
Max. 40 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Special values:
*
Placeholder for any number of characters
?
Placeholder for exactly one character
Default:
empty
2.12.100 Card-Reinit-Cycle
In this interval (in seconds) the internal WLAN cards in older access points are reinitialized in order to keep point-to-point
connections active. This function is handled by the "alive test" in newer models.
Telnet path:
Setup > WLAN
Possible values:
Max. 10 characters from [0-9]
Default:
0
Special values:
0
Deactivates this function.
2.12.101 Noise-Calibration-Cycle
WLAN cards fitted with the Atheros chipset measure noise levels on the medium in this interval (in seconds).
392
Menu Reference
2 Setup
Telnet path:
Setup > WLAN
Possible values:
Max. 10 characters from [0-9]
Default:
0
Special values:
0
Deactivates this function.
2.12.103 Trace-MAC
The output of trace messages for the WLAN-Data-Trace can be set for a certain client. The corresponding MAC address
is entered here.
Telnet path:
Setup > WLAN
Possible values:
Max. 12 characters from [A-F][0-9]
Default:
000000000000
Special values:
000000000000
Deactivates this function and outputs trace messages for all clients.
2.12.105 Therm.-Recal.-Cycle
In this interval (in seconds) WLAN cards fitted with the Atheros chipset adjust their transmission power to compensate
for thermal variations.
5
Please note that deactivating the thermal recalibration cycle for these cards means that they cannot react to
changes in temperature.
Telnet path:
Setup > WLAN
Possible values:
Max. 10 characters from [0-9]
Default:
20
393
Menu Reference
2 Setup
Special values:
0
Deactivates this function.
2.12.109 Noise offsets
This table is used to define the correction factors which adjust the displayed signal values.
Telnet path:
Setup > WLAN
2.12.109.1 Band
This table is used to define the correction factors which adjust the displayed signal values.
Telnet path:
Setup > WLAN > Noise-Offsets
Possible values:
5GHz
2.4GHz
Default:
2.4GHz
2.12.109.2 Channel
The noise-offset value is applied to the channel selected here.
Telnet path:
Setup > WLAN > Noise-Offsets
Possible values:
Max. 5 characters from [0-9]
Default:
empty
2.12.109.3 Interface
The noise-offset value is applied to the WLAN interface selected here.
Telnet path:
Setup > WLAN > Noise-Offsets
394
Menu Reference
2 Setup
Possible values:
Depend on the hardware capabilities, e.g. WLAN-1 or WLAN-2
WLAN-1
Default:
WLAN-1
2.12.109.4 Value
This numeric value is added to the current noise value.
Telnet path:
Setup > WLAN > Noise-Offsets
Possible values:
0 … 127
Default:
10
2.12.110 Trace level
The output of trace messages for the WLAN data trace can be restricted to contain certain content only. The messages
are entered in the form of a bit mask for this.
Telnet path:
Setup > WLAN
Possible values:
0 to 255
0
Reports that a packet has been received/sent.
1
Adds the physical parameters for the packets (data rate, signal strength...).
2
Adds the MAC header.
3
Adds the Layer-3 header (e.g. IP/IPX).
4
Adds the Layer-4 header (TCP, UDP...).
5
Adds the TCP/UDP payload.
395
Menu Reference
2 Setup
255
Default:
255
2.12.111 Noise immunity
The settings for noise-immunity (Adaptive Noise Immunity - ANI) can be adjusted here.
5
Under most conditions the settings for noise immunity are controlled automatically by the WLAN module driver
according to the radio-field conditions. Do not alter the pre-set values for these parameters. An irregular
configuration may cause the devices to behave unexpectedly during operations.
Telnet path:
Setup > WLAN
2.12.111.1 Noise immunity
This item sets the threshold value to be used for noise immunity.
5
Under most conditions the settings for noise immunity are controlled automatically by the WLAN module driver
according to the radio-field conditions. Do not alter the pre-set values for these parameters. An irregular
configuration may cause the devices to behave unexpectedly during operations.
Telnet path:
Setup > WLAN > Noise-Immunity
Possible values:
0 … 255
Default:
255
2.12.111.2 OFDM-Weak-Signal-Detection
This item sets the threshold value to be used for detecting weak OFDM signals.
5
Under most conditions the settings for noise immunity are controlled automatically by the WLAN module driver
according to the radio-field conditions. Do not alter the pre-set values for these parameters. An irregular
configuration may cause the devices to behave unexpectedly during operations.
Telnet path:
Setup > WLAN > Noise-Immunity
Possible values:
0 … 255
396
Menu Reference
2 Setup
Default:
255
2.12.111.3 CCK-Weak-Signal-Detection-Threshold
This item sets the threshold value to be used for detecting weak CCK signals.
5
Under most conditions the settings for noise immunity are controlled automatically by the WLAN module driver
according to the radio-field conditions. Do not alter the pre-set values for these parameters. An irregular
configuration may cause the devices to behave unexpectedly during operations.
Telnet path:
Setup > WLAN > Noise-Immunity
Possible values:
0 … 255
Default:
255
2.12.111.4 Fir step level
This item sets the value to be used for the fir step.
5
Under most conditions the settings for noise immunity are controlled automatically by the WLAN module driver
according to the radio-field conditions. Do not alter the pre-set values for these parameters. An irregular
configuration may cause the devices to behave unexpectedly during operations.
Telnet path:
Setup > WLAN > Noise-Immunity
Possible values:
0 … 255
Default:
255
2.12.111.5 Spurious immunity level
This item sets the value to be used for the fir step.
5
Under most conditions the settings for noise immunity are controlled automatically by the WLAN module driver
according to the radio-field conditions. Do not alter the pre-set values for these parameters. An irregular
configuration may cause the devices to behave unexpectedly during operations.
Telnet path:
Setup > WLAN > Noise-Immunity
397
Menu Reference
2 Setup
Possible values:
0 … 255
Default:
255
2.12.111.6 MRC-CCK
With this parameter, the Maximum Ratio Combining (MRC) for 802.11b rates (1 to 11 Mbit) on devices with an Osprey
WLAN module (AR93xx) can be enabled (value != 0) or disabled (value = 0). The default value 255 means that the
WLAN driver presetting is not overridden. In certain cases it may be reasonable to set this value to 0 in order to artificially
"deafen" the receiver in the device.
Telnet path:
Setup > WLAN > Noise-Immunity
Possible values:
0 … 255
Default:
255
2.12.114 Aggregate-Retry-Limit
This parameter specifies how many times a set of packets to be sent by the hardware may be repeated until it is deferred
while other packets waiting to be sent are transmitted. Restricting the number of repeat attempts to a small amount,
e.g. in VoIP environments, limits the maximum delay for VoIP packets
5
The absolute value set under "Hard-Retries" for transmission attempts remains unaffected by the setting here.
Telnet path:
Setup > WLAN
Possible values:
0 … 255
Default:
255
2.12.115 Omit-Global-Crypto-Sequence-Check
This is where you set the value for the crypto sequence check.
Telnet path:
Setup > WLAN
398
Menu Reference
2 Setup
Possible values:
Auto
LCOS contains a list of relevant devices. In the “Auto” setting, the global sequence check is disabled.
For other devices not included in this list, the global sequence check has to be disabled manually.
Yes
No
Default:
Auto
2.12.116 Trace packets
Similar to Trace MAC and Trace level, the output from WLAN DATA traces can be restricted by the type of packet sent
or received, e.g. management (authenticate, association, action, probe-request/response), control (e.g. powersave poll),
EAPOL (802.1x negotiation, WPA key handshake).
Telnet path:
Setup > WLAN
Possible values:
One or more values from Management, Control, Data, EAPOL, All
All
Default:
All
2.12.117 WPA-Handshake-Delay-ms
This setting sets the time (in milliseconds) that the device delays the WPA handshake when roaming. A value of 0 means
that there is no delay.
Telnet path:
Setup > WLAN
Possible values:
0 … 4294967295 Milliseconds
Default:
0
2.12.118 WPA-Handshake-Timeout-Override-ms
This setting sets the time (in milliseconds) that the device overrides the WPA handshake timeout when roaming. A value
of 0 means that there is no override.
399
Menu Reference
2 Setup
Telnet path:
Setup > WLAN
Possible values:
0 … 4294967295 Milliseconds
Default:
0
2.12.120 Rx-Aggregate-Flush-Timeout-ms
Using this setting you determine the time (in milliseconds) after which the device views parts of aggregates that were
not received as "lost", and the subsequent packets are no longer retained.
Telnet path:
Setup > WLAN
Possible values:
0 … 4294967295 Milliseconds
Default:
40
2.12.123 Aggregate-Time-Limit-us
Telnet path:
Setup > WLAN
Possible values:
0 … 4294967295 Microseconds
Default:
40
2.12.124 Trace-Mgmt-Packets
With this selection it is possible to set which type of management frames should automatically appear in the WLAN-DATA
trace
Telnet path:
Setup > WLAN
Possible values:
Association
(Re)association request/response
Disassociate
400
Menu Reference
2 Setup
Authentication
Authentication
Deauthentication
Probes
Probe request
Probe response
Action
Beacon
Other
All other management frame types
Default:
Association
Authentication
Probes
Action
Other
2.12.125 Trace-Data-Packets
With this selection it is possible to set which type of data frames should automatically appear in the WLAN-DATA trace
Telnet path:
Setup > WLAN
Possible values:
Normal
All normal data packets
NULL
All empty data packets
Other
All other data packets
2.12.130 DFS
This menu is used to configure the Dynamic Frequency Selection (DFS). DFS enables an access point to change channels
if another system, such as such as a weather radar, should become active on the current channel.
Telnet path:
Setup > WLAN
401
Menu Reference
2 Setup
2.12.130.1 Use-Full-Channelset
When 5 GHz and DFS are operated and you are operating DFS according to EN 301893-1.3 or earlier, this parameter
allows the use of channels 120, 124, 128, which are otherwise blocked for weather radar. EN 301893 currently does
not support these channels; this parameter has no effect.
5
Please not that activating this option constitutes a breach of ETSI regulations because no approval has been
granted for LCOS.
Telnet path:
Setup > WLAN > DFS
Possible values:
No
The access point ignores channels 120, 124 and 128 when changing the channel.
Yes
The access point includes channels 120, 124 and 128 when changing the channel.
Default:
No
2.12.130.2 Radar-Load-Threshold
This value indicates the percentage utilization of the WLAN module at which the access point reduces the accuracy of
radar detection.
Telnet path:
Setup > WLAN > DFS
Possible values:
Max. 3 characters from 0123456789
0 … 100 Percent
Default:
80
2.12.130.3 Direct-Channelswitching
Use this parameter to determine how the device performs the channel availability check (CAC) as required by DFS.
Telnet path:
Setup > WLAN > DFS
Possible values:
No
The device observes a randomly selected channel (country-specific choice) for at least 60 seconds to
see if it is free of radar before broadcasting on this channel. In order to be able to quickly change
402
Menu Reference
2 Setup
channel if radar is detected during operations, the device determines a minimum number of alternative
channels that are expected to be vacant (also see 2.23.20.8.27 DFS-Rescan-Num-Channels on page
698).
Yes
Within a period of 60 seconds, the device gathers information about all of the channels by jumping
between them at 500ms intervals. If the device subsequently detects a radar during its operations, it
immediately switches to another channel.
5
Note that this mode currently no longer complies with the approval, so the switch is disabled
by default.
Default:
No
2.12.130.4 DFS test mode
You enable or disable the DFS test mode with this setting. If it is enabled, the device only reports known radar bursts
and does not switch radio channels – contrary to normal operation.
5
This parameter is required exclusively for development tests and is not relevant for normal operations. Never
change this default setting!
Telnet path:
Setup > WLAN > DFS
Possible values:
No
The DFS test mode is disabled.
Yes
The DFS test mode is enabled.
Default:
No
2.12.130.5 Ignore CRC errors
With this parameter you specify whether the device ignores radar pulses that are reported by the system at the same
time as a CRC error.
Telnet path:
Setup > WLAN > DFS
403
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
Yes
2.12.130.6 Trace ignored pulses
This parameter specifies whether LCOS conducting the DFS pulse trace reports radar pulses that are reported by the
WLAN hardware but are rejected by the software as being invalid.
Telnet path:
Setup > WLAN > DFS
Possible values:
No
Yes
Default:
No
2.12.130.7 Go for highest bandwidth
This parameter specifies whether the device selects the channels that offer the highest bandwidth, assuming that the
eligible channels are stored as radar-free.
Telnet path:
Setup > WLAN > DFS
Possible values:
No
The device will start operating immediately, although with a reduced channel bandwidth (e.g. 20 instead
of 40 MHz).
Yes
The device initially performs a channel availability check to find groups of channels that support
operations at the full or at least with an increased channel bandwidth.
Default:
Yes
404
Menu Reference
2 Setup
2.12.130.8 Prefer fast switch
This parameter is a placeholder and currently has no function.
Telnet path:
Setup > WLAN > DFS
Possible values:
No
Yes
Default:
Yes
2.12.130.9 Channel change delay
Here you specify how long an access point, which has detected a radar, waits until it changes to a different channel.
Telnet path:
Setup > WLAN > DFS
Possible values:
Max. 3 characters from [0-9]
Default:
0
Special values:
0
The value 0 disables this function.
2.12.130.10 Radar-Pattern-Thresholds
In this table, you specify the threshold values for radar detection.
Telnet path:
Setup > WLAN > DFS
2.12.130.10.1 Pattern-pps
Select one of the predefined radar patterns here to change the threshold value for the radar pattern recognition.
Telnet path:
Setup > WLAN > DFS > Radar-Pattern-Thresholds
405
Menu Reference
2 Setup
Possible values:
Pattern-pps
EN301893-1.2-700pps
EN301893-1.2-1800pps
EN301893-1.2-330pps
EN301893-1.3-750pps
EN301893-1.3-200pps
EN301893-1.3-300pps
EN301893-1.3-500pps
EN301893-1.3-800pps
EN301893-1.3-1000pps
EN301893-1.3-1200pps
EN301893-1.3-1500pps
EN301893-1.3-1600pps
EN301893-1.3-2000pps
EN301893-1.3-2300pps
EN301893-1.3-3000pps
EN301893-1.3-3500pps
EN301893-1.3-4000pps
EN302502-200pps
EN302502-300pps
EN302502-500pps
EN302502-750pps
EN302502-800pps
EN302502-1000pps
EN302502-1200pps
EN302502-1500pps
EN302502-1600pps
EN302502-2000pps
EN302502-2300pps
EN302502-3000pps
EN302502-3500pps
EN302502-4000pps
EN302502-4500pps
2.12.130.10.2 Threshold
The value entered here describes the accuracy with which the corresponding radar pattern is detected.
5
Changing these default values may cause the device to operate in violation of the standard ETSI EN 301 893
version 1.3.
Telnet path:
Setup > WLAN > DFS > Radar-Pattern-Thresholds
Possible values:
0 … 4294967295
406
Menu Reference
2 Setup
Default:
depending on the selected radar pattern
2.12.130.11 Min.-internal-Channel-Distance
Use this entry to specify the internal minimum channel distance for DFS.
Telnet path:
Setup > WLAN > DFS
Possible values:
Max. 3 characters from [0-9]
Default:
0
2.12.130.15 CAC-Time-5.6GHz
Time of the channel availability check. With this setting you specify how long (in seconds) a WLAN module operating
DFS carries out the initial check of the 5.6-GHz channels before it selects a radio channel and starts transmitting data.
5
The duration of the channel availability check is regulated by applicable standards (e.g. in Europe by the ETSI
EN 301 893). Please observe the regulations valid for your country.
Telnet path:
Setup > WLAN > DFS
Possible values:
Max. 5 characters from [0-9]
Default:
empty
2.12.131 Blink mode
This menu contains the settings for communications with the RTLS server (Ekahau RTLS Controller, ERC).
Telnet path:
Setup > WLAN
2.12.131.1 Server address
Contains the IP address or the DNS name of the RTLS server.
Telnet path:
Setup > WLAN > Blink-Mode
407
Menu Reference
2 Setup
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]@{|}~! $%&’()+-,/:;<=>?[\] ^_.
Default:
empty
2.12.131.2 Server port
Contains the UDP port number of the RTLS server.
Telnet path:
Setup > WLAN > Blink-Mode
Possible values:
Max. 5 characters from [0-9]
Default:
8569
2.12.131.3 Loopback address
Contains the optional source address used by the device instead of the source address that would be automatically
selected for this target.
Telnet path:
Setup > WLAN > Blink-Mode
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]@{|}~! $%&’()+-,/:;<=>?[\] ^_.
Special values:
Name of the IP networks whose address should be used
"INT"
for the address of the first intranet
"DMZ"
for the address of the first DMZ
LB0 to LBF
for the 16 loopback addresses
Any valid IP address
Default:
empty
408
Menu Reference
2 Setup
2.12.248 Wireless-IDS
The Wireless Intrusion Detection System (Wireless IDS) provides APs with the ability to detect potential intrusion attacks
and provide warnings to the network management software when the attack activities exceed the corresponding
user-defined threshold value/interval.
Telnet path:
> Setup > WLAN
2.12.248.9 IDS-Operational
Enable or disable Wireless IDS here.
Telnet path:
Setup > WLAN > Wireless-IDS
Possible values:
No
Wireless IDS disabled
Yes
Wireless IDS enabled
Default:
No
2.12.248.10 Syslog-Operational
Enable or disable the creation of syslog entries via Wireless IDS here.
Telnet path:
Setup > WLAN > Wireless-IDS
Possible values:
No
Creation of syslog entries via Wireless IDS disabled
Yes
Creation of syslog entries via Wireless IDS enabled
Default:
Yes
2.12.248.11 SNMPTraps-Operational
Enable or disable the sending of traps via Wireless IDS.
409
Menu Reference
2 Setup
Telnet path:
Setup > WLAN > Wireless-IDS
Possible values:
No
Sending traps via Wireless IDS disabled
Yes
Sending traps via Wireless IDS enabled
Default:
No
2.12.248.12 E-Mail
Enable or disable e-mail notifications via Wireless IDS here.
Telnet path:
Setup > WLAN > Wireless-IDS
Possible values:
No
E-mail notifications via Wireless IDS disabled
Yes
E-mail notifications via Wireless IDS enabled
Default:
No
2.12.248.13 E-Mail-Receiver
Specify the e-mail destination address here.
Telnet path:
Setup > WLAN > Wireless-IDS
Possible values:
Max. 63 characters from [A-Z][0-9][a-z]@{|}~!$%&'()+-,/:;<=>?[\]^_.
2.12.248.14 E-Mail-Aggregate-Interval
Here you specify the period of time between the initial receipt of a Wireless IDS event and the e-mail being sent. This
functions helps to prevent a flood of attacks causing an e-mail flood.
410
Menu Reference
2 Setup
Telnet path:
Setup > WLAN > Wireless-IDS
Possible values:
Max. 4 characters from
[0-9]
Special values:
0
E-mail sending for each event
Default:
10
2.12.248.50 Signatures
Here you configure the various thresholds and measuring intervals (packets per second) of the different WIDS alarm
functions. These settings are used by the WIDS to determine if an attack is taking place.
Telnet path:
Setup > WLAN > Wireless-IDS
2.12.248.50.1 AssociateReqFlood
Here you configure the threshold for attacks of the type AssociateReqFlood.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.1.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > AssociateReqFlood
Possible values:
Max. 4 characters from [0-9]
Default:
250
2.12.248.50.1.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
411
Menu Reference
2 Setup
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > AssociateReqFlood
Possible values:
Max. 4 characters from [0-9]
Default:
10
2.12.248.50.2 ReassociateReqFlood
Here you configure the threshold for attacks of the type ReassociateReqFlood.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.2.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > ReassociateReqFlood
Possible values:
Max. 4 characters from [0-9]
Default:
250
2.12.248.50.2.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > ReassociateReqFlood
Possible values:
Max. 4 characters from [0-9]
Default:
10
2.12.248.50.3 AuthenticateReqFlood
Here you configure the threshold for attacks of the type AuthenticateReqFlood.
412
Menu Reference
2 Setup
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.3.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > AuthenticateReqFlood
Possible values:
Max. 4 characters from [0-9]
Default:
250
2.12.248.50.3.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > AuthenticateReqFlood
Possible values:
Max. 4 characters from [0-9]
Default:
10
2.12.248.50.4 EAPOLStart
Here you configure the threshold for attacks of the type EAPOLStart.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.4.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > EAPOLStart
Possible values:
Max. 4 characters from [0-9]
413
Menu Reference
2 Setup
Default:
250
2.12.248.50.4.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > EAPOLStart
Possible values:
Max. 4 characters from [0-9]
Default:
10
2.12.248.50.5 ProbeBroadcast
Here you configure the threshold for attacks of the type ProbeBroadcast.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.5.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > ProbeBroadcast
Possible values:
Max. 4 characters from [0-9]
Default:
1500
2.12.248.50.5.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > ProbeBroadcast
Possible values:
Max. 4 characters from [0-9]
414
Menu Reference
2 Setup
Default:
10
2.12.248.50.6 DisassociateBroadcast
Here you configure the threshold for attacks of the type DisassociateBroadcast.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.6.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > DisassociateBroadcast
Possible values:
Max. 4 characters from [0-9]
Default:
2
2.12.248.50.6.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > DisassociateBroadcast
Possible values:
Max. 4 characters from [0-9]
Default:
1
2.12.248.50.7 DeauthenticateBroadcast
Here you configure the threshold for attacks of the type DeauthenticateBroadcast.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
415
Menu Reference
2 Setup
2.12.248.50.7.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > DeauthenticateBroadcast
Possible values:
Max. 4 characters from [0-9]
Default:
2
2.12.248.50.7.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > DeauthenticateBroadcast
Possible values:
Max. 4 characters from [0-9]
Default:
1
2.12.248.50.8 DisassociateReqFlood
Here you configure the threshold for attacks of the type DisassociateReqFlood.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.8.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > DisassociateReqFlood
Possible values:
Max. 4 characters from [0-9]
Default:
250
416
Menu Reference
2 Setup
2.12.248.50.8.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > DisassociateReqFlood
Possible values:
Max. 4 characters from [0-9]
Default:
10
2.12.248.50.9 BlockAckOutOfWindow
Here you configure the threshold for attacks of the type BlockAckOutOfWindow.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.9.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > BlockAckOutOfWindow
Possible values:
Max. 4 characters from [0-9]
Default:
200
2.12.248.50.9.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > BlockAckOutOfWindow
Possible values:
Max. 4 characters from [0-9]
Default:
5
417
Menu Reference
2 Setup
2.12.248.50.10 BlockAckAfterDelBA
Here you configure the threshold for attacks of the type BlockAckAfterDelBA.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.10.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > BlockAckAfterDelBA
Possible values:
Max. 4 characters from [0-9]
Default:
100
2.12.248.50.10.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > BlockAckAfterDelBA
Possible values:
Max. 4 characters from [0-9]
Default:
5
2.12.248.50.11 NullDataFlood
Here you configure the threshold for attacks of the type NullDataFlood.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.11.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > NullDataFlood
418
Menu Reference
2 Setup
Possible values:
Max. 4 characters from [0-9]
Default:
500
2.12.248.50.11.2 CounterInterval
Set the interval in seconds, in which the number of received packets of this type have to pass the set threshold before
the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > NullDataFlood
Possible values:
Max. 4 characters from [0-9]
Default:
5
2.12.248.50.12 NullDataPSBufferOverflow
Here you configure the threshold for attacks of the type NullDataPSBufferOverflow.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.12.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > NullDataPSBufferOverflow
Possible values:
Max. 4 characters from [0-9]
Default:
200
2.12.248.50.12.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > NullDataPSBufferOverflow
419
Menu Reference
2 Setup
Possible values:
Max. 4 characters from [0-9]
Default:
5
2.12.248.50.13 PSPollTIMInterval
Here you configure the threshold for attacks of the type PSPollTIMInterval.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.13.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > PSPollTIMInterval
Possible values:
Max. 4 characters from [0-9]
Default:
100
2.12.248.50.13.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > PSPollTIMInterval
Possible values:
Max. 4 characters from [0-9]
Default:
5
2.12.248.50.13.3 Interval-Diff
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > PSPollTIMInterval
Possible values:
Max. 4 characters from [0-9]
420
Menu Reference
2 Setup
Default:
5
2.12.248.50.14 SMPSMUltiStream
Here you configure the threshold for attacks of the type SMPSMUltiStream.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.14.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > SMPSMUltiStream
Possible values:
Max. 4 characters from [0-9]
Default:
100
2.12.248.50.14.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > SMPSMUltiStream
Possible values:
Max. 4 characters from [0-9]
Default:
5
2.12.248.50.15 DeauthenticateReqFlood
Here you configure the threshold for attacks of the type DeauthenticateReqFlood.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
421
Menu Reference
2 Setup
2.12.248.50.15.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > DeauthenticateReqFlood
Possible values:
Max. 4 characters from [0-9]
Default:
250
2.12.248.50.15.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > DeauthenticateReqFlood
Possible values:
Max. 4 characters from [0-9]
Default:
10
2.12.248.50.16 PrematureEAPOLSuccess
Here you configure the threshold for attacks of the type PrematureEAPOLSuccess.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.16.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > PrematureEAPOLSuccess
Possible values:
Max. 4 characters from [0-9]
Default:
2
422
Menu Reference
2 Setup
2.12.248.50.16.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > PrematureEAPOLSuccess
Possible values:
Max. 4 characters from [0-9]
Default:
1
2.12.248.50.17 PrematureEAPOLFailure
Here you configure the threshold for attacks of the type PrematureEAPOLFailure.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
2.12.248.50.17.1 CounterLimit
Set the threshold number of packets, beyond which the WIDS will notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > PrematureEAPOLFailure
Possible values:
Max. 4 characters from [0-9]
Default:
2
2.12.248.50.17.2 CounterInterval
Set the interval in seconds, within which the threshold set for the number of received packets of this type must be
exceeded in order for WIDS to notify of an attack.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures > PrematureEAPOLFailure
Possible values:
Max. 4 characters from [0-9]
Default:
1
423
Menu Reference
2 Setup
2.12.248.51 Promiscuous-Mode
Activates or deactivates the promiscuous mode. This mode handles also packets that were not sent to the device itself.
These packets are forwarded to LCOS to allow an analysis by the WIDS.
This mode can be used to detect the following attacks:
a
a
a
a
PrematureEAPOLFailure
PrematureEAPOLSuccess
DeauthenticateReqFlood
DisassociateReqFlood
5
Please note that the promiscuous mode has a significant impact on the performance. For example, frame
aggregation is deactivated while it is in action. Only use this mode in case of a strong suspicion.
Telnet path:
Setup > WLAN > Wireless-IDS > Signatures
Possible values:
No
Promiscuous mode is disabled.
Yes
Promiscuous mode is enabled.
Default:
No
2.13 LANCAPI
The LANCAPI from LANCOM is a specialized version of the widespread ISDN CAPI interface. CAPI stands for Common
ISDN Application Programming Interface and it links ISDN adapters and communications software. This software in turn
provides the computer with office-communications functions such as a fax or answering machine.
Telnet path:
Setup
2.13.1 Access list
This table is for specifying addresses or address ranges that should have access to the server. If this table is empty, all
users automatically have access.
Telnet path:
Setup > LANCAPI
424
Menu Reference
2 Setup
2.13.1.1 IP address
An IP address that is to be granted access is entered here.
Telnet path:
Setup > LANCAPI > Access-List
Possible values:
Max. 15 characters from [0-9].
Default:
empty
2.13.1.2 IP-Netmask
Enter the associated netmask here.
If you wish to authorize just a single workstation with the previously specified IP address, enter 255.255.255.255 here.
If you wish to authorize a whole IP network, enter the corresponding netmask.
Telnet path:
Setup > LANCAPI > Access-List
Possible values:
Max. 15 characters from [0-9]/.
Default:
empty
2.13.1.3 Rtg-Tag
If you specify a routing tag for this access rule, the only packets that will be accepted have received the same tag in the
firewall or they are from a network with the corresponding interface tag. If the routing tag is 0, access attempts from
suitable IP addresses are accepted every time.
5
It follows that the use of routing tags only makes sense in combination with the appropriate accompanying rules
in the firewall or tagged networks.
Telnet path:
Setup > LANCAPI > Access-List
Possible values:
Max. 5 characters from [0-9]
Default:
empty
425
Menu Reference
2 Setup
2.13.3 UDP port
You can change the UDP port number of the LANCAPI server here.
Telnet path:
Setup > LANCAPI
Possible values:
Max. 5 characters from [0-9]
Default:
75 (any private telephony service)
2.13.6 Interface list
This list contains an entry for each device of your device. For each S0-Interface you can whether it is available for LANCAPI
clients and which phone numbers should be used.
Telnet path:
Setup > LANCAPI
2.13.6.1 Ifc
This describes the interface (e.g. S0-1).
Telnet path:
Setup > LANCAPI > Interface-List
2.13.6.2 Operating
You can specify if and how this interface is available for LANCAPI clients.
Telnet path:
Setup > LANCAPI > Interface-List
Possible values:
Yes
The device allows all calls through this interface.
No
The device allows no calls through this interface.
Dial-only
The device only allows outgoing calls through this interface.
Dial-in only
The device only allows incoming calls through this interface.
426
Menu Reference
2 Setup
Default:
No
2.13.6.3 EAZ-MSN(s)
In this field, you enter all of your own ISDN telephone numbers which are to receive the LANCAPI calls. Several phone
numbers can be entered in a comma-separated list.
Telnet path:
Setup > LANCAPI > Interface-List
Possible values:
Valid ISDN phone number, max. 30 characters from [0-9]#;?
Special values:
empty
If you do not specify a particular phone number here, LANCAPI receives calls at any of its ISDN telephone
numbers.
Default:
empty
2.13.6.5 Force-Out-MSN
If an outgoing call is not set with your own number, then this option determines that the number of this interface is set
as your own number. Only activate this option if your PBX system does not allow outgoing calls without being set with
your own number.
Telnet path:
Setup > LANCAPI > Interface-List
Possible values:
Yes
If an outgoing call does not have a phone number, the device adds the phone number of the interface
instead.
No
The device does not provide a substitute number for outgoing calls that do not have a phone number.
Default:
No
2.13.6.6 Max connections
This setting restricts the maximum number of connections per S0bus.
427
Menu Reference
2 Setup
Telnet path:
Setup > LANCAPI > Interface-List
Possible values:
0 … 255
Special values:
0
This value disables the restriction (unlimited).
Default:
0
2.13.6.7 VoIP-Mode
Specifies whether the LANCAPI should use the "Voice over IP" mode.
Telnet path:
Setup > LANCAPI > Interface-List
Possible values:
No
The VoIP mode is disabled.
Yes
The VoIP mode is enabled.
Default:
No
2.13.7 Priority list
This table is used to define the priorities of the ISDN interfaces for outgoing calls made with the LANCAPI.
Telnet path:
Setup > LANCAPI
2.13.7.1 Ifc
Select the ISDN interface here for which you wish to set a priority value.
Telnet path:
Setup > LANCAPI > Priority-List
428
Menu Reference
2 Setup
Possible values:
Choose from the device's ISDN interfaces, e.g. S0-1
2.13.7.2 Prio-out
Here you select the priority of the ISDN interface to be used for outgoing calls made with the LANCAPI.
Telnet path:
Setup > LANCAPI > Priority-List
Possible values:
P1 (high priority)
P2
P3 (low priority)
Default:
P3 (low priority)
2.14 Time
This menu contains the configuration of the device time settings.
Telnet path:
Setup
2.14.1 Fetch method
Select here if and how the device synchronizes its internal real-time clock.
Telnet path:
Setup > Time
Possible values:
None
ISDN
NTP
GPS
Default:
NTP
429
Menu Reference
2 Setup
2.14.2 Current time
Display of current time.
Telnet path:
Setup > Time
2.14.3 Time call number
Enter here a phone number that the device can call to obtain time information from the ISDN. After being switched on,
the device will immediately dial this number and then disconnect the connection immediately. This transmits the current
time from the ISDN exchange.
Telnet path:
Setup > Time
Possible values:
Max. 39 characters from [0-9]
Default:
empty
2.14.5 Call attempts
Specify the maximum number of dial attempts by the device to the specified number for the purpose of time initialization.
Telnet path:
Setup > Time
Possible values:
Max. 3 characters from [0-9]
Default:
3
2.14.7 UTC in seconds
This parameter is used by LANmonitor to read the time.
Telnet path:
Setup > Time
2.14.10 Time zone
This item sets the timezone for the location of your device. The time zone is the difference between local time and
Coordinated Universal Time (UTC) in hours. This is especially important for the Network Time Protocol (NTP)
430
Menu Reference
2 Setup
Telnet path:
Setup > Time
Possible values:
+1
+2 ... +14
-1 ... -12
Default:
+1
2.14.11 Daylight-saving time
The time change between local standard time and daylight-saving time can be set here manually or automatically. For
automatic daylight saving time adjustment, enter the appropriate time region for the location of your device. If your
device is located outside the specified time regions, the use of automatic time adjustment requires you to select 'User
defined' and for you to enter the following values into the table for automatic time adjustment.
Telnet path:
Setup > Time
Possible values:
Yes
No
Europe (EU)
Russia
USA
Userdefined
Default:
Europe (EU)
2.14.12 DST clock changes
Here you configure the individual values for the automatic clock change between summer and winter time, assuming
that the local daylight-saving time settings have been selected as "User defined".
Telnet path:
Setup > Time
2.14.12.1 Event
Defines the beginning and end of daylight saving time.
431
Menu Reference
2 Setup
Telnet path:
Setup > Time > DST-clock-changes
2.14.12.2 Index
First or last day of month for switching to daylight-saving time (summertime).
Telnet path:
Setup > Time > DST-clock-changes
2.14.12.3 Day
Defines on which recurring weekday of the month the time change is carried out.
Telnet path:
Setup > Time > DST-clock-changes
2.14.12.4 Month
The month in which the change is carried out.
Telnet path:
Setup > Time > DST-clock-changes
2.14.12.5 Hour
The hour at which the change is carried out.
Telnet path:
Setup > Time > DST-clock-changes
2.14.12.6 Minute
The minute at which the change is carried out.
Telnet path:
Setup > Time > DST-clock-changes
2.14.12.7 Time type
Time standard, such as UTC (Coordinated Universal Time).
432
Menu Reference
2 Setup
Telnet path:
Setup > Time > DST-clock-changes
2.14.13 Get time
This command causes the device to fetch the current time from the specified time server.
Telnet path:
Setup > Time
2.14.15 Holidays
This table contains the holidays that have been defined.
Telnet path:
Setup > Time
2.14.15.1 Index
This describes the position of the entry in the table.
Telnet path:
Setup > Time > Holidays
Possible values:
0 … 9999
Default:
empty
2.14.15.2 Date
If you have created entries in the least-cost table or the timed control table that should apply on public holidays, enter
the days here.
Telnet path:
Setup > Time > Holidays
Possible values:
Max. 10 characters from [0-9].
Default:
empty
433
Menu Reference
2 Setup
2.14.16 Timeframe
Timeframes are used to define the periods when the content-filter profiles are valid. One profile may contain several
lines with different timeframes. Different lines in a timeframe should complement one another, i.e. if you specify WORKTIME
you will should probably specify a timeframe called FREETIME to cover the time outside of working hours.
Telnet path:
Setup > Time
2.14.16.1 Name
Enter the name of the timeframe for referencing from the content-filter profile.
Telnet path:
Setup > Time > Timeframe
Possible values:
Max. 31 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.14.16.2 Home
Here you set the start time (time of day) in the format HH:MM when the selected profile becomes valid.
Telnet path:
Setup > Time > Timeframe
Possible values:
Max. 5 characters from [0-9]:
Default:
00:00
2.14.16.3 Stop
Here you set the end time (time of day) in the format HH:MM when the selected profile ceases to be valid.
Telnet path:
Setup > Time > Timeframe
Possible values:
Max. 5 characters from [0-9]:
Default:
23:59
434
Menu Reference
2 Setup
2.14.16.4 Weekdays
Here you select the weekday on which the timeframe is to be valid.
Telnet path:
Setup > Time > Timeframe
Possible values:
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday, Holiday
Default:
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday, Holiday
2.15 LCR
This menu contains the configuration of the least-cost router.
Telnet path:
Setup
2.15.1 Router usage
A router is an intelligent network component; comparable with a post office, it uses the logical target address of a packet
to determine which network component should transmit the packet next; it knows the overall topology of the network.
If this option is activated, all connections made by the router are controlled by least-cost routing.
Telnet path:
Setup > LCR
Possible values:
Yes
No
Default:
No
2.15.2 Lancapi usage
If this option is activated, all connections made by CAPI clients are controlled by least-cost routing.
Telnet path:
Setup > LCR
435
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
No
2.15.4 Time list
In this table you can define the Call-by-Call numbers to be used for telephone calls depending on the time, day and area
code.
Telnet path:
Setup > LCR
2.15.4.1 Index
Index for this entry in the table.
Telnet path:
Setup > LCR > Time-List
Possible values:
Max. 10 characters from [0-9]
Default:
0
2.15.4.2 Prefix
Enter the prefix (e.g. area code) or the first few digits of a group of prefixes to which the entry will apply. If, for example,
you enter 030 for Berlin, all calls with this prefix will be redirected as indicated here. Optionally you may wish to enter
only 03 and then all calls to any place that begins with the prefix 03 will be redirected accordingly.
Telnet path:
Setup > LCR > Time-List
Possible values:
Max. 10 characters from [0-9]
Default:
empty
436
Menu Reference
2 Setup
2.15.4.3 Days
The days on which this entry should apply. You can create multiple entries for a given prefix, each applying to different
periods or different days.
Telnet path:
Setup > LCR > Time-List
Possible values:
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday, Holiday
2.15.4.4 Home
The start of the period during which this entry should apply.
Telnet path:
Setup > LCR > Time-List
Possible values:
Max. 5 characters from [0-9]
Default:
empty
2.15.4.5 Stop
The end of the period during which this entry should apply.
Telnet path:
Setup > LCR > Time-List
Possible values:
Max. 5 characters from [0-9]
Default:
empty
2.15.4.6 Number list
Enter here the prefix for the call-by-call provider to be used for calls matching this entry.
Multiple prefixes can be separated by semi-colons. If no connection can be established with the first prefix, the following
prefixes will be tried in sequence.
Leave this field empty if calls that match this entry are not to be re-directed.
Telnet path:
Setup > LCR > Time-List
437
Menu Reference
2 Setup
Possible values:
Max. 29 characters from [0-9]+-;
Default:
empty
2.15.4.7 Fallback
Enter here the prefix for the call-by-call provider to be used for calls matching this entry.
Automatic fallback: If no connection can be established on any of the supplied call-by-call numbers, the least-cost router
will connect to your regular telephone service provider. Switch this option off if you do not want this to happen.
Telnet path:
Setup > LCR > Time-List
Possible values:
Yes
No
Default:
No
2.16 NetBIOS
This menu contains the configuration of the NetBIOS.
Telnet path:
Setup
2.16.1 Operating
When this option is enabled, the device will also be able to forward NetBIOS packets directly to specific stations in remote
networks. Without this option enabled, these packets often cause unnecessary connections, since the individual computers
of NetBIOS-based networks (e.g. Microsoft Windows networks) continuously exchange status information.
Telnet path:
Setup > NetBIOS
438
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
No
2.16.2 Scope ID
The device appends this string to the NetBIOS name for all TCP/IP connections using NetBIOS.
Telnet path:
Setup > NetBIOS
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.16.4 remote sites
Enter the name for the remote stations to which NetBIOS is to be transmitted over IP. These remote sites also have to
be entered into the IP routing table.
Telnet path:
Setup > NetBIOS
2.16.4.1 Name
Enter the name for the remote station here. This remote station must also be present in the routing table of the IP router.
Telnet path:
Setup > NetBIOS > Peers
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.16.4.3 Type
Specify whether the remote station is also a router or an individual workstation with a dial-up remote-access connection.
439
Menu Reference
2 Setup
Telnet path:
Setup > NetBIOS > Peers
Possible values:
Workstation
Router
Default:
Router
2.16.5 Group list
This list displays all NetBIOS groups.
Telnet path:
Setup > NetBIOS
2.16.5.1 Group/domain
Name of the workgroup communicated by NetBIOS.
Telnet path:
Setup > NetBIOS > Group-List
2.16.5.2 Type
NetBIOS defines a certain amount of server types, and these are displayed by hexadecimal numbers. The most important
of these types are:
00
Standard-Workstation
03
Win PopUp service
06
RAS server
1B
Domain master browser or PDC
1D
Master browser
1F
NetDDE service
440
Menu Reference
2 Setup
20
File or printer service
21
RAS client
BE
Network monitor agent
BF
Network monitor utility
Telnet path:
Setup > NetBIOS > Group-List
2.16.5.3 IP address
Valid IP address of the station.
Telnet path:
Setup > NetBIOS > Group-List
2.16.5.4 Peer
From the list of specified peers, select the name of the peer used to reach this NetBIOS group.
Telnet path:
Setup > NetBIOS > Group-List
2.16.5.5 Timeout
Period of validity (lease) of this entry in minutes.
Telnet path:
Setup > NetBIOS > Group-List
2.16.5.6 Flags
Flags as additional identifiers for the station or group.
Telnet path:
Setup > NetBIOS > Group-List
441
Menu Reference
2 Setup
2.16.5.7 Network name
Name of the IP network where the client is located.
Telnet path:
Setup > NetBIOS > Group-List
2.16.5.8 Rtg-Tag
Routing tag for this entry.
Telnet path:
Setup > NetBIOS > Group-List
2.16.6 Host list
This list displays all NetBIOS hosts.
Telnet path:
Setup > NetBIOS
2.16.6.1 Name
Name of the station communicated by NetBIOS.
