UTT Routers/Firewalls Advanced Configuration Guide Version: ReOS V10 UTT Technologies Co., Ltd. http://www.uttglobal.
Copyright Notice Copyright © 2000-2011 UTT Technologies Co., Ltd. All rights reserved. Information in this document, including URL and other Internet Web site references, is subject to change without further notice. Unless otherwise noted, the companies, organizations, people and events described in the examples of this document are fictitious, which have no relationship with any real company, organization, people and event. Complying with all applicable copyright laws is the responsibility of the user.
FCC Warning This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. NOTE: Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.
UTT Technologies Table of Contents Table of Contents About This Manual................................................................................................................... 1 0.1 Scope ......................................................................................................................... 1 0.2 Web UI Style .............................................................................................................. 1 0.3 Documents Conventions ...........................
UTT Technologies Table of Contents 4.1 Running the Quick Wizard ..................................................................................... 37 4.2 LAN Settings ........................................................................................................... 38 4.3 Choosing an Internet Connection Type ............................................................... 38 4.4 Internet Connection Settings ................................................................................
UTT Technologies Table of Contents 5.7.1 System Log Settings ............................................................................................. 74 5.7.2 Viewing System Logs ........................................................................................... 75 5.8 Web Log................................................................................................................... 78 5.8.1 Enable Web Log ..............................................................................
UTT Technologies Table of Contents 6.3.5 Detection and Weight Settings ............................................................................ 110 6.3.6 Load Balancing List ............................................................................................. 112 6.3.7 How to Configure Load Balancing ....................................................................... 112 6.3.7.1 The Process of Configuring Load Balancing ............................................................ 112 6.
UTT Technologies Table of Contents 7.4.1 Introduction to Plug and Play.............................................................................. 139 7.4.2 Enable Plug and Play ......................................................................................... 139 7.5 SNMP ..................................................................................................................... 140 7.6 SYSLOG ...........................................................................................
UTT Technologies Table of Contents 7.8.5.1 DHCP Relay Agent Settings .................................................................................... 174 7.8.5.2 DHCP Relay Agent List ............................................................................................ 175 7.8.5.3 How to Configure DHCP Relay Agent ...................................................................... 176 7.8.6 Raw Option .....................................................................................
UTT Technologies Table of Contents 8.2.2.1 Global DMZ Host Settings ....................................................................................... 208 8.2.2.2 Interface DMZ Host Settings .................................................................................... 208 8.2.3 The Priorities of Port Forwarding and DMZ Host ............................................... 209 8.3 NAT Rule ......................................................................................................
UTT Technologies Table of Contents 9.2.2 Internet Access Control ...................................................................................... 231 9.3 PPPoE Account .................................................................................................... 233 9.3.1 PPPoE Account Settings .................................................................................... 233 9.3.2 PPPoE Account List ......................................................................................
UTT Technologies 11.1 Table of Contents User Admin............................................................................................................ 277 11.1.1 User Status List .................................................................................................. 277 11.1.2 Personal Rate Limit ............................................................................................ 279 11.1.3 Personal Internet Behavior Management .................................................
UTT Technologies Table of Contents 12.2.3 IP/MAC Binding Global Setup ............................................................................ 318 12.2.4 IP/MAC Binding List ............................................................................................ 319 12.2.5 How to Add the IP/MAC Bindings ....................................................................... 319 12.2.6 Internet Whitelist and Blacklist ............................................................................
UTT Technologies Table of Contents 12.7.3 Service Group List .............................................................................................. 357 12.7.4 How to Add the Service Groups ......................................................................... 357 12.7.5 How to Edit an Service Group ............................................................................ 358 12.8 Schedule .......................................................................................................
UTT Technologies Table of Contents 7. How to find out who uses the most bandwidth? ............................................... 411 8. How to troubleshoot faults caused by worm viruses or hacker attacks on the Device? ............................................................................................................................. 412 9. How to enable WAN ping respond?.................................................................... 416 Appendix C Common IP Protocols ...............
