Micronet SP883 Broadband Bandwidth Controller Manual

Micronet SP883 Broadband Bandwidth Controller Manual
CE Mark Warning
This equipment complies with the requirements relating to
electromagnetic compatibility, EN55022 class A for ITE, the essential
protection requirement of Council Directive 89/336/EEC on the
approximation of the laws of the Member States relating to
electromagnetic compatibility.
FCC Certifications
This Equipment has been tested and found to comply with the limits for a Class A digital
device, pursuant to Part 15 of the FCC rules. These limits are designed to provide
reasonable protection against harmful interference in a residential installation. This
equipment generates, uses and can radiate radio frequency energy and, if not installed
and used in accordance with the instructions, may cause harmful interference to radio
communications. However, there is no guarantee that interference will not occur in a
particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the
user is encouraged to try to correct the interference by one or more of the following
measures:
- Reorient or relocate the receiving antenna.
- Increase the separation between the equipment and receiver.
- Connect the equipment into an outlet on a circuit different from that to which the
receiver is connected.
- Consult the dealer or an experienced radio/TV technician for help.
This device complies with Part 15 of the FCC Rules. Operation is subject to the
following two conditions: (1) this device may not cause harmful interference, and (2)
this device must accept any interference received; including interference that may
cause undesired operation.
User’s Manual
Broadband Bandwidth Controller
Model No:SP883
http://www.micronet.info
Company has an on-going policy of upgrading its products and it may be
possible that information in this document is not up-to-date. Please check with
your local distributors for the latest information. No part of this document can be
copied or reproduced in any form without written consent from the company.
Trademarks:
All trade names and trademarks are the properties of their respective companies.
Copyright © 2003, All Rights Reserved.
Document Version: 2.0
Contents
ACCOUNTING REPORT ......................................................105
STATISTICS.............................................................................116
CONTENTS OF PACKAGE ......................................................1
STATUS.....................................................................................120
BANDWIDTH CONTROLLER OVERVIEW .........................1
TROUBLE-SHOOTING.........................................................134
HARDWARE DESCRIPTION ...................................................3
SETUP EXAMPLES................................................................140
BANDWIDTH CONTROLLER SOFTWARE
(CONFIGURATION TOOL) DESCRIPTION .........................5
SYSTEM .......................................................................................9
INTERFACE ..............................................................................40
ADDRESS...................................................................................48
SCHEDULE ...............................................................................67
QOS .............................................................................................70
POLICY ......................................................................................72
CONTENT FILTERING...........................................................81
VIRTUAL SERVER ..................................................................85
LOG.............................................................................................94
ALARM ....................................................................................101
SPECIFICATIONS..................................................................143
Contents of Package
BANDWIDTH CONTROLLER installation
This product is a pure hardware Bandwidth Controller. Therefore
the installation is much easier than software one. First the user has
to prepare two network cables, and connect them to the LAN and
WAN connectors respectively. The LAN interface has to connect to
the office’s LAN network on the same HUB/Switch.
The WAN
interface has to connect with an WAN router, DSL modem, or Cable
modem.
BANDWIDTH CONTROLLER function setting
The Bandwidth Controller has a built in WebUI (Web User Interface).
All configurations and management are done through the WebUI
using an Internet web browser.
BANDWIDTH CONTROLLER monitoring function
The Bandwidth Controller provides monitoring functions, which
contains traffic log, event log, traffic alarm, event alarm, and traffic
BANDWIDTH CONTROLLER Overview
statistics.
The Bandwidth Controller provides five 10/100Mbit Ethernet network
Not only does the Bandwidth Controller log these attacks, it can be
interface ports, which are the Internal/LAN and External/WAN ports.
set up to send E-mail alerts to the Administrator automatically for
It also provides easily operated software WebUI that allows users to
immediate hacker’s invasion crisis management.
Traffic alarm records the packets of hacker invasions.
set system parameters or monitor network activities using a web
browser.
BANDWIDTH CONTROLLER supporting protocols
The Bandwidth Controller supports all the TCP, UDP and ICMP
BANDWIDTH CONTROLLER security feature
protocols, such as HTTP, TELNET, SMTP, POP3, FTP, DNS, PING,
Some functions that are available in this device are: Content Filter,
etc. System Administrators can set up proprietary protocols
Proxy Server, Hacker invasion alarm, Packet monitor log, Policy, etc.
according to operating requirements.
1
2
Hardware Description
Connecting Example:
External Port (WAN): Use this port to connect to the external router,
DSL modem, or Cable modem.
Internal Port (LAN): Use this port to connect to the internal network
of the office.
Reset: Reset the Bandwidth Controller to the original default
settings.
DC Power: Connect one end of the power supply to this port, the
other end to the electrical wall outlet.
Bandwidth Controller:
Internal Port = 192.168.1.1
External Port = x.x.x.x (provided by ISP)
Connection Type: 10/100 Mbps Cable Connection
All ports supports MDI/MDI-X auto crossover capability that is the
port can connect either the PC or hub without crossover cable
adjustment.
3
4
BANDWIDTH CONTROLLER Software
(configuration tool) description
Internal IP Address is 172.16.0.1) the Administrator must change
his/her PC IP address to be within the same range of the LAN subnet
(i.e. 192.168.0.0). Reboot the PC if necessary.
BANDWIDTH CONTROLLER configuration tool: Web
UI
By default, the Bandwidth Controller is shipped with its DHCP Server
function enabled.
This means the client computers on the LAN
The main menu functions are located on the left-hand side of the
network including the Administrator PC can set their TCP/IP settings to
screen, and the display window will be on the right-hand side. The
automatically obtain an IP address from the Bandwidth Controller.
main functions include items, which are:
System, Interface,
Address, Service, Schedule, QoS, Policy, Content Filter, Virtual
Server, Log, Alarm, Accounting Report, Statistics, and Status.
The following table is a list of private IP addresses. These addresses
may not be used as a WAN IP address.
10.0.0.0 ~ 10.255.255.255
172.16.0.0 ~ 172.31.255.255
192.168.0.0 ~ 192.168.255.255
Quick Setup
Web UI Configuration example
Once the Administrator PC has an IP address on the same network as
the Bandwidth Controller, open up an Internet web browser and type
Step 1:
in http://192.168.1.1 in the address bar.
Connect both the Administrator’s PC and the LAN port of the
Bandwidth Controller to a hub or switch. Make sure there is a link
A pop-up screen will appear and prompt for a username and password.
light on the hub/switch for both connections.
A username and password is required in order to connect the
The Bandwidth
Controller has an embedded web server used for management and
Bandwidth Controller.
configuration. Use a web browser to display the configurations of the
password of Administrator (see below).
Enter the default login username and
Bandwidth Controller (such as Internet Explorer 4(or above) or
Netscape 4.0(or above) with full java script support). The default IP
Username:
admin
Password:
admin
address of the Bandwidth Controller is 192.168.1.1 with a subnet
mask of 255.255.255.0. Therefore, the IP address of the Administrator
PC must be in the range between 192.168.1.2/24– 192.168.1.254/24.
If the company’s LAN IP Address is not subnet of 192.168.1.0, (i.e.
Step 2:
5
6
After entering the username and password, the Bandwidth Controller
Service - select “ANY”
WebUI screen will display. Select the Interface tab on the left menu
Action - select “Permit”
and enter proper Layer 3 network setup information. (For example)
LAN Interface
WAN Interface
IP Address
192.168.1.1
Netmask
255.255.255.0
IP address
211.22.93.2
Netmask
255.255.255.0
Default Gateway
211.22.93.1
Note: The above figures are only examples. Please fill in the
appropriate IP address information provided to you by the ISP.
Click on OK to apply the changes.
Make sure that all the computers that are connected to the LAN port
have their Default Gateway IP Address set to the Bandwidth
Controller’s LAN IP Address (i.e. 192.168.1.1). At this point, all the
Click on the Policy tab from the main function menu, and then click on
Outgoing from the sub-function list.
computers on the LAN network should gain access to Internet
immediately. If a firewall filter function is required, please refer to the
Policy section.
Click on New Entry button.
When the New Entry option appears, then enter the following
configuration:
Source Address – select “Inside_Any”
Destination Address – select “Outside_Any”
7
8
System
Admin: has control of user access to the system. He/she can
add/remove users and change passwords.
The Bandwidth Controller Administration and monitoring control is set
by the System Administrator. The System Administrator can add or
modify
system
settings
and
monitoring
mode.
The
sub
Administrators can only read system settings but not modify them. In
System, the System Administrator can:
(1) Add and change the sub Administrator’s names and passwords.
(2) Back up all Bandwidth Controller configuration into local files.
(3) Set up alerts for Hackers invasion.
Setting:
The Administrator may use this function to backup
Bandwidth Controller configurations and export (save) them to an
“Administrator” computer or anywhere on the network; or restore a
configuration file to the Bandwidth Controller; or restore the system
back to default factory settings. Under Setting, the Administrator may
enable e-mail alert notification.
This will alert Administrator(s)
automatically whenever the Bandwidth Controller has experienced
unauthorized access or a network hit (hacking or flooding).
Once
enabled, an IP address of a SMTP (Simple Mail Transfer protocol)
The thirteen sub functions under System are Admin, Setting,
Date/Time, Language, Permitted IPs, Multiple NAT, Hacker Alert,
Server is required. Up to two e-mail addresses can be entered for
the alert notifications.
Route Table, DHCP, DNS Proxy, DDNS, Logout and Software
Date/Time:
Update.
Enables the Bandwidth Controller to be synchronized
either with an Internet Server time or with the client computer’s clock.
Language: Bandwidth Controller provides Traditional Chinese
Version,Simplified Chinese Version and English version for you to
choose.
Permitted IPs: Enables the Administrator to authorize specific
LAN/WAN IP address for management.
Multiple NAT:
Allows local port to set multiple subnet works and
connect with the Internet through different WAN IP Addresses.
Hacker Alert: When abnormal conditions occur, the system will send
an e-mail alert to notify the Administrator, and also display warning
messages in the Event window of Alarm.
9
10
Route Table: Use this function to enable the Administrator to add
static routes for the networks when the dynamic route is not efficient
enough.
DHCP:
user admin cannot be removed.
Privilege: The privileges of Administrators (Admin or Sub Admin)
The username of the main Administrator is Administrator with
Administrator
can
configure
DHCP
(Dynamic
Host
DNS Proxy:
read/write privilege.
Sub Admins may be created by the Admin by clicking New Sub
Configuration Protocol) settings for the LAN network.
To make the Bandwidth Controller act as a DNS Server
for the LAN network.
Admin.
Sub Admins have read only privilege.
Configure: Click Modify to change the “Sub Administrator’s”
DDNS: The Dynamic DNS (require Dynamic DNS Service) allows
password and click Remove to delete a “Sub Administrator.”
you to alias a dynamic IP address to a static hostname, allowing your
device to be more easily accessed by specific name.
When this
function is enabled, the IP address in Dynamic DNS Server will be
automatically updated with the new IP address provided by ISP.
Logout:
Administrator logs out the Bandwidth Controller. This
function protects your system while you are away.
Software Update: Administrators may visit distributor’s web site to
download the latest firmware.
Administrators may update the
Bandwidth Controller firmware to maximize its performance and stay
current with the latest fixes for intruding attacks.
Adding a new Sub Administrator:
Step 1.
In the Admin window, click the New Sub Admin button to
create a new Sub Administrator.
Step 2. In the Add New Sub Administrator window:
•
Sub Admin Name: enter the username of new Sub
Admin.
On the left-hand menu, click on System, and then select Admin
•
Password: enter a password for the new Sub Admin.
below it. The current list of Administrator(s) shows up.
•
Confirm Password: enter the password again.
Admin
Settings of the Administration table:
Admin Name: The username of Administrators for the system. The
11
Step 3. Click OK to add the user or click Cancel to cancel the
addition. (Match whole word only)
12
Removing a Sub Administrator:
Step 1. In the Admin table, locate the Administrator name you want
to edit, and click on the Remove option in the Configure
field.
Step 2. The Remove confirmation pop-up box will appear.
Step 3. Click OK to remove that Sub Admin or click Cancel to
cancel.
Changing the Sub-Administrator’s Password:
Step 1. In the Admin window, locate the Administrator name you
want to edit, and click on Modify in the Configure field.
Step 2. The Modify Administrator Password window will appear.
Enter in the required information:
•
Password: Enter original password.
•
New Password: Enter new password.
•
Confirm Password: Enter the new password again.
Step 3. Click OK to confirm password change or click Cancel to
cancel it.