Telnet path:
Setup > NetBIOS > Host-List
2.16.6.2 Type
NetBIOS defines a certain amount of server types, and these are displayed by hexadecimal numbers. The most important
of these types are:
00
Standard-Workstation
03
Win PopUp service
06
RAS server
1B
Domain master browser or PDC
1D
Master browser
442
Menu Reference
2 Setup
1F
NetDDE service
20
File or printer service
21
RAS client
BE
Network monitor agent
BF
Network monitor utility
Telnet path:
Setup > NetBIOS > Host-List
2.16.6.3 IP address
Valid IP address of the station.
Telnet path:
Setup > NetBIOS > Host-List
2.16.6.4 Peer
From the list of specified peers, select the name of the peer used to reach this station.
Telnet path:
Setup > NetBIOS > Host-List
2.16.6.5 Timeout
Period of validity (lease) of this entry in minutes.
Telnet path:
Setup > NetBIOS > Host-List
2.16.6.6 Flags
Flags as additional identifiers for the station or group.
Telnet path:
Setup > NetBIOS > Host-List
443
Menu Reference
2 Setup
2.16.6.7 Network name
Name of the IP network where the client is located.
Telnet path:
Setup > NetBIOS > Host-List
2.16.6.8 Rtg-Tag
Routing tag for this entry.
Telnet path:
Setup > NetBIOS > Host-List
2.16.7 Server list
This list displays all NetBIOS servers.
Telnet path:
Setup > NetBIOS
2.16.7.1 Host
Displays the host's NetBIOS name
Telnet path:
Setup > NetBIOS > Server-List
2.16.7.2 Group/domain
Displays the workgroup/domain where the NetBIOS host is located.
Telnet path:
Setup > NetBIOS > Server-List
2.16.7.4 IP address
Displays the IP address of the NetBIOS host.
Telnet path:
Setup > NetBIOS > Server-List
444
Menu Reference
2 Setup
2.16.7.5 OS-Ver.
Displays the NetBIOS host's operating system.
Telnet path:
Setup > NetBIOS > Server-List
2.16.7.6 SMB-Ver.
Displays the SMB version of the NetBIOS host.
Telnet path:
Setup > NetBIOS > Server-List
2.16.7.7 Server type
Displays the NetBIOS host's server type.
Telnet path:
Setup > NetBIOS > Server-List
2.16.7.8 Peer
From the list of specified peers, select the peer used to reach the NetBIOS host.
Telnet path:
Setup > NetBIOS > Server-List
2.16.7.9 Timeout
Displays the time in minutes until the NetBIOS information is updated.
Telnet path:
Setup > NetBIOS > Server-List
2.16.7.10 Flags
Displays the NetBIOS flags detected for the NetBIOS host.
Telnet path:
Setup > NetBIOS > Server-List
445
Menu Reference
2 Setup
2.16.7.11 Network name
Displays the IP network where the NetBIOS host is located.
Telnet path:
Setup > NetBIOS > Server-List
2.16.7.12 Rtg-Tag
Routing tag for the connection to the NetBIOS host.
Telnet path:
Setup > NetBIOS > Server-List
2.16.8 Watchdogs
Some stations send watchdog packets from time to time to check whether other stations in the network can be reached.
Watchdogs of this type can cause unnecessary connections to be established. Here you can specify whether the device
should intercept watchdogs of this type and answer them itself to prevent these connections from being established.
Telnet path:
Setup > NetBIOS
Possible values:
Spoof
Route
Default:
Spoof
2.16.9 Update
The device has to exchange routing information with other NetBIOS routers from time to time. To avoid unnecessary
connections being established, select when this should occur.
Telnet path:
Setup > NetBIOS
Possible values:
pBack
Trig
Time
Default:
pBack
446
Menu Reference
2 Setup
2.16.10 WAN-Update-Minutes
If you have specified that routing information should be exchanged at particular intervals, enter this interval here in
minutes.
Telnet path:
Setup > NetBIOS
Possible values:
Max. 10 characters from [0-9]
Default:
60
2.16.11 Validity
The maximum time in minutes for which NetBIOS names remain valid.
A host registers with the device with a NetBIOS name. When this period expires, then the host must re-register with its
name.
Telnet path:
Setup > NetBIOS
Possible values:
Max. 10 characters from [0-9]
Default:
500
2.16.12 Networks
This table is used to adjust NetBIOS settings and to select the network that they apply to.
Telnet path:
Setup > NetBIOS
2.16.12.1 Network name
Select here the name of the network to which the settings are to apply.
Telnet path:
Setup > NetBIOS > Networks
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
447
Menu Reference
2 Setup
2.16.12.2 Operating
Select here whether or not the NetBIOS proxy is to be used for the selected network.
Telnet path:
Setup > NetBIOS > Networks
Possible values:
Yes
No
Default:
No
2.16.12.3 NT domain
Enter the name of the workgroup used by the computers in your network. If several workgroups exist within your network,
entering one name is sufficient.
Telnet path:
Setup > NetBIOS > Networks
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.16.13 Browser list
This table shows you an overview of the master browsers known to the NetBIOS proxy.
Telnet path:
Setup > NetBIOS
2.16.13.1 Browser
This entry shows the computer name (master browser).
Telnet path:
Setup > NetBIOS > Browser-List
2.16.13.2 Group/domain
This entry shows the workgroups/domains.
448
Menu Reference
2 Setup
Telnet path:
Setup > NetBIOS > Browser-List
2.16.13.4 IP address
This entry shows the IP addresses.
Telnet path:
Setup > NetBIOS > Browser-List
2.16.13.5 OS-Ver.
This entry shows the OS version.
Telnet path:
Setup > NetBIOS > Browser-List
2.16.13.7 Server type
This entry shows the server type.
Telnet path:
Setup > NetBIOS > Browser-List
2.16.13.8 Peer
This entry shows the name of the remote station.
Telnet path:
Setup > NetBIOS > Browser-List
2.16.13.9 Timeout
This entry shows the number of timeouts.
Telnet path:
Setup > NetBIOS > Browser-List
2.16.13.10 Flags
This entry shows the flags.
449
Menu Reference
2 Setup
Telnet path:
Setup > NetBIOS > Browser-List
2.16.13.11 Network name
This entry shows the network name.
Telnet path:
Setup > NetBIOS > Browser-List
2.16.13.12 Rtg-Tag
This entry shows the routing tag used.
Telnet path:
Setup > NetBIOS > Browser-List
2.16.14 Support browsing
Windows uses the browser service or search service to discover the network environment. Since the browser service
works with broadcasts, the network environment in routed networks is incomplete if no domains are used. Support of
the search service closes this gap by propagating the master browser for each local workgroup to the remote side, or
by using broadcasts in the LAN to propagate the master browsers located on the remote side. The list of master browsers
known to the NetBIOS proxy can be viewed under /Status/TCP-IP/NetBIOS/Browser-List. Support of the search service
only needs to be activated in workgroup networks. Domain networks operate without broadcasts, and the master browser
is always the domain controller.
Telnet path:
Setup > NetBIOS
Possible values:
Yes
No
Default:
Yes
2.17 DNS
This menu contains the domain-name system (DNS) configuration.
450
Menu Reference
2 Setup
Telnet path:
Setup
2.17.1 Operating
Activates or deactivates DNS.
Telnet path:
Setup > DNS
Possible values:
Yes
No
Default:
Yes
2.17.2 Domain
Device's own domain.
Telnet path:
Setup > DNS
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
Internal
2.17.3 DHCP usage
The DNS server can resolve the names of the stations that have requested an IP address by DHCP.
Use this switch to activate this option.
Telnet path:
Setup > DNS
451
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
Yes
2.17.4 NetBIOS usage
The DNS server can resolve the names of the clients that are known to the NetBIOS router.
Use this switch to activate this option.
Telnet path:
Setup > DNS
Possible values:
Yes
No
Default:
Yes
2.17.5 DNS-List
Enter the station names and the associated IP addresses here.
Telnet path:
Setup > DNS
2.17.5.1 Host name
Enter the name of a station here.
For example, if you have a computer named myhost and your domain name is myhome.internal, then you
should enter the station name here as myhost.myhome.intern.
Telnet path:
Setup > DNS > DNS-List
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
452
Menu Reference
2 Setup
2.17.5.2 IP address
Enter the valid IP address of the station.
If a client needs to resolve the name of a station, it sends a request with that name to the DNS server. The server responds
by communicating the IP address entered here.
Telnet path:
Setup > DNS > DNS-List
Possible values:
Max. 64 characters from [0-9].
Default:
0.0.0.0
2.17.5.3 IPv6 address
Enter the valid IPv6 address of the station.
If a client needs to resolve the name of a station, it sends a request with that name to the DNS server. The server responds
by communicating the IPv6 address entered here.
Telnet path:
Setup > DNS > DNS-List
Possible values:
Max. 64 characters from [0-9].
Default:
empty
2.17.5.4 Rtg-Tag
When resolving a station name, the device uses the routing tag to set the tag context for that station.
Telnet path:
Setup > DNS > DNS-List
Possible values:
0 … 65535
Default:
0
2.17.6 Filter list
Use the DNS filter to block access to certain stations or domains.
453
Menu Reference
2 Setup
Telnet path:
Setup > DNS
2.17.6.1 Idx.
Index for the filter entries.
Telnet path:
Setup > DNS > Filter-List
Possible values:
Max. 4 characters from [0-9]
Default:
empty
2.17.6.2 Domain
Enter the name of a station or a domain that you want to block. The characters "*" and "?" can be used as wildcards.
Telnet path:
Setup > DNS > Filter-List
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.17.6.3 IP address
If you want this access restriction to only apply to a specific workstation or subnetwork, enter the valid IP address of the
workstation or subnetwork here.
Telnet path:
Setup > DNS > Filter-List
Possible values:
Max. 15 characters from [0-9].
Default:
0.0.0.0
2.17.6.4 Netmask
If you have entered the address of a subnetwork for access restriction, you must enter the associated subnet mask here.
454
Menu Reference
2 Setup
Telnet path:
Setup > DNS > Filter-List
Possible values:
Max. 15 characters from [0-9].
Default:
0.0.0.0
2.17.6.5 IPv6-Prefix
Using this setting you set the IPv6 sender addresses for which the device filters the domain. If you want to apply the
filter to all IPv6 addresses, select the prefix ::/0.
Telnet path:
Setup > DNS > Filter-List
Possible values:
Max. 43 characters from [a-z][0-9]/:
Default:
empty
2.17.6.6 Rtg-Tag
The routing tag determines which filters apply in each tag context.
Telnet path:
Setup > DNS > Filter-List
Possible values:
0 … 65535
Default:
0
2.17.7 Lease time
Some computers store the names and addresses of clients that they have queried from a DNS server in order to be able
to access this information more quickly in the future.
Specify here how long this data may be stored before becoming invalid. After this time the computer in question must
issue a new request for the information.
Telnet path:
Setup > DNS
Possible values:
Max. 10 characters from [0-9]
455
Menu Reference
2 Setup
Default:
2000
2.17.8 Dyn.-DNS-List
The Dyn DNS list records names that were registered via a register request. Windows does this when, for example, under
Advanced TCP/IP Settings, "DNS", the network-connection options "Register this connection's addresses in DNS" and
"Use this connection's DNS suffix in DNS registration" have been activated and the stations register in the domain.
Telnet path:
Setup > DNS
2.17.8.1 Host name
Name of the station that registered via a register request.
Telnet path:
Setup > DNS > Dyn.-DNS-List
2.17.8.2 IP address
Valid IP address of the station that registered via a register request.
Telnet path:
Setup > DNS > Dyn.-DNS-List
2.17.8.3 Timeout
Lease period for this entry.
Telnet path:
Setup > DNS > Dyn.-DNS-List
2.17.8.4 IPv6 address
Displays the IPv6 address of the corresponding host (if available).
Telnet path:
Setup > DNS > Dyn.-DNS-List
456
Menu Reference
2 Setup
2.17.8.5 Network name
Displays the name of the network in which the host is located.
Telnet path:
Setup > DNS > Dyn.-DNS-List
2.17.9 DNS destinations
Requests for certain domains can be explicitly forwarded to particular remote sites.
Telnet path:
Setup > DNS
2.17.9.1 Domain name
Here you can enter the domain and assign it a dedicated remote device or a DNS server in order to resolve the name of
a certain domain from another DNS server.
Telnet path:
Setup > DNS > DNS-Destinations
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.17.9.2 Peer
Specify the remote station for DNS forwarding.
Telnet path:
Setup > DNS > DNS-Destinations
Possible values:
Max. 31 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.17.9.3 Rtg-Tag
The routing tag makes it possible to specify multiple forwarding definitions that are independent of each other (especially
general wildcard definitions with "*"). Depending on the routing context of the requesting client, the router considers
only the forwarding entries that are identified accordingly and the general entries marked with "0".
457
Menu Reference
2 Setup
Telnet path:
Setup > DNS > DNS-Destinations
Possible values:
0 … 65535
Default:
0
2.17.10 Service location list
Here you configure if and to which station certain services are to be resolved.
Telnet path:
Setup > DNS
2.17.10.1 Service name
Specify here which service should be resolved by DNS, and how.
The service ID is the service that is to be resolved in accordance with RFC 2782.
By way of illustration, the following example lists several entries used to resolve SIP services:
Service name
Host name
_sips._tcp.myhome.intern .
Port
0
_sip._tcp.myhome.intern myhost.myhome.intern 5060
_sip._udp.myhome.intern [self]
5060
Telnet path:
Setup > DNS > Service-Location-List
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.17.10.2 Host name
The station name indicates which station provides the indicated service. For example, if you have a computer named
myhost and your domain name is myhome.internal, then you should enter the station name here as
myhost.myhome.intern. The station name "[self]" can be specified as the name if it is the device itself. A period
"." can be entered if this service is blocked and therefore should not be resolved. (In this case any definition in the
following port field will be ignored).
Telnet path:
Setup > DNS > Service-Location-List
458
Menu Reference
2 Setup
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.17.10.3 Port
The service port denotes the port number used for the defined service at the named client.
Telnet path:
Setup > DNS > Service-Location-List
Possible values:
Max. 10 characters from [0-9]
Default:
0
2.17.10.4 Rtg-Tag
The routing tag determines whether and how the device should resolve specific service requests within the current tag
context.
Telnet path:
Setup > DNS > Service-Location-List
Possible values:
0 … 65535
Default:
0
2.17.11 Dynamic SRV list
The dynamic SRV list stores service location records that the device uses itself. For example, the VoIP module enters itself
here.
Telnet path:
Setup > DNS
2.17.11.1 Service name
Name of the service.
459
Menu Reference
2 Setup
Telnet path:
Setup > DNS > Dynamic-SRV-List
2.17.11.2 Host name
Name of the station providing this service.
Telnet path:
Setup > DNS > Dynamic-SRV-List
2.17.11.3 Port
Port used to register this service.
Telnet path:
Setup > DNS > Dynamic-SRV-List
2.17.12 Resolve domain
If this option is active, the device answers queries about its own domain with its own IP address.
Telnet path:
Setup > DNS > Dynamic-SRV-List
Possible values:
No
Yes
Default:
Yes
2.17.13 Sub domains
Here a separate domain can be configured for each logical network.
Telnet path:
Setup > DNS
460
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
Yes
2.17.13.1 Network name
From the list of specified IP networks, enter the IP network for which a sub domain is to be defined.
Telnet path:
Setup > DNS > Sub-Domains
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.17.13.2 Sub domain
Sub-domain that is to be used for the selected IP network.
Telnet path:
Setup > DNS > Sub-Domains
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.17.14 Forwarder
Using this setting you specify whether your device forwards or rejects unrecognized DNS requests.
To recognize an address, the device DNS server checks the tables in Setup > DNS
a
a
a
a
DNS-List
Dyn.-DNS-List
Service location list
Dynamic SRV list
and requests the corresponding addresses from the DHCP server and from the NetBIOS proxy, if necessary and if you
allow it.
461
Menu Reference
2 Setup
Telnet path:
Setup > DNS
Possible values:
No
Yes
Default:
Yes
2.17.15 Tag configuration
You manage the specific DNS settings for the individual tag contexts in this table. If an entry for a tag context exists,
then only the DNS settings in this table apply for this context. However, if there is no entry in this table, then the global
settings of the DNS server apply.
Telnet path:
Setup > DNS
2.17.15.1 Rtg-Tag
Unique interface or routing tag, its settings will override the global settings of the DNS server.
Telnet path:
Setup > DNS > Tag-Configuration
Possible values:
0 … 65534
Default:
0
2.17.15.2 Operating
Enables the DNS server of the device for the corresponding tag context.
Telnet path:
Setup > DNS > Tag-Configuration
462
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
Yes
2.17.15.3 Forwarder
Using this setting you specify whether your device forwards or rejects DNS requests that are not recognized for the
specified tag context.
To recognize an address, the device DNS server checks the tables in Setup > DNS
a
a
a
a
DNS-List
Dyn.-DNS-List
Service location list
Dynamic SRV list
and requests the corresponding addresses from the DHCP server and from the NetBIOS proxy, if necessary and if you
allow it.
Telnet path:
Setup > DNS > Tag-Configuration
Possible values:
No
Yes
Default:
Yes
2.17.15.4 DHCP usage
For the corresponding tag context, this enables or disables the resolution of station names which have requested an IP
address via DHCP.
Telnet path:
Setup > DNS > Tag-Configuration
Possible values:
No
Yes
Default:
Yes
463
Menu Reference
2 Setup
2.17.15.5 NetBIOS usage
For the corresponding tag context, this enables or disables the resolution of station names which are recognized by the
NetBIOS router.
Telnet path:
Setup > DNS > Tag-Configuration
Possible values:
No
Yes
Default:
Yes
2.17.15.6 Resolve domain
For the corresponding tag context, this enables or disables the response of DNS requests to its own domain with the IP
address of the router.
Telnet path:
Setup > DNS > Tag-Configuration
Possible values:
No
Yes
Default:
Yes
2.17.16 Alias-List
This menu allows you to configure alias entries for the domain name system (DNS).
Telnet path:
Setup > DNS
2.17.16.1 Alias name
Enter an alternative name for the DNS configuration here.
Telnet path:
Setup > DNS > Alias-List
464
Menu Reference
2 Setup
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.17.16.2 Rtg-Tag
Use this entry to define a routing tag for this alias.
Telnet path:
Setup > DNS > Alias-List
Possible values:
Max. 5 characters from [0-9]
Default:
0
2.17.16.3 Canonical-Name
Specify here a unique CNAME for this alias.
Telnet path:
Setup > DNS > Alias-List
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.17.20 Syslog
Use this directory to configure the SYSLOG logging of DNS requests.
Telnet path:
Setup > DNS
2.17.20.1 Log DNS resolutions
This option enables or disables (default setting) the sending of SYSLOG messages in the case of DNS requests.
4
This switch is independent of the global switch in the SYSLOG module under Setup > SYSLOG > Operating. If
you enable this option to log DNS requests, the DNS server in the device sends the corresponding SYSLOG
messages to a SYSLOG server even if the global SYSLOG module is disabled.
465
Menu Reference
2 Setup
Each DNS resolution (ANSWER record or ADDITIONAL record) generates a SYSLOG message with the following
structure PACKET_INFO: DNS for IP-Address, TID {Hostname}: Resource-Record.
The parameters have the following meanings:
a The TID (transaction ID) contains a 4-character hexadecimal code.
a The {host name} is only part of the message if the DNS server cannot resolve it without a DNS request (as in
the firewall log, as well).
a The resource record consists of three parts: The request, the type or class, and the IP resolution (for example
www.mydomain.com STD A resolved to 193.99.144.32)
Telnet path:
Setup > DNS > Syslog
Possible values:
No
Disables the logging of DNS requests and responses.
Yes
Enables the logging of DNS requests and responses.
Default:
No
2.17.20.2 Log server address
The log server address identifies the SYSLOG server by means of its DNS name or an IP address.
4
The use of the IP addresses 127.0.0.1 and ::1 to force the use of an external server is not permitted.
Telnet path:
Setup > DNS > Syslog
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.17.20.3 Log source
Contains the log source as displayed in the SYSLOG messages.
Telnet path:
Setup > DNS > Syslog
466
Menu Reference
2 Setup
Possible values:
System
Login
System time
Console login
Connections
Accounting
Administration
Router
Default:
Router
2.17.20.4 Log level
Contains the priority that is shown in the SYSLOG messages.
Telnet path:
Setup > DNS > Syslog
Possible values:
Emergency
Alert
Critical
Error
Warning
Notice
Info
Debug
Default:
Notice
2.17.20.5 Loopback-Addr.
Here you can optionally specify another address (name or IP) used by your device to identify itself to the SYSLOG server
as the sender. By default, your device sends its IP address from the corresponding ARF context, without you having to
enter it here. By entering an optional loopback address you change the source address and route that your device uses
to contact the remote site. This can be useful, for example, if your device is available over different paths and the remote
site should use a specific path for its reply message.
4
If the source address set here is a loopback address, this will be used unmasked even on masked remote clients.
Telnet path:
Setup > DNS > Syslog
467
Menu Reference
2 Setup
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Special values:
Name of the IP networks whose address should be used
“INT” for the address of the first Intranet
“DMZ” for the address of the first DMZ
LB0 to LBF for the 16 loopback addresses
Any valid IP address
2.18 Accounting
This menu contains the configuration of the Accounting.
Telnet path:
Setup
Possible values:
No
Yes
Default:
Yes
2.18.1 Operating
Turn accounting on or off.
Telnet path:
Setup > Accounting
Possible values:
No
Yes
Default:
No
468
Menu Reference
2 Setup
2.18.2 Save to flashROM
Turn accounting data in flash memory on or off. Accounting data saved to flash will not be lost even in the event of a
power outage.
Telnet path:
Setup > Accounting
Possible values:
No
Yes
Default:
No
2.18.3 Sort by
Select here whether the data should be sorted in the accounting table according to connection times or data volume.
Telnet path:
Setup > Accounting
Possible values:
Time
Data
Default:
Time
2.18.4 Current user
Displays an accounting list for all current users.
Telnet path:
Setup > Accounting
2.18.4.1 User name
Displays the username.
Telnet path:
Setup > Accounting > Current-User
469
Menu Reference
2 Setup
2.18.4.2 MAC address
Displays the MAC address of the user.
Telnet path:
Setup > Accounting > Current-User
2.18.4.3 Peer
Displays the name of the remote station.
Telnet path:
Setup > Accounting > Current-User
2.18.4.4 Conn. type:
Displays the connection type (e.g. DSL connection)
Telnet path:
Setup > Accounting > Current-User
2.18.4.5 Rx-KBytes
The number of bytes received.
Telnet path:
Setup > Accounting > Current-User
2.18.4.6 Tx-KBytes
The number of bytes sent.
Telnet path:
Setup > Accounting > Current-User
2.18.4.8 Total time
Shows the total time of the corresponding connection.
Telnet path:
Setup > Accounting > Current-User
470
Menu Reference
2 Setup
2.18.4.9 Connections
Displays the number of connections.
Telnet path:
Setup > Accounting > Current-User
2.18.5 Accounting list
Information on connections between clients in the local network and various remote sites is saved in the accounting
table with entries for the connection time and the transferred data volume. Using accounting snapshots, accounting
data can be regularly saved at specific times for later evaluation.
Telnet path:
Setup > Accounting
2.18.5.1 User name
Displays the username.
Telnet path:
Setup > Accounting > Accounting-List
2.18.5.2 MAC address
Displays the MAC address of the user.
Telnet path:
Setup > Accounting > Accounting-List
2.18.5.3 Peer
Displays the name of the remote station.
Telnet path:
Setup > Accounting > Accounting-List
2.18.5.4 Conn. type:
Displays the connection type (e.g. DSL connection)
Telnet path:
Setup > Accounting > Accounting-List
471
Menu Reference
2 Setup
2.18.5.5 Rx-KBytes
The number of bytes received.
Telnet path:
Setup > Accounting > Accounting-List
2.18.5.6 Tx-KBytes
The number of bytes sent.
Telnet path:
Setup > Accounting > Accounting-List
2.18.5.8 Total time
Shows the total time of the corresponding connection.
Telnet path:
Setup > Accounting > Accounting-List
2.18.5.9 Connections
Displays the number of connections.
Telnet path:
Setup > Accounting > Accounting-List
2.18.6 Delete-Accounting-List
This option allows you to delete the parameters.
Telnet path:
Setup > Accounting
2.18.7 Create snapshot
With this entry the accounting data in is stored to a snapshot.
Telnet path:
Setup > Accounting
472
Menu Reference
2 Setup
2.18.8 Time snapshot
When configuring the snapshot, the interval is set at which the accounting data are temporarily saved into a snapshot.
Telnet path:
Setup > Accounting
2.18.8.1 Index
Displays the system's internal index.
Telnet path:
Setup > Accounting > Time-Snapshot
2.18.8.2 Operating
Turn intermediate storage of accounting data on or off.
Telnet path:
Setup > Accounting > Time-Snapshot
Possible values:
Yes
No
Default:
No
2.18.8.3 Type
Here you can set the interval at which the snapshot will be generated.
Telnet path:
Setup > Accounting > Time-Snapshot
Possible values:
Daily
Weekly
Monthly
Default:
Monthly
473
Menu Reference
2 Setup
2.18.8.4 Day
The day of the month on which caching is performed. Only relevant if the interval is "monthly".
Telnet path:
Setup > Accounting > Time-Snapshot
Possible values:
0 … 31
Default:
1
2.18.8.5 Day of week
The weekday on which caching is performed. Only relevant if the interval is "weekly".
Telnet path:
Setup > Accounting > Time-Snapshot
Possible values:
Unknown
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Default:
Unknown
2.18.8.6 Hour
The hour of day at which caching will be performed.
Telnet path:
Setup > Accounting > Time-Snapshot
Possible values:
Max. 2 characters from [0-9]
Default:
0
474
Menu Reference
2 Setup
2.18.8.7 Minute
The minute in which caching will take place
Telnet path:
Setup > Accounting > Time-Snapshot
Possible values:
Max. 2 characters from [0-9]
Default:
0
2.18.9 Last snapshot
Displays the last snapshot.
Telnet path:
Setup > Accounting
Possible values:
Max. 2 characters from [0-9]
Default:
0
2.18.9.1 User name
Displays the username.
Telnet path:
Setup > Accounting > Last-Snapshot
2.18.9.2 MAC address
Displays the MAC address of the user.
Telnet path:
Setup > Accounting > Last-Snapshot
2.18.9.3 Peer
Displays the name of the remote station.
Telnet path:
Setup > Accounting > Last-Snapshot
475
Menu Reference
2 Setup
2.18.9.4 Conn. type:
Displays the connection type (e.g. DSL connection)
Telnet path:
Setup > Accounting > Last-Snapshot
2.18.9.5 Rx-KBytes
The number of bytes received.
Telnet path:
Setup > Accounting > Last-Snapshot
2.18.9.6 Tx-KBytes
The number of bytes sent.
Telnet path:
Setup > Accounting > Last-Snapshot
2.18.9.8 Total time
Shows the total time of the corresponding connection.
Telnet path:
Setup > Accounting > Last-Snapshot
2.18.9.8 Connections
Displays the number of connections.
Telnet path:
Setup > Accounting > Last-Snapshot
2.18.10 Discriminator
This is where you can select the feature according to which accounting data are to be gathered.
5
476
When varying IP addresses are in use, e.g. when using a DHCP server, the option "IP address" can lead to
inaccurate accounting data. In this case, it may not be possible to accurately assign the data to users. Conversely,
with this setting, data can be separated for clients that are behind another router and therefore appear in the
accounting list with the same MAC address as the router.
Menu Reference
2 Setup
Telnet path:
Setup > Accounting
Possible values:
MAC address
The data are collected according to the client's MAC address.
IP address
The data are collected according to the client's IP address.
Default:
MAC address
2.19 VPN
This menu contains the configuration of the Virtual Private Network (VPN).
Telnet path:
Setup
2.19.3 Isakmp
This menu contains the configuration of the Isakmp.
Telnet path:
Setup > VPN
2.19.3.4 Timer
This table contains values that affect the timing of IKE negotiations.
The values are passed to the IKE job with each full VPN configuration (setting up all VPN rules). Each time an IKE job is
used it reads these values from its configuration. This means that the expiry timeout will be used immediately for every
new negotiation (incl. rekeying of old connections). The retry limit is also used immediately, even during the ongoing
repeats of negotiation packets.
Telnet path:
Setup > VPN > Isakmp
477
Menu Reference
2 Setup
2.19.3.4.1 Retr-Lim
The retry limit specifies the maximum number of times that an IKE negotiation packet will be repeated if there is no
response to it. The time interval between repeats currently cannot be configured and is 5, 7, 9, 11, 13... seconds. The
overall time for IKE negotiation is also capped by the expiry limit.
Telnet path:
Setup > VPN > Isakmp > Timer
Possible values:
Max. 5 characters from [0-9]
Default:
5
2.19.3.4.2 Retr-Tim
5
These settings are included to maintain compatibility to earlier firmware versions. Do not alter the pre-set values
for these parameters. An irregular configuration may cause the devices to behave unexpectedly during operations!
Telnet path:
Setup > VPN > Isakmp > Timer
Possible values:
Max. 5 characters from [0-9]
Default:
1
2.19.3.4.3 Retr-Tim-Usec
5
These settings are included to maintain compatibility to earlier firmware versions. Do not alter the pre-set values
for these parameters. An irregular configuration may cause the devices to behave unexpectedly during operations!
Telnet path:
Setup > VPN > Isakmp > Timer
Possible values:
Max. 10 characters from [0-9]
Default:
0
2.19.3.4.4 Retr-Tim-Max
5
478
These settings are included to maintain compatibility to earlier firmware versions. Do not alter the pre-set values
for these parameters. An irregular configuration may cause the devices to behave unexpectedly during operations!
Menu Reference
2 Setup
Telnet path:
Setup > VPN > Isakmp > Timer
Possible values:
Max. 5 characters from [0-9]
Default:
10
2.19.3.4.5 Exp-Tim
Maximum duration of the IKE negotiation phase in seconds.
5
These settings are included to maintain compatibility to earlier firmware versions. Do not alter the pre-set values
for these parameters. An irregular configuration may cause the devices to behave unexpectedly during operations!
Telnet path:
Setup > VPN > Isakmp > Timer
Possible values:
0 … 65535 Seconds
Default:
30
2.19.3.4.6 Idx.
The table contains only one line, so the index only has the value "1".
Telnet path:
Setup > VPN > Isakmp > Timer
2.19.3.29 DH-Groups
This menu contains the configuration for the precalculation of DH keys.
Telnet path:
Setup > VPN > Isakmp
2.19.3.29.1 Precalculation
This option enables or disables the precalculation of DH keys.
Telnet path:
Setup > VPN > Isakmp > DH-Groups
479
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
Yes
2.19.3.29.2 Group-Config
This table specifies the number of DH keys to calculate for each DH group.
Telnet path:
Setup > VPN > Isakmp > DH-Groups
2.19.3.29.2.1 DH-Group
This value displays the corresponding DH group.
Telnet path:
Setup > VPN > Isakmp > DH-Groups > Group-config
Possible values:
Selection from the list of predefined DH groups
2.19.3.29.2.2 Precalc-Target
This value specifies the number of DH keys to be calculated for this DH group.
5
If you specify the value 0 here but you have enabled precalculation, the device will take the number from the
policies stored in the SPD table (Security Policy Database) as a basis for calculation.
Telnet path:
Setup > VPN > Isakmp > DH-Groups > Group-config
Possible values:
0 … 999999999
Default:
0
2.19.4 Proposals
This menu contains the configuration of the Proposals.
480
Menu Reference
2 Setup
Telnet path:
Setup > VPN
2.19.4.9 IKE-Proposal-Lists
Here you can display and add IKE proposal lists.
Telnet path:
Setup > VPN > Proposals
2.19.4.9.1 IKE-Proposal-Lists
Name for the combination of IKE proposals
Telnet path:
Setup > VPN > Proposals > IKE-Proposal-Lists
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.9.2 IKE-Proposal-1
From the list of defined IKE proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IKE-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.9.3 IKE-Proposal-2
From the list of defined IKE proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IKE-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
481
Menu Reference
2 Setup
Default:
empty
2.19.4.9.4 IKE-Proposal-3
From the list of defined IKE proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IKE-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.9.5 IKE-Proposal-4
From the list of defined IKE proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IKE-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.9.6 IKE-Proposal-5
From the list of defined IKE proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IKE-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.9.7 IKE-Proposal-6
From the list of defined IKE proposals, select the proposal that is to be used for this list.
482
Menu Reference
2 Setup
Telnet path:
Setup > VPN > Proposals > IKE-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.9.8 IKE-Proposal-7
From the list of defined IKE proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IKE-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.9.9 IKE-Proposal-8
From the list of defined IKE proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IKE-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.10 IPSEC-Proposal-Lists
Here you combine previously-defined proposals to form proposal lists.
Telnet path:
Setup > VPN > Proposals
2.19.4.10.1 IPSEC-Proposal-Lists
Name for the combination of IPSec proposals
483
Menu Reference
2 Setup
Telnet path:
Setup > VPN > Proposals > IPSEC-Proposal-Lists
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.10.2 IPSEC-Proposal-1
From the list of defined IPSec proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IPSEC-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.10.3 IPSEC-Proposal-2
From the list of defined IPSec proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IPSEC-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.10.4 IPSEC-Proposal-3
From the list of defined IPSec proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IPSEC-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
484
Menu Reference
2 Setup
2.19.4.10.5 IPSEC-Proposal-4
From the list of defined IPSec proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IPSEC-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.10.6 IPSEC-Proposal-5
From the list of defined IPSec proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IPSEC-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.10.7 IPSEC-Proposal-6
From the list of defined IPSec proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IPSEC-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.10.8 IPSEC-Proposal-7
From the list of defined IPSec proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IPSEC-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
485
Menu Reference
2 Setup
Default:
empty
2.19.4.10.9 IPSEC-Proposal-8
From the list of defined IPSec proposals, select the proposal that is to be used for this list.
Telnet path:
Setup > VPN > Proposals > IPSEC-Proposal-Lists
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.11 IKE
In this table you can define the proposals for administration of the SA negotiation.
Telnet path:
Setup > VPN > Proposals
2.19.4.11.1 Name
Name for the combinations of IKE parameters that should be used as the proposal.
5
The Internet Key Exchange (IKE) is a protocol for authentication and key exchange.
Telnet path:
Setup > VPN > Proposals > IKE
2.19.4.11.2 IKE-Crypt-Alg
Encryption algorithm for this proposal.
Telnet path:
Setup > VPN > Proposals > IKE
486
Menu Reference
2 Setup
Possible values:
AES-CBC
Blowfish-CBC
CAST128-CBC
3DES-CBC
DES-CBC
NULL-CBC
Default:
AES-CBC
2.19.4.11.3 IKE-Crypt-Keylen
Key length for this proposal.
Telnet path:
Setup > VPN > Proposals > IKE
Possible values:
0 … 65535
Default:
128
2.19.4.11.4 IKE-Auth-Alg
Hash algorithm for the encryption. The available values depend on the device you want to configure.
Telnet path:
Setup > VPN > Proposals > IKE
Possible values:
MD5
SHA1
SHA2-256
SHA2-384
SHA2-512
Default:
MD5
2.19.4.11.5 IKE-Auth-Mode
Authentication method for this proposal.
487
Menu Reference
2 Setup
Telnet path:
Setup > VPN > Proposals > IKE
Possible values:
Preshared key
Symmetrical PSK requires the key to be known at both ends of the connection.
RSA-Signature
Asymmetrical method with private and public keys, known from Rivest, Shamir Adleman.
Default:
Preshared key
2.19.4.11.6 Lifetime-Sec
Validity of the connections negotiated with this proposal with respect to connection duration
Telnet path:
Setup > VPN > Proposals > IKE
Possible values:
Max. 10 characters from [0-9]
Default:
108000
Special values:
0
No limit on connection time
2.19.4.11.7 Lifetime-KB
Validity of the connections negotiated with this proposal with respect to transmitted data volume.
Telnet path:
Setup > VPN > Proposals > IKE
Possible values:
Max. 10 characters from [0-9]
Default:
0
Special values:
0
No limit on data volume.
488
Menu Reference
2 Setup
2.19.4.12 IPsec
You define the defaults for encryption, authentication or compression here.
Telnet path:
Setup > VPN > Proposals
Possible values:
Max. 10 characters from [0-9]
Default:
0
Special values:
0
No limit on data volume.
2.19.4.12.1 Name
Name for the combinations of IPSec parameters that should be used as the proposal.
5
IPSec stands for "IP Security Protocol" and was originally the name used by a working group of the IETF, the
Internet Engineering Task xml:lang="en"Force. Over the years, this group has developed a framework for a secure
IP protocol that today is generally referred to as IPSec.
Telnet path:
Setup > VPN > Proposals > IPSEC
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.4.12.2 Encaps-Mode
Connection mode selection.
Telnet path:
Setup > VPN > Proposals > IPSEC
Possible values:
Tunnel
In tunnel mode, the entire packet including the original IP header is encrypted and authenticated and
the ESP header and trailers are added at the entrance of the tunnel. A new IP header is added to this
new packet, this time with the public IP address of the recipient at the end of the tunnel.
Transport
In transport mode, the IP header of the original packet is left unchanged and the ESP header, encrypted
data and both trailers are inserted. The IP header contains the unchanged IP address. Transport mode
can therefore only be used between two end points, for example for the remote configuration of a
489
Menu Reference
2 Setup
router. It cannot be used for the connectivity of networks via the Internet – this would require a new
IP header with the public IP address of the recipient. In such cases, ESP can be used in tunnel mode.
Mixed(LCOS4)
Default:
Tunnel
2.19.4.12.3 ESP-Crypt-Alg
Encryption algorithm for this proposal.
Telnet path:
Setup > VPN > Proposals > IPSEC
Possible values:
None
AES-CBC
Blowfish-CBC
CAST128-CBC
3DES-CBC
DES-CBC
NULL
Default:
AES-CBC
2.19.4.12.4 ESP-Crypt-Keylen
Key length for this proposal.
Telnet path:
Setup > VPN > Proposals > IPSEC
Possible values:
Max. 5 characters from [0-9]
Default:
256
2.19.4.12.5 ESP-Auth-Alg
ESP authentication method for this proposal.
Telnet path:
Setup > VPN > Proposals > IPSEC
490
Menu Reference
2 Setup
Possible values:
None
HMAC-MD5
HMAC-SHA1
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-512
Default:
HMAC-SHA1
2.19.4.12.6 AH-Auth-Alg
AH authentication method for this proposal.
Telnet path:
Setup > VPN > Proposals > IPSEC
Possible values:
None
HMAC-MD5
HMAC-SHA1
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-512
Default:
None
2.19.4.12.7 IPCOMP-Alg
Compression method for this proposal.
Telnet path:
Setup > VPN > Proposals > IPSEC
Possible values:
None
DEFLATE
Default:
None
491
Menu Reference
2 Setup
2.19.4.12.8 Lifetime-Sec
Validity of the connections negotiated with this proposal with respect to connection duration
Telnet path:
Setup > VPN > Proposals > IPSEC
Possible values:
Max. 10 characters from [0-9]
Default:
28800
Special values:
0
No limit on connection time
2.19.4.12.9 Lifetime-KB
Validity of the connections negotiated with this proposal with respect to transmitted data volume.
Telnet path:
Setup > VPN > Proposals > IPSEC
Possible values:
Max. 10 characters from [0-9]
Default:
2000000
Special values:
0
No limit on data volume.
2.19.5 Certificates and keys
This menu contains the configuration of the certificates and keys.
Telnet path:
Setup > VPN
2.19.5.3 IKE-Keys
Entered here are the shared key for preshared-key authentication and the identities for preshared-key- and RSA signature
authentication.
Telnet path:
Setup > VPN > Certificates-and-Keys
492
Menu Reference
2 Setup
2.19.5.3.1 Name
Name for the combination of identities and keys.
Telnet path:
Setup > VPN > Certificates-and-Keys > IKE-Keys
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.5.3.2 Remote identity
Remote ID that the entered key is to be valid for.
Telnet path:
Setup > VPN > Certificates-and-Keys > IKE-Keys
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.5.3.3 Shared sec
Key/secret that should apply to this combination.
Telnet path:
Setup > VPN > Certificates-and-Keys > IKE-Keys
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.5.3.4 Shared-Sec-File
[obsolete, not used: File with PSK]
Telnet path:
Setup > VPN > Certificates-and-Keys > IKE-Keys
Possible values:
Max. 20 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
493
Menu Reference
2 Setup
Default:
empty
2.19.5.3.5 Remote-ID-Type
Type of remote ID that the entered key is to be valid for.
Telnet path:
Setup > VPN > Certificates-and-Keys > IKE-Keys
Possible values:
No-Identity
IPv4 address
IPv6 address
Domain name
E-mail address
Distinguished name
Key ID
Default:
No-Identity
2.19.5.3.6 Local-ID-Type
Type of local ID that the entered key is to be valid for.
Telnet path:
Setup > VPN > Certificates-and-Keys > IKE-Keys
Possible values:
No-Identity
IPv4 address
IPv6 address
Domain name
E-mail address
Distinguished name
Key ID
Default:
No-Identity
2.19.5.3.7 Local identity
Local ID that the entered key is to be valid for.
494
Menu Reference
2 Setup
Telnet path:
Setup > VPN > Certificates-and-Keys > IKE-Keys
Possible values:
Max. 254 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.7 Layer
Here you define further parameters for individual VPN connections.
Telnet path:
Setup > VPN
2.19.7.1 Name
Name for the combination of connection parameters.