UTT Technologies About This Manual About This Manual Note For best use of our product, it is strongly recommended that you update Windows Internet Explorer browser to version 6.0 or higher. 0.1 Scope This guide describes the characteristics and features of the UTT Series Security Firewalls, which are based on ReOS V10 firmware platform. It mainly describes how to configure and manage the Device via Web UI. Please make sure that your Device¶s firmware version accords with ReOS V10.
UTT Technologies About This Manual List Box: It allows you to select one or more items from a list contained within a static, multiple line text box. Drop-down List: It allows you to choose one item from a list. When a drop-down list is inactive, it displays a single item. When activated, it drops down a list of items, from which you may select one. 0.3 Documents Conventions 0.3.1 Detailed Description of List The Web UI contains two kinds of lists: editable list and read-only list.
UTT Technologies About This Manual configured IP/MAC bindings and the maximum number of bindings supported by the Device is 500. : This drop-down list allows you to select the number of entries displayed per page. In this example, the available options are 10, 30 and 50, and the default value is 10. : Click it to jump to the first page. : Click it to jump to the previous page. : Click it to jump to the next page. : Click it to jump to the last page. : Click it to add a new entry to the list.
UTT Technologies About This Manual Figure 0-2 NAT Statistics First, Prev, Next, Last, Search and Lines/Page have the same meaning as the editable list. : Both display the number of entries in the listˈhere it means that there are four entries in the list. : Click to view the latest information in the list. : Click to clear all the statistics in the list. 0.3.1.
UTT Technologies About This Manual third time to sort them in descending order, and so forth. After sorted, the list will be displayed from the first page. 0.3.2 Keyboard Operation <>: It is used to represent the name of a key on the keyboard. For example, key represents the Enter key on the keyboard. 0.3.3 Other Conventions 0.3.3.1 Convention for a Page Path First Level Menu Name > Second Level Menu Name˄bold font˅means the menu path to open a page. E.g.
UTT Technologies 0.4 About This Manual Partial Factory Default Settings 1. The default administrator user name is Default (case sensitive) with a blank password. 2. The following table provides the factory default settings of the interfaces. Interface IP Address Subnet Mask LAN 192.168.16.1 255.255.255.0 WAN1 192.168.17.1 255.255.255.0 WAN2/DMZ 192.168.18.1 255.255.255.0 Table 0-1 Factory Default Settings of Interfaces 0.
UTT Technologies About This Manual the web page of the Device. Ɣ Shortcut Icons: Introduction to the shortcut Icons in the web page of the Device. How to configure the basic parameters to quickly connect the Device to the Internet, including: Ɣ LAN Settings: How to configure the IP address and subnet mask of the LAN interface. 4 Quick Setup Ɣ WAN Settings: How to configure the Internet connection on each WAN interface one by one.
UTT Technologies About This Manual address/domain name, and so on. Ɣ System Log: It displays the system logs; it also allows you to select the types of logs that you want the Device to store and display. Ɣ Application Traffic Statistics: It displays the traffic statistics of some special applications per Internet connection; it also displays each application traffic statistics per LAN user. Ɣ WAN Traffic Statistics: It displays traffic and rate related information of each Internet connection.
UTT Technologies About This Manual Ɣ PBR: How to configure PBR (Policy-Based Routing) based on source and destination addresses, protocols, ports, schedules, and other criteria. Ɣ DNS Redirection: How to configure DNS redirection feature which is used to redirect domain names directly to the specified IP addresses. Ɣ SNMP: How to configure SNMP (Simple Network Management Protocol). Ɣ DDNS: How to apply for DDNS account service and configure DDNS (Dynamic Domain Name System).
UTT Technologies About This Manual How to configure PPPoE server feature, including: Ɣ Global Settings: How to configure PPPoE server global parameters, e.g., enable PPPoE server; and IP addresses, gateway IP address and DNS servers IP addresses that will be assigned to the PPPoE dial-in users. Ɣ 9 PPPoE Account: How to configure PPPoE accounts.
