Home Page OfficeServ 7200 Data Server User Manual Table of Contents
Home Page Table of Contents Every effort has been made to eliminate errors and ambiguities in the information contained in this booklet. Any questions concerning information presented here should be directed to SAMSUNG TELECOMMUNICATIONS AMERICA. SAMSUNG TELECOMMUNICATIONS AMERICA disclaims all liabilities for damages arising from erroneous interpretation or use of information presented in this manual.
Home Page Table of Contents INTRODUCTION Purpose This document introduces the OfficeServ 7200 Data Server, an application of OfficeServ 7200, and describes procedures on installing and using the software. Document Content and Organization This document contains 3 chapters 3 annexes and an abbreviation as follows: Chapter 1. OfficeServ 7200 Data Server Overview This chapter briefly introduces the OfficeServ 7200 Data Server. Chapter 2.
Home Page Table of Contents Conventions The following special paragraphs are used in this document to point out information that must be read. This information may be set-off from the surrounding text, but is always preceded by a bold title in capital letters. WARNING Provides information or instructions that the reader should follow in order to avoid personal injury or fatality.
Home Page Table of Contents References OfficeServ 7200 General Description Guide The OfficeServ 7200 General Description Guide introduces the OfficeServ 7200 and provides system information including the hardware configuration, specification, and function. OfficeServ 7200 Installation Guide The OfficeServ 7200 Installation Guide describes the condition required for installation, the procedure of installation, and procedures on inspecting and starting the system.
Home Page Table of Contents SAFETY CONCERNS For product safety and correct operation, the following information must be given to the operator/user and shall be read before the installation and operation. Symbols Caution Indication of a general caution Restriction Indication for prohibiting an action for a product Instruction Indication for commanding a specifically required action © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents CAUTION War Security Warning Note that all external users are allowed to access the firewall when the Remote IP is set to ‘0.0.0.0’ and Port is set to ‘0:’. Setting IP Range The number of IPs for the ‘Local IP range’ and that for the ‘Remote IP range’ should be identical. For example, if the number of IPs for ‘Local IP range’ is 10 and that for ‘Remote IP range’ is 20, only 10 calls will be set. PPTP Setting in Windows XP/2000 In Windows XP/2000, the user can use DHCP client.
Home Page Table of Contents Using Web Browser Use Microsoft Internet Explorer 6.0 or higher as a Web browser to maintain OfficeServ 7200 Data Server. Delete Temporary Internet Files Delete Temporary Internet Files after upgrading Data Server package. After selecting the [Internet Explorer] Æ [Tools] Æ [Internet Options] menu, click the [Delete Cookies] and the [Delete Files] button in the [Temporary Internet files].
Home Page Table of Contents TABLE OF CONTENTS INTRODUCTION ...................................................................................................................................... 3 Purpose ......................................................................................................................... 3 Document Content and Organization............................................................................. 3 Conventions..........................................................
Home Page Table of Contents STP.............................................................................................................................. 64 IGMP Config ................................................................................................................ 66 QoS Config .................................................................................................................. 67 MISC Config ................................................................................
Home Page Table of Contents SIP ALG Menu ................................................................................................................. 129 Config ........................................................................................................................ 129 Management.............................................................................................................. 131 System Menu ..................................................................................
Home Page Table of Contents CHAPTER 1. OfficeServ 7200 Data Server Overview This chapter provides an overview of OfficeServ 7200 system and OfficeServ 7200 Data Server. OfficeServ 7200 Introduction The OfficeServ 7200 is a single platform that delivers the convergence of voice, data, wired, and wireless communications for small and medium offices.
Home Page Table of Contents OfficeServ 7200 Data Server Introduction The OfficeServ 7200 provides the functions below on the IP-based data server: Unmanaged Switch • • The switch performs the function of a layer 2 Internet switch as well as the Learning Bridge function based on the MAC address filtering and forwarding algorithm. The LIM module provides 16 LAN ports per module. Each port is 10/100 Base T, auto sending, full duplex. OS 7200 can support up to 8 unmanaged LIM.
Home Page Table of Contents Router • • • • • Multiple Network Interfaces: o 2 WAN Ethernet ports: auto-sensing 10/100Base-T and 10Base-T, supporting Point-to-Point, Point-to-Point over Ethernet (PPPoE) and DHCP client protocols. o 1 LAN Ethernet port: Enables a connection with a switch for LAN configuration. o 1 Serial WAN port: Enables dedicated data line service by being connected with DSU or CSU, which is a data line device. V.
Home Page • • Table of Contents Intrusion Detection System(IDS) o Detects and notifies an access to unauthorized areas by the access list. o Recognizes and notifies unauthorized packets by applying the basic intrusion rule for packets. o Detects and blocks DoS attacks such as SYN flood. Virtual Private Network(VPN) o The VPN capability creates encrypted ‘tunnels’ through the Internet, allowing branch offices or remote users to securely connect into the network from off-site.
Home Page Table of Contents CHAPTER 2. OfficeServ 7200 Data Server Installation This chapter describes the installation and login procedures for the OfficeServ 7200 Data Server. Installation Procedure OfficeServ 7200 Data Server software is installed on WIM board. The software package is composed of items described below: Package File Bootrom Package bootldr.img-vx.xx Description Boot ROM program bootldr.img-vx.xx.sum Main Package ds-pkg-vx.xx.tar.
Home Page • 2. Table of Contents If the shunt pin of JP1, 2, 3, 4 is directed to the front of the WIM board, connect the LAN port of the WIM board to one of the Ethernet port of the LIM board through a LAN cable. Connect a PC to a Ethernet port of the LIM board. Configuring the PCs This section describes how to configure your PC to communicate with the OS 7200 Data Server Management Web Browser. The instructions below apply only to Windows 2000 or XP computers.
Home Page 3. Table of Contents Click the [IP Address] tab and select Specify an IP address. Enter the following IP address: • • • IP Address: Enter a unique IP address that is not used by any other computer on the network connected to the OS 7200 data server. You can use an IP address in the ranges of 10.0.0.2 to 10.0.0.254. Subnet Mask: 255.255.255.0 Default Gateway: 10.0.0.1 (OS 7200 Data Server’s default IP address) Click the [OK] button in the Internet Protocol Properties window.
Home Page Table of Contents Starting up the OfficeServ 7200 Data Server The procedure for starting up the OfficeServ 7200 Data Server is as follows: 1. 2. Start the Internet Explorer and enter the IP address of the Data Server into the address bar. The login window shown below will appear: Login using the administrator ID and password. The default Login ID and Password are Admin and Admin respectively. Click the [OK] button to proceed.
Home Page 3. Table of Contents Click [Data] to use the menus for Data Server shown in the following window: When a ‘Data’ menu is selected, the submenus of the Data Server menu appear on the left section of the window. Descriptions on each submenu are provided in ‘Chapter 3. Using the OfficeServ 7200 Data Server’. Delete Temporary Internet Files Delete Temporary Internet Files after upgrading Data Server package.
Home Page Table of Contents CHAPTER 3. Using the OfficeServ 7200 Data Server This chapter describes how to use the menus of the OfficeServ 7200 Data Server. The menus of the OfficeServ 7200 Data Server are as follows: © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents Firewall/Network Menu Firewall/Network Menu provides a Configuration Wizard to setup the WAN1, WAN2, LAN, DMZ, and Serial network interfaces, as well as firewall and the communication policies between the firewall and each interface. Under this menus, you can also setup the Data Server Access Control List, Port Forward, and Filtering Services. Select [Firewall/Network] to display the submenus of Firewall/Network on the upper left section of the window.
Home Page Menu Management Submenu Table of Contents Description Config Sets firewall and network interface configuration. Port ACL Allows external users to access OS 7200 firewall. Port Forward Sets port forward to pass thru OS 7200 firewall. The incoming traffic is directed to specific local PCs based on one specified destination port number. Static NAPT Sets port forward to pass thru OS 7200 firewall.