Telnet path:
Setup > VPN > Layer
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.7.3 PFS-Grp
Perfect Forward Secrecy (PFS) is a security feature of encryption algorithms. The PFS group specifies the length of the
Diffie-Hellman key used to encrypt the IKE negotiation.
Telnet path:
Setup > VPN > Layer
Possible values:
0
No PFS
1
MODP-768
2
MODP-1024
5
MODP-1536
495
Menu Reference
2 Setup
14
MODP-2048
15
MODP-3072
16
MODP-4096
Default:
2
2.19.7.4 IKE-Grp
The IKE group specifies the length of the Diffie-Hellman key used to encrypt the IKE negotiation.
Telnet path:
Setup > VPN > Layer
Possible values:
1
MODP-768
2
MODP-1024
5
MODP-1536
14
MODP-2048
15
MODP-3072
16
MODP-4096
Default:
2
2.19.7.5 IKE-Prop-List
Select the IKE proposal list for this connection from the list of specified IKE proposal lists.
Telnet path:
Setup > VPN > Layer
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
496
Menu Reference
2 Setup
Default:
empty
2.19.7.6 IPSEC-Prop-List
Select the IPSec proposal list for this connection from the list of specified IPSec proposal lists.
Telnet path:
Setup > VPN > Layer
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.7.7 IKE key
Select the IKE key for this connection from the list of specified IKE keys.
Telnet path:
Setup > VPN > Layer
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.8 Operating
Switches the VPN module on or off.
Telnet path:
Setup > VPN
Possible values:
Operating
Deactivated
Default:
Deactivated
497
Menu Reference
2 Setup
2.19.9 VPN peers
In this table you define the VPN connections to be established by your device.
Telnet path:
Setup > VPN
2.19.9.1 Peer
Select the name of the VPN connection from the list of defined peers.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.9.2 Extranet address
In LCOS versions before 9.10, this field contained the IPv4 address used by the local stations to mask their own IP address
in certain scenarios.
As of LCOS version 9.10, masquerading uses the entry under Setup > WAN > IP-List in the field Masq.-IP-Addr..
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
Max. 15 characters from [0-9].
Default:
empty
2.19.9.4 Layer
Select the combination of connection parameters (PFS, IKE, and IPSec parameters) to be used for this connection from
the list of defined connection parameters.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
498
Menu Reference
2 Setup
2.19.9.5 dynamic
Dynamic VPN is a technology which permits VPN tunnels to be connected even to remote sites that do not have a static
IP address, but a dynamic one instead.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
No
Dynamic VPN is not used.
ICMP
An ICMP packet is sent to the remote site to transmit the IP address.
UDP
A UDP packet is sent to the remote site to transmit the IP address.
B channel
A connection is established to transmit IP addresses.
D channel
If possible, IP addresses are transmitted without establishing a connection.
Default:
No
2.19.9.6 SH time
This value specifies the number of seconds that pass before a connection to this remote site is terminated if no data is
being transferred.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
0 … 9999
Default:
0
Special values:
9999
This value causes connections to be established immediately and without a time limit.
2.19.9.7 IKE exchange
Selects the IKE exchange mode.
5
Main Mode exchanges significantly more unencrypted messages during the IKE handshake than the Aggressive
Mode. This is why main mode is far more secure than the aggressive mode.
499
Menu Reference
2 Setup
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
Main mode
Aggressive mode
Default:
Main mode
2.19.9.8 Remote-Gw
DNS name or IP address of the remote gateway which is to be used to set up the VPN connection.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.9.9 Rule creation
On/off switch and type of rule creation.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
Auto
Automatically created VPN rules connect the local IP networks with the IP networks entered into the
routing table for the remote site.
Manual
VPN rules are only created for the remote site for IP network relationships specified "Manually" in the
firewall configuration.
Off
No VPN rule is created for the remote site.
Default:
Auto
500
Menu Reference
2 Setup
2.19.9.10 DPD-Inact-Timeout
Dead peer detection is used when VPN clients dial in to a VPN gateway or when 2 VPN gateways are connected. This is
designed to ensure that a peer is logged out if there is an interruption to the VPN connection, for example when the
Internet connection is interrupted briefly. If the line were not to be monitored, then the VPN gateway would continue
to list the client or the other VPN gateway as logged-on. This would prevent the peer from dialing in again as, for example,
the LANCOM Advanced VPN Client does not allow a simultaneous dial-in using the same serial number.
With dead-peer detection, the gateway and peer regularly exchange "keep alive" packets. If no replies are received, the
gateway will log out the peer so that this ID can be registered anew once the VPN connection has been re-established.
The DPD time for VPN clients is typically set to 60 seconds.
5
Without line monitoring, a user with the same "identity" (user name) would be prevented from dialing in because
the associated user would still be in the list for the logged-in peer.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
Max. 10 characters from [0-9]
Default:
0
2.19.9.11 IKE-CFG
When configuring VPN dial-in connections, there is as an alternative to fixed IP addresses for the remote sites that dial
in, in that a pool of IP addresses can be made available to them. To this end, the "IKE-CFG" mode is additionally added
to the entries in the connection list.
5
When set as server, the remote site must be configured as IKE-CFG client, and thus has to request an IP address
from the server. To dial in with a LANCOM Advanced VPN Client, the option "Use IKE Config Mode" has to be
activated in the connection profile.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
Off
If the IKE-CFG mode is switched off, no IP addresses will be assigned for the connection. Fixed IP
addresses must be defined for both ends of the connection.
Client
With this setting, the device functions as the client for this VPN connection and requests an IP address
from the remote site (server). The device acts in a similar manner to a VPN client.
Server
With this setting, the device functions as the server for this VPN connection. The assignment of an IP
address to the client can take place in two ways:
If the remote site is entered in the routing table, the IP address defined here will be assigned to the
client.
If the remote site is not entered in the routing table, an IP address which is available from the IP pool
will be taken for the dial-in connections.
501
Menu Reference
2 Setup
Default:
Off
2.19.9.12 XAUTH
Enables the use of XAUTH for the VPN remote site selected.
5
If XAUTH authentication is enabled for a VPN remote site, the IKE-CFG option must be set to the same value.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
Off
No XAUTH authentication is performed for the connection to this remote site.
Client
In the XAUTH client operating mode, the device starts the initial phase of IKE negotiation (Main mode
or Aggressive mode) and then waits for the authentication request from the XAUTH server. The XAUTH
client responds to this request with the user name and password from the PPP table entry in which the
PPP remote site corresponds to the VPN remote site defined here. There must therefore be a PPP remote
site of the same name for the VPN remote site. The user name defined in the PPP table normally differs
from the remote site name.
Server
In the XAUTH server operating mode, the device (after successful negotiation of the initial IKE negotiation)
starts authentication with a request to the XAUTH client, which then responds with its user name and
password. The XAUTH server searches for the user name in the PPP table and, if a match is found, it
checks the password. The user name for this entry in the PPP table is not used.
Default:
Off
2.19.9.13 SSL-Encaps.
With this option you activate IPsec-over-HTTPS technology when actively establishing a connection to this remote site.
5
Please note that when the IPsec-over-HTTPS option is activated, the VPN connection can only be established
when the remote site also supports this technology and when the remote site is set up to receive passive VPN
connections that use IPsec over HTTPS.
Telnet path:
Setup > VPN > VPN-Peers
502
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
No
2.19.9.15 Rtg-Tag
Routing tags are used on the device in order to evaluate criteria relevant to the selection of the target route in addition
to the IP address. The only routes in the routing table to be used are those with a matching routing tag. The routing tag
for each VPN connection can be specified here. The routing tag is used to determine the route to the remote gateway.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
0 … 65535
Default:
0
2.19.9.16 OCSP-Check
With this setting you enable the real-time check of a X.509 certificate via OCSP, which checks the validity of the remote
station's certificate. In order to use the OCSP check for individual VPN connections, you must first enable the global
OCSP client for VPN connections and then create profile lists of the valid certificate authorities used by the device to
perform the real-time check.
5
Please note that the check via OCSP only checks the locking status of a certificate, but it does not check the
mathematical correctness of its signature, validity period, or other usage restrictions.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
No
Yes
Default:
No
2.19.9.17 IPv4-Rules
Use this entry to specify IPv4 rules for the VPN remote stations.
503
Menu Reference
2 Setup
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.9.18 IPv6-Rules
Use this entry to specify IPv6 rules for the VPN remote stations.
Telnet path:
Setup > VPN > VPN-Peers
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.10 AggrMode-Proposal-List-Default
This IKE proposal list is used for aggressive-mode connections when the remote address cannot be identified by its IP
address but by a subsequently transmitted ID.
Select the IKE proposal list to be used for this connection from the list of specified IKE proposal lists.
Telnet path:
Setup > VPN
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
IKE_RSA_SIG
2.19.11 AggrMode-IKE-Group-Default
This IKE group is used for aggressive-mode connections when the remote address cannot be identified by its IP address
but by a subsequently transmitted ID.
Telnet path:
Setup > VPN
504
Menu Reference
2 Setup
Possible values:
1
MODP-768
2
MODP-1024
5
MODP-1536
14
MODP-2048
15
MODP-3072
16
MODP-4096
Default:
2
2.19.12 Additional gateways
This table is used to specify a list of possible gateways for each remote site.
Telnet path:
Setup > VPN
2.19.12.1 Peer
From the list of defined VPN connections, select here the name of the VPN connection that the additional gateways
defined here apply to.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.2 Gateway-1
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
505
Menu Reference
2 Setup
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.3 Gateway-2
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.4 Gateway-3
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.5 Gateway-4
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
506
Menu Reference
2 Setup
2.19.12.6 Gateway-5
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.7 Gateway-6
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.8 Gateway-7
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.9 Gateway-8
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
507
Menu Reference
2 Setup
Default:
empty
2.19.12.10 Begin with
Here you select the first gateway that is to be used for establishing the VPN connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Last used
Selects the entry for the connection which was successfully used most recently.
Begin with
Start with the first entry in the list.
Random
Selects a random entry from the list.
Default:
Last used
2.19.12.11 Rtg-Tag-1
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.12 Rtg-Tag-2
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
508
Menu Reference
2 Setup
Default:
0
2.19.12.13 Rtg-Tag-3
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.14 Rtg-Tag-4
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.15 Rtg-Tag-5
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.16 Rtg-Tag-6
Enter the routing tag for setting the route to the relevant gateway.
509
Menu Reference
2 Setup
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.17 Rtg-Tag-7
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.18 Rtg-Tag-8
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.19 Gateway-9
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
510
Menu Reference
2 Setup
2.19.12.20 Gateway-10
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.21 Gateway-11
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.22 Gateway-12
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.23 Gateway-13
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
511
Menu Reference
2 Setup
Default:
empty
2.19.12.24 Gateway-14
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.25 Gateway-15
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.26 Gateway-16
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.27 Rtg-Tag-9
Enter the routing tag for setting the route to the relevant gateway.
512
Menu Reference
2 Setup
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.28 Rtg-Tag-10
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.29 Rtg-Tag-11
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.30 Rtg-Tag-12
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
513
Menu Reference
2 Setup
2.19.12.31 Rtg-Tag-13
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.32 Rtg-Tag-14
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.33 Rtg-Tag-15
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.34 Rtg-Tag-16
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
514
Menu Reference
2 Setup
Default:
0
2.19.12.35 Gateway -17
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.36 Rtg-Tag-17
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.37 Gateway -18
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.38 Rtg-Tag-18
Enter the routing tag for setting the route to the relevant gateway.
515
Menu Reference
2 Setup
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.39 Gateway -19
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.40 Rtg-Tag-19
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.41 Gateway -20
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
516
Menu Reference
2 Setup
2.19.12.42 Rtg-Tag-20
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.43 Gateway -21
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.44 Rtg-Tag-21
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.45 Gateway -22
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
517
Menu Reference
2 Setup
Default:
empty
2.19.12.46 Rtg-Tag-22
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.47 Gateway -23
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.48 Rtg-Tag-23
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.49 Gateway -24
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
518
Menu Reference
2 Setup
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.50 Rtg-Tag-24
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.51 Gateway -25
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.52 Rtg-Tag-25
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
519
Menu Reference
2 Setup
2.19.12.53 Gateway -26
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.54 Rtg-Tag-26
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.55 Gateway -27
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.56 Rtg-Tag-27
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
520
Menu Reference
2 Setup
Default:
0
2.19.12.57 Gateway -28
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.58 Rtg-Tag-28
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.59 Gateway -29
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.60 Rtg-Tag-29
Enter the routing tag for setting the route to the relevant gateway.
521
Menu Reference
2 Setup
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.61 Gateway -30
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.62 Rtg-Tag-30
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.63 Gateway -31
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
522
Menu Reference
2 Setup
2.19.12.64 Rtg-Tag-31
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.12.65 Gateway -32
DNS name or IP address of the remote gateway to be used as an alternative to the connection.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.12.66 Rtg-Tag-32
Enter the routing tag for setting the route to the relevant gateway.
Telnet path:
Setup > VPN > Additional-Gateways
Possible values:
0 … 65535
Default:
0
2.19.13 MainMode-Proposal-List-Default
This IKE proposal list is used for main-mode connections when the remote address cannot be identified by its IP address
but by a subsequently transmitted ID.
Select the IKE proposal list to be used for this connection from the list of specified IKE proposal lists.
Telnet path:
Setup > VPN
523
Menu Reference
2 Setup
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
IKE_PRESH_KEY
2.19.14 MainMode-IKE-Group-Default
This IKE group is used for main-mode connections when the remote address cannot be identified by its IP address but
by a subsequently transmitted ID.
Telnet path:
Setup > VPN
Possible values:
1
MODP-768
2
MODP-1024
5
MODP-1536
14
MODP-2048
15
MODP-3072
16
MODP-4096
Default:
2
2.19.16 NAT-T-Operating
Enables the use of NAT-Traversal. NAT Traversal eliminates the problems that occur when establishing a VPN connection
at the end points of the VPN tunnel.
5
5
NAT-T can only be used with VPN connections that use ESP (Encapsulating Security Payload) for authentication.
Unlike AH (Authentication Header), ESP does not consider the IP header of the data packets when determining
the hash value for authentication. The hash value calculated by the receiver is therefore also equivalent to the
hash value entered in the packets.
If the device functions as a NAT router between the VPN end points, ensure that UDP ports 500 and 4500 are
enabled in the firewall when you use NAT-T! This port is activated automatically if you use the firewall assistant
in LANconfig.
Telnet path:
Setup > VPN
524
Menu Reference
2 Setup
Possible values:
Yes
Off
Default:
Off
2.19.17 Simple-Cert-RAS-Operating
Enables simplified dial-in with certificates. The simplification is that a shared configuration can be made for incoming
connections, as long as the certificates of the remote peers are signed by the issuer of the root certificate in the device.
In this case a configuration has to be made for each remote peer. You find the shared configuration necessary for this
with the settings for default parameters. Individual remote peers can only be excluded from this function by having their
certificates revoked in a CRL (Certificate Revocation List).
Telnet path:
Setup > VPN
Possible values:
Yes
Off
Default:
Off
2.19.19 QuickMode-Proposal-List-Default
From the list of specified IPSec proposal lists, select the IPSec proposal list to be used for simplified RAS with certificates.
Telnet path:
Setup > VPN
Possible values:
Max. 17 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
ESP_TN
2.19.20 QuickMode-PFS-Group-Default
This IPSec group is used for simplified dial-in with certificates.
Telnet path:
Setup > VPN
525
Menu Reference
2 Setup
Possible values:
0
No PFS
1
MODP-768
2
MODP-1024
5
MODP-1536
14
MODP-2048
15
MODP-3072
16
MODP-4096
Default:
2
2.19.21 QuickMode-Shorthold-Time-Default
This hold time is used for simplified dial-in with certificates.
Telnet path:
Setup > VPN
Possible values:
0 … 65535
Default:
0
2.19.22 Allow-Remote-Network-Selection
If simplified dial-in with certificates is activated for the device at headquarters, then the remote routers can suggest a
network to be used for the connection during the IKE negotiation in phase 2. This network is entered, for example, when
setting up the VPN connection on the remote router. The device at headquarters accepts the suggested network when
this option is activated. Moreover, the parameters used by the client during dial in must agree with the default values
in the VPN router.
5
When configuring the dial-in remote sites, be sure to note that each remote site requests a specific network so
that no network address conflicts arise.
Telnet path:
Setup > VPN
526
Menu Reference
2 Setup
Possible values:
Yes
Off
Default:
Off
2.19.23 Establish-SAs-Collectively
Security Associations (SAs) are the basis for establishing a VPN tunnel between two networks. The establishment of
Security Associations is normally initiated by an IP packet which is to be sent from a source network to a destination
network.
The establishment of Security Associations is normally initiated by an IP packet which is to be sent from a source network
to a destination network. This allows the setup of network relationships to be precise controlled according to the
application.
Telnet path:
Setup > VPN
Possible values:
Separately
Only the SA which corresponds explicitly to a packet waiting for transfer is to be established.
Collectively
All SAs defined in the device will be established.
Collectively with KeepAlive
All of the defined SAs will be established for remote sites in the VPN connection list with a hold time
set to "9999" (Keep Alive).
Default:
Separately
2.19.24 Max-Concurrent-Connections
This setting determines how many VPN connections the device can establish.
5
The maximum value is limited by the relevant license.
Telnet path:
Setup > VPN
Possible values:
Max. 5 characters from [0-9]
527
Menu Reference
2 Setup
Default:
0
Special values:
0
With a value of 0, the device may take fully advantage of the maximum number permitted by the license.
Values above the license limits are ignored.
2.19.25 Flexible-ID-Comparison
This flexible method of identification comparison is activated or deactivated in the VPN configuration.
5
Flexible identity comparison is used when checking the (received) remote identity and also for selecting the
certificate based on the local identity.
Telnet path:
Setup > VPN
Possible values:
Yes
No
Default:
No
2.19.26 NAT-T port for rekeying
This item sets whether the IKE packets are sent to port 500 (value = "no") or the port 4500 (value = "yes") during rekeying.
Telnet path:
Setup > VPN
Possible values:
Yes
No
Default:
No
2.19.27 SSL encapsulation allowed
Activate the 'SSL encaps' option in the general VPN settings to enable passive connection establishment to a VPN device
from another VPN remote device using IPsec-over-HTTPS technology (VPN device or LANCOM Advanced VPN client).
528
Menu Reference
2 Setup
5
The LANCOM Advanced VPN Client supports automatic fallback to IPsec over HTTPS. With this setting, the VPN
client initially attempts to establish a connection without using the additional SSL encapsulation. If the connection
cannot be made, the device then tries to connect with the additional SSL encapsulation.
Telnet path:
Setup > VPN
Possible values:
Yes
No
Default:
No
2.19.28 myVPN
The "myVPN" function is used by devices with the iOS operating system to automatically retrieve VPN profiles and take
over the configuration of the internal VPN client. At the router's end, you configure the VPN profile and the parameters
for myVPN. With the aid of the LANCOM myVPN app and a suitable PIN, you can configure your device for VPN dial-in
in just a few easy steps.
More information on the myVPN app is available on the LANCOM homepage.
Telnet path:
Setup > VPN
Possible values:
Yes
No
Default:
No
2.19.28.1 Operating
Use this switch to activate myVPN for this device.
Telnet path:
Setup > VPN > myVPN
529
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
No
2.19.28.2 PIN length
This item sets the length of new PINs generated by the setup wizard.
5
Please note that the minimum PIN length is 4 and the maximum PIN length is 12.
Telnet path:
Setup > VPN > myVPN
Possible values:
Max. 2 characters from [0-9]
Default:
4
2.19.28.3 Device name
Enter the device name here if a trustworthy SSL certificate is installed on this device. This ensures that the iOS device
does not issue a warning about an untrusted certificate when the profile is retrieved.
Telnet path:
Setup > VPN > myVPN
Possible values:
Max. 31 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.28.4 Mapping
This table assigns the myVPN PIN to the VPN profiles.
Telnet path:
Setup > VPN > myVPN
530
Menu Reference
2 Setup
2.19.28.4.1 PIN
This is where you can store the PIN for retrieving the myVPN app profile.
The myVPN setup wizard also uses this PIN in the PPP list for the actual VPN login. If you change your PIN here, you
must also change it in LANconfig under Communication > Protocols > PPP-list if you wish to avoid having a different
PIN.
5
Security notice: As a security feature of myVPN, the repeated incorrect entry of a PIN causes the device to
temporarily disable profile retrieval, and a notification is sent by SYSLOG and by e-mail. After three failed attempts,
the device disables profile retrieval for 15 minutes. After three further failed attempts the device disables profile
retrieval for 24 hours. In case of further failed attempts, the time periods vary. Manually releasing this lock resets
the corresponding counter. Please also be aware that an attempt to retrieve the profile while access is deactivated
(e.g. when the profile has previously been retrieved successfully) is also considered by the device to be a failed
attempt.
Telnet path:
Setup > VPN > myVPN > Mapping
Possible values:
Max. 12 characters from [0-9]
Default:
empty
2.19.28.4.2 VPN profile
This setting determines which VPN profile the myVPN app should retrieve.
Telnet path:
Setup > VPN > myVPN > Mapping
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.28.4.3 Operating
This switch activates the profile retrieval by means of the myVPN app. After the profile has been retrieved successfully,
the device automatically disables the corresponding profile to avoid the repeated download by another device.
Telnet path:
Setup > VPN > myVPN > Mapping
531
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
No
2.19.28.5 Re-enable login
The command do re-enable-login releases the lock that was caused by failed attempts. If required, this
generates a message about the re-enabling via SYSLOG or e-mail.
Telnet path:
Setup > VPN > myVPN
2.19.28.6 E-mail notification
Enable this option to send messages about the myVPN app to a specific e-mail address.
These messages include:
a Successful profile retrieval
a Disabled login for myVPN due to too many failed attempts
a Re-enabling of the login (irrespective of whether this is done manually or if the specified time period has expired)
Telnet path:
Setup > VPN > myVPN
Possible values:
No
Yes
Default:
No
2.19.28.7 E-mail address
Identify the e-mail address to which messages about the myVPN app are to be sent.
Telnet path:
Setup > VPN > myVPN
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
532
Menu Reference
2 Setup
Default:
empty
2.19.28.8 SYSLOG
Activate this option to send messages about the myVPN app to SYSLOG.
These messages include:
a Successful profile retrieval
a Disabled login for myVPN due to too many failed attempts
a Re-enabling of the login (irrespective of whether this is done manually or if the specified time period has expired)
Telnet path:
Setup > VPN > myVPN
Possible values:
No
Yes
Default:
No
2.19.28.9 Remote gateway
Here you enter the WAN address of the router or its name as resolved by public DNS servers. If the myVPN app cannot
find the remote gateway by means of automatic search, you should enter the gateway into the app as well.
Telnet path:
Setup > VPN > myVPN
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.28.10 Error-count-for-login-block
This parameter limits the number of failed logins for the myVPN application.
If the user exceeds the maximum number of failed attempts, the device will lock access for 15 minutes the first time,
and for 24 hours the second time.
The console command Re-enable-login removes these blocks (see Re-enable login).
Telnet path:
Setup > Vpn > myVPN
533
Menu Reference
2 Setup
Possible values:
5-30
Default:
5
2.19.28.11 Allow access from WAN
This parameter allows or prevents the user from downloading myVPN profiles from the WAN.
Telnet path:
Setup > Vpn > myVPN
Possible values:
Yes
No
Default:
Yes
2.19.30 Anti-Replay-Window-Size
Used for detecting replay attacks, this parameter defines the size of the window (i.e. number of packets) within which
a VPN device considers the sequential number of the received packets to be up-to-date. The VPN device drops packets
that have a sequence number older than or duplicated within this window.
Telnet path:
Setup > VPN > myVPN
Possible values:
Max. 5 characters from [0-9]
Default:
0
Special values:
0
A value of 0 disables replay detection.
2.19.35 Networks
In this directory, you configure the VPN network rules for IPv4 and IPv6 connections.
Telnet path:
Setup > VPN
534
Menu Reference
2 Setup
2.19.35.1 IPv4-Rules
In this table, you configure the VPN network rules for IPv4 connections.
Telnet path:
Setup > VPN > Networks
2.19.35.1.1 Name
Contains the name of this rule.
Telnet path:
Setup > VPN > Networks > IPv4-Rules
Possible values:
Max. 31 characters from [A-Z][0-9]#@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.35.1.2 Local-Networks
Contains the local networks to which this rule applies.
The following entries are valid:
a
a
a
a
a
Name of the IP networks whose addresses should be used.
“INT” for the address of the first intranet.
“DMZ” for the address of the first DMZ
LB0 to LBF for the 16 loopback addresses.
Any valid IP address.
4
Specify multiple networks by separating them with a space character.
Telnet path:
Setup > VPN > Networks > IPv4-Rules
Possible values:
Max. 127 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()+-,/:;<=>?[\]^_. `
Default:
empty
2.19.35.1.3 Remote-Networks
Contains the remote networks to which this rule applies.
The following entries are valid:
a Name of the IP networks whose addresses should be used.
535
Menu Reference
2 Setup
a
a
a
a
“INT” for the address of the first intranet.
“DMZ” for the address of the first DMZ
LB0 to LBF for the 16 loopback addresses.
Any valid IP address.
4
Specify multiple networks by separating them with a space character.
Telnet path:
Setup > VPN > Networks > IPv4-Rules
Possible values:
Max. 127 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()+-,/:;<=>?[\]^_. `
Default:
empty
2.19.35.2 IPv4-Rule-Lists
In this table, you collect the VPN network rules for IPv4 connections into a rule list.
Telnet path:
Setup > VPN > Networks
2.19.35.2.1 Name
Contains the name of this rule list.
Telnet path:
Setup > VPN > Networks > IPv4-Rules
Possible values:
Max. 31 characters from [A-Z][0-9]#@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.35.2.2 Rules
Contains the rules that you want to collect into this rule list.
4
Specify several rules by separating them with a space character.
Telnet path:
Setup > VPN > Networks > IPv4-Rules
Possible values:
Max. 127 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_ .
536
Menu Reference
2 Setup
Default:
empty
2.19.35.3 IPv6-Rules
In this table, you configure the VPN network rules for IPv6 connections.
Telnet path:
Setup > VPN > Networks
2.19.35.3.1 Name
Contains the name of this rule.
Telnet path:
Setup > VPN > Networks > IPv6-Rules
Possible values:
Max. 31 characters from [A-Z][0-9]#@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.35.3.2 Local-Networks
Contains the local networks to which this rule applies.
4
Specify multiple networks by separating them with a space character.
Telnet path:
Setup > VPN > Networks > IPv6-Rules
Possible values:
Max. 127 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()+-,/:;<=>?[\]^_. `
Default:
empty
2.19.35.3.3 Remote-Networks
Contains the remote networks to which this rule applies.
4
Specify multiple networks by separating them with a space character.
Telnet path:
Setup > VPN > Networks > IPv6-Rules
537
Menu Reference
2 Setup
Possible values:
Max. 127 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()+-,/:;<=>?[\]^_. `
Default:
empty
2.19.35.4 IPv6-Rule-Lists
In this table, you collect the VPN network rules for IPv6 connections into a rule list.
Telnet path:
Setup > VPN > Networks
2.19.35.4.1 Name
Contains the name of this rule list.
Telnet path:
Setup > VPN > Networks > IPv6-Rules
Possible values:
Max. 31 characters from [A-Z][0-9]#@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.35.4.2 Rules
Contains the rules that you want to collect into this rule list.
4
Specify several rules by separating them with a space character.
Telnet path:
Setup > VPN > Networks > IPv6-Rules
Possible values:
Max. 127 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_ .
Default:
empty
2.19.36 IKEv2
In this directory you configure the IKEv2 parameters.
538
Menu Reference
2 Setup
Telnet path:
Setup > VPN
2.19.36.1 remote sites
In this table, you configure the IKEv2 connections to VPN partners.
4
The console command show vpn shows whether the connection is successful.
Telnet path:
Setup > VPN > IKEv2
2.19.36.1.1 Peer
Contains the name of the connection to the remote station.
Subsequently, this name appears in the routing table.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.19.36.1.2 Active
Specifies whether the VPN peer is enabled.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Yes
The VPN connection is enabled.
No
The VPN connection is disabled.
Default:
Yes
539
Menu Reference
2 Setup
2.19.36.1.3 SH time
Specifies the hold time in seconds for which the device stays connected if there is no data flow.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 4 characters from [0-9]
Default:
0
0 … 9999
Special values:
0
The device does not actively establish a connection, but waits for data packets to arrive.
9999
Keepalive: The device establishes a permanent connection.
2.19.36.1.4 Remote gateway
Contains the address (IPv4, IPv6 or FQDN) of the VPN partner.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 40 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.`
Default:
empty
2.19.36.1.5 Rtg-Tag
Contains the routing tag for this VPN connection.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 5 characters from [0-9]
Default:
0
540
Menu Reference
2 Setup
2.19.36.1.6 Encryption
Specifies the encryption method used for the VPN connection. The corresponding entry is located in the table Setup >
VPN > IKEv2 > Encryption.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.19.36.1.7 Authentication
Specifies the authentication method used for the VPN connection. The corresponding entry is located in the table Setup >
VPN > IKEv2 > Auth > Parameter.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.36.1.8 General
Specifies the general parameters used for the VPN connection. The corresponding entry is located in the table Setup >
VPN > IKEv2 > General.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.19.36.1.9 Lifetimes
Specifies the lifetimes of the key used for the VPN connection. The corresponding entry is located in the table Setup >
VPN > IKEv2 > Lifetimes.
Telnet path:
Setup > VPN > IKEv2 > Peers
541
Menu Reference
2 Setup
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.19.36.1.10 IKE-CFG
Specifies the IKEv2 config mode of this connection for RAS dial-ins.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Off
RAS services are disabled.
Client
The device works as a RAS client and dials-in to a server.
Servers
The device works as a server. RAS clients can dial-in to it.
Default:
Off
2.19.36.1.11 Rule creation
Specifies how VPN rules are created.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Auto
The device creates the VPN rules automatically.
Manual
The device uses manually created rules.
Default:
Auto
2.19.36.1.12 IPv4-Rules
Specifies which IPv4 rules apply to this VPN connection.
542
Menu Reference
2 Setup
The IPv4 rules are located in the table Setup > VPN > Networks > IPv4-Rule-Lists.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_ .
Default:
empty
2.19.36.1.13 IPv6-Rules
Specifies which IPv6 rules apply to this VPN connection.
The IPv6 rules are located in the table Setup > VPN > Networks > IPv6-Rule-Lists.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_ .
Default:
empty
2.19.36.1.14 Routing
Specifies the route used for the VPN connection.
The routes for IPv4 and IPv6 connections are located in the menu Setup > VPN > IKEv2 > Routing.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 31 characters from [A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.36.1.15 RADIUS authorization
Here you specify the RADIUS server that performs the authorization.
Here you select an entry from the table under Setup > VPN > IKEv2 > RADIUS > Authorization > Server.
4
If you do not specify a RADIUS server for authorization, the device uses the local IKEv2 configuration.
543
Menu Reference
2 Setup
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 31 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.36.1.16 RADIUS accounting
Use this entry to specify the RADIUS server that is to be used for the accounting.
Here you select an entry from the table under Setup > VPN > IKEv2 > RADIUS > Accounting > Server.
4
If you do not specify a RADIUS server, no accounting takes place for this VPN peer.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 31 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.36.1.17 Comment
Enter a comment about this entry.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.1.18 IPv4-CFG-Pool
Use this entry to specify an IPv4 address pool for the IKEv2 peer.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
544
Menu Reference
2 Setup
Default:
empty
2.19.36.1.19 IPv6-CFG-Pool
Use this entry to specify an IPv6 address pool for the IKEv2 peer.
Telnet path:
Setup > VPN > IKEv2 > Peers
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
2.19.36.2 Encryption
Use this table to configure the parameters for the IKEv2 encryption.
Telnet path:
Setup > VPN > IKEv2
2.19.36.2.1 Name
Contains the name of this configuration.
Telnet path:
Setup > VPN > IKEv2 > Encryption
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.19.36.2.2 DH-Groups
Contains the selection of Diffie-Hellman groups.
Telnet path:
Setup > VPN > IKEv2 > Encryption
545
Menu Reference
2 Setup
Possible values:
DH16
DH15
DH14
DH5
DH2
Default:
DH14
2.19.36.2.3 PFS
Specifies whether perfect forward secrecy (PFS) is enabled.
Telnet path:
Setup > VPN > IKEv2 > Encryption
Possible values:
Yes
No
Default:
Yes
2.19.36.2.4 IKE-SA cipher list
Specifies which encryption algorithms are enabled.
Telnet path:
Setup > VPN > IKEv2 > Encryption
Possible values:
AES-CBC-256
AES-CBC-192
AES-CBC-128
3DES
Default:
AES-CBC-256
2.19.36.2.5 IKE-SA-Integ-Alg-List
Specifies which hash algorithms are enabled.
546
Menu Reference
2 Setup
Telnet path:
Setup > VPN > IKEv2 > Encryption
Possible values:
SHA-512
SHA-384
SHA-256
SHA1
MD5
Default:
SHA-256
SHA1
2.19.36.2.6 Child-SA-Cipher-List
Specifies which encryption algorithms are enabled in the Child-SA.
Telnet path:
Setup > VPN > IKEv2 > Encryption
Possible values:
AES-CBC-256
AES-CBC-192
AES-CBC-128
3DES
Default:
AES-CBC-256
2.19.36.2.7 Child-SA-Integ-Alg-List
Specifies which hash algorithms are enabled in the Child-SA.
Telnet path:
Setup > VPN > IKEv2 > Encryption
547
Menu Reference
2 Setup
Possible values:
SHA-512
SHA-384
SHA-256
SHA1
MD5
Default:
SHA-256
SHA1
2.19.36.3 Auth
Use this menu to configure the parameters for the IKEv2 authentication.
Telnet path:
Setup > VPN > IKEv2
2.19.36.3.1 Parameter
Use this table to configure the local and a corresponding remote identity for the IKEv2 authentication.
Telnet path:
Setup > VPN > IKEv2 > Auth
2.19.36.3.1.1 Name
Contains the name of this entry.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.19.36.3.1.2 Local-Auth
Sets the authentication method for the local identity.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
548
Menu Reference
2 Setup
Possible values:
RSA-Signature
Authentication by RSA signature.
PSK
Authentication by pre-shared key (PSK).
Digital signature
Use of configurable authentication methods with digital certificates as per RFC 7427.
Default:
PSK
2.19.36.3.1.3 Local-ID-Type
Displays the ID type of the local identity. The device interprets the entry under Local-ID accordingly.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
No-Identity
The ID is the local gateway address.
4
If this option is selected, the entry under Local-ID has no effect.
IPv4 address
IPv6 address
Domain name
E-mail address
Distinguished name
Key ID
Default:
E-mail address
2.19.36.3.1.4 Local-ID
Contains the local identity. The significance of this entry depends on the setting under Local-ID-Type.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
Max. 254 characters from [A-Z][a-z][0-9]#@{|}~!"$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
549
Menu Reference
2 Setup
2.19.36.3.1.5 Local-Password
Contains the password of the local identity.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.3.1.6 Remote-Auth
Sets the authentication method for the remote identity.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
RSA-Signature
Authentication by RSA signature.
PSK
Authentication by pre-shared key (PSK).
Digital signature
Use of configurable authentication methods with digital certificates as per RFC 7427.
Default:
PSK
2.19.36.3.1.7 Remote-ID-Type
Displays the ID type of the remote identity. The device interprets the entry under Remote-ID accordingly.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
No-Identity
The device accepts all connections from remote IDs.
4
550
If this option is selected, the entry under Remote-ID has no effect.
Menu Reference
2 Setup
IPv4 address
IPv6 address
Domain name
E-mail address
Distinguished name
Key ID
Default:
E-mail address
2.19.36.3.1.8 Remote-ID
Contains the remote identity. The significance of this entry depends on the setting under Remote-ID-Type.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
Max. 254 characters from [A-Z][a-z][0-9]#@{|}~!"$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.3.1.9 Remote-Password
Contains the password of the remote identity.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.3.1.10 Addit.-Remote-ID-List
Contains additional remote identities as specified in the table Setup > VPN > IKEv2 > Auth > Addit.-Remote-ID-List.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
551
Menu Reference
2 Setup
Default:
empty
2.19.36.3.1.11 Local-Certificate
Contains the local VPN certificate used by the device for outbound connections.
The corresponding VPN certificates “VPN1” to “VPN9” are configured under Setup > Certificates > SCEP-Client >
Certificates.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
Max. 254 characters from [A-Z][a-z][0-9]#@{|}~!"$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.3.1.12 Remote-Cert-ID-Check
This option determines whether the device checks that the specified remote identity is included in the received certificate.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
Yes
The device checks that the remote identity exists in the certificate.
No
The device does not check that the remote identity exists in the certificate.
Default:
Yes
2.19.36.3.1.13 Local-Dig-Sig-Profile
Contains the profile name of the local digital signature profile being used.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
Max. 254 characters from [A-Z][a-z][0-9]#@{|}~!"$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
552
Menu Reference
2 Setup
2.19.36.3.1.14 Remote-Dig-Sig-Profile
Contains the profile name of the remote digital signature profile.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
Max. 254 characters from [A-Z][a-z][0-9]#@{|}~!"$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.3.1.15 OCSP-Check
With this setting you enable the real-time check of a X.509 certificate via OCSP, which checks the validity of the remote
station's certificate. In order to use the OCSP check for individual VPN connections, you must first enable the global
OCSP client for VPN connections and then create profile lists of the valid certificate authorities used by the device to
perform the real-time check.
Telnet path:
Setup > VPN > IKEv2 > Auth > Parameter
Possible values:
Yes
No
Default:
No
2.19.36.3.2 Addit.-Remote-ID-List
Use this table to configure lists of additional remote identities.
Telnet path:
Setup > VPN > IKEv2 > Auth
2.19.36.3.2.1 Name
Sets the name of the ID list.
Telnet path:
Setup > VPN > IKEv2 > Auth > Addit.-Remote-ID-List
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
553
Menu Reference
2 Setup
Default:
empty
2.19.36.3.2.2 Addit.-Remote-IDs
Contains the remote identities that you want to collect into this list. The IDs are located in the table Addit.-Remote-IDs.
4
Specify several IDs by separating them with a space character.
Telnet path:
Setup > VPN > IKEv2 > Auth > Addit.-Remote-ID-List
Possible values:
Max. 254 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.36.3.3 Addit.-Remote-IDs
Use this table to configure additional remote identities.
Telnet path:
Setup > VPN > IKEv2 > Auth
2.19.36.3.3.1 Name
Contains the name of this remote identity.
Telnet path:
Setup > VPN > IKEv2 > Auth > Addit.-Remote-IDs
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.36.3.3.2 Remote-Auth
Sets the authentication method for the remote identity.
Telnet path:
Setup > VPN > IKEv2 > Auth > Addit.-Remote-IDs
554
Menu Reference
2 Setup
Possible values:
RSA-Signature
Authentication by RSA signature.
PSK
Authentication by pre-shared key (PSK).
Digital signature
Use of configurable authentication methods with digital certificates as per RFC 7427.
Default:
PSK
2.19.36.3.3.3 Remote-ID-Type
Displays the ID type of the remote identity. The device interprets the entry under Remote-ID accordingly.
Telnet path:
Setup > VPN > IKEv2 > Auth > Addit.-Remote-IDs
Possible values:
No-Identity
The device accepts all connections from remote IDs.
IPv4 address
IPv6 address
Domain name
E-mail address
Distinguished name
Key ID
Default:
E-mail address
2.19.36.3.3.4 Remote-ID
Contains the remote identity. The significance of this entry depends on the setting under Remote-ID-Type.
Telnet path:
Setup > VPN > IKEv2 > Auth > Addit.-Remote-IDs
Possible values:
Max. 254 characters from [A-Z][a-z][0-9]#@{|}~!"$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
555
Menu Reference
2 Setup
2.19.36.3.3.5 Remote-Password
Contains the password of the remote identity.
Telnet path:
Setup > VPN > IKEv2 > Auth > Addit.-Remote-IDs
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.3.3.6 Remote-Cert-ID-Check
This function checks whether the specified remote ID is also included in the certificate that was used by the peer to
establish the connection.
Telnet path:
Setup > VPN > IKEv2 > Auth > Addit.-Remote-IDs
Possible values:
Yes
No
Default:
Yes
2.19.36.3.3.7 OCSP-Check
With this setting you enable the real-time check of a X.509 certificate via OCSP, which checks the validity of the remote
station's certificate. In order to use the OCSP check for individual VPN connections, you must first enable the global
OCSP client for VPN connections and then create profile lists of the valid certificate authorities used by the device to
perform the real-time check.
5
Please note that the check via OCSP only checks the locking status of a certificate, but it does not check the
mathematical correctness of its signature, validity period, or other usage restrictions.
Telnet path:
Setup > VPN > IKEv2 > Auth > Addit.-Remote-IDs
Possible values:
No
Yes
Default:
No
556
Menu Reference
2 Setup
2.19.36.3.3.8 Remote-Dig-Sig-Profile
This entry contains the name of the remote digital signature profile.
Telnet path:
Setup > VPN > IKEv2 > Auth > Addit.-Remote-IDs
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
DEFAULT
2.19.36.3.4 Digital-Signature-Profiles
Use this table to configure the profiles of the digital signature.
Telnet path:
Setup > VPN > IKEv2
2.19.36.3.4.1 Name
Name of the profile.
Telnet path:
Setup > VPN > IKEv2 > Digital-Signature-Profiles
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.19.36.3.4.2 Auth-Method
Sets the authentication method for the digital signature.
