Zte OX253P, User Manual

Page 1: ... MIMO Outdoor Simple CPE Firmware Version 3 70 Edition 1 11 2010 Default Login Details IP Address http 192 168 1 1 Administrator s User Name and Password admin admin General User s User Name and Password user user ...

Page 2: ... for Internet access Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information Command Reference Guide The Command Reference Guide explains how to use the Command Line Interface CLI and CLI commands to configure the OX253P Note It is recommended you use the web configurator to configure the OX253P Support Disc Disclaimer Graphics in this bo...

Page 3: ...n bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example TOOLS Logs Log Settings means you fi...

Page 4: ... this User s Guide may use the following generic icons The OX253P icon is not an exact representation of your OX253P Table 1 Common Icons WiMAX Access Point Computer Wireless Signal Notebook Server WiMAX Base Station Telephone Switch Router Internet Cloud Internet WiMAX Cloud ...

Page 5: ...device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT remove the plug and connect it to a power outlet by itself always attach the plug to the power adaptor first before connecting it to a power outlet Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do...

Page 6: ...against voltage surges Your product is marked with this symbol which is known as the WEEE mark WEEE stands for Waste Electronics and Electrical Equipment It means that used electrical and electronic products should not be mixed with general waste Used electrical and electronic equipment should be treated separately ...

Page 7: ...Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s a...

Page 8: ...nical Reference 45 The Setup Screens 47 The LAN Configuration Screens 53 The WAN Configuration Screens 65 The NAT Configuration Screens 77 The System Configuration Screens 87 The Certificates Screens 97 The Firewall Screens 119 Content Filter 129 The Remote Management Screens 133 QoS 145 The Logs Screens 149 The Status Screen 163 Troubleshooting 173 Product Specifications 181 ...

Page 9: ...Contents Overview OX253P User s Guide 10 ...

Page 10: ...nternet Access 19 1 2 OX253P Hardware 20 1 2 1 LEDs 20 1 3 Good Habits for Managing the Device 21 Chapter 2 Introducing the Web Configurator 23 2 1 Overview 23 2 1 1 Accessing the Web Configurator 23 2 2 The Main Screen 25 Chapter 3 Internet Connection Wizard 29 3 1 Overview 29 3 1 1 Welcome to the Setup Wizard 29 3 1 2 System Information 30 3 1 3 Authentication Settings 31 3 1 4 IP Address 33 3 1...

Page 11: ...Need to Know 47 5 1 3 Before You Begin 48 5 2 Set IP Address 48 5 3 DHCP Client 49 5 4 Time Setting 50 5 4 1 Pre Defined NTP Time Servers List 51 5 4 2 Resetting the Time 52 Chapter 6 The LAN Configuration Screens 53 6 1 Overview 53 6 1 1 What You Can Do in This Chapter 53 6 1 2 What You Need to Know 53 6 2 DHCP Setup 54 6 3 Static DHCP 56 6 4 IP Static Route 57 6 4 1 IP Static Route Setup 58 6 5 ...

Page 12: ... 8 3 Port Forwarding 78 8 3 1 Port Forwarding Options 79 8 3 2 Port Forwarding Rule Setup 81 8 4 Trigger Port 82 8 4 1 Trigger Port Forwarding Example 84 8 5 ALG 85 Chapter 9 The System Configuration Screens 87 9 1 Overview 87 9 1 1 What You Can Do in This Chapter 87 9 1 2 What You Need to Know 87 9 2 General 89 9 3 Dynamic DNS 90 9 4 Firmware 92 9 4 1 The Firmware Upload Process 93 9 5 Configurat...

Page 13: ...now 119 11 2 Firewall Setting 120 11 2 1 Firewall Rule Directions 120 11 2 2 Triangle Route 121 11 2 3 Firewall Setting Options 122 11 3 Services 123 11 4 Technical Reference 124 11 4 1 Stateful Inspection Firewall 124 11 4 2 Guidelines For Enhancing Security With Your Firewall 125 11 4 3 The Triangle Route Problem 125 Chapter 12 Content Filter 129 12 1 Overview 129 12 1 1 What You Can Do in This ...

Page 14: ...5 4 Log Message Descriptions 155 Chapter 16 The Status Screen 163 16 1 Overview 163 16 2 Status Screen 163 16 2 1 Packet Statistics 167 16 2 2 WiMAX Site Information 168 16 2 3 DHCP Table 169 16 2 4 WiMAX Profile 170 16 3 Technical Reference 171 Chapter 17 Troubleshooting 173 17 1 Power Hardware Connections and LEDs 173 17 2 OX253P Access and Login 174 17 3 Internet Access 176 17 4 Export a Certif...

Page 15: ...16 Appendix B Setting Up Your Computer s IP Address 189 Appendix C Pop up Windows JavaScripts and Java Permissions 217 Appendix D IP Addresses and Subnetting 229 Appendix E Importing Certificates 241 Appendix F Common Services 271 Index 275 ...

Page 16: ...17 PART I User s Guide ...

Page 17: ...18 ...

Page 18: ...puter or network to the OX253P for WiMAX Internet access See the Quick Start Guide for instructions on hardware connection In a wireless metropolitan area network MAN the OX253P connects to a WiMAX base station BS for Internet access The following diagram shows a notebook computer equipped with the OX253P connecting to the Internet through a WiMAX base station marked BS Figure 1 Mobile Station and...

Page 19: ...are Follow the instructions in the Quick Start Guide to make hardware connections 1 2 1 LEDs The following figure shows the LEDs lights on the OX253P Figure 2 The OX253P s LEDs The following table describes your OX253P s LEDs from right to left Table 2 The OX253P LED STATE DESCRIPTION Power IDU only Off The OX253P is not receiving power Green The OX253P is receiving power and functioning correctly...

Page 20: ...ngs If you backed up an earlier configuration file you would not have to totally re configure the OX253P You could simply restore your last configuration Strength Indicator The Strength Indicator LEDs display the Received Signal Strength Indication RSSI of the wireless WiMAX connection 5 Signal LEDs The signal strength is greater than or equal to 59 dBm 4 Signal LEDs The signal strength is between...

Page 21: ...Chapter 1 Getting Started OX253P User s Guide 22 ...

Page 22: ...rator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in many operating systems and web browsers JavaScript enabled by default in most web browsers Java permissions enabled by default in most web browsers See the Appendix C on page 217 for more information on configuring your web browser 2 1 1 Accessing the Web Configurator 1 Make sure your O...

Page 23: ...enerate a new certificate You can also click Ignore to have the OX253P use the default certificate 7 A screen displays to let you choose to go to the Wizard or the Advanced screens Click Go to Wizard setup if you are logging in for the first time or if you want to make basic changes The wizard selection screen appears See Chapter 3 on page 29 for more information Click Go to Advanced setup if you ...

Page 24: ...n view a summary of your OX253P connection status This is also the default home page for the web configurator and it contains conveniently placed shortcuts to all of the other screens Note Some features in the web configurator may not be available depending on your firmware version and or configuration Figure 3 Main Screen The following table describes the icons in this screen Table 3 Main Icons I...

Page 25: ...EL DESCRIPTION Wizard Click to run the Internet Connection Setup Wizard All of the settings that you can configure in this wizard are also available in these web configurator screens Logout Click to log out of the web configurator Note This does not log you off the WiMAX network it simply logs you out of the OX253P s browser based configuration interface WiMAX Connection Status This field indicate...

Page 26: ...e is 3 70 build TPG 0 candidate 4 released on July 08 2010 Version Date This field indicates the exact date and time the current firmware was compiled System Uptime This field indicates how long the OX253P has been on This resets every time you shut the device down or restart it WiMAX Uptime This field indicates how long the OX253P has been connected to the WiMAX network This resets every time you...

Page 27: ...Chapter 2 Introducing the Web Configurator OX253P User s Guide 28 ...

Page 28: ... the Setup Wizard screens The wizard guides you through several steps where you can configure your Internet settings 3 1 1 Welcome to the Setup Wizard This is the welcome screen for the Setup Wizard The Internet Connection Wizard screens are described in detail in the following sections Figure 4 Select a Mode ...

Page 29: ...t Connection Wizard System Information LABEL DESCRIPTION System Name System Name is a unique name to identify the OX253P in an Ethernet network Enter a descriptive name This name can be up to 30 alphanumeric characters long Spaces are not allowed but dashes and underscores _ are accepted Domain Name Type the domain name if you know it here If you leave this field blank the ISP may assign a domain ...

Page 30: ...ord Use this field to enter the password associated with your Internet access account You can enter up to 47 printable ASCII characters Anonymous Identity Enter the anonymous identity provided by your Internet Service Provider Anonymous identity also known as outer identity is used with EAP TTLS encryption The anonymous identity is used to route your authentication request to the correct authentic...

Page 31: ... EAP TTLS connection is established the inner EAP is the protocol used to exchange security information between the mobile station the base station and the AAA server to authenticate the mobile station See the WiMAX security appendix for more details The OX253P supports the following inner authentication types CHAP Challenge Handshake Authentication Protocol MSCHAP Microsoft CHAP MSCHAPV2 Microsof...

Page 32: ...et Figure 7 Internet Connection Wizard IP Address The following table describes the labels in this screen Table 7 Internet Connection Wizard IP Address LABEL DESCRIPTION IP Address My computer or device gets its IP address automatically from the network Select this if you have a dynamic IP address A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the In...

Page 33: ...ate to a website of your choice If everything was configured properly the web page should display You can now surf the Internet Refer to the rest of this guide for more detailed information on the complete range of OX253P features available in the more advanced web configurator Note If you cannot access the Internet open the web configurator again to confirm that the Internet settings you configur...

Page 34: ...the Web Configurator on page 23 before working through the tutorials presented here For field descriptions of individual screens see the related technical reference in this User s Guide 4 2 Setting Up a Small Network This tutorial shows you how to set up a small network in your office or home Goal Connect three computers to your OX253P to form a small network ...

