Consult the table below for field descriptions. Field Description Filter Name The filter rule label IP Version Select from the drop down menu. Protocol TCP, TCP/UDP, UDP, or ICMP. Source IP address Enter source IP address. Source Port (port or port:port) Enter source port number or range. Destination IP address Enter destination IP address. Destination Port (port or port:port) Enter destination port number or range.
Consult the table below for field descriptions. Field Description Filter Name The filter rule label. IP Version Select from the drop down menu. Protocol TCP, TCP/UDP, UDP, or ICMP. Policy Permit/Drop packets specified by the firewall rule. Source IP address Enter source IP address. Source Port (port or port:port) Enter source port number or range. Destination IP address Enter destination IP address. Destination Port (port or port:port) Enter destination port number or range.
6.2.2 NOTE: MAC Filtering This option is only available in bridge mode. Other modes use IP Filtering to perform a similar function. Each network device has a unique 48-bit MAC address. This can be used to filter (block or forward) packets based on the originating device. MAC filtering policy and rules for the AR-5313u can be set according to the following procedure. The MAC Filtering Global Policy is defined as follows.
Click Save/Apply to save and activate the filter rule. Consult the table below for detailed field descriptions.
6.3 Quality of Service (QoS) NOTE: QoS must be enabled in at least one PVC to display this option. (See Appendix E - Connection Setup for detailed PVC setup instructions). To Enable QoS tick the checkbox and select a Default DSCP Mark. Click Apply/Save to activate QoS.
.3.1 QoS Queue Setup Configure queues with different priorities to be used for QoS setup. In ATM mode, maximum 16 queues can be configured. In PTM mode, maximum 8 queues can be configured. For each Ethernet interface, maximum 4 queues can be configured. To add a queue, click the Add button. To remove queues, check their remove-checkboxes (for user created queues), then click the Remove button. The Enable button will scan through every queues in the table.
Click Add to display the following screen. Click Apply/Save to apply and save the settings. Name: Identifier for this Queue entry. Enable: Enable/Disable the Queue entry. Interface: Assign the entry to a specific network interface (QoS enabled).
6.3.2 QoS Policer To remove policers, check their remove-checkboxes, then click the Remove button. The Enable button will scan through every policers in the table. Policers with enable-checkbox checked will be enabled. Policers with enable-checkbox un-checked will be disabled. The enable-checkbox also shows status of the policer after page reload. To add a policer, click the Add button. Click Apply/Save to save the policer.
Field Description Name Name of this policer rule Enable Enable/Disable this policer rule Meter Type Meter type used for this policer rule Committed Rate (kbps) Defines the rate allowed for committed packets Committed Burst Size (bytes) Maximum amount of packets that can be processed by this policer Conforming Action Defines action to be taken if packets match this policer Nonconforming Action Defines actions to be taken if packets do not match this policer 83
6.3.3 QoS Classification The network traffic classes are listed in the following table. Click Add to configure a network traffic class rule and Enable to activate it. To delete an entry from the list, click Remove. This screen creates a traffic class rule to classify the upstream traffic, assign queuing priority and optionally overwrite the IP header DSCP byte. A rule consists of a class name and at least one logical condition.
Click Apply/Save to save and activate the rule. Field Description Traffic Class Name Enter a name for the traffic class. Rule Order Last is the only option. Rule Status Disable or enable the rule. Classification Criteria Class Interface Select an interface (i.e. Local, eth0-4, wl0) Ether Type Set the Ethernet type (e.g. IP, ARP, IPv6).
6.4 Routing The following routing functions are accessed from this menu: Default Gateway, Static Route, Policy Routing, RIP and IPv6 Static Route. NOTE: 6.4.1 In bridge mode, the RIP menu option is hidden while the other menu options are shown but ineffective.
6.4.2 Static Route This option allows for the configuration of static routes by destination IP. Click Add to create a static route or click Remove to delete a static route. After clicking Add the following will display. IP Version: Select the IP version to be IPv4. Destination IP address/prefix length: Enter the destination IP address. Interface: select the proper interface for the rule. Gateway IP Address: The next-hop IP address. Metric: The metric value of routing.
6.4.3 Policy Routing This option allows for the configuration of static routes by policy. Click Add to create a routing policy or Remove to delete one. On the following screen, complete the form and click Apply/Save to create a policy.