Home Page Table of Contents Status The [Status] menu displays the setting of the WAN1, DMZ, LAN, WAN2, or SERIAL. Port Setup Procedure The WAN1, LAN, DMZ, WAN2, and SERIAL ports are set at the [Firewall/Network] Æ [Management] Æ [Config] menu. Refer to the description on the menu for the setup procedures. WAN1 The [Status] Æ [WAN1] menu shows the setting of WAN1, which is an external port using a public IP.
Home Page Table of Contents DMZ The [Status] Æ [DMZ] menu shows the setting of DMZ, which is an internal port using a private IP or public IP. LAN The [Status] Æ [LAN] menu shows the setting of LAN, which is an internal port using a private IP. WAN2 The [Status] Æ [WAN2] menu shows the setting of WAN2, which is an external port using a public IP. SERIAL The [Status] Æ [SERIAL] menu shows the setting of SERIAL, which is an external port using a public IP.
Home Page Table of Contents Network Status The [Status] Æ [Network Status] menu displays the current IP Address of WAN1, DMZ, LAN, WAN2, and SERIAL.
Home Page Table of Contents Management The [Management] menu sets ports related to firewall and network. Config The [Config] menu starts the configuration wizard which will guide through the settings of the WAN1, LAN, DMZ, WAN2, and SERIAL ports. Select [Management] Æ [Config] and set the items of each window.
Home Page Table of Contents Initial Setup 1. Select [Management] Æ [Config] and display the window shown below. The ‘NAT’ and ‘Packet Filtering’ items are originally disabled. Check the checkboxes to set the status to ‘On’ and click the [Run] button. If these items are checked, Click the [Next] button.
Home Page 3. Table of Contents New settings can be set or previously set setup files can be changed or executed from the following window. The IP of the LAN port is initially set to ‘10.0.0.1’. Check the ‘default’ item and click the [Next] button. Set Line Type for Each Port External ports (e.g., WAN1, WAN2, SERIAL) use public IPs while internal ports (e.g., DMZ, LAN) use public or private IPs.
Home Page Table of Contents WAN1 Setup 1. 2. The starting window for setting WAN1 as “Primary WAN line’ is shown below. Click the [Next] button to start setting the WAN1 port. Select the line type for Primary WAN line. Select one of the four applications shown below for the external network: Fixed IP: Select Fixed IP if your Internet service account uses Fixed IP (Static) IP assignment.
Home Page Table of Contents Caution Against Changing Network Interfaces If a network interface configuration (e.g., IP, gateway, and subnet mask) is changed during router regular operation, all the active IP sessions that are connected in the router will be disconnected. b. Primary PPPoE Client: Enter the ID and password to connect an external network where a dynamic IP will be assigned through PPPoE, and click the [Next] button. c.
Home Page Table of Contents PPPoE/DHCP/SDSL Settings The performance of data uploading or downloading speed depending on Internet Service Provider services. d. Primary VDSL line: External network using a VDSL modem. Enter ‘default’ into the ‘Mac address’ field to disable MAC authentication, and click the [Next] button. Enter a MAC address into the ‘Mac address’ field to use the MAC copy function.
Home Page • Table of Contents WAN1 DNS configuration: Enter the IP address of the DNS server. If PPPoE/DHCP is used, there is no need to manually enter these fields, ISP will automatically authenticate the DNS servers. DMZ Setup 1. 2. The starting window for setting WAN1 as “Primary WAN line’ is shown below. Click the [Next] button to start setting the WAN1 port. The starting window for setting DMZ ‘Internal Line’ configuration is shown below.
Home Page 3. Table of Contents Select the line type for the DMZ line. Select one of the three applications shown below for the DMZ port. DMZ port supports the following three line type: a. Internal private network: Use DMZ port as a second private LAN network behind the router’s firewall. b. Internal public network: Place DMZ port behind the router in the private network, but assign it with a public IP address to allow DMZ port accessible from the public network. c.
Home Page Table of Contents In the example shown below, allow the LAN interface as entered in the ‘Remote IP’ to access the DMZ servers as entered in the ‘Shared IP’. The Destination Port of ‘0:’ indicates all ports are allowed for access. Port Range Setting - When using ports from 0 to 100, enter ‘0:100’. - ‘0:’ indicates all ports. • Internal public network: Assign DMZ port public IP address under the Internal Line Network Interface and Internal Line Multi-IP Configuration.
Home Page Table of Contents Configure Internal line Public area from WAN for hosts that use DMZ as an internal public network, and click the [Next] button. Configure Internal line Public IPs accessible from WAN to allow external networks to access a specific server on the DMZ network inside the firewall that has a public IP. Under the DMZ shared IP device list, configure the devices from the LAN interface that can send packet to pass through the DMZ firewall and access the DMZ servers.
Home Page Table of Contents Under the Internal line DMZ configuration, configure the servers on the DMZ network. Enable port forwarding of a specific packet received through WAN public network to a host located in DMZ. • Src IP: Enter the source IP of a packet from public network to be forwarded to a port. • Netmask: Enter the netmask of a packet to be forwarded to a port. • Public IP: Enter the IP address of WAN. • Private IP: Enter the IP address of a host located in DMZ.
Home Page Table of Contents LAN Setup 1. 2. The below window shows the LAN was set to ‘Internal line’ at the
Home Page Table of Contents Under the LAN shared IP device list, configure the devices from the DMZ interface that can send packets to pass through the LAN firewall and access the LAN servers. Enter the DMZ interface as entered in the ‘Remote IP’ and enter the LAN servers to be shared in the ‘Shared IP’. The Destination Port of ‘0:’ indicates all ports are allowed for shared IP Device • Internal public network: Select this option to configure an internal network using a public IP.
Home Page Table of Contents Configure Internal line Public IPs accessible from WAN to allow external networks to access a specific server on the LAN network inside the firewall that has a public IP. Under the LAN shared IP device list, configure the devices from the DMZ interface that can send packets to pass through the LAN firewall and access the LAN servers. Enter the DMZ interface as entered in the ‘Remote IP’ and enter the LAN servers to be shared in the ‘Shared IP’.
Home Page Table of Contents In the example shown below, LAN IP of 10.0.0.1/24 is set. Under the Internal line DMZ configuration, configure the servers on the LAN network. Enable port forwarding of a specific packet received through WAN to a host located in LAN. • Src IP: Enter the source IP of a packet to be forwarded to a port. • Netmask: Enter the netmask of a packet to be forwarded to a port. • Public IP: Enter the IP address of WAN. • Private IP: Enter the IP address of a host located in DMZ.
Home Page Table of Contents WAN2 Setup 1. 2. 3. 4. If WAN2 was set to Primary WAN line, secondary WAN line, or Third WAN line, click [Next] button to proceed with the WAN2 Setup procedures. Follow the same setup procedures as described in WAN1 setup procedures. Configure WAN2 Outbound traffic configuration to specify packets that could be sent from LAN or DMZ interfaces via WAN2 interface.
Home Page Table of Contents SERIAL Setup The below window shows that SERIAL was set to ‘No line’ at the
Home Page Table of Contents • Primary CISCO: Select ‘Primary CISCO’ from the window and click the [Next] button to display the window shown below. Enter the items and click the [Next] button. The CISCO method refers to the HDLC supported by Cisco. • Primary PPP: Select ‘Primary PPP’ from the window and click the [Next] button to display the window shown below. Enter the address, netmask, and point-to-point items.
Home Page Table of Contents • Primary Frame Relay: Select ‘Primary Frame Relay’ from the window and click the [Next] button to display the window shown below. Enter the items in the Primary SERIAL Network Interface (Frame Relay) and Primary Additional Configuration menus. These values must match the corresponding values set in the frame relay service provider’s switch. Click the [Next] button.
Home Page Item N393[1~10,4] Table of Contents Description Range 1~10, default is 4. Monitored Events Counter. When a network becomes active, the number of successful exchanges of KeepAlive messages before the link is considered active. Saving Settings 1. 2. 3. The below window shows the firewall and network setup is complete. Click the [Next] button and proceed to the next window. Enter values in the Name and Description fields and click the [Next] button to save the settings in the database.