Page 35: ...2 Open the ADVANCED LAN Configuration DHCP Setup screen 3 Select Enable DHCP Server then enter 192 168 100 34 as your IP Pool Starting Address and 32 for your Pool Size 4 In the DNS Server section set the First Second and Third DNS Server fields to From ISP in order to use the DNS servers linked to your ISP 5 Click Apply to save your DHCP settings INFORMATION VALUE SEE ALSO LAN IP Address 192 168 ...

Page 36: ...our Small Network to the Internet Once your network is configured and hooked up you will want to connect it to the Internet next To do this just run the Internet Connection Wizard Chapter 3 on page 29 which walks you through the process 4 2 2 Changing Service Providers This tutorial shows you how to import a new security certificate which allows your device to communicate with the company s networ...

Page 37: ...s Guide 38 1 In the Web Configurator open the TOOLS Certificates My Certificates screen and click the Import button 2 In the Import Certificate screen click Browse and locate the security certificate that was provided by your new ISP ...

Page 38: ... just imported 5 Click Apply to save your settings You should now be able to connect to the Internet through your new service provider 4 2 3 Blocking Web Access During Specific Hours If your OX253P is in a home or office environment you may decide that you want to block web access and video chat during a specific block of hours such as during your daughter s designated study hours Goal Configure t...

Page 39: ...Chapter 4 Tutorials OX253P User s Guide 40 1 Open the TOOLS Firewall Services to screen 2 Select Enable Services Blocking ...

Page 40: ... open for other types of traffic such as ports 25 and 587 for e mail and port 21 for FTP The Blocked Services window updates accordingly 4 Next configure the Schedule to Block area with the days and hours for blocking web access to your employees In this example the five weekly work days are selected as well as the standard work hours of 3 30 PM to 8 30 PM or 20 30 in 24 hour format 5 Finally clic...

Page 41: ...ws you to control the content you do allow to pass through the OX253P For example once your daughter s designated study hours end you allow web access and video chat but want to restrict certain sites Goal Restrict websites with the words poker sex and beer in their URLs See Also Chapter 12 on page 129 1 Open the TOOLS Content Filter Filter screen 2 Select Enable URL Keyword Blocking ...

Page 42: ...websites with these keywords for a specific computer in your household such as the computer in the master bedroom then add that computer s IP address to the Trusted IP Address field 5 Click Apply to save these settings 6 Next open the TOOLS Content Filter Schedule screen 7 To keep things simple set the Days to Block to Everyday and the Time of Day to Block to All Day 8 Click Apply to save these se...

Page 43: ...mote Management WWW screen 2 Leave the Server Port setting as 80 in order to allow computers back at the OX253P s location to continue to access the Internet 3 From the Server Access menu select WAN This allows remote management connections only from the Internet 4 Finally in the Secured Client IP Address field enter 2 2 2 2 as the IP address from which you will be connecting to the OX253P Any oth...

Page 44: ...45 PART II Technical Reference ...

Page 45: ...46 ...

Page 46: ...he following terms and concepts may help as you read through this chapter LAN A Local Area Network or a shared communication system to which many computers are attached A LAN as its name implies is limited to a local area such as a home or office environment LANs have different topologies the most common being the linear bus and the star configuration IP Address IP addresses identify individual de...

Page 47: ...s itself if there has been any temporal drift NTP NTP stands for Network Time Protocol It is employed by devices connected to the Internet in order to obtain a precise time setting from an official time server These time servers are accurate to within 200 microseconds 5 1 3 Before You Begin Make sure that you have made all the appropriate hardware connections to the OX253P as described in the Quic...

Page 48: ... If the web configurator is running on a computer on the LAN you lose access to it as soon as you change this field and click Apply You can access the web configurator again by typing the new IP address in the browser IP Subnet Mask Enter the subnet mask of the LAN Apply Click to save your changes Reset Click to restore your previously saved settings Table 9 SETUP Set IP Address LABEL DESCRIPTION ...

Page 49: ...eserved When the DHCP server issues IP addresses reserved IPs are assigned to specific client devices If the IP address is reserved the client device identified by its MAC address will always receive this IP address from the DHCP server Apply Click to save your changes Refresh Click to refresh the information in the screen Table 9 SETUP Set IP Address continued LABEL DESCRIPTION Table 10 SETUP Tim...

Page 50: ...erver uses Check with your ISP or network administrator or use trial and error to find a protocol that works Daytime RFC 867 This format is day month year time zone Time RFC 868 This format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 This format is similar to Time RFC 868 Time Server Address Enter the IP address or URL of your time server Check...

Page 51: ... in the following circumstances When the device starts up such as when you press the Power button When you click Apply in the SETUP Time Setting screen Once every 24 hours after starting up Table 11 Pre defined NTP Time Servers ntp1 cs wisc edu ntp1 gbg netnod se ntp2 cs wisc edu tock usno navy mil ntp3 cs wisc edu ntp cs strath ac uk ntp1 sp se time1 stupi se tick stdtime gov tw tock stdtime gov ...

Page 52: ...disable and configure the DHCP server in the OX253P The Static DHCP screen Section 6 3 on page 56 lets you assign specific IP addresses to specific computers on the LAN The IP Static Route screen Section 6 4 on page 57 lets you examine the static routes configured in the OX253P The Other Settings screen Section 6 5 on page 59 lets you control the routing information that is sent and received by ea...

Page 53: ...A DHCP Dynamic Host Configuration Protocol server can assign your OX253P an IP address subnet mask DNS and other routing information when it s turned on 6 2 DHCP Setup Click ADVANCED LAN Configuration DHCP Setup to enable disable and configure the DHCP server in the OX253P Figure 12 ADVANCED LAN Configuration DHCP Setup The following table describes the labels in this screen Table 12 ADVANCED LAN ...

Page 54: ... OX253P can allocate up to 10 10 10 254 or 245 IP addresses DNS Server First Second and Third DNS Server Specify the IP addresses of a maximum of three DNS servers that the network can use The OX253P provides these IP addresses to DHCP clients You can specify these IP addresses two ways From ISP provide the DNS servers provided by the ISP on the WAN port User Defined enter a static IP address DNS ...

Page 55: ...ation DHCP Setup Figure 13 ADVANCED LAN Configuration Static DHCP The following table describes the labels in this screen Table 13 ADVANCED LAN Configuration Static DHCP LABEL DESCRIPTION The number of the item in this list MAC Address Enter the MAC address of the computer to which you want the OX253P to assign the same IP address IP Address Enter the IP address you want the OX253P to assign to th...

Page 56: ...d Figure 14 Advanced LAN Configuration IP Static Route The following table describes the icons in this screen The following table describes the labels in this screen Table 14 Advanced LAN Configuration IP Static Route ICON DESCRIPTION Edit Click to edit this item Delete Click to delete this item Table 15 Advanced LAN Configuration IP Static Route LABEL DESCRIPTION The number of the item in this li...

Page 57: ...network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Action Click the Edit icon to modify this item Click the Delete icon to remove this item Table 15 Advanced LAN Configuration IP Static Route continued LABEL DESCRIPTION Table 16 Advanced LAN Configuration IP Static Route Setup Edit LABEL DESCRIPTION Route Name Enter the name of the static route ...

Page 58: ... switch on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their destinations Metric Usually you should keep the default value This field is related to RIP The metric represents the cost of transmission A router determines the best route for transmission by choosing a path with the lowest cost The smaller the metric the lower the cost RIP uses hop coun...

Page 59: ... it sends or receives information on the subnet RIP 1 The OX253P uses RIPv1 to exchange routing information RIP 2B The OX253P broadcasts RIPv2 to exchange routing information RIP 2M The OX253P multicasts RIPv2 to exchange routing information Multicast You do not have to enable multicasting to use RIP 2M See RIP Version Select which version of IGMP the OX253P uses to support multicasting on the LAN...

Page 60: ...ree numbers specify the network number while the last number identifies an individual computer on that network Once you have decided on the network number pick an IP address that is easy to remember for instance 192 168 1 1 for your OX253P but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your OX253P wi...

Page 61: ...sses usually in the form of an information sheet when s he signs up If your ISP gives you the DNS server addresses enter them in the DNS Server fields in DHCP Setup otherwise leave them blank Some ISPs choose to pass the DNS servers using the DNS server extensions of PPP IPCP IP Control Protocol after the connection is up If your ISP did not give you explicit DNS servers chances are the DNS server...

Page 62: ...st Traditionally IP packets are transmitted in one of either two ways Unicast 1 sender 1 recipient or Broadcast 1 sender everybody on the network Multicast delivers IP packets to a group of hosts on the network not everybody and not just 1 IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a Multicast group it is not used to carry user data IGMP vers...

Page 63: ...iguration Screens OX253P User s Guide 64 information IP multicasting can be enabled disabled on the OX253P LAN and or WAN interfaces in the web configurator LAN WAN Select None to disable IP multicasting on these interfaces ...

Page 64: ... by your OX253P The Advanced screen Section 7 5 on page 75 lets configure your DNS server RIP Multicast and Windows Networking settings 7 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter WiMAX WiMAX Worldwide Interoperability for Microwave Access is the IEEE 802 16 wireless networking standard which provides high bandwidth wide range wireless ser...

Page 65: ...merous subscriber stations and mobile stations connect to the network through a single base station BS as in the following figure Figure 18 WiMAX Multiple Mobile Stations A base station s coverage area can extend over many hundreds of meters even under poor conditions A base station provides network access to subscriber stations and mobile stations and communicates with other base stations The rad...

Page 66: ...er stations The following figure shows a base station using an AAA server to authenticate mobile station MS allowing it to access the Internet Figure 19 Using an AAA Server In this figure the dashed arrow shows the PKM Privacy Key Management secured connection between the mobile station and the base station and the solid arrow shows the EAP secured connection between the mobile station the base st...

Page 67: ...e following table describes the labels in this screen Table 18 ADVANCED WAN Configuration Internet Connection ISP Parameters for Internet Access LABEL DESCRIPTION ISP Parameters for Internet Access User Name Use this field to enter the username associated with your Internet access account You can enter up to 61 printable ASCII characters Password Use this field to enter the password associated wit...