13
14
Settings
Importing Bandwidth Controller settings:
The Administrator may use this function to backup Bandwidth
Controller
configurations
and
export
(save)
them
to
Step 1.
an
Under Bandwidth Controller Configuration, click on the
Browse button next to Import System Settings.
When
“Administrator” computer or anywhere on the network; or restore a
the Choose File pop-up window appears, select the file to
configuration file to the device; or restore the Bandwidth Controller
which contains the saved Bandwidth Controller Settings,
back to default factory settings.
then click OK.
Step 2.
Click OK to import the file into the System or click Cancel
to cancel importing.
Entering the Settings window:
Click Setting in the Administrator menu to enter the Settings
window. The Bandwidth Controller Configuration settings will be
Restoring Factory Default Settings:
Step 1.
shown on the screen.
Select Reset Factory Settings under Bandwidth
Controller Configuration.
Step 2. Click OK at the bottom-right of the screen to restore the
Exporting Bandwidth Controller settings:
factory settings.
Step 1. Under Bandwidth Controller Configuration, click on the
Download button next to Export System Settings to Client.
Step 2. When the File Download pop-up window appears, choose
the destination place in which to save the exported file. The
Enabling E-mail Alert Notification:
Step 1.
Select Enable E-mail Alert Notification under E-Mail
Settings. This function will enable the Bandwidth Controller
Administrator may choose to rename the file if preferred.
to send e-mail alerts to the System Administrator when the
network is attacked by hackers or when emergency
conditions occur.
Step 2. SMTP Server IP: Enter SMTP server’s IP address.
Step 3.
E-Mail Address 1: Enter the first e-mail address to receive
the alarm notification.
Step 4.
E-Mail Address 2: Enter the second e-mail address to
receive the alarm notification. (Optional)
15
16
Step 5.
Click OK on the bottom-right of the screen to enable E-mail
alert notification.
To-Appliance Packets Log
Once this function is enabled, every packet to this appliance will be
recorded for system manager to trace.
System Reboot
Once this function is selected, the Bandwidth Controller will be
rebooting.
Web Management (WAN Interface)
The administrator can change the port number used by HTTP port
anytime. (Remote UI management) The number is the port number,
which you can access the Web Management Interface from WAN port.
Web Browsers use port 80 by default for connection. For security
reasons, you can change the port number or clear the check box to
disable it in Interface \ WAN Interface \ WEB UI
Date/Time
This option can synchronize the system clock of the appliance. This
MTU Setting
will allow the logs to be time stamped correctly according to the
The administrator can modify the networking packet length. PPPoE
computer clock time.
uses a Maximum Transmission Unit (MTU) setting of 1492 bytes,
while all client computers (Windows IE browsers) usually use the
default MTU of 1500 bytes. The existing Internet standards to address
this issue, however, some web sites do not conform to these
standards, which causes the access problem.
17
18
Follow these steps to sync to an Internet Time Server
Language
Step 1. Enable synchronization by checking the box.
The software provides Traditional Chinese Version , Simplified
Step 2. Click the down arrow to select the offset time from GMT.
Chinese Version and English version for you to choose.
Step 3. Enter the Server IP Address or Server name with which you
want to synchronize.
Step 4. Update system clock every
minutes; You can set the
interval time to synchronize with outside servers. If you set it
to 0, it means the device will not synchronize automatically.
Step 1. Select the language version you want(Traditional Chinese
Follow this step to sync to your computer’s clock.
Version,Simplified Chinese Version and English
version).
Step 1. Click on the Sync button.
Step 2. Click OK to change the language version or click Cancel to
Step 2.
Click the OK button below to apply the setting or click
discard changes.
Cancel to discard changes.
19
20
Multiple NAT
Permitted IPs
Only the authorized IP address is permitted to manage the Bandwidth
Controller.
Multiple NAT allows local port to set multiple sub networks and
connect with the Internet through different WAN IP Addresses.
For instance: The lease line of a company applies several real IP
Addresses 168.85.88.0/24,and the company is divided into R&D
department, service, sales department, procurement department,
accounting department, the company can distinguish each department
Step 1. Click New Entry button.
by different sub networks for the purpose of convenient management.
Step 2. In IP Address field, enter the LAN IP address or WAN IP
The settings are as the following:
address.
Netmask: This is the netmask of the LAN network. The default
1. R&D department sub network:
192.168.1.11/24(LAN) ÅÆ 168.85.88.253(WAN)
netmask of the Bandwidth Controller is 255.255.255.0.
2. Service department sub network:
192.168.2.11/24(LAN) ÅÆ 168.85.88.252(WAN)
Ping: Select this to allow the LAN network to ping the IP Address
3. Sales department sub network:
192.168.3.11/24(LAN) ÅÆ 168.85.88.251(WAN)
of the Bandwidth Controller.
If set to enable, the Bandwidth
Controller will respond to ping packets from the LAN network.
Web UI: Select this to allow the Bandwidth Controller WebUI to
be accessed from the LAN network.
Step 3. Click OK to add Permitted IPs or click Cancel to discard
changes.
4. Procurement department sub network:
192.168.4.11/24(LAN) ÅÆ 168.85.88.250(WAN)
5. Accounting department sub network:
192.168.5.11/24(LAN) ÅÆ 168.85.88.249(WAN)
The first department(R&D department) was set while setting interface
IP, the other four ones have to be added in Multiple NAT; after
completing the settings, each department use the different WAN IP
Address to connect to the internet. The settings of each department
are as the following
Service IP Address: 192.168.2.1
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.2.11
21
22
The other departments are also set by groups; this is the function of
Modify Multiple NAT
Multiple NAT.
Step 1. Click Multiple NAT in the System menu to enter Multiple
NAT window.
Step 2. Find the IP Address you want to modify and click Modify.
Step 3. Enter the new IP Address in Modify Multiple NAT IP
window.
Add Multiple NAT
Step 4. Click the OK button below to change the setting or click
Step 1. Click Multiple NAT in the System menu to enter Multiple
Cancel to discard changes.
NAT window.
Step 2. Click the New Entry button below to add Multiple NAT.
Step 3. Enter the IP Address in the website name column of the new
Remove Multiple NAT
Step 1. Click Multiple NAT in the System menu to enter Multiple
NAT window.
window.
Step 2. Find the IP Address you want to delete and click Remove.
•
External Interface IP: WAN IP address (public IP).
Step 3. A confirmation pop-up box will appear, click OK to delete the
•
Alias IP of internal Interface: LAN IP address (private IP).
•
Netmask: Netmask of your network.
setting or click Cancel to discard changes.
Step 4. Click OK to add Multiple NAT or click Cancel to discard
changes.
23
24
„ Detect ICMP Flood: Select this option to detect ICMP flood
Hacker Alert
The Administrator can enable the Bandwidth Controller’s auto detect
functions in this section. When abnormal conditions occur, the system
will send an e-mail alert to notify the Administrator, and also display
attacks. When hackers continuously send PING packets to all the
machines of the LAN networks or to the system, your network is
experiencing an ICMP flood attack. This can cause traffic congestion
on the network and slows the network down.
warning messages in the Event window of Alarm.
After enabling this
function, the System Administrator can enter the number of ICMP
packets per second that is allowed to enter the network. Once the
ICMP packets exceed this limit, the activity will be logged in Alarm
and an email alert is sent to the Administrator. The default ICMP
flood threshold is set to 1000 Pkts/Sec.
„ Detect UDP Flood: Select this option to detect UDP flood attacks.
A UDP flood attack is similar to an ICMP flood attack. After enabling
this function, the System Administrator can enter the number of UDP
packets per second that is allow to enter the network. Once the UDP
packets exceed this limit, the activity will be logged in Alarm and an
„ Detect SYN Attack: Select this option to detect TCP SYN attacks
email alert is sent to the Administrator.
that hackers send to server computers continuously to block or cut
threshold is set to 1000 Pkts/Sec.
The default UDP flood
down all the connections of the servers. These attacks will prevent
valid users from connecting to the servers.
After enabling this
function, the System Administrator can enter the number of SYN
packets per second that is allow to enter the network/system. Once
the SYN packets exceed this limit, the activity will be logged in Alarm
and an email alert is sent to the Administrator. The default SYN flood
„ Detect Ping of Death Attack: Select this option to detect the
attacks of tremendous trash data in PING packets that hackers send
to cause System malfunction. This attack can cause network speed
to slow down, or even make it necessary to restart the computer to get
a normal operation.
threshold is set to 200 Pkts/Sec.
25
26
„ Detect Tear Drop Attack: Select this option to detect tear drop
the same source port and destination port, and when SYN on the TCP
attacks. These are packets that are segmented to small packets with
header is marked.
negative length. Some Systems treat the negative value as a very
packets.
Enable this function to detect such abnormal
large number, and copy enormous data into the System to cause
System damage, such as a shut down or a restart.
„ Default Packet Deny: Denies all packets from passing the
Bandwidth Controller. A packet can pass only when there is a policy
„ Detect IP Spoofing Attack: Select this option to detect spoof
attacks.
that allows it to pass.
Hackers disguise themselves as trusted users of the
network in Spoof attacks. They use a fake identity to try to pass
through the System and invade the network.
Note: After enabling the needed detect functions, click OK to
activate the changes.
„ Filter IP Source Route Option: Each IP packet can carry an
optional field that specifies the replying address that can be different
from the source address specified in packet’s header. Hackers can
use this address field on disguised packets to invade LAN networks
and send LAN networks’ data back to them.
„ Detect Port Scan Attack: Select this option to detect the port
scans hackers use to continuously scan networks on the Internet to
detect computers and vulnerable ports that are opened by those
computers.
„ Detect Land Attack: Some Systems may shut down when
receiving packets with the same source and destination addresses,
27
28
Route Table
Step 3.
In the Interface field’s pull-down menu, choose the network
to connect.
In this section, the Administrator can add static routes for the
Step 4.
networks.
Click OK to add the new static route or click Cancel to
cancel.
Entering the Route Table screen:
Click System on the left-hand side menu bar, and then click Route
Table below it. The Route Table window appears, in which current
route settings are shown.
Modifying a Static Route:
Step 1.
Route Table functions:
In the Route Table menu, find the route to edit and click the
corresponding Modify option in the Configure field.
•
Interface: Destination network, LAN or WAN networks.
•
Destination IP: IP address of destination network.
•
Netmask: Netmask of destination network.
•
Gateway:
network.
•
Configure: Change settings in the route table.
Step 2.
In the Modify Static Route window, modify the necessary
routing addresses.
Step 3.
Click OK to apply changes or click Cancel to cancel it.
Gateway IP address for connecting to destination
Removing a Static Route:
Step 1.
In the Route Table window, find the route to remove and
click the corresponding Remove option in the Configure
field.
Adding a new Static Route:
Step 1.
In the Route Table window, click the New Entry button.
Step 2.
In the Remove confirmation pop-up box, click OK to confirm
removing or click Cancel to cancel it.
Step 2.
In the Add New Static Route window, enter new static
route information.
29
30
DHCP
Enabling DHCP Support:
In the section, the Administrator can configure DHCP (Dynamic Host
Step 1.
Configuration Protocol) settings for the LAN network.
In the Dynamic IP Address window, click Enable DHCP
Support.
Domain Name: The Administrator may enter the name of the
Entering the DHCP window:
LAN network domain if preferred.
Click System on the left-hand side menu bar, and then click DHCP
below it. The DHCP window appears in which current DHCP settings
Domain Name Server: Enter in the IP address of the DNS
Server to be assigned to the LAN network.
are shown on the screen.
Client IP Address Range 1: Enter the starting and the ending IP
address dynamically assigning to DHCP clients.
Client IP Address Range 2: Enter the starting and the ending IP
address dynamically assigning to DHCP clients. (Optional)
Step 2.
Click OK to enable DHCP support.
Dynamic IP Address functions:
•
Subnet: LAN network’s subnet.
•
NetMask: LAN network’s netmask.
•
Gateway: LAN network’s gateway IP address.
•
Broadcast: LAN network’s broadcast IP address.
31
32
DNS-Proxy
Entering the DNS Proxy window:
Click on System in the menu bar, and then click on DNS Proxy below
it. The DNS Proxy window will appear.
The Bandwidth Controller’s Administrator may use the DNS Proxy
function to make the Bandwidth Controller act as a DNS Server for the
LAN network. All DNS requests to a specific Domain Name will be
routed to the Bandwidth Controller’s IP address. For example, let’s
say an organization has their mail server (i.e., mail.dfl300.com) in the
LAN network (i.e. 192.168.10.10). The outside Internet world may
access the mail server of the organization easily by its domain name,
Below is the information needed for setting up the DNS Proxy:
providing that the Administrator has set up Virtual Server or Mapped IP
•
Domain Name: The domain name of the server.
settings correctly. However, for the users in the LAN network, their
•
Virtual IP Address: The virtual IP address respective to DNS
WAN DNS server will assign them a public IP address for the mail
server. So for the LAN network to access the mail server
Proxy.