Home Page Table of Contents Port ACL If ‘Packet Filtering’ in ‘Firewall On/Off Setup’ is set to ‘Filtering on’ under [Management] Æ [Config], external users can not access the OfficeServ 7200 firewall. The [Port ACL] menu is used to allow a specific external IP to access the firewall. Select [Management] Æ [Port ACL] and set the IP address, port, and protocol, as shown below, and click the [OK] button: If the user sets the options as shown above, the server whose IP address is ‘211.217.127.
Home Page Table of Contents Port Forward The [Port Forward] menu is used to forward packets so that services of the internal server connected to the firewall can be used externally. For instance, assume that an internal server uses the public IP of the firewall as ‘211.217.127.70’ and the private IP as ‘10.0.0.100’. If the user uses the telnet server inside the firewall from a server on a network outside the firewall, the user can use telnet services using the Port Forward setting.
Home Page Table of Contents Static NAPT The ‘Static NAPT list’ window displays the settings of the [Static NAPT] menu. Also, this window displays the ‘VoIP NAPT’ setting in the DSMI menu as well as the user setting of the ‘Static NAPT’ menu. Click the [Edit] button to switch to a window where the user can enter the settings of Static NAPT. Network DB List The [DB List] menu is used to delete the settings file saved in the [Management] Æ [Config] menu. © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents Filtering Service The [Filtering Service] menu is used to block the internal local area network users from accessing to a specific URL or IP locations on the Internet. URL Filtering The [URL Filtering] menu is used to block access to a specific URL from an internal host or network. • • • SrcIP: An internal host or network where filtering will be performed. Enter the IP address to filter URLs from each host and the network address to filter URLs from each network.
Home Page Table of Contents IP Filtering The [IP Filtering] menu is used to block access to a specific service of an external IP by internal users. Enter the IP address and netmask in the ‘Src IP’ and ‘Netmask’ fields, and information on a specific service of the external network to which access will be blocked in the ‘Dest IP’, ‘Netmask’, ‘Dest Port’, and ‘Protocol’ fields. If the user enters the network IP and subnet in the Src IP and Netmask fields, the user can enable filtering of an entire network.
Table of Contents Home Page LAN Config The [LAN Config] menu sets the negotiation, speed, and transfer system for each port. Select the checkbox of the port to set and click [OK]. Click [Default] to reset to the default value. Item Negotiation Description - auto: Controls speed through negotiation. - force: Controls speed through enforcement. Set this item to ‘force’ when setting the Duplex item to ‘full’.
Home Page Table of Contents Switch Menus Select [Switch] to display the submenus of Switch on the upper left section of the window. Menu Port Submenu Description Config Sets the switch port environment. Statistics Displays the link status, speed, transmission system, and statistics of the switch port. VLAN Config Configures Virtual LAN(VLAN). Port VID Sets processing method for untagged packets when VLAN mode is set to ‘Tag-based VLAN’.
Table of Contents Home Page (Continued) Menu QoS Config Submenu - Description Processes Quality of Service by sequentially assigning priority to packets entering the switch or by enforcing priority on a specific port. MISC Config - Sets mirroring and other switching functions. Save Config - Saves setting to flash disk or initializes all setting values. Port The [Port] menu is used for setting port related functions and retrieving information on a port.
Home Page Item Port Table of Contents Description Manage 16 10/100MB Ethernet switch ports Select All to process all ports simultaneously. Active Use to activate and de-active the port. Negotiation - Auto: Controls speed through negotiation. - Force: Controls speed through enforcement. Set this item to ‘force’ when Full Duplex is selected for Speed. - Nway Force Speed/Dpx - Speed: By default the speed is set according to the value set in ‘Path Cost’ of the [Switch] Æ [STP] Æ [Port Config] menu.
Home Page Table of Contents Statistics The [Port] Æ [Statistics] menu provides a summary of the current switch’s status, including link status, speed, transmission system, and statistics. The numbers show the accumulated values for the period from the system boot up to date. The window is automatically updated every five seconds. Click the [Reset] button to initialize all values to ‘0’.
Home Page Table of Contents VLAN The [VLAN] menu is used for configuring Virtual LAN(VLAN). A Virtual LAN (VLAN) is a logical network grouping that provide separation of broadcast domains and functional work area to improve performance. Basically, creating a VLAN from a switch is logically equivalent of reconnecting a group of network device to another Layer 2 switch. However, all the network devices are still plug into the same switch physically.
Home Page Table of Contents Select ‘Port Based’ as the VLAN Operation Mode from the window. Select a VLAN and click the [Edit] button to display the window shown below. Select the target port at VLAN Members and click the [Save] button. Inter-VLAN Communication To perform communication between VLANs, enable the Inter-VLAN service. If the devices placed in a VLAN need to communicate with devices in a different VLAN, a shared port with connections to both VLANs needs to be present.
Home Page Table of Contents Packets not including tags are delivered to a single VLAN and its VLAN ID is defined in the menu [VLAN] -> [Port VID]. Tag Based VLAN is composed of tagged members and untagged members. This determines whether or not the system will remove (untag) tags before sending traffic out of each port. Select ‘Tag Based’ as the VLAN Operation Mode from the window 1. Type a name for the new VLAN. 2. Type a VID (between 3.
Home Page Table of Contents MAC Based VLAN Membership in MAC Based VLAN is based on assigning the MAC address of a device to a VLAN. VLAN is configured without information on port and the number of a VLAN member may change. The advantage of MAC based VLAN is that even if users relocate, they remain on the same VLAN as long as they stay connected to the same switch. Up to 1024 MAC members can be saved either in a single VLAN or in multiple VLANs.
Home Page Table of Contents Port VID If the VLAN mode is ‘Tag-based VLAN’, the Port VID is set at the [VLAN] Æ [Port VID] menu to determine the processing system for untagged packets. This feature is useful for accommodating devices that you want to participate in the VLAN but they don’t support tagging. OS 7200 switch allows user to set one PVID for each port, the range is 1 to 255 with default PVID of 1.
Home Page Table of Contents MAC The [MAC] menu is used for retrieving the address table of the switch or for setting Filtering MAC. Static Address Select [MAC] Æ [Static Address] to save a MAC address to the address table of a switch regardless of whether the device and switch is physically connected to the switch. This saves the switch from having to re-learn a device’s MAC address when the disconnected or powered-off device is active on the network again. Enter the MAC address and port No.
Home Page Table of Contents Dynamic Address Select [MAC] Æ [Dynamic Address] to retrieve the current MAC adress that the switch has learned. Select a MAC address and click the [Delete] button to delete the address. Filter Address MAC address filtering allows the switch to drop unwanted traffic. Traffic is filtered based on the destination addresses. Select the [Filter Address] menu and enter a MAC address to block the corresponding packet from the switch.
Home Page Table of Contents STP The [STP] menu is used to set the Spanning Tree Protocol (STP) function or to retrieve STP status. The Spanning Tree Protocol is a standardized method (IEEE 802.1D) to provide path redundancy while preventing endless loops of traffic in switched network. Loops occur when there are alternate routes between hosts. • To establish path redundancy, STP creates a tree that spans all of the switches in a network, forcing redundant paths into a standby state.
Home Page Table of Contents Port Config Select [STP] Æ [Port Config] to set or retrieve STP status. Item Port Description 16 switch ports are equipped in all. Select All to process all ports simultaneously. Path Cost Set the path cost of the port that switch uses to determine which port are the forwarding ports. The port with the lowest number will be selected as the forwarding port. Set to ‘100’ for 10 Mb/s, and to ‘19’ for 100 Mb/s.
Home Page Table of Contents IGMP Config The [IGMP Config] menu is used to efficiently process multicast packets through Internet Group Management Protocol(IGMP) snooping. IGMP is the standard for IP multicasting in the Internet. It is used to establish host membership in particular multicast groups on a single network. IGMP allows a host to inform its local router, using Host Membership Reports, which it wants to receive messages addressed to a specific multicast group.