Page 68: ...ct setting for your account Choose from the following user authentication methods TTLS Tunnelled Transport Layer Security TLS Transport Layer Security Note Not all OX253Ps support TLS authentication Check with your service provider for details TTLS Inner EAP This field displays the type of secondary authentication method Once a secure EAP TTLS connection is established the inner EAP is the protoco...

Page 69: ...Address Assignment Get automatically from ISP Default Select this if you have a dynamic IP address A dynamic IP address is not fixed the ISP assigns you a different one each time you connect to the Internet Use Fixed IP Address A static IP address is a fixed IP that your ISP gives you Type your ISP assigned IP address in the IP Address field below IP Subnet Mask Enter a subnet mask in dotted decim...

Page 70: ...0 MHz 1000000 kHz Table 20 ADVANCED WAN Configuration WiMAX Configuration LABEL DESCRIPTION DL Frequency Bandwidth These fields show the downlink frequency settings in kilohertz kHz Enter values in these fields to have the OX253P scan these frequencies for available channels in ascending numerical order Note The Bandwidth field is not user configurable when the OX253P finds a WiMAX connection its ...

Page 71: ...ator range is subdivided into bandwidth steps In the figure each C is a bandwidth step The arrow D shows the OX253P searching for a connection Have the OX253P search only certain frequencies by configuring the downlink frequencies Your operator can give you information on the supported frequencies The downlink frequencies are points of the frequency range your OX253P searches for an available conn...

Page 72: ...ase station the values in this screen are automatically set to the base station s frequency The next time the OX253P searches for a connection it searches only this frequency If you want the OX253P to search other frequencies enter them in the DL Frequency fields The following table describes some examples of DL Frequency settings 7 3 3 Using the WiMAX Frequency Screen In this example your Interne...

Page 73: ...requency Screen 5 Click Apply The OX253P stores your settings When the OX253P searches for available frequencies it scans all frequencies from DL Frequency 1 to DL Frequency 4 When it finds an available connection the fields in this screen will be automatically set to use that frequency 7 4 Buzzer Click ADVANCED WAN Configuration Buzzer to enable or disable buzzer in the ODU The buzzer sounds beep...

Page 74: ... beeps based on the signal strength the RSSI value received from the base station RSSI 50 The five LEDs on the ODU light on and the buzzer sounds five beeps regularly 50 RSSI 60 Four of the five LEDs on the ODU light on and the buzzer sounds four beeps regularly 60 RSSI 70 Three of the five LEDs on the ODU light on and the buzzer sounds three beeps regularly 70 RSSI 80 Two of the five LEDs on the ...

Page 75: ... you do not want to configure DNS servers You must have another DHCP server on your LAN or else the computers must have their DNS server addresses manually configured If you do not configure a DNS server you must know the IP address of a computer in order to access it Multicast Setup Multicast IGMP Internet Group Multicast Protocol is a network layer protocol used to establish membership in a mult...

Page 76: ...r The General screen Section 8 2 on page 77 lets you enable or disable NAT and to allocate memory for NAT and firewall rules The Port Forwarding screen Section 8 3 on page 78 lets you look at the current port forwarding rules in the OX253P and to enable disable activate and deactivate each one The Trigger Port screen Section 8 4 on page 82 lets you maintain trigger port forwarding rules for the OX...

Page 77: ...If the default is not defined the service request is simply discarded Table 24 ADVANCED NAT Configuration General LABEL DESCRIPTION Enable Network Address Translation Select this if you want to use port forwarding trigger ports or any of the ALG Max NAT Firewall Session Per User When computers use peer to peer applications such as file sharing applications they may use a large number of NAT sessio...

Page 78: ... assign the LAN IP addresses and the ISP assigns the WAN IP address The NAT network appears as a single host on the Internet Figure 27 Multiple Servers Behind NAT Example 8 3 1 Port Forwarding Options Click ADVANCED NAT Configuration Port Forwarding to look at the current port forwarding rules in the OX253P and to enable disable activate and deactivate each one You can also set up a default server...

Page 79: ...instead Port Forwarding The number of the item in this list Active Select this to enable this rule Clear this to disable this rule Name This field displays the name of the rule It does not have to be unique Start Port This field displays the beginning of the range of port numbers forwarded by this rule End Port This field displays the end of the range of port numbers forwarded by this rule If it i...

Page 80: ... rule You can use 1 31 printable ASCII characters or you can leave this field blank It does not have to be a unique name Start Port End Port Enter the port number or range of port numbers you want to forward to the specified server To forward one port number enter the port number in the Start Port and End Port fields To forward a range of ports enter the port number at the beginning of the range i...

Page 81: ...warding solves this problem by allowing computers on the LAN to dynamically take turns using the service The OX253P records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol a trigger port When the OX253P s WAN port receives a response with a specific port number and protocol incoming port the OX253P forwards the traffic to...

Page 82: ...port number at the beginning of the range in the Start Port field enter the port number at the end of the range in the End Port field If you want to delete this rule enter zero in the Start Port and End Port fields Trigger Start Port End Port Enter the outgoing port number or range of port numbers that makes the OX253P record the source IP address and assign it to the selected incoming port number...

Page 83: ...ng port range of 6970 7170 3 The Real Audio server responds using a port number ranging between 6970 7170 4 The OX253P forwards the traffic to Jane s computer IP address 5 Only Jane can connect to the Real Audio server until the connection is closed or times out The OX253P times out in three minutes with UDP User Datagram Protocol or two hours with TCP IP Transfer Control Protocol Internet Protoco...

Page 84: ...ration ALG to enable and disable SIP VoIP FTP file transfer and H 323 audio visual ALG in the OX253P Figure 32 ADVANCED NAT Configuration ALG The following table describes the labels in this screen Table 29 ADVANCED NAT Configuration ALG LABEL DESCRIPTION Enable SIP ALG Select this to make sure SIP VoIP works correctly with port forwarding and port triggering rules Enable FTP ALG Select this to ma...

Page 85: ...Chapter 8 The NAT Configuration Screens OX253P User s Guide 86 ...

Page 86: ...ection 9 4 on page 92 lets you upload new firmware to the OX253P The Configuration screen Section 9 5 on page 93 lets you back up or restore the configuration of the OX253P The Restart screen Section 9 6 on page 95 lets you restart your OX253P from within the web configurator 9 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter System Name The Syst...

Page 87: ... OX253P via DHCP DNS Server Address Assignment Use DNS Domain Name System to map a domain name to its corresponding IP address and vice versa The DNS server is extremely important because without it you must know the IP address of a computer before you can access it The OX253P can get the DNS server addresses in the following ways 1 The ISP tells you the DNS server addresses usually in the form of...

Page 88: ...ame Enter the domain name entry that is propagated to DHCP clients on the LAN If you leave this blank the domain name obtained from the ISP is used Use up to 38 alphanumeric characters Spaces are not allowed but dashes and periods are accepted Administrator Inactivity Timer Enter the number of minutes a management session can be left idle before the session times out After it times out you have to...

Page 89: ...irst of all you need to have registered a dynamic DNS account with www dyndns org This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name The Dynamic DNS service provider will give you a password or key Enabling the wildcard feature for your host causes yourhost dyndns org to be aliased to the same IP address as yourhost dyndns org This featur...

Page 90: ...your Dynamic DNS service provider Dynamic DNS Type Select the type of service that you are registered for from your Dynamic DNS service provider Host Name Enter the host name You can specify up to two host names separated by a comma User Name Enter your user name Password Enter the password assigned to you Enable Wildcard Option Select this to enable the DynDNS Wildcard feature Enable offline opti...

Page 91: ...address Dynamic DNS server auto detect IP address Select this if you want the DDNS server to update the IP address of the host name s automatically Select this option when there are one or more NAT routers between the OX253P and the DDNS server Note The DDNS server may not be able to detect the proper IP address if there is an HTTP proxy server between the OX253P and the DDNS server Use specified ...

Page 92: ...ow to log in If the upload is not successful you will be notified by error message Click Return to go back to the Firmware screen 9 5 Configuration Click ADVANCED System Configuration Configuration to back up or restore the configuration of the OX253P You can also use this screen to reset the OX253P to the factory default settings Figure 36 ADVANCED System Configuration Configuration Browse Click ...

Page 93: ...by Configuration Upload Error message Click Return to go back to the Configuration screen Table 33 ADVANCED System Configuration Configuration LABEL DESCRIPTION Backup Configuration Backup Click this to save the OX253P s current configuration to a file on your computer Once your device is configured and functioning properly it is highly recommended that you back up your configuration file before m...

Page 94: ...takes about two minutes Once the restart is complete you can log in again 9 7 Bridge Click ADVANCED System Configuration Bridge to switch the OX253P between the bridge or router mode You may need the bridge mode when you need to use VLAN applications in your network Figure 38 ADVANCED System Configuration Bridge Table 34 ADVANCED System Configuration Firmware LABEL DESCRIPTION Restart Click this b...

Page 95: ...ing table describes the labels in this screen Table 35 ADVANCED System Configuration Bridge LABEL DESCRIPTION Bridge Mode Select this to switch to the bridge mode for the OX253P Router Mode Select this to switch to the router mode for the OX253P Apply Click to save your change ...

Page 96: ...lic record with a domain name registrar If they match then the certificate is issued to the website operator who then places it on his site to be issued to all visiting web browsers to let them know that the site is legitimate 10 1 1 What You Can Do in This Chapter The My Certificates screen Section 10 2 on page 98 lets you generate and export self signed certificates or certification requests and...

Page 97: ...es the icons in this screen The following table describes the labels in this screen Table 36 TOOLS Certificates My Certificates ICON DESCRIPTION Edit Click to edit this item Export Click to export an item Delete Click to delete this item Table 37 TOOLS Certificates My Certificates LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the OX253P s PKI storage space that is ...