•
Configure: Modify or remove each DNS Proxy policy.
(mail.dfl300.com), they would have to go out to the Internet, then come
back through the Bandwidth Controller to access the mail server.
Essentially, the LAN network is accessing the mail server by a real
Adding a new DNS Proxy:
public IP address, while the mail server serves their request by a NAT
Step 1:
address and not a real one. This odd situation occurs when there are
servers in the LAN network and they are bound to real IP addresses.
Proxy window will appear.
Step 2:
To avoid this, set up DNS Proxy so all the LAN network computers will
use the Bandwidth Controller as a DNS server, which acts as the DNS
Click on the New Entry button and the Add New DNS
Fill in the appropriate settings for the domain name and
virtual IP address.
Step 3:
Click OK to save the policy or Cancel to cancel.
Proxy.
Note: If you want to use the DNS Proxy function of the Bandwidth
Controller, the end user’s main DNS server IP address should
be the same IP Address as the Bandwidth Controller.
33
34
Dynamic DNS (DDNS)
Modifying a DNS Proxy:
Step 1:
In the DNS Proxy window, find the domain name to be
modified and click the corresponding Modify option in the
The Dynamic DNS (require Dynamic DNS Service) allows you to
Configure field.
alias a dynamic IP address to a static hostname, allowing your
Step 2:
Make the necessary changes needed.
Step 3:
Click OK to save changes or click on Cancel to cancel
device to be more easily accessed by specific name. When this
function is enabled, the IP address in Dynamic DNS Server will
modifications.
be automatically updated with the new IP address provided by
ISP.
Removing a DNS Proxy:
Click Dynamic DNS in the System menu to enter Dynamic DNS
Step 1:
window.
In the DNS Proxy window, find the domain name to be
removed and click the corresponding Remove option in the
Configure field.
Step 2:
A confirmation pop-up box will appear, click OK to remove
the DNS Proxy or click Cancel.
The nouns in Dynamic DNS window:
•
! (Update Status):
Update fail;
【
Connecting;
Update succeed;
Unidentified error】.
•
Domain name:
•
External IP Address:
•
Modify: Modify dynamic DNS settings. Click Modify to
Enter the password provided by ISP.
IP Address of the WAN port.
change the DNS parameters; click Delete to delete the
settings.
35
36
Dynamic DNS settings
Modify dynamic DNS
Step 1: Click DDNS in the System menu to enter DDNS
Step 1: Click Dynamic DNS in the System menu to enter DDNS
window.
window.
Step 2: Click New Entry button.
Step 3: Click the information in the column of the new window.
•
•
•
•
•
•
•
Service providers: Select service providers.
Sign up: To the service providers’ website for
registration.
External IP: IP Address of the WAN port.
Automatically: Check to automatically fill in the
external IP.
User Name: Enter the registered user name.
Password: Enter the password provided by ISP (Internet
Service Provider).
Domain name: Your host domain name provided by ISP.
Step 4: Click OK to add dynamic DNS or click Cancel to discard
changes.
Step 2: Find the domain name you want to change and click Modify.
Step 3: Enter the new information in the Modify Dynamic DNS
window.
Step 4: Click OK to change the settings or click Cancel to discard
changes.
Delete Dynamic DNS
Step 1: Click Dynamic DNS in the System menu to enter DDNS
window.
Step 2: Find the domain name you want to change and click Delete.
Step 3: A confirmation pop-up box will appear, click OK to delete the
settings or click Cancel to discard changes.
Logout the system
Select this option to the Bandwidth Controller’s Logout; this function
protects your system while you are away.
37
38
Interface
Software Update
Under Software Update, the admin may update the Bandwidth
In this section, the Administrator can set up the IP addresses for the
Controller’s software with newer software.
office network. The Administrator may configure the IP addresses of
Step 1. Click Software Update tab.
the LAN network and the WAN network. The netmask and gateway
Step 2. Click Browse button and specify the file path on local host.
Step 3. Click OK button.
IP addresses are also configured in this section.
Entering the Interface menu:
Click on Interface in the left menu bar. The current settings of the
interface addresses will appear on the screen.
Configuring the Interface Settings:
LAN Interface
Using the LAN Interface, the Administrator sets up the LAN network.
39
40
The LAN network will use a private IP scheme.
The private IP
Ping: Select this to allow the LAN network to ping the IP Address of
the Bandwidth Controller. If set to enable, the Bandwidth Controller will
network will not be routable on the Internet.
respond to ping packets from the LAN network.
Web UI: Select this to allow the Bandwidth Controller WebUI to be
accessed from the LAN network.
WAN Interface
Using the WAN Interface, the Administrator sets up the WAN network.
These IP Addresses are real public IP Addresses, and are routable on
the Internet.
IP Address: The private IP address of the system’s LAN network is
the IP address of the LAN port of the Bandwidth Controller.
PPPoE (ADSL User):
The
This option is for PPPoE users who are required to enter a username
default IP address is 192.168.1.1.
and password in order to connect, such as ADSL users.
Note:
The IP Address of LAN Interface is a private IP address
only.
If the new LAN IP Address is not 192.168.1.1, the Administrator
needs to set the IP Address on the computer to be on the same
subnet as the Bandwidth Controller and restart it to make the new IP
address effective. For example, if the Bandwidth Controller’s new LAN
IP Address is 172.16.0.1, then enter the new LAN IP Address
172.16.0.1 in the URL field of browser to connect to the Bandwidth
Controller.
Netmask: This is the netmask of the internal network. The default
netmask of the Bandwidth Controller is 255.255.255.0.
41
42
provided. (Maximum bandwidth for Upload/Download Bandwidth
is 10Mbps)
Service-On-Demand:
Auto Disconnect: The PPPoE connection will automatically
disconnect after a length of idle time (no activities). Enter in the
amount of idle minutes before disconnection. Enter ‘0’ if you do
not want the PPPoE connection to disconnect at all.
Ping:
Select this to allow the WAN network to ping the IP
Address of the system. This will allow people from the Internet
to be able to ping the system. If set to enable, the Bandwidth
Controller will respond to echo request packets from the WAN
network.
Current Status: Displays the current line status of the PPPoE
Web UI: Select this to allow the Bandwidth Controller Web UI
connection.
to be accessed from the WAN network.
IP Address: Displays the IP Address of the PPPoE connection.
This will allow the
WebUI to be configured from a user on the Internet. Keep in
mind that the Bandwidth Controller always requires a username
Username: Enter the PPPoE username provided by the ISP.
and password to enter the WebUI.
Password: Enter the PPPoE password provided by the ISP.
Dynamic IP Address (Cable Modem User):
IP Address provided by ISP:
Dynamic: Select this if the IP address is automatically assigned
This option is for users who are automatically assigned an IP address
by the ISP.
by their ISP, such as cable modem users. The following fields apply:
Fixed: Select this if you were given a static IP address. Enter the
IP address that is given to you by your ISP.
Upload/Download
Bandwidth:
43
The
bandwidth
your
ISP
44
UI to be configured from a user on the Internet. Keep in mind
that the Bandwidth Controller always requires a username and
password to enter the Web UI.
Static IP Address:
This option is for users who are assigned a static IP Address from their
ISP. Your ISP will provide all the information needed for this section
such as IP Address, Netmask, Gateway, and DNS. Use this option
also if you have more than one public IP Address assigned to you.
IP Address: The dynamic IP address obtained by the system
from the ISP will be displayed here. This is the IP address of
the WAN port of the Bandwidth Controller.
MAC Address: This is the MAC Address of the Bandwidth
Controller.
Hostname: This will be the name assign to the Bandwidth
Controller. Some cable modem ISP assign a specific hostname
in order to connect to their network. Please enter the hostname
here. If not required by your ISP, you do not have to enter a
hostname.
Select this to allow the WAN network to ping the IP
IP Address: Enter the static IP address assigned to you by
Address of the system. This will allow people from the Internet
your ISP. This will be the public IP address of the WAN port
to be able to ping the system. If set to enable, the Bandwidth
of the Bandwidth Controller.
Ping:
Controller will respond to echo request packets from the WAN
Netmask: This will be the Netmask of the WAN network. (I.e.
network.
255.255.255.0)
Web UI: Select this to allow the Bandwidth Controller Web UI
Default Gateway: This will be the Gateway IP address.
to be accessed from the WAN network. This will allow the Web
DNS Server1/2: This is the IP Address of the DNS server.
45
46
Ping: Select this to allow the WAN network to ping the IP
Address of the system.
Address
This will allow people from the
Internet to be able to ping the system. If set to enable, the
The Bandwidth Controller allows the Administrator to set Interface
Bandwidth Controller will respond to echo request packets
addresses of the LAN network, LAN network group, WAN network and
from the WAN network.
WAN network group.
WebUI: Select this to allow the Bandwidth Controller WebUI
to be accessed from the WAN network. This will allow the
WebUI to be configured from a user on the Internet. Keep in
mind that the Bandwidth Controller always requires a
username and password to enter the WebUI.
What is the Address Table?
An IP address in the Address Table can be an address of a computer
or a sub network. The Administrator can assign an easily recognized
name to an IP address. Based on the network it belongs to, an IP
address can be an internal IP address or external IP address. If the
Administrator needs to create a control policy for packets of different
IP addresses, he can first add a new group in the LAN Group or the
WAN Group and assign those IP addresses into the newly created
group. Using group addresses can greatly simplify the process of
building control policies.
With easily recognized names of IP addresses and names of address
groups shown in the address table, the Administrator can use these
names as the source address or destination address of control
policies. The address table should be built before creating control
policies, so that the Administrator can pick the names of correct IP
addresses from the address table when setting up control policies.
47
48
Configure field. The Modify Address window appears on
LAN
the screen immediately.
Entering the LAN window:
Step 1.
Step 2.
In the Modify Address window, fill in the new addresses.
Step 3.
Click OK to save changes or click Cancel to discard
changes.
Click LAN under the Address menu to enter the LAN
window. The current setting information such as the name
Removing a LAN Address:
of the LAN network, IP and Netmask addresses will show
Step 1.
on the screen.
In the LAN window, locate the name of the network to be
removed. Click the Remove option in its corresponding
Configure field.
Step 2.
In the Remove confirmation pop-up box, click OK to remove
the address or click Cancel to discard changes.
Adding a new LAN Address:
Step 1.
Step 2.
In the LAN window, click the New Entry button.
In the Add New Address window, enter the settings of a
new LAN network address.
Step 3.
Click OK to add the specified internal network or click
Cancel to cancel the changes.
Modifying a LAN Address:
Step 1.
In the LAN window, locate the name of the network to be
modified. Click the Modify option in its corresponding
49
50
LAN Group
Step 4.
Remove members: Select names to be removed in the
Selected Address list, and click the <<Remove button to
Entering the LAN Group window:
The LAN Addresses may be combined together to become a group.
remove these members from Selected Address list.
Step 5. Click OK to add the new group or click Cancel to discard
Click LAN Group under the Address menu to enter the LAN Group
changes.
window. The current setting information for the internal network group
appears on the screen.
Adding a LAN Group:
Step 1.
In the LAN Group window, click the New Entry button to
enter the Add New Address Group window.
Step 2. In the Add New Address Group window:
•
Available Address: list the names of all the members of
Modifying a LAN Group:
Step 1.
In the LAN Group window, locate the network group
desired to be modified and click its corresponding Modify
option in the Configure field.
Step 2.
A window displaying the information of the selected group
appears:
the LAN network.
•
Selected Address: list the names to be assigned to the
new group.
•
Name: enter the name of the new group in the open
•
field.
Step 3.
•
Add members: Select names to be added in Available
Address list, and click the Add>> button to add them to the
Selected Address list.
51
Step 3.
Available Address: List names of all members of the
LAN network.
Selected Address: List names of members, which
have been assigned to this group.
Add members: Select names in Available Address list,
and click the Add>> button to add them to the Selected
Address list.
52
Step 4.
Remove members: Select names in the Selected Address
list, and click the <<Remove button to remove these
members from the Selected Address list.
WAN
Step 5.
Click OK to save changes or click Cancel to discard
changes.
Entering the WAN window:
Click WAN under the Address menu to enter the WAN window. The
current setting information, such as the name of the WAN network, IP
Removing a LAN Group:
Step 1.