Home Page Table of Contents QoS Config The [QoS Config] menu is used for processing QoS by sequentially assigning priority to packets entering the switch or by enforcing priority on a specific port. OfficeServ 7200 managed switch provides Layer 2 QoS functionality to better prioritize and manage packets. Item QoS Mode Description Select the QoS mode. - First Come First Service: The sequence of packets sent is depending on arrive orders. (QoS is not used.
Home Page Table of Contents MISC Config The [MISC Config] menu is used for setting the mirroring function and other switching functions. Port Mirror The Port Mirror is a method for monitoring traffic in switched networks. Traffic through ports can be monitored by one specific port. That is all traffic goes in or out of the monitored port will be duplicated into mirror port.
Home Page Item Table of Contents Description MAC Age-Out Set the time during which an updated MAC Delay Bound address(Learning) may remain in the address table. Default value is 300 sec. In case of the unmanaged LIM that is not controlled by WIM, if the LAN port is disconnected, the updated MAC address is automatically deleted in 300 seconds. Therefore, the new MAC address is not updated immediately when the LAN port is connected again.
Home Page Table of Contents Router Menus Select the [Router] menu to display the submenus of Router on the upper left section of the window. Menu General Submenu Description Show Route Displays the routing table of the Data Server. Management Starts or stops RIP and OSPF services, and can set whether to execute the services upon system rebooting. Config Static Route Sets static route. RIP config Sets RIP. OSPF config Sets OSPF.
Home Page Table of Contents Show Route Select [General] Æ [Show Route] to retrieve the routing table of the Data Server.
Home Page Table of Contents Config The [Config] menu is used for setting static route, RIP, and OSPF. Static Route Select [Config] Æ [Static Route] to set static route. Set the following items and click the [Save] button: • Current Configuration Status This window shows the routing table of the Data Server, which is same as that displayed on the window of the [Router] Æ [General] Æ [Show Route] menu.
Home Page • Table of Contents Input Configuration Command Select a command as shown above, or directly enter the static route setup command as shown below: The command execution result is directly applied to the window of the [Router] Æ [Config] Æ [RIP Config] menu.
Home Page • Table of Contents Command Help Select a RIP command from the ‘Command’ item and select an argument for the command from the ‘Argument’ item. For example, the arguments for the ‘distribute-list’ command are as follows: • Basic Command After entering the items, click the [OK] button to display the applied value on the window.
Home Page Table of Contents OSPF Config Select [Config] Æ [OSPF Config] to set OSPF. Set the following items and click the [Save] button. • Current Configuration Status This item displays the current OSPF status. The status is updated when the OSPF command entered into the window of the [Router] Æ [Config] Æ [Static Route] menu is executed. If set as ‘area 0.0.0.
Home Page Table of Contents • Basic Command After entering the items, click the [OK] button to display the applied value on the window. • Input Configuration Command Select a command, as if selecting one from the window, or directly enter an OSPF command and click the [OK] button. © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents QoS Menus Select the [QoS] menu to display the submenus of QoS on the upper left section of the window.
Home Page Table of Contents Group The [Group] menu is used to retrieve, set, edit, or delete a port group, an IP group, a filter group, or a class group. Port Group Select [Port Group] to retrieve, set, edit, or delete a port group. Click the [Add] button in the above window to display a window from which a port group can be set. Enter the group ID, group description, and port number, click the [Add] button, and click the [Save] button.
Home Page Table of Contents IP Group Select [IP Group] to retrieve, set, edit, or delete an IP group. Click the [Add] button in the above window to display a window from which an IP group can be set. Enter the group ID, group description, and port number, click the [Add] button, and click the [Save] button. Item ID Description Name of the IP group - Should include both letters and numbers. - Group ID shall start only with letters, not numbers. - No blanks should be left in between characters.
Home Page Table of Contents Filter Group Select [Filter Group] to retrieve, set, edit, or delete a filter group. If ‘dev_voip’ is registered as the filter group as shown above, the filtering rule is as follows: ‘Source’ and ‘Destination’ are set in the [Port Group] menu and [IP Group] menu. All TCP packet traffics of which the internal IP is Develop_Team(192.168.0.0/24) and the connection port is VoIP(10000~20000) are filtered with a priority of ‘1’.
Home Page Table of Contents Class Group Select [Class Group] to retrieve, set, edit, or delete a class group. A class includes information on the defined filtering rule and the bandwidth that should be assigned to the filtered traffic. Click the [Add] button in the window to display a window from which a class group can be set. Set the items and click the [Save] button. © SAMSUNG Telecommunications America, L.P.
Home Page Item Parent ID Table of Contents Description Due to the hierarchical characteristic of QoS, classes are classified into the root class(highest level class) and the leaf class(lowest level class) and into the parent class and the child class. If the target class is a child class of another class, set the parent class in the Parent ID item.
Home Page Table of Contents Policy The [Policy] menu is used for setting a class for a port. Enter the following items and click the [Save] button to select a class for a port. Item Description Port Select a port(select WAN1, DMZ, LAN, WAN2, or SERIAL) R2Q R2Q is used as a variable for calculating the amount of Deficit Round Robin(DRR).(Bps/r2q) Root Class Class connected to the port. Click the [Add] button and select the class group from the class group list.
Home Page Table of Contents Status The [Status] menu is used for displaying the class and filters assigned to each port in a tree structure. Management The [Management] menu is used to start or stop the execution of a QoS. Execution of the ‘Scheduling Parameter’ set at the [QoS] Æ [Group] Æ [Class Group] menu can also be started or stopped. Clicking the ‘Auto start’ item will automatically start the QoS service when the system is rebooted. © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents Status Menus Select [Status] to display the submenus of Status on the upper left section of the window. Menu Monitoring Submenu Description Sessions Displays IPs and ports connected to the Data Server.
Home Page Table of Contents Monitoring The [Monitoring] menu displays the connection status of the Data Server, and the network statistics of the Data Server in real time or in values accumulated during a certain period. Sessions The [Sessions] menu displays information on IPs and ports connected to the Data Server.
Home Page Table of Contents Traffic Rate Select [Monitoring] Æ [Traffic Rate] to display the network statistics of the Data Server in real time. Data is updated every 5 seconds. History Select [Monitoring] Æ [History] to display the Data Server network statistics in values accumulated yearly, monthly, weekly, and hourly. The History is useful for analyzing the traffic patterns and trends on the network, and establishing the normal operating parameters. © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents Statistics The [Statistics] menu displays the network statistics of the Data Server for each device and for each protocol. Devices Select [Statistics] Æ [Devices] to display traffic and error statistics showing bytes, packets, errors, drops, FIFO, Frame, Compressed, and multicast on the network. These statistics information is useful for detecting changes in traffic and error patterns of the network.
Home Page Table of Contents Protocols Select [Statistics] Æ [Protocols] to display the network statistics of the Data Server for the IP protocols, IP, ICMP, TCP, and UDP (Unit: Byte). Serial State This function is used to display multiple data traffic and status of the serial line. Item Description Input Rate Indicates the input packet rate. Input Indicates the number of input packets per second. packets/sec Output rate Indicates the output packet rate.
Home Page Item Table of Contents Description RTS Request To Send. Indicates the status of the DTE Receive Mode. CTS Clear To Send. Indicates the status of Tx/Rx setting. Services The [Services] menu is used to display the statuses of security, router, and management services, provided by the Data Server. If the ‘Auto Start’ item is checked ‘On’, the service will be started automatically when the system is rebooted.
Home Page Table of Contents Management This section displays the current status of management services: SM Module and Call, Feature Module. © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents VPN Menu The VPN capability creates encrypted ‘tunnels’ through the Internet, allowing branch offices or remote users to securely connect into the network from off-site. VPN in OfficeServ 7200 Data Server supports both IPSec and PPTP solutions. The IPSec solution is supported for siteto-site (OS 7200 to OS 7200) connections and for individual remote access, allowing up to 100 secure tunnels.