Telnet path:
Setup > VPN > IKEv2 > Digital-Signature-Profiles
Possible values:
RSASSA-PSS
RSASSA-PKCS1-v1_5
Default:
RSASSA-PSS
557
Menu Reference
2 Setup
2.19.36.3.4.3 Hash algorithms
Sets the hash algorithms for the digital signature.
Telnet path:
Setup > VPN > IKEv2 > Digital-Signature-Profiles
Possible values:
SHA-512, SHA-384, SHA-256, SHA1
Default:
SHA-512, SHA-384, SHA-256, SHA1
2.19.36.4 General
Use this table to configure the general IKEv2 parameters.
Telnet path:
Setup > VPN > IKEv2
2.19.36.4.1 Name
Contains the name of this entry.
Telnet path:
Setup > VPN > IKEv2 > General
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.19.36.4.2 DPD-Inact-Timeout
Contains the time in seconds after which the device disconnects from the remote peer if there is a loss of contact.
Telnet path:
Setup > VPN > IKEv2 > General
Possible values:
Max. 4 characters from [0-9]
Default:
30
558
Menu Reference
2 Setup
2.19.36.4.4 SSL-Encaps.
Specifies whether the connection uses IKEv2 over HTTPS.
Telnet path:
Setup > VPN > IKEv2 > General
Possible values:
Yes
No
Default:
No
2.19.36.4.5 IPCOMP
Specifies whether the devices transmit compressed IKEv2 data packets.
Telnet path:
Setup > VPN > IKEv2 > General
Possible values:
Yes
No
Default:
No
2.19.36.4.6 Encaps-Mode
Specifies the mode of transmission.
Telnet path:
Setup > VPN > IKEv2 > General
Possible values:
Tunnel
Default:
Tunnel
2.19.36.5 Lifetimes
Use this table to configure the lifetimes of the IKEv2 keys.
559
Menu Reference
2 Setup
Telnet path:
Setup > VPN > IKEv2
2.19.36.5.1 Name
Contains the name of this entry.
Telnet path:
Setup > VPN > IKEv2 > Lifetimes
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.19.36.5.2 IKE-SA-Sec
Contains the time in seconds until the IKE SA key is renewed.
Telnet path:
Setup > VPN > IKEv2 > Lifetimes
Possible values:
Max. 10 characters from [0-9]
Default:
108000
Special values:
0
No key renewal.
2.19.36.5.3 IKE-SA-KB
Contains the data volume in kilobytes until the IKE SA key is renewed.
Telnet path:
Setup > VPN > IKEv2 > Lifetimes
Possible values:
Max. 10 characters from [0-9]
Default:
0
560
Menu Reference
2 Setup
Special values:
0
No key renewal.
2.19.36.5.4 Child-SA-Sec
Contains the time in seconds until the CHILD SA key is renewed.
Telnet path:
Setup > VPN > IKEv2 > Lifetimes
Possible values:
Max. 10 characters from [0-9]
Default:
28800
Special values:
0
No key renewal.
2.19.36.5.5 Child-SA-KB
Contains the data volume in kilobytes until the CHILD SA key is renewed.
Telnet path:
Setup > VPN > IKEv2 > Lifetimes
Possible values:
Max. 10 characters from [0-9]
Default:
2000000
Special values:
0
No key renewal.
2.19.36.6 Routing
Use this menu to configure the routing table for the IKEv2 routing.
The routing tables specify IPv4/IPv6 routes used by the VPN connections if there is no corresponding route in the IPv4/IPv6
router.
Telnet path:
Setup > VPN > IKEv2
561
Menu Reference
2 Setup
2.19.36.6.1 IPv4
Use this table to configure the IPv4 tables for the IKEv2 routing.
Telnet path:
Setup > VPN > IKEv2 > Routing
2.19.36.6.1.1 Name
Contains the name of this entry.
Telnet path:
Setup > VPN > IKEv2 > Routing > IPv4
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.19.36.6.1.2 Networks
Contains the comma-separated list of IPv4 subnets.
Networks are entered in the following available formats:
a
a
a
a
IP address
IP address/IP mask
IP address/prefix
IP interface name
Telnet path:
Setup > VPN > IKEv2 > Routing > IPv4
Possible values:
Max. 254 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()+-,/:;<=>?[\]^_.`
2.19.36.6.1.3 Send-IKE-CFG-Addr
As a client, the device sends the retrieved CFG-mode address to the VPN peer (server). This option is required only if the
remote site does not automatically create a routing entry for assigned IP addresses. LANCOM routers generate the
necessary routes automatically.
Telnet path:
Setup > VPN > IKEv2 > Routing > IPv4
Possible values:
No
The IPv4 address is not sent
562
Menu Reference
2 Setup
Yes
The IPv4 address will be sent
Default:
Yes
2.19.36.6.2 IPv6
Use this table to configure the IPv6 tables for the IKEv2 routing.
Telnet path:
Setup > VPN > IKEv2 > Routing
2.19.36.6.2.1 Name
Contains the name of this entry.
Telnet path:
Setup > VPN > IKEv2 > Routing > IPv6
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
DEFAULT
2.19.36.6.2.2 Networks
Contains the comma-separated list of IPv6 subnets.
Networks are entered in the following available formats:
a
a
a
a
IP address
IP address/IP mask
IP address/prefix
IP interface name
Telnet path:
Setup > VPN > IKEv2 > Routing > IPv6
Possible values:
Max. 254 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()+-,/:;<=>?[\]^_.`
563
Menu Reference
2 Setup
2.19.36.6.2.3 Send-IKE-CFG-Addr
As a client, the device sends the retrieved CFG-mode address to the VPN peer (server). This option is required only if the
remote site does not automatically create a routing entry for assigned IP addresses. LANCOM routers generate the
necessary routes automatically.
Telnet path:
Setup > VPN > IKEv2 > Routing > IPv6
Possible values:
No
The IPv6 address is not sent
Yes
The IPv6 address will be sent
Default:
Yes
2.19.36.7 IKE-CFG
When configuring VPN dial-in connections, there is as an alternative to fixed IP addresses for the remote sites that dial
in, in that a pool of IP addresses can be made available to them. To this end, the IKE-CFG mode “Server” is specified for
the entries in the connection list.
Use this menu to configure the address pool that the device in CFG mode “Server” passes to the clients.
Telnet path:
Setup > VPN > IKEv2
2.19.36.7.1 IPv4
In this table, you configure the IPv4 addresses of the address pool for the IKEv2-CFG mode “Server”.
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG
2.19.36.7.1.1 Name
Contains the name of the IPv4 address pool.
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG > IPv4
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
564
Menu Reference
2 Setup
2.19.36.7.1.2 Start-Address-Pool
Here you enter the first IPv4 address of the pool of addresses that you want to provide to dial-in clients.
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG > IPv4
Possible values:
Max. 15 characters from [0-9]./
Default:
empty
2.19.36.7.1.3 End-Address-Pool
Here you enter the last IPv4 address of the pool of addresses that you want to provide to dial-in clients.
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG > IPv4
Possible values:
Max. 15 characters from [0-9]./
Default:
empty
2.19.36.7.1.4 Primary-DNS
Specify here the address of a name server to which DNS requests are to be forwarded.
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG > IPv4
Possible values:
Max. 15 characters from [0-9].
Default:
0.0.0.0
2.19.36.7.1.5 Secondary-DNS
Here you specify the address of an alternative name server, to which the DNS requests are redirected if the connection
to the first name server is broken.
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG > IPv4
Possible values:
Max. 15 characters from [0-9].
565
Menu Reference
2 Setup
Default:
empty
2.19.36.7.2 IPv6
In this table, you configure the IPv6 addresses of the address pool for the IKEv2-CFG mode “Server”.
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG
2.19.36.7.2.1 Name
Contains the name of the IPv6 address pool.
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG > IPv6
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
2.19.36.7.2.2 Start-Address-Pool
Here you enter the first IPv6 address of the pool of addresses that you want to provide to dial-in clients.
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG > IPv6
Possible values:
Max. 39 characters from [A-F][a-f][0-9]:.
2.19.36.7.2.3 End-Address-Pool
Here you enter the last IPv6 address of the pool of addresses that you want to provide to dial-in clients.
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG > IPv6
Possible values:
Max. 39 characters from [A-F][a-f][0-9]:.
2.19.36.7.2.4 Primary-DNS
Specify here the address of a name server to which DNS requests are to be forwarded.
566
Menu Reference
2 Setup
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG > IPv6
Possible values:
Max. 39 characters from [A-F][a-f][0-9]:.
2.19.36.7.2.5 Secondary-DNS
Here you specify the address of an alternative name server, to which the DNS requests are redirected if the connection
to the first name server is broken.
Telnet path:
Setup > VPN > IKEv2 > IKE-CFG > IPv6
Possible values:
Max. 39 characters from [A-F][a-f][0-9]:.
2.19.36.8 MTU
This entry contains the maximum transmission unit (MTU) for IKEv2.
Telnet path:
Setup > VPN > IKEv2
Possible values:
Max. 5 characters from [0-9]
0 … 65535
Default:
0
Special values:
0
The MTU setting is disabled. The two IKEv2 endpoints negotiate the MTU between themselves.
2.19.36.9 RADIUS
This menu contains the RADIUS configuration for IKEv2.
Telnet path:
Setup > VPN > IKEv2
2.19.36.9.1 Authorization
This menu contains the configuration for the RADIUS authorization via IKEv2.
567
Menu Reference
2 Setup
Telnet path:
Setup > VPN > IKEv2 > RADIUS
2.19.36.9.1.1 Servers
This table contains the server configuration for the RADIUS authorization under IKEv2.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Authorization
2.19.36.9.1.1.1 Name
Specify an identifier for this entry.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Authorization > Server
Possible values:
Max. 31 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.36.9.1.1.2 Server host name
Specify the host name for the RADIUS server (IPv4, IPv6 or DNS address).
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Authorization > Server
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
Default:
empty
2.19.36.9.1.1.3 Port
Specify the UDP port of the RADIUS server.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Authorization > Server
Possible values:
Max. 5 characters from [0-9]
568
Menu Reference
2 Setup
Default:
1812
2.19.36.9.1.1.4 Secret
This entry contains the shared secret used to authorize the LANCOM gateway at the RADIUS server.
5
Confirm the secret by entering it again into the field that follows.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Authorization > Server
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.9.1.1.6 Protocol
Choose between the standard RADIUS protocol and the secure RADSEC protocol for RADIUS requests.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Authorization > Server
Possible values:
RADIUS
RADSEC
Default:
RADIUS
2.19.36.9.1.1.7 Loopback address
This entry contains the loopback address of the LANCOM gateway that sent the request to the RADIUS server.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Authorization > Server
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
569
Menu Reference
2 Setup
2.19.36.9.1.1.8 Attribute-Values
LCOS facilitates the configuration of the RADIUS attributes used to communicate with a RADIUS server (for authentication
and accounting).
The attributes are specified in a semicolon-separated list of attribute numbers or names along with a corresponding
value in the form <Attribute_1>=<Value_1>;<Attribute_2>=<Value_2>.
As the number of characters is limited, the name can abbreviated. The abbreviation must be unique, however. Examples:
a NAS-Port=1234 is not allowed, because the attribute is not unique (NAS-Port, NAS-Port-Id or
NAS-Port-Type).
a NAS-Id=ABCD is allowed, because the attribute is unique (NAS-Identifier).
Attribute values can be used to specify names or RFC-compliant numbers. For the device , the specifications
Service-Type=Framed and Service-Type=2 are identical.
Specifying a value in quotation marks ("<Value>") allows you to specify special characters such as spaces, semicolons
or equals signs. The quotation mark requires a leading backslash (\"), as does the backslash itself (\\).
The following variables are permitted as values:
%n
Device name
%e
Serial number of the device
%%
Percent sign
%{name}
Original name of the attribute as transferred by the RADIUS application. This allows attributes to be set with
the original RADIUS attributes, for example: Called-Station-Id=%{NAS-Identifier} sets
the attribute Called-Station-Id to the value with the attribute NAS-Identifier.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Authorization > Server
Possible values:
Max. 251 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.9.1.1.9 Backup
To specify the backup server here, enter the name of an alternative RADIUS server from the list of already configured
RADIUS servers.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Authorization > Server
Possible values:
Max. 31 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
570
Menu Reference
2 Setup
Default:
empty
2.19.36.9.1.2 Password
Here you set the password that the RADIUS server receives as a user password in the access-request attribute.
The RADIUS server usually associates this password directly with a VPN peer for network access authorization. With
IKEv2 however, the requesting VPN peer is authorized not by the RADIUS server, but instead by the LANCOM gateway
after this receives the corresponding authorization in the access-accept message from the RADIUS server.
Accordingly, you enter a dummy password at this point.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Authorization
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.9.2 Accounting
This menu contains the configuration for the RADIUS accounting via IKEv2.
Telnet path:
Setup > VPN > IKEv2 > RADIUS
2.19.36.9.2.1 Server
This table contains the server configuration for the RADIUS accounting under IKEv2.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Accounting
2.19.36.9.2.1.1 Name
Specify an identifier for this entry.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Accounting > Server
Possible values:
Max. 31 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
571
Menu Reference
2 Setup
2.19.36.9.2.1.2 Server host name
Specify the host name for the RADIUS server (IPv4, IPv6 or DNS address).
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Accounting > Server
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
Default:
empty
2.19.36.9.2.1.3 Port
Specify the UDP port of the RADIUS server.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Accounting > Server
Possible values:
Max. 5 characters from [0-9]
Default:
1813
2.19.36.9.2.1.4 Secret
This entry contains the shared secret used to authorize the LANCOM gateway at the RADIUS server.
5
Confirm the secret by entering it again into the field that follows.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Accounting > Server
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.9.2.1.5 Protocol
Choose between the standard RADIUS protocol and the secure RADSEC protocol for RADIUS requests.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Accounting > Server
572
Menu Reference
2 Setup
Possible values:
RADIUS
RADSEC
Default:
RADIUS
2.19.36.9.2.1.6 Loopback address
This entry contains the loopback address of the LANCOM gateway that sent the request to the RADIUS server.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Accounting > Server
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.36.9.2.1.7 Attribute-Values
LCOS facilitates the configuration of the RADIUS attributes used to communicate with a RADIUS server (for authentication
and accounting).
The attributes are specified in a semicolon-separated list of attribute numbers or names along with a corresponding
value in the form <Attribute_1>=<Value_1>;<Attribute_2>=<Value_2>.
As the number of characters is limited, the name can abbreviated. The abbreviation must be unique, however. Examples:
a NAS-Port=1234 is not allowed, because the attribute is not unique (NAS-Port, NAS-Port-Id or
NAS-Port-Type).
a NAS-Id=ABCD is allowed, because the attribute is unique (NAS-Identifier).
Attribute values can be used to specify names or RFC-compliant numbers. For the device , the specifications
Service-Type=Framed and Service-Type=2 are identical.
Specifying a value in quotation marks ("<Value>") allows you to specify special characters such as spaces, semicolons
or equals signs. The quotation mark requires a leading backslash (\"), as does the backslash itself (\\).
The following variables are permitted as values:
%n
Device name
%e
Serial number of the device
%%
Percent sign
573
Menu Reference
2 Setup
%{name}
Original name of the attribute as transferred by the RADIUS application. This allows attributes to be set with
the original RADIUS attributes, for example: Called-Station-Id=%{NAS-Identifier} sets
the attribute Called-Station-Id to the value with the attribute NAS-Identifier.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Accounting > Server
Possible values:
Max. 251 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.19.36.9.2.1.8 Backup
To specify the backup server here, enter the name of an alternative RADIUS server from the list of already configured
RADIUS servers.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Accounting > Server
Possible values:
Max. 31 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.36.9.2.2 Interim-Interval
Set the time in seconds between two successive interim-update messages. The device randomly inserts a tolerance of
±10% to keep the update messages of parallel accounting sessions separate from one another.
Telnet path:
Setup > VPN > IKEv2 > RADIUS > Accounting
Possible values:
Max. 10 characters from [0-9]
0 … 4294967295
Default:
0
Special values:
0
The transmission of interim-update messages is disabled.
574
Menu Reference
2 Setup
2.19.36.10 Create-Routes-For-RAS-SAs
Specifies whether routes should be generated automatically from the VPN rules for dial-in (RAS) clients operating as
CFG-mode servers. Disabling automatic route generation is useful when the routes are to be created by means of a
routing protocol.
Telnet path:
Setup > VPN > IKEv2
Possible values:
No
No routes are generated for RAS SAs.
Yes
Routes are generated for RAS SAs.
Default:
Yes
2.19.36.11 Extended parameters
This table contains extended parameters for IKEv2 remote stations.
Telnet path:
Setup > VPN > IKEv2
2.19.36.11.1 Name
Name of the remote device.
Telnet path:
Setup > VPN > IKEv2 > Extended-Parameters
Possible values:
Max. 254 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.19.36.11.2 PRF-as-Sig-Hash
Specifies whether to use the PRF (pseudo-random function) of the IKEv2 negotiation as a signature hash with the RSA
signature. This function should be used for compatibility with third-party products only. The setting must be configured
identically at both ends of the VPN connection.
Telnet path:
Setup > VPN > IKEv2 > Extended-Parameters
575
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
No
2.19.64 OCSP-Client
This menu contains the settings for the OCSP client.
Telnet path:
Setup > VPN
2.19.64.1 OCSP-Client active
This setting activates the OSCP client.
SNMP ID: 2.19.64.1
Telnet path: /Setup/VPN
Possible values:
a No
a Yes
Default: No
2.20 LAN-Bridge
This menu contains the settings for the LAN bridge.
Telnet path:
Setup
Possible values:
No
Yes
Default:
No
576
Menu Reference
2 Setup
2.20.1 Protocol version
Select the desired protocol here. Depending on the choice made here, the device uses either the classic protocol or the
rapid protocol, as defined in the IEEE 802.1D-1998, chapter 8 and IEEE 802.1D-2004 chapter 17 respectively.
Telnet path:
Setup > LAN-Bridge
Possible values:
Classic
Rapid
Default:
Classic
2.20.2 Bridge priority
This value sets the priority of the bridge in the LAN. This value influences which bridge the spanning tree protocol takes
to be the root bridge. This is a 16-bit value (0 .. 65535), where higher values mean lower priority. You should only change
the default value if you prefer a certain bridge. The selection process still works even if all the values are the same
because, if the priorities are identical, the device uses the MAC address of the bridge to make the decision.
5
Even though an entire 16-bit parameter is available for configuring this parameter, special care should be taken
where newer versions of the rapid or multiple spanning tree protocol are involved. The priority value should only
be changed in increments of 4096, because the lower 12 bits are used for other purposes. This could mean that
these values may be ignored by future firmware releases.
Telnet path:
Setup > LAN-Bridge
Possible values:
Max. 5 characters from [0-9]
Default:
32768
2.20.4 Encapsulation table
This table is used to add the encapsulation methods.
Telnet path:
Setup > LAN-Bridge
577
Menu Reference
2 Setup
2.20.4.1 Protocol
A protocol is identified by its 16-bit protocol identifier carried in the Ethernet II/SNAP type field (often referred to as the
Ethertype). The protocol type is written as a hexadecimal number from 0001 to ffff. Even if the table is empty, some
protocols are implicitly assumed to be listed in this table as type SNAP (such as IPX and AppleTalk). This can be overridden
by explicitly setting their protocol to Ethernet II.
Telnet path:
Setup > LAN-Bridge > Encapsulation-Table
2.20.4.2 Encapsulation
Here you can specify whether or not data packets are to be given an Ethernet header when being transmitted. Normally
you should enter the option "Transparent". The "Ethernet" option should only be chosen if you wish to combine a layer
for use with the bridge.
Telnet path:
Setup > LAN-Bridge > Encapsulation-Table
Possible values:
Transparent
Ethernet
Default:
Transparent
2.20.5 Max-Age
This value defines the time (in seconds) after which a bridge drops messages received through Spanning Tree as "aged".
This defines how quickly the spanning-tree algorithm reacts to changes, for example due to failed bridges. This is a 16-bit
value (0 .. 65535).
Telnet path:
Setup > LAN-Bridge
Possible values:
Max. 5 characters from [0-9]
Default:
20
2.20.6 Hello-Time
This parameter specifies the time interval in seconds in which the device operating as the root bridge sends information
to the LAN.
578
Menu Reference
2 Setup
Telnet path:
Setup > LAN-Bridge
Possible values:
Max. 5 characters from [0-9]
Default:
2
2.20.7 Forward delay
This value determines the time (in seconds) that passes before a port should change from "listening" to "learning" or
from "learning" to "forwarding". However, now that rapid spanning tree offers a method of determining when a port
can be switched into the "forwarding state" without a long wait, this setting in many cases no longer has any effect.
Telnet path:
Setup > LAN-Bridge
Possible values:
Max. 5 characters from [0-9]
Default:
6
2.20.8 Isolated mode
This item allows connections to be switched on or off, such as those between layer-2 forwarding and the LAN interfaces.
5
Please note that other functions relating to the connection (e.g. spanning tree, packet filters) continue to function,
independent of whether the interfaces are switched on or off.
Telnet path:
Setup > LAN-Bridge
Possible values:
Bridge
Router (isolated mode)
Default:
Bridge
2.20.10 Protocol table
You can add the protocols to be used over the LAN bridge here.
579
Menu Reference
2 Setup
Telnet path:
Setup > LAN-Bridge
2.20.10.1 Name
This name should describe the rule. Note that this is also the content column (index column) of the table, i.e. the content
of the table is a string.
Telnet path:
Setup > LAN-Bridge > Protocol-Table
Possible values:
Max. 15 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.20.10.2 Protocol
The identifier of the protocol is entered here. The identifier is a 4-digit hexadecimal number that uniquely identifies each
protocol. Common protocols include 0800, 0806 for IP and ARP (Internet), E0E0, 8137 for IPX (Novell Netware), F0F0
for NetBEUI (Windows networks), or 809B, 80F3 for AppleTalk (Apple networks). If you set the protocol field to zero,
this rule affects all packets. Other protocols are referred to in the documentation.
Telnet path:
Setup > LAN-Bridge > Protocol-Table
Possible values:
Max. 4 characters from [A-F][0-9]
Default:
empty
2.20.10.3 Sub-protocol
Enter the sub-protocol here. Common sub-protocols within the IP protocol (0800) include 1 ICMP, 6 TCP, 17 UDP, 50
ESP (IPsec). This field specifies the ARP frame type (ARP request/reply, RARP request/reply) for ARP packets. If this value
is unequal to 0, the rule will only match if either the packet is an IPv4 packet and the IP protocol (UDP, TCP, ICMP,...)
matches the given value, or if it is an ARP packet and the ARP type matches the given value. If the protocol field is set,
but the sub-protocol field is set to 0, then the rule applies to all packets of the specified protocol (e.g. for all IP packets
for protocol 0800).
5
Note: Further information is to be found at www.iana.org under the section "Protocol Number Assignment
Services", documents "Protocol Numbers" and "Port Numbers".
Telnet path:
Setup > LAN-Bridge > Protocol-Table
580
Menu Reference
2 Setup
Possible values:
0 … 65535
Default:
0
2.20.10.4 Port
This specifies the range of port numbers for the TCP or UDP protocols. For example, UDP port 500 corresponds to the
IKE used by IPsec.
If this value is not equal to 0, then the rule only applies when an IPv4 TCP or UDP packet arrives or when the source of
the target TCP/UDP port is within the range defined by these two values.
If a zero (0) is entered as the end port, the rule applies only for the start port. The port numbers of the receiving port
and the target port are compared, and a rule applies if just one of these is within the defined range. If the protocol and
the sub-protocol are set, but the port fields have the value 0, then the rule applies to all packets of the specified
sub-protocol (e.g. for all packets for protocol 0800/6).
5
Note: Further information is to be found at www.iana.org under the section "Protocol Number Assignment
Services", documents "Protocol Numbers" and "Port Numbers".
Telnet path:
Setup > LAN-Bridge > Protocol-Table
Possible values:
0 … 65535
Default:
0
2.20.10.5 Port-End
This specifies the range of port numbers for the TCP or UDP protocols. For example, UDP port 500 corresponds to the
IKE used by IPsec.
If this value is not equal to 0, then the rule only applies when an IPv4 TCP or UDP packet arrives or when the source of
the target TCP/UDP port is within the range defined by these two values.
If '0' is entered as the end port, the rule applies only for the start port. The port numbers of the receiving port and the
target port are compared, and a rule applies if just one of these is within the defined range. If the protocol and the
sub-protocol are set, but the port fields have the value 0, then the rule applies to all packets of the specified sub-protocol
(e.g. for all packets for protocol 0800/6).
5
Note: Further information is to be found at www.iana.org under the section "Protocol Number Assignment
Services", documents "Protocol Numbers" and "Port Numbers".
Telnet path:
Setup > LAN-Bridge > Protocol-Table
Possible values:
0 … 65535
581
Menu Reference
2 Setup
Default:
0
2.20.10.6 Ifc list
This list contains the LAN interfaces for which the rule applies. The syntax of the interface list is specified the in
addenda/supplements/attachments.
The following pre-defined interface descriptors are used to specify the relevant interfaces in a comma-separated expression:
a LAN-1,
a WLAN-1, WLAN-1-2, WLAN-1-3, WLAN-1-4, WLAN-1-5, WLAN-1-6, WLAN-1-7, WLAN-1-8, WLAN-2, WLAN-2-2,
WLAN-2-3, WLAN-2-4, WLAN-2-5, WLAN-2-6, WLAN-2-7, WLAN-2-8,
a P2P-n-m ("n" refers to the interface of the wireless LAN network and "m" is the number of the P2P connection on
this WLAN).
Numerically consecutive interface identifiers can be described by the abbreviations P2P-4~P2P-10: If no interface
is specified here, the selected action will never be executed.
Telnet path:
Setup > LAN-Bridge > Protocol-Table
Possible values:
All LAN interfaces
DMZ interfaces
Logical WLAN networks and the point-to-point bridges in the WLAN
2.20.10.7 Action
This field defines the action to be taken on a packet if it matches the rule. A packet may be dropped, passed unchanged,
or redirected to a different IP address. For redirection, the IP address that the packet is to be redirected to must be
specified in the following field. The redirect feature is only available for packets that support TCP, UDP, or ICMP echo
requests. The device will modify the destination MAC and IP address fields before forwarding the packet, and will put
an entry in the Connection Table to allow back translation of possible answers.
Telnet path:
Setup > LAN-Bridge > Protocol-Table
Possible values:
Transmit
Discard
Redirect
Default:
Discard
582
Menu Reference
2 Setup
2.20.10.8 Redirect IP address
If the rule is a redirect rule, this field must be used to specify which IP address the appropriate packets are to be redirected
to.
Telnet path:
Setup > LAN-Bridge > Protocol-Table
Possible values:
Max. 15 characters from [0-9].
Default:
0.0.0.0
2.20.10.9 Dest-MAC-Addr.
The physical address (MAC) of a destination station in the wireless LAN is entered here. Every network card has its own
MAC address that is unique in the world. The address is a 12-character hexadecimal number (e.g. 00A057010203). This
address can generally be found printed on the network card. If you enter no MAC address (or zero), this rule affects all
packets.
Telnet path:
Setup > LAN-Bridge > Protocol-Table
Possible values:
Max. 15 characters from [A-F][0-9]
Default:
empty
2.20.10.10 IP network
If the first field is set to a value unequal to 0.0.0.0, a packet will match this rule only if it is an IPv4 packet and either
the packet’s source or destination address are contained in the IP network defined by these two values.
Telnet path:
Setup > LAN-Bridge > Protocol-Table
Possible values:
Max. 15 characters from [0-9].
Default:
0.0.0.0
2.20.10.11 IP-Netmask
If the first field is set to a value unequal to 0.0.0.0, a packet will match this rule only if it is an IPv4 packet and either
the packet’s source or destination address are contained in the IP network defined by these two values.
583
Menu Reference
2 Setup
Telnet path:
Setup > LAN-Bridge > Protocol-Table
Possible values:
Max. 15 characters from [0-9].
Default:
0.0.0.0
2.20.10.12 DHCP-Src-MAC
meine Übersetzung: This setting decides whether matching of the rule shall depend on a packet’s source MAC address,
i.e. whether it is the MAC address of a host that received its IP address via DHCP.
Aus anderer Quelle (Aurelia): DHCP tracking on a particular (W)LAN interface only takes place when protocol filters for
the interface have been defined with the parameter "IP allocated by DHCP" set to Yes or No. Additionally, a network
can be specified for a filter rule. However, if a rule has the parameter "IP allocated by DHCP" set to Yes, then a given
network could be ignored.
Telnet path:
Setup > LAN-Bridge > Protocol-Table
Possible values:
Irrelevant
No
Yes
Default:
Irrelevant
2.20.11 Port data
This table can be used to set further bridge parameters for each port.
Telnet path:
Setup > LAN-Bridge
2.20.11.2 Port
From the list of logical interfaces on the device (e.g. LAN-1, WLAN11 or P2P-1-1), select the port for which the
spanning-tree parameters are to be set.
Telnet path:
Setup > LAN-Bridge > Port-Data
584
Menu Reference
2 Setup
2.20.11.3 Active
This can be used to block a port completely, i.e. the port will always have the 'disabled' status.
Telnet path:
Setup > LAN-Bridge > Port-Data
Possible values:
No
Yes
Default:
Yes
2.20.11.5 Bridge group
Assigns the logical interface to a bridge group to enable bridging from/to this logical interface via the LAN bridge. If
assigned to a common bridge group, several logical interfaces can be addressed at once and they appear to the device
to be a single interface. This can then be used for Advanced Routing and Forwarding, for example.
5
A requirement for data transfer from/to a logical interface via the LAN bridge is the deactivation of the global
"isolated mode" which applies to the whole of the LAN bridge. Furthermore, the logical interface must be assigned
to a bridge group. With the setting "none", no transfers can be made via the LAN bridge.
Telnet path:
Setup > LAN-Bridge > Port-Data
Possible values:
BRG-1
BRG-2
BRG-3
BRG-4
BRG-5
BRG-6
BRG-7
BRG-8
None
Special values:
If the interface is removed from all bridge groups by setting "none", then there is no communication between
the LAN and WLAN via the LAN bridge (isolated mode). With this setting, LAN/WLAN data transfers over this
interface are only possible via the router.
Default:
BRG-1
585
Menu Reference
2 Setup
2.20.11.6 DHCP limit
Number of clients which can be handled by DHCP. If the limit is exceeded, the oldest entry is dropped. This feature can
be used in combination with the protocol filer table to limit access to just one logical interface.
Telnet path:
Setup > LAN-Bridge > Port-Data
Possible values:
0 … 255
Default:
0
2.20.11.7 Point-to-point port
This item corresponds to the "adminPointToPointMAC" setting as defined in IEEE 802.1D. By default, the "point-to-point"
setting for the LAN interface is derived from the technology and the concurrent status:
An Ethernet port is assumed to be a P2P port if it is operating in full-duplex mode.
A token ring port is assumed to be a P2P port if it is operating in full-duplex mode.
A WLAN SSID is never considered to be a P2P port.
A WLAN P2P connection is always assumed to be a P2P port.
However, this automatic setting can be revised if this is unsuitable for the required configuration. Interfaces in
"point-to-point" mode have various specialized capabilities, such as the accelerated port status change for working with
the rapid spanning tree protocol.
Telnet path:
Setup > LAN-Bridge > Port-Data
Possible values:
Auto
Force true
Force false
Default:
Auto
2.20.11.9 Private mode
You have the option to enable or disable the private mode for each individual interface.
Telnet path:
Setup > LAN-Bridge > Port-Data
586
Menu Reference
2 Setup
Possible values:
No
The private mode is disabled.
Yes
The private mode is enabled.
Default:
No
2.20.12 Aging time
When a client requests an IP address from a DHCP server, it can also ask for a lease period (in minutes) for the address.
This values governs the maximum length of lease that the client may request. When a client requests an address without
asking for a specific lease period, the value set here will apply.
Telnet path:
Setup > LAN-Bridge
Possible values:
Max. 10 characters from [0-9]
Default:
300
2.20.13 Priority mapping
This table assigns a user priority to each IP packet due to be sent, based on a ToS/DSCP value as per 802.1D. An example
of how user priority can be used concerns wireless LANs with activated QoS, where the packets are allocated to access
categories (voice/video/best-effort/background).
Telnet path:
Setup > LAN-Bridge
2.20.13 Name
Enter a name for a combination of DSCP value and priority.
Telnet path:
Setup > LAN-Bridge > Priority-Mapping
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
587
Menu Reference
2 Setup
2.20.13.2 DSCP value
Enter the DSCP value that is used for this priority assignment.
Telnet path:
Setup > LAN-Bridge > Priority-Mapping
Possible values:
0 … 255
Default:
0
2.20.13.3 Priority
Enter the priority that is used for this priority assignment.
Telnet path:
Setup > LAN-Bridge > Priority-Mapping
Possible values:
Best-Effort
Background
Excellent-Effort
Controlled latency
Video
Voice
Network-Control
Default:
Best-Effort
2.20.20 Spanning tree
This menu contains the settings for the spanning tree.
Telnet path:
Setup > LAN-Bridge
2.20.20.1 Operating
Here you can switch the Spanning-Tree support on and off. When Spanning Tree is turned off, the router does not send
any Spanning Tree packets and passes received packets along instead of processing them itself.
Telnet path:
Setup > LAN-Bridge > Spanning-Tree
588
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
No
2.20.20.2 Bridge priority
This value sets the priority of the bridge in the LAN. This can influence which bridge should preferably be made root
bridge by the spanning tree protocol. This is a 16-bit value (0 .. 65535), where higher values mean lower priority. The
default value should only be changed if a certain bridge is to be preferred. The selection process still works even if all
the values are the same because, if the priorities are identical, the bridge's MAC address is used to make the decision.
Even though an entire 16-bit parameter is available for configuring a parameter, special care should be taken where
newer versions of the rapid or multiple spanning tree protocol are involved. The priority value should only be changed
in increments of 4096, because the lower 12 bits are used for other purposes. This could mean that these values may
be ignored by future firmware releases.
Telnet path:
Setup > LAN-Bridge > Spanning-Tree
Possible values:
0 … 65535
Default:
32768
2.20.20.5 Max-Age
This value defines the time (in seconds) after which a bridge drops messages received through Spanning Tree as 'outdated'.
This defines how quickly the spanning-tree algorithm reacts to changes, for example due to failed bridges.
Telnet path:
Setup > LAN-Bridge > Spanning-Tree
Possible values:
1 … 65535 Seconds
Default:
20
2.20.20.6 Hello-Time
The Hello Time specifies the time interval (in seconds) for sending root-bridge information to the LAN. Note that the
non-root bridge can adopt values from the root bridge. This value might be ignored depending on the topology of the
network.
589
Menu Reference
2 Setup
Telnet path:
Setup > LAN-Bridge > Spanning-Tree
Possible values:
1 … 32768 Seconds
Default:
2
2.20.20.7 Forward delay
This value determines the time (in seconds) that passes before a port should change from 'listening' to 'learning' or from
'learning' to 'forwarding'. However, now that rapid spanning tree offers a method of determining when a port can be
switched into the "forwarding state" without a long wait, this setting in many cases no longer has any effect. Do not
change this value without detailed knowledge of spanning tree, since it may increase the risk of temporary loops in the
network.
Telnet path:
Setup > LAN-Bridge > Spanning-Tree
Possible values:
1 … 32768 Seconds
Default:
6
2.20.20.11 Port data
This table can be used to set further spanning-tree parameters for each port.
Telnet path:
Setup > LAN-Bridge > Spanning-Tree
Possible values:
1 … 32768 Seconds
Default:
6
2.20.20.11.2 Port
The name of the LAN interface.
Telnet path:
Setup > LAN-Bridge > Spanning-Tree > Port-Data
590
Menu Reference
2 Setup
2.20.20.11.4 Priority
The priority of the port set as an 8-bit value. If more than one port is available as a path to a LAN and the distance to
both ports is the same, then this value decides which port is to be selected. If two ports have the same priority, then the
port with the smaller number is selected.
5
Rapid spanning tree uses only the upper 4 bits of this value, for example, if a value is increased and decreased
in 16 steps. Lower values take a higher priority.
Telnet path:
Setup > LAN-Bridge > Spanning-Tree > Port-Data
Possible values:
Max. 3 characters from [0-9]
Default:
128
2.20.20.11.6 Edge port
A port can be labeled as an edge port.
Telnet path:
Setup > LAN-Bridge > Spanning-Tree > Port-Data
Possible values:
No
Yes
Default:
No
2.20.20.11.7 Path cost override
Specifies the influence of path cost.
Telnet path:
Setup > LAN-Bridge > Spanning-Tree > Port-Data
Possible values:
0 … 4294967295
Default:
0
591
Menu Reference
2 Setup
2.20.20.12 Protocol version
This item selects the spanning-tree protocol version to be used. Setting this switch to ’Classic’ will engage the algorithm
defined in IEEE 802.1D-1998 chapter 8, while setting it to ’Rapid’ will engage the rapid spanning three scheme defined
by IEEE 802.1D-2004 chapter 17.
Telnet path:
Setup > LAN-Bridge > Spanning-Tree
Possible values:
Classic
Rapid
5
Note the upward compatibility of this protocol. Rapid spanning tree will automatically fall back
to classic spanning tree data elements and schemes if other bridges are detected that do not
support rapid spanning tree.
Default:
Classic
2.20.20.13 Transmit-Hold-Count
Determines the number of BPDUs (Bridge Protocol Data Units) that may be sent when using rapid spanning tree, before
a second break is inserted. (With classic spanning tree, this value has no effect.)
Telnet path:
Setup > LAN-Bridge > Spanning-Tree
Possible values:
Max. 3 characters from [0-9]
Default:
6
2.20.20.14 Path cost computation
This item sets the protocol to be used for calculating the path cost. While the rapid spanning tree method uses the full
32-bit value range, the classic algorithm only works with a 16-bit value range. The rapid spanning tree method is only
useful if it is supported by all bridges in the network and it is consistently configured.
Telnet path:
Setup > LAN-Bridge > Spanning-Tree
592
Menu Reference
2 Setup
Possible values:
Classic
Rapid
Default:
Classic
2.20.30 IGMP snooping
This menu contains the configuration options for IGMP snooping.
Telnet path:
Setup > LAN-Bridge
2.20.30.1 Operating
Activates or deactivates IGMP snooping in the device and all of the defined querier instances. Without IGMP snooping
the bridge functions like a simple switch and forwards all multicasts to all ports.
5
If this function is deactivated, the bridge sends all IP multicast packets on all ports. With a change of the operating
mode, the device completely resets the IGMP snooping function, i.e. it deltes all dynamically learned values
(memberships, router-port properties).
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping
Possible values:
No
Yes
Auto
Default:
Auto
2.20.30.2 Port settings
This table defines the port-related settings for IGMP snooping.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping
593
Menu Reference
2 Setup
2.20.30.2.1 Port
From the list of ports available on the device, select the port to which the settings relate.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping > Port-Settings
2.20.30.2.2 Router port
This option defines the port's behavior.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping > Port-Settings
Possible values:
No
This port will never work as a router port, irrespective of IGMP queries or router messages received at
this port.
Yes
This port will always work as a router port, irrespective of IGMP queries or router messages received at
this port.
Auto
This port will work as a router port if IGMP queries or router messages are received. The port loses this
status if no packets are received for the duration of
"Robustness*Query-Interval+(Query-Response-Interval/2)".
Default:
Auto
2.20.30.3 Unregistered-Data-Packet-Handling
This setting defines the handling of multicast data packets with a destination address outside the "224.0.0.x" range and
for which neither static memberships were defined nor were dynamic memberships learned.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping
Possible values:
Router-Ports-only
Sends these packets to all router ports.
Flood
Sends these packets to all ports.
Discard
Discards these packets.
594
Menu Reference
2 Setup
Default:
Router-Ports-only
2.20.30.4 Simulated queriers
This table contains all of the simulated queriers defined in the device. These units are employed if IGMP functions are
required but there is no multicast router in the network. The querier can be limited to certain bridge groups or VLANs
by defining multiple independent queriers to support the corresponding VLAN IDs.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping
2.20.30.4.1 Name
Name of the querier instance
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping > Simulated-Queriers
Possible values:
Max. 8 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.20.30.4.2 Operating
Name of the querier instance
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping > Simulated-Queriers
Possible values:
No
Yes
Default:
No
2.20.30.4.3 Bridge group
Limits the querier instance to a certain bridge group.
595
Menu Reference
2 Setup
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping > Simulated-Queriers
Possible values:
BRG-1
BRG-2
BRG-3
BRG-4
BRG-5
BRG-6
BRG-7
BRG-8
None
With this setting, the IGMP queries are issued on all bridge groups.
Default:
BRG-1
2.20.30.4.4 VLAN-ID
Limits the querier instance to a certain VLAN.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping > Simulated-Queriers
Possible values:
0 … 4096
Default:
0
Special values:
0
If "0" is selected as VLAN, the IGMP queries are sent without a VLAN tag. For this reason, this value
only makes sense when VLAN is deactivated in general.
2.20.30.5 Request interval
Interval in seconds in which a multicast-capable router (or a simulated querier) sends IGMP queries to the multicast
address 224.0.0.1, so prompting the stations to transmit return messages about multicast group memberships. These
regular queries influence the time in which memberships "age", expire, and are then deleted.
After the startup phase, the querier sends IGMP queries in this interval.
A querier returns to the querier status after a time equal to "Robustness*Query-Interval+(Query-Response-Interval/2)".
A port loses its router-port status after a time equal to "Robustness*Query-Interval+(Query-Response-Interval/2)".
5
596
The query interval must be greater than the query response interval.