Page 98: ... is the same information as in the Subject field Valid From This field displays the date that the certificate becomes applicable Valid To This field displays the date that the certificate expires The text displays in red and includes an Expired message if the certificate has expired Action Click the Edit icon to open a screen with an in depth list of information about the certificate Click the Exp...

Page 99: ...Certificates My Certificates and then the Create icon to open the My Certificates Create screen Use this screen to have the OX253P create a self signed certificate enroll a certificate with a certification authority or generate a certification request Figure 40 TOOLS Certificates My Certificates Create ...

Page 100: ... certificate owner belongs You can use up to 63 characters You can use alphanumeric characters the hyphen and the underscore Organization Identify the company or group to which the certificate owner belongs You can use up to 63 characters You can use alphanumeric characters the hyphen and the underscore Country Identify the state in which the certificate owner is located You can use up to 31 chara...

Page 101: ... the Internet Engineering Task Force IETF and is specified in RFC 2510 CA Server Address This field applies when you select Create a certification request and enroll for a certificate immediately online Enter the IP address or URL of the certification authority server For a URL you can use up to 511 of the following characters a zA Z0 9 _ CA Certificate This field applies when you select Create a ...

Page 102: ...o the My Certificate Create screen Click Return and check your information in the My Certificate Create screen Make sure that the certification authority information is correct and that your Internet connection is working properly if you want the OX253P to enroll a certificate online Apply Click to save your changes Cancel Click to return to the previous screen without saving your changes Table 38...

Page 103: ...ficates My Certificates Edit The following table describes the labels in this screen Table 39 TOOLS Certificates My Certificates Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate You can use up to 31 alphanumeric and _ characters Property Select Default self signed certificate which signs the imported remote host certificates to use this certificate to sign t...

Page 104: ...n by the certification authority or generated by the OX253P Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Issuer This field displays identifying information about the certificate s issuing certification authority such as Common Name Organizational Unit Organization and Country With sel...

Page 105: ... message digest that the OX253P calculated using the SHA1 algorithm Certificate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses lowercase letters uppercase letters and numerals to convert the binary certificate into a printable form You can copy and paste a certification request into a certificatio...

Page 106: ...n import it Figure 42 TOOLS Certificates My Certificates Import The following table describes the labels in this screen Table 40 TOOLS Certificates My Certificates Import LABEL DESCRIPTION File Path Type in the location of the file you want to upload in this field or click Browse to find it You cannot import a certificate with the same name as a certificate that is already in the OX253P Browse Cli...

Page 107: ... this screen Table 41 TOOLS Certificates Trusted CAs ICON DESCRIPTION Edit Click to edit this item Export Click to export an item Delete Click to delete this item Table 42 TOOLS Certificates Trusted CAs LABEL DESCRIPTION PKI Storage Space in Use This bar displays the percentage of the OX253P s PKI storage space that is currently in use When the storage space is almost full you should consider dele...

Page 108: ...d and you have selected the Check incoming certificates issued by this CA against a CRL check box in the certificate s details screen to have the OX253P check the CRL before trusting any certificates issued by the certification authority Otherwise the field displays No Action Click the Edit icon to open a screen with an in depth list of information about the certificate Use the Export icon to save...

Page 109: ...OLS Certificates Trusted CAs Edit The following table describes the labels in this screen Table 43 TOOLS Certificates Trusted CAs Edit LABEL DESCRIPTION Name This field displays the identifying name of this certificate You can use up to 31 alphanumeric and _ characters Property Select Default self signed certificate which signs the imported remote host certificates to use this certificate to sign ...

Page 110: ...en by the certification authority or generated by the OX253P Subject This field displays information that identifies the owner of the certificate such as Common Name CN Organizational Unit OU Organization O and Country C Issuer This field displays identifying information about the certificate s issuing certification authority such as Common Name Organizational Unit Organization and Country With se...

Page 111: ...ssage digest that the OX253P calculated using the SHA1 algorithm Certificate in PEM Base 64 Encoded Format This read only text box displays the certificate or certification request in Privacy Enhanced Mail PEM format PEM uses lowercase letters uppercase letters and numerals to convert the binary certificate into a printable form You can copy and paste a certification request into a certification a...

Page 112: ... certificate s filename before you can import the certificate Figure 45 TOOLS Certificates Trusted CAs Import The following table describes the labels in this screen 10 4 Technical Reference The following section contains additional technical information about the OX253P features described in this chapter Table 44 TOOLS Certificates Trusted CAs Import LABEL DESCRIPTION File Path Type in the locati...

Page 113: ...m or not 3 Tim uses his private key to sign the message and sends it to Jenny 4 Jenny receives the message and uses Tim s public key to verify it Jenny knows that the message is from Tim and she knows that although other people may have been able to read the message no one can have altered it because they cannot re sign the message with Tim s private key 5 Additionally Jenny uses her own private k...

Page 114: ...en you first turn it on This certificate is referred to in the GUI as the factory default certificate 10 4 1 4 Certificate File Formats Any certificate that you want to import has to be in one of these file formats Binary X 509 This is an ITU T recommendation that defines the formats for X 509 certificates PEM Base 64 encoded X 509 This Privacy Enhanced Mail format uses lowercase letters uppercase...

Page 115: ...g the Fingerprint of a Certificate on Your Computer A certificate s fingerprints are message digests calculated using the MD5 or SHA1 algorithms The following procedure describes how to check a certificate s fingerprint to verify that you have the actual certificate 1 Browse to where you have the certificate saved on your computer 2 Make sure that the certificate has a cer or crt file name extensi...

Page 116: ...d scroll down to the Thumbprint Algorithm and Thumbprint fields Figure 47 Certificate Details 4 Use a secure method to verify that the certificate owner has the same information in the Thumbprint Algorithm and Thumbprint fields The secure method may vary based on your situation Possible examples would be over the telephone or through an HTTPS connection ...

Page 117: ...Chapter 10 The Certificates Screens OX253P User s Guide 118 ...

Page 118: ...firewall to guard effectively you must design and deploy it appropriately This requires integrating the firewall into a broad information security policy In addition specific policies must be implemented within the firewall itself 11 1 1 What You Can Do in This Chapter The Firewall Setting screen Section 11 2 on page 120 lets you configure the basic settings for your firewall The Service Setting s...

Page 119: ...y default unless the remote host is authorized to use a specific service 11 2 Firewall Setting This section describes firewalls and the built in OX253P s firewall features 11 2 1 Firewall Rule Directions Figure 48 Firewall Rule Directions LAN to WAN rules are local network to Internet firewall rules The default is to forward all traffic from your local network to the Internet You can block certain...

Page 120: ...ervices in the Remote MGMT screens or SMT menus When you allow remote management from the WAN you are actually configuring WAN to WAN OX253P firewall rules WAN to WAN OX253P firewall rules are Internet to the OX253P WAN interface firewall rules The default is to block all such traffic When you decide what WAN to LAN packets to log you are in fact deciding what WAN to LAN and WAN to WAN OX253P pack...

Page 121: ...AN without passing through the OX253P Max NAT Firewall Session Per User Select the maximum number of NAT rules and firewall rules the OX253P enforces at one time The OX253P automatically allocates memory for the maximum number of rules regardless of whether or not there is a rule to enforce This is the same number you enter in ADVANCED NAT Configuration General Packet Direction Log Select the situ...

Page 122: ...nd to maintain the list of services you want to block Figure 51 TOOLS Firewall Services The following table describes the labels in this screen Table 46 TOOLS Firewall Services LABEL DESCRIPTION Service Setup Enable Services Blocking Select this to activate service blocking The Schedule to Block section controls what days and what times service blocking is actually effective however ...

Page 123: ...t available in the pre defined Available Services list You must define it using the Type and Port Number fields Blocked Services This is a list of services ports that are inaccessible to computers on your LAN when service blocking is effective To remove a service from this list select the service and click Delete Type Select TCP or UDP based on which one the custom port uses Port Number Enter the ...

Page 124: ...ng rules to block packets for the services at specific interfaces 6 Protect against IP spoofing by making sure the firewall is active 7 Keep the firewall in a secured locked room 11 4 3 The Triangle Route Problem A traffic route is a path for sending or receiving data packets between two Ethernet devices You may have more than one connection to the Internet through one or more ISPs If an alternate...

Page 125: ...n your network into logical sections over the same Ethernet interface Your OX253P supports up to three logical LAN interfaces with the OX253P being the gateway for each logical network It s like having multiple LAN networks that actually use the same physical cables and ports By putting your LAN and Gateway A in different subnets all returning network traffic must pass through the OX253P to your L...

Page 126: ...Chapter 11 The Firewall Screens OX253P User s Guide 127 4 The OX253P then sends it to the computer on the LAN in Subnet 1 Figure 53 IP Alias ...

Page 127: ...Chapter 11 The Firewall Screens OX253P User s Guide 128 ...

Page 128: ... features or specific URL keywords The OX253P can block web features such as ActiveX controls Java applets cookies and disable web proxies The OX253P also allows you to define time periods and days during which the OX253P performs content filtering 12 1 1 What You Can Do in This Chapter The Filter screen Section 12 2 on page 130 lets you set up a trusted IP address which web features are restricte...

Page 129: ... User s Guide 130 12 2 Filter Click TOOLS Content Filter Filter to set up a trusted IP address which web features are restricted and which keywords are blocked when content filtering is effective Figure 54 TOOLS Content Filter Filter ...

Page 130: ...ween a user and the Internet to provide security administrative control and caching service When a proxy server is located on the WAN it is possible for LAN users to avoid content filtering restrictions Keyword Blocking Enable URL Keyword Blocking Select this if you want the OX253P to block Web sites based on words in the web site address For example if you block the keyword bad http www website c...

Page 131: ... in this screen Table 48 TOOLS Content Filter Schedule LABEL DESCRIPTION Day to Block Select which days of the week you want content filtering to be effective Time of Day to Block Select what time each day you want content filtering to be effective Enter times in 24 hour format for example 3 00pm should be entered as 15 00 Apply Click to save your changes Reset Click to restore your previously sav...