UTT Technologies About This Manual Ɣ Internet Behavior Management: How to control and manage the Internet behaviors of the LAN users to improve bandwidth utilization and network security. Ɣ Policy Database: How to view the policy databases related information; and how to upload or update policy databases. Ɣ QQ Whitelist: How to configure QQ whitelist feature.
UTT Technologies About This Manual divide some discontinuous IP addresses into an address group, and then reference the address group in an access control rule or rate limit rule. Ɣ Service Group: How to configure service groups. It provides five types of services including general service, URL, Keyword, DNS and MAC address. It allows you to add multiple services into a service group, and then reference the service group in an access control rule or rate limit rule.
UTT Technologies About This Manual configure TCP/IP properties for Windows 95 and Windows 98. Ɣ Appendix B FAQ: Frequent questions and answers. Ɣ Appendix C Common IP Protocols: Provides the list of common IP protocol numbers and names. Ɣ Appendix D Common Service Ports: Provides the list of common service port numbers and names. Ɣ Appendix E Figure Index: Provides a figure index directory. Ɣ Appendix F Table Index: Provides a table index directory.
UTT Technologies Chapter 1 Product Overview Chapter 1 Product Overview Thanks for choosing UTT products from UTT Technologies Co., Ltd. This chapter describes the functions and features of the UTT products in brief. 1.
UTT Technologies 1.2 Chapter 1 Product Overview Main Features 1. LAN Interface Ɣ Multiple-port Switch: Provides an integrated multiple-port 10/100Mbps, each port supports auto MDI/MDI-X. Ɣ DHCP Server˖It can act as a DHCP server to dynamically assign IP addresses and other TCP/IP configuration parameters (such as gateway IP address, DNS and WINs server IP addresses) to the LAN hosts. Ɣ Multiple Subnets: It can be assigned multiple IP addresses to connect multiple subnets.
UTT Technologies Chapter 1 Product Overview Ɣ Supports management and control of multiple Internet services Ɣ Supports Internet harmful websites filtering Ɣ Supports IP packet filtering based on IP address, protocol and TCP/UDP port Ɣ Supports Web content filtering based on URL and keyword Ɣ Supports DNS request filtering Ɣ Supports MAC address filtering 4. IP QoS Ɣ Supports intelligent bandwidth management based on token bucket algorithm.
UTT Technologies Chapter 1 Product Overview Ɣ Special Application Supported: Supports the use of some special Internet applications, such as the Tencent QQ, online games, Video software, Audio software, and so on. Ɣ DDNS: Supports Dynamic Domain Name System (DDNS) service. Ɣ PPPoE Server: Supports rich PPPoE server features, which includes PPPoE account and MAC address binding, PPPoE account and IP address binding, and PPPoE IP and MAC address pair binding feature.
UTT Technologies 4. Supports L2TP server and client 5. Supports PPTP server and client 6.
UTT Technologies 1.5 Chapter 1 Product Overview Detailed Specifications Table The UTT products include multiple models. The features and specifications of each model are different. The following table lists detailed specifications for each model.