Menu Reference
2 Setup
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping
Possible values:
Max. 10 characters from [1-9]
Default:
125
2.20.30.6 Query-Response-Interval
Interval in seconds influencing the timing between IGMP queries and router-port aging and/or memberships.
Interval in seconds in which a multicast-capable router (or a simulated querier) expects to receive responses to its IGMP
queries. These regular queries influence the time in which memberships "age", expire, and are then deleted.
5
The query response interval must be less than the query interval.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping
Possible values:
Max. 10 characters from [1-9]
Default:
10
2.20.30.7 Robustness
This value defined the robustness of the IGMP protocol. This option tolerates packet losses of IGMP queries with respect
to Join messages.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping
Possible values:
Max. 10 characters from [1-9]
Default:
2
2.20.30.8 Static-Members
This table enables members to be defined manually, for example if they cannot or should not be learned automatically.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping
597
Menu Reference
2 Setup
2.20.30.8.1 Address
The IP address of the manually defined multicast group.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping > Static-Members
Possible values:
Max. 15 characters from [0-9].
Default:
0.0.0.0
2.20.30.8.2 Static-Members
These ports will always be the destination for packets with the corresponding IP multicast address, irrespective of any
Join messages received. They are specified as as a comma-separated list of the required ports.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping > Static-Members
Possible values:
Max. 251 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.20.30.8.3 VLAN-ID
The VLAN ID which is to support this static member. Each IP multicast address can have multiple entries with different
VLAN IDs.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping > Static-Members
Possible values:
0 … 4096
Default:
0
Special values:
0
If "0" is selected as VLAN, the IGMP queries are sent without a VLAN tag. For this reason, this value
only makes sense when VLAN is deactivated in general.
598
Menu Reference
2 Setup
2.20.30.8.4 Allow-Learning
This option activates the automatic learning of memberships in this multicast group. If automatic learning is deactivated,
packets can only be sent via the ports which have been manually defined for the multicast group.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping > Static-Members
Possible values:
Yes
No
Default:
Yes
2.20.30.9 Advertise interval
The interval in seconds in which devices send packets advertising themselves as multicast routers. This information makes
it quicker for other IGMP-snooping devices to find which of their ports are to operate as router ports. When activating
its ports, a switch (for example) can query for multicast routers, and the router can respond to this query with an
advertisement of this type. Under some circumstances this method can be much quicker than the alternative IGMP
queries.
Telnet path:
Setup > LAN-Bridge > IGMP-Snooping
Possible values:
4 … 180 Seconds
Default:
20
2.20.40 DHCP-Snooping
Here you can configure DHCP snooping for each interface.
Telnet path:
Setup > LAN-Bridge
2.20.40.1 Port
Indicates the physical or logical interface to which this DHCP-snooping configuration applies.
Telnet path:
Setup > LAN-Bridge > DHCP-Snooping
599
Menu Reference
2 Setup
Possible values:
LAN-x
All physical LAN interfaces
WLAN-x
All physical WLAN interfaces
WLAN-x-x
All logical WLAN interfaces
P2P-x-x
All logical P2P interfaces
WLC-TUNNEL-x
All virtual WLC tunnels
2.20.40.2 Add agent info
Here you decide whether the DHCP relay agent appends incoming DHCP packets with the DHCP option "relay agent
info" (option 82), or modifies an existing entry, before forwarding the request to a DHCP server.
This option allows the relay agent to deliver additional information to the DHCP server about the interface used by the
client to make the request.
The "relay agent info" is composed of values for the Remote ID and the Circuit ID.
If these two fields are empty, the DHCP relay agent does not add any 'Relay Agent Info' to the data packets.
Telnet path:
Setup > LAN-Bridge > DHCP-Snooping
Possible values:
Yes
Adds "relay agent info" to the DHCP packets.
No
This setting disables DHCP snooping for this interface.
Default:
No
2.20.40.3 Treat-Existing-Agent-Info
Here you set how the DHCP relay agent handles the "relay agent info" in incoming DHCP packets.
Telnet path:
Setup > LAN-Bridge > DHCP-Snooping
600
Menu Reference
2 Setup
Possible values:
Keep
In this setting, the DHCP relay agent forwards a DHCP packet and any existing "relay agent info"
unchanged to the DHCP server.
Replace
In this setting, the DHCP relay agent replaces any existing "relay agent info" with the values specified
in the fields Remote ID and Circuit ID.
Drop
In this setting, the DHCP relay agent deletes any DHCP packet containing "relay agent info".
Default:
Keep
2.20.40.4 Remote ID
The remote ID is a sub-option of the "Relay agent info" option. It uniquely identifies the client making a DHCP request.
You can use the following variables:
a %%: Inserts a percent sign.
a %c: Inserts the MAC address of the interface where the relay agent received the DHCP request. If a WLAN-SSID is
involved, then this is the corresponding BSSID.
a %i: Inserts the name of the interface where the relay agent received the DHCP request.
a %n: Inserts the name of the DHCP relay agent as specified under Setup > Name.
a %v: Inserts the VLAN ID of the DHCP request packet. This VLAN ID is sourced either from the VLAN header of the
DHCP packet or from the VLAN ID mapping for this interface.
a %p: Inserts the name of the Ethernet interface that received the DHCP packet. This variable is useful for devices
featuring an Ethernet switch or Ethernet mapper, because they can map multiple physical interfaces to a single logical
interface. For other devices, %p and %i are identical.
a %s: Inserts the WLAN SSID if the DHCP packet originates from a WLAN client. For other clients, this variable contains
an empty string.
a %e: Inserts the serial number of the relay agent, to be found for example under Status > Hardware-Info > Serial
number.
Telnet path:
Setup > LAN-Bridge > DHCP-Snooping
Possible values:
Max. 30 characters [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_.
Default:
empty
2.20.40.5 Circuit ID
The circuit ID is a sub-option of the "Relay agent info" option. It uniquely identifies the interface used by the client to
make a DHCP request.
601
Menu Reference
2 Setup
You can use the following variables:
a %%: Inserts a percent sign.
a %c: Inserts the MAC address of the interface where the relay agent received the DHCP request. If a WLAN-SSID is
involved, then this is the corresponding BSSID.
a %i: Inserts the name of the interface where the relay agent received the DHCP request.
a %n: Inserts the name of the DHCP relay agent as specified under Setup > Name.
a %v: Inserts the VLAN ID of the DHCP request packet. This VLAN ID is sourced either from the VLAN header of the
DHCP packet or from the VLAN ID mapping for this interface.
a %p: Inserts the name of the Ethernet interface that received the DHCP packet. This variable is useful for devices
featuring an Ethernet switch or Ethernet mapper, because they can map multiple physical interfaces to a single logical
interface. For other devices, %p and %i are identical.
a %s: Inserts the WLAN SSID if the DHCP packet originates from a WLAN client. For other clients, this variable contains
an empty string.
a %e: Inserts the serial number of the relay agent, to be found for example under Status > Hardware-Info > Serial
number.
Telnet path:
Setup > LAN-Bridge > DHCP-Snooping
Possible values:
Max. 30 characters [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_.
Default:
empty
2.20.41 DHCPv6-Snooping
This is where you can configure the lightweight DHCPv6 relay agent.
Telnet path:
Setup > LAN-Bridge
2.20.41.1 Port
Indicates the physical or logical interface to which this DHCPv6-snooping configuration applies.
Telnet path:
Setup > LAN-Bridge > DHCPv6-Snooping
Possible values:
LAN-x
All physical LAN interfaces
WLAN-x
All physical WLAN interfaces
WLAN-x-x
All logical WLAN interfaces
602
Menu Reference
2 Setup
P2P-x-x
All logical P2P interfaces
WLC-TUNNEL-x
All virtual WLC tunnels
2.20.41.2 Orientation
Enable or disable DHCPv6 snooping here.
Telnet path:
Setup > LAN-Bridge > DHCPv6-Snooping
Possible values:
Network-Facing
Disables DHCPv6 snooping for this interface. The LDRA does not forward any DHCPv6 requests to a
DHCPv6 server.
Client-Facing:
Enables DHCPv6 snooping for this interface.
Default:
Network-Facing
2.20.41.3 Type
Here you set how the DHCP relay agent handles the "relay agent info" in incoming DHCP packets.
Telnet path:
Setup > LAN-Bridge > DHCPv6-Snooping
Possible values:
Trusted
The LDRA forwards DHCP requests from clients and also DHCP responses from DHCP servers.
Untrusted
If this interface is classified as untrusted, the LDRA discards DHCPv6-server requests to this interface.
This prevents unauthorized clients from acting as "rogue DHCPv6 servers". Similarly, the LDRA does not
forward DHCPv6 responses with the wrong interface ID to the client.
5
Interfaces that are facing clients should be set as untrusted.
Default:
Trusted
603
Menu Reference
2 Setup
2.20.41.4 Remote ID
According to RFC 4649, the remote ID uniquely identifies the client making a DHCPv6 request.
4
This option is analogous to the DHCP option "Remote ID" of the relay agent in IPv4.
You can use the following variables:
a %%: Inserts a percent sign.
a %c: Inserts the MAC address of the interface where the relay agent received the DHCP request. If a WLAN-SSID is
involved, then this is the corresponding BSSID.
a %i: Inserts the name of the interface where the relay agent received the DHCP request.
a %n: Inserts the name of the DHCP relay agent as specified under Setup > Name.
a %v: Inserts the VLAN ID of the DHCP request packet. This VLAN ID is sourced either from the VLAN header of the
DHCP packet or from the VLAN ID mapping for this interface.
a %p: Inserts the name of the Ethernet interface that received the DHCP packet. This variable is useful for devices
featuring an Ethernet switch or Ethernet mapper, because they can map multiple physical interfaces to a single logical
interface. For other devices, %p and %i are identical.
a %s: Inserts the WLAN SSID if the DHCP packet originates from a WLAN client. For other clients, this variable contains
an empty string.
a %e: Inserts the serial number of the relay agent, to be found for example under Status > Hardware-Info > Serial
number.
Telnet path:
Setup > LAN-Bridge > DHCPv6-Snooping
Possible values:
Max. 30 characters [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_.
Default:
empty
2.20.41.5 Interface-Id
The interface ID uniquely identifies the interface used by a client to make a DHCPv6 request.
You can use the following variables:
a %%: Inserts a percent sign.
a %c: Inserts the MAC address of the interface where the relay agent received the DHCP request. If a WLAN-SSID is
involved, then this is the corresponding BSSID.
a %i: Inserts the name of the interface where the relay agent received the DHCP request.
a %n: Inserts the name of the DHCP relay agent as specified under Setup > Name.
a %v: Inserts the VLAN ID of the DHCP request packet. This VLAN ID is sourced either from the VLAN header of the
DHCP packet or from the VLAN ID mapping for this interface.
a %p: Inserts the name of the Ethernet interface that received the DHCP packet. This variable is useful for devices
featuring an Ethernet switch or Ethernet mapper, because they can map multiple physical interfaces to a single logical
interface. For other devices, %p and %i are identical.
a %s: Inserts the WLAN SSID if the DHCP packet originates from a WLAN client. For other clients, this variable contains
an empty string.
a %e: Inserts the serial number of the relay agent, to be found for example under Status > Hardware-Info > Serial
number.
604
Menu Reference
2 Setup
Telnet path:
Setup > LAN-Bridge > DHCPv6-Snooping
Possible values:
Max. 30 characters [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_.
Default:
empty
2.20.41.6 Server address
You can set the IPv6 address of a DHCPv6 server here.
4
Leave this field blank if you want to receive responses from all DHCPv6 servers on the network. Otherwise the
LDRA reacts only to DHCPv6 responses from the server you have specified. In this case, the LDRA discards
responses from other DHCPv6 servers.
Telnet path:
Setup > LAN-Bridge > DHCPv6-Snooping
Possible values:
Max. 39 characters 0123456789ABCDEFabcdef:.
Default:
empty
2.20.42 RA-Snooping
You can configure the RA snooping here.
Telnet path:
Setup > LAN-Bridge
2.20.42.1 Port
Indicates the physical or logical interface to which this RA-snooping configuration applies.
Telnet path:
Setup > LAN-Bridge > RA-Snooping
Possible values:
LAN-x
All physical LAN interfaces
WLAN-x
All physical WLAN interfaces
605
Menu Reference
2 Setup
WLAN-x-x
All logical WLAN interfaces
P2P-x-x
All logical P2P interfaces
WLC-TUNNEL-x
All virtual WLC tunnels
2.20.42.3 Orientation
Specify the preferred interface type here.
Telnet path:
Setup > LAN-Bridge > RA-Snooping
Possible values:
Router
The device mediates all of the RAs arriving at this interface.
Client
The device discards all of the RAs arriving at this interface.
Default:
Router
2.20.42.4 Router-Address
If you have selected the interface type Router, enter an optional router address here. If you specify a router address,
the device will only mediate RAs from that router. With the interface type Client selected, the device ignores this input
field.
Telnet path:
Setup > LAN-Bridge > RA-Snooping
Possible values:
Max. 39 characters 0123456789ABCDEFabcdef:.
Default:
empty
2.20.43 PPPoE snooping
Here you configure PPPoE snooping for each interface.
Telnet path:
Setup > LAN-Bridge
606
Menu Reference
2 Setup
2.20.43.1 Port
Indicates the physical or logical interface to which this PPPoE-snooping configuration applies.
Telnet path:
Setup > LAN-Bridge > PPPoE-Snooping
Possible values:
LAN-x
All physical LAN interfaces
WLAN-x
All physical WLAN interfaces
WLAN-x-x
All logical WLAN interfaces
P2P-x-x
All logical P2P interfaces
WLC-TUNNEL-x
All virtual WLC tunnels
GRE-TUNNEL-x
All virtual GRE tunnels
2.20.43.2 Add agent info
Here you decide whether the PPPoE intermediate agent gives incoming PPPoE packets a manufacturer-specific PPPoE
tag with the vendor ID “3561” before forwarding the request to a PPPoE server.
This option allows the PPPoE intermediate agent to deliver additional information to the PPPoE server about the interface
used by the client to make the request.
The PPPoE tag is composed of values for the Remote ID and the Circuit ID.
4
If these two fields are empty, the PPPoE intermediate agent does not add a PPPoE tag to the data packets.
Telnet path:
Setup > LAN-Bridge > PPPoE-Snooping
Possible values:
Yes
Adds “relay agent info” to the PPPoE packets.
No
This setting disables PPPoE snooping for this interface.
Default:
No
607
Menu Reference
2 Setup
2.20.43.3 Remote ID
The remote ID is a sub-option of the PPPoE intermediate agent option. It uniquely identifies the client making a PPPoE
request.
You can use the following variables:
a %%: Inserts a percent sign.
a %c: Inserts the MAC address of the interface where the PPPoE intermediate agent received the PPPoE request. If a
WLAN-SSID is involved, then this is the corresponding BSSID.
a %c: Inserts the name of the interface where the PPPoE intermediate agent received the PPPoE request.
a %n: Inserts the name of the PPPoE intermediate agent as specified under Setup > Name.
a %v: Inserts the VLAN ID of the PPPoE request packet. This VLAN ID is sourced either from the VLAN header of the
PPPoE data packet or from the VLAN ID mapping for this interface.
a %p: Inserts the name of the Ethernet interface that received the PPPoE data packet. This variable is useful for devices
featuring an Ethernet switch or Ethernet mapper, because they can map multiple physical interfaces to a single logical
interface. For other devices, %p and %i are identical.
a %s: Inserts the WLAN SSID if the PPPoE packet originates from a WLAN client. For other clients, this variable contains
an empty string.
a %e: Inserts the serial number of the PPPoE relay agent, to be found for example under Status > Hardware-Info >
Serial number.
Telnet path:
Setup > LAN-Bridge > PPPoE-Snooping
Possible values:
Max. 30 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_.
Default:
empty
2.20.43.4 Circuit ID
The circuit ID is a sub-option of the PPPoE intermediate agent info option. It uniquely identifies the interface used by
the client to make a PPPoE request.
You can use the following variables:
a %%: Inserts a percent sign.
a %c: Inserts the MAC address of the interface where the PPPoE intermediate agent received the PPPoE request. If a
WLAN-SSID is involved, then this is the corresponding BSSID.
a %c: Inserts the name of the interface where the PPPoE intermediate agent received the PPPoE request.
a %n: Inserts the name of the PPPoE intermediate agent as specified under Setup > Name.
a %v: Inserts the VLAN ID of the PPPoE request packet. This VLAN ID is sourced either from the VLAN header of the
PPPoE data packet or from the VLAN ID mapping for this interface.
a %p: Inserts the name of the Ethernet interface that received the PPPoE data packet. This variable is useful for devices
featuring an Ethernet switch or Ethernet mapper, because they can map multiple physical interfaces to a single logical
interface. For other devices, %p and %i are identical.
a %s: Inserts the WLAN SSID if the PPPoE packet originates from a WLAN client. For other clients, this variable contains
an empty string.
a %e: Inserts the serial number of the PPPoE relay agent, to be found for example under Status > Hardware-Info >
Serial number.
608
Menu Reference
2 Setup
Telnet path:
Setup > LAN-Bridge > PPPoE-Snooping
Possible values:
Max. 30 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_.
Default:
empty
2.20.43.5 Discard server packets
Here you decide whether the PPPoE intermediate agent retains or discards any existing PPPoE tags.
Telnet path:
Setup > LAN-Bridge > PPPoE-Snooping
Possible values:
Yes
The PPPoE intermediate Agent removes existing PPPoE tags and leaves both the “Circuit ID” and the
“Remote ID” empty.
No
The PPPoE intermediate agent takes over any existing PPPoE tags.
Default:
No
2.21 HTTP
This menu contains the HTTP settings.
Telnet path:
Setup
Possible values:
4 … 180 Seconds
Default:
20
2.21.1 Document root
This parameter defines the path to a directory where the help for WEBconfig is stored locally.
609
Menu Reference
2 Setup
Telnet path:
Setup > HTTP
Possible values:
Max. 99 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.21.2 Page headers
Use this setting to choose whether the page headers of the HTTP pages for the Public Spot should be displayed as text
or as images.
5
The settings for the page headers are intended exclusively for development and support purposes. Do not alter
the pre-set values for these parameters. An irregular configuration may cause the devices to behave unexpectedly
during operations.
Telnet path:
Setup > HTTP
Possible values:
Images
Texts
Default:
Images
2.21.3 Font family
Font family for Web interface display.
Telnet path:
Setup > HTTP
Possible values:
Max. 39 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
helvetica,sans-serif
2.21.5 Page headers
Select here whether the Public Spot displays the page headers of the standard pages as text or graphics.
610
Menu Reference
2 Setup
Telnet path:
Setup > HTTP
Possible values:
Images
Texts
Default:
Images
2.21.6 Error page style
Normal error display or bluescreen
Telnet path:
Setup > HTTP
Possible values:
Standard
Nifty
Default:
Standard
2.21.7 Port
Port for the HTTP server connection.
Telnet path:
Setup > HTTP
Possible values:
Max. 5 characters from [0-9]
Default:
80
2.21.9 Max-Tunnel-Connections
The maximum number of simultaneously active HTTP tunnels
Telnet path:
Setup > HTTP
611
Menu Reference
2 Setup
Possible values:
1 … 255
Default:
3
2.21.10 Tunnel-Idle-Timeout
Life-expectancy of an inactive tunnel. After expiry of this time period the tunnel closes automatically unless data transfer
is actively taking place.
Telnet path:
Setup > HTTP
Possible values:
1 … 4294967295 Seconds
Default:
300
2.21.11 Session timeout
Period of validity (lease) for the WEBconfig session without user activity, in seconds. When this period expires the password
must be reentered.
Telnet path:
Setup > HTTP
Possible values:
1 … 4294967295 Seconds
Default:
600
2.21.13 Standard design
Selects the design that will be used by default to display WEBconfig.
Telnet path:
Setup > HTTP
612
Menu Reference
2 Setup
Possible values:
Normal_design
Design_for_small_resolutions
Design_for_high_contrast
Default:
Normal_design
2.21.14 Show device information
This table defines the system information that is displayed on the System data/ Device status page in WEBconfig.
Telnet path:
Setup > HTTP
2.21.14.1 Device-information
Selection of device information to be displayed in WEBconfig.
Telnet path:
Setup > HTTP > Show-device-information
613
Menu Reference
2 Setup
Possible values:
CPU
Memory
UMTS/Modem-Interface
Ethernet ports
P2P connections
Throughput(Ethernet)
Router
Firewall
DHCP
DNS
VPN
Connections
Time
IPv4 addresses
IPv6 addresses
IPv6 prefixes
DHCPv6 client
DHCPv6 server
Operating-Time
ADSL
ISDN
DSLoL
2.21.14.2 Position
Index for the sequence for the display of device information.
Telnet path:
Setup > HTTP > Show-device-information
Possible values:
Max. 10 characters from [0-9]
Default:
0
2.21.14.2 Position
The contents of WEBconfig are compressed in order to speed up the display. The compression can be deactivated for
browsers that do not support it.
Telnet path:
Setup > HTTP
614
Menu Reference
2 Setup
Possible values:
Operating
Only_for_WAN
Deactivated
Default:
Operating
2.21.16 Keep-Server-Ports-Open
This menu contains the parameters for restricting access to the web server services.
Telnet path:
Setup > HTTP
2.21.16.1 Ifc.
Here, the settings for access to the web-server services can be adjusted for each of the access interfaces available on
the device (model dependent, e.g. LAN, WAN, WLAN).
Telnet path:
Setup > HTTP > Keep-Server-Ports-Open
2.21.16.2 Keep-Server-Ports-Open
You can decide whether access to the device configuration via HTTP is to be enabled, disabled or limited to read-only.
Irrespective of this, access to the web server services can be regulated separately, e.g. to enable communication via
CAPWAP, SSL-VPN or SCEP-CA via HTTP(S), even if HTTP(S) has been disabled.
For each access method (LAN, WAN, WLAN, depending on the device), you set the access rights for the device's web
server services at the HTTP server port.
Telnet path:
Setup > HTTP > Keep-Server-Ports-Open
Possible values:
Automatic
The HTTP server port is open, as long as a service is registered (e.g. CAPWAP). If no service is registered,
the server port will be closed.
Activated
The HTTP server port is always open, even if access to the configuration with HTTP is disabled. This can
be used to restrict direct access to the configuration. However, the automatic configuration of APs by
a WLAN controller is still possible.
615
Menu Reference
2 Setup
Disabled
The HTTP server port is closed and no service can use the web server. If access to the configuration via
HTTP is enabled, then a message is displayed expressing that the web server is not available.
Default:
Automatic
2.21.20 Rollout-Wizard
This menu contains the settings for the Rollout Wizard.
Telnet path:
Setup > HTTP
2.21.20.1 Operating
Switches the Rollout Wizard on or off. After being switched on the Wizard appears as an option on the WEBconfig start
page.
Telnet path:
Setup > HTTP > Rollout-Wizard
Possible values:
No
Yes
Default:
No
2.21.20.2 Title
The name for the Rollout Wizard as displayed in the navigation tree in WEBconfig under Setup Wizards.
Telnet path:
Setup > HTTP > Rollout-Wizard
Possible values:
Max. 50 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
Rollout
616
Menu Reference
2 Setup
2.21.20.8 Use extra checks
This option enables consistency tests that check some internal aspects of the wizard.
5
Executing these additional tests is very time consuming. Activate this option only during development of the
wizard and deactivate this option for normal operation.
Telnet path:
Setup > HTTP > Rollout-Wizard
Possible values:
No
Yes
Default:
No
2.21.20.9 Presets
This table enables you to predefine the values for all of the parameters that are requested by the Default Rollout Wizard.
Parameters configured in this way are no longer queried when you run the Default Rollout Wizard.
5
A 'blank' predefined value for Port and for Source loopback address will be interpreted by the device as the
entry 'Auto'. In this case, the Default Rollout Wizard uses the corresponding HTTP(S) standard port and, as the
loopback address, the address of your device that matches to the target. If you are working with different ARF
networks, you must use the loopback address to specify the ARF where the LSR server is located.
Telnet path:
Setup > HTTP > Rollout-Wizard
2.21.20.9.1 Name
This entry shows the name of the parameter that can be filled with preset values.
Telnet path:
Setup > HTTP > Rollout-Wizard > Presets
2.21.20.9.2 Preset
This entry shows the preset value for the corresponding parameter in the Rollout Wizard.
Telnet path:
Setup > HTTP > Rollout-Wizard > Presets
Possible values:
Max. 127 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
617
Menu Reference
2 Setup
Default:
empty
2.21.20.9.3 Use preset
This entry defines whether the parameter value configured here is to be used by the Rollout Wizard. If set to yes, the
Rollout Wizard will no longer query this parameter.
Telnet path:
Setup > HTTP > Rollout-Wizard > Presets
Possible values:
No
Yes
Default:
No
2.21.20.10 Delete Wizard
This action deletes a user-defined Rollout Wizard. When you enable the Rollout Wizard in future, the device uses the
internal LCOS default wizard.
Telnet path:
Setup > HTTP > Rollout-Wizard
2.21.20.11 SSL
This menu contains the SSL configuration for the Rollout Wizard.
Telnet path:
Setup > HTTP > Rollout-Wizard
2.21.20.11.1 Versions
Here you select the encryption version(s) to be used.
Telnet path:
Setup > HTTP > Rollout-Wizard > SSL
618
Menu Reference
2 Setup
Possible values:
SSLv3
TLSv1
TLSv1.1
TLSv1.2
Default:
TLSv1
2.21.20.11.2 Key-exchange algorithms
Here you select the algorithms to be used for the key exchange.
Telnet path:
Setup > HTTP > Rollout-Wizard > SSL
Possible values:
RSA
DHE
ECDHE
Default:
RSA
DHE
ECDHE
2.21.20.11.3 Crypto algorithms
Here you select the encryption algorithms to be used.
Telnet path:
Setup > HTTP > Rollout-Wizard > SSL
619
Menu Reference
2 Setup
Possible values:
RC4-40
RC4-56
RC4-128
DES40
DES
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
Default:
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
2.21.20.11.4 Hash algorithms
Here you select the hash algorithms to be used.
Telnet path:
Setup > HTTP > Rollout-Wizard > SSL
Possible values:
MD5
SHA1
SHA-256
SHA-384
SHA2-256
SHA2-384
Default:
MD5
SHA1
SHA-256
SHA-384
SHA2-256
620
Menu Reference
2 Setup
SHA2-384
2.21.20.11.5 Prefer PFS
Specify whether PFS (perfect forward secrecy) is enabled for the SSL/TLS secured connection.
5
To disable this function, uncheck the box.
Telnet path:
Setup > HTTP > Rollout-Wizard > SSL
Possible values:
Yes
Default:
Yes
2.21.20.11.6 Renegotiations
This setting gives you control over whether the client can trigger a renegotiation of SSL/TLS.
Telnet path:
Setup > HTTP > Rollout-Wizard > SSL
Possible values:
Forbidden
The device disconnects from the remote station if this requests a renegotiation.
Allowed
The device permits renegotiations with the remote station.
Ignored
The device ignores the request to renegotiate sent by the remote station.
Default:
Allowed
2.21.20.11.7 Elliptic curves
Here you specify which elliptic curves are to be used for encryption.
Telnet path:
Setup > HTTP > Rollout-Wizard > SSL
621
Menu Reference
2 Setup
Possible values:
secp256r1
secp256r1 is used for encryption.
secp384r1
secp384r1 is used for encryption.
secp521r1
secp521r1 is used for encryption.
Default:
secp256r1
secp384r1
secp521r1
2.21.20.11.21 Signature hash algorithms
Use this entry to specify which hash algorithm is used to encrypt the signature.
Telnet path:
Setup > HTTP > Rollout-Wizard > SSL
Possible values:
MD5-RSA
SHA1-RSA
SHA224-RSA
SHA256-RSA
SHA384-RSA
SHA512-RSA
Default:
SHA1-RSA
SHA224-RSA
SHA256-RSA
SHA384-RSA
SHA512-RSA
622
Menu Reference
2 Setup
2.21.21 Max-HTTP-Job-Count
Using this setting you specify the maximum number of HTTPS jobs. An HTTP job exists when LCOS is serving an HTTP
connection from a client, for example in the form of a request to WEBconfig. The setting therefore defines the maximum
number of concurrent HTTP connections.
Telnet path:
Setup > HTTP
Possible values:
5 … 512
Default:
Depends on device
2.21.22 Disable-Password-Autocompletion
This switch controls whether the WEBconfig login dialog allows the browser to save user input to the password form
field for subsequent auto-completion.
Telnet path:
Setup > HTTP
Possible values:
No
The browser may not save the contents of the password form field. The WEBconfig input mask forces
the user to enter the password manually.
Yes
The browser saves the input of the password form field and automatically fills-in the field the next time
the login dialog is called.
Default:
No
2.21.30 File server
This menu contains the file-server settings for external USB data media.
Telnet path:
Setup > HTTP
2.21.30.1 Public-Subdir
This directory is the root directory on a USB medium. The device ignores all other files on the USB medium.
623
Menu Reference
2 Setup
Telnet path:
Setup > HTTP > File-Server
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
public_html
2.21.30.2 Operating
This parameter activates or deactivates the file server for USB media.
Telnet path:
Setup > HTTP > File-Server
Possible values:
Yes
No
Default:
Yes
2.21.40 SSL
The parameters for HTTPS connections are specified here.
Telnet path:
Setup > HTTP
2.21.40.3 Versions
This bitmask specifies which versions of the protocol are allowed.
Telnet path:
Setup > HTTP > SSL
624
Menu Reference
2 Setup
Possible values:
SSLv3
TLSv1
TLSv1.1
TLSv1.2
Default:
SSLv3
TLSv1
2.21.40.4 Key-exchange algorithms
This bitmask specifies which key-exchange methods are available.
Telnet path:
Setup > HTTP > SSL
Possible values:
RSA
DHE
ECDHE
Default:
RSA
DHE
ECDHE
2.21.40.5 Crypro algorithms
This bitmask specifies which cryptographic algorithms are allowed.
Telnet path:
Setup > HTTP > SSL
625
Menu Reference
2 Setup
Possible values:
RC4-40
RC4-56
RC4-128
DES40
DES
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
Default:
3DES
AES-128
AES-256
AESGCM-128
AESGCM-256
2.21.40.6 Hash algorithms
This bit mask specifies which hash algorithms are allowed and implies what HMAC algorithms used to protect of the
integrity of the messages.
Telnet path:
Setup > HTTP > SSL
Possible values:
MD5
SHA1
SHA2-256
SHA2-384
Default:
MD5
SHA1
SHA2-256
SHA2-384
626
Menu Reference
2 Setup
2.21.40.7 Prefer PFS
When setting the cipher suite, the device usually takes over the same setting as the requesting client. Certain client
applications by default require a connection without perfect forward secrecy (PFS), even though both the device and the
client are PFS-capable.
This option means that your device always prefers to connect with PFS, regardless of the default setting of the client.
Telnet path:
Setup > HTTP > SSL
Possible values:
On
Off
Default:
On
2.21.40.8 Renegotiations
This setting gives you control over whether the client can trigger a renegotiation of SSL/TLS.
Telnet path:
Setup > HTTP > SSL
Possible values:
Forbidden
The device disconnects from the remote station if this requests a renegotiation.
Allowed
The device permits renegotiations with the remote station.
Ignored
The device ignores the request to renegotiate sent by the remote station.
Default:
Allowed
2.21.40.9 Elliptic curves
Here you specify which elliptic curves are to be used for encryption.
Telnet path:
Setup > HTTP > SSL
627
Menu Reference
2 Setup
Possible values:
secp256r1
secp256r1 is used for encryption.
secp384r1
secp384r1 is used for encryption.
secp521r1
secp521r1 is used for encryption.
Default:
secp256r1
secp384r1
secp521r1
2.21.40.10 Port
Port for the HTTPS server connection
Telnet path:
Setup > HTTP > SSL
Possible values:
0 … 65535
Default:
443
2.21.40.11 Use-User-Provided-Certificate
Here you select whether you want to use a user-provided certificate.
Telnet path:
Setup > HTTP > SSL
Possible values:
Yes
No
Default:
Yes
628
Menu Reference
2 Setup
2.21.40.23 Signature hash algorithms
Use this entry to specify which hash algorithm is used to encrypt the signature.
Telnet path:
Setup > HTTP > SSL
Possible values:
MD5-RSA
SHA1-RSA
SHA224-RSA
SHA256-RSA
SHA384-RSA
SHA512-RSA
Default:
SHA1-RSA
SHA224-RSA
SHA256-RSA
SHA384-RSA
SHA512-RSA
2.22 SYSLOG
This menu contains the SYSLOG settings.
Telnet path:
Setup
2.22.1 Operating
Activates the dispatch of information about system events to the configured SYSLOG client.
Telnet path:
Setup > SYSLOG
629
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
Yes
2.22.2 SYSLOG table
This table defines the SYSLOG clients.
Telnet path:
Setup > SYSLOG
Possible values:
Yes
No
Default:
Yes
2.22.2.1 Idx.
Position of the entry in the table.
Telnet path:
Setup > SYSLOG > SYSLOG table
Possible values:
Max. 4 characters from [0-9]
Default:
empty
2.22.2.3 Source
Here you select which source is entered in the SYSLOG messages.
Telnet path:
Setup > SYSLOG > SYSLOG table
630
Menu Reference
2 Setup
Possible values:
None
System
Login
System time
Console login
Connections
Accounting
Administration
Router
Default:
None
2.22.2.4 Level
Here you select the source that is entered in the SYSLOG messages. Multiple entries can be selected.
Telnet path:
Setup > SYSLOG > SYSLOG table
Possible values:
None
Alert
Error
Warning
Info
Debug
Default:
None
2.22.2.6 Loopback-Addr.
Sender address entered into the SYSLOG message. No answer is expected to a SYSLOG message.
Telnet path:
Setup > SYSLOG > SYSLOG table
631
Menu Reference
2 Setup
Possible values:
Name of the IP networks whose addresses are to be used.
"INT" for the address of the first intranet.
"DMZ" for the address of the first DMZ.
LB0 to LBF for the 16 loopback addresses.
Any valid IP address.
2.22.2.7 IP address
Contains the IP address of the SYSLOG server. This can be specified as an IPv4 or IPv6 address, or as a DNS name.
Telnet path:
Setup > SYSLOG > SYSLOG table
Possible values:
Max. 64 characters from [A-Z][a-z][0-9].-:%
2.22.3 Facility-Mapper
This table defines the allocation of SYSLOG sources to facilities.
Telnet path:
Setup > SYSLOG
2.22.3.1 Source
The mapping of sources to specific facilities.
Telnet path:
Setup > SYSLOG > Facility-Mapper
Possible values:
System
Logins
System time
Console login
Connections
Accounting
Administration
Router
2.22.3.2 Facility
The mapping of sources to specific facilities.
632
Menu Reference
2 Setup
Telnet path:
Setup > SYSLOG > Facility-Mapper
Possible values:
KERN
USER
MAIL
DAEMON
AUTH
SYSLOG
LPR
NEWS
UUCP
CRON
AUTHPRIV
SYSTEM0
SYSTEM1
SYSTEM2
SYSTEM3
SYSTEM4
LOCAL0
LOCAL1
LOCAL2
LOCAL3
LOCAL4
LOCAL5
LOCAL6
LOCAL7
2.22.4 Port
Port used for sending SYSLOG messages.
Telnet path:
Setup > SYSLOG
Possible values:
Max. 10 characters from [0-9]
Default:
514
2.22.5 Messages-Table-Order
This item determines the order in which the messages table is displayed.
Telnet path:
Setup > SYSLOG
633
Menu Reference
2 Setup
Possible values:
Oldest on top
Newest on top
Default:
Newest on top
2.22.6 Backup interval
This parameter defines the interval in hours for the boot-persistent storage of SYSLOG messages to the flash memory of
the device.
Telnet path:
Setup > SYSLOG
Possible values:
1 … 99 Hours
Default:
2
2.22.7 Backup active
Enables the boot-persistent storage of SYSLOG messages to the flash memory of the device.
Telnet path:
Setup > SYSLOG
Possible values:
No
Yes
Default:
Yes
2.22.8 Log-CLI-Changes
This parameter enables logging of the commands entered on the command line. Enable this parameter to log an entry
in the internal SYSLOG memory when a command is entered on the command line of the device.
5
634
This protocol logs commands entered on the command line only. Configuration changes and actions made using
LANconfig and WEBconfig are not logged.
Menu Reference
2 Setup
Telnet path:
Setup > SYSLOG
Possible values:
No
Yes
Default:
No
2.22.9 Max-Message-Age
This parameter defines the maximum period for retaining SYSLOG messages in the internal SYSLOG memory of the device
in hours. After this period expires the device automatically deletes the obsolete SYSLOG messages if auto-delete is
activated under Remove old messages.
Telnet path:
Setup > SYSLOG
Possible values:
1 … 99 Hours
Default:
24
2.22.10 Remove-Old-Messages
This parameter enables deletion of the SYSLOG messages in the device after the period set for Maximum-message-age.
Telnet path:
Setup > SYSLOG
Possible values:
No
Yes
Default:
No
2.22.11 Max. age unit
This parameter determines whether the message age is specified in hours, days and months.
635
Menu Reference
2 Setup
5
In this case, a month is 30 days.
Telnet path:
Setup > SYSLOG
Possible values:
Hour
Day
Month
Default:
Hour
2.22.12 Critical prio
With this setting you define the lowest syslog priority considered by the device to be 'critical'. As of this priority level,
the device generates the corresponding alerts that you recieve, for example, in WEBconfig.
Telnet path:
Setup > SYSLOG
Possible values:
Emergency
Alert
Critical
Error
Warning
Notice
Info
Debug
Default:
Critical
2.23 Interfaces
This menu contains the settings for the interfaces.
Telnet path:
Setup
636
Menu Reference
2 Setup
2.23.1 S0
This item allows you to make further settings for the device interface.
Telnet path:
Setup > Interfaces
2.23.1.1 Ifc
Select the device ISDN interface which the settings relate to, e.g. S0-1 or S0-2.
Telnet path:
Setup > Interfaces > S0
2.23.1.2 Protocol
This item allows you to select the D-channel protocol for this interface.
Telnet path:
Setup > Interfaces > S0
Possible values:
No
DSS1
1TR6
P2P-DSS1
GRP0
Auto
Default:
Auto
2.23.1.7 LL B-channel
This item allows you to set the leased-line channel if the device is operated with a Group 0-type leased-line connection.
Telnet path:
Setup > Interfaces > S0
637
Menu Reference
2 Setup
Possible values:
None
B1
B2
Default:
None
2.23.1.9 Dial prefix
The number entered here will be placed in front of all telephone numbers making outgoing calls.
This is useful, for example, if your device is operated in a PBX that requires an outside-line access code. This number
should be entered here.
Telnet path:
Setup > Interfaces > S0
Possible values:
Max. 8 characters from [0-9]
Default:
empty
2.23.1.13 Max-in-calls
This setting allows you to place a limit on the number of concurrent calls that can be made over this interface. One
advantage of this is that you can always leave a line free for other devices.
Telnet path:
Setup > Interfaces > S0
Possible values:
None
One
Two
Default:
Two
2.23.1.14 Max-out-calls
This setting allows you to place a limit on the number of concurrent calls that can be made over this interface. One
advantage of this is that you can always leave a line free for other devices.
638
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > S0
Possible values:
None
One
Two
Default:
Two
2.23.1.27 Termination
This entry determines whether the selected interface is terminated.
Telnet path:
Setup > Interfaces > S0
Possible values:
No
Yes
Default:
Yes
2.23.4 DSL
The settings for the DSL interface are located here.
Telnet path:
Setup > Interfaces
2.23.4.1 Ifc
Select the interface, from those available on the device, which the settings relate to, e.g. DSL-1, ADSL, VDSL or UMTS.
5
The selection options depend on the equipment of the device.
Telnet path:
Setup > Interfaces > DSL
639
Menu Reference
2 Setup
2.23.4.2 Operating
Here you can specify whether the interface is active or not.
Telnet path:
Setup > Interfaces > DSL
Possible values:
No
Yes
Default:
No
2.23.4.6 Mode
This item selects the mode in which the WAN interface is operated. In automatic mode, all PPPoE frames and all data
packets belonging to a connection established over the DSLoL interface (as configured in the IP parameter list) are routed
via the DSLoL interface (WAN). All other data packets are treated as normal LAN packets. In exclusive mode, the LAN
interface operates as a WAN interface only.
Telnet path:
Setup > Interfaces > DSL
Possible values:
Auto
Exclusive
Default:
Exclusive
2.23.4.16 Upstream rate
This item allows you to set the gross upstream rate for this port. The data rate entered here (kbps) limits the outgoing
data streams from the device.
Telnet path:
Setup > Interfaces > DSL
Possible values:
Max. 6 characters from [0-9]
Default:
empty
640
Menu Reference
2 Setup
Special values:
0
No limitation on the amount of data transferred.
2.23.4.17 Ext.-Overhead
The external overhead results from the data that the modem attaches to each packet. For PPPoE connections, this is 4
bytes for the LLC header and 8 bytes for the AAL 5 trailer. The modem cannot send "partial" ATM cells, so on average
half an ATM cell (= 24 bytes) must be allowed for additionally. The resulting total overhead is thus 36 bytes per transmitted
packet.
Telnet path:
Setup > Interfaces > DSL
Possible values:
Max. 3 characters from [0-9]
Default:
empty
2.23.4.18 Downstream rate
The downstream rate is measured in kilobits and includes everything arriving at the router over the WAN Ethernet. For
example, on a T-DSL connection with guaranteed 768 kbit downstream, the upstream rate negotiated by the modem is
864 kbit. This still includes an overhead typical for this type of connection, which results from the modem using ATM as
the transport protocol. If we adjust the 864 kbit to allow for the overhead that results from the structure of an ATM cell
(48 bytes of payload for a cell length of 53 bytes), we arrive at 864 * 48/53 = 792 kbit gross downstream rate, which is
transferred from the modem to the router over Ethernet. If data rates negotiated by the modem are unknown, it is
possible to multiply the guaranteed data rates by 56/55 to approximate the gross data rates.