Home Page Table of Contents IPSec IPSec (IP Security) is the Internet standard protocol for tunneling, encryption, and authentication. IP Security Protocol (IPSec) provides security services in the IP layer through implementing Internet Key Exchange (IKE). IKE is an automatic keying mechanism, requiring two phases in establishment of a VPN tunnel. Phase one establishes the Internet Security Association Key Management Protocol (ISAKMP) tunnel that manages Phase two IPSec data tunnel.
Home Page Table of Contents Config Users are allowed to add, delete, and search an IPSec tunnel on the [IPSec] Æ [Config] menu, and to set detailed items.
Home Page Category Table of Contents Description RSA Key/ Selects host authentication method Pre-shared Key - RSA Key: Public key is RSA key of Local settings. Click the [Download] button to store /X.509 Cert RSA key to your PC, and send it to other PC through a path. After RSA key of Remote settings receives file in the target PC through a path, click the [Upload] button to enter a key value. - Pre-shared Key: Authentication method entering password. - X.
Home Page Table of Contents Advanced Click the [Advanced] button from the window to display the window below: Detailed items of IPSec can be set. The ‘Advanced’ menu is set only if the authentication is performed using X.509 Cert. Item Auth Description Select packet authentication protocol. - Authentication Header (AH): Allows data sender authentication. - Encapsulating Security Payload (ESP): Allows sender authentication and data encryption.
Home Page Table of Contents You may change the values of PFS or Key lifetime for compatibility with other systems. If ‘Left ID’ and ‘Right ID’ are not set, the IP address replaces the value. In X.509, enter the subject of a certification in ‘Left ID’ and ‘Right ID’ of ‘advanced’. Management The user allows/disallows executing IPSec services on the [IPSec] Æ [Management] menu.
Home Page Table of Contents Certification This function is used to issue/delete/download the CA certification and host certification, and to view a list of current certification. The table below explains the menu buttons: Item Description (CA) Add Creates the CA certification (CA) Delete Deletes the CA certification (Host) Add Creates the host certification (Host) Delete Deletes the host certification © SAMSUNG Telecommunications America, L.P.
Home Page Item Description Country name Country name(2 characters ex.
Home Page Table of Contents PPTP Point to Point Tunneling Protocol, PPTP, is a proposed standard sponsored by Microsoft as an extension of the Internet’s Point-to-Point Protocol. Any user of a PC with Windows 98 or above is able to use an Internet service provider to connect securely to OfficeServ 7200 data network. Since PPTP setting is convenient compared with IPSec and the client S/W is provided by Windows OS, the user can use VPN functions easily. OS 7200 supports a total of 25 PPTP connections.
Home Page Table of Contents Add Click the [Add] button from the window. Enter each item value and click the [OK] button to add a PPTP user. IP assignment to remote client could use either dynamic IP or static IP. Item Description User ID ID composed of certain letters Password Shared password Dynamic IP Enter dynamic IP to remote client Static IP Enter static IP to remote client(Enter IP address) Edit Click the [Edit] button from the window.
Home Page Table of Contents Management The user allows/dis-allows executing PPTP services on the [PPTP] Æ [Management] menu. Check the ‘Auto-start when system boots’ item and click the [OK] button to execute the PPTP services automatically while the system reboots. Users are allowed to set the IP range of the remote client that uses dynamic IP in the ‘Local IP range’ item, and set the IP range of PPP daemon responsible for remote client in the ‘Remote IP range’ item.
Home Page Table of Contents IDS Menu OfficeServ 7200 Intrusion Detection System is based on the open source, network intrusion detection software Snort. IDS service is capable of performing real-time traffic analysis and packet logging on IP networks. It provides defense by analyzing network traffic, blocking, or alerting when suspicious activity is detected. IDS rules can be downloaded and updated from the Snort website .IDS service can be activated on all WAN interfaces.
Home Page Table of Contents Log Analysis Analyze the logs detected by Intrusion Detection System (IDS) rule on the [Log Analysis] menu. Select the target Category to be analyzed, and click the [OK] button to display the corresponding log analysis for the category. Category Category Item Description Intrusion type Analyzes logs detected for IDS rule types. Source IP Analyzes logs for Source IP detected by IDS.
Home Page Table of Contents Select ‘Old Log’ and click [OK] to analyze old logs. Then, data on the old logs will be displayed in ‘Object Select’. Select ‘New Log’ and click [OK] to analyze the latest logs. Then, data on the latest logs will be displayed in ‘Object Select’. The default is ‘New Log’. If an IDS log does not exist, the ‘NO-Ids Log’ message will be displayed. Select ‘Old Log’ or ‘New Log’ from the window and then, select an option from ‘Object Select’.
Home Page Table of Contents Intrusion type Check ‘Intrusion type’ from the Category item of the window, and click the [OK] button to display the log analysis window below: Date indicates the time from the first detection to the last detection. Item Rate(%) Description Monitors logs detected by IDS according to type and displays logs as rate(%).
Home Page Item Table of Contents Description Num Number of logs detected by IDS for Source IP attacking the logs Remote host Host IP attacking logs detected by IDS Prio Risk level depending on the rules level of IDS - High: Rule level is one day(the highest risk level) - Med: Rule level is 2 or 3 days(mid level) - Low: Rule level is 4 days(low level) Description Type of logs detected by IDS Destination IP Check ‘Destination IP’ from the Category item of the window, and click the [
Home Page Table of Contents Destination Port Check ‘Destination Port’ from the Category item of the window, and click the [OK] button to display the log analysis window below: Date indicates the time from the first detection to the last detection. Item Num Description Numbers of detected by IDS according to port when attacked Destination IP is a network(e.g.
Home Page Table of Contents Configuration Set whether to apply Config file and Rule file before IDS implementation on the [Configuration] menu. After checking the risk level on the IDS Level Setup, click the [Save] button and go to IDS Rules Configuration to select rules. Last click the [OK] button to apply the rules to IDS Configuration file and to start IDS daemon. © SAMSUNG Telecommunications America, L.P.
Home Page • • • • • • Table of Contents IDS Level Setup: Categorized into the following four levels depending on risk level: Level setup Risk Description Priority 1 The highest risk(high) Only Priority 1 is detected by IDS Rules. Priority 2 Mid risk(med) Priority 1 and 2 are detected by IDS Rules. Priority 3 Mid risk(med) Priority 1, 2 and 3 are detected by IDS Rules. Priority 4 Low risk(low) Priority 1, 2, 3 and 4 are detected by IDS Rules.
Home Page Table of Contents Management The user allows/disallows executing IDS on the [Management] menu. Check the ‘Auto-start when system boots’ item and click the [OK] button. Then the IDS service automatically executed when the system reboots. Item Activity Description - Running: IDS is operating. - Stopped: IDS is not operating. Device Select equipment for applying IDS.
Home Page Table of Contents Rule Update Users are allowed to update new IDS rules on the [Rule Update] menu. Enter the target address in the ‘Path’ item, and click the [OK] button to download new rules. • • • • Current rule information: Displays the version of a rule and the time distributed. Rule update path: Enter the target address to download new IDS rules. When entering the target URL address, omit ‘http://’ as shown above. Default address is set to ‘www.snort.org/pub-bin/oinkmaster.
Home Page Table of Contents Block Config Set to block the source IP which is detected by IDS on the [Block Config] menu, using system firewall. This function can be performed when the IDS are operating. Item Activity Description - Running: IDS Block server is operating. - Stopped: IDS Block server is not operating. Block time(sec) Set the time to block source IP detected by IDS.
Home Page Table of Contents Trusted IPs Click the [Show] button from the ‘Trusted IPs’ item of the window to display the window below: If the source IP detected by IDS is trusted, enter the target IP(or Network) and click the [Add] button to register the IP(or Network). Since internal network is registered with Trusted IPs, the internal network or WAN IP does not need to be registered. However, trusted IP(or Network) from external IPs should be registered.
Home Page Table of Contents Mail Config Set to send alarm messages (IDS logs) to the administrator when IDS is detected on the [Mail Config] menu. Item Server IP Description IP address of mail server Install mail server into internal network (e.g., LAN or DMZ) and enter internal IP. Port Simple Mail Transfer Protocol(SMTP) service port of mail server Typically port 25 is used. E-mail address Administrator’s email address, which will be received alarm messages(e.g., aaa@samsung.
Home Page Table of Contents DSMI Menu DSMI menu provides the following services: • Configuring Data Server Manager Interface (DSMI) communicating with the VoIP services provided by OfficeServ 7200. In OS 7200, MCP processes VoIP signaling and MGI processes the VoIP media.
Home Page Table of Contents (Continued) Menu DHCP Server Submenu Configuration Description Sets the internal network to operate the DHCP Server, and IP pool for a DHCP terminal. IP pool can be set for the Call Server, Feature Server, MGI, IP Phone, SIP Phone, and normal data terminal. Management Allows/Disallows executing DHCP Server. Set DHCP Server to be executed when the system reboots.
Home Page Table of Contents DSMI Configuration Set Data Server Module Interface (DSMI) environment on the [DSMI Configuration] menu. SM Interface System Manager is a network management tool which will be available in the future release. This menu is reserved for the future usage once the System Manager application is available. The item related with message data transmission for the communication with System Manager(SM) can be set in the [SM Interface] menu.
Home Page Category SM Module Item Alarm data Table of Contents Description When ‘Enable’ is set, alarm message, which occurs when the system is abnormal or a hacker attacked the system, is sent to the system manager through UDP port immediately. Event data When ‘Enable’ is set, system event message being generated is sent to the system manager through UDP port immediately.
Home Page Table of Contents Module Interface The program environment for the communication with the Call Server or with Feature Server can be set in the [Module Interface]. When the system reboots, default value is set as shown below: Item Description Data send to UDP port number UDP port information for the communication with the Call Server or Feature Server. Default is ‘5025’. Retry timeout (Sec) DSMI_CF, Call Server, Feature Server, and Data Server communicate based on UDP.
Home Page Table of Contents Management Program for the communication with SM or the communication with the Call Server or Feature Server can be executed or be stopped through the [Management] menu. Check the ‘Auto Start’ item. Then, the corresponding program starts automatically when the system reboots. Check the ‘SM module auto-start when firewall system boots’ or ‘Call, Feature module autostart when firewall system boots’ item and click the [OK] button.
Home Page Table of Contents DHCP Server OfficeServ 7200 provides DHCP service to network clients. This service dynamically assigns IP addresses to network data terminals or Samsung IP telephones, so you do not need to manually assign an IP address to each one. Set equipment to operate the DHCP Server on the [DHCP Server] menu and allow or disallow the DHCP Server operation.
Home Page Item Table of Contents Description Sub Network Sub network data Value set on the [Firewall/Network] Æ [Management] Æ [Config] menu. This value can be changed on the menu. Broadcast Address Broadcast address Value set on the [Firewall/Network] Æ [Management] Æ [Config] menu. This value can be changed on the menu. Router Address Router address Value set on the [Firewall/Network] Æ [Management] Æ [Config] menu. This value can be changed on the menu.
Home Page Table of Contents Feature Server Feature Server is reserved for the future IP UMS application release. Set the IP of the Feature Server. When the Feature Server operates in DHCP mode, select the ‘Host’ option (which will be automatically set to ‘SME_FEATURE’) to allocate an IP address to the Feature Server. MGI Cards Set the location and IP address of the MGI card mounted on the system. • MGI Cards Slots Select: check the cabinet-slot location of MGI card installed on the system.
Home Page Table of Contents IP Phone Allocate the IP range for the IP phone using DHCP mode. The DHCP IP pool allocated in this menu is set to authorize an IP phone of the ITP-5000 series to receive an IP address. Item IP Range Description IP range of IP phone(Maximum number of IP phone is 120) If one IP is entered, enter like ‘192.168.0.20~20’.
Home Page Table of Contents SIP Phone Allocate the IP range of standard SIP phone on the DHCP mode. Item IP Range Description IP range of SIP phone(Maximum number of IP phone is 120) If one IP is entered, enter like ‘192.168.0.40~40’.
Home Page Table of Contents Management Select the [DHCP Server] Æ [Management] menu to allow/disallow operating the DHCP Server. Check the ‘Auto Start’ item. Then, the service is provided automatically while the system reboots. VoIP Status Displays the OfficeServ 7200 systems VoIP status. © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents Leases Status Select [DHCP Server] Æ [Leases Status] menus. Then, the IP address allocated by the DHCP Server to the data terminal will be displayed. VoIP NAPT OfficeServ 7200 Data Server NAPT service allows many private IP addresses to be multiplexed as a single public IP address and port.
Home Page Table of Contents SIP ALG Menu SIP ALG allows SIP (Session Initiation Protocol) software or hardware clients to setup, tear down, and pass voice and call control messages seamlessly through the OfficeServ 7200 NATenabled firewall. Select [SIP ALG] to display the submenus of SIP ALG on the upper left section of the window. Menu Config Management Description Sets SIP environment Allows/Disallows SIP ALG implementation. Set SIP ALG to be executed when the system reboots.
Home Page Table of Contents Map List Enter SIP devices data inside of the firewall. If an IP or phone number does not exit in the SIP message sent from the outside of a firewall, the SIP message is converted and sent to the IP terminal set in the ‘default’ item. Thus, enter the target value into this item. Since setting is convenient if all traffic is regarded as the calls of a digital phone through the Call Server, the IP of the Call Server should be entered in the ‘default’ item.
Home Page Table of Contents Management Select the [Management] menu to allow/inhibit operating SIP ALG. Check the ‘Auto Start’ item. Then, the service is provided automatically when the system reboots. Click the [Run] button to operate the SIP ALG and the following window is displayed: The window above displays when SIP ALG is executed normally. However, errors are found, the ‘operation canceled’ message is displayed. © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents System Menu Select [System] to display the submenus of System on the upper left section of the window. Menu DB Config Submenu Change Description Changes the operating DB to other saved or default DB. Save/Delete Import/Export Saves or deletes DB. Imports the DB to Admin terminal for backup or exports the DB from terminal for restore. Log Time Config Config Sets type of logs to be recorded. Report Searches logs according to type and time.
Home Page Table of Contents (Continued) Menu Upgrade Submenu S/W upgrade Description Upgrades DB package, Kernel, Ramdisk, and Application. Appl Server DB upgrade Upgrades DB to the latest package version. - Executes Telnet, FTP, and SSH services to connect to OfficeServ 7200 Data Server remotely. Reboot - Reboots the system DB Config Users are allowed to save or delete DB, or to change the operating DB to other DB on the [DB Config] menu.
Home Page Table of Contents Select ‘Default DB’ and click the [Change] button. Then, initial DB is initialized and changed as shown below: initcf is the initial DB. When the Default DB is selected, the system is initialized. Thus, connect to the web manager through the LAN port(10.0.0.1) of the internal network. Save/Delete Users are allowed to save the current operating DB, or delete the DB saved on the [Save/Delete] menu. Enter the DB name and description and click the [Save] button to save the DB.
Home Page Table of Contents Import/Export Users are allowed to import the DB to be backed up to the operating terminal on the [Import/Export] menu, or export the backup DB from a terminal. Import DB file should be saved in a terminal to import the DB. Enter the DB file location, or click the [Browse] button to select the target file, and click the [Import] button. Then, the DB is registered on the window.
Home Page Table of Contents Log Users are allowed to search or download logs while logs are set to be recorded on the [Log] menu. Config Set logs to be recorded on the [Log Config] menu. Set the logs to be recorded to ‘On’, and otherwise, set to ‘Off’. Log types are as follows: • System log: System related log • PPTP log: Log related with PPTP protocol of VPN • IPSec log: Log related with IPSec protocol of VPN Report Search logs according to type and time on the [Log Report] menu.
Home Page Table of Contents Select the type and time of logs, and click the [OK] button to display the window below: © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents Download Users are allowed to download all log files saved to a local computer on the [Log Download] menu. Time Config The OfficeServ 7200 Data Server uses the time configuration to time stamp log events, and perform other activities for other internal purposes. Users are allowed to set the date and hour of the system on the [Time Config] menu.
Home Page Table of Contents SNTP server Select the SNTP server option. Then, the window below will appear. Register a server from which information on date and time will be imported and set the Synchronization Interval for the interval of time between each request the OS 7200 sends out to the time server. Then, click [OK]. Manual Select the Manual option. Then, the window below will appear. Enter date and time manually and click [OK].
Home Page Table of Contents Management Select the [Time Config] Æ [Management] menu and set the time. If the system time is set by SNTP, select Time Setting to register and receive the date and hour from the configured SNTP server. If the ‘Auto Start’ item is checked, the service is provided automatically when the system reboots. © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents Upgrade Users are allowed to upgrade Kernel, Ramdisk, Application, and DB package on the [Upgrade] menu. ‘ds-pkg-vx.xx.tar.gz’ File This file is for the system upgrade used in [System] Æ [Upgrade] Æ [Package]. System DB maintains after this file is upgraded. S/W Upgrade Set the package version and upgrade method on the [Upgrade] Æ [S/W upgrade] menu. The upgrade methods are categorized into TFTP type and HTTP type.
Home Page Table of Contents Upgrade Through HTTP Users are allowed to upgrade the OfficeServ 7200 system by uploading the upgrade file from a terminal where package file to be upgraded exists. Enter the package version to be updated in the ‘Package Version’ field and click the ‘HTTP’ and click the [OK] button to display the window below: Select the file to be uploaded of a terminal and click the [OK] button to upgrade. After the upgrade ends successfully, the OfficeServ 7200 system reboots.
Home Page Table of Contents Appl Server If the SSH, Telnet, and FTP services are selected on the [Appl Server] menu, the user can access the WIM board from a remote area. In addition, If the ‘Auto Start’ item is checked, the service is provided automatically when the system reboots. Assigned Active Channel to ‘Response Status’ - SSH can be accessed regardless of external network or internal network.
Home Page Table of Contents Connecting via Telnet © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents Connecting via FTP © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents Connecting via SSH OfficeServ 7200 supports SSH, Secure Shell, allowing secure access to the Command Line Interface via an encrypted path between the system and the management station. SSH uses a client/server architecture. A public or commercially available SSH client is required to be installed on the Admin terminal. The example shown below uses SSH connection client Putty.
Home Page Table of Contents Reboot Users are allowed to reboot the system on the [Reboot] menu. If the [OK] button is clicked, all services ends and the system reboots. Then, since the Data Server web screen does not operate until the network and services start to be executed, close the web screen and reconnect the system. © SAMSUNG Telecommunications America, L.P.
Home Page Table of Contents Home, My Info & Logout Menus are found in the upper right corner of the web-based management window after logging into the Data Server management. The navigation menu contains the following three menus: • Home – Home menu brings the user back to the OfficeServ 7200 Data introduction page. • My Info – My Information page provides the Administrator’s log in ID and IP. The administrator login password can also be changed under this menu.
Home Page Table of Contents ANNEX A. VPN Setting in Windows XP/2000 If IPSec and PPTP should be set on the [VPN] menu of the OfficeServ 7200 Data Server, VPN client should be also set on the MS Windows. This section describes how to set VPN on the Windows XP. The Windows 2000 case is similar with the Windows XP case. Under the following network environment, the setting procedures of IPSec and PPTP are as follows: • External IP address of the OfficeServ: 211.217.127.
Home Page 1. 2. 3. Table of Contents Select the [Start] Æ [Run] in the task bar and execute ‘mmc’ to display the window below: In the console window, select the [File] Æ [Add/Remove Snap-in…]. In the , click [Add] to display the following window: Select ‘IP security policy management’ in the Add/Remove Snap-in… menu and click [Add]. Select ‘Local computer(T)’in the window below and click [Finish]. © SAMSUNG Telecommunications America, L.P.
Home Page 4. 5. 6. Table of Contents Move to the window. Then, ‘IP Security Policies on Local Machine’ of the ‘Console Root’ is created. Select the item and right click the [Create IP Security Policy] menu. Click [Next] on the window to display the window below: Enter the Name and Description and click [Next].
Home Page 7. 8. 9. Table of Contents When the window is displayed, the created items are displayed. If the corresponding item is checked, release the check and click [Add]. Click [Add] on the window to display the window below: Select ‘The funnel endpoint is specified by this IP address’ and enter the fire wall external IP address(211.217.127.40). Click [Next].
Home Page 10. 11. 12. Table of Contents Click [Add] on the window to display the window below: Enter ‘outbound’ in the Name field and click [Add]. Click [Add] on the window to display the window below: Select ‘My IP address’ in the Source address field and click [Add]. Select ‘Specific IP Subnet’ in the target address and enter the internal network address(192.168.0.0) and subnet mask(255.255.255.0). Click [Next]. © SAMSUNG Telecommunications America, L.P.
Home Page 13. 14. 15. 16. Table of Contents Select ‘All’ from the protocol type selection and click [Add]. Check ‘Edit Properties(P)’ on the window and click [Finish]. Click [OK]. Then, the outbound item is created. Click [Add] to create the inbound item. Enter the ‘inbound’ in the Name field and click [Add] like step 10. The above steps 11 through 13 also apply to this procedure. Click [Add] to display the window below: Then, select the ‘outbound’ item and click [Next].
Home Page Table of Contents 17. Select the ‘Request Security [Optional]’ item and click [Edit]. 18. Select ‘Negotiate security’ and select ‘AH Integrity(None), ESP Confidential(3DES), ESP Integrity(MD5)’ in the Security Method preference order. Click [Move up] to move to the first row of the corresponding item. Check ‘Session key Perfect Forward Secrecy(PFS)’ and click [OK]. © SAMSUNG Telecommunications America, L.P.
Home Page 19. 20. 21. Table of Contents Check ‘Edit Properties’ and click [Finish] to display the window creating the outbound item. Click [Add] to create the inbound item. Click [Next] on the window to display the window below: Check ‘The tunnel endpoint is specified by this IP address’ and enter the IP address of a client PC. Click [Next]. Select Local Area Network(LAN) on the window and click [Next].
Home Page 22. 23. 24. Table of Contents Select the ‘inbound’ item in the step 16 window and click [Next]. Follow the step 17 and 18. Check ‘Edit Properties’ and click [Finish] to display the window below: Select the [General] tab and click [Advanced]. Check ‘Master key Perfect Forward Secrecy(PFS)’ and click [Methods…] in the window below: © SAMSUNG Telecommunications America, L.P.
Home Page 25. 26. Table of Contents Select ‘Encryption(3DES), Integrity(MD5), Diffie-Hellman(Med)’ in the window below and click [Move up] to move the first row of the corresponding item. Click [OK]. Select IP Security Policies on Local Machine’ on the window. Select the item newly created on the right corner of the window and right-click the [Assign] menu. Then, policy assignment is changed into ‘Yes’. © SAMSUNG Telecommunications America, L.P.
Home Page 27. 28. Table of Contents Select [Start] Æ [Program] Æ [Administrative Tools] Æ [Services] in the Window task bar and double click the ‘IPSec Services’ item. Click [Stop] and click [Start] to restart the service in the window below: © SAMSUNG Telecommunications America, L.P.
Home Page 29. Table of Contents Verify the connection status of the firewall internal IP address through the ping command at a command prompt. If responses like the window below are displayed, the IP address is properly connected. C:\>ping 192.168.0.1 Pinging 192.168.0.1 with 32 bytes of data: Negotiating IP Security. Reply from 192.168.0.1: bytes=32 time=5 ms TTL=255 Reply from 192.168.0.1: bytes=32 time=6 ms TTL=255 Reply from 192.168.0.1: bytes=32 time=4 ms TTL=255 Ping statistics for 192.168.0.
Home Page Table of Contents PPTP Setting Users are allowed to configure VPN with PPTP by using the installation CD and through Windows update in Windows XP/2000. PPTP Setting in Windows XP/2000 In Windows XP/2000, the user can use DHCP client. If VPN PPTP client is connected while the DHCP client is operating, errors will be found. To prevent this problem, close the DHCP client operation on the [Start] Æ [Program] Æ [Administrative Tools] Æ [Services] menu of the Windows PPTP client installed. 1. 2.
Home Page 3. Table of Contents Select [Start] Æ [Set] Æ [Network Connections] in the Windows task bar and select the host name entered in the window above to display the login window below: Enter the User name and Password to check if the VPN in a client is properly connected. Or, use the ping command like the step 29 of ‘IPSec Setting’ to check the connection status. After checking the VPN connection status, check if the shared directory of the internal computer connected to VPN can be accessed.
Home Page Table of Contents OfficeServ 7200 Data Server Quick Setup Guide: Network, Firewall & DHCP This Quick Setup Guide is designed to provide you with basic setup procedures of configuring your OfficeServ 7200 Data Server WAN1 port connecting to a DLS, Cable Modem or T1 for office wide Internet access sharing.
Home Page 7. Table of Contents Once the following window appears, enter the Login ID and Password. Default ID and Password are ‘admin’ ‘admin’. Overview Configure the WAN1 interface using a static public IP or a dynamic public IP and set the LAN port as an internal private network: y Set WAN1 port to an external public IP (e.g., ADSL static IP Service or T1 with static IP connecting via external CSU/DSU). y Set the LAN port to private network of 10.0.0.0/24. y Set the PC IP to the private network IP (e.
Home Page Table of Contents Setting Data Server 1. 2. Select the [Firewall/Network] Æ [Management] Æ [Config] menu. Check the ‘NAT’and ‘Packet Filtering’ items to enable these functionalities, and click the [Run] button to start the configuration. Click the [Next] button to move to the next step. 3. Click the [Start] button to perform the Firewall/Network function. © Samsung Telecommunications America, L.P.
Home Page 4. 5. Table of Contents In this Quick Setup Guide, we will only use WAN1 for internet connection and LAN port to manage your private local network. So set the WAN1 port to ‘Primary WAN Line’ and the LAN port to ‘Internal Line’. Click the [Next] button to move to the next step. Set the Primary Line Type 5.1. Static IP connection If a static IP is used through Internet Service Provider, set to ‘Fixed Line’. Click the [Next] button to move to the next step. 5.1.1.
Home Page 5.1.2. 5.2. Table of Contents If your Internet connection has multiple public IP addresses, under Primary Multi-IP configuration, click [Add] to add more public IP address. PPPoE (Point-to-Point Protocol over Ethernet) If you use a DSL line and your DSL-based ISPs use PPPoE to establish Internet connections, set the WAN1 Primary Line Type to ‘Primary PPPoE Client’. Click the [Next] button to move to the next step. © Samsung Telecommunications America, L.P.
Home Page 5.2.1. 5.3. Table of Contents Enter your User ID and Password and click the [Next] button. Obtain an IP Automatically If your ISP automatically assigns an IP address, set the WAN1 Primary Line Type to ‘Primary DHCP Client’. Click the [Next] button to move to the next step. 5.3.1. 6. 7. 8. The line will be automatically configured. Click the [Next] button to move to the next step. WAN1 ICMP Packet Reply settings determine if OS 7200 would respond to Ping command from external network.
Home Page 9. 10. Table of Contents Set the LAN port line type set as ‘Internal Line’ to ‘Internal private network’. Click the [Next] button to move to the next step. Set the LAN interface network. Enter 10.0.0.1 as IP. Click the [Next] button to move to the next step. © Samsung Telecommunications America, L.P.
Home Page 11. 12. Table of Contents Save the settings(Steps 1-10) in database. Click the [Next] button to move to the next step. To apply the settings to the system, click the [Save] button, and click the [OK] button. If the [OK] button is not pressed, the settings are not applied to the system. © Samsung Telecommunications America, L.P.
Home Page 13. Table of Contents Configuring Port Forwarding Go to [Firewall/Network] -> [Management] -> [Port Forward] to configure Port Forwarding. Although OfficeServ 7200 NAT router prevents Internet users from directly accessing the PCs on the LAN, the firewall allows you to direct incoming traffic to specific PCs based on the service port number of the incoming request. If a range of port is required to be specified, use the ‘Static NAPT’ menu. 14.
Home Page 15. Table of Contents Configuring Packet Filtering OS 7200 uses packet filtering to restrict the LAN network users from accessing the internet based on IP address and port and/or domain name and port. This can be configured under [Firewall/Network] Æ [Filtering Service] Æ [URL Filtering] and [IP filtering] menus. 16. Configuring DHCP Server OS 7200 dynamically assigns network configuration information to attached PCs or network devices on the LAN using DHCP.
Home Page 17. Table of Contents Create an IP Pool to be assigned from the DHCP service. The figure below shows that an IP Pool for a data terminal(PC) is created. If you want to create an IP Pool to be assigned to ITP, set the range of an IP to be assigned to ‘IP Phone IP Range’. If authentication method is set to ‘HOST’, the authentication is performed as the preset ‘HOST ID’. © Samsung Telecommunications America, L.P.
Home Page 18. 19. Table of Contents Go to [DSMI] -> [DHCP Server] -> [Management], press the [Run] button to execute the DHCP service. If the DHCP Server is required to automatically start when system reboots, check ‘DHCP Server auto-start when system boot’ and press the [OK] button. You can check the DHCP client lease status by selecting [Lease Status] Menu. © Samsung Telecommunications America, L.P.
Home Page Table of Contents OfficeServ 7200 Data Server Software Upgrade Quick Setup Guide This Quick Setup Guide is designed to provide you with basic setup procedures of upgrading your OfficeServ 7200 Data Server software. STEP 1: Install the WIM and LIM 1. Before you begin, power down the OfficeServ 7200 system. Insert WIM to Slot 1 and LIM to Slot 2 of the system (Basic or Expansion).
Home Page 4. Table of Contents Select Use the following IP address. Set the IP address to the following: IP Address: select from the range of 10.0.0.2 – 10.0.0.254 Subnet Mask: 255.255.255.0 Default Gateway: 10.0.0.1 5. Click the OK button to complete the PC configuration. STEP 3: WIM Software Upgrade 1. 2. 3. Open Microsoft Internet Explorer (version 6.0 or above) and enter the IP address of the LAN port on the WIM module in its Address field (The default is 10.0.0.1). Press the Enter key.
Home Page 4. 5. Table of Contents Under the Select package upgraded, enter the new WIM S/W package version X.XX in the Package Version field. Under the Select upgrade method, select the HTTP and click OK. If you are using Windows XP, please turn off the pop-ups blocker for the OS 7200 Data Web Management site (under Internet Explore Tools menu, select ‘Always Allow Pop-ups from This Site…). The File upload pop-up window appears.
Home Page 6. 7. Table of Contents Once the upgrade process is completed and successful, click OK to reboot the system. After the system is back in service, before log back into the Web Browser Data Server Management, please remember to clear the temporary cache in your Internet Explorer. Under Internet Explore, go to Tools -> Internet Options, and select Delete Files and Delete Cookies. © Samsung Telecommunications America, L.P.
Home Page ABBREVIATION A ALG Application Level Gateway AH Authentication Header ARP Address Resolution Protocol CTI Computer Telephony Integration DHCP Dynamic Host Configuration Protocol DNAT Destination Network Address Translation C D DNS Domain Name Server DRR Deficit Round Robin ESP Encapsulating Security Payload HDLC High-level Data Link Control E H Table of Contents
Home Page I IDS Intrusion Detection System IGMP Internet Group Management Protocol IKE Internet Key Exchange IPSec IP Security Protocol LAN Local Area Network L N NAT Network Address Translation NMS Network Management System PPP Point-to-Point Protocol PPPoE Point-to-Point Protocol over Ethernet PPTP Point to Point Tunneling Protocol P PVC Permanent Virtual Circuit PVID Port VLAN Identification S STP Spanning Tree Protocol SMTP Simple Mail Transfer Protocol SNAT Source Network