In the LAN Group window, locate the group to be removed
and Netmask addresses will show on the screen.
and click its corresponding Remove option in the Configure
field.
Step 2.
In the Remove confirmation pop-up box, click OK to remove
the group or click Cancel to discard changes.
Adding a new WAN Address:
Step 1.
In the WAN window, click the New Entry button.
Step 2.
In the Add New Address window, enter the settings for a
new external network address.
Step 3.
Click OK to add the specified external network or click
Cancel to discard changes.
53
54
WAN Group
Modifying a WAN Address:
Step 1.
In the WAN table, locate the name of the network to be
modified and click the Modify option in its corresponding
Step 2.
Entering the WAN Group window:
Configure field.
Click the WAN Group under the Address menu bar to enter the WAN
The Modify Address window will appear on the screen
window.
immediately. In the Modify Address window, fill in new
appear on the screen.
The current settings for the WAN network group(s) will
addresses.
Step 3.
Click OK to save changes or click Cancel to discard
changes.
Removing a WAN Address:
Step 1.
In the WAN table, locate the name of the network to be
removed and click the Remove option in its corresponding
Configure field.
Step 2.
Adding a WAN Group:
In the Remove confirmation pop-up box, click OK to
remove the address or click Cancel to discard changes.
Step 1.
In the WAN Group window, click the New Entry button and
the Add New Address Group window will appear.
Step 2.
In the Add New Address Group window the following fields
will appear:
•
Name: Enter the name of the new group.
•
Available Address: List the names of all the members
of the WAN network.
•
Selected Address: List the names to assign to the
new group.
55
56
Step 3.
•
Select the names to be added in the Available Address
Selected Address list.
Step 4.
Step 3. Select the names to be added in the Available Address list,
Or select the names to be removed in the Selected
and click the Add>> button to add them to the Selected
Address list, and click the <<Remove button to remove
Address list.
them from the Selected Address list.
Step 5.
Selected Address: list the names of the members
that have been assigned to this group.
list, and click the Add>> button to add them to the
Step 4.
Or select the names to be removed in the Selected
Click OK to add the new group or click Cancel to discard
Address list, and click the <<Remove button to remove
changes.
them from the Selected Address list.
Step 5. Click OK to save changes or click Cancel to discard
changes.
Removing a WAN Group:
Step 1.
In the WAN Group window, locate the group to be removed
and click its corresponding Modify option in the Configure
field.
Step 2.
remove the group or click Cancel to discard changes.
Modifying a WAN Group:
Step 1.
In the Remove confirmation pop-up box, click OK to
In the WAN Group window, locate the network group to be
modified and click its corresponding Modify button in the
Configure field.
Step 2.
A window displaying the information of the selected group
appears:
•
Available Address: list the names of all the members
of the WAN network.
57
58
Service
different computers that want to access 5 different services on a
server, such as HTTP, FTP, SMTP, POP3, and TELNET. Without the
In this section, network services are defined and new network
help of service groups, the Administrator needs to set up 50 (10x5)
services can be added. There are three sub menus under Service,
control policies; but by applying all 5 services to a single group name
which are: Pre-defined, Custom, and Group. The Administrator
in the service field, it takes only one control policy to achieve the
can simply follow the instructions below to define the protocols and
same effect as the 50 control policies.
port numbers for network communication applications. Users then
can connect to servers and other computers through these available
Pre-defined
network services.
Entering a Pre-defined window:
What is Service?
Click Service on the menu bar on the left side of the window. Click
TCP and UDP protocols support varieties of services, and each
Pre-defined under it. A window will appear with a list of services and
service consists of a TCP Port or UDP port number, such as TELNET
their associated port numbers. This list cannot be modified.
(23), SMTP (21), POP3 (110), etc. The Bandwidth Controller defines
two services: pre-defined service and custom service.
The
common-use services like TCP and UDP are defined in the
pre-defined service and cannot be modified or removed.
In the
custom menu, users can define other TCP port and UDP port
numbers that are not in the pre-defined menu according to their
needs. When defining custom services, the client port ranges from
1024 to 65535 and the server port ranges from 0 to 1023.
How do I use Service?
The Administrator can add new service group names in the Group
option under Service menu, and assign desired services into that
new group. Using service group the Administrator can simplify the
processes of setting up control policies. For example, there are 10
59
60
•
Custom
Protocol:
Enter the network protocol type to be used,
such as TCP, UDP, or Other (please enter the number for
the protocol type).
Entering the Custom window:
Click Service on the menu bar on the left side of the window. Click
Custom under it.
A window will appear with a table showing all
services currently defined by the Administrator.
Adding a new Service:
Step 1 In the Custom window, click the New Entry button and a
new service table appears.
•
Client Port:
Enter the range of port number of new
clients.
•
Server Port:
Enter the range of port number of new
servers.
Note: The client port ranges from 1024 to 65535 and the server port
ranges from 0 to 1023.
Step 3 Click OK to add new services, or click Cancel to discard
changes.
Modifying Custom Services:
Step 1. In the Custom table, locate the name of the service to be
modified.
Click its corresponding Modify option in the
Configure field.
Step 2.
A table showing the current settings of the selected service
appears on the screen.
Step 3.
Step 4.
Service Name:
Click OK to accept editing; or click Cancel to discard
changes.
Step 2 In the new service table:
•
Enter the new values.
This will be the name referencing the
new service.
61
62
Removing Custom Services:
Step 1.
Group
In the Custom window, locate the service to be removed.
Click its corresponding Remove option in the Configure
Accessing the Group window:
Click Service in the menu bar on the left-hand side of the window.
field.
Click Group under it. A window will appear with a table displaying
Step 2.
In the Remove confirmation pop-up box, click OK to remove
current service group settings set by the Administrator.
the selected service or click Cancel to discard changes.
Adding Service Groups:
Step 1. In the Group window, click the New Entry button. In the
Add Service Group window, the following fields will appear:
•
Available Services: List all the available services.
•
Selected Services: List services to be assigned to the
new group.
Step 2. Enter the new group name in the group Name field. This
will be the name referencing the created group.
Step 4.
To add new services: Select the services desired to be
added in the Available Services List and then click the
Add>> button to add them to the group.
Step 5.
To remove services: Select services desired to be
removed in the Available Services, and then click the
<<Remove button to remove them from the group.
Step 6. Click OK to add the new group.
63
64
Removing Service Groups:
Step 1. In the Group window, locate the service group to be
removed and click its corresponding Remove option in the
Configure field.
Step 2. In the Remove confirmation pop-up box, click OK to remove
the selected service group or click Cancel to discard
changes.
Modifying Service Groups:
Step 1. In the Group window, locate the service group to be edited.
Click its corresponding Modify option in the Configure field.
Step 2.
In the Modify Service group window the following fields
are displayed:
•
•
Available Services: Lists all the available services.
Selected Services: List services that have been assigned
to the selected group.
Step 3.
Select services in the Available Services list, and then click
the Add>> button to add them to the group.
Step 4.
Or select services to be removed in the Selected Services
list, and then click the <<Remove button to remove theses
services from the group.
Step 5.
Click OK to save editing changes.
65
66
Schedule
Period: Configure the start and stop time for the days of
the week that the schedule will be active.
The Bandwidth Controller allows the Administrator to configure a
schedule for policies to take affect. By creating a schedule, the
Step 3: Click OK to save the new schedule or click Cancel to cancel
adding the new schedule.
Administrator is allowing the Bandwidth Controller policies to be used
at those designated times only. Any activities outside of the
scheduled time slot will not follow the Bandwidth Controller policies
therefore will likely not be permitted to pass through the Bandwidth
Controller. The Administrator can configure the start time and stop
time, as well as creating 2 different time periods in a day. For
example, an organization may only want the Bandwidth Controller to
allow the LAN network users to access the Internet during work hours.
Therefore, the Administrator may create a schedule to allow the
Bandwidth Controller to work Monday - Friday, 8AM - 5PM only.
During the non-work hours, the Bandwidth Controller will not allow
Internet access.
Modifying a Schedule:
Step 1: In the Schedule window, find the policy to be modified and
click the corresponding Modify option in the Configure
field.
Step 2: Make needed changes.
Adding a new Schedule:
Step 3: Click OK to save the new schedule or click Cancel to cancel
Step 1: Click on the New Entry button and the Add New Schedule
adding the new schedule.
window will appear.
Step 2: Schedule Name: Fill in a name for the new schedule.
67
68
Removing a Schedule:
QoS
Step 1: In the Schedule window, find the policy to be removed and
By configuring the QoS, you can control the outbound
click the corresponding Remove option in the Configure
Upstream/downstream Bandwidth. The administrator can configure
field.
the bandwidth according to the WAN bandwidth. The Bandwidth
Step 2: A confirmation pop-up box will appear, click on OK to
Controller configures the bandwidth by different QoS, and selects the
suitable QoS through Policy to control and efficiently distribute
remove the schedule.
bandwidth. The Bandwidth Controller also makes it convenient for
the administrator to use the Bandwidth Controller with the best Utility.
Add New QoS
Step 1.
Step 2.
Click QoS tab in the menu bar on the left-hand side.
Click New Entry button to add new QoS.
Name: The name of the QoS you want to configure.
Downstream Bandwidth: To configure the Guaranteed
Bandwidth and Maximum Bandwidth.
Upstream Bandwidth: To configure the Guaranteed
Bandwidth and Maximum Bandwidth.
QoS Priority: To configure the priority of distributing
Upstream/ Downstream and unused bandwidth.
Step 3.
Click OK to save the new schedule or click Cancel to
cancel adding the new schedule.
69
70
Policy
This section provides the Administrator with facilities to sent control
policies for packets with different source IP addresses, source ports,
destination IP addresses, and destination ports.
Control policies
decide whether packets from different network objects, network
services, and applications are able to pass through the Bandwidth
Controller.
Modify QoS
Step 1.
Click QoS in the menu bar on the left-hand side.
Step 2.
Find the name of QoS to be modified and click the
corresponding Modify option in the Configure field.
Step 3.
Click OK to save the new schedule or click Cancel to
cancel adding the new schedule.
Delete QoS
Step 1.
In the QoS window, find the QoS you want to change, and
click Remove in the Configure column.
Step 2.
A confirmation pop-up box will appear, click on OK to
What is Policy?
The Bandwidth Controller uses policies to filter packets. The policy
remove the QoS.
settings
are:
source
address,
destination
address,
services,
permission, packet log, packet statistics, and flow alarm. Based on its
source addresses, a packet can be categorized into:
(1) Outgoing: A client is in the LAN networks while a server is in the
WAN networks.
(2) Incoming: A client is in the WAN networks, while a server is in the
LAN networks.
71
72
How do I use Policy?
the WAN network addresses.
The policy settings are source addresses, destination addresses,
•
services, permission, log, statistics, and flow alarm. Among them,
source addresses, destination addresses and IP mapping addresses
have to be defined in the Address menu in advance. Services can
servers.
•
Bandwidth Controller.
Service menu. Custom services need to be defined in the Custom
If the
Action: Control actions to permit or reject/deny packets
from LAN networks to WAN network travelling through the
be used directly in setting up policies, if they are in the Pre-defined
menu before they can be used in the policy settings.
Service: Specify services provided by WAN network
•
Option: Specify the monitoring functions on packets from
destination address of an incoming policy is a Mapped IP address or a
LAN networks to WAN networks travelling through the
Virtual Server address, then the address has to be defined in the
Bandwidth Controller.
Virtual Server section instead of the Address section.
Outgoing
This section describes steps to create policies for packets and
•
Configure: Modify settings.
•
Move: This sets the priority of the policies, number 1 being
the highest priority.
services from the LAN network to the WAN network.
Entering the Outgoing window:
Adding a new Outgoing Policy:
Click Policy on the left-hand side menu bar, and then click Outgoing
under it. A window will appear with a table displaying currently
defined Outgoing policies.
The fields in the Outgoing window are:
•
Source: Source network addresses that are specified in
the LAN section of Address menu, or all the LAN network
addresses.
•
Destination: Destination network addresses that are
specified in the WAN section of the Address menu, or all
73
74
Step 1: Click on the New Entry button and the Add New Policy
Alarm
window will appear.
Threshold:
Set
a
maximum
flow
rate
(in
Kbytes/Sec). An alarm will be sent if flow rates are higher
than the specified value.
Step 2: Source Address: Select the name of the LAN network from
the drop down list. The drop down list contains the names
Step 3:
Click OK to add a new outgoing policy; or click Cancel to
cancel adding a new outgoing policy.
of all LAN networks defined in the LAN section of the
Address menu. To create a new source address, please
go to the LAN section under the Address menu.