Telnet path:
Setup > Interfaces > DSL
Possible values:
Max. 6 characters from [0-9]
Default:
empty
Special values:
0
No restriction on the received data traffic.
2.23.4.23 LAN Ifc
Select the LAN interface that the DSLoL interface is linked with.
641
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > DSL
Possible values:
LAN-1
WLAN-1
P2P-1-1
P2P-1-2
P2P-1-3
P2P-1-4
P2P-1-5
P2P-1-6
WLAN-1-2
WLAN-1-3
WLAN-1-4
WLAN-1-5
WLAN-1-6
WLAN-1-7
WLAN-1-8
BRG-1
BRG-2
BRG-3
BRG-4
BRG-5
BRG-6
BRG-7
BRG-8
Any
Default:
LAN-1
2.23.6 ADSL interface
The settings for the ADSL interface are located here.
Telnet path:
Setup > Interfaces
2.23.6.1 Ifc
Select the relevant interface here.
5
The selection options depend on the equipment of the device.
Telnet path:
Setup > Interfaces > ADSL-Interface
642
Menu Reference
2 Setup
Possible values:
ADSL
S0-1
DSL-1
DSL-2
DSL-3
UMTS
2.23.6.2 Protocol
Select the protocol that you want to use for this interface.
With ADSL multimode, the protocols G.DMT, T1.413 and G. Lite are all tried in sequence. Auto mode first attempts to
connect using the ADSL2+ protocol. If no connection can be made, the system falls back successively to ADSL2 or G.DMT.
Telnet path:
Setup > Interfaces > ADSL-Interface
Possible values:
No
Auto
ADSL2+
ADSL2
ADSL-Multimode
Annex-M-Auto
G.Dmt
T1.413
Default:
No
2.23.6.16 Upstream rate
This item allows you to set the gross upstream rate for this port. The data rate entered here (kbps) limits the outgoing
data streams from the device.
Telnet path:
Setup > Interfaces > ADSL-Interface
Possible values:
Max. 6 characters from [0-9]
Default:
0
Special values:
0
The value used is negotiated automatically.
643
Menu Reference
2 Setup
2.23.6.18 Downstream rate
The downstream rate is measured in kilobits and includes everything arriving at the router over the WAN interface. For
example, on a connection with guaranteed 768 kbps downstream, the upstream rate negotiated by the modem is 864
kbps. This still includes an overhead typical for this type of connection, which results from the modem using ATM as the
transport protocol. If we adjust the 864 kbps to allow for the overhead that results from the structure of an ATM cell (48
bytes of payload for a cell length of 53 bytes), we arrive at 864 * 48/53 = 792 kbps gross downstream rate, which is
transferred from the modem to the router over Ethernet. If data rates negotiated by the modem are unknown, it is
possible to multiply the guaranteed data rates by 56/55 to approximate the gross data rates.
Telnet path:
Setup > Interfaces > ADSL-Interface
Possible values:
Max. 6 characters from [0-9]
Default:
0
Special values:
0
The value used is negotiated automatically.
2.23.7 Modem-Mobile
The settings for the mobile-telephony modem are located here.
Telnet path:
Setup > Interfaces
2.23.7.1 Ifc
Here you select the interface which you want to configure.
5
The selection options depend on the equipment of the device.
Telnet path:
Setup > Interfaces > Modem-Mobile
644
Menu Reference
2 Setup
Possible values:
DSL-1
EXT
ADSL
S0-1
DSL-1
DSL-2
DSL-3
UMTS
2.23.7.2 Operating
Select the operating mode for the interface.
Telnet path:
Setup > Interfaces > Modem-Mobile
Possible values:
No
Modem
WWAN
UMTS-GPRS
Default:
No
2.23.7.21 Data rate
Select the data rate in kilobytes per second used to transfer the data streams.
Telnet path:
Setup > Interfaces > Modem-Mobile
Possible values:
19200
38400
57600
115200
Default:
115200
645
Menu Reference
2 Setup
2.23.7.22 Profile
Here you select the profile to be used for the UMTS interface.
Telnet path:
Setup > Interfaces > Modem-Mobile
Possible values:
Max. 16 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.23.8 VDSL
This menu contains the settings for the VDSL interface.
Telnet path:
Setup > Interfaces
2.23.8.1 Ifc
Name of the interface.
Telnet path:
Setup > Interfaces > VDSL
2.23.8.2 Protocol
This parameter specifies the protocol or standard used by the interface for data transmission.
Telnet path:
Setup > Interfaces > VDSL
Possible values:
Off
This setting disables the VDSL interface.
Auto
The device automatically selects the best transmission protocol.
VDSL
The device uses VDSL2 according to ITU-T G.993.2.
ADSL
ADSL2+
The device uses ADSL2+ according to ITU-T G.992.5.
ADSL2
The device uses ADSL2 according to ITU-T G.992.3.
646
Menu Reference
2 Setup
ADSL1
The device uses ADSL1 according to ITU-T G.992.1 or G.DMT.
ADSL2+J
The device uses ADSL2+ according to ITU-T G.992.5 Annex J.
ADSL2J
The device uses ADSL2+ according to ITU-T G.992.3 Annex J.
Default:
Auto
2.23.8.16 Upstream rate
This item allows you to set the gross upstream rate for this port. The data rate entered here (kbps) limits the outgoing
data streams from the device.
Telnet path:
Setup > Interfaces > VDSL
Possible values:
Max. 6 characters from [0-9]
Default:
0
Special values:
0
The value used is negotiated automatically.
2.23.8.18 Downstream rate
The downstream rate is measured in kilobits and includes everything arriving at the router over the WAN interface. For
example, on a connection with guaranteed 768 kbps downstream, the upstream rate negotiated by the modem is 864
kbps. This still includes an overhead typical for this type of connection, which results from the modem using ATM as the
transport protocol. If we adjust the 864 kbps to allow for the overhead that results from the structure of an ATM cell (48
bytes of payload for a cell length of 53 bytes), we arrive at 864 * 48/53 = 792 kbps gross downstream rate, which is
transferred from the modem to the router over Ethernet. If data rates negotiated by the modem are unknown, it is
possible to multiply the guaranteed data rates by 56/55 to approximate the gross data rates.
Telnet path:
Setup > Interfaces > VDSL
Possible values:
Max. 6 characters from [0-9]
Default:
0
647
Menu Reference
2 Setup
Special values:
0
The value used is negotiated automatically.
2.23.8.25 Handshake
This entry sets the data-flow control to be used for VDSL.
Telnet path:
Setup > Interfaces > VDSL
Possible values:
Chipset-default
V43 if needed
V43 enabled
V43 disabled
Default:
Chipset-default
2.23.8.26 Linecode
This item allows you to select the preferred modulation method for this device.
Telnet path:
Setup > Interfaces > VDSL
2.23.18 Permanent L1 activation
Permanent L1 activation prevents the S0 bus from being disabled, or it prevents a reactivation after a successful
deactivation.
5
This setting is particularly relevant if you are using a bus as a PCM sync source. If the bus is disabled, you will
lose the PCM clock.
Telnet path:
Setup > Interfaces
648
Menu Reference
2 Setup
Possible values:
Disabled
Sync source only
All TE interfaces
2.23.19 PCM-SYNC-SOURCE
PCM sync source sets the S0-bus used as a clock by the Call Manager.
5
This setting is relevant if you use a bus internally and the second bus is connected externally (e.g. to a connection
from the ISDN provider). In this case, you should use the external connection as the clock. With the setting Auto
the device selects the bus by itself.
Telnet path:
Setup > Interfaces
Possible values:
Auto
S0-1
2.23.20 WLAN
This menu contains the settings for wireless LAN networks
Telnet path:
Setup > Interfaces
2.23.20.1 Network
Here you can adjust further network settings for each logical wireless LAN network (MultiSSID) supported by your device.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.1.1 Ifc
Select from the logical WLAN interfaces.
Telnet path:
Setup > Interfaces > WLAN > Network
649
Menu Reference
2 Setup
2.23.20.1.2 Network name
Define a unique SSID (the network name) for each of the logical wireless LANs required. Only WLAN clients that have
the same SSID can register with this wireless network.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.23.20.1.4 Closed network
You can operate your wireless LAN either in public or private mode. A wireless LAN in public mode can be contacted by
any mobile station in the area. Your wireless LAN is put into private mode by activating the closed network function. In
this operation mode, mobile stations that do not know the network name (SSID) are excluded from taking part in the
wireless LAN.
With the closed-network mode activated, WLAN clients that use an empty SSID or the SSID "ANY" are prevented from
associating with your network.
5
Simply suppressing the SSID broadcast does not provide adequate protection: When legitimate WLAN clients
associate with the access point, this transmits the SSID in cleartext so that it is briefly visible to all clients in the
WLAN network.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
No
The access point publishes the SSID of the cell. When a client sends a probe request with an empty or
incorrect SSID, the access point responds with the SSID of the radio cell (public WLAN).
Yes
The access point does not publish the SSID of the cell. When a client sends a probe request with an
empty SSID, the device similarly responds with an empty SSID.
Tightened
The access point does not publish the SSID of the cell. When a client sends a probe request with a blank
or incorrect SSID, the device does not respond.
Default:
No
2.23.20.1.8 Operating
Switches the logical WLAN on or off separately.
650
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
Yes
No
Default:
Yes
2.23.20.1.9 MAC filter
The MAC addresses of the clients allowed to associate with an access point are stored in the MAC filter list. The MAC
filter switch allows the use of the MAC filter list to be switched off for individual logical networks.
5
Use of the MAC filter list is required for logical networks in which the clients register via LEPS with an individual
passphrase. The passphrase used by LEPS is also entered into the MAC filter list. The MAC filter list is always
consulted for registrations with an individual passphrase, even if this option is deactivated.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
Yes
No
Local only
RADIUS only
Default:
Yes
2.23.20.1.10 Max. stations
Here you set the maximum number of clients that may associate with this access point in this network. Additional clients
wanting to associate will be rejected.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
0 … 65535
Default:
0
651
Menu Reference
2 Setup
Special values:
0
Limitation switched off
2.23.20.1.11 Cl.-Brg.-Support
Whereas address adaptation allows only the MAC address of a single attached device to be visible to the access point,
client-bridge support provides transparency in that all MAC addresses of the LAN stations behind the client stations are
transferred to the access point.
Furthermore, the three MAC addresses usual in client mode are not used for this operating mode (in this example for
server, access point and client station), but rather four addresses as with point-to-point connections (the fourth is the
MAC address of the station in the LAN of the client station). The fully transparent connection of a LAN to the client
station allows targeted transmission of data packets in the WLAN and hence functions such as TFTP downloads, initiated
by a broadcast.
5
Client-bridge mode can only be used between two LANCOM devices.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
Yes
Activates client-bridge support for this logical WLAN.
No
Deactivates client-bridge support for this logical WLAN.
Exclusive
Only accepts clients that also support the client-bridge mode.
Default:
No
2.23.20.1.12 RADIUS accounting
Deactivates accounting via a RADIUS server for this network.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
No
Yes
Default:
No
652
Menu Reference
2 Setup
2.23.20.1.13 Inter-Station-Traffic
Depending on the application, it may be required that the WLAN clients connected to an access point can—or expressly
cannot—communicate with other clients. Individual settings can be made for every logical WLAN as to whether clients
in this SSID can exchange data with one another.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
No
Yes
Default:
Yes
2.23.20.1.14 APSD
Activates APSD power saving for this logical WLAN network.
5
Please note that in order for the APSD function to work in a logical WLAN, QoS must be activated on the device.
APSD uses mechanisms in QoS to optimize power consumption for the application.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
No
Yes
Default:
No
2.23.20.1.15 Aironet extensions
Activates Aironet extensions for this logical wireless LAN.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
No
Yes
Default:
Yes
653
Menu Reference
2 Setup
2.23.20.1.16 Aironet extensions
This value sets the threshold value in percent for the minimum signal strength for clients when logging on. If the client's
signal strength is below this value, the access point stops sending probe responses and discards the client's requests.
A client with poor signal strength will not detect the access point and cannot associate with it. This ensures that the
client has an optimized list of available access points, as those offering only a weak connection at the client's current
position are not listed.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
0 … 100
Default:
0
2.23.20.1.17 Include UUID
Here you can determine whether the corresponding radio module should transfer its UUID.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
No
Yes
Default:
Yes
2.23.20.1.19 Transmit-only-Unicasts
Multicast and broadcast transmissions within a WLAN cell cause a load on the bandwidth of the cell, especially since
the WLAN clients often do not know how to handle these transmissions. The access point already intercepts a large part
of the multicast and broadcast transmissions in the cell with ARP spoofing. With the restriction to unicast transmissions
it filters out unnecessary IPv4 broadcasts from the requests, such as Bonjour or NetBIOS.
The suppression of multicast and broadcast transmissions is also a requirement from the HotSpot 2.0 specification.
Telnet path:
Setup > Interfaces > WLAN > Network
654
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
No
2.23.20.1.20 Tx-Limit
With this setting, you define the overall bandwidth that is available for transmission within this SSID.
Telnet path:
Setup > Interfaces > WLAN
Possible values:
0 … 4294967295 kbps
Special values:
0
This value disables the limit.
Default:
0
2.23.20.1.21 Rx-Limit
With this setting, you define the overall bandwidth that is available for reception within this SSID.
Telnet path:
Setup > Interfaces > WLAN
Possible values:
0 … 4294967295 kbps
Special values:
0
This value disables the limit.
Default:
0
2.23.20.1.22 Accounting server
Using this parameter, you define a RADIUS accounting server for the corresponding logical WLAN interface.
Telnet path:
Setup > Interfaces > WLAN > Network
655
Menu Reference
2 Setup
Possible values:
Name from Setup > WLAN > RADIUS-Accounting > Server
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.23.20.1.23 Per-Client-Tx-Limit
Here, you set the transmit-direction bandwidth limit (in kbps) available to each wireless client on this SSID. A value of
0 disables the limit.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
Max. 10 characters from 0123456789
Default:
0
Special values:
0
Disables the limit.
2.23.20.1.24 Per-Client-Rx-Limit
Here, you set the receive-direction bandwidth limit (in kbps) available to each wireless client on this SSID. A value of 0
disables the limit.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
Max. 10 characters from 0123456789
Default:
0
Special values:
0
Disables the limit.
2.23.20.1.25 LBS-Tracking
This entry enables or disables the LBS tracking for this SSID.
656
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
No
LBS tracking is disabled.
Yes
LBS tracking is enabled.
2.23.20.1.26 LBS tracking list
With this entry, you set the list name for the LBS tracking. When a client successfully associates with this SSID, the AP
transfers the specified list name, the MAC address of the client, and its own MAC address to the LBS server.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
Name from Setup > WLAN > Network > LBS-Tracking
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.23.20.1.27 Accounting-Start-Condition
Use this entry to specify when the DHCP server reports the beginning of a billing period to a RADIUS accounting server.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
None
Accounting starts when the WLAN client takes on the status “Connected”.
Valid IP address
Accounting starts when the WLAN client receives a valid IP address (IPv4 or IPv6) from the DHCP server.
Valid IPv4 address
Accounting starts when the WLAN client receives a valid IPv4 address from the DHCP server.
Valid IPv6 address
Accounting starts when the WLAN client receives a valid IPv6 address from the DHCP server.
Default:
None
657
Menu Reference
2 Setup
2.23.20.1.28 Dyn-Auth
This entry enables or disables dynamic authorization by RADIUS CoA on the corresponding interface.
Telnet path:
Setup > Interfaces > WLAN > Network
Possible values:
No
Yes
Default:
No
2.23.20.2 Transmission
Here you can adjust further transmission settings for each logical wireless LAN network (MultiSSID) supported by your
device.
Telnet path:
Setup > Interfaces > WLAN
Possible values:
No
Yes
Default:
No
2.23.20.2.1 Ifc
Opens the settings for the available logical WLAN networks.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
No
Yes
Default:
No
658
Menu Reference
2 Setup
2.23.20.2.2 Packet size
Smaller data packets cause fewer transmission errors than larger packets, although the proportion of header information
in the traffic increases, leading to a drop in the effective network load. Increase the factory value only if your wireless
network is largely free from interference and very few transmission errors occur. Reduce the value to reduce the occurrence
of transmission errors.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
500 … 1600 Even values only
Default:
1600
2.23.20.2.3 Min-Tx-Rate
Normally the access point negotiates the data transmission speeds continuously and dynamically with the connected
WLAN clients. The access point adjusts the transmission speeds to the reception conditions. As an alternative, you can
set fixed values for the minimum transmission speed if you wish to prevent the dynamic speed adjustment.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
Auto
1M
2M
5.5M
11M
6M
9M
12M
18M
24M
36M
48M
54M
Default:
Auto
2.23.20.2.4 Basic rate
The basic rate is the transmission rate with which the device sends all multicast and broadcast packets.
The basic rate set here should allow the slowest clients to connect to the WLAN even under poor reception conditions.
A higher value should only be set here if all clients in this logical WLAN can be reached at this speed.
659
Menu Reference
2 Setup
If you choose "Auto", the device automatically adapts to the transmission rate of the slowest WLAN client on your
network.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
Auto
1M
2M
5.5M
11M
6M
9M
12M
18M
24M
36M
48M
54M
Default:
2M
2.23.20.2.6 RTS-Threshold
The RTS threshold uses the RTS/CTS protocol to prevent the occurrence of the "hidden station“ phenomenon.
A collision between the very short RTS packets is improbable, although the use of RTS/CTS leads to an increase in
overhead. The use of this procedure is only worthwhile where long data packets are being used and the risk of collision
is higher. The RTS threshold is used to define the minimum packet length for the use of RTS/CTS. The best value can be
found using trial and error tests on location.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
512 … 2347
Default:
2347
2.23.20.2.7 11b-Preamble
Normally, the clients in 802.11b mode negotiate the length of the preamble with the access point. "Long preamble"
should only be set when the clients require this setting to be fixed.
Telnet path:
Setup > Interfaces > WLAN > Transmission
660
Menu Reference
2 Setup
Possible values:
Auto
Long
Default:
Auto
2.23.20.2.9 Max-Tx-Rate
Normally the access point negotiates the data transmission speeds continuously and dynamically with the connected
WLAN clients. The access point adjusts the transmission speeds to the reception conditions. As an alternative, you can
set fixed value for the maximum transmission speed if you wish to prevent the dynamic speed adjustment.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
Auto
1M
2M
5.5M
11M
6M
9M
12M
18M
24M
36M
48M
54M
Default:
Auto
2.23.20.2.10 Min.-Frag.-Length
Packet fragment length below which fragments are dropped.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
0 … 2347
Default:
16
661
Menu Reference
2 Setup
2.23.20.2.11 Soft-Retries
If the hardware was unable to send a packet, the number of soft retries defines how often the system should attempt
retransmission.
The total number of attempts is thus (soft retries + 1) * hard retries.
The advantage of using soft retries at the expense of hard retries is that the rate-adaption algorithm immediately begins
the next series of hard retries with a lower data rate.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
0 … 999
Default:
0
2.23.20.2.12 Hard-Retries
This value defines the number of times that the hardware should attempt to send packets before a Tx error message is
issued. Smaller values mean that a packet which cannot be sent blocks the sender for less time.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
0 … 15
Default:
10
2.23.20.2.13 Short guard interval
The default setting automatically optimizes the value for guard interval. If the momentary operating conditions allow,
the interval will be set to the shortest possible value.
You also have the option is deactivating this mechanism to prevent the short-guard interval from being used.
Put simply, the guard interval reduces the signal distortion caused by intersymbol interference (ISI) when using signal
multiplexing (OFDM).
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
Auto
No
Default:
Auto
662
Menu Reference
2 Setup
2.23.20.2.14 Max.-Spatial-Steams
Spatial streams add a third dimension to the frequency-time matrix available to radio communications: Space. An array
of multiple antennas provides the receiver with spatial information that enables the use of spatial multiplexing, a technique
that increases transmission rates. This involves the parallel transmission of multiple data streams over a single radio
channel. Multiple transmitter and receiver antennas can be operated at the same time. This leads to a significant increase
in the performance of the radio system.
The default setting allows settings for the spatial streams to be made automatically to make optimal use of the radio
system.
You also have the option of limiting the spatial streams to one or two to reduce the load on the radio system.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
Auto
One
Two
Default:
Auto
2.23.20.2.15 Send-Aggregates
The settings for frame aggregation are located here. Frame aggregation is an official standard and, according to the
802.11n standard, it is intended to be vendor-independent. It is comparable to the long-existing burst mode.
With frame aggregation for WLAN, the frame is enlarged so that multiple Ethernet packets fit into it. This method shortens
the waiting time between data packets and increases throughput. The overhead is reduced to release capacity for
transmitting data.
However, the increasing length of the frames increases the likelihood that radio interference will make it necessary to
retransmit packets. Furthermore, other stations must wait longer for a channel to become available, and they have to
collect several data packets for transmission all at once. By default, frame aggregation is activated. This makes sense if
you want to increase the throughput for this station and others on this medium are not important.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
No
Yes
Default:
Yes
663
Menu Reference
2 Setup
2.23.20.2.16 Min.-HT-MCS
MCS (Modulation Coding Scheme) automatically adapts transmission speeds. In the 802.11n standard it defines a number
of variables that specify the number of spatial streams, the modulation and the data rate of each data stream, among
others.
In the default setting the station automatically selects the best possible MCS for each stream, based on the conditions
of each channel. If interference arises during operation and the channel conditions change, for example due to movement
of the transmitter or signal deterioration, the MCS is dynamically adjusted to suit the new conditions.
You also have the option of setting the MCS to a constant value. This may facilitate testing, or it may be useful in
particularly dynamic environments to avoid unnecessary parameterizing where an optimal value simply cannot be
expected.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
Auto
MCS 0/8
MCS 1/9
MCS 2/10
MCS 3/11
MCS 4/12
MCS 5/13
MCS 6/14
MCS 7/15
Default:
Auto
2.23.20.2.17 Max.-HT-MCS
MCS (Modulation Coding Scheme) automatically adapts transmission speeds. In the 802.11n standard it defines a number
of variables that specify the number of spatial streams, the modulation and the data rate of each data stream, among
others.
In the default setting the station automatically selects the best possible MCS for each stream, based on the conditions
of each channel. If interference arises during operation and the channel conditions change, for example due to movement
of the transmitter or signal deterioration, the MCS is dynamically adjusted to suit the new conditions.
You also have the option of setting the MCS to a constant value. This may facilitate testing, or it may be useful in
particularly dynamic environments to avoid unnecessary parameterizing where an optimal value simply cannot be
expected.
Telnet path:
Setup > Interfaces > WLAN > Transmission
664
Menu Reference
2 Setup
Possible values:
Auto
MCS 0/8
MCS 1/9
MCS 2/10
MCS 3/11
MCS 4/12
MCS 5/13
MCS 6/14
MCS 7/15
Default:
Auto
2.23.20.2.18 Min.-Spatial-Steams
Spatial streams add a third dimension to the frequency-time matrix available to radio communications: Space. An array
of multiple antennas provides the receiver with spatial information that enables the use of spatial multiplexing, a technique
that increases transmission rates. This involves the parallel transmission of multiple data streams over a single radio
channel. Multiple transmitter and receiver antennas can be operated at the same time. This leads to a significant increase
in the performance of the radio system.
The default setting allows settings for the spatial streams to be made automatically to make optimal use of the radio
system.
You also have the option of limiting the spatial streams to one or two to reduce the load on the radio system.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
Auto
One
Two
Default:
Auto
2.23.20.2.19 EAPOL-Rate
Set the data rate for EAPOL transmission here.
5
The value "Like-Data" transmits the EAPOL data at the same rate as payload data.
Telnet path:
Setup > Interfaces > WLAN > Transmission
665
Menu Reference
2 Setup
Possible values:
Like-Data
1M
2M
5.5M
11M
6M
9M
12M
18M
24M
36M
48M
54M
T-12M
T-18M
T-36M
T-48M
T-72M
T-96M
T-108M
Default:
Like-Data
2.23.20.2.20 Max.-Aggr.-Packet-Count
This parameter defines the maximum number of packets that may be packed into an aggregate. Aggregation in IEEE
802.11n WLAN transmissions combines multiple data packets into one large packet, so reducing the overhead and
speeding up the transmission.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
Max. 2 characters from [0-9]
Default:
16
2.23.20.2.21 ProbeRsp-Retries
This is the number of hard retries for probe responses, i.e. messages sent from an access point in answer to a probe
request from a client.
Telnet path:
Setup > Interfaces > WLAN > Transmission
666
Menu Reference
2 Setup
Possible values:
0 … 15
Default:
3
2.23.20.2.22 Receive-Aggregates
With this setting you allow or prohibit the reception of aggregated (compiled) data packets (frames) on this interface.
Frame aggregation is used to combine several data packets (frames) into one large packet and transmit them together.
This method serves to reduce the packet overhead, and the data throughput increases.
Frame aggregation is not suitable when working with mobile receivers or time-critical data transmissions such as voice
over IP.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
No
Yes
Default:
Yes
2.23.20.2.23 Use-STBC
Here you activate the use of STBC for data transfer per logical network (SSID).
5
If the WLAN chipset does not support STBC, you cannot set this value to Yes.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
No
If the WLAN chipset does not support STBC.
Yes
If the WLAN chipset supports STBC.
Default:
No
Yes
667
Menu Reference
2 Setup
2.23.20.2.24 Use-LDPC
Here you activate the use of LDPC for data transfer per logical network (SSID).
5
If the WLAN chipset does not support STBC, you cannot set this value to Yes.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
No
If the WLAN chipset does not support STBC.
Yes
If the WLAN chipset supports STBC.
Default:
No
Yes
2.23.20.2.25 Convert-to-Unicast
This parameter is used to specify which type of data packets sent in a WLAN as a broadcast are automatically converted
into unicast by the device.
Telnet path:
Setup > Interfaces > WLAN > Transmission
Possible values:
None
DHCP
Response messages sent from the DHCP server as a broadcast are converted into unicasts. This form of
message delivery is more reliable because data packets sent as a broadcast have no specific addressee,
they do not use optimized transmission techniques such as ARP spoofing or IGMP/MLD snooping, and
they have a low data rate.
Default:
DHCP
2.23.20.3 Encryption
Here you can adjust the encryption settings for each logical wireless LAN network (MultiSSID).
Telnet path:
Setup > Interfaces > WLAN
668
Menu Reference
2 Setup
2.23.20.3.1 Ifc
Opens the WPA/WEP settings for the available logical WLAN networks.
Telnet path:
Setup > Interfaces > WLAN > Encryption
2.23.20.3.2 Encryption
Activates the encryption for this logical WLAN.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
No
Yes
Default:
Yes
2.23.20.3.3 Default-Key
Selects the WEP key to be used for encrypting packets sent by this logical WLAN.
5
Key 1 only applies for the current logical WLAN, keys 2 to 4 are valid as group keys for all logical WLANs with
the same physical interface.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
1…4
Default:
1
2.23.20.3.4 Method
Selects the encryption method and, for WEP, the key length that is to be used to encrypt data packets on the WLAN.
5
Please consider that not all wireless cards support all encryption methods.
Telnet path:
Setup > Interfaces > WLAN > Encryption
669
Menu Reference
2 Setup
Possible values:
802-11i-(WPA)-PSK
WEP-128 (104 bit)
WEP-64 (40 bit)
802-11i-(WPA)-802.1x
WEP-156 (128 bit)-802.1x
WEP-128 (104 bit)-802.1x
WEP-64 (40 bit)-802.1x
Default:
WEP-128 (104 bit)
2.23.20.3.5 Authentication
The encryption method can be selected when using WEP.
5
For reasons of security we recommend that you use the open system authentication procedure.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
Open-System
For the Open System authentication procedure, all clients are accepted. There is no authentication. The
WLAN clients must always transmit correctly encrypted data for this to be forwarded by the base station.
Shared-Key
With the shared key authentication procedure, authentication requires that the WLAN client initially
responds by returning a correctly encrypted data packet. Only if this succeeds will the encrypted data
from the client be accepted and forwarded. However, this method presents an attacker with a data
packet in its encrypted and unencrypted form, so providing the basis for an attack on the key itself.
Default:
Open-System
2.23.20.3.6 Key
You can enter the key or passphrase as an ASCII character string. An option for WEP is to enter a hexadecimal number
by adding a leading "0x".
5
5
When using 802.1x in AP mode, the name entered here refers to the RADIUS server.
When using 802.1x in client mode and PEAP or TTLS as the client EAP method, the credentials (user:password)
are saved here.
The following lengths result for the formats used:
670
Menu Reference
2 Setup
WPA-PSK
8 to 63 ASCII characters
WEP152 (128 bit)
16 ASCII or 32 hex characters
WEP128 (104 bit)
13 ASCII or 26 hex characters
WEP64 (40 bit)
5 ASCII or 10 hex characters
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
Max. 63 characters from [A-F][a-f][0-9]
Default:
empty
2.23.20.3.9 WPA-Version
Data in this logical WLAN will be encrypted with this WPA version.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
WPA1
WPA2
WPA1/2
Default:
WPA1/2
2.23.20.3.10 Client EAP method
LANCOM wireless routers and access points in WLAN client operating mode can authenticate themselves to another
access point using EAP/802.1X. To activate the EAP/802.1X authentication in client mode, the client EAP method is
selected as the encryption method for the first logical WLAN network.
Please note that the selected client EAP method must match the settings of the access point that this access point is
attempting to register with.
5
In addition to setting the client EAP method, also be sure to observe the corresponding setting for the WLAN
client operation mode.
671
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
TLS
TTLS/PAP
TTLS/CHAP
TTLS/MSCHAP
TTLS/MSCHAPv2
TTLS/MD5
PEAP/MSCHAPv2
Default:
TLS
2.23.20.3.11 WPA-Rekeying-Cycle
Defines how often a WPA key handshake will be retried during an existing connection (rekeying)
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
0 … 4294967295 Seconds
Default:
0
Special values:
0
Rekeying deactivated
2.23.20.3.12 WPA1-Session-Keytypes
Here you select the methods which are to be made available for generating WPA session keys and group key. There is
a choice of the Temporal Key Integrity Protocol (TKIP), the Advanced Encryption Standard (AES), or both.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
TKIP
AES
TKIP/AES
Default:
TKIP
672
Menu Reference
2 Setup
2.23.20.3.13 WPA2-Session-Keytypes
Here you select the methods which are to be made available for generating WPA session keys and group key. There is
a choice of the Temporal Key Integrity Protocol (TKIP), the Advanced Encryption Standard (AES), or both.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
TKIP
AES
TKIP/AES
Default:
AES
2.23.20.3.14 Prot.-Mgmt-Frames
By default, the management information transmitted on a WLAN for establishing and operating data connections
is unencrypted. Anybody within a WLAN cell can receive this information, even those who are not associated with an
access point. Although this does not entail any risk for encrypted data connections, the injection of fake management
information could severely disturb the communications within a WLAN cell.
The IEEE 802.11w standard encrypts this management information, meaning that potential attackers can no longer
interfere with the communications without the corresponding key.
Here you can specify whether the corresponding WLAN interface supports protected management frames (PMF) as per
IEEE 802.11w.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
No
The WLAN interface does not support PMF. The WLAN management frames are not encrypted.
Mandatory
The WLAN interface supports PMF. The WLAN management frames are always encrypted. It is not
possible to connect with WLAN clients that do not support PMF.
Optional
The WLAN interface supports PMF. Depending on the WLAN client's PMF support, the WLAN management
frames are either encrypted or unencrypted.
Default:
No
673
Menu Reference
2 Setup
2.23.20.3.15 PMK caching
Here you select the methods which are to be made available for generating WPA session keys and group key. There is
a choice of the Temporal Key Integrity Protocol (TKIP), the Advanced Encryption Standard (AES), or both.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
No
Yes
Default:
No
2.23.20.3.16 Pre-Authentication
Enables pre-authentication support for the corresponding WLAN.
5
In order to be able to use pre-authentication, PMK caching must be enabled.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
No
Yes
Default:
No
2.23.20.3.17 OKC
This option enables or disables the opportunistic key caching (OKC).
The device uses this value only if the interface works in client mode. The interface is in AP mode, the enabling or disabling
of OKC is only possible by means of profile management with a WLC.
In the PMK caching status under Status > WLAN > PMK-Caching > Contents, OKC PMKs can be identified by the
authenticator address ff:ff:ff:ff:ff:n, where n is the assigned profile number (e.g. 0 for “WLAN-1”, 1 for
“WLAN1-2”, etc.).
Telnet path:
Setup > Interfaces > WLAN > Encryption
674
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
Yes
2.23.20.3.19 WPA2 key management
You configure the WPA2 key management with these options.
5
Although it is possible to make multiple selections, this is advisable only if you are sure that the clients attempting
to login to the access point are compatible. Unsuitable clients may refuse a connection if an option other than
Standard is enabled.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
Fast roaming
Enables fast roaming as per 802.11r
SHA256
Enables key management according to the IEEE 802.11w standard with keys based on SHA-256.
Standard
Enables key management according to the IEEE 802.11i standard without Fast Roaming and with keys
based on SHA-1. Depending on the configuration, the WLAN clients in this case must use opportunistic
key caching, PMK caching or pre-authentication.
Default:
Standard
2.23.20.3.20 PMK-IAPP-Secret
Networked APs exchange data about associated WLAN clients by means of the IAPP, so ensuring that the WLAN clients
can roam securely in controller-less WLAN networks that are managed by the LANCOM LSR.
The AP uses this passphrase to encrypt the PMK and to calculate the mobility domain of the respective WLAN client.
Any value other than 0 automatically triggers an exchange of the master secrets between the relevant APs.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
Max. 64 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
675
Menu Reference
2 Setup
Default:
empty
Special values:
empty
OKC via IAPP is disabled.
2.23.20.3.21 RADIUS profile
If you are operating an authentication method based on the IEEE 802.1X standard, you specify the profile of a RADIUS
server here.
Telnet path:
Setup > Interfaces > WLAN > Encryption
Possible values:
Max. 16 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.23.20.4 Group key
This is where you can specify for each physical wireless LAN interface those WEP group keys 2 to 4, that are used there
by the logical wireless LAN networks in common.
5
If 802.1x/EAP is activated, the group encryption keys are used by 802.1x/EAP and are thus no longer available
for WEP encryption.
Telnet path:
Setup > Interfaces > WLAN
Possible values:
No
Yes
Default:
No
2.23.20.4.1 Ifc
Opens the WEP group keys for the available physical WLAN interfaces.
Telnet path:
Setup > Interfaces > WLAN > Group-Encryption-Keys
676
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
No
2.23.20.4.3 Key-2
WEP group key 2.
You can enter the key as an ASCII character string or as a hexadecimal number (with a leading "0x").
Telnet path:
Setup > Interfaces > WLAN > Group-Encryption-Keys
Possible values:
WEP152 (128 bit)
16 ASCII or 32 hex characters
WEP128 (104 bit)
13 ASCII or 26 hex characters
WEP64 (40 bit)
5 ASCII or 10 hex characters
2.23.20.4.4 Key-3
WEP group key 3.
You can enter the key as an ASCII character string or as a hexadecimal number (with a leading "0x").
Telnet path:
Setup > Interfaces > WLAN > Group-Encryption-Keys
Possible values:
WEP152 (128 bit)
16 ASCII or 32 hex characters
WEP128 (104 bit)
13 ASCII or 26 hex characters
WEP64 (40 bit)
5 ASCII or 10 hex characters
2.23.20.4.5 Key-4
WEP group key 4.
677
Menu Reference
2 Setup
You can enter the key as an ASCII character string or as a hexadecimal number (with a leading "0x").
Telnet path:
Setup > Interfaces > WLAN > Group-Encryption-Keys
Possible values:
WEP152 (128 bit)
16 ASCII or 32 hex characters
WEP128 (104 bit)
13 ASCII or 26 hex characters
WEP64 (40 bit)
5 ASCII or 10 hex characters
2.23.20.4.7 Keytype-2
Select the key length to be used for the WEP group encryption key 2.
Telnet path:
Setup > Interfaces > WLAN > Group-Encryption-Keys
Possible values:
WEP-156 (128 bit)
WEP128 (104 bit)
WEP64 (40 bit)
Default:
WEP64 (40 bit)
2.23.20.4.8 Keytype-3
Select the key length to be used for the WEP group encryption key 3.
Telnet path:
Setup > Interfaces > WLAN > Group-Encryption-Keys
Possible values:
WEP-156 (128 bit)
WEP128 (104 bit)
WEP64 (40 bit)
Default:
WEP64 (40 bit)
678
Menu Reference
2 Setup
2.23.20.4.9 Keytype-4
Select the key length to be used for the WEP group encryption key 4.
Telnet path:
Setup > Interfaces > WLAN > Group-Encryption-Keys
Possible values:
WEP-156 (128 bit)
WEP128 (104 bit)
WEP64 (40 bit)
Default:
WEP64 (40 bit)
2.23.20.5 Interpoint settings
Here you can specify important parameters for the communication between and the behavior of base stations.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.5.1 Ifc
Opens the settings for the available physical WLAN interfaces.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Settings
2.23.20.5.2 Enable
The behavior of an access point when exchanging data with other access points is defined in the "Point-to-point operation
mode".
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Settings
Possible values:
No
The access point only communicates with mobile clients.
Yes
The access point communicates with other access points and with mobile clients.
Exclusive
The access point only communicates with other base stations.
679
Menu Reference
2 Setup
Default:
No
2.23.20.5.9 Isolated mode
Allows or prohibits the transmission of packets between P2P links on the same WLAN interface (compatibility setting
for LCOS versions prior to version 2.70).
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Settings
Possible values:
No
Yes
Default:
No
2.23.20.5.10 Channel selection scheme
In the 5-GHz band, the automatic search for vacant WLAN channels can lead to several simultaneous test transmissions
from multiple access points, with the result that they do not find each other. This stalemate situation can be avoided
with the appropriate "Channel selection scheme".
Thus it is recommended for the 5GHz band that one central access point should be configured as "Master" and all other
point-to-point partners should be configured as "Slave". In the 2.4GHz band, too, this setting simplifies the establishment
of point-to-point connections if the automatic channel search is activated.
5
It is imperative that the channel selection scheme is configured correctly if the point-to-point connections are to
be encrypted with 802.11i/WPA.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Settings
Possible values:
Master
This access point makes the decisions when selecting a free WLAN channel.
Slave
All other access points will keep searching until they find a transmitting Master.
Default:
Master
680
Menu Reference
2 Setup
2.23.20.5.11 Link-Loss-Timeout
Time in seconds after which a (DFS) slave considers the link to the master to be lost if no beacons have been received.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Settings
Possible values:
0 … 4294967295 Seconds
Default:
10
2.23.20.5.12 Key-Handshake-Role
Specifies whether this party should act as authenticator or supplicant when WPA is being used. In default mode, the
authenticator is the master of a link, in auto mode the authenticator is the device with the lower MAC address.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Settings
Possible values:
Default
Auto
Default:
Default
2.23.20.5.13 Local name
For this physical WLAN interface, enter a name which is unique in the WLAN: This name can be used by other WLAN
devices to connect this base station over point-to-point.
You can leave this field empty if the device has only one WLAN interface and already has a device name which is unique
in the WLAN, or if the other base stations identify this interface by means of the WLAN adapter's MAC address.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Settings
Possible values:
Max. 24 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
681
Menu Reference
2 Setup
2.23.20.5.14 Remote-Status-Reporting
This parameter enables the device to inform its P2P partner whether the signal it is receiving has the required signal
strength. This parameter is only relevant if you have defined signal thresholds a P2P link.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Settings
Possible values:
No
Yes
Default:
No
2.23.20.5.15 Network name
Enter a unique name for the network where this WLAN interface is located.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Settings
Possible values:
Max. 32 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.23.20.6 Client modes
If you operate your device in client mode, you can make detailed settings on its behavior here.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.6.1 Ifc
Opens the settings for the available physical WLAN interfaces.
Telnet path:
Setup > Interfaces > WLAN > Client-Modes
682
Menu Reference
2 Setup
2.23.20.6.3 Connection keepalive
This option ensures that the client station keeps the connection to the access point alive even if the connected devices
are not exchanging any data packets. If this option is disabled, the client station is automatically logged off the wireless
network if no packets are transferred over the WLAN connection within a specified time.
Telnet path:
Setup > Interfaces > WLAN > Client-Modes
Possible values:
No
Yes
Default:
Yes
2.23.20.6.4 Network types
"Network types" specifies whether the station can only register with infrastructure networks or with adhoc networks as
well.
Telnet path:
Setup > Interfaces > WLAN > Client-Modes
Possible values:
Infrastructure
Adhoc
Default:
Infrastructure
2.23.20.6.5 Scan bands
This defines whether the client station scans just the 2.4 GHz, just the 5 GHz, or all of the available bands for access
points.
Telnet path:
Setup > Interfaces > WLAN > Client-Modes
683
Menu Reference
2 Setup
Possible values:
2.4/5 GHz
2.4 GHz
5 GHz
2.4GHz/5GHz
Default:
2.4/5 GHz
2.23.20.6.6 Preferred BSS
If the client station is to log onto one particular access point only, the MAC address of the WLAN card in this access
point can be entered here.
Telnet path:
Setup > Interfaces > WLAN > Client-Modes
Possible values:
Max. 16 characters from [A-F][a-f][0-9]-:.