UTT Technologies Chapter 1 Product Overview Plug and Play 9 9 Express Forwarding 9 9 VLAN 9 9 Port Mirroring 9 9 Administrator Setup 9 9 System Time Setup 9 9 Firmware Upgrade 9 9 Backup & Restore Configuration 9 9 SNMP 9 9 SYSLOG 9 9 Remote Admin 9 9 PPPoE Server 9 9 PPPoE IP/MAC Binding 9 9 Account Billing of PPPoE Server 9 9 PPPoE Account Expiration Notice 9 9 PPPoE Session Status 9 9 User Statistics 9 9 NAT Statistics 9 9 DHCP Statistics 9 9 UTT
UTT Technologies Chapter 1 Product Overview Interface Statistics 9 9 Route Table 9 9 System Information 9 9 System Log 9 9 Intelligent Bandwidth Management 9 9 Web Log 9 9 P2P Traffic Rate Limiting 9 9 Application QoS 9 9 Application Traffic Statistics 9 9 WAN Traffic Statistics 9 9 Notice Feature 9 9 Domain Name Filtering 9 9 Domain Name Blocking Notice 9 9 Access Control List 9 9 Address Group 9 9 Service Group 9 9 Schedule 9 9 Internal and External Att
UTT Technologies Chapter 1 Product Overview Policy Database 9 9 ARP Spoofing Defense 9 9 NAT Session Limit 9 9 Web Authentication 9 9 9 9 VPN (PPTP/L2TP/IPSec) Table 1-1 Detailed Specifications UTT Technologies http://www.uttglobal.
UTT Technologies Chapter 2 Hardware Installation Chapter 2 Hardware Installation This chapter describes how to install the UTT products, which include UTT 2512, U2000. 2.1 Installation Requirements 1. A standard 10/100M or 10/100/1000M Ethernet network. 2. Each LAN PC needs an Ethernet card that works well. 3. TCP/IP should be installed on each PC properly. 4. You should have a DSL modem, cable modem or fiber optic modem. 5.
UTT Technologies 2.3 Chapter 2 Hardware Installation Installation Procedure of UTT 2512 1. Selecting the Proper Location Before installing the UTT 2512, you should make sure that it is powered off, and then select a proper location to install the UTT 2512. The UTT 2512 is designed as a desktop device, you can install it on a level surface such as a desktop or shelf.
UTT Technologies Chapter 2 Hardware Installation cable provided by the manufacturer, please use a standard network cable. 4. Powering On the UTT 2512 Connect the supplied power cord to the power connector on the back panel of the UTT 2512, and then plug the other end of the power cord to a grounded power outlet, lastly turn on the power switch on the back of the UTT 2512.
UTT Technologies Chapter 2 Hardware Installation The LED flashes when the Device is sending or TRF receiving data. The LED lights during startup. The LED will extinguish if there is no network traffic on the Device. The LED extinguishes when the Device is operating properly. FLT The LED will flash if a fault occurred in the Device. The LED lights during startup. And the Device will restart automatically after a certain number of flashes.
UTT Technologies 2.4 Chapter 2 Hardware Installation Installation Procedure of U2000 1. Selecting the Proper Location Before installing the U2000, you should make sure that it is powered off, and then select a proper location to install the U2000. As the U2000 is designed according to the 11-inch standard rack, you can install it in a standard rack. Also you can install it on a level surface such as a desktop or shelf.
UTT Technologies Chapter 2 Hardware Installation 10Mbps or 100Mbps. Figure 2-4 Connecting the U2000 to the LAN and Internet 3. Connecting the U2000 to the Internet Connect the network cable provided by the manufacturer from the DSL, cable or fiber optic modem to a WAN port of the U2000, see Figure 2-4. If you don¶t have a network cable provided by the manufacturer, please use a standard network cable. 4.
UTT Technologies Chapter 2 Hardware Installation power status, operational status and failures of the U2000, see Table 2-3 for detailed description. Ɣ The second group includes the twelve port LEDs on the right six columns, which indicate the status of each port, see Table 2-4 for detailed description. Each port has two LEDs, LEDs 1 through 4 are corresponding to LAN1 through LAN4 respectively, and LEDs 5 through 6 are corresponding to WAN1 through WAN2 respectively.
UTT Technologies LEDs Chapter 2 Hardware Installation Status During Startup Status During Operating The LED lights steady when a link between the Link/Act All the Link/Act LEDs flash firstly, corresponding port and another device is detected. and then they extinguish. The LED flashes when the corresponding port is sending or receiving data.
UTT Technologies UTT Technologies http://www.uttglobal.