Modifying an Outgoing policy:
Destination Address: Select the name of the WAN
Step 1: In the Outgoing policy section, locate the name of the policy
network from the drop down list. The drop down list
desired to be modified, and then click its corresponding
contains the names of all WAN networks defined in the
Modify option under the Configure field.
WAN section of the Address window. To create a new
Step 2: In the Modify Policy window, fill in new settings.
destination address, please go to the WAN section under
Step 3:
the Address menu.
Click OK to do confirm modification or click Cancel to cancel
it.
Service: Specified services provided by WAN network
servers. These are services/application that are allowed
Removing the Outgoing Policy:
to pass from the LAN network to the WAN network.
Step 1. In the Outgoing policy section, locate the name of the policy
desired to be removed and click its corresponding Remove
Choose ANY for all services.
option in the Configure field.
Action: Select Permit or Deny from the drop down list to
allow or reject the packets travelling between the source
Step 2.
In the Remove confirmation dialogue box, click OK to
remove the policy or click Cancel to cancel removing.
network and the destination network.
Logging: Select Enable to enable flow monitoring.
Statistics: Select Enable to enable flow statistics.
75
76
•
Incoming
Service: Services supported by Virtual Servers (or
Mapped IP).
This chapter describes steps to create policies for packets and
•
services from the WAN network to the LAN network including Mapped
Action: Control actions to permit or deny packets from
WAN networks to Virtual Server/Mapped IP travelling
IP and Virtual Server.
through the Bandwidth Controller.
•
Option: Specify the monitoring functions on packets
from WAN networks to Virtual Server/Mapped IP
travelling through the Bandwidth Controller.
•
Configure: Modify settings or remove incoming policy.
•
Move: This sets the priority of the policies, number 1
being the highest priority.
Enter Incoming window:
Step 1:
Click Incoming under the Policy menu to enter the
Adding an Incoming Policy:
Incoming window. The Incoming table will display current
defined policies from the WAN network to assigned
Step 1:
Under Incoming of the Policy menu, click the New Entry
button.
Mapped IP or Virtual Server.
Step 2: Source Address: Select names of the WAN networks from
Step 2: The fields of the Incoming window are:
the drop down list. The drop down list contains the names
•
Source: Source networks, which are specified in the
WAN section of the Address menu, or all the WAN
network addresses.
•
Destination:
of all WAN networks defined in the WAN section of the
Address menu. To create a new source address, please
go to the LAN section under the Address menu.
Destination
networks,
which
are
IP
Mapping addresses or Virtual server network addresses
created in Virtual Server menu.
77
Destination Address: Select names of the LAN networks
from the drop down list. The drop down list contains the
names of IP mapping addresses specified in the Mapped
78
IP or the Virtual Server sections of Virtual Server menu.
To create a new destination address, please go to the
Virtual Server menu. (Please refer to Chapter Virtual
Server for details)
Service: Specified services provided by LAN network
servers. These are services/application that are allowed
to pass from the WAN network to the LAN network.
Choose ANY for all services.
Action: Select Permit or Deny from the drop down list to
allow or reject the packets travelling between the specified
WAN network and Virtual Server/Mapped IP.
Modifying Incoming Policy:
Logging: Select Enable to enable flow monitoring.
Step 1: In the Incoming window, locate the name of policy desired
Statistics: Select Enable to enable flow statistics.
to be modified and click its corresponding Modify option in
the Configure field.
Alarm Threshold: Set a maximum flow rate (in Kbytes/Sec).
An alarm will be sent if flow rates are higher than the
specified value.
Step 3: Click OK to save modifications or click Cancel to cancel the
Step 3: Click OK to add new policy or click Cancel to cancel adding
new
Step 2: In the Modify Policy window, fill in new settings.
modifications.
incoming policy.
Removing an Incoming Policy:
Step 1: In the Incoming window, locate the name of policy desired
to be removed and click its corresponding Remove in the
Configure field.
Step 2: In the Remove confirmation window, click Ok to remove
the policy or click Cancel to cancel removing.
79
80
Adding a URL Blocking policy:
Content filtering
Step 1:
Content filtering includes URL Blocking and General Blocking.
1. URL Blocking:The device managers can use a complete domain
name, key word, “~” or “*” to make rules for specific websites.
After clicking New Entry, the Add New Block String
window will appear.
Step 2:
Enter the URL of the website to be blocked.
Step 3:
Click OK to add the policy or click Cancel to discard
2. General Blocking:To let Popup、ActiveX、Java、Cookie in or keep
changes.
them out.
URL Blocking
The Administrator may setup URL Blocking to prevent LAN network
users from accessing a specific website on the Internet. Any web
request coming from an LAN network computer to a blocked website
will receive a blocked message instead of the website.
Entering the URL blocking window:
Click on URL Blocking under the Configuration menu bar.
Modifying a URL Blocking policy:
Step 1:
Click on New Entry.
In the URL Blocking window, find the policy to be modified
and click the corresponding Modify option in the Configure
field.
Step 2:
Step 3:
Make the necessary changes needed.
Click on OK to save changes or click on Cancel to cancel
modifications.
81
82
Removing a URL Blocking policy:
•
Popup Block:Prevent the pop-up boxes appearing.
Step 1: In the URL Blocking window, find the policy to be removed
•
ActiveX Block:Prevent ActiveX packets.
and click the corresponding Remove option in the
•
Java Block:Prevent Java packets.
Configure field.
•
Cookie Block:Prevent Cookie packets.
Step 2: A confirmation pop-up box will appear, click on OK to
remove the policy or click on Cancel to discard changes.
Step 3: After selecting each function, click the OK button below.
Blocked URL site:
When a user from the LAN network tries to access a blocked URL, the
error below will appear.
General Blocking
To let Popup、ActiveX、Java、Cookie in or keep them out.
Step 1: Click Content Filtering in the menu.
Step 2: General Blocking detective functions.
83
84
Virtual Server
increases the server’s efficiency, reduces risks of server crashes, and
enhances servers’ stability.
The Bandwidth Controller separates an enterprise’s Intranet and
Internet into LAN networks and WAN networks respectively.
How to use Virtual Server and mapped IP ?
Generally speaking, in order to allocate enough IP addresses for all
computers, an enterprise assigns each computer a private IP address,
Virtual Server and Mapped IP are part of the IP mapping scheme. By
and converts it into a real IP address through Bandwidth Controller’s
applying the incoming policies, Virtual Server and IP mapping work
NAT (Network Address Translation) function.
If a server, which
similarly. They map real IP addresses to the physical servers’ private
provides service to the WAN networks, is located in the LAN networks,
IP addresses (which is opposite to NAT), but there still exists some
outside users can’t directly connect to the server by using the server’s
differences:
•
private IP address.
Virtual Server can map one real IP to several LAN physical
servers while Mapped IP can only map one real IP to one LAN
The Bandwidth Controller’s Virtual Server can solve this problem. A
physical server (1-to-1 Mapping). The Virtual Servers’ load
virtual server has set the real IP address of the Bandwidth Controller’s
balance feature can map a specific service request to different
WAN network interface to be the Virtual Server IP.
physical servers running the same services.
Through the
virtual server feature, the Bandwidth Controller translates the virtual
server’s IP address into the private IP address of physical server in
the LAN network. When outside users on the Internet request
•
Virtual Server can only map one real IP to one service/port of
the LAN physical servers while Mapped IP maps one real IP
to all the services offered by the physical server.
connections to the virtual server, the request will be forwarded to the
IP mapping and Virtual Server work by binding the IP address of the
private LAN server.
WAN virtual server to the private LAN IP address of the physical
Virtual Server owns another feature know as one-to-many mapping.
server that supports the services. Therefore users from the WAN
This is when one virtual server IP address on the WAN interface can
network can access servers of the LAN network by requesting the
be mapped into 4 LAN network server private IP addresses. This
service from the IP address provided by Virtual Server.
option is useful for Load Balancing, which causes the virtual server to
distribute data packets to each private IP addresses (which are the
real servers). By sending all data packets to all similar servers, this
85
86
Mapped IP
Adding a new IP Mapping:
LAN private IP addresses are translated through NAT (Network
Step 1. In the Mapped IP window, click the New Entry button the
Address Translation). If a server is located in the LAN network, it has
Add New Mapped IP window will appear.
a private IP address, and outside users cannot connect directly to LAN
servers’ private IP address.
To connect to a LAN network server,
•
External IP: WAN IP address.
outside users have to first connect to a real IP address of the WAN
•
Map To Virtual IP: The IP address which WAN maps to
network, and the real IP is translated to a private IP of the LAN
the virtual network in the server.
network. Mapped IP and Virtual Server are the two methods to
translate the real IP into private IP. Mapped IP maps IP in one-to-one
Step 2.
Click OK to add new IP Mapping or click Cancel to cancel
adding.
fashion; that means, all services of one real WAN IP address is
mapped to one private LAN IP address.
Entering the Mapped IP window:
Click Mapped IP under the Virtual Server menu bar and the Mapped
IP configuration window will appear.
Modifying a Mapped IP:
Step 1. In the Mapped IP table, locate the Mapped IP desired to be
modified and click its corresponding Modify option in the
Configure field.
Step 2.
Enter settings in the Modify Mapped IP window.
Step 3. Click OK to save change or click Cancel to discard changes.
Note: A Mapped IP cannot be modified if it has been assigned/used
as a destination address of any Incoming policies.
87
88
Virtual Server
Removing a Mapped IP:
Step 1. In the Mapped IP table, locate the Mapped IP desired to be
Step 2.
removed and click its corresponding Remove option in the
Virtual server is a one-to-many mapping technique, which maps a real
Configure field.
IP address from the WAN interface to private IP addresses of the LAN
In the Remove confirmation pop-up window, click Ok to
network. This is done to provide services or applications defined in
remove the Mapped IP or click Cancel to discard changes.
the Service menu to enter into the LAN network. Unlike a mapped IP,
which binds a WAN IP to an LAN IP, virtual server binds WAN IP ports
to LAN IP ports.
Adding a Virtual Server:
Step 1. Click an available virtual server from Virtual Server in the
Virtual Server menu bar to enter the virtual server window.
In the following, Virtual Server 1 is assumed to be the
chosen option:
89
90
•
Virtual Server Real IP: Displays the WAN IP address
assigned to the Virtual Server.
•
Service Name (Port): Select the service from the pull
•
External Service Port: Select the port number that the
down list that will be provided by the Virtual Server.
virtual server will use. Changing the Service will change
the port number to match the service.
Note:
Step 2.
Click the click here to configure button and the Add new
Virtual Server IP window appears and asks for an IP
Step 3.
Note:
can be assigned at most.
Select an IP address from the drop-down list of available
WAN network IP addresses.
If the drop-down list contains only (Disable), there is no
available IP addresses of WAN network of the System and
no Virtual Server can be added.
Enter the IP address of the LAN network server(s), to which
the virtual server will be mapped. Up to four IP addresses
address from the WAN network.
Step 3.
The services in the drop-down list are all defined in the
Pre-defined and Custom section of the Service menu.
Step 4.
Click OK to save the settings of the Virtual Server.
Modifying the Virtual Server configurations:
Step 1. In the Virtual Server window’s service table, locate the name
of the service desired to be modified and click its
corresponding Modify option in the Configure field.
Step 4. Click OK to add new Virtual Server or click Cancel to cancel
Step 2.
adding.
In the Virtual Server Configuration window, enter the new
settings.
Setting the Virtual Server’s services:
Step 3.
Click OK to save modifications or click Cancel to cancel
modification.
Step 1. For the Virtual Server, which has already been set up with
an IP address, click the New Service button in the table.
Step 2.
In the Virtual Server Configuration window:
91
Note:
A virtual server cannot be modified or removed if it has
92
been assigned to the destination address of any Incoming
policies.
Log
The Bandwidth Controller supports traffic logging and event logging to
Removing the Virtual Server service:
monitor and record services, connection times, and the source and
Step 1.
In the Virtual Server window’s service table, locate the
destination network address. The Administrator may also download
name of the service desired to be removed and click its
the log files for backup purposes. The Administrator mainly uses the
corresponding Remove option in the Configure field.
Log menu to monitor the traffic passing through the Bandwidth
Step 2.
In the Remove confirmation pop-up box, click Ok to remove
the service or click Cancel to cancel removing.
Controller.
What is Log?