Page 132: ...u may only have one remote management session running at a time The OX253P automatically disconnects a remote management session of lower priority when another remote management session of higher priority starts The priorities for the different types of remote management sessions are as follows 1 Telnet 2 HTTP 13 1 1 What You Can Do in This Chapter The WWW screen Section 13 2 on page 135 lets you ...

Page 133: ...net FTP or Web service 2 You have disabled that service in one of the remote management screens 3 The IP address in the Secured Client IP field does not match the client IP address If it does not match the OX253P will disconnect the session immediately 4 There is already another remote management session with an equal or higher priority running You may only have one remote management session runni...

Page 134: ...WW Click TOOLS Remote Management WWW to control HTTP access to your OX253P Figure 56 TOOLS Remote Management WWW The following table describes the labels in this screen Table 50 TOOLS Remote Management WWW LABEL DESCRIPTION Server Port Enter the port number this service can use to access the OX253P The computer must use the same port number Server Access Select the interface s through which a comp...

Page 135: ...1 TOOLS Remote Management Telnet LABEL DESCRIPTION Server Port Enter the port number this service can use to access the OX253P The computer must use the same port number Server Access Select the interface s through which a computer may access the OX253P using this service Secured Client IP Address Select All to allow any computer to access the OX253P using this service Select Selected to only allo...

Page 136: ...inistrators perform network management functions It executes applications that control and monitor managed devices Table 52 TOOLS Remote Management FTP LABEL DESCRIPTION Server Port Enter the port number this service can use to access the OX253P The computer must use the same port number Server Access Select the interface s through which a computer may access the OX253P using this service Secured ...

Page 137: ...within an agent In SNMPv1 when a manager wants to retrieve all elements of a table from an agent it initiates a Get operation followed by a series of GetNext operations Set Allows the manager to set values for object variables within an agent Trap Used by the agent to inform the manager of some events 13 5 1 SNMP Traps The OX253P sends traps to the SNMP manager when any of the following events occ...

Page 138: ...he default is public and allows all requests Set Community Enter the Set community which is the password for incoming Set requests from the management station The default is public and allows all requests Trap Community Enter the trap community which is the password sent with each trap to the SNMP manager The default is public and allows all requests Trap Destination Enter the IP address of the st...

Page 139: ...his service Apply Click to save your changes Reset Click to restore your previously saved settings Table 54 TOOLS Remote Management SNMP continued LABEL DESCRIPTION Table 55 TOOLS Remote Management DNS LABEL DESCRIPTION Server Port This field is read only This field displays the port number this service uses to access the OX253P The computer must use the same port number Server Access Select the i...

Page 140: ...m the WAN LAN WAN the OX253P responds to ping requests received from the LAN or the WAN Do not respond to requests for unauthorized services Select this to prevent outsiders from discovering your OX253P by sending requests to unsupported port numbers If an outside user attempts to probe an unsupported port on your OX253P an ICMP response packet is automatically returned This allows the outside use...

Page 141: ...re on your OX253P and then configure it appropriately The ACS server which it will use must also be configured by its administrator Figure 63 CWMP TR069 Example In this example the OX253P receives data from at least 3 sources A SIP server for handling voice calls an HTTP server for handling web services and an ACS for configuring the OX253P remotely All three servers are owned and operated by the ...

Page 142: ...L or IP address of the auto configuration server User Name Enter the user name sent when the OX253P connects to the ACS and which is used for authentication You can enter up to 31 alphanumeric characters a z A Z 0 9 and underscores but spaces are not allowed Password Enter the password sent when the OX253P connects to an ACS and which is used for authentication You can enter up to 31 alphanumeric ...

Page 143: ...m with the Periodic Inform Interval and is not mutually exclusive of it The Periodic Inform Time must be in the following format yyyy mm ddThh mm ss where yyyy is a four digit year 2009 mm is a two digit month 01 12 dd is a two digit day 01 28 hh is a two digit hour in 24 hour format 01 24 mm is a two digit minutes value 01 60 and ss is a two digit seconds value 01 60 Note You must separate the da...

Page 144: ... inadequate for time critical application such as video on demand 14 2 General Click TOOLS QoS to open the screen as shown next Use this screen to enable or disable QoS Figure 65 QoS General The following table describes the labels in this screen Table 58 TOOLS Remote Management Security LABEL DESCRIPTION Active QoS Select this to enable QoS for the OX253P Selecting this may improve network perfor...

Page 145: ... Setup The following table describes the labels in this screen Table 59 QoS Class Setup LABEL DESCRIPTION Create New Class Click this link to create a new class This field displays the index number of the class Active This field indicates whether the QoS class is enabled or not Name This field indicates the name of the class Interface This field indicates the Ethernet port on which traffic is bein...

Page 146: ...imilar classes are processed in order of index number from lowest to highest Name Enter a descriptive name of up to 20 printable English keyboard characters including spaces Interface Select an interface to which the class will apply To WAN The class is applied to all packets incoming from the WAN Wide Area Network To LAN The class is applied to all packets outgoing from the LAN Local Area Network...

Page 147: ...or the criteria Destination Address Subnet Mask Enter a destination IP address and the subnet mask for the criteria Port Range Enter a port range on the destination host for the criteria Others Service Select the traffic type of a service SIP FTP or H 323 to which this class will apply Protocol Select TCP or UDP to specifiy the traffic type to which the class will apply You can also select User De...

Page 148: ...d which logs and alerts are sent or recorded 15 1 2 What You Need to Know The following terms and concepts may help as you read through this chapter Alerts An alert is a type of log that warrants more serious attention Some categories such as System Errors consist of both logs and alerts Syslog Logs There are two types of syslog event logs and traffic logs The device generates an event log when a ...

Page 149: ... devID is the MAC address of the router s LAN port The cat is the same as the category in the router s logs Traffic Log Facility 8 Severity Mon dd hr mm ss hostname src srcIP srcPort dst dstIP dstPort msg Traffic Log note Traffic Log devID mac address cat Traffic Log duration seconds sent sentBytes rcvd receiveBytes dir from to protoID IPProtocolID proto serviceName trans IPSec Normal This message...

Page 150: ...e is currently sorted pointing downward is descending pointing upward is ascending The following table describes the labels in this screen Table 63 TOOLS Logs View Logs LABEL DESCRIPTION Display Select a category whose log entries you want to view To view all logs select All Logs The list of categories depends on what log categories are selected in the Log Settings page Email Log Now Click this to...

Page 151: ...This field displays the source IP address and the port number of the incoming packet In many cases some or all of this information may not be available Destination This field lists the destination IP address and the port number of the incoming packet In many cases some or all of this information may not be available Note This field displays additional information about the log entry Table 63 TOOLS...

Page 152: ...253P User s Guide 153 15 3 Log Settings Click TOOLS Logs Log Settings to configure where the OX253P sends logs and alerts the schedule for sending logs and which logs and alerts are sent or recorded Figure 69 TOOLS Logs Log Settings ...

Page 153: ... is selected then also specify which day of the week the E mail should be sent If the When Log is Full option is selected an alert is sent when the log fills up If you select None no log messages are sent Day for Sending Log This field is only available when you select Weekly in the Log Schedule field Select which day of the week to send the logs Time for Sending Log This field is only available w...

Page 154: ...he device failed to get information from the time server WAN interface gets IP s The WAN interface got a new IP address from the DHCP or PPPoE server DHCP client gets s A DHCP client got a new IP address from the DHCP server DHCP client IP expired A DHCP client s IP address has expired DHCP server assigns s The DHCP server assigned an IP address to a client Successful WEB login Someone has logged ...

Page 155: ...ded according to the default policy s setting Firewall rule NOT match TCP UDP IGMP ESP GRE OSPF Packet Direction rule d Attempted TCP UDP IGMP ESP GRE OSPF access matched or did not match a configured firewall rule denoted by its number and was blocked or forwarded according to the rule Triangle route packet forwarded TCP UDP IGMP ESP GRE OSPF The firewall allowed a triangle route session to pass ...

Page 156: ...connection three way handshaking timeout 270 seconds TCP FIN wait timeout 2 MSL Maximum Segment Lifetime set in the TCP header TCP idle established timeout s 150 minutes TCP reset timeout 10 seconds Exceed MAX incomplete sent TCP RST The router sent a TCP reset packet when the number of incomplete connections TCP and UDP exceeded the user configured threshold Incomplete count is for all TCP and UD...

Page 157: ...der ICMP ICMP The firewall does not support this kind of ICMP packets or the ICMP packets are out of order Router reply ICMP packet ICMP The router sent an ICMP reply packet to the sender Table 71 PPP Logs LOG MESSAGE DESCRIPTION ppp LCP Starting The PPP connection s Link Control Protocol stage has started ppp LCP Opening The PPP connection s Link Control Protocol stage is opening ppp CHAP Opening...

Page 158: ...hedule Waiting content filter server timeout The external content filtering server did not respond within the timeout period DNS resolving failed The OX253P cannot get the IP address of the external content filtering via DNS query Creating socket failed The OX253P cannot issue a query because TCP UDP socket creation failed port port number Connecting to content filter server fail The connection to...

Page 159: ...ty ICMP type d code d The firewall detected an ICMP vulnerability attack traceroute ICMP type d code d The firewall detected an ICMP traceroute attack ports scan UDP The firewall detected a UDP port scan attack Firewall sent TCP packet in response to DoS attack TCP The firewall sent TCP packet in response to a DoS attack ICMP Source Quench ICMP The firewall detected an ICMP Source Quench attack IC...

Page 160: ...Echo Reply 0 Echo reply message 3 Destination Unreachable 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don t Fragment DF 5 Source route failed 4 Source Quench 0 A gateway may discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next net...

Page 161: ...r s Guide 162 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Table 76 ICMP Notes continued TYPE CODE DESCRIPTION ...

Page 162: ... Screen Click the STATUS icon in the navigation bar to go to this screen where you can view the current status of the device system resources interfaces LAN and WAN and SIP accounts You can also register and un register SIP accounts as well as view detailed information from DHCP and statistics from WiMAX bandwidth management and traffic Figure 70 Status ...