UTT Technologies Chapter 3 Logging in to the Device Chapter 3 Logging in to the Device This chapter describes how to properly configure TCP/IP properties on the PC that you use to administer the Device, how to login to the Device, and how to use shortcut icons to fast link to the corresponding pages of UTT¶s website for the products information and services. 3.
UTT Technologies x Chapter 3 Logging in to the Device If the displayed page is similar to the screenshot below, it means that your PC has not connected to the Device. If failed to connect, please do the check according to the following steps: 1. Is the physical link between your PC and the Device connected properly? The Link/Act LED corresponding to the Device¶s LAN port and the LED on your PC¶s adapter should light. 2.
UTT Technologies 3.2 Chapter 3 Logging in to the Device Logging in to the Device No matter what operating system is installed on the PC, such as, MS Windows, Macintosh, UNIX, or Linux, and so on, you can configure the Device through the Web browser (for example, Internet Explorer). Once your PC is properly configured, please do the following to login to the Device: Open a Web browser, enter the Device¶s LAN IP address in the address bar (by default, the address is 192.168.16.
UTT Technologies Chapter 3 Logging in to the Device Figure 3-3 Homepage - System Info Page In the 'HYLFH¶V Web page, the system model and version are displayed at the top right corner, some shortcut icons are displayed at the top, and a toolbar is displayed below the shortcut icons. It allows you to click Add to Toolbar to add a shortcut menu for the current page to the toolbar.
UTT Technologies Chapter 3 Logging in to the Device Icons Product Firmware Datasheet Register Contact Forum Feedback UTT Description Click it to link to the products page of the UTT¶s website to find more products. Click it to link to the download page of the UTT¶s website to download the latest firmware. Click it to link to the download page of the UTT¶s website to download the product data, such as product manual, datasheet, etc. Click it to link to the 877 )RUXPV UHJLVWU\ SDJH RI WKH 877¶V ZHEVL
UTT Technologies Chapter 4 Quick Wizard Chapter 4 Quick Wizard This chapter describes the Basic > Quick Wizard page. The Quick Wizard allows you to configure the basic parameters to quickly connect the Device to the Internet. Before using Quick Wizard, you need properly install and configure TCP/IP properties on the LAN PCs. Refer to section 3.1 Configure Your PC for detailed operation. 4.
UTT Technologies 4.2 Chapter 4 Quick Wizard LAN Settings Figure 4-2 LAN Settings IP Address: It specifies the IP address of the LAN interface. The default value is 192.168.16.1. Subnet Mask: It specifies the subnet mask that defines the range of the LAN. The default value is 255.255.255.0 ¾ Back: Click it to go back to the previous page of the Quick Wizard. ¾ Next: Click it to go to the next page of the Quick Wizard to choose the Internet connection type. 4.
UTT Technologies Chapter 4 Quick Wizard Figure 4-3 Choosing an Internet Connection Type PPPoE: Some DSL-based ISPs use PPPoE to establish Internet connections for end-users. If you use a DSL line, check with your ISP to see if they use PPPoE, and then select the PPPoE radio button. Static IP: If you are required to use a static IP address, select the Static IP radio button. DHCP: If your ISP will dynamically assigns an IP address to the Device, select the DHCP radio button.
UTT Technologies 4.4 Chapter 4 Quick Wizard Internet Connection Settings 4.4.1 Notes on Internet Connection Settings 1. If you have changed the LAN IP address and saved the change, you should use the new IP address to re-login to the Device. And each LAN host¶s default gateway should be changed to this new IP address to access the Device and Internet normally. 2.
UTT Technologies Chapter 4 Quick Wizard Figure 4-4 Choose PPPoE as the Connection Type In the page of choosing an Internet connection type (see Figure 4-4), select the PPPoE radio button, and then click the Next button to go to the PPPoE Internet connection settings page, see Figure 4-5. Figure 4-5 PPPoE Internet Connection Settings User Name and Password: They specify the PPPoE login user name and password provided by your ISP. ¾ Back: Click it to go back to the previous page of the Quick Wizard.