Log records all connections that pass through the Bandwidth
Controller’s control policies. Traffic log’s parameters are setup when
setting up control policies. Traffic logs record the details of packets
such as the start and stop time of connection, the duration of
connection, the source address, the destination address and services
requested, for each control policy. Event logs record the contents of
System Configuration changes made by the Administrator such as the
time of change, settings that change, the IP address used to log on,
etc.
How to use the Log ?
The Administrator can use the log data to monitor and manage the
Bandwidth Controller and the networks. The Administrator can view
the logged data to evaluate and troubleshoot the network, such as
pinpointing the source of traffic congestions.
93
94
•
Traffic Log
Destination: IP address of the destination network of the
specific connection.
The Administrator queries the Bandwidth Controller for information,
•
such as source address, destination address, start time, and Protocol
specific connection.
•
port, of all connections.
Protocol & Port: Protocol type and Port number of the
Disposition: Accept or Deny.
Entering the Traffic Log window:
Downloading the Traffic Logs:
Click the Traffic Log option under Log menu to enter the Traffic Log
The Administrator can backup the traffic logs regularly by downloading
window.
it to the computer.
Step 1.
In the Traffic Log window, click the Download Logs button
at the bottom of the screen.
Step 2.
Follow the File Download pop-up window to save the traffic
logs into a specified directory on the hard drive.
Clearing the Traffic Logs:
The Administrator may clear on-line logs to keep just the most
updated logs on the screen.
Step 1.
In the Traffic Log window, click the Clear Logs button at
the bottom of the screen.
The table in the Traffic Log window displays current System statuses:
•
Time: The start time of the connection.
•
Source: IP address of the source network of the specific
Step 2.
In the Clear Logs pop-up box, click Ok to clear the logs or
click Cancel to cancel it.
connection.
95
96
Event Log
Step 2.
Follow the File Download pop-up window to save the event
logs into a specific directory on the hard drive.
When the Bandwidth Controller detects events, the Administrator can
get the details, such as time and description of the events from the
Clearing the Event Logs
Event Logs.
The Administrator may clear on-line event logs to keep just the most
Entering the Event Log window:
Click the Event Log option under the Log menu and the Event Log
updated logs on the screen.
Step 1.
In the Event Log window, click the Clear Logs button at the
bottom of the screen.
window will appear.
Step 2. In the Clear Logs pop-up box, click OK to clear the logs or
click Cancel to cancel it.
Connection Log
Click Log in the menu bar on the left hand side, and then select the
sub-selection Connection Log.
Time:The start and end time of connection.
Connection Log:Event description during connection.
The table in the Event Log window displays the time and description
of the events.
•
Time: Time when the event occurred.
•
Event: Description of the event.
Downloading the Event Logs:
Step 1. In the Event Log window, click the Download Logs button
at the bottom of the screen.
97
98
Download Logs
Log Mail Configuration: When the Log Mail files accumulated
Step 1.
Click Log in the menu bar on the left hand side and then
up to 300Kbytes, router will notify administrator by email with the
select the sub-selection Connection Log.
traffic log and event log.
Step 2.
In Connection Log window, click the Download Logs
button.
Step 3.
Note: Before enabling this function, you have to enable E-mail Alarm
In the Download Logs window, save the logs to the
in Administrator.
specified location.
Syslog Settings: If you enable this function, system will
Clear Logs
transmit the Traffic Log and the Event Log simultaneously to
Step 1.
Click Log in the menu bar on the left hand side, and then
Step 2.
In Connection Log window, click the Clear Logs button.
the server which supports Syslog function.
select the sub-selection Connection Logs.
Step 3.
In Clear Logs window, click OK to clear the logs or click
Cancel to discard changes.
Log Backup
Click Log Backup in the Log main menu bar on the left-hand side.
99
100
Alarm
•
Service: Service of the specific connection.
•
Traffic: Traffic (in Kbytes/Sec) of the specific connection.
In this chapter, the Administrator can view traffic alarms and event
alarms that occur and the Bandwidth Controller has logged.
Bandwidth Controller has two alarms: Traffic Alarm and Event Alarm.
Traffic alarm:
In control policies, the Administrator set the threshold value for traffic
alarm. The System regularly checks whether the traffic for a policy
exceeds its threshold value and adds a record to the traffic alarm file if
it does.
Event alarm:
Clearing the Traffic Alarm Logs:
When Firewall detects attacks from hackers, it writes attacking data in
Step 1. In the Traffic Alarm window, click the Clear Logs button at
the bottom of the screen.
the event alarm file and sends an e-mail alert to the Administrator to
Step 2.
take emergency steps.
In the Clear Logs pop-up box, click OK to clear the logs or
click Cancel to cancel.
Traffic Alarm
The table in the Traffic Alarm window displays the current traffic
alarm logs for connections.
Downloading the Traffic Alarm Logs:
The Administrator can back up traffic alarm logs regularly and
•
Time: The start and stop time of the specific connection.
•
Source: Name of the source network of the specific
download it to a file on the computer.
Step 1.
connection.
•
In the Traffic Alarm window, click the Download Logs
button on the bottom of the screen.
Step 2.
Destination: Name of the destination network of the specific
Follow the File Download pop-up box to save the traffic
alarm logs into specific directory on the hard drive.
connection.
101
102
Event Alarm
Step 1.
for connections.
Step 2.
•
Time: Log time.
•
Event: Event descriptions.
In the Event Alarm window, click the Download Logs
button at the bottom of the screen.
The table in Event Alarm window displays current traffic alarm logs
Follow the File Download pop-up box to save the event
alarm logs into specific directory on the hard drive.
Clearing Event Alarm Logs:
The Administrator may clear on-line logs to keep the most updated
logs on the screen.
Step 1.
In the Event Alarm window, click the Clear Logs button at
the bottom of the screen.
Step 2.
In the Clear Logs pop-up box, click OK.
Downloading the Event Alarm Logs:
The Administrator can back up event alarm logs regularly by
downloading it to a file on the computer.
103
104
Accounting Report
Inbound Accounting Report
Accounting Report can be divided into two parts, one is Outbound
Accounting Report, and the other is Inbound Accounting Report.
WAN
User
WAN
Bandwidth
LAN
LAN
Service
Management
Server
Outbound Accounting Report
It is the statistics of downstream/upstream for all kinds of
communication services; the Inbound Accounting report will be shown
WAN
WAN
Bandwidth
Service
Server
Management
LAN
when WAN user uses Bandwidth Controller to connect to LAN Service
LAN
User
Server.
Source IP:The IP address used by WAN users who use Bandwidth
Controller.
It is the statistics of the downstream and upstream of the LAN, WAN
Destination IP:The IP address used by LAN service server who use
and all kinds of communication services.
Bandwidth Controller.
Service:The communication service which listed in the pull-down
Source IP:The IP address used by LAN users who use Bandwidth
menu when WAN users use Bandwidth Controller to connect to LAN
Controller.
Service server.
Destination IP:The IP address used by WAN service server which
uses Bandwidth Controller.
Service:The communication service which listed in the pull-down
menu when LAN users use Bandwidth Controller to connect to WAN
service server.
105
106
Source IP:The IP address used by LAN users who use
Administrator can use this Accounting Report to inquire the LAN IP
Bandwidth Controller to connect to WAN service server.
users and WAN IP users, and to gather the statistics of
Downstream:The percentage of downstream and the value of
Downstream/Upstream, First packet/Last packet/Duration and the
each WAN service server, which uses Bandwidth Controller to
service of all the user’s IP that passes the Bandwidth Controller.
LAN user.
Outbound Source IP Accounting Report
Upstream:The percentage of upstream and the value of each
When LAN users use Bandwidth Controller to connect to WAN service
LAN user who uses Bandwidth Controller to WAN service server.
server, all of the Downstream/Upstream/First Packet/Last
First Packet:When the first packet is sent to WAN service
Packet/Duration log of the source IP will be recorded.
server from LAN user, the sent time will be recorded by the
Bandwidth Controller.
Enter Outbound Source IP Accounting Report
Last Packet:When the last packet sent from WAN service
Click the Outbound of Accounting Report menu bar on the left-hand
server is received by the LAN user, the sent time will be recorded
side of the screen and select Source IP in the pull-down menu to
by the Bandwidth Controller.
enter Outbound Source IP Accounting Report window.
Duration:The period of time which starts from the first packet to
the last packet to be recorded.
Total Traffic:The Bandwidth Controller will record the sum of
packet sent/receive time and show the percentage of each LAN
user’s upstream/downstream to WAN service server.
Reset Counter:Click Reset Counter button to refresh
Accounting Report.
Outbound Destination IP Accounting Report
When WAN service server uses Bandwidth Controller to connect to
LAN user, all of the Downstream/Upstream/First Packet/Last
TOP:Select the data you want to view, it presents 10 results in
Packet/Duration log of the Destination IP will be recorded.
one page.
107
108
Enter Outbound Destination IP Accounting Report
Accounting Report.
Click the Outbound of Accounting Report menu bar on the left-hand
side of the screen and select Destination IP in the pull-down menu to
enter Outbound Destination IP Accounting Report window.
TOP:Select the data you want to view, it presents 10 results in
one page.
Destination IP:The IP address used by WAN service server
which uses Bandwidth Controller.
Downstream:The percentage of downstream and the value of
each WAN service server, which uses Bandwidth Controller to
Outbound Service Accounting Report
LAN user.
When LAN users use Bandwidth Controller to connect to WAN Service
Upstream:The percentage of upstream and the value of each
Server, all of the Downstream/Upstream/First Packet/Last
LAN user who uses Bandwidth Controller to WAN service server.
Packet/Duration log of the Communication Service will be recorded.
First Packet:When the first packet is sent from WAN service
server to LAN users, the sent time will be recorded by the
Bandwidth Controller.
Last Packet:When the last packet from LAN user is sent to
WAN service server, the sent time will be recorded by the
Bandwidth Controller.
Duration:The period of time which starts from the first packet to
the last packet to be recorded.
Total Traffic:The Bandwidth Controller will record the sum of
time and show the percentage of each WAN service server’s
upstream/ downstream to LAN user.
Enter Outbound Service Accounting Report
Reset Counter:Click Reset Counter button to refresh
Click the Outbound of Accounting Report menu bar on the left-hand
109
110
side of the screen and select Service in the pull-down menu to enter
Outbound Service Accounting Report window.
Inbound Source IP Accounting Report
When WAN users use Bandwidth Controller to connect to LAN service
:According to the downstream/upstream report of the
selected TOP numbering to draw.
server, all of the Downstream/Upstream/First Packet/Last
Packet/Duration log of the source IP will be recorded.
TOP:Select the data you want to view. It presents 10 results in
one page.
Enter Inbound Source IP Accounting Report
Service:The report of Communication Service when LAN users
use the Bandwidth Controller to connect to WAN service server.
Click the Inbound of Accounting Report menu bar on the left-hand
Downstream:The percentage of downstream and the value of
side of the screen and select Source IP in the pull-down menu to
each WAN service server who uses Bandwidth Controller to
enter Inbound Source IP Accounting Report window.
connect to LAN user.
Upstream:The percentage of upstream and the value of each
TOP:Select the data you want to view. It presents 10 pages in
LAN user who uses Bandwidth Controller to WAN service server.
one page.
First Packet:When the first packet is sent to the WAN Service
Source IP:The IP address used by WAN users who use
Server, the sent time will be recorded by the Bandwidth
Bandwidth Controller.
Controller.
Downstream:The percentage of Downstream and the value of
Last Packet:When the last packet is sent from the WAN Service
each WAN user who uses Bandwidth Controller to LAN service
Server, the sent time will be recorded by the Bandwidth
server.
Controller.
Upstream:The percentage of Upstream and the value of each
Duration:The period of time starts from the first packet to the
LAN service server who uses Bandwidth Controller to WAN
last packet to be recorded.
users.
Total Traffic:The Bandwidth Controller will record the sum of
First Packet:When the first packet is sent from WAN users to
time and show the percentage of each Communication Service’s
LAN service server, the sent time will be recorded by the
upstream/ downstream to WAN service server.
Bandwidth Controller.
Reset Counter:Click the Reset Counter button to refresh the
Last Packet:When the last packet is sent from LAN service
Accounting Report.
server to WAN users, the sent time will be recorded by the
111
112
Bandwidth Controller.
users.
Duration:The period of time starts from the first packet to the
First Packet:When the first packet is sent from WAN users to
last packet to be recorded.
LAN service server, the sent time will be recorded by the
Total Traffic:The Bandwidth Controller will record the sum of
Bandwidth Controller.
time and show the percentage of each WAN user’s
Last Packet:When the last packet is sent from LAN service
upstream/downstream to LAN service server.
server to WAN users, the sent time will be recorded by the
Reset Counter:Click the Reset Counter button to refresh the
Bandwidth Controller.