Page 163: ...om a DHCP server on the WAN None The OX253P is not using any DHCP services in the WAN It has a static IP address LAN Information IP Address This field displays the current IP address of the OX253P in the LAN IP Subnet Mask This field displays the current subnet mask in the LAN DHCP This field displays what DHCP services the OX253P is providing to the LAN Choices are Server The OX253P is a DHCP ser...

Page 164: ...s it that there is traffic waiting Bandwidth This field shows the size of the bandwidth step the OX253P uses to connect to a base station in megahertz MHz CINR Mean This field shows the average Carrier to Interference plus Noise Ratio of the current connection This value is an indication of overall radio signal quality A higher value indicates a higher signal quality and a lower value indicates a ...

Page 165: ...nt Date Time This field displays the current date and time in the OX253P You can change this in SETUP Time Setting Memory Usage This field displays what percentage of the OX253P s memory is currently used The higher the memory usage the more likely the OX253P is to slow down Some memory is required just to start the OX253P and to run the web configurator You can reduce the memory usage by disablin...

Page 166: ...ecific statistics DHCP Table Click this link to see details of computers to which the OX253P has given an IP address Table 77 Status continued LABEL DESCRIPTION Table 78 Packet Statistics LABEL DESCRIPTION Port This column displays each interface of the OX253P Status This field indicates whether or not the OX253P is using the interface For the WAN interface this field displays the port speed and d...

Page 167: ...number of collisions on this port Tx B s This field displays the number of bytes transmitted in the last second Rx B s This field displays the number of bytes received in the last second Up Time This field displays the elapsed time this interface has been connected System up Time This is the elapsed time the system has been on Poll Interval s Type the time interval for the browser to refresh syste...

Page 168: ...able 79 WiMAX Configuration LABEL DESCRIPTION DL Frequency 1 19 These fields show the downlink frequency settings in kilohertz kHz These settings determine how the OX253P searches for an available wireless connection Table 80 DHCP Table LABEL DESCRIPTION The number of the item in this list IP Address This field displays the IP address the OX253P assigned to a computer in the network Host Name This...

Page 169: ...displays as a row of asterisks for security purposes Anonymous Identity This is the anonymous identity provided by your Internet Service Provider Anonymous identity also known as outer identity is used with EAP TTLS encryption PKM This field displays the Privacy Key Management version number PKM provides security between the OX253P and the base station See the WiMAX security appendix for more info...

Page 170: ...rate of 9 5 Mbps 16QAM The Quadrature Amplitude Modulation QAM digital modulation technique modulates changes the amplitude of two carrier waves WiMAX networks use 16QAM to transmit downlink traffic using a data rate of 18 Mbps TTLS Inner EAP This field displays the type of secondary authentication method Once a secure EAP TTLS connection is established the inner EAP is the protocol used to exchan...

Page 171: ...Chapter 16 The Status Screen OX253P User s Guide 172 ...

Page 172: ... the LEDs turn on 1 Make sure you are using the power adapter or cord included with the OX253P 2 Make sure the power adapter or cord is connected to the OX253P and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adapter or cord to the OX253P 4 If the problem continues contact the vendor One of the LEDs does not behave as expec...

Page 173: ...ress for the OX253P 1 The default IP address is http 192 168 1 1 2 If you changed the IP address and have forgotten it you might get the IP address of the OX253P by looking up the IP address of the default gateway for your computer To do this in most Windows computers click Start Run enter cmd and then enter ipconfig The IP address of the Default Gateway might be the IP address of the OX253P it de...

Page 174: ...53P is a DHCP server by default If there is no DHCP server on your network make sure your computer s IP address is in the same subnet as the OX253P See Appendix D on page 229 5 Reset the OX253P to its factory defaults and try to access the OX253P with the default IP address See Section 9 6 on page 95 6 If the problem continues contact the network administrator or vendor or try one of the advanced ...

Page 175: ...mation correctly in the wizard These fields are case sensitive so make sure Caps Lock is not on 3 Check your security settings In the web configurator go to the Status screen Click the WiMAX Profile link in the Summary box and make sure that you are using the correct security settings for your Internet account 4 Check your WiMAX settings The OX253P may have been set to search the wrong frequencies...

Page 176: ... and other obstructions or to a higher floor in your building 2 There may be radio interference caused by nearby electrical devices such as microwave ovens and radio transmitters Move the OX253P away or switch the other devices off Weather conditions may also affect signal quality 3 There might be a lot of traffic on the network Look at the LEDs and check Section 1 2 1 on page 20 If the OX253P is ...

Page 177: ... Internet Explorer 8 2 Make sure you have upgraded to Internet Explorer 8 standard version 3 To resolve this select Tool SmartScreen Filter Turn On SmartScreen Filter in your browser Figure 75 Internet Explorer 8 Turn On Safety Filter 4 Select Turn off SmartScreen Filter and click OK Export the certificate file again you should be able to download the file now Figure 76 Internet Explorer 8 Turn Of...

Page 178: ...tory Defaults If you reset the OX253P you lose all of the changes you have made The OX253P re loads its default settings and the password resets to admin You have to make all of your changes again 17 5 1 Pop up Windows JavaScripts and Java Permissions Please see Appendix C on page 217 ...

Page 179: ...Chapter 17 Troubleshooting OX253P User s Guide 180 ...

Page 180: ...0 38A Max Power Consumption US maximum 18 24W average 7 932W EU maximum 12 12W Ethernet Interface One auto negotiating auto MDI MDI X NWay 10 100 Mbps RJ 45 Ethernet port Power over Ethernet Interface PoE One RJ 45 type PoE port providing 48V DC to the OX253P ODU from the OX253P IDU Antennas One 15dBi 0 5dBi Cross Polarization antenna ODU Weight 400g Dimensions ODU 372 L mm x 232 W mm x 54 8 H mm ...

Page 181: ...Address Translation NAT allows the translation of an Internet protocol address used within one network for example a private IP address used in a local network to a different IP address known within another network for example a public IP address used on the Internet Universal Plug and Play UPnP Your device and other UPnP enabled devices can use the standard TCP IP protocol to dynamically join a n...

Page 182: ...etwork Time Protocol RFC 2104 HMAC Keyed Hashing for Message Authentication RFC 2131 Dynamic Host Configuration Protocol RFC 2401 Security Architecture for the Internet Protocol RFC 2409 Internet Key Exchange RFC 2475 Architecture for Differentiated Services Diffserv RFC 2617 Hypertext Transfer Protocol HTTP Authentication Basic and Digest Access Authentication RFC 2782 A DNS RR for specifying the...

Page 183: ...Chapter 18 Product Specifications OX253P User s Guide 184 ...

Page 184: ... supports EAP Extensible Authentication Protocol RFC 2486 which allows additional authentication methods to be deployed with no changes to the base station or the mobile or subscriber stations PKMv2 PKMv2 is a procedure that allows authentication of a mobile or subscriber station and negotiation of a public key to encrypt traffic between the MS SS and the base station PKMv2 uses standard EAP metho...

Page 185: ...re exchanged between the base station and the RADIUS server for user authentication Access Request Sent by an base station requesting authentication Access Reject Sent by a RADIUS server rejecting access Access Accept Sent by a RADIUS server allowing access Access Challenge Sent by a RADIUS server requesting more information in order to allow access The base station sends a proper response from th...

Page 186: ...nd encrypts using the authentication key Encrypted traffic The MS SS decrypts the TEK using the authentication key Both stations can now securely encrypt and decrypt the data flow CCMP All traffic in a WiMAX network is encrypted using CCMP Counter Mode with Cipher Block Chaining Message Authentication Protocol CCMP is based on the 128 bit Advanced Encryption Standard AES algorithm Counter mode ref...

Page 187: ...e server side authentications to establish a secure connection with EAP TLS digital certifications are needed by both the server and the wireless clients for mutual authentication Client authentication is then done by sending username and password through the secure connection thus client identity is protected For client authentication EAP TTLS supports EAP methods and legacy authentication method...

Page 188: ...of UNIX LINUX include the software components you need to use TCP IP on your computer If you manually assign IP information instead of using a dynamic IP make sure that your network s computers have IP addresses that place them in the same subnet In this appendix you can set up an IP address for Windows XP NT 2000 on page 190 Windows Vista on page 193 Mac OS X 10 3 and 10 4 on page 197 Mac OS X 10...

Page 189: ...ws XP NT 2000 The following example uses the default Windows XP display theme but can also apply to Windows 2000 and Windows NT 1 Click Start Control Panel Figure 77 Windows XP Start Menu 2 In the Control Panel click the Network Connections icon Figure 78 Windows XP Control Panel ...

Page 190: ...de 191 3 Right click Local Area Connection and then select Properties Figure 79 Windows XP Control Panel Network Connections Properties 4 On the General tab select Internet Protocol TCP IP and then click Properties Figure 80 Windows XP Local Area Connection Properties ...

Page 191: ...ress that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided 7 Click OK to close the Internet Protocol TCP IP Properties window Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start All Programs Accessories Command Prompt 2 In the Command Pro...

Page 192: ...ion shows screens from Windows Vista Professional 1 Click Start Control Panel Figure 82 Windows Vista Start Menu 2 In the Control Panel click the Network and Internet icon Figure 83 Windows Vista Control Panel 3 Click the Network and Sharing Center icon Figure 84 Windows Vista Network And Internet ...

Page 193: ...nnections Figure 85 Windows Vista Network and Sharing Center 5 Right click Local Area Connection and then select Properties Figure 86 Windows Vista Network and Sharing Center Note During this procedure click Continue whenever Windows displays a screen saying that it needs your permission to continue ...

Page 194: ...Appendix B Setting Up Your Computer s IP Address OX253P User s Guide 195 6 Select Internet Protocol Version 4 TCP IPv4 and then select Properties Figure 87 Windows Vista Local Area Connection Properties ...