6.4.4 RIP To activate RIP, configure the RIP version/operation mode and select the Enabled checkbox for at least one WAN interface before clicking Save/Apply.
6.5 DNS 6.5.1 DNS Server Select DNS Server Interface from available WAN interfaces OR enter static DNS server IP addresses for the system. In ATM mode, if only a single PVC with IPoA or static IPoE protocol is configured, Static DNS server IP addresses must be entered. DNS Server Interfaces can have multiple WAN interfaces served as system dns servers but only one will be used according to the priority with the first being the highest and the last one the lowest priority if the WAN interface is connected.
6.5.2 Dynamic DNS The Dynamic DNS service allows you to map a dynamic IP address to a static hostname in any of many domains, allowing the AR-5313u to be more easily accessed from various locations on the Internet. To add a dynamic DNS service, click Add. The following screen will display. Click Apply/Save to save your settings. Consult the table below for field descriptions.
6.5.3 DNS Entries The DNS Entry page allows you to add domain names and IP address desired to be resolved by the DSL router. Choose Add or Remove to configure DNS Entry. The entries will become active after save/reboot. Enter the domain name and IP address that needs to be resolved locally, and click the Add Entry button.
6.5.4 DNS Proxy/Relay DNS proxy receives DNS queries and forwards DNS queries to the Internet. After the CPE gets answers from the DNS server, it replies to the LAN clients. Configure DNS proxy with the default setting, when the PC gets an IP via DHCP, the domain name, Home, will be added to PC’s DNS Suffix Search List, and the PC can access route with “Comtrend.Home”.
6.6 DSL The DSL Settings screen allows for the selection of DSL modulation modes. For optimum performance, the modes selected should match those of your ISP. DSL Mode Data Transmission Rate - Mbps (Megabits per second) G.Dmt Downstream: 12 Mbps Upstream: 1.3 Mbps G.lite Downstream: 4 Mbps Upstream: 0.5 Mbps T1.413 Downstream: 8 Mbps Upstream: 1.0 Mbps ADSL2 Downstream: 12 Mbps Upstream: 1.
DSL Mode Data Transmission Rate - Mbps (Megabits per second) SRA Enable Enables Seamless Rate Adaptation (SRA) Select DSL LED behavior Normal (TR-68 compliant): Select this option for DSL LED to operate normally (See menu 2.2 LED Indicator) Off:DSL LED will always be OFF G997.1 EOC xTU-R Serial Number Select Equipment Serial Number or Equipment MAC Address to use router’s serial number or MAC address in ADSL EOC messages Advanced DSL Settings Click Advanced Settings to reveal additional options.
6.7 Interface Grouping Interface Grouping supports multiple ports to PVC and bridging groups. Each group performs as an independent network. To use this feature, you must create mapping groups with appropriate LAN and WAN interfaces using the Add button. The Remove button removes mapping groups, returning the ungrouped interfaces to the Default group. Only the default group has an IP interface. To add an Interface Group, click the Add button. The following screen will appear.
Automatically Add Clients With Following DHCP Vendor IDs: Add support to automatically map LAN interfaces to PVC's using DHCP vendor ID (option 60). The local DHCP server will decline and send the requests to a remote DHCP server by mapping the appropriate LAN interface. This will be turned on when Interface Grouping is enabled. For example, imagine there are 4 PVCs (0/33, 0/36, 0/37, 0/38). VPI/VCI=0/33 is for PPPoE while the other PVCs are for IP set-top box (video).
The Interface Grouping configuration will be: 1. Default: ETH1, ETH2, ETH3, and ETH4. 2. Video: nas_0_36, nas_0_37, and nas_0_38. The DHCP vendor ID is "Video". If the onboard DHCP server is running on "Default" and the remote DHCP server is running on PVC 0/36 (i.e. for set-top box use only). LAN side clients can get IP addresses from the CPE's DHCP server and access the Internet via PPPoE (0/33).
6.8 IP Tunnel 6.8.1 IPv6inIPv4 Configure 6in4 tunneling to encapsulate IPv6 traffic over explicitly-configured IPv4 links. Click the Add button to display the following.
6.8.2 IPv4inIPv6 Configure 4in6 tunneling to encapsulate IPv4 traffic over an IPv6-only environment. Click the Add button to display the following.