Default:
000000000000
2.23.20.6.7 Address adaptation
In client mode, the client station normally replaces the MAC addresses in data packets from the devices connected to it
with its own MAC address. The access point at the other end of the connection only ever "sees" the MAC address of the
client station, not the MAC address of the computer(s) connected to it.
In some installations it may be desirable for the MAC address of a computer to be transmitted to the access point and
not the MAC address of the client station. The option Address adaptation prevents the MAC address from being
replaced by the client station. Data packets are transferred with their original MAC addresses.
5
Address adaptation only works when just one computer is connected to the client station.
Telnet path:
Setup > Interfaces > WLAN > Client-Modes
Possible values:
No
Yes
Default:
No
684
Menu Reference
2 Setup
2.23.20.6.12 Selection preference
Here you select how this interface is to be used.
Telnet path:
Setup > Interfaces > WLAN > Client-Modes
Possible values:
Signal strength
Selects the profile for the WLAN offering the strongest signal. This setting causes the WLAN module in
client mode to automatically switch to a different WLAN as soon as it offers a stronger signal.
Profile
Selects the profile for available WLANs in the order that they have been defined (WLAN index, e.g.
WLAN-1, WLAN-2, etc.), even if another WLAN offers a stronger signal. In this setting, the WLAN module
in client mode automatically switches to a different WLAN as soon as a WLAN with a lower WLAN index
is detected (irrespective of signal strengths).
Default:
Signal strength
2.23.20.6.13 Send-Deauth-upon
This parameter specifies the cases in which a device acting as a WLAN client is able to explicitly log-off from the AP.
Telnet path:
Setup > Interfaces > WLAN > Client-Modes
Possible values:
Deactivation
Log-off on deactivation of the WLAN
Default:
Deactivation
2.23.20.7 Operational
In the operational settings you can set basic parameters for operating your WLAN interface.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.7.1 Ifc
Opens the settings for the physical WLAN interface.
685
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Operational
Possible values:
WLAN-1
WLAN-2
2.23.20.7.2 Operating
Switches the physical WLAN interface on or off separately.
Telnet path:
Setup > Interfaces > WLAN > Operational
Possible values:
Yes
No
Default:
No
2.23.20.7.3 Operation mode
LANCOMDevices are able to operate in various operating modes:
Telnet path:
Setup > Interfaces > WLAN > Operational
Possible values:
Access point
As a base station (access point), the device makes the link between WLAN clients and the cabled LAN.
Managed AP
As a managed access point, the device searches for a central WLAN Controller from which it can obtain
a configuration.
Station
In station (client) mode, the device itself locates the connection to another access point and attempts
to register with a wireless network. In this case the device serves to connect a wired device to a base
station over a point-to-point link.
Probe
In "Probe" mode, the spectral scan uses the radio module of the access point. The device cannot transmit
or receive data in this mode. On startup of the spectral scan, the device automatically switches to "Probe"
mode so that this setting need not be configured manually.
Default:
Access point
686
Menu Reference
2 Setup
2.23.20.7.4 Operation mode
When setting up point-to-point connections or operating the device as a WLAN client, the best possible positioning of
the antennas is facilitated if the signal strength can be recognized at different positions. The WLAN link LED can be used
for displaying the signal quality during the set-up phase. In the corresponding operating mode, the WLAN link LED blinks
faster with better reception quality.
Telnet path:
Setup > Interfaces > WLAN > Operational
Possible values:
Connection count
In this operation mode, the LED uses "inverse flashing" in order to display the number of WLAN clients
that are logged on to this access point as clients. There is a short pause after the number of flashes for
each client. Select this operation mode when you are operating the device in access point mode.
Client signal strength
In this operation mode, this LED displays the signal strength of the access point with which the device
has registered itself as a client. The faster the LED blinks, the better the signal. Select this operation
mode only if you are operating the device in client mode.
P2P1 to P2P6 signal strength
In this operation mode, the LED displays the signal strength of respective P2P partner with which the
device forms a P2P path. The faster the LED blinks, the better the signal.
Default:
Connection count
2.23.20.7.5 Broken-Link-Detection
When an access point is not connected to the cabled LAN, it is normally unable to fulfill its primary task, namely the
authorization of WLAN clients for access to the LAN. The broken-link detection function allows a device's WLAN to be
disabled if the connection to the LAN should fail. Clients associated with that access point are then able to login to a
different one (even if it has a weaker signal).
Until LCOS version 7.80, broken-link detection always applied to LAN-1, even if the device was equipped with multiple
LAN interfaces. Furthermore, deactivation affected all of the WLAN modules in the device. With LCOS version 7.82,
broken-link detection could be bound to a specific LAN interface.
This function allows the WLAN modules in a device to be disabled if the allocated LAN interface has no connection to
the LAN.
5
5
The interface names LAN-1 to LAN-n represent the logical LAN interfaces. To make use of this function, the
physical Ethernet ports on the device must be set with the corresponding values LAN-1 to LAN-n.
Broken-link detection can also be used for WLAN devices operating in WLAN client mode. With broken-link
detection activated, the WLAN modules of a WLAN client are only activated when a connection exists between
the relevant LAN interfaces and the cabled LAN.
Telnet path:
Setup > Interfaces > WLAN > Operational
687
Menu Reference
2 Setup
Possible values:
No
Broken-link detection is disabled.
LAN-1 to LAN-n (depending on the LAN interfaces available in the device)
All of the WLAN modules in the device will be deactivated if the LAN interface set here should lose its
connection to the cabled LAN.
Default:
No
2.23.20.8 Radio settings
Here you can adjust settings that regulate the physical transmission and reception over your WLAN interface.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.8.1 Ifc
Opens the settings for the available physical WLAN interfaces.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
2.23.20.8.2 TX power reduction
In contrast to antenna gain, the entry in the field '"x power reduction" causes a static reduction in the power by the
value entered, and ignores the other parameters.
5
The transmission power reduction simply reduces the emitted power. The reception sensitivity (reception antenna
gain) remains unaffected. This option is useful, for example, where large distances have to be bridged by radio
when using shorter cables. The reception antenna gain can be increased without exceeding the legal limits on
transmission power. This leads to an improvement in the maximum possible range and, in particular, the highest
possible data transfer rates.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
0 … 999
Default:
0
688
Menu Reference
2 Setup
2.23.20.8.3 5-GHz mode
Using two neighboring, vacant channels for wireless transmissions can increase the transfer speeds in Turbo Mode up
to 108 Mbps.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Auto
Normal
5
This setting is only available for devices that support DFS2 or DFS3.
11an mixed
Greenfield
Default:
Auto
2.23.20.8.4 Maximum distance
The run-time over large distances between transmitter and receiver give rise to increasing delays for the data packets.
If a certain limit is exceeded, the responses to transmitted packets no longer arrive within a given time limit. The entry
for maximum distance increases the wait time for the responses. This distance is converted into a delay as required by
the data packets for wireless communications.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
0 … 65535 Kilometers
Default:
10
2.23.20.8.6 Band
Selecting the frequency band determines whether the wireless LAN adapter operates in the 2.4 GHz or 5 GHz band,
which in turn determines the available radio channels.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
689
Menu Reference
2 Setup
Possible values:
2.4 GHz
5 GHz
Default:
2.4 GHz
2.23.20.8.7 Subbands
In the 5-GHz band, it is also possible to select a subband, which is linked to certain radio channels and maximum
transmission powers.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Band-1
Band-2
Band-3
Band-1+2
Band-1+3
Band-2+3
Band-1+2+3
Default:
Band-1
2.23.20.8.8 Radio channel
The radio channel selects a portion of the conceivable frequency band for data transfer.
5
In the 2.4-GHz band, two separate wireless networks must be at least three channels apart to avoid interference.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Max. 3 characters from [0-9]
Default:
11
690
Menu Reference
2 Setup
2.23.20.8.9 2.4-GHz mode
In the 2.4 GHz band, there are two different wireless standards: The IEEE 802.11b standard with a transmission speed
of up to 11 Mbps and the IEEE 802.11g standard offering up to 54 Mbps. If 2.4 GHz is selected as the operating frequency,
the transmission speed can be selected in addition.
The 802.11g/b compatibility mode offers the highest possible speeds and yet also offers the 802.11b standard so that
slower clients are not excluded. In this mode, the WLAN card in the access point principally works with the faster standard
and falls back on the slower mode should a client of this type log into the WLAN. In the "2Mbit compatible" mode, the
access point supports older 802.11b cards with a maximum transmission speed of 2 Mbps.
5
Please observe that clients supporting only the slower standards may not be able to register with the WLAN if
the speeds set here are higher.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Auto
802.11g/b mixed
802.11g/b 2-Mbit compatible
802.11b (11 Mbit)
802.11g (54 Mbit)
802.11g (108 Mbit)
Default:
Auto
2.23.20.8.10 AP density
The more access points there are in a given area, the more the reception areas of the antennae intersect. The setting
"Access point density" can be used to reduce the reception sensitivity of the antenna.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Low
Medium
High
Minicell
Microcell
Off
Default:
Low
691
Menu Reference
2 Setup
2.23.20.8.12 Antenna gain
This item allows you to specify the antenna gain factor (in dBi) minus attenuation of the cable and (if applicable) lightning
protection. Based on this, and depending on the country where the system is operated and the frequency band, the base
station calculates the maximum permitted transmission power.
Transmission power can be reduced to a minimum of 0.5 dBm in the 2.4-GHz band and 6.5 dBm in the 5-GHz band.
This limits the maximum value that can be added to 17.5 dBi in the 2.4-GHz band and 11.5 dBi in the 5-GHz band.
Please ensure that your combination of antenna, cable and lightning-protection complies with the legal requirements
of the country where the system is operated.
The receiver's sensitivity is unaffected by this.
Example
AirLancer
O-18a
5
5
Antenna gain
18dBi
Cable attenuation
4dB
Value to be entered
18dBi - 4dB = 14dBi
The minimum of 6.5 dBm only applies to legacy abg radio modules with G-mode wireless LAN.
The current transmission power is displayed by the device's web interface or by telnet under Status > WLAN
statistics > WLAN parameters > Transmission power or with LANconfig under System information >
WLAN card > Transmission power.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Max. 4 characters from [0-9]
Default:
3
2.23.20.8.13 Channel list
This field specifies the subset of channels to be used for automatic channel selection or in client mode.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Max. 48 characters from [0-9],
Default:
empty
2.23.20.8.14 Background scan
In order to identify other access points within the device's local radio range, the device can record the beacons received
(management frames) and store them in the scan table. Since this recording occurs in the background in addition to the
access points' "normal" radio activity, it is called a "background scan".
692
Menu Reference
2 Setup
If a value is entered here, the device searches the frequencies in the active band that are currently not in use in cycles
within this interval in order to find available access points.
The background scan function is usually deployed for rogue AP detection for the device in access point mode. This scan
interval should correspond to the time span within which rogue access points should be recognized, e.g. 1 hour.
Conversely, for the device in client mode, the background scan function is generally used for improved mobile WLAN
client roaming. In order to achieve fast roaming, the scan time is limited here, for example, to 260 seconds.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
0 … 4294967295
Default:
0
Special values:
0
When the background scan time is "0" the background scanning function is deactivated.
2.23.20.8.15 DFS Rescan Hours
This parameter sets the hours (0-24) at which the device deletes the DFS database and performs a DFS rescan. The cron
command options can be used to define the hour: For example, 1,6,13 to force a DFS rescan at 01:00h, 06:00h or
13:00h, or 0-23/4 for a DFS scan between 0:00h and 23:00h every 4 hours.
During the DFS rescan, the AP scans for as long as it takes to find the configured minimum number of free channels.
You define the minimum number of free channels via the parameter 2.23.20.8.27 DFS-Rescan-Num-Channels on page
698. The device does not perform a DFS rescan If there has not yet been a forced change of channel and if at least the
minimum number of free channels were found during the last DFS scan.
4
The termination of a DFS scan requires that the device is set with the correct system time.
In some countries, the use of the DFS method for automatic channel selection is a legal requirement. With the DFS
method (Dynamic Frequency Selection) an AP automatically selects an unused frequency, for example, to avoid interference
from radar systems or to distribute WLAN devices as evenly as possible over the entire frequency band. When booting,
the device randomly selects a channel from those available (based on the regional settings, for example). The device
then checks whether there is a radar signal or another WLAN already on this channel. This scan procedure is repeated
until a sufficient number of channels has been found that are free of radar signals and with the lowest possible number
of other networks. The device then selects one of the free channels and observes it for 60 seconds to be sure there are
no radar signals. For this reason, data traffic may be interrupted for a period of 60 seconds while the frequencies are
scanned for a free channel.
By specifying certain times for the DFS rescan you reduce the chance of the 60-second scan occurring at an inappropriate
time.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Comma separated list. Max. 19 characters from
[A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
693
Menu Reference
2 Setup
Special values:
empty
The device only performs a DFS rescan when no further free channel is available. This is the case when
the number of channels determined during the initial DFS scan falls below the minimum number of free
channels.
Default:
empty
2.23.20.8.17 Antenna mask
Antenna grouping can be configured in order to optimize the gain from spacial multiplexing. By default the system
automatically selects the optimum grouping setting to match current conditions. You also have the possibility to set an
antenna group with a user-defined combination of antennas. The setting has an affect on radiation and reception
behavior of the radio system.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Auto
Antenna-1
Antenna-1+2
Antenna-1+3
Antenna-1+2+3
Off
Default:
Auto
2.23.20.8.18 Background-Scan-Unit
Unit for the definition of the background scan interval
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Seconds
Minutes
Hours
Days
Default:
Seconds
694
Menu Reference
2 Setup
2.23.20.8.19 Channel pairing
This value sets the channel pairs used by 11n devices in 40-MHz mode.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
11n-compliant
The device uses the channels as specified by 802.11n. Compared to the former proprietary channels
used in Turbo Mode, the 40-MHz channels have shifted by 20 MHz.
legacy-turbo-friendly
Only useful in outdoor environments to avoid overlapping with other 11a paths in turbo mode.
Hours
Days
Default:
11n-compliant
2.23.20.8.20 Preferred DFS scheme
In order to operate the WLAN device in accordance with current ETSI radio standards, select the corresponding standard
here.
5
When upgrading a LCOS version to a current radio standard, the previous setting is retained.
Telnet path:
Setup > Interfaces > WLAN > Radio settings > Preferred DFS scheme
Possible values:
EN 301 893-V1.3
EN 301 893-V1.5
EN 301 893-V1.6
EN 301 893-V1.7
Default:
EN 301 893-V1.7
2.23.20.8.21 CAC duration
Duration of the channel availability check. With this setting you specify how long (in seconds) a WLAN module operating
DFS carries out the initial check of the channels before it selects a radio channel and starts with the data transfer.
5
The duration of the channel availability check is regulated by the appropriate standards (e.g. in Europe by the
ETSI EN 301 893). Please observe the regulations valid for your country.
695
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
0 … 4294967295
Default:
60
2.23.20.8.22 Force-40MHz
Duration of the channel availability check. With this setting you specify how long (in seconds) a WLAN module operating
DFS carries out the initial check of the channels before it selects a radio channel and starts with the data transfer.
5
The duration of the channel availability check is regulated by the appropriate standards (e.g. in Europe by the
ETSI EN 301 893). Please observe the regulations valid for your country.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
No
Yes
Default:
No
2.23.20.8.23 Adaptive-Noise-Immunity
A wireless LAN can be subjected to interference from various sources. Devices such as microwave ovens or cordless
phones interfere with data transmission, and even the network devices themselves can emit interference and hinder
communications. Each type of interference has its own characteristics. Adaptive Noise Immunity (ANI) enables the access
point to use various error conditions to determine the best way to compensate for the interference. By automatically
increasing noise immunity, the size of the radio cell can be reduced to mitigate the impact of interference on the data
transfer.
The current values and any previous actions are to be found under Status > WLAN > Noise-Immunity.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
No
Yes
Default:
Yes
696
Menu Reference
2 Setup
2.23.20.8.24 Max.-Channel-Bandwidth
Specify the maximum frequency range in which the physical WLAN interface is able to modulate the data to be transmitted
onto the carrier signals (channel bandwidth).
In the setting Auto, the AP automatically adjusts the channel bandwidth to the optimum. You have also the option to
disable the automation and deliberately limit the bandwidth. The available values depend on the WLAN standards
supported by the device.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Auto
The AP automatically adjusts the channel bandwidth to the optimum. The AP allows the use of the
maximum available bandwidth, assuming that the current operating conditions allow this. Otherwise,
the AP limits channel bandwidth to 20MHz.
20MHz
The AP uses channels bundled at 20 MHz.
40MHz
The AP uses channels bundled at 40MHz.
80MHz
The AP uses channels bundled at 80MHz.
Default:
Auto
2.23.20.8.25 Allow-PHY-Restarts
With this parameter, you specify whether the device allows PHY restarts in order to receive processable information
despite overlapping signals.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
No
This setting prohibits PHY restarts. The WLAN module discards the overlapping data packets and requests
retransmission.
Yes
This setting allows PHY restarts. If two WLAN packets are received at the same time (overlap), the WLAN
module processes the one with the stronger signal.
Default:
Yes
697
Menu Reference
2 Setup
2.23.20.8.26 DFS-Rescan-Flush-Clear-Channels
With this parameter you specify whether, after a DFS rescan was completed, the physical WLAN interface deletes occupied
channels or saves them for subsequent DFS rescans.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
Yes
The physical WLAN interface deletes occupied channels after completing a DFS rescan so that they are
available again for a new DFS rescan.
No
The device saves occupied channels after completing a DFS rescan and so that the device immediately
skips them during a new DFS rescan.
Default:
No
2.23.20.8.27 DFS-Rescan-Num-Channels
This parameter specifies the minimum number of free channels that a DFS scan is required to find.
With the default value of 2 the AP continues to run a DFS scan until 2 free channels are available. If the AP recognizes
an active radar pattern during subsequent operations, at least one other free channel is available for the AP to switch
to directly.
5
If a high number of channels is specified, the initial DFS scan has to examine a large number of channels. Scanning
takes 60 seconds per channel. In this context please observe the information given under 2.23.20.8.15 DFS
Rescan Hours on page 693 .
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
0 … 4294967295
Special values:
0
This value disables the limit. The physical WLAN interface performs a DFS scan on all available channels.
Default:
2
2.23.20.8.28 Preferred 2.4 scheme
This parameter sets the version of the EN 300 328 standard operated by the device in the 2.4-GHz band.
698
Menu Reference
2 Setup
5
Should you carry out a firmware update, the current version is retained. New devices and devices subject to a
configuration reset operate version 1.8 by default.
Telnet path:
Setup > Interfaces > WLAN > Radio-settings
Possible values:
EN300328-V1.7
EN300328-V1.8
Default:
EN300328-V1.8
2.23.20.9 Services
Here you can set the parameters that influence the performance of your WLAN interface.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.9.1 Ifc
Opens the settings for the available physical WLAN interfaces.
Telnet path:
Setup > Interfaces > WLAN > Performance
2.23.20.9.2 Tx bursting
Enables/prevents packet bursting for increasing throughput. Bursting leads to less fairness on the medium.
Telnet path:
Setup > Interfaces > WLAN > Performance
Possible values:
Max. 5 characters from [0-9]
Default:
0
2.23.20.9.4 Fast frames
This entry contains the status values for Fast frames.
699
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Performance
2.23.20.9.5 QoS
With the extension to the 802.11 standard, 802.11e, Quality of Service can be provided for transfers via WLAN. Among
others, 802.11e supports the prioritization of certain data-packet types. This extension is an important basis for the use
of voice applications in WLANs (Voice over WLAN, VoWLAN). The WiFi alliance certifies products that support Quality
of Service according to 802.11e, and refer to WMM (WiFi Multimedia, formerly known as WME or Wireless Multimedia
Extension). WMM defines four categories (voice, video, best effort and background) which make up separate queues to
be used for prioritization. The 802.11e standard sets priorities by referring to the VLAN tags or, in the absence of these,
by the DiffServ fields of IP packets. Delay times (jitter) are kept below 2 milliseconds, a magnitude which is inaudible to
the human ear. 802.11e controls access to the transfer medium with EDCF, the Enhanced Distributed Coordination
Function.
5
Priorities can only be set if the WLAN client and the access point both support 802.11e or WMM, and also if the
applications are able to mark the data packets with the corresponding priorities.
Telnet path:
Setup > Interfaces > WLAN > Performance
Possible values:
No
Yes
Default:
No
2.23.20.9.6 Airtime-Fairness-Mode
Airtime Fairness is a feature that shares the available bandwidth fairly between all of the active clients. Especially
useful in high-density environments, it results in an improvement to WLAN performance. Airtime Fairness is activated
by default.
Telnet path:
Setup > Interfaces > WLAN > Performance
Possible values:
Round-Robin
Each client in turn receives a time slot for transmission.
Equal-Airtime
All clients will receive the same airtime. Clients with a higher data throughput benefit from this setting
because the access point can send more data to the client in the same amount of time.
4
700
IEEE 802.11ac WLAN modules already use an algorithm similar to this setting.
Menu Reference
2 Setup
Pref.-11n-Airtime
This setting prefers clients that use IEEE 802.11n. Clients using IEEE 802.11a or IEEE 802.11g will only
receive 25% of the airtime of an IEEE 802.11n client. Clients using IEEE 802.11b only receive 6.25%
airtime. The result is that data is sent much faster to clients using IEEE 802.11n.
Equal-Volume
This setting distributes the airtime between the clients to ensure that all clients receive the same amount
of throughput by the access point. However, slower clients will slow down all clients.
4
This setting is only recommended when it is necessary for all clients to receive the same
throughput.
Default:
Equal-Airtime
2.23.20.10 Beaconing
Roaming settings are only relevant in the base-station operating mode. The wireless LAN access point (WLAN AP)
periodically transmits a radio signal (beacon) so that the clients can detect it or the logical wireless networks (SSIDs)
that it provides.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.10.1 Ifc
Opens the Expert settings for the available physical interfaces.
Telnet path:
Setup > Interfaces > WLAN > Beaconing
2.23.20.10.2 Beacon period
This value defines the time interval in Kµs between beacon transmission (1 Kµs corresponds to 1024 microseconds and
is a measurement unit of the 802.11 standard. 1 Kµs is also known as a Timer Unit (TU)). Smaller values result in a shorter
beacon timeout period for the client and enable quicker roaming in case of failure of an access point, but they also
increase the WLAN overhead.
Telnet path:
Setup > Interfaces > WLAN > Beaconing
Possible values:
20 … 65535 Timer unit
Default:
100
701
Menu Reference
2 Setup
2.23.20.10.3 DTIM period
This value defines the number of beacons which are collected before multicasts are broadcast. Higher values enable
longer client sleep intervals, but worsen the latency times.
Telnet path:
Setup > Interfaces > WLAN > Beaconing
Possible values:
1 … 255
Default:
1
2.23.20.10.4 Beacon order
Beacon order refers to the order in which beacons are sent to the various WLAN networks. For example, if three logical
WLAN networks are active and the beacon period is 100 Kµs, then the beacons will be sent to the three WLANs every
100 Kµs. Depending on the beacon order, the beacons are transmitted at times as follows.
5
Some older WLANs are unable to process the quick succession of beacons which occur with simple burst.
Consequently these clients often recognize the first beacons only and can only associate with this network.
Staggered transmission of beacons produces better results but increases load on the access point's processor.
Cyclic transmission proves to be a good compromise as all networks are transmitted first in turn.
Telnet path:
Setup > Interfaces > WLAN > Beaconing
Possible values:
Cyclic
In this mode the access point transmits the first beacon transmission at 0 Kµs to WLAN-1, followed by
WLAN-2 and WLAN-3. For the second beacon transmission (100 Kµs) WLAN-2 is the first recipient,
followed by WLAN-3 and then WLAN-1. For the third beacon transmission (200 Kµs) the order is WLAN-3,
WLAN-1, WLAN-2. After this the sequence starts again.
Staggered
In this mode, the beacons are not sent together at a particular time, rather they are divided across the
available beacon periods. Beginning at 0 Kµs, WLAN-1 only is sent; after 33.3 Kµs WLAN-2, after 66.6
Kµs WLAN-3. At the start of a new beacon period, transmission starts again with WLAN-1.
Simple burst
In this mode the access point always transmits the beacons for the WLAN networks in the same order.
The first beacon transmission (0 Kµs) is WLAN-1, WLAN-2 and WLAN-3; the second transmission is in
the same order, and so on.
Default:
Cyclic
702
Menu Reference
2 Setup
2.23.20.11 Roaming
Roaming settings are only relevant in the client operating mode. They regulate the way that the client switches between
multiple base stations, where available.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.11.1 Ifc
Opens the Expert settings for the available physical interfaces.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.11.2 Beacon-Miss-Threshold
The beacon loss threshold defines how many access-point beacons can be missed before a registered client starts
searching again.
Higher values will delay the recognition of an interrupted connection, so a longer time period will pass before the
connection is re-established.
The lower the value set here, the sooner a potential interruption to the connection will be recognized; the client can start
searching for an alternative access point sooner.
5
Values which are too small may cause the client to detect lost connections more often than necessary.
Telnet path:
Setup > Interfaces > WLAN > Roaming
Possible values:
0 … 99 Percent (%)
Default:
4
2.23.20.11.3 Roaming threshold
This value is the percentage difference in signal strength between access points above which the client will switch to
the stronger access point.
5
Other contexts require the value of signal strengths in dB. The following conversion applies:
Decibel
64dB
Percent
100%
32dB
50%
0dB
0%
703
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Roaming
Possible values:
0 … 99 Percent (%)
Default:
15
2.23.20.11.4 No roaming threshold
This threshold refers to the field strength in percent. Field strengths exceeding the value set here are considered to be
so good that no switching to another access point will take place.
Telnet path:
Setup > Interfaces > WLAN > Roaming
Possible values:
0 … 99 Percent (%)
Default:
45
2.23.20.11.5 Force roaming threshold
This threshold refers to the field strength in percent. Field strengths below the value set here are considered to be so
poor that a switch to another access point is required.
Telnet path:
Setup > Interfaces > WLAN > Roaming
Possible values:
0 … 99 Percent (%)
Default:
12
2.23.20.11.6 Soft roaming
This option enables a client to use scan information to roam to a stronger access point (soft roaming). Roaming due to
connection loss (hard roaming) is unaffected by this. The roaming threshold values only take effect when soft roaming
is activated.
Telnet path:
Setup > Interfaces > WLAN > Roaming
704
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
Yes
2.23.20.11.7 Connect threshold
This value defines field strength in percent defining the minimum that an access point has to show for a client to attempt
to associate with it.
Telnet path:
Setup > Interfaces > WLAN > Roaming
Possible values:
0 … 99 Percent (%)
Default:
0
2.23.20.11.8 Connect hold threshold:
This threshold defines field strength in percent. A connection to an access point with field strength below this value is
considered as lost.
Telnet path:
Setup > Interfaces > WLAN > Roaming
Possible values:
0 … 99 Percent (%)
Default:
0
2.23.20.11.9 Min-Connect-Signal-Level
Similar to the connection threshold, but specified as absolute signal strength.
Telnet path:
Setup > Interfaces > WLAN > Roaming
Possible values:
0 … -128 dBm
Default:
0
705
Menu Reference
2 Setup
2.23.20.11.10 Min-Connect-Hold-Signal-Level
Similar to the connection hold threshold, but specified as absolute signal strength.
Telnet path:
Setup > Interfaces > WLAN > Roaming
Possible values:
0 … -128 dBm
Default:
0
2.23.20.11.11 Block time
If your device is operating as a WLAN client in an environment with multiple WLAN access points all with the same SSID,
you can define a time period during which the WLAN client will avoid associating with a particular access point after
receiving an "association-reject" from it.
Telnet path:
Setup > Interfaces > WLAN > Roaming
Possible values:
0 … 4294967295 Seconds
Default:
0
2.23.20.12 Interpoint peers
Here you enter the wireless base stations that are to be networked via the point-to-point connection.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.12.1 Ifc
Here you select the wireless base stations that are to be networked via the point-to-point connection.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Peers
2.23.20.12.2 Recognize-By
Here you select the characteristics to be used to identify the P2P peer.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Peers
706
Menu Reference
2 Setup
Possible values:
MAC address
Select this option if the devices are to recognize P2P partners by their MAC address. In this case, fill-out
the "MAC address" with the WLAN MAC address of the physical WLAN interface of the P2P partner.
Host name
Select this option if the devices are to recognize P2P partners by their peer name. In this case, fill-out
the "Peer name" with the device name of the P2P peer or, alternatively, the "Peer name" defined in the
physical settings.
Serial-Autoconfig
Use this setting if the P2P peers are to exchange their MAC addresses via a serial connection.
Default:
MAC address
2.23.20.12.3 MAC address
MAC address of the P2P peer.
5
If you work with detection by MAC address, enter the MAC address of the WLAN adapter here and not that of
the device itself.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Peers
Possible values:
Max. 12 characters from [A-Z][a-z][0-9]-:
Default:
empty
2.23.20.12.4 Peer-Name
Station name of the P2P remote station
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Peers
Possible values:
Max. 24 characters from [A-Z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_.
Default:
empty
2.23.20.12.5 Operating
Activates or deactivates this point-to-point channel.
707
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Peers
Possible values:
No
Yes
Default:
No
2.23.20.12.6 Tx-Limit
With this setting you limit the bandwidth of the uplink (in kbps) for the configured point-to-point link.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Peers
Possible values:
0 … 4294967295
Default:
0
Special values:
0
This value 0 disables the limit (= unlimited bandwidth).
2.23.20.12.7 Rx-Limit
With this setting you limit the bandwidth of the downlink (in kbps) for the configured point-to-point link.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Peers
Possible values:
0 … 4294967295
Default:
0
Special values:
0
This value 0 disables the limit (= unlimited bandwidth).
708
Menu Reference
2 Setup
2.23.20.12.8 Key value
Specify the WPA2 passphrase for the P2P connection. Select the most complex key possible, with at least 8 and maximum
63 characters. The key requires at least 32 characters to provide encryption of suitable strength.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Peers
Possible values:
min. 8 characters; max. 63 characters from
#[A-Z][a-z][0-9]@{|}~!$%&'()+-,/:;<=>?[\]^_. `
2.23.20.12.9 Connect threshold
A WLAN interface can manage point-to-point links to more than one remote station, and each of these connections can
have a different "nominal" signal strength.
Connect threshold
The value specifies the beacon signal strength with which the remote site must be received in order to establish
the point-to-point link.
Connect hold threshold
The value specifies the beacon signal strength with which the remote site must be received in order to keep
the point-to-point link.
Both values represent the necessary signal-to-noise ratio (SNR) in percentage. The purpose of the two different values
is to establish a hysteresis which avoids connection state flatter. Fast connection state changes would otherwise lead to
instability, for example, in the topology decisions of the spanning-tree algorithm.
5
The Connect-Hold-Threshold must be lower than the Connect-Threshold.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Peers
Possible values:
0 … 255
Default:
0
Special values:
0
The value 0 disables the corresponding limits.
2.23.20.12.10 Connect hold threshold
A WLAN interface can manage point-to-point links to more than one remote station, and each of these connections can
have a different "nominal" signal strength.
709
Menu Reference
2 Setup
Connect threshold
The value specifies the beacon signal strength with which the remote site must be received in order to establish
the point-to-point link.
Connect hold threshold
The value specifies the beacon signal strength with which the remote site must be received in order to keep
the point-to-point link.
Both values represent the necessary signal-to-noise ratio (SNR) in percentage. The purpose of the two different values
is to establish a hysteresis which avoids connection state flatter. Fast connection state changes would otherwise lead to
instability, for example, in the topology decisions of the spanning-tree algorithm.
5
The Connect-Hold-Threshold must be lower than the Connect-Threshold.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Peers
Possible values:
0 … 255
Default:
0
Special values:
0
The value 0 disables the corresponding limits.
2.23.20.13 Network-Alarm-Limits
This table contains the settings for the network alarm limits for the device's logical WLAN networks (SSIDs).
Telnet path:
Setup > Interfaces > WLAN
2.23.20.13.1 Ifc
From the SSIDs available on the device (e.g. WLAN-1, WLAN-1-2), select the logical WLAN network (SSID) for which you
want to edit the network alarm limits.
Telnet path:
Setup > Interfaces > WLAN > Network-Alarm-Limits
2.23.20.13.2 Phy-Signal
The negative threshold value for the signal level of the corresponding SSID. If the value falls below this threshold, an
alert is issued.
710
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Network-Alarm-Limits
Possible values:
Max. 3 characters from [0-9]
Default:
0
Special values:
0
This value disables the checking.
2.23.20.13.3 Total retries
The threshold value for the total number of transmission retries for the corresponding SSID, per mille. Once the value is
reached, an alert is issued.
Telnet path:
Setup > Interfaces > WLAN > Network-Alarm-Limits
Possible values:
Max. 4 characters from [0-9]
Default:
0
Special values:
0
This value disables the checking.
2.23.20.13.4 Tx-Errors
The total number of lost packets for the corresponding SSID, per mille. Once the value is reached, an alert is issued.
Telnet path:
Setup > Interfaces > WLAN > Network-Alarm-Limits
Possible values:
Max. 4 characters from [0-9]
Default:
0
Special values:
0
This value disables the checking.
711
Menu Reference
2 Setup
2.23.20.14 Interpoint-Alarm-Limits
This table contains the settings for the interpoint alarm limits for the device's P2P connections (SSIDs).
SNMP ID: 2.23.20.14
Telnet path: /Setup/Interfaces/WLAN
2.23.20.14.1 Ifc
Select the P2P connection here for which you wish to set the interpoint alarm limits.
SNMP ID: 2.23.20.14.1
Telnet path: /Setup/Interfaces/WLAN/Interpoint-Alarm-Limits
Possible values:
a Choose from the P2P connections available in the device, e.g. P2P-1, P2P-2, etc.
2.23.20.14.2 Phy-Signal
The negative threshold value for the signal level of the corresponding P2P connection. If the value falls below this
threshold, an alert is issued. Setting this value to 0 deactivates the check.
SNMP ID: 2.23.20.14.2
Telnet path: /Setup/Interfaces/WLAN/Interpoint-Alarm-Limits
Possible values:
a 3 numerical characters
Default: 0
2.23.20.14.3 Total-Retries
The threshold value for the total number of transmission retries for the corresponding P2P connection. Once the value
is reached, an alert is issued. Setting this value to 0 deactivates the check.
SNMP ID: 2.23.20.14.3
Telnet path: /Setup/Interfaces/WLAN/Interpoint-Alarm-Limits
Possible values:
a 4 numeric characters to specify the repetitions in per mille
Default: 0 per mille
2.23.20.14.4 Tx-Errors
The total number of lost packets for the corresponding P2P connection. Once the value is reached, an alert is issued.
Setting this value to 0 deactivates the check.
SNMP ID: 2.23.20.14.4
Telnet path: /Setup/Interfaces/WLAN/Interpoint-Alarm-Limits
Possible values:
a 4 numeric characters to specify the repetitions in per mille
Default: 0 per mille
712
Menu Reference
2 Setup
2.23.20.15 Probe settings
This table contains the settings for the spectral scan.
5
The device cannot transmit or receive data in this mode.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.15.1 Ifc
Opens the settings for the available physical WLAN interfaces.
Telnet path:
Setup > Interfaces > WLAN > Probe-Settings
2.23.20.15.2 Radio bands
Here you can select which frequency bands should be analyzed by spectral scanning.
Telnet path:
Setup > Interfaces > WLAN > Probe-Settings
Possible values:
2.4GHz
5GHz
2.4GHz/5GHz
Default:
2.4GHz
2.23.20.15.3 Subbands-2.4GHz
This setting specifies which subbands of the 2.4GHz frequency are to be analyzed.
5
The spectral scan only takes this field into account when either '2.4GHz' or '2.4GHz/5GHz' is set in Radio bands.
Telnet path:
Setup > Interfaces > WLAN > Probe-Settings
713
Menu Reference
2 Setup
Possible values:
Band-1
Band-2
Band-1+2
Default:
Band-1
2.23.20.15.4 Channel-List-2.4GHz
Specify in this field the channel list for the spectral scan in the 2.4GHz frequency band. Individual channels are separated
with commas.
There is no need to change the default values of the spectral scan for its operation. The spectral scan examines the
frequency bands in 20MHz-wide blocks at a time. Due to the 5MHz gaps between the individual 20MHz-wide channels
in the 2.4GHz radio band, the channels specified result in a continuous scan of the entire 2.4GHz radio band. In the
5GHz band, the channel bandwidth is also 20MHz, and the individual channels lie next to each other with no overlapping.
When no channels are specified, all channels are scanned which results in a complete scan in the 5GHz band.
Telnet path:
Setup > Interfaces > WLAN > Probe-Settings
Possible values:
Max. 48 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
1,5,9,13
2.23.20.15.5 Subbands-5GHz
This setting specifies which subbands of the 5GHz frequency are to be analyzed.
5
The spectral scan only takes this field into account when either "5GHz" or "2.4GHz/5GHz" is set in Radio bands.
Telnet path:
Setup > Interfaces > WLAN > Probe-Settings
Possible values:
Band-1
Band-2
Band-1+2
Default:
Band-1
714
Menu Reference
2 Setup
2.23.20.15.6 Channel-List-5GHz
In this field, specify the list of channels for the spectral scan in the 5GHz frequency band. Individual channels are separated
with commas.
Telnet path:
Setup > Interfaces > WLAN > Probe-Settings
Possible values:
Max. 48 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.23.20.15.7 Channel-Dwell-Time
Determine here the number of milliseconds the spectral scan dwells on a channel.
The web application can display up to 300 readings in the waterfall diagram using the time slider. The readings from a
maximum of 24 hours can be cached. The default value is generally adequate. Only lower the value when you need a
more accurate resolution, and when the performance of your browser and PC is high enough to process the faster display
of the readings.
Telnet path:
Setup > Interfaces > WLAN > Probe-Settings
Possible values:
Max. 10 characters from [0-9]
Default:
250
2.23.20.16 IEEE802.11u
Determine here the number of milliseconds the spectral scan dwells on a channel.
The web application can display up to 300 readings in the waterfall diagram using the time slider. The readings from a
maximum of 24 hours can be cached. The default value is generally adequate. Only lower the value when you need a
more accurate resolution, and when the performance of your browser and PC is high enough to process the faster display
of the readings.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.16.1 Ifc
Name of the logical WLAN interface that you are currently editing.
Telnet path:
Setup > Interfaces > WLAN > IEEE802.11u
715
Menu Reference
2 Setup
2.23.20.16.2 Operating
Enable or disable support for connections according to IEEE 802.11u at the appropriate interface. If you enable support,
the device sends the interworking element in beacons/probes for the interface or for the associated SSID, respectively.
This element is used as an identifying feature for IEEE 802.11u-enabled connections: It includes, for example, the Internet
bit, the ASRA bit, the HESSID, and the location group code and the location type code. These individual elements use
802.11u-enabled devices as the first filtering criteria for network detection.
Telnet path:
Setup > Interfaces > WLAN > IEEE802.11u
Possible values:
No
Yes
Default:
No
2.23.20.16.3 Hotspot2.0
Enable or disable support for connections according to IEEE 802.11u at the appropriate interface. If you enable support,
the device sends the interworking element in beacons/probes for the interface or for the associated SSID, respectively.
This element is used as an identifying feature for IEEE 802.11u-enabled connections: It includes, for example, the Internet
bit, the ASRA bit, the HESSID, and the location group code and the location type code. These individual elements use
802.11u-enabled devices as the first filtering criteria for network detection.
Telnet path:
Setup > Interfaces > WLAN > IEEE802.11u
Possible values:
No
Yes
Default:
No
2.23.20.16.4 Internet
Select whether the Internet bit is set. Over the Internet-bit, all stations are explicitly informed that the Wi-Fi network
allows Internet access. Enable this setting if services other than internal services are accessible via your device.
Telnet path:
Setup > Interfaces > WLAN > IEEE802.11u
716
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
No
2.23.20.16.5 Network type
Select a network type from the available list which most closely describes the Wi-Fi network behind the selected interface.
Telnet path:
Setup > Interfaces > WLAN > IEEE802.11u
Possible values:
Private
Describes networks which are blocked to unauthorized users. Select this type, for example, for home
networks or corporate networks where access is limited to employees.
Private-GuestAcc
Similar to Private, but with guest access for unauthorized users. Select this type, for example, for
corporate networks where visitors may use the Wi-Fi network in addition to employees.
Public-Charge
Describes public networks that are accessible to everyone and can be used for a fee. Information about
fees may be available through other channels (e.g.: IEEE 802.21, HTTP/HTTPS or DNS forwarding). Select
this type, for example, for hotspots in shops or hotels that offer fee-based Internet access.
Public-Free
Describes public networks that are accessible to everyone and for which no fee is payable. Select this
type, for example, for hotspots in public, local and long-distance transport, or for community networks
where Wi-Fi access is an included service.
Personal-Dev
In general, it describes networks that connect wireless devices. Select this type, for example, for digital
cameras that are connected to a printer via WLAN.
Emergency
Describes networks that are intended for, and limited to, emergency services. Select this type, for
example, for connected ESS or EBR systems.
Experimental
Describes networks that are set up for testing purposes or are still in the setup stage.
Wildcard
Placeholder for previously undefined network types.
Default:
Private
717
Menu Reference
2 Setup
2.23.20.16.6 Asra
Select whether the ASRA bit (Additional Step Required for Access) is set. Using the ASRA bit explicitly informs all stations
that further authentication steps are needed to access the Wi-Fi network. Enable this setting if you have, for example,
set up online registration, additional authentication, or a consent form for your terms of use on your web site.
5
Please remember to specify a forwarding address in the Network authentication types table for the additional
authentication and/or WISPr for the Public Spot module if you set the ASRA bit.