Page 195: ...IP address that was assigned to you by your network administrator or ISP You may also have to enter a Preferred DNS server and an Alternate DNS server if that information was provided Click Advanced 9 Click OK to close the Internet Protocol TCP IP Properties window Click OK to close the Local Area Connection Properties window Verifying Settings 1 Click Start All Programs Accessories Command Prompt...

Page 196: ...97 Mac OS X 10 3 and 10 4 The screens in this section are from Mac OS X 10 4 but can also apply to 10 3 1 Click Apple System Preferences Figure 89 Mac OS X 10 4 Apple Menu 2 In the System Preferences window click the Network icon Figure 90 Mac OS X 10 4 System Preferences ...

Page 197: ...ces pane opens select Built in Ethernet from the network connection type list and then click Configure Figure 91 Mac OS X 10 4 Network Preferences 4 For dynamically assigned settings select Using DHCP from the Configure IPv4 list in the TCP IP tab Figure 92 Mac OS X 10 4 Network Preferences TCP IP Tab ...

Page 198: ...cally assigned settings do the following From the Configure IPv4 list select Manually In the IP Address field type your IP address In the Subnet Mask field type your subnet mask In the Router field type the IP address of your device Figure 93 Mac OS X 10 4 Network Preferences Ethernet ...

Page 199: ... s Guide 200 Click Apply Now and close the window Verifying Settings Check your TCP IP properties by clicking Applications Utilities Network Utilities and then selecting the appropriate Network Interface from the Info tab Figure 94 Mac OS X 10 4 Network Utility ...

Page 200: ...s OX253P User s Guide 201 Mac OS X 10 5 The screens in this section are from Mac OS X 10 5 1 Click Apple System Preferences Figure 95 Mac OS X 10 5 Apple Menu 2 In System Preferences click the Network icon Figure 96 Mac OS X 10 5 Systems Preferences ...

Page 201: ...of available connection types Figure 97 Mac OS X 10 5 Network Preferences Ethernet 4 From the Configure list select Using DHCP for dynamically assigned settings 5 For statically assigned settings do the following From the Configure list select Manually In the IP Address field enter your IP address In the Subnet Mask field enter your subnet mask ...

Page 202: ...x B Setting Up Your Computer s IP Address OX253P User s Guide 203 In the Router field enter the IP address of your OX253P Figure 98 Mac OS X 10 5 Network Preferences Ethernet 6 Click Apply and close the window ...

Page 203: ... Ubuntu 8 GNOME This section shows you how to configure your computer s TCP IP settings in the GNU Object Model Environment GNOME using the Ubuntu 8 Linux distribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default Ubuntu 8 installation Note Make sure you are logged in as t...

Page 204: ...100 Ubuntu 8 System Administration Menu 2 When the Network Settings window opens click Unlock to open the Authenticate window By default the Unlock button is greyed out until clicked You cannot make changes to your configuration unless you first enter your admin password Figure 101 Ubuntu 8 Network Settings Connections ...

Page 205: ... window enter your admin account name and password then click the Authenticate button Figure 102 Ubuntu 8 Administrator Account Authentication 4 In the Network Settings window select the connection that you want to configure then click Properties Figure 103 Ubuntu 8 Network Settings Connections ...

Page 206: ...ies In the Configuration list select Automatic Configuration DHCP if you have a dynamic IP address In the Configuration list select Static IP address if you have a static IP address Fill in the IP address Subnet mask and Gateway address fields 6 Click OK to save the changes and close the Properties dialog box and return to the Network Settings screen ...

Page 207: ...he Network Settings window and then enter the DNS server information in the fields provided Figure 105 Ubuntu 8 Network Settings DNS 8 Click the Close button to apply the changes Verifying Settings Check your TCP IP properties by clicking System Administration Network Tools and then selecting the appropriate Network device from the Devices ...

Page 208: ...Appendix B Setting Up Your Computer s IP Address OX253P User s Guide 209 tab The Interface Statistics column shows data if your connection is working properly Figure 106 Ubuntu 8 Network Tools ...

Page 209: ...ribution The procedure screens and file locations may vary depending on your specific distribution release version and individual configuration The following screens use the default openSUSE 10 3 installation Note Make sure you are logged in as the root administrator Follow the steps below to configure your computer IP address in the KDE 1 Click K Menu Computer Administrator Settings YaST Figure 1...

Page 210: ...2 When the Run as Root KDE su dialog opens enter the admin password and click OK Figure 108 openSUSE 10 3 K Menu Computer Menu 3 When the YaST Control Center window opens select Network Devices and then click the Network Card icon Figure 109 openSUSE 10 3 YaST Control Center ...

Page 211: ...er s IP Address OX253P User s Guide 212 4 When the Network Settings window opens click the Overview tab select the appropriate connection Name from the list and then click the Configure button Figure 110 openSUSE 10 3 Network Settings ...

Page 212: ...k the Address tab Figure 111 openSUSE 10 3 Network Card Setup 6 Select Dynamic Address DHCP if you have a dynamic IP address Select Statically assigned IP Address if you have a static IP address Fill in the IP address Subnet mask and Hostname fields 7 Click Next to save the changes and close the Network Card Setup window ...

Page 213: ...Guide 214 8 If you know your DNS server IP address es click the Hostname DNS tab in Network Settings and then enter the DNS server information in the fields provided Figure 112 openSUSE 10 3 Network Settings 9 Click Finish to save your settings and close the window ...

Page 214: ...he Task bar to check your TCP IP properties From the Options sub menu select Show Connection Information Figure 113 openSUSE 10 3 KNetwork Manager When the Connection Status KNetwork Manager window opens click the Statistics tab to see if your connection is working properly Figure 114 openSUSE Connection Status KNetwork Manager ...

Page 215: ...Appendix B Setting Up Your Computer s IP Address OX253P User s Guide 216 ...

Page 216: ...ther Internet Explorer versions may vary Internet Explorer Pop up Blockers You may have to disable pop up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address Disable Pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off P...

Page 217: ... the Pop up Blocker section of the screen This disables any web pop up blockers you may have enabled Figure 116 Internet Options Privacy 3 Click Apply to save this setting Enable Pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab ...

Page 218: ... OX253P User s Guide 219 2 Select Settings to open the Pop up Blocker Settings screen Figure 117 Internet Options Privacy 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 167 1 ...

Page 219: ...d to move the IP address to the list of Allowed sites Figure 118 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts are allowed ...

Page 220: ...er click Tools Internet Options and then the Security tab Figure 119 Internet Options Security 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default ...

Page 221: ...OK to close the window Figure 120 Security Settings Java Scripting Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected ...

Page 222: ...missions OX253P User s Guide 223 5 Click OK to close the window Figure 121 Security Settings Java JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected ...

Page 223: ...22 Java Sun Mozilla Firefox Mozilla Firefox 2 0 screens are used here Screens for other versions may vary slightly The steps below apply to Mozilla Firefox 3 0 as well You can enable Java Javascripts and pop ups in one screen Click Tools then click Options in the screen that appears Figure 123 Mozilla Firefox TOOLS Options ...

Page 224: ...issions OX253P User s Guide 225 Click Content to show the screen below Select the check boxes as shown in the following screen Figure 124 Mozilla Firefox Content Security Opera Opera 10 screens are used here Screens for other versions may vary slightly ...

Page 225: ...ripts and Java Permissions OX253P User s Guide 226 Allowing Pop Ups From Opera click Tools then Preferences In the General tab go to Choose how you prefer to handle pop ups and select Open all pop ups Figure 125 Opera Allowing Pop Ups ...

Page 226: ...Preferences In the Advanced tab select Content from the left side menu Select the check boxes as shown in the following screen Figure 126 Opera Enabling Java To customize JavaScript behavior in the Opera browser click JavaScript Options Figure 127 Opera JavaScript Options Select the items you want Opera s JavaScript to apply ...

Page 227: ...Appendix C Pop up Windows JavaScripts and Java Permissions OX253P User s Guide 228 ...

Page 228: ...and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the ne...

Page 229: ...ical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an...

Page 230: ...ber bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address with host IDs of all ones is the broadcast address for that network 192 168 1 255 with a 24 bit subnet mask for example As these two IP addresses cannot be used for individual hosts calculate the maximum ...

Page 231: ...You can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the company network for security reasons In this example the company network address is 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is the host ...

Page 232: ...ting Figure 129 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 ...

Page 233: ...55 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bi...

Page 234: ... LAST OCTET BIT VALUE IP Address 192 168 1 64 IP Address Binary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Table 92 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 101010...

Page 235: ...2 168 1 255 Highest Host ID 192 168 1 254 Table 93 Subnet 4 continued IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE Table 94 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Table 95 24 bit Network Number Subnet Planning NO BORROWED HO...

Page 236: ...please do not use any other number unless you are told otherwise You must also enable Network Address Translation NAT on the OX253P Once you have decided on the network number pick an IP address for your OX253P that is easy to remember for instance 192 168 1 1 but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP a...

Page 237: ...net addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the appropriate IP addresses Regardless of your particular situation do not create an arbitrary IP address always follow the guidelines above For more information on address assignment please refer to RFC 1597 Address Allocation for Private Interne...

Page 238: ...xample if a router is set between a LAN and the Internet WAN the router s LAN and WAN addresses must be on different subnets In the following example the LAN and WAN are on the same subnet The LAN computers cannot access the Internet because the router cannot route between networks Figure 132 Conflicting Computer IP Addresses Example Conflicting Computer and Router IP Addresses Example More than o...

Page 239: ...ting OX253P User s Guide 240 The computer cannot access the Internet This problem can be solved by assigning a different IP address to the computer or the router s LAN port Figure 133 Conflicting Computer and Router IP Addresses Example ...

Page 240: ... them know that the site is legitimate Public key certificates can be used by web browsers on a LAN or WAN to verify that they are in fact connecting to the legitimate device and not one masquerading as it However because the certificates were not issued by one of the several organizations officially recognized by the most common web browsers you will need to import the created certificate into yo...