Accounting Report.
Duration:The period of time starts from the first packet to the
last packet to be recorded.
Inbound Destination IP Accounting Report
Total Traffic:The Bandwidth Controller will record the sum of
When WAN users use Bandwidth Controller to connect to LAN service
time and show the percentage of each WAN user’s
server, all of the Downstream/Upstream/First Packet/Last
upstream/downstream to LAN service server.
Packet/Duration log of the Destination IP will be recorded.
Reset Counter:Click the Reset Counter button to refresh the
Accounting Report.
Enter Inbound Destination IP Accounting Report
Inbound Service Accounting Report
Click the Inbound of Accounting Report menu bar on the left-hand
When WAN users use Bandwidth Controller to connect to LAN Service
side of the screen and select Destination IP in the pull-down menu to
Server, all of the Downstream/Upstream/First Packet/Last
enter Inbound Destination IP Accounting Report window.
Packet/Duration log of the Communication Service will be recorded.
TOP:Select the data you want to view. It presents 10 pages in
one page.
Enter Inbound Service Accounting Report
Destination IP:The IP address used by WAN users who uses
Click the Inbound of Accounting Report menu bar on the left-hand
Bandwidth Controller.
side of the screen and select Service in the pull-down menu to enter
Downstream:The percentage of Downstream and the value of
Inbound Service Accounting Report window.
each WAN user who uses Bandwidth Controller to LAN service
server.
TOP:Select the data you want to view. It presents 10 results in
Upstream:The percentage of Upstream and the value of each
one page.
LAN service server who uses Bandwidth Controller to WAN
Service:The report of Communication Service when WAN users
113
114
use the Bandwidth Controller to connect to LAN service server.
Statistics
Downstream:The percentage of downstream and the value of
each WAN user who uses Bandwidth Controller to LAN service
In this chapter, the Administrator queries the Bandwidth Controller for
server.
statistics of packets and data, which passes across the Bandwidth
Upstream:The percentage of upstream and the value of each
Controller. The statistics provides the Administrator with information
LAN service server who uses Bandwidth Controller to WAN user.
about network traffics and network loads.
First Packet:When the first packet is sent to the LAN Service
Server, the sent time will be recorded by the Bandwidth
What is Statistics ?
Controller.
Statistics are the statistics of packets that pass through the Bandwidth
Last Packet:When the last packet is sent from the LAN Service
Controller by control policies setup by the Administrator.
Server, the sent time will be recorded by the Bandwidth
How to use Statistics ?
Controller.
Duration:The period of time starts from the first packet to the
The Administrator can get the current network condition from statistics,
and use the information provided by statistics as a basis to mange
last packet to be recorded.
Total Traffic:The Bandwidth Controller will record the sum of
networks.
time and show the percentage of each Communication Service’s
upstream/downstream to LAN service server.
Reset Counter:Click the Reset Counter button to refresh the
How to apply WAN Statistics ?
The Administrator needs to go to Policy to set the network IP
addresses that you want to gather statistics, in this way; the
Accounting Report.
administrator can handle the whole network condition and takes it as a
basis of managing the network.
The administrator needs to go to the Policy to set the network IP of the
WAN statistics. By the Wan statistics you can obtain the status of the
network.
115
116
WAN Statistics
Step 1.
Click Statistics in the menu bar on the left-hand side, and
then select WAN Statistics.
Step 2.
In WAN Statistics window, find the domain name you want
to view.
Step 3.
In the WAN Statistics window, find the network you want to
view and click Minute on the right-hand side, and then you
will be able to view the WAN Statistics figure every minute;
click Hour to view the WAN Statistics figure every hour;
click Day to view the WAN Statistics figure every day.
Y-Coordinate:Network Traffic(Kbytes/Sec).
X-Coordinate:Time(Hour/Minute/Day).
Policy Statistics
Step 1.
Click Policy Statistics in the menu bar on the left-hand
side, and then select Policy Statistics.
Step 2.
In Policy Statistics window, find the domain name you
want to view.
Step 3.
In the Policy Statistics window, find the network you want
to view and click Minute on the right hand side, and then
117
118
you will be able to view the Policy Statistics figure every
Status
minute; click Hour to view the Policy Statistics figure
every hour; click Day to view the Policy Statistics figure
In this section, the device displays the status information about the
every day.
Bandwidth Controller.
Status will display the network information
from the System menu. The Administrator may also use Status to
Source: The name of source address.
check the DHCP lease time and MAC addresses for computers
Destination: The name of destination address.
connected to the Bandwidth Controller.
Service: The service requested.
Interface Status
Action: Permit or deny.
Time: Viewable by minutes, hours, or days
Click on Status in the menu bar, and then click Interface Status
below it.
A window will appear providing information from the
System menu.
Interface Status will list the settings for LAN
Interface and WAN Interface.
119
120
ARP Table
DHCP Clients
Click on Status in the menu bar, and then click ARP Table below it.
Click on Status in the menu bar, and then click on DHCP Clients
A window will appear displaying a table with IP addresses and their
below it. A window will appear displaying the table of DHCP clients
corresponding MAC addresses. For each computer on the LAN and
that are connected to the Bandwidth Controller. The table will list
WAN network that replies to an ARP packet, the Bandwidth Controller
host computers on the LAN network that obtain its IP address from the
will list them in this ARP table.
Bandwidth Controller’s DHCP server function.
IP Address:
The IP address of the host computer
IP Address: The IP address of the LAN host computer.
MAC Address: The MAC address of that host computer
Interface:
The port that the host computer is connected to
(LAN or WAN)
MAC Address: MAC address of the LAN host computer.
Leased Time: The Start and End time of the DHCP lease for the
LAN host computer.
121
122
Glossary
exchange.
Addressing data packets.
Moving data between Network layer and Transport layer.
Routing packets from the sender to the destination network.
Breaking messages into packets and reassembling the packets into
DHCP (Dynamic Host Configuration Protocol.)
When a computer with no fixed IP address starts up, it asks the DHCP
server for a temporary IP address. The DHCP server allocates an IP
the original message.
MAC Address
address, which falls within the same sub-network as the server and
Each network interface card has a unique six bytes long identification
does not conflict with other computers on the network, to the client.
number that has been assigned in the factory. When a data packet
arrives, the network card matches the destination address on the data
packet with its own MAC address to decides to whether receive or
ICMP Protocol
ICMP stands for ‘Internet Control Message Protocol’, it is a Network
layer of Internet protocol that reports errors and provides other
information relevant to IP packet processing.
following
messages:
Flow
Control,
Redirecting Routes and Echo Message.
ICMP sends the
Destination
Unreachable,
For example, the UNIX
discard the packet.
Subnet Mask
Subnet Mask is used to segment a network into 2, 4, 8, etc
sub-networks. For example, take a Class B network with network
command Ping is based on ICMP to test whether a particular
number 172.16.0.0 and subnet mask 255.255.244.0. The first two
computer is connected to the Internet.
numbers represents network number after segmentation. The first 3
bits of the third number is the Subnet Number. There are 2^3= 8 sub
networks. The remaining five bits plus the eight bits of fourth number,
IP
IP stands for Internet Protocol. IP address uniquely identifies a host
computer connected to the Internet from other Internet hosts, for the
purposes of communication through the transfer of packets. IP has
thirteen bits in total, are the networks addresses available for each
sub-network. Each sub-network can have 2^13=8192 networks
addresses.
following features:
Defining data packet structure, packet is the basic unit of data
123
124
TCP Protocol
Many standardized high-level protocols provide user with wide and
TCP is a connection-oriented protocol; it establishes a logical
consistent services.
connection between two computers. Before transferring data, the
two computers exchange control messages to make sure a
User Datagram Protocol (UDP Protocol)
connection has been established, this process is called handshaking.
User Datagram Protocol is a transport layer protocol in the TCP/IP
TCP sets up control functions in the Flag field of the Segment Header.
protocol stack. UDP uses application program to pack user data into
Compared to UDP, TCP is a very reliable protocol, and uses PAR
packets, and IP transfer these packets into their destination. Under
(Positive Acknowledgment with Re-transmission) to guarantee that
UDP, applications can exchange messages with least costs. UDP is
data from one host computer can reach the other host computer safely
an unreliable, connectionless protocol. Unreliable means that this
and correctly.
protocol has no specification to exchange datagram with guaranteed
delivery, but it does transfer data correctly over network. UDP used
TCP/IP Protocol
source port, and destination port, in the message header to transfer
TCP/IP consists of two protocols:
message to the right application.
TCP, Transmission Control Protocol.
DoS (Denial of Service Attack)
IP, Internet Protocol.
DoS attacks disables the servers’ abilities to serve, makes system
TCP/IP features:
connections impossible, and prevents system from providing services
Open communication standard, it is free and does not depend on
any Operating systems or hardware.
to any legal or illegal users. In another word, DoS’s objective is to
kick the server under attacked out of the network.
Not restricted to any network hardware, Ethernet, Token Ring,
Leased Line, X.25 or Frame Relay can all be integrated and operate
There are four popular types of DoS attacks:
under TCP/IP.
Widely accepted addressing method. It is used to assign network
equipments a unique IP address.
Bandwidth Consumption: Attackers use wider bandwidth to flood
victims’ bandwidth with garbage data. For example, using a T1
(1.511Mbps) leased line to attack 56k or 128k leased line, or using
several 56k sites to stuff a T3 (45Mbps).
125
126
Resource Exhaustion: This attack exhausts the victims’ systems
resources, such as CPU usage, memory, file system quota or other
system processes. The attack can bring down the system or slow
down the system.
IP Spoofing
Data packets sent is from a fake source address. If the Bandwidth
Controller’s policy does not restrict these packets from passing through,
they could be used to attack internal servers easily.
Defect program: Attackers use programs to generate exception
condition that can’t be handled by applications, systems, or
embedded hardware to cause system failure. In many occasions,
Network Address Translation
attackers send weird (system can not identify) packet to targeted
NAT is the translation of IP addresses between LAN or private
systems to cause core dumps and attacker issue commands that
networks and the public IP addresses on the Internet. There are three
has privileges to destroy the systems in the mean time.
IP address blocks that have been assigned as private IP address
Router and DNS attacks: Attacker alter routing table and cause
space:
legal requests to servers be rejected. This kind of attack redirects
user requests to an enterprise’s DNS to specific addresses or black
holes, usually un-existing addresses.
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
Hackers and Crackers
Hackers are those smart and aggressive programmers who actually
initiate the recent computer revolution. These programmers are
crazy about exploring new technology to solve problems and create
Through the NAT mechanism, an enterprise’s internal networks can
use any IP addresses that fall in the three private spaces. Note that,
private IP addresses cannot pass through routers to their destinations.
new methodologies. Their objectives are to construct solid networks
and not to destroy other computer systems. Crackers on the other
Packet Filtering
hand are programmers who attack private networks, but don’t steal or
destroy data. Phrackers are people who use stolen data to enter
computer systems illegally to make damage.
Packet Filters check the headers of IP, TCP and ICMP packets to
gather information, such as sources addresses, source ports,
destination addresses, and destination ports. It also checks the
relationships between packets to decide whether a packet is for
normal connection. In this way, attacks can be detected and blocked.
127
128
Address
Bandwidth Controller detects hacker attacks, it records the attacking
Each address in Address Table can be either an IP address or a
sub-network address. Administrators can create a name for a specific
data in event alarm file, and sends E-mail to system manger to take
emergent steps.
address for easier reference. Basically, base on the networks they are
located, IP address falls into 3 categories: LAN IP addresses and WAN
IP addresses.
When setting up policies, administrators choose IP
addresses in Address Table as the source/destination addresses. So
Address Table has to be constructed before setting up policies.
Log
There are flow control log and event log.
Flow control log’s
parameters are set up the same time control policies are setup. It
records details of data packets of each control policy, including data
packet’s start and end time, disconnect time and length of connection,
Address Group
source address, destination address and service content.
The usual way to setup different packet IP filters for the same policy is
Event log records details of the firewall’s system configurations
to create one policy for each filter. If there are 10 IP addresses then
changes, including the user who made the modification, time of change,
10 policies have to be created. Address Group is used to simplify this
modified parameters, and IP address the user uses to logon, etc.
kind of procedures. The administrator creates a new group name in
WAN Groups of Address menu and adds all the related IP addresses
Mapped IP
into that group. After the group is created, the group name will be
Both Mapped IP and Virtual Server use IP mapping mechanism to
shown in Address Table. When creating a control policy, group name
allow outside users access LAN servers through the Bandwidth
can be specified as the source or destination address. In this way,
Controller. They are different in following ways:
only one policy is needed to achieve the same effect as ten policies in
the previous example.