UTT Technologies Chapter 4 Quick Wizard 4.4.3 Static IP Internet Connection Settings Figure 4-6 Choosing Static IP as the Connection Type In the page of choosing an Internet connection type (see Figure 4-6), select the Static IP radio button, and then click the Next button to go to the static IP Internet connection settings page, see Figure 4-7. Figure 4-7 Static IP Internet Connection Settings UTT Technologies http://www.uttglobal.
UTT Technologies Chapter 4 Quick Wizard IP Address: It specifies the IP address of the WAN interface, which is provided by your ISP. Subnet Mask: It specifies the subnet mask of the WAN interface, which is provided by your ISP. Default Gateway: It specifies the IP address of the default gateway, which is provided by your ISP. Primary DNS Server: It specifies WKH ,3 DGGUHVV RI \RXU ,63¶V SULPDU\ '16 server.
UTT Technologies Chapter 4 Quick Wizard 4.4.
UTT Technologies Chapter 4 Quick Wizard Figure 4-9 Viewing and Saving the Settings Made in the Quick Wizard 4.6 Summary Once clicked the Finish button in the confirmation page, you have completed the configuration of the most basic features through the Quick Wizard. If you cannot access the Internet through the Device yet, please check whether all the settings that you have made in the Quick Wizard are correct.
UTT Technologies Chapter 5 System Status Chapter 5 System Status This chapter describes the system status related pages, which provide a lot of operating status information and statistics of the Device. By viewing them, the network administrator can easily analyze the system status and monitor the activities on the Device.
UTT Technologies Chapter 5 System Status System Up Time: It displays the elapsed time (in days, hours, minutes and seconds) since the Device was last started. 5.1.2 System Resource Figure 5-2 System Resource Usage Information CPU: The real-time CPU usage information, which is displayed as a status bar and percentage. Memory: The real-time memory usage information, which is displayed as a status bar and percentage.
UTT Technologies Chapter 5 System Status tasks. 5.1.3 System Version Figure 5-3 System Version SN: It displays the internal serial number of the Device, which may be different from the SN found on the label at the bottom of the Device. Model: It displays the product model of the Device. Version: It displays the version of ReOS firmware running on the Device. 5.1.4 Port Information 5.1.4.
UTT Technologies Chapter 5 System Status 5.1.4.2 Interface Rate Chart The interface rate chart dynamically displays the real-time RX/TX rate, average RX/TX rate, maximum RX/TX rate and total RX/TX traffic of each physical interface. If you want to view the rate chart of an interface, click the corresponding interface name hyperlink. In the interface rate chart, the abscissa (x-axis) shows the time axis, and the ordinate (y-axis) shows the real-time RX/TX rate axis.
UTT Technologies Chapter 5 System Status opened the current page. Total: It indicates the total RX or TX traffic of the physical interface since last opened the current page. ¾ LAN/WANx: It allows you to click the interface name hyperlink to view the rate chart of the selected interface. Therein, x (value: 1, 2, 3, 4) indicates the corresponding WAN interface, and the number of WAN interfaces depends on the specific product model.
UTT Technologies 5.2 Chapter 5 System Status NAT Statistics Through the NAT Statistics list in the Status > NAT Stats page, you can view the NAT session details for each LAN user (host). Figure 5-6 NAT Statistics List ID: It is used to identify each entry in the list. Description: If the LAN user is an IP/MAC binding user, it displays the description of the user; else it is blank. IP Address: It displays the IP address of the LAN host.
UTT Technologies Chapter 5 System Status Tx Packets: It displays the number of packets uploaded by the LAN host through NAT function. Tx Broadcast Packets: It displays the number of broadcast and multicast packets transmitted from the LAN host to the Device. Total Sessions: It displays the total number of NAT sessions of the LAN host, which include those sessions that aren¶t being used now.