Page 241: ...wever they can also apply to Internet Explorer on Windows Vista 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error Figure 134 Internet Explorer 7 Certification Error 2 Click Continue to this website not recommended Figure 135 Internet Explorer 7 Certification Error ...

Page 242: ...OX253P User s Guide 243 3 In the Address Bar click Certificate Error View certificates Figure 136 Internet Explorer 7 Certificate Error 4 In the Certificate dialog box click Install Certificate Figure 137 Internet Explorer 7 Certificate ...

Page 243: ...port Wizard click Next Figure 138 Internet Explorer 7 Certificate Import Wizard 6 If you want Internet Explorer to Automatically select certificate store based on the type of certificate click Next again and then go to step 9 Figure 139 Internet Explorer 7 Certificate Import Wizard ...

Page 244: ...l certificates in the following store and then click Browse Figure 140 Internet Explorer 7 Certificate Import Wizard 8 In the Select Certificate Store dialog box choose a location in which to save the certificate and then click OK Figure 141 Internet Explorer 7 Select Certificate Store ...

Page 245: ... Guide 246 9 In the Completing the Certificate Import Wizard screen click Finish Figure 142 Internet Explorer 7 Certificate Import Wizard 10 If you are presented with another Security Warning click Yes Figure 143 Internet Explorer 7 Security Warning ...

Page 246: ...e installation message Figure 144 Internet Explorer 7 Certificate Import Wizard 12 The next time you start Internet Explorer and go to a web configurator page a sealed padlock icon appears in the address bar Click it to view the page s Website Identification information Figure 145 Internet Explorer 7 Website Identification ...

Page 247: ...rompted you can install a stand alone certificate file if one has been issued to you 1 Double click the public key certificate file Figure 146 Internet Explorer 7 Public Key Certificate File 2 In the security warning dialog box click Open Figure 147 Internet Explorer 7 Open File Security Warning 3 Refer to steps 4 12 in the Internet Explorer procedure beginning on page 242 to complete the installa...

Page 248: ...rer This section shows you how to remove a public key certificate in Internet Explorer 7 1 Open Internet Explorer and click TOOLS Internet Options Figure 148 Internet Explorer 7 Tools Menu 2 In the Internet Options dialog box click Content Certificates Figure 149 Internet Explorer 7 Internet Options ...

Page 249: ...s Authorities tab select the certificate that you want to delete and then click Remove Figure 150 Internet Explorer 7 Certificates 4 In the Certificates confirmation click Yes Figure 151 Internet Explorer 7 Certificates 5 In the Root Certificate Store dialog box click Yes Figure 152 Internet Explorer 7 Root Certificate Store ...

Page 250: ...Appendix E Importing Certificates OX253P User s Guide 251 6 The next time you go to the web site that issued the public key certificate you just removed a certification error appears ...

Page 251: ...l however the screens can also apply to Firefox 2 on all platforms 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Select Accept this certificate permanently and click OK Figure 153 Firefox 2 Website Certified by an Unknown Authority ...

Page 252: ... The certificate is stored and you can now connect securely to the web configurator A sealed padlock appears in the address bar which you can click to open the Page Info Security window to view the web page s security information Figure 154 Firefox 2 Page Info ...

Page 253: ...sing to a web configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Open Firefox and click TOOLS Options Figure 155 Firefox 2 Tools Menu 2 In the Options dialog box click ADVANCED Encryption View Certificates Figure 156 Firefox 2 Options ...

Page 254: ...Import Figure 157 Firefox 2 Certificate Manager 4 Use the Select File dialog box to locate the certificate and then click Open Figure 158 Firefox 2 Select File 5 The next time you visit the web site click the padlock in the address bar to open the Page Info Security window to see the web page s security information ...

Page 255: ... Certificate in Firefox This section shows you how to remove a public key certificate in Firefox 2 1 Open Firefox and click TOOLS Options Figure 159 Firefox 2 Tools Menu 2 In the Options dialog box click ADVANCED Encryption View Certificates Figure 160 Firefox 2 Options ...

Page 256: ...e certificate that you want to remove and then click Delete Figure 161 Firefox 2 Certificate Manager 4 In the Delete Web Site Certificates dialog box click OK Figure 162 Firefox 2 Delete Web Site Certificates 5 The next time you go to the web site that issued the public key certificate you just removed a certification error appears ...

Page 257: ...P Professional however the screens can apply to Opera 9 on all platforms 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Click Install to accept the certificate Figure 163 Opera 9 Certificate signer not found ...

Page 258: ...ficates OX253P User s Guide 259 3 The next time you visit the web site click the padlock in the address bar to open the Security information window to view the web page s security details Figure 164 Opera 9 Security information ...

Page 259: ... Alone Certificate File in Opera Rather than browsing to a web configurator and installing a public key certificate when prompted you can install a stand alone certificate file if one has been issued to you 1 Open Opera and click TOOLS Preferences Figure 165 Opera 9 Tools Menu ...

Page 260: ...Appendix E Importing Certificates OX253P User s Guide 261 2 In Preferences click ADVANCED Security Manage certificates Figure 166 Opera 9 Preferences ...

Page 261: ...53P User s Guide 262 3 In the Certificates Manager click Authorities Import Figure 167 Opera 9 Certificate manager 4 Use the Import certificate dialog box to locate the certificate and then click Open Figure 168 Opera 9 Import certificate ...

Page 262: ...e dialog box click Install Figure 169 Opera 9 Install authority certificate 6 Next click OK Figure 170 Opera 9 Install authority certificate 7 The next time you visit the web site click the padlock in the address bar to open the Security information window to view the web page s security details ...

Page 263: ...emoving a Certificate in Opera This section shows you how to remove a public key certificate in Opera 9 1 Open Opera and click TOOLS Preferences Figure 171 Opera 9 Tools Menu 2 In Preferences ADVANCED Security Manage certificates Figure 172 Opera 9 Preferences ...

Page 264: ...to remove and then click Delete Figure 173 Opera 9 Certificate manager 4 The next time you go to the web site that issued the public key certificate you just removed a certification error appears Note There is no confirmation when you delete a certificate authority so be absolutely certain that you want to go through with it before clicking the button ...

Page 265: ...nqueror 3 5 on all Linux KDE distributions 1 If your device s web configurator is set to use SSL certification then the first time you browse to it you are presented with a certification error 2 Click Continue Figure 174 Konqueror 3 5 Server Authentication 3 Click Forever when prompted to accept the certificate Figure 175 Konqueror 3 5 Server Authentication ...

Page 266: ... Importing Certificates OX253P User s Guide 267 4 Click the padlock in the address bar to open the KDE SSL Information window and view the web page s security details Figure 176 Konqueror 3 5 KDE SSL Information ...

Page 267: ...ted you can install a stand alone certificate file if one has been issued to you 1 Double click the public key certificate file Figure 177 Konqueror 3 5 Public Key Certificate File 2 In the Certificate Import Result Kleopatra dialog box click OK Figure 178 Konqueror 3 5 Certificate Import Result The public key certificate appears in the KDE certificate manager Kleopatra Figure 179 Konqueror 3 5 Kl...

Page 268: ...dix E Importing Certificates OX253P User s Guide 269 3 The next time you visit the web site click the padlock in the address bar to open the KDE SSL Information window to view the web page s security details ...

Page 269: ...s Menu 2 In the Configure dialog box select Crypto 3 On the Peer SSL Certificates tab select the certificate you want to delete and then click Remove Figure 181 Konqueror 3 5 Configure 4 The next time you go to the web site that issued the public key certificate you just removed a certification error appears Note There is no confirmation when you remove a certificate authority so be absolutely cer...

Page 270: ...ol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 97 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this se...

Page 271: ...ts to a specific group of hosts IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management IRC TCP UDP 6667 This is another popular Internet chat program MSN Messenger TCP 1863 Microsoft Networks messenger service uses this protocol NEW ICQ TCP 5190 An Internet chat program NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client ser...

Page 272: ...he message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for use with the SNMP RFC 1215 SQL NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems including mainframes midrange systems UNIX systems and ne...

Page 273: ...nsfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP 7000 Another videoconferencing solution Table 97 Commonly Used Services continued NAME PROTOCOL PORT S DESCRIPTION ...

Page 274: ... and ODU LEDs 75 buzzer and RSSI 75 C CA 97 114 and certificates 114 CBC MAC 187 CCMP 185 187 cell 65 Certificate Management Protocol CMP 102 Certificate Revocation List CRL 114 certificates 97 185 advantages 115 and CA 114 certification path 105 111 114 expired 114 factory default 115 file formats 115 fingerprints 106 112 importing 99 not used for encryption 114 revoked 114 self signed 101 serial...

Page 275: ...AP Extensible Markup Language see XML F firewall 119 124 125 frequency band 74 ranges 73 74 scanning 74 FTP 90 134 restrictions 134 I IANA 238 identity 67 185 idle timeout 134 IEEE 802 16 65 185 IEEE 802 16e 65 inner authentication 188 Internet access 67 Internet Assigned Numbers Authority see IANA 238 interoperability 65 K key 31 69 185 request and reply 187 M MAC 187 MAN 65 Management Informatio...

Page 276: ...cret Key 186 related documentation 3 remote management and NAT 134 remote management limitations 134 Remote Procedure Call 142 RFC 2510 See Certificate Management Protocol RSSI and buzzer 75 S safety warnings 6 secure communication 31 69 185 secure connection 67 security 185 security association 187 see SA services 67 Simple Certificate Enrollment Protocol SCEP 102 SIP ALG 85 Application Layer Gat...

Page 277: ...8 tunneled TLS see TTLS U unauthorized device 185 user authentication 185 user name 91 V verification 187 W WiMAX radio frequency 66 security 187 spectrum range 66 WiMAX Forum 65 Wireless Interoperability for Microwave Access see WiMAX Wireless Metropolitan Area Network see MAN wireless network access 65 standard 65 wireless security 185 wizard setup 29 X XML 142 ...

Page 278: ...Index OX253P User s Guide 279 ...

Page 279: ...Index OX253P User s Guide 280 ...