Telnet path:
Setup > Interfaces > WLAN > IEEE802.11u
Possible values:
No
Yes
Default:
No
2.23.20.16.7 HESSID
Specify where the device gets its HESSID for the homogeneous ESS. A homogeneous ESS is defined as a group of a
specific number of access points, which all belong to the same network. The MAC address of a connected access point
(its BSSID) serves as a globally unique identifier (HESSID). The SSID can not be used as an identifier in this case, because
different network service providers can have the same SSID assigned in a hotspot zone, e.g., by common names such as
"HOTSPOT".
Telnet path:
Setup > Interfaces > WLAN > IEEE802.11u
Possible values:
BSSID
user
None
Default:
BSSID
2.23.20.16.8 HESSID-MAC
If you selected the setting user for the HESSID, enter the HESSID of your homogeneous ESS as a 6-octet MAC address.
Select the BSSID for the HESSID for any access point in your homogeneous ESS in capital letters and without separators,
e.g., 008041AEFD7E for the MAC address 00:80:41:ae:fd:7e.
5
718
If your device is not present in multiple homogeneous ESS's, the HESSID is identical for all interfaces
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > IEEE802.11u
Possible values:
Max. 12 characters from [A-F][a-f][0-9]
Default:
000000000000
2.23.20.16.10 ANQP profile
This parameter is used to specify a valid ANQP profile.
Enter a name from the table Setup > IEEE802.11u > ANQP-Profile.
Telnet path:
Setup > Interfaces > WLAN > IEEE802.11u
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.23.20.16.13 HS20-Profile
This parameter is used to specify a valid Hotspot-2.0 or HS20 profile.
Enter a name from the table Setup > IEEE802.11u > Hotspot2.0 > Hotspot2.0-Profiles.
Telnet path:
Setup > Interfaces > WLAN > IEEE802.11u
Possible values:
Max. 32 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
empty
2.23.20.19 Interpoint-transmission
This table contains the transmission settings for the individual P2P links.
Telnet path:
Setup > Interfaces > WLAN
719
Menu Reference
2 Setup
2.23.20.19.1 Ifc
Name of the logical P2P interface which you selected.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
Select from the available P2P links.
2.23.20.19.2 Packet size
Select the maximum size of data packets on a P2P link.
Smaller data packets cause fewer transmission errors than larger packets, although the proportion of header information
in the traffic increases, leading to a drop in the effective network load. Increase the factory value only if your wireless
network is largely free from interference and very few transmission errors occur. Reduce the value to reduce the occurrence
of transmission errors.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
600 … 2347
Default:
1600
2.23.20.19.3 Min-Tx-Rate
Specify the minimum transmission rate in Mbps in the direction of transmission.
Normally the access point negotiates the data transmission speeds continuously and dynamically with the connected
WLAN clients (Auto). The access point adjusts the transmission speeds to the reception conditions. You also have the
option of preventing dynamic speed adjustment by entering a fixed transmission speed.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
720
Menu Reference
2 Setup
Possible values:
Auto
1M
2M
5.5M
11M
6M
9M
12M
18M
24M
36M
48M
54M
Default:
Auto
2.23.20.19.6 RTS-Threshold
Use this field to define the RTS threshold. If the size of the RTS packets for transmission exceeds this value, the device
uses the RTS/CTS protocol in order to prevent the increased probability of collisions and the associated "hidden station"
phenomena.
Since the RTS packets are generally very short and the use of RTS/CTS increases the overhead, using this method only
pays off if you are using longer data packets where collisions are likely. The best value can be found using trial and error
tests on location.
5
The RTS/CTS threshold value also has to be set in the WLAN client, as far as the driver and/or operating system
allow this.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
60 … 2347
Default:
2347
2.23.20.19.7 11b-Preamble
Specify whether your device uses a long preamble in 802.11b mode.
Normally every WLAN client (in this case the P2P slave) independently negotiates the necessary length of the preamble
for communication with the base station (in this case the P2P master). However, in some rare cases it is necessary to
ignore this handshake process and use the long WLAN preamble, although this is less advantageous.
Only enable the long WLAN preamble if it precisely resolves your wireless problems.
721
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
Auto
The P2P slave automatically negotiates the length of the preamble (short/long) required to communicate
with the P2P-master.
Long
The P2P slave does not negotiate and always uses a long preamble.
Default:
Auto
2.23.20.19.9 Max-Tx-Rate
Specify the maximum transmission rate in Mbps in the direction of transmission.
Normally the access point negotiates the data transmission speeds continuously and dynamically with the connected
WLAN clients (Auto). The access point adjusts the transmission speeds to the reception conditions. You also have the
option of preventing dynamic speed adjustment by entering a fixed transmission speed.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
Auto
1M
2M
5.5M
11M
6M
9M
12M
18M
24M
36M
48M
54M
Default:
Auto
2.23.20.19.10 Min.-Frag.-Length
Using this input field you define the minimum length of packet fragments, below which the device rejects data packet
fragments.
722
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
0 … 65535
Special values:
0, 1
The device allows for packet fragments of any length.
Default:
16
2.23.20.19.11 Soft-Retries
Enter the number of transmission attempts that the device tries if the hardware cannot send a data packet. The total
number of transmission attempts results from the calculation (Soft-Retries + 1) * Hard-Retries.
The advantage of using soft retries at the expense of hard retries is that the rate-adaption algorithm immediately begins
the next series of hard retries with a lower data rate.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
0 … 255
Default:
10
2.23.20.19.12 Hard-Retries
Enter the number of transmission attempts that the device attempts before the hardware reports a Tx error. The smaller
the value you choose, the shorter is the time that an unsendable packet will block the transmitter. If the hardware cannot
send a data packet, you have the option to continue the attempts on the software side. For more information, see the
parameter Soft-Retries.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
0 … 255
Default:
10
2.23.20.19.13 Short guard interval
Enable or disable the short guard interval.
723
Menu Reference
2 Setup
Put simply, the guard interval reduces the signal distortion caused by intersymbol interference (ISI) when using signal
multiplexing (OFDM). The option reduces the transmission pause between two signals from 0.8 µs (default) to 0.4 µs
(short guard interval). This increases the effective time available for data transmission and thus the data throughput.
However, the wireless LAN system becomes more liable to disruption that can be caused by interference between two
consecutive signals.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
Auto
The device activates the short guard interval in automatic mode, provided that the remote station
supports this.
No
Disables the short guard interval.
Default:
Auto
2.23.20.19.14 Max.-Spatial-Steams
Specify the maximum number of allowed spatial streams.
Spatial streams add a third dimension to the frequency-time matrix available to radio communications: Space. An array
of multiple antennas provides the receiver with spatial information that the device can use for spatial multiplexing, a
technique that increases transmission rates. This allows parallel transmission of multiple data streams over a single radio
channel. Multiple transmitter and receiver antennas can be operated at the same time. This leads to a significant increase
in the performance of the radio system.
With the factory setting, the device sets up the spatial streams automatically to make optimal use of the radio system.
Alternatively you have the option of limiting the spatial streams to one or two to reduce the load on the radio system.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
Auto
One
Two
Three
Default:
Auto
724
Menu Reference
2 Setup
2.23.20.19.15 Send-Aggregates
With this setting you configure the transmission of aggregated data packets. Frame aggregation is an official standard
and, according to the 802.11n standard, it is intended to be vendor-independent. It is comparable to the long-existing
burst mode.
For frame aggregation, the device combines multiple data packets (frames) to a larger packet—by increasing the length
of the WLAN frame—and sends them together. The method shortens the waiting time between data packets and also
reduces the overhead, so increasing the data throughput.
However, with increased frame length, the probability increases that the device must resend the packets, for example,
due to radio interference. Other stations must also wait for a free channel and collect their data packets until they have
multiple packets that they can send at one time.
Frame aggregation is enabled in the factory settings. This option makes sense if you want to increase the throughput
for your device and others on this medium are not important. Frame aggregation is not suitable when working with
mobile receivers or real-time data transmissions such as voice over IP.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
No
Yes
Default:
Yes
2.23.20.19.16 Min.-HT-MCS
MCS (Modulation Coding Scheme) automatically adapts transmission speeds. In the 802.11n standard it defines a number
of variables that specify the number of spatial streams, the modulation and the data rate of each data stream, among
others.
In the factory settings the station automatically selects the best possible MCS for each stream, based on the conditions
of each channel. If interference arises during operation and the channel conditions change, for example due to movement
of the transmitter or signal deterioration, the MCS is dynamically adjusted to suit the new conditions.
You also have the option of setting the MCS to a constant value. This may facilitate testing, or it may be useful in
particularly dynamic environments to avoid unnecessary parameterizing where an optimal value simply cannot be
expected.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
725
Menu Reference
2 Setup
Possible values:
Auto
MCS-0/8
MCS-1/9
MCS-2/10
MCS-3/11
MCS-4/12
MCS-5/13
MCS-6/14
MCS-7/15
Default:
Auto
2.23.20.19.17 Max.-HT-MCS
MCS (Modulation Coding Scheme) automatically adapts transmission speeds. In the 802.11n standard it defines a number
of variables that specify the number of spatial streams, the modulation and the data rate of each data stream, among
others.
In the factory settings the station automatically selects the best possible MCS for each stream, based on the conditions
of each channel. If interference arises during operation and the channel conditions change, for example due to movement
of the transmitter or signal deterioration, the MCS is dynamically adjusted to suit the new conditions.
You also have the option of setting the MCS to a constant value. This may facilitate testing, or it may be useful in
particularly dynamic environments to avoid unnecessary parameterizing where an optimal value simply cannot be
expected.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
Auto
MCS-0/8
MCS-1/9
MCS-2/10
MCS-3/11
MCS-4/12
MCS-5/13
MCS-6/14
MCS-7/15
Default:
Auto
2.23.20.19.18 Min.-Spatial-Steams
Specify the minimum number of allowed spatial streams.
726
Menu Reference
2 Setup
Spatial streams add a third dimension to the frequency-time matrix available to radio communications: Space. An array
of multiple antennas provides the receiver with spatial information that the device can use for spatial multiplexing, a
technique that increases transmission rates. This allows parallel transmission of multiple data streams over a single radio
channel. Multiple transmitter and receiver antennas can be operated at the same time. This leads to a significant increase
in the performance of the radio system.
With the factory setting, the device sets up the spatial streams automatically to make optimal use of the radio system.
Alternatively you have the option of limiting the spatial streams to one or two to reduce the load on the radio system.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
Auto
One
Two
Three
Default:
Auto
2.23.20.19.19 EAPOL-Rate
Set the data rate in Mbps for EAPOL transmission.
WLAN clients use EAP over LAN (EAPOL) to login to the access point by WPA and/or 802.1x. They encapsulate EAP
packets in Ethernet frames to allow EAP communications on layer-2 connections.
Under certain circumstances it may be desirable to select a lower data rate for the transfer of EAPOL packets than that
available for the payload data. For example, in the case of mobile WLAN clients, high data rates can cause the loss of
EAPOL packets, which in turn leads to considerable delays in client association. This procedure can be stabilized by
selecting specific data rates for EAPOL.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
Like-Data
In this setting, the device transmits the EAPOL data at the same rate as payload data.
727
Menu Reference
2 Setup
1M
2M
5.5M
11M
6M
9M
12M
18M
24M
36M
48M
54M
HT-1-6.5M
HT-1-13M
HT-1-19.5M
HT-1-26M
HT-1-39M
HT-1-52M
HT-1-58.5M
HT-1-65M
HT-2-13M
HT-2-26M
HT-2-39M
HT-2-52M
HT-2-78M
HT-2-104M
HT-2-117M
HT-2-130M
Default:
Like-Data
2.23.20.19.20 Max.-Aggr.-Packet-Count
Using this parameter, you define the maximum number of packets the device may combine into one aggregate. Aggregation
in IEEE 802.11n WLAN transmissions combines multiple data packets into one large packet, so reducing the overhead
and speeding up the transmission.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
0 … 11/16/24 (device dependent)
Special values:
0
The device automatically uses the highest value allowed on the hardware side.
Default:
0
728
Menu Reference
2 Setup
2.23.20.19.22 Receive-Aggregates
With this setting you configure the reception of aggregated data packets. Frame aggregation is an official standard and,
according to the 802.11n standard, it is intended to be vendor-independent. It is comparable to the long-existing burst
mode.
For frame aggregation, the device combines multiple data packets (frames) to a larger packet—by increasing the length
of the WLAN frame—and sends them together. The method shortens the waiting time between data packets and also
reduces the overhead, so increasing the data throughput.
However, with increased frame length, the probability increases that the device must resend the packets, for example,
due to radio interference. Other stations must also wait for a free channel and collect their data packets until they have
multiple packets that they can send at one time.
Frame aggregation is enabled in the factory settings. This option makes sense if you want to increase the throughput
for your device and others on this medium are not important. Frame aggregation is not suitable when working with
mobile receivers or real-time data transmissions such as voice over IP.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
No
Yes
Default:
Yes
2.23.20.19.23 Use-STBC
Activate the space time block coding (STBC) here.
STBC is a method for improving the reception conditions. The function additionally varies the transmission of data packets
over time to minimize time-related effects on the data. Due to the time offset of the packets the recipient has an even
better chance of receiving error-free data packets, regardless of the number of antennas.
4
If the WLAN chipset does not support STBC, you cannot set this parameter to Yes.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
No
Yes
Default:
Yes
729
Menu Reference
2 Setup
2.23.20.19.24 Use-LDPC
Activate the low density parity check here (LDPC).
LDPC is an error correction method. Before the sender transmits the data packets, it expands the data stream with
checksum bits depending on the modulation rate. These checksum bits allow the receiver to correct transmission errors.
By default the 802.11n standard uses 'Convolution Coding' (CC) for error correction, which is well-known from 802.11a
and 802.11g; however, the 11n standard also provides for error correction according to the LDPC method (Low Density
Parity Check).
In contrast to CC encoding, LDPC encoding uses larger packets to calculate checksums and can also recognize more bit
errors. The improved ratio of payload to checksum data enables LDPC encoding to provide a higher data rate.
4
If the WLAN chipset does not support STBC, you cannot set this value to Yes.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Transmission
Possible values:
No
Yes
Default:
Yes
2.23.20.20 Interpoint-Encryption
This table contains the encryption settings of the physical WLAN interface for P2P links.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.20.1 Ifc
Name of the physical WLAN interface
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Encryption
2.23.20.20.2 Encryption
Enables or disables the WPA/WEP encryption for P2P connections over the respective interface.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Encryption
730
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
Yes
2.23.20.20.3 Default-Key
WEP keys with which the device encrypts the packets sent over this interface.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Encryption
Possible values:
0…9
Default:
1
2.23.20.20.4 Method
Selects the encryption method or, for WEP, the key length which the device uses for the encryption of P2P data packets.
5
Please note that not every client (or their hardware) supports every encryption method.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Encryption
Possible values:
802.11i-WPA-PSK
WEP-128-Bit
WEP-104-Bit
WEP-40-Bit
Default:
802.11i-WPA-PSK
2.23.20.20.9 WPA-Version
WPA version that the device offers a client for WPA encryption.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Encryption
731
Menu Reference
2 Setup
Possible values:
WPA1
WPA2
WPA1/2
Default:
WPA1/2
2.23.20.20.11 WPA-Rekeying-Cycle
Enter at which intervals the device repeats the WPA key handshake.
For WPA1/2, authentication on a network is performed with a pre-shared key (PSK), which is part of a 128-bit individual
key. The device (as authenticator) generates this key with a 48-bit initial vector (IV), which makes it difficult for attackers
to calculate the WPA key. The repetition of the key that consists of the IV and WPA keys only occurs after 248 data
packets, which no WLAN will reach within a foreseeable time.
To prevent the (theoretical) repetition of the real key, the WPA allows for an automatic renegotiation of the key with the
WLAN client (the supplicant) in regular intervals (rekeying). This prevents the repetition of the real key. By setting an
individual cycle, you have the option of shortening the rekeying intervals.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Encryption
Possible values:
0 … 4294967295 Seconds
Special values:
0
This value disables the preliminary negotiation of a new WPA key at the device. Rekeying can still be
triggered by the supplicant.
Default:
0
2.23.20.20.12 WPA1-Session-Keytypes
Select the method or methods that the device offers the remote station for generating the WPA session or group key for
WPA1. The device can provide the Temporal Key Integrity Protocol (TKIP) method, the Advanced Encryption Standard
(AES) method, or both.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Encryption
732
Menu Reference
2 Setup
Possible values:
TKIP
AES
TKIP/AES
Default:
TKIP
2.23.20.20.13 WPA2-Session-Keytypes
Select the method or methods that the device offers the remote station for generating the WPA session or group key for
WPA2. The device can provide the Temporal Key Integrity Protocol (TKIP) method, the Advanced Encryption Standard
(AES) method, or both.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Encryption
Possible values:
TKIP
AES
TKIP/AES
Default:
AES
2.23.20.20.14 Prot.-Mgmt-Frames
By default, the management information transmitted on a WLAN for establishing and operating data connections
is unencrypted. Anybody within a WLAN cell can receive this information, even those who are not associated with an
access point. Although this does not entail any risk for encrypted data connections, the injection of fake management
information could severely disturb the communications within a WLAN cell.
The IEEE 802.11w standard encrypts this management information, meaning that potential attackers can no longer
interfere with the communications without the corresponding key.
Here you can specify whether the corresponding WLAN interface supports protected management frames (PMF) as per
IEEE 802.11w.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Encryption
Possible values:
No
The WLAN interface does not support PMF. The WLAN management frames are not encrypted.
Mandatory
The WLAN interface supports PMF. The WLAN management frames are always encrypted. It is not
possible to connect with WLAN clients that do not support PMF.
733
Menu Reference
2 Setup
Optional
The WLAN interface supports PMF. Depending on the WLAN client's PMF support, the WLAN management
frames are either encrypted or unencrypted.
Default:
No
2.23.20.20.19 WPA2 key management
You can configure the WPA2 key management with these options.
5
Although it is possible to make multiple selections, this is advisable only if you are sure that the clients attempting
to login to the access point are compatible. Unsuitable clients may refuse a connection if an option other than
Standard is enabled.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Encryption
Possible values:
SHA256
Enables key management according to the IEEE 802.11w standard with keys based on SHA-256.
Standard
Enables key management according to the IEEE 802.11i standard without Fast Roaming and with keys
based on SHA-1. Depending on the configuration, the WLAN clients in this case must use opportunistic
key caching, PMK caching or pre-authentication.
Default:
Standard
2.23.20.21 Coexistence settings
This table contains the settings for the parallel operation of multiple WLANs.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.21.1 Ifc
This entry lists all of the interfaces available with the device (such as WLAN-1, WLAN 2).
Telnet path:
Setup > Interfaces > WLAN > Coexistence-Settings
734
Menu Reference
2 Setup
2.23.20.21.2 Coexistence
Use this entry to specify whether multiple WLAN interfaces are permitted to operate in parallel.
Telnet path:
Setup > Interfaces > WLAN > Coexistence-Settings
Possible values:
No
Yes
Default:
Yes
2.23.20.21.3 Min.-Ignore-Prio
.
Telnet path:
Setup > Interfaces > WLAN > Coexistence-Settings
Possible values:
None
Beacon
Voice
2.23.20.22 Interpoint-Rate-Selection
In this directory, you configure the data rates for communications between the base stations for each P2P link.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.22.1 1M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
735
Menu Reference
2 Setup
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx-required
2.23.20.22.2 2M
Here you configure how the AP is to handle this data rate for this P2P link.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
736
Menu Reference
2 Setup
Default:
Rx/Tx-required
2.23.20.22.3 Ifc
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
2.23.20.22.4 5.5M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.6 11M
This entry shows which P2P link is being configured.
737
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.8 6M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
738
Menu Reference
2 Setup
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.9 9M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.10 12M
This entry shows which P2P link is being configured.
739
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.11 18M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
740
Menu Reference
2 Setup
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.12 24M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.13 36M
This entry shows which P2P link is being configured.
741
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.14 48M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
742
Menu Reference
2 Setup
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.15 54M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.28 HT-1-6.5M
This entry shows which P2P link is being configured.
743
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.29 HT-1-13M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
744
Menu Reference
2 Setup
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.30 HT-1-19.5M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.31 HT-1-26M
This entry shows which P2P link is being configured.
745
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.32 HT-1-39M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
746
Menu Reference
2 Setup
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.33 HT-1-52M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.34 HT-1-58.5M
This entry shows which P2P link is being configured.
747
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.35 HT-1-65M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
748
Menu Reference
2 Setup
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.36 HT-2-13M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.37 HT-2-26M
This entry shows which P2P link is being configured.
749
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.38 HT-2-39M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
750
Menu Reference
2 Setup
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.39 HT-2-52M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.40 HT-2-78M
This entry shows which P2P link is being configured.
751
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.41 HT-2-104M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
752
Menu Reference
2 Setup
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.42 HT-2-117M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.43 HT-2-130M
This entry shows which P2P link is being configured.
753
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the other base stations that the data rate is
“supported” and “required”. The AP also uses this data rate to communicate with the other base stations.
If the base station does not support a particular rate, the AP will reject the corresponding connection
request.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx-required
The AP announces to the other base stations that the rate is “supported” and “required”, but does not
use the rate to communicate with the other base stations.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.44 HT-3-19.5M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
754
Menu Reference
2 Setup
Default:
Rx/Tx
2.23.20.22.45 HT-3-39M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.46 HT-3-38.5M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
755
Menu Reference
2 Setup
Default:
Rx/Tx
2.23.20.22.47 HT-3-78M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.48 HT-3-117M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
756
Menu Reference
2 Setup
Default:
Rx/Tx
2.23.20.22.49 HT-3-156M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.22.50 HT-3-175.5M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
757
Menu Reference
2 Setup
Default:
Rx/Tx
2.23.20.22.51 HT-3-195M
This entry shows which P2P link is being configured.
Telnet path:
Setup > Interfaces > WLAN > Interpoint-Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with other base stations.
Rx/Tx
The AP announces to the other base stations that the rate is “supported”. The AP also uses the rate to
communicate with the other base stations. However, the AP also accepts requests from base stations
that do not support this rate.
Rx
The AP announces to the other base stations that the rate is “supported”, but does not use the rate to
communicate with the other base stations.
Default:
Rx/Tx
2.23.20.23 Adaptive-RF-Optimization
Adaptive RF Optimization constantly monitors the WLAN environment and evaluates the quality of the network based
on the “Wireless Quality Indicators”. If the quality drops, the Adaptive RF Optimization triggers a change to a better
suited channel.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.23.1 Ifc
Shows the interface for the Adaptive RF Optimization.
Telnet path:
Setup > Interfaces > WLAN > Adaptive-RF-Optimization
758
Menu Reference
2 Setup
2.23.20.23.2 Operating
Activates or deactivates Adaptive RF Optimization for this interface.
Telnet path:
Setup > Interfaces > WLAN > Adaptive-RF-Optimization
Possible values:
No
Yes
Default:
No
2.23.20.23.3 Min-Client-Phy-Signal
Setting for the minimum signal strength of clients.
Telnet path:
Setup > Interfaces > WLAN > Adaptive-RF-Optimization
Possible values:
Max. 3 characters from [0-9]
Default:
15
2.23.20.23.4 Min-Client-Tx-Packets
Setting for the minimum number of packets sent to a client.
Telnet path:
Setup > Interfaces > WLAN > Adaptive-RF-Optimization
Possible values:
Max. 5 characters from [0-9]
Default:
30
2.23.20.23.5 Tx-Client-Retry-Ratio-Limit
In this field you specify how quickly a packet is resent to a client.
Telnet path:
Setup > Interfaces > WLAN > Adaptive-RF-Optimization
759
Menu Reference
2 Setup
Possible values:
Max. 3 characters from [0-9]
Default:
70
2.23.20.23.6 Noise-Limit
Setting for the upper limit of acceptable noise on the channel.
Telnet path:
Setup > Interfaces > WLAN > Adaptive-RF-Optimization
Possible values:
Max. 6 characters from [0-9]Default:
-70
2.23.20.23.7 Marked-Channel-Timeout
When a channel is considered unusable it is marked/blocked for the time specified here.
Telnet path:
Setup > Interfaces > WLAN > Adaptive-RF-Optimization
Possible values:
Max. 5 characters from [0-9]
Default:
20
2.23.20.23.8 Trigger-Timespan
The trigger timespan set here determines how long a limit is continuously exceeded before an action is triggered.
Telnet path:
Setup > Interfaces > WLAN > Adaptive-RF-Optimization
Possible values:
Max. 5 characters from [0-9]
Default:
1
760
Menu Reference
2 Setup
2.23.20.24 Redundancy settings
In this directory, you configure the dynamic adjustment of transmission power in the event of the failure of an AP a
cluster of several APs.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.24.1 Ifc
The interface that this entry refers to.
Telnet path:
Setup > Interfaces > WLAN > Redundancy-Settings
2.23.20.24.2 Other APs expected
Use this item to specify the number of other APs that are located in the AP cluster.
So long as all of the devices are available, the transmission power reduction configured here applies to all of the APs in
this group (e.g. -6 dB). Using IAPP (Inter Access Point Protocol), the APs continually check that the correct number of
APs is present on the network.
If an AP fails, the check reveals that the actual number number of APs does not equal the expected number, and so the
remaining APs activate the backup transmission power reduction as configured (e.g. 0 dB). As soon as the failed AP is
available again, the actual number of APs is equal to the number of expected devices. The other APs return their
transmission power to the default value.
Telnet path:
Setup > Interfaces > WLAN > Redundancy-Settings
Possible values:
Max. 5 characters from [0-9]
2.23.20.24.3 Backup transmission power reduction
Here you specify the transmission power reduction in dB to be applied by the AP if an AP from the configured group is
no longer reachable.
Telnet path:
Setup > Interfaces > WLAN > Redundancy-Settings
Possible values:
Max. 3 characters from [0-9]
761
Menu Reference
2 Setup
2.23.20.25 Rate selection
Some application scenarios may require you to exclude certain data rates, for example where environmental conditions
are unfavorable. For this reason it is possible to configure the data rates per SSID or P2P link precisely according to your
particular requirements.
5
In most cases there is no need to change the default settings. Ensure that only WLAN experts adjust these
settings, as improper changes may lead to problems with your WLAN network.
By configuring the data rates for each WLAN module, you fix the data rates used by the AP to communicate with its
clients (TX) as well as the data rates “announced” by the AP to the client for its communication with the AP (RX).
This rate adaptation specifies a minimum and a maximum data rate, and it also allows certain data rates between these
limits to be disabled. This can save airtime under certain circumstances.
4
The configuration of data rates is only possible for stand-alone APs. Using this in WLC scenarios requires the use
of scripts, which the WLC rolls-out to the APs.
In this directory you configure these data rates.
Telnet path:
Setup > Interfaces > WLAN
2.23.20.25.1 1M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx-required
762
Menu Reference
2 Setup
2.23.20.25.2 2M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx-required
2.23.20.25.3 Ifc
This entry shows which interface is being configured.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
2.23.20.25.4 5.5M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
763
Menu Reference
2 Setup
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.6 11M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
764
Menu Reference
2 Setup
2.23.20.25.8 6M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.9 9M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
765
Menu Reference
2 Setup
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.10 12M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.11 18M
Here you configure how the AP is to handle this data rate for this interface.
766
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.12 24M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
767
Menu Reference
2 Setup
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.13 36M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.14 48M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
768
Menu Reference
2 Setup
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.15 54M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
769
Menu Reference
2 Setup
Default:
Rx/Tx
2.23.20.25.28 HT-1-6.5M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.29 HT-1-13M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
770
Menu Reference
2 Setup
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.30 HT-1-19.5M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
771
Menu Reference
2 Setup
2.23.20.25.31 HT-1-26M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.32 HT-1-39M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
772
Menu Reference
2 Setup
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.33 HT-1-52M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.34 HT-1-58.5M
Here you configure how the AP is to handle this data rate for this interface.
773
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.35 HT-1-65M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
774
Menu Reference
2 Setup
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.36 HT-2-13M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.37 HT-2-26M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
775
Menu Reference
2 Setup
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.38 HT-2-39M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
776
Menu Reference
2 Setup
Default:
Rx/Tx
2.23.20.25.39 HT-2-52M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.40 HT-2-78M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
777
Menu Reference
2 Setup
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.41 HT-2-104M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
778
Menu Reference
2 Setup
2.23.20.25.142 HT-2-117M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.43 HT-2-130M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
779
Menu Reference
2 Setup
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.44 HT-3-19.5M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.45 HT-3-39M
Here you configure how the AP is to handle this data rate for this interface.
780
Menu Reference
2 Setup
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.46 HT-3-58.5M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
781
Menu Reference
2 Setup
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.47 HT-3-78M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.48 HT-3-117M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
782
Menu Reference
2 Setup
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.49 HT-3-156M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
783
Menu Reference
2 Setup
Default:
Rx/Tx
2.23.20.25.50 HT-3-175.5M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.25.51 HT-3-195M
Here you configure how the AP is to handle this data rate for this interface.
Telnet path:
Setup > Interfaces > WLAN > Rate-Selection
Possible values:
No
The AP does not announce this rate and does not use it to communicate with the client.
784
Menu Reference
2 Setup
Rx/Tx-required
The AP uses beacons and probe responses to announce to the client that the data rate is “supported”
and “required”. The AP also uses this data rate to communicate with the client. If the client does not
support a particular rate, the AP will reject a connection request.
Rx/Tx
The AP announces to the client that the rate is “supported”. The AP also uses the rate to communicate
with the client. However, the AP also accepts requests from clients that do not support this rate.
Rx-required
The AP announces to the client that the rate is “supported” and “required”, but does not use the rate
to communicate with the client.
Rx
The AP announces to the client that the rate is “supported”, but does not use the rate to communicate
with the client.
Default:
Rx/Tx
2.23.20.26 Blink mode
In this table, you configure the blink mode for the physical WLAN interfaces.
Telnet path:
Setup > Interfaces
2.23.20.26.1 Ifc
Contains the name of the physical WLAN interface.
Telnet path:
Setup > Interfaces > Blink-Mode
Possible values:
WLAN-1
WLAN-2
2.23.20.26.2 Operating
Activates or deactivates the blink mode for this physical interface.
Telnet path:
Setup > Interfaces > Blink-Mode
785
Menu Reference
2 Setup
Possible values:
Yes
No
Default:
No
2.23.20.26.3 Network
Here you select the logical WLAN interface that the device reports to the ERC.
Telnet path:
Setup > Interfaces > Blink-Mode
Possible values:
List of the available logical WLAN interfaces 'WLAN-1' to 'WLAN-x'
2.23.21 LAN interfaces
This menu contains the settings for the LAN interfaces.
Telnet path:
Setup > Interfaces
2.23.21.1 Ifc
Here you select the LAN interface, from those available on the device, to which the subsequent settings are to apply.
Telnet path:
Setup > Interfaces > LAN-Interfaces
2.23.21.2 Connector
Select the network connection you will use to connect to your local network. If you select Auto, the device will
automatically detect the connection used.
5
The LAN interfaces of the device are equipped with different types of hardware depending on the model. The
first LAN interface supports up to 1000 Mbps in full-duplex mode. The second LAN interface supports a maximum
of 100 Mbps in full-duplex mode.
Telnet path:
Setup > Interfaces > LAN-Interfaces
786
Menu Reference
2 Setup
Possible values:
Auto
Auto-10
Auto-100
FD10B-TX
100B-TX
FD100B-TX
FD1000B-TX
Power-Down
Default:
Auto
2.23.21.3 MDI-Mode
This switch activates/deactivates the automatic crossover of send and receive wire pairs (Auto-MDIX) making it unnecessary
use node/hub switches or crossover cables. In individual cases (e.g. with certain fiber-optic media converters) it may be
necessary to deactivate this automatic function and fix the setting to crossed (MDIX) or non-crossed (MDI).
Telnet path:
Setup > Interfaces > LAN-Interfaces
Possible values:
Auto
MDI
MDIX
Default:
Auto
2.23.21.5 Clock role
An Ethernet port working in 1000BASE-Tx mode requires a continuous stream of data between both connected partners
in order to stay synchronized. The nature of this requires the two ends to have a synchronized clock to transmit data.
IEEE 802.3 introduced the concept xml:lang="en"of a master and a slave for this type of connection. The master provides
the clocking for data transmission in both directions while the slave synchronizes to this clock. The roles as clocking
master and slave are allocated at the automatic negotiation phase. This aspect can normally be ignored since automatic
negotiation mostly works very well. In some cases it may be necessary to influence master-slave negotiation. This is the
purpose of the setting for the clock.
5
The LAN interfaces of the device are equipped with different types of hardware depending on the model. Setting
the clocking role has no effect on the second LAN interface.
Telnet path:
Setup > Interfaces > LAN-Interfaces
787
Menu Reference
2 Setup
Possible values:
Slave-Preferred
This is the recommended default setting for devices that are not used as a switch. During the negotiation
phase, the port will attempt to negotiate the slave role. It will accept the role of master if necessary.
Master-Preferred
During the negotiation phase, the port will attempt to negotiate the master role. It will accept the role
of slave if necessary.
Slave
The port is set to the role slave only. A connection will be refused if both connection partners use the
role of slave.
Master
The port is set to the role master only. A connection will be refused if both connection partners use the
role of master.
Default:
Slave-Preferred
2.23.21.6 MTU
This entry contains the status values for MTU.
Telnet path:
Setup > Interfaces > LAN-Interfaces
2.23.21.7 Operating
Activate or deactivate the corresponding LAN interface here.
Telnet path:
Setup > Interfaces > LAN-Interfaces
Possible values:
No
Yes
Default:
Yes
2.23.21.8 Tx-Limit
Enter the bandwidth limit (kbps) in the transmission direction. The value 0 means there is no limit.
SNMP ID: 2.23.21.8
Telnet path: /Setup/Interfaces/LAN-Interfaces
Possible values:
788
Menu Reference
2 Setup
a Maximum 10 numerical characters
Default: 0
5
This setting is only available for devices with a WLAN module.
2.23.21.9 Rx-Limit
Enter the bandwidth limit (kbps) in the receive direction.
5
This setting is only available for devices with a WLAN module.
Telnet path:
Setup > Interfaces > LAN-Interfaces
Possible values:
Max. 10 characters from [0-9]
Default:
0
Special values:
0
Bandwidth restriction revoked
2.23.21.10 Power-saving
Enter the bandwidth limit (kbps) in the receive direction.
5
This setting is only available for devices with a WLAN module.
Telnet path:
Setup > Interfaces > LAN-Interfaces
Possible values:
No
Yes
Default:
Yes
789
Menu Reference
2 Setup
2.23.21.11 Flow control
Using flow control, you can prevent the loss of data packets if a partner network cannot process incoming data packets,
for example due to a memory overflow. In this case, the receiver signals the sender to pause the data transmission for
a certain period of time.
Telnet path:
Setup > Interfaces > Ethernet-ports
Possible values:
Auto
If auto-negotiation is enabled, the flow control is performed automatically according to the capabilities
of the partner (symmetric, asymmetric).
4
If auto-negotiation is disabled, no flow control takes place.
On
Enables symmetrical flow control when auto-negotiation is disabled.
Off
Disables the flow control when auto-negotiation is enabled.
2.23.30 Ethernet ports
The Ethernet interfaces on any publicly accessible device can potentially be used by unauthorized persons to gain physical
access to a network. The Ethernet interfaces on the device can be disabled to prevent this.
Telnet path:
Setup > Interfaces
2.23.30.1 Port
The name of the selected port.
Telnet path:
Setup > Interfaces > Ethernet-ports
2.23.30.2 Connector
Select the network connection you will use to connect to your local network. If you select Auto, the device will automatically
detect the connection used.
Telnet path:
Setup > Interfaces > Ethernet-ports
790
Menu Reference
2 Setup
Possible values:
Auto
Auto-100
10B-T
FD10B-TX
100B-TX
FD100B-TX
FD1000B-TX
Default:
Auto
2.23.30.3 Private mode
Once private mode is activated, this switch port is unable to exchange data directly with the other switch ports.
Telnet path:
Setup > Interfaces > Ethernet-ports
Possible values:
No
Yes
Default:
No
2.23.30.4 Allocation
Here you select how this interface is to be used.
5
The default value depends on the particular interface or the hardware model.
Telnet path:
Setup > Interfaces > Ethernet-ports
Possible values:
LAN-1 to LAN-n
The interface is allocated to a logical LAN.
DSL-1 to DSL-n
The interface is allocated to a DSL interface.
Idle
The interface is not allocated to any particular task, but it remains physically active.
791
Menu Reference
2 Setup
Monitor
The port is a monitor port, i.e. everything received at the other ports is output via this port. A packet
sniffer such as Ethereal can be connected to this port, for example.
Power down
The interface is deactivated.
2.23.30.5 MDI-Mode
This item is used to set the connection type of the switch port. The connection type is either selected automatically or it
can be fixed as a crossed (MDIX) or not crossed (MDI) connection.
Telnet path:
Setup > Interfaces > Ethernet-ports
Possible values:
Auto
MDI
MDIX
Default:
Auto
2.23.30.6 Clock role
An Ethernet port working in 1000BASE-Tx mode requires a continuous stream of data between both connected partners
in order to stay synchronized. The nature of this requires the two ends to have a synchronized clock to transmit data.
IEEE 802.3 introduced the concept xml:lang="en"of a master and a slave for this type of connection. The master provides
the clocking for data transmission in both directions while the slave synchronizes to this clock. The roles of clocking
master and slave are shared out in the automatic negotiation phase. This aspect can normally be ignored since automatic
negotiation mostly works very well. In some cases it may be necessary to influence master-slave negotiation.
Telnet path:
Setup > Interfaces > Ethernet-ports
Possible values:
Slave-Preferred
This is the recommended default setting for non-switch devices. During the negotiation phase, the port
will attempt to negotiate the slave role. It will accept the role of master if necessary.
Master-Preferred
During the negotiation phase, the port will attempt to negotiate the master role. It will accept the role
of slave if necessary.
Slave
The port is forced to negotiate the slave role. A connection will not be established if both connection
partners are forced to negotiate the slave role.
792
Menu Reference
2 Setup
Master
The port is forced to negotiate the master role. A connection will not be established if both connection
partners are forced to negotiate the master role.
Default:
Slave-Preferred
2.23.30.7 Downshift
With this setting you enable or disable automatic adjustment of the connection speed to the employed infrastructure
for the specified Ethernet port. By enabling downshift, you allow the device to operate an Ethernet link with a lower
transmission rate if the available speed is lower due to the cabling.
If, for example, two Gigabit-capable devices are connected with a cable which is not fully wired, both devices will initially
attempt to establish a Gigabit link. Since Gigabit Ethernet in contrast to Fast Ethernet (10 or 100 Mbit) requires all four
pairs of wires, the connection will fail. In this case, the downshift feature makes it possible to automatically fall back to
the maximum possible transmission rate of the cable.
You can check whether downshift is available for an Ethernet link in the status menu under Ethernet-Ports > Ports.
Telnet path:
Setup > Interfaces > Ethernet-ports
Possible values:
No
Yes
Default:
No
2.23.30.8 Power-saving
Using this setting you enable or disable the "Green Ethernet" enhancements according to IEEE 802.3az.
5
In order for your device to use the corresponding enhancements for Ethernet connections, the connected device
must also support IEEE 802.3az. You can check in the status menu under LAN > Interfaces > Power-saving
whether this is the case.
Telnet path:
Setup > Interfaces > Ethernet-ports
793
Menu Reference
2 Setup
Possible values:
No
Yes
Default:
No
2.23.30.9 Flow control
Using flow control, you can prevent the loss of data packets if a partner network cannot process incoming data packets,
for example due to a memory overflow. In this case, the receiver signals the sender to pause the data transmission for
a certain period of time.
Telnet path:
Setup > Interfaces > LAN-Interfaces
Possible values:
Auto
If auto-negotiation is enabled, the flow control is performed automatically according to the capabilities
of the partner (symmetric, asymmetric).
4
If auto-negotiation is disabled, no flow control takes place.
On
Enables symmetrical flow control when auto-negotiation is disabled.
Off
Disables the flow control when auto-negotiation is enabled.
2.23.40 Modem
More commands and options used for an optional external modem connected to the serial interface.
Telnet path:
Setup > Interfaces
2.23.40.1 Ring count
More commands and options used for an optional external modem connected to the serial interface.
Telnet path:
Setup > Interfaces > Modem
Possible values:
0 … 99
794
Menu Reference
2 Setup
Default:
1
2.23.40.2 Echo-off command
When the modem echo is enabled, the external modem sends back every character it receives. The modem echo must
be disabled in order for the external modem to function properly with the device described here. The device uses this
command to disable the modem echo.
Telnet path:
Setup > Interfaces > Modem
Possible values:
Max. 9 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
E0
2.23.40.3 Reset
The device uses this command to perform a hardware reset on the externally connected modem.
Telnet path:
Setup > Interfaces > Modem
Possible values:
Max. 9 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
&F
2.23.40.4 Init. command
The device uses this command to initialize the external modem.
The device sends this sequence to the external modem after this has had a hardware reset.
Telnet path:
Setup > Interfaces > Modem
Possible values:
Max. 63 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
L0X1M1S0=0
795
Menu Reference
2 Setup
2.23.40.5 Dial command
The device issues this command when the external modem is to dial a number. The device takes the telephone number
from the list of remote stations and appends it to the string specified here.
Telnet path:
Setup > Interfaces > Modem
Possible values:
Max. 31 characters from [A-Z][a-z][0-9]#@{|}~!$%&'()*+-,/:;<=>?[\]^_. `
Default:
DT
2.23.40.6 Request ID
The device uses this command to query the modem ID. The result is output in the modem status.
Telnet path:
Setup > Interfaces > Modem
Possible value