6.9 Certificate A certificate is a public key, attached with its owner’s information (company name, server name, personal real name, contact e-mail, postal address, etc) and digital signatures. There will be one or more digital signatures attached to the certificate, indicating that these entities have verified that this certificate is valid. 6.9.1 Local CREATE CERTIFICATE REQUEST Click Create Certificate Request to generate a certificate-signing request.
The following table is provided for your reference. Field Description Certificate Name A user-defined name for the certificate. Common Name Usually, the fully qualified domain name for the machine. Organization Name The exact legal name of your organization. Do not abbreviate. State/Province Name The state or province where your organization is located. cannot be abbreviated. Country/Region Name The two-letter ISO abbreviation for your country.
IMPORT CERTIFICATE Click Import Certificate to paste the certificate content and the private key provided by your vendor/ISP/ITSP into the corresponding boxes shown below. Enter a certificate name and click the Apply button to import the certificate and its private key.
6.9.2 Trusted CA CA is an abbreviation for Certificate Authority, which is a part of the X.509 system. It is itself a certificate, attached with the owner information of this certificate authority; but its purpose is not encryption/decryption. Its purpose is to sign and issue certificates, in order to prove that these certificates are valid. Click Import Certificate to paste the certificate content of your trusted CA.
6.10 Power Management This screen allows for control of hardware modules to evaluate power consumption. Use the buttons to select the desired option, click Apply and check the response.
6.11 Multicast Input new IGMP or MLD protocol configuration fields if you want modify default values shown. Then click Apply/Save. Field Description Default Version Define IGMP using version with video server. Query Interval The query interval is the amount of time in seconds between IGMP General Query messages sent by the router (if the router is the querier on this subnet). The default query interval is 125 seconds.
Field Description Last Member Query Interval The last member query interval is the amount of time in seconds that the IGMP router waits to receive a response to a Group-Specific Query message. The last member query interval is also the amount of time in seconds between successive Group-Specific Query messages. The default last member query interval is 10 seconds. Robustness Value The robustness variable is a way of indicating how susceptible the subnet is to lost packets.
6.12 Wireless 6.12.1 Basic The Basic option allows you to configure basic features of the wireless LAN interface. Among other things, you can enable or disable the wireless LAN interface, hide the network from active scans, set the wireless network name (also known as SSID) and restrict the channel set based on country requirements. Click Apply/Save to apply the selected wireless options. Consult the table below for descriptions of these options.
Option Description Clients Isolation When enabled, it prevents client PCs from seeing one another in My Network Places or Network Neighborhood. Also, prevents one wireless client communicating with another wireless client. Disable WMM Advertise Stops the router from ‘advertising’ its Wireless Multimedia (WMM) functionality, which provides basic quality of service for time-sensitive applications (e.g. VoIP, Video). Enable Wireless Multicast Forwarding Select the checkbox to enable this function.
6.12.2 Security The following screen appears when Wireless Security is selected. The options shown here allow you to configure security features of the wireless LAN interface. Click Apply/Save to implement new configuration settings. WIRELESS SECURITY Setup requires that the user configure these settings using the Web User Interface (see the table below). Select SSID Select the wireless network name from the drop-down box. SSID stands for Service Set Identifier.
The settings for WPA authentication are shown below. The settings for WPA-PSK authentication are shown next.
WEP Encryption This option specifies whether data sent over the network is encrypted. The same network key is used for data encryption and network authentication. Four network keys can be defined although only one can be used at any one time. Use the Current Network Key list box to select the appropriate network key. Security options include authentication and encryption services based on the wired equivalent privacy (WEP) algorithm. WEP is a set of security services used to protect 802.
6.12.3 WPS Wi-Fi Protected Setup (WPS) is an industry standard that simplifies wireless security setup for certified network devices. Every WPS certified device has both a PIN number and a push button, located on the device or accessed through device software. The AR-5313u has a WPS button on the device. Devices with the WPS logo (shown here) support WPS.
IIa. PUSH-BUTTON CONFIGURATION The WPS push-button configuration provides a semi-automated configuration method. The WPS button on the rear panel of the router can be used for this purpose or the Web User Interface (WUI) can be used exclusively. The WPS push-button configuration is described in the procedure below. It is assumed that the Wireless function is Enabled and that the router is configured as the Wireless Access Point (AP) of your WLAN.
Enter STA PIN: a Personal Identification Number (PIN) has to be read from either a sticker or the display on the new wireless device. This PIN must then be inputted at representing the network, usually the Access Point of the network. B - For Unconfigured mode, click the Config AP button. Step 6: Activate the PIN function on the wireless client. For Configured mode, the client must be configured as an Enrollee. For Unconfigured mode, the client must be configured as the Registrar.
6.12.4 MAC Filter This option allows access to the router to be restricted based upon MAC addresses. To add a MAC Address filter, click the Add button shown below. To delete a filter, select it from the MAC Address table below and click the Remove button. Option Select SSID Description Select the wireless network name from the drop-down box. SSID stands for Service Set Identifier. All stations must be configured with the correct SSID to access the WLAN.
Enter the MAC address in the box provided and click Apply/Save.
6.12.5 Wireless Bridge This screen allows for the configuration of wireless bridge features of the WIFI interface. See the table beneath for detailed explanations of the various options. Click Apply/Save to implement new configuration settings. Feature Description AP Mode Selecting Wireless Bridge (aka Wireless Distribution System) disables Access Point (AP) functionality, while selecting Access Point enables AP functionality.
6.12.6 Advanced The Advanced screen allows you to configure advanced features of the wireless LAN interface. You can select a particular channel on which to operate, force the transmission rate to a particular speed, set the fragmentation threshold, set the RTS threshold, set the wakeup interval for clients in power-save mode, set the beacon interval for the access point, set XPress mode and set whether short or long preambles are used. Click Apply/Save to set new advanced wireless options.
Field Description Band Set to 2.4 GHz for compatibility with IEEE 802.11x standards. The new amendment allows IEEE 802.11n units to fall back to slower speeds so that legacy IEEE 802.11x devices can coexist in the same network. IEEE 802.11g creates data-rate parity at 2.4 GHz with the IEEE 802.11a standard, which has a 54 Mbps rate at 5 GHz. (IEEE 802.11a has other differences compared to IEEE 802.11b or g, such as offering more channels.
Field Description Fragmentation Threshold A threshold, specified in bytes, that determines whether packets will be fragmented and at what size. On an 802.11 WLAN, packets that exceed the fragmentation threshold are fragmented, i.e., split into, smaller units suitable for the circuit size. Packets smaller than the specified fragmentation threshold value are not fragmented. Enter a value between 256 and 2346. If you experience a high packet error rate, try to slightly increase your Fragmentation Threshold.
Chapter 7 Diagnostics You can reach this page by clicking on the following icon located at the top of the screen. 7.1 Diagnostics – Individual Tests The first Diagnostics screen is a dashboard that shows overall connection status. Click the Diagnostics Menu item on the left side of the screen to display the individual connections.
7.2 Fault Management Item Description Maintenance Domain (MD) Level Management space on the network, the larger the domain, the higher the level value Destination MAC Address Destination MAC address for sending the loopback message 802.1Q VLAN ID: [0-4095] 802.1Q VLAN used in VDSL PTM mode Set MD Level Save the Maintenance domain level. Send Loopback Send loopback message to destination MAC address. Send Linktrace Send traceroute message to destination MAC address.
7.3 Uptime Status This page shows System, DSL, ETH and Layer 3 uptime. If the DSL line, ETH or Layer 3 connection is down, the uptime will stop incrementing. If the service is restored, the counter will reset and start from 0. A Bridge interface will follow the DSL or ETH timer. The "ClearAll" button will restart the counters from 0 or show "Not Connected" if the interface is down.
7.4 Ping Input the IP address/hostname and click the Ping button to execute ping diagnostic test to send the ICMP request to the specified host.
7.5 Trace Route Input the IP address/hostname and click the TraceRoute button to execute the trace route diagnostic test to send the ICMP packets to the specified host.
7.6 System Utilization Click "Start" button to initialize CPU and Memory utilization calculation. Please wait 10 seconds for the test to run.
Chapter 8 Management You can reach this page by clicking on the following icon located at the top of the screen. The Management menu has the following maintenance functions and processes: 8.1 Settings This includes Backup Settings, Update Settings, and Restore Default screens. 8.1.1 Backup Settings To save the current configuration to a file on your PC, click Backup Settings. You will be prompted for backup file location.
8.1.2 Update Settings This option recovers configuration files previously saved using Backup Settings. Press Browse… to search for the file, or enter the file name (including folder path) in the File Name box, and then click Update Settings to recover settings. 8.1.3 Restore Default Click Restore Default Settings to restore factory default settings. After Restore Default Settings is clicked, the following screen appears.