Virtual Server has Load balance feature, and Mapped IP has not.
Virtual Server has a one-to-many mapping relationship to physical
Alarm
There are flow alarm and event alarm. Flow alarm’s parameter is
setup before setting up policies. System checks whether the data
packet flow through each policy is higher the setup limit every 10
minutes. If it is, a record will be added to flow alarm file. When the
129
servers and Mapped IP is mapped to physical servers in one-to-one
fashion. A virtual server can be mapped to only one service, such
as SMTP, HTTP or FTP. A Mapped IP can be mapped to all
services provided by a physical server.
130
Policy
supports two kinds of services: standard services and user defined
The Bandwidth Controller decides whether a data packet can pass
according to values of the policies. A policy’s parameters are source
address, destination address, service, permission, packets’ history,
statistics and flow alarms. Policies can be divided into four
categories based on the packets’ source addresses.
Outgoing: Clients are located in LAN networks and servers are in
services. The most popular TCP and UDP services are already
defined in standard services table, and can not be modified or deleted.
Users can setup their own services with proper TCP and UDP port
numbers if necessary. When setting up a user defined service, the
client’s port number range is 1024:65535, and server’s is 0:1023.
Service Group
WAN networks.
Similar to address groups, mangers can create new service groups in
Incoming: Clients are located in WAN networks and servers are in
LAN networks.
Packet Direction
Source Network
Destination network
[Service Group] option of [Service] menu and assign desired services
into groups.
Outgoing
Incoming
Using address group and service group can greatly simply the policy
LAN
WAN
creating process. If there are ten different IP addresses that access
WAN
Mapped IP
Virtual Server
five different server services, such as HTTP, FTP, SMTP, POP3 and
TELNET. Without the concept of address group and service group,
(10*5)= 50 policies are needed to be created. However, with address
Schedule
group in source/destination address and service group name in service
Schedule is used to set up different time intervals conveying different
option when setting up a policy, only one policy is needed instead of 50.
policies. A policy only works in specified time interval, and is
automatically disabled outside the specified time interval. A specific
schedule can be set to repeat every week or just happen once.
System Configuration
The system configuration file stores system administrator’s name and
password, IP addresses of Bandwidth Controller’s network interfaces,
Service
address table, service table, virtual servers’ IP addresses and policies.
TCP protocol and UDP protocol provided different services. Each
When the configuration process is completed, system administrator can
service has a TCP port number and a UDP port number, such as
download the configuration file into local disc as a backup. System
TELNET (23), FTP (21), SMTP (25), POP3 (110), etc. This system
Administrators can overwrite the Bandwidth Controller’s configuration
131
132
file with the one stored in disc or restore the configuration to its default
Trouble-Shooting
factory settings.
Q:
How to upgrade the Bandwidth Controller’s software?
Virtual Server
The Bandwidth Controller separates an enterprise’s Intranet and
A:
The
Bandwidth
Controller’s
software
and
system
parameters are all stored in the Flash Memory. The Flash
Internet into LAN networks and WAN networks respectively.
Memory is re-writable and re-readable.
Generally speaking, in order to allocate enough IP addresses for all
Users can contact
the distributors to obtain the newest version of software.
computers, an enterprise assigns each computer a private IP address,
After having the newest version of software from the
and converts it into a real IP address through the Bandwidth
distributor, please store it in the hard disk, then connect to the
Controller’s NAT (Network Address Translation) function. If a server
Bandwidth Controller’s WebUI, enter Software Update of the
is located in the LAN network, outside users can’t directly connect to it
System menu, click the file name of the newest version of
by specifying the server’s private IP address. First, we set the real IP
software, and then click Ok.
address of an WAN network interface to the actual IP address of a
The
Virtual Server. Through IP translation of the Virtual Server, outside
updating
process
won’t
overwrite
the
system
configuration, so it is not necessary to save it before updating
users can access the servers of the LAN networks.
the software.
Virtual Server owns another feature - one-to-many mapping: one real
IP address on the WAN interface can be mapped into 4 LAN virtual IP
Q:
How to back up system configuration?
addresses. Thus increases server’s efficiency, reduces risks of server
crashes, and enhances servers’ stability.
A:
To change system parameters settings without destroying the
original system configuration, the user can choose Export
System Settings to Client in Settings under the System
menu.
Users can upload the backup system configuration
from hard disk to the Bandwidth Controller in Import
System Setting from Client.
133
134
Q:
What is the difference in privileges of admin and sub
2. The LAN Interface IP address is set to 192.168.1.1 in the
admin?
factory. The system administrator needs to change it to
private IP address of the enterprise’s LAN networks.
A:
The Bandwidth Controller sets the system administrator’s
Then set IP addresses of WAN interface according to the
name and password to admin. When the administrator sets
real IP addresses allocated by ISP.
up the system the first time, the installation wizard asks
3. LAN network and WAN network can’t communicate to
administrators to change the password for admin (user name
‘admin’ can not be changed).
each other by default. So computers in the LAN network
In the admin menu under
can’t access any Internet address when users connect the
Admin, the admin may add or change the name and
Bandwidth Controller to LAN and WAN network.
password of sub admin. The administrator can change the
System administrator has to define policies with proper
Bandwidth Controller’s system parameters when logged into
permissions in Outgoing under the Policy menu, such as
the Bandwidth Controller as “admin”. The “sub admin” can
to permit certain IP addresses in the LAN network to
only browse the system configuration and have no privileges
to modify it.
access some web addresses.
Therefore, admin has ‘read’ and ‘write’ privileges,
but sub admin has only ‘read’ privilege.
Q:
What are the default settings of the Bandwidth
Q:
How to install the Bandwidth Controller for the first time?
A:
There are six steps to follow:
Controller?
Step 1:
A:
First connect the administrator’s PC and the
Bandwidth Controller’s LAN interface card to the
The Bandwidth Controller has three main default settings;
same HUB or Switch, change PC’s IP address to:
users need to modify them to fit their environment to achieve
192.168.1.2 - 192.168.1.254.
optimum performance.
Then restart the
computer to activate new IP address. Run Browser
1. The system administrator’s name and password are both
‘admin’ (lower case).
and enter http://192.168.1.1 in URL field to access
The name “admin” can’t be
Bandwidth Controller WebUI.
changed, and the password should be modified and
recorded at the time of installation.
Step 2:
Browser will ask or the user’s name and password
enter ‘admin’ and password.
135
136
Step 3:
Step 4:
address, the browser sends out DNS service packet to the
Then WebUI will request the user to change
password. Change it and record the new password.
external DNS server. If the Bandwidth Controller doesn’t
The user name is still ‘admin’.
allow DNS service packet to pass, the URL cannot be mapped
to the IP address and the connection fails.
Set new LAN IP Address (enterprise’s private IP
address) and WAN IP Address (allocated by ISP
Q:
provider).
Why can’t users of WAN networks still store data into
virtual server when virtual server or IP mapping has
Step 5:
If the new LAN IP Address doesn’t belong to
been set successfully?
192.168.1.0 network, such as 172.16.0.1, the
administrator needs to change PC’s IP address to
A:
172.16.0.1,or other IP address of the same network
Administrator needs to make sure, in the Incoming menu,
and restart the computer to activate new IP address.
there is a policy of source address pointing to WAN IP
After the new IP address is activated, use browser
address, destination address to the virtual server or Mapped
to access http://172.16.0.1.
Step 6:
In order to open a virtual server to WAN networks,
IP and with permission to allow inward packets to pass
through.
Enter the main window of administration policies
under WebUI; click New Entry to display Add New
Policy window, and then click OK to complete the
Q:
Q:
Can Admin modify the LAN and WAN interface IP
addresses anytime?
installation process.
In the Outgoing menu, I set the source address to
A:
No, because the names in the address table are set according
“Inside-Any”, the destination address to “Outside-any”,
to the IP addresses of LAN and WAN interface cards, and the
the service to HTTP, and the action to Permit.
source address and destination address of policies are set
Why do
the computers of the LAN network still cannot access
according to address table.
the Internet?
Bandwidth Controller’s LAN interface and WAN interface are
The IP addresses of the
foundations of administration policies.
A:
If the administrator
Usually the DNS of the clients point to the DNS server outside
wants to change the I Bandwidth Controller’s IP address,
of the Bandwidth Controller. When converting a URL to IP
the admin will need to clean up all the administration policies
137
138
Setup Examples
and address table.
Q:
Are there any rules to follow when setting up
administration policies?
A:
When setting up policies, administrators need to follow [small
to big] principle. This means that when the source address,
destination address and service items of a policy is the subset
of another policy, it is necessary to set policy of the subset first.
Example 1:
Allow the LAN network to be able to access the
Internet.
Example 2:
The LAN network can only access Yahoo.com
website.
Example 3:
Outside users can access the LAN FTP server
through Virtual Servers.
Example 4:
Install a server inside the LAN network and have the
Internet (WAN) users access the server through IP
Mapping.
For example, the sequence to set policies for individual worker,
department, and every worker in the company is:
Individual → Department→Every worker
Please see the explanation of the examples below:
Example 1:
Allow the Internal network to be able to
access the Internet
If subset policies are defined after the main policies, policies
defined by the subset became invalid. For example, the new
policy is:
Every worker → Department→ Individual
The policies of departments and individuals are subsets of
policies of every worker, so policies defined by the latter two
are invalid.
Step 1
Enter the Outgoing window under the Policy menu.
Step 2 Click the New Entry button on the bottom of the screen.
Step 3 In the Add New Policy window, enter each parameter, and
then click OK.
Step 4 When the following screen appears, the setup is completed.
139
140
then click on the New Entry button.
Example 2:
The LAN network can only access Yahoo.com
website.
Step 1. Enter the WAN window under the Address menu.
Step 2. Click the New Entry button.
Step 8.
Step 9. An Incoming FTP policy should now be created.
Example 4:
Step 3. In the Add New Address window, enter relating parameters.
Step 4. Click OK to end the address table setup.
Step 1.
Step 5. Go to the Outgoing window under the Policy menu.
Step 6. Click the New Entry button.
Step 7. In the Add New Policy window, enter corresponding
parameters. Click OK.
Step 8.
In the Add New Policy window, set each parameter, then
click OK.
Install a server inside the LAN network and
have the Internet (WAN) users access the
server through IP Mapping .
Enter the Mapped IP window under the Virtual Server
menu.
Step 2.
Click the New Entry button.
Step 3.
In the Add New IP Mapping window, enter each parameter,
and then click OK.
Step 4.
When the following screen appears, the setup is completed.
When the following screen appears, the IP Mapping setup is
completed.
Step 5. Go to the Incoming window under the Policy menu.
Step 6. Click the New Entry button.
Example 3:
Outside users can access the internal FTP
server through Virtual Servers
Step 1.
Enter Virtual Server under the Virtual Server menu.
Step 2.
Click the ‘click here to configure’ button.
Step 3.
Select a Virtual Server Real IP, and then click OK.
Step 4.
Click the New Service button on the bottom of the screen.
Step 5.
Add the FTP service pointing to the LAN Server Virtual IP
address. Click OK.
Step 6.
A new Virtual Service should appear.
Step 7.
In the Add New Policy window, set each parameter, then click OK.
Step 8. Open all the services. (ANY)
Step 9. The setup is completed.
Step 7. Go to the Incoming window under the Policy menu, and
141
142
Specifications
Standard
Interface
Cable Connections
Network Data Rate
Transmission Mode
LED indicators
MAC address
System Memory
Emission
Operating
Temperature
Operating Humidity
Power Supply
Dimension
IEEE802.3, 10BASE-T
IEEE802.3u, 100BASE-TX
IEEE802.3x full duplex operation and flow
control
1 * 10/100 RJ-45 WAN port
4 * 10/100 RJ-45 Fast Ethernet switching
LAN ports
1 * Factory Reset Button
RJ-45 (10BASE-T): Category 3,4,5 UTP/STP
RJ-45 (100BASE-TX): Category 5 UTP/STP
Ethernet: Auto-negotiation
(10Mbps, 100Mbps)
Auto-negotiation (Full-duplex, Half-duplex)
System
Power
Port (LAN/WAN)
SPEED
LINK/ACT
FDX/COL
512 MAC address entries
16MB Flash
32MB RAM
FCC Class A, CE
00 ~ 500C (320 ~ 1220F)
10% - 90%
External Power Adapter, 12VDC/1A
210 * 148 * 35 mm
143
144
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement