Trusted CA Certificates 4020210 Rev A 1 Click Security on the main screen. The MAC Filtering screen opens by default. 2 Click Certificate. The Local Certificates screen opens.
Chapter 6 Security Configuration 180 3 Click the Trusted CA tab. The Trusted CA (Certificate Authority) Certificates screen opens. 4 Click Import Certificate. The Import CA Certificate screen opens. 5 In the Certificate Name field, enter the name of the certificate. 6 In the Certificate area, copy and paste the contents of the certificate file provided by the service provider. 7 Click Apply to save the CA certificate on the residential gateway.
7 Chapter 7 Advanced Configuration The Advanced tab lets you to check the quality of service and IP traffic over your network and change the configuration. Use this chapter to check the status of the more advanced features of your residential gateway, such as port mapping and DNS server configuration, and to change the configuration. In This Chapter 4020210 Rev A Upstream Quality of Service ............................................................. 182 Remote Management .
Chapter 7 Advanced Configuration Upstream Quality of Service The Upstream Quality of Service screen allows you to configure the Quality of Service (QoS) settings for the residential gateway. Path: Advanced > QoS > Upstream Quality of Service Adding Upstream Quality of Service Settings To add upstream Quality of Service settings, complete the following steps. 1 182 Click Advanced on the main screen. The Upstream Quality of Service screen opens.
Upstream Quality of Service 2 Click Add. The Add Upstream QoS Rule screen opens. 3 In the Name field, enter the name of the QoS rule. 4 In the LAN Port field, select the LAN port for which you want to apply the rule. 5 In the Protocol field, select the protocol that you want to use from the following options: 4020210 Rev A TCP/UDP TCP UDP ICMP 6 In the IP Address field, enter the source and destination addresses.
Chapter 7 Advanced Configuration 10 In the MAC Mask field, enter the mask for the source MAC address from which the packets are being sent and the MAC Mask for the destination MAC address. A MAC mask of ff:ff:ff:00:00:00 matches all devices made by the same manufacturer (identified by the first three pairs of the MAC address). A MAC mask of ff:ff:ff:ff:ff:ff matches a single device. 11 In the DSCP Check field, select the matching DSCP value from the list of Diffserv code point.
Upstream Quality of Service 4020210 Rev A 2 Click Queues Configuration. The Queues Configuration screen opens. 3 Click Add to add a queue. 4 For the Queue Configuration Status, select Enable or Disable to enable or disable your queue configuration. 5 Select from the Queue drop-down list for the associated WAN interface or connection type for Queue. 6 For the Queue Precedence field, select the Precedence as the relative priority for the queue. A smaller number indicates a higher priority.
Chapter 7 Advanced Configuration Remote Management The Remote Management -- TR-069 Client screen allows an auto-configuration server (ACS) to perform auto-configuration, provisioning, collection of statistics, and diagnostics for this residential gateway. Path: Advanced > Remote Management Configuring the TR-069 Client Options To configure the TR-069 client options, complete the following steps.
Remote Management 1 Click Advanced on the main screen. The Remote Management -- TR-069 Client screen opens. 2 In the Inform field, choose one of the following options: Click Enable to enable the periodic "inform" messages from the residential gateway. Click Disable to disable the inform messages to the residential gateway. 3 In the Inform Interval field, enter the frequency that the inform messages are sent from the residential gateway to the auto-configuration server.
Chapter 7 Advanced Configuration Port Mapping The Port Mapping screen allows you to specify which traffic will be transmitted over the WAN interface. Traffic is classified by ingress port, such as Ethernet port, or by DHCP option settings. Port Mapping supports multiple ports to PVC and bridging groups. Each group will perform as an independent network. To support this feature, you must create mapping groups with appropriate LAN and WAN interfaces.
Port Mapping 4020210 Rev A 1 Click Advanced on the main screen. The Upstream Quality of Service screen opens. 2 Click the Port Mapping tab. The Port Mapping screen opens.
Chapter 7 Advanced Configuration 190 3 Click Add. The Port Mapping Configuration screen opens. 4 In the Group Name field, enter the name of the group. The group name must be unique. For example, enter IPTV. 5 For the Grouped Interfaces field, select interfaces from the Available Interfaces list and add them to the grouped interface list using the arrow buttons to create the required mapping of the ports.
Virtual Servers Setup Virtual Servers Setup The NAT -- Virtual Servers Setup screen allows you to configure servers to which you want to forward IP packets that belong to a specific service. Path: Advanced > IP Networking > NAT > Virtual Servers Adding a Virtual Server To add and configure a virtual server, complete the following steps. 4020210 Rev A 1 Click Advanced on the main screen. 2 Click IP Networking. The NAT screen opens.
Chapter 7 Advanced Configuration 3 192 Click Virtual Servers. The Virtual Servers screen opens.
Virtual Servers Setup 4 From the Virtual Servers Setup screen, click Add. The NAT -- Virtual Servers screen opens. 5 Under Server Name, choose one of the following: Click Select a Service, and choose a service from the drop-down list. OR 4020210 Rev A Click Custom Server, and enter a server name and the Server IP Address. 6 In the Server IP Address field, enter the IP address for the server.
Chapter 7 Advanced Configuration 10 In the Remote IP field, enter the service request (client) sender's IP address. Leave it blank to accept all incoming service requests regardless of the senders' IP address. 11 Click Save/Apply to add the virtual server. Removing a Virtual Server To remove a virtual server, complete the following steps. 194 1 Click Advanced on the main screen. 2 Click IP Networking. The NAT screen opens. 3 Click Virtual Servers. The Virtual Servers screen opens.
Port Triggering Setup Port Triggering Setup Some applications require that specific ports in the router's firewall be opened for access by the remote parties. The Port Triggering feature dynamically opens up the "Open Ports" in the firewall when an application on the LAN initiates a TCP/UDP connection to a remote party using the Triggering Ports feature. The router allows the remote party from the WAN side to establish new connections with the application on the LAN side using the open ports.
Chapter 7 Advanced Configuration 3 Click Port Triggering. The NAT -- Port Triggering screen opens. 4 From the NAT -- Port Triggering screen, click Add. The NAT Port Triggering screen opens with a list of available protocols. 5 Under Application Name, choose one of the following: Click Select an Application and choose an application from the drop-down list. OR 196 Click Custom Application, and enter a name for the application.
Port Triggering Setup 6 7 Complete the fields on the screen as follows: Under Trigger Port Start, enter the triggering port (start) that will cause the residential gateway to open up the incoming port for the particular LAN computer. Under Trigger Port End, enter the triggering port (end) that will cause the residential gateway to open up the incoming port for the particular LAN computer. Under Trigger Protocol, select TCP/UDP, TCP or UDP.
Chapter 7 Advanced Configuration 198 3 Click Port Triggering. The NAT -- Port Triggering screen opens. 4 From the NAT -- Port Triggering screen, click Remove in the Remove column next to the port you wish to close. 5 Click Remove. The port you selected is closed.
DMZ Host Setup DMZ Host Setup The NAT -- DMZ Host screen allows the IP packets from the WAN that do not belong to any of the applications configured in the Virtual Servers table to be forwarded to the DMZ (demilitarized zone) host computer. Path: Advanced > IP Networking > NAT > DMZ Host > NAT -- DMZ Host Activate the DMZ Host In the DMZ Host IP Address field, enter the computer's IP address and click Save/Apply to activate the DMZ host.
Chapter 7 Advanced Configuration DNS Server Configuration The DNS Server Configuration screen allows you to configure the Domain Name Server (DNS). If the Enable Automatic Assigned DNS check box is checked, the residential gateway will accept the first received DNS assignment from one of the PPPoA, PPPoE or MER/DHCP enabled PVC(s) during the connection establishment.
DNS Entries DNS Entries The DNS Entries page allows you to add domain names and the IP addresses to be resolved by the Gateway. You could add a DNS entry by entering the Domain name and the corresponding IP address in the fields. Click Save/Apply to save your settings.
Chapter 7 Advanced Configuration Dynamic DNS The Dynamic DNS screen allows you to alias a dynamic IP address to a static hostname in any of the many domains. The alias allows your DSL router to be more easily accessed from various locations on the Internet. Path: Advanced > IP Networking > DNS > Dynamic DNS Adding an Alias for A Dynamic IP Address to a Static Host Name To alias a dynamic IP address to a static host name, complete the following steps. 202 1 Click Advanced on the main screen.
Dynamic DNS 4020210 Rev A 3 Click DNS. The DNS screen opens. 4 Click Dynamic DNS. The Dynamic DNS screen opens. 5 Click Add on the Dynamic DNS screen. The Add dynamic DDNS screen opens.
Chapter 7 Advanced Configuration 6 In the D-DNS provider field, select the provider from the drop-down list. 7 In the Hostname field, enter the name of the host. 8 In the Interface field, select the interface from the drop-down list. 9 Under DynNDS Settings, enter your user name and password. 10 Click Save/Apply.
Nslookup Nslookup The Nslookup tool is a utility to look up information in the DNS (Domain Name System). Basically, DNS maps domain names to IP addresses. Type in the domain name in the field, and press Start to look up the IP address.
Chapter 7 Advanced Configuration Default Gateway Routing The Default Gateway screen allows you to make gateway assignments for devices that are connected to the residential gateway. Note: If you change the Enable Automatic Assigned Default Gateway check box from unselected to selected, you must reboot the router to get the automatic assigned default gateway. Path: Advanced > IP Networking > Routing > Default Gateway Assigning Default Gateways To assign a default gateway, complete the following steps.
Default Gateway Routing 3 Click Routing. The Routing screen opens. 4 Click Default Gateway. The Default Gateway screen opens. 5 Do you want to enable the automatic assigned default gateway? 6 4020210 Rev A If yes, be sure the Enable Automatic Assigned Default Gateway check box is checked. If this check box is checked, the residential gateway will accept the first received default gateway assignment from one of the PPPoA, PPPoE or MER/DHCP enabled PVC(s).
Chapter 7 Advanced Configuration Static Route The Residential Gateway lets you set up static routes when routing packets from a specific network to another. Path: Advanced > IP Networking > Routing > Static Route To add a static routing entry, complete the following steps. 1 Click Advanced on the main screen. 2 Click IP Networking. The NAT screen opens. 3 Click Routing. The Routing screen opens. 4 Click Static Route. The Device Info -- Route screen opens. 5 Click Add to add a new entry.
Ping Ping The ping utility could be used to test the connectivity with other network devices. Path: Advanced > IP Networking > Routing > Ping To test the connectivity with other devices (ping them), complete the following steps. 4020210 Rev A 1 Click Advanced on the main screen. 2 Click IP Networking. The NAT screen opens. 3 Click Routing. The Routing screen opens. 4 Click Ping. The Ping window opens.
Chapter 7 Advanced Configuration 5 210 Enter the IP address of a remote host and click Start Ping Processing. The Ping result appears on the screen as shown below.
Internet Group Management Protocol Internet Group Management Protocol The IGMP screen allows you to configure the Internet Group Management Protocol (IGMP) parameters. IGMP is a communications protocol that is used to manage the membership of Internet Protocol multicast groups. Routers use IGMP to manage multicasting. The IGMP messages are used to determine which host is part of which multicast group.
Chapter 7 Advanced Configuration 212 6 In the Last member Query Interval field, enter the interval in seconds. It is the amount of time in seconds that the IGMP router waits to receive a response to a Group-Specific Query message. 7 In the Last member Query Count field, enter the value in numbers. It is the number of Group-Specific Query messages sent upon receipt of a message indicating a leave. (The default is 2.) 8 Click Save/Reboot to save your changes and reboot the system.
IPSec Settings IPSec Settings The IPSec Settings screen allows you to configure IP security settings for the residential gateway. Path: Advanced > IP Networking > IPSec Adding an IPSec Connection To add an IPSec connection, complete the following steps. 4020210 Rev A 1 Click Advanced on the main screen. 2 Click IP Networking. The NAT screen opens. 3 Click IPSec. The IPSec Settings screen opens.
Chapter 7 Advanced Configuration 4 Click Add New Connection. The IPSec Settings screen opens. 5 In the IPSec Connection Name field, enter the name of the connection. 6 In the Remote IPSec Gateway Address field, enter the gateway address for the remote IPSec gateway. 7 In the Tunnel access from local IP addresses field, select Subnet or Single Address. 8 In the IP Address for VPN, enter the IP address for the VPN connection.
IPSec Settings If yes, in the Advanced IKE Settings field, click Show Advanced Settings to populate the screen with advanced settings. If no, go to step 20. 18 Complete the advanced settings as follows: a In the Phase 1 Mode field, select Main or Aggressive. b In the Encryption Algorithm field, select one of the following encryption algorithms: – 3DES – AES -128 – AES - 192 – AES - 256 c In the Integrity Algorithm field, select MD5 or SHA1.
8 Chapter 8 Customer Information Introduction This chapter provides contact information to obtain product support and return products for service. In This Chapter 4020210 Rev A Customer Support .............................................................................. 218 Return Products for Repair................................................................
Chapter 8 Customer Information Customer Support If You Have Questions If you have questions about this product, contact the representative who handles your account for information. If you have technical questions, telephone your nearest technical support office at one of the following telephone numbers.
Customer Support Australia Australia Sydney Technical Support Telephone: 011-61-2-8446-5374 Fax: 011-61-2-8446-8015 Japan Japan Tokyo Technical Support Telephone: 011-81-3-5322-2067 Fax: 011-81-3-5322-1311 Additional Information Access your company's extranet site to view or order additional technical publications. For accessing instructions, contact the representative who handles your account. Check your extranet site often as the information is updated frequently.
Chapter 8 Customer Information Return Products for Repair You must obtain a return material authorization (RMA) number before you send products to us for repair or upgrade. To return a product for repair or upgrade, complete the following steps.
Return Products for Repair 3 Pack the product in its original container and protective packing material. Important: 4 If the original container and packing material are no longer available, pack the product in a sturdy, corrugated box and cushion it with packing material that is appropriate for the method of shipping. You are responsible for delivering the returned goods to us safely and undamaged.
Cisco Systems, Inc. 5030 Sugarloaf Parkway, Box 465447 Lawrenceville, GA 30042 678.277.1000 www.cisco.com This document includes various trademarks of Cisco Systems, Inc. Please see the Notices section of this document for a list of the Cisco Systems, Inc. trademarks used in this document. Product and service availability are subject to change without notice. © 2009 Cisco Systems, Inc. All rights reserved.