UTT Technologies 5.3 Chapter 5 System Status DHCP Statistics This section describes the Status > DHCP Stats page, including the DHCP Pool Statistics list, DHCP Server Statistics list, DHCP Conflict Statistics list, DHCP Client Statistics list and DHCP Relay Statistics list. 5.3.
UTT Technologies Chapter 5 System Status shown as DD: HH: MM: SS. Pool Name: It displays name of the DHCP address pool. Status: It displays the status of the IP address. The possible values are Detecting, Assigned, and Conflicted. x Detecting: It indicates that the DHCP server is detecting whether the IP address is already in use or not. x Assigned: It indicates that the DHCP server has assigned the IP address to the client.
UTT Technologies Chapter 5 System Status 5.3.2 DHCP Server Statistics List The DHCP Server Statistics list displays the DHCP server statistics, which includes the number of each type of DHCP message and the number of assigned IP addresses. The statistics is counted and displayed per physical interface. Figure 5-8 DHCP Server Statistics List Interface: The physical interface on which the DHCP server is applied.
UTT Technologies Chapter 5 System Status Inform: During the statistics interval, the number of DHCPINFORM messages that were received by the DHCP server. Unknown: During the statistics interval, the number of unknown packets. Client: During the statistics interval, the number of IP addresses that were assigned by the DHCP server. ¾ Clear: Click it to clear the DHCP server statistics in the list. ¾ Refresh: Click it to view the latest information in the list.
UTT Technologies Chapter 5 System Status ARP or ICMP. Detection Time: It displays the date (YYYY-MM-DD) and time (HH:MM:SS) when the IP address conflict was detected. ¾ Refresh: Click it to view the latest information in the list. 5.3.4 DHCP Client Statistics List The DHCP Client Statistics list displays the DHCP client statistics, which mainly includes the number of each type of DHCP message. The statistics is counted and displayed per physical interface.
UTT Technologies Chapter 5 System Status Decline: During the statistics interval, the number of DHCPDECLINE messages that were sent by the DHCP client. Nak: During the statistics interval, the number of DHCPNAK messages that were received by the DHCP client. Conflict: During the statistics interval, the number of address conflicts that were found by the DHCP server when trying to assign an address to the DHCP client.
UTT Technologies Chapter 5 System Status Discover: During the statistics interval, the number of DHCPDISCOVER messages that were relayed by the DHCP relay agent. Offer: During the statistics interval, the number of DHCPOFFER messages that were relayed by the DHCP relay agent. Request: During the statistics interval, the number of DHCPREQUEST messages that were relayed by the DHCP relay agent.
UTT Technologies 5.4 Chapter 5 System Status Interface Statistics The Interface Statistics list displays the traffic statistics of each physical interface, including the number of bytes, unicast packets, and non-unicast (i.e., multicast and broadcast) packets. Figure 5-12 Interface Statistics List ID: It is used to identify each interface of the Device. Interface/Direction: It displays the physical interface and the traffic direction. x In: The packets are received by the interface.
UTT Technologies Chapter 5 System Status 1. The statistics interval is the elapsed time since the last clear action. 2. The following characteristics indicate that the Device is in normal operation: x The number of packets received by the WAN interface(s) is close to those transmitted by the LAN interface. x The number of bytes received by the WAN interface(s) is close to those transmitted by the LAN interface.
UTT Technologies 5.5 Chapter 5 System Status Routing Table This section describes how to view and use the Routing Table in the Status > Route Stats page. A router (or gateway) is a device that forwards data packets along networks. One of the basic functions of the router is the ability to select an optimal transmission path for each received packet, and forward the packet to the destination site effectively.
UTT Technologies Chapter 5 System Status forward the packets. Interface: It displays the outbound interface through which the packets are forwarded to the next hop gateway or router.
UTT Technologies Chapter 5 System Status destination, the Device will choose the route with the lowest metric to forward the packets. Use: It indicates count of lookups for the route. Age: It indicates the elapsed time (in seconds) since the route was created in the routing table. ¾ Refresh: Click it to view the latest information in the list. ¾ Display Route Settings: Click it to go to the Advanced > Static Route > Static Route List page to view the configured static routes settings.
UTT Technologies 5.6 Chapter 5 System Status Session Monitor This section describes the Status > Session Monitor page, and it tells you how to monitor the Internet activities of the LAN users by the NAT Session List. This page displays the active NAT sessions on the Device, and it lets you filter and display sessions by certain criteria, such as source IP address, destination IP address/domain name, destination port, NAT translated IP address/domain name, and so on.
UTT Technologies Chapter 5 System Status model. z Source IP: Select it to display the active NAT sessions related to a LAN user, which is specified by entering his or her IP address in the Filter Value text box. You can use this option to search the Internet activities of the specified LAN user. z Destination IP/Domain: Select it to display the active NAT sessions related to an Internet site, which is specified by entering its IP address or domain name in the Filter Value text box.
UTT Technologies Chapter 5 System Status 5.6.2 NAT Session List Figure 5-15 NAT Session List ID: It is used to identify each entry in the list. Source IP: It displays the source IP address for the NAT session. Source Port: It displays the source port number for the NAT session. Protocol: It displays the protocol type (T:TCP, U:UDP, I:ICMP) or protocol number for the NAT session. Dest IP: It displays the destination IP address for the NAT session.
UTT Technologies Chapter 5 System Status to keep track of which hosts initiate data transfer. By keeping this record, the Device is able to correctly route responses. ¾ Clear: Click it to delete all of the dynamic NAT sessions in the list. Note The clear operation may disconnect the dynamic sessions that are being used now, so do it with caution. 5.6.3 Examples 5.6.3.1 Searching Internet Activities of the LAN User with IP Address 192.168.16.
UTT Technologies Chapter 5 System Status Figure 5-17 NAT Session List - Example1 5.6.3.2 Searching the LAN Users Accessing 200.200.200.251 Step 1 Go to the Status > Session Monitor page, see Figure 5-18. Step 2 Select Destination IP/Domain from the Filter Parameter drop-down list. Step 3 Enter 200.200.200.251 in the Filter Value text box. Step 4 Click the Search button to search and display all the matching NAT sessions in the NAT Session List, see Figure 5-19. http://www.uttglobal.
UTT Technologies Chapter 5 System Status Figure 5-18 Session Monitor Settings - Example2 Figure 5-19 NAT Session List - Example2 5.6.3.3 Searching the LAN Users Using MSN Step 1 Go to the Status > Session Monitor page, see Figure 5-20. Step 2 Select Destination Port from the Filter Option drop-down list. Step 3 Enter 1863 in the Filter Value text box, or select 1863 (MSN) option from the Predefined Port drop-down list directly.
UTT Technologies Chapter 5 System Status Figure 5-20 Session Monitor Settings - Example3 Figure 5-21 NAT Session List - Example3 5.6.3.4 Searching Internet Activities of the LAN users Using WAN1 IP address Note http://www.uttglobal.
UTT Technologies Chapter 5 System Status When using multiple Internet connections, you can go to the Basic > WAN page to view the WAN List to find the WAN1 IP address. Step 1 Go to the Status > Session Monitor page, see Figure 5-22. Step 2 Select the NAT Translated IP/Domain from the Filter Option drop-down list. Step 3 Enter 200.200.202.134 in the Filter Value text box. The WAN1 IP address is 200.200.202.134 in this example.
UTT Technologies Chapter 5 System Status Figure 5-23 NAT Session List - Example4 http://www.uttglobal.
UTT Technologies 5.7 Chapter 5 System Status System Log In the Status > System Log page, you can view the system logs; also you can select the types of logs that you want the Device to store and display. 5.7.1 System Log Settings Figure 5-24 System Log Settings Select All: It selects or unselects all the check boxes below. If you want to enable all the provided system log features at a time, please select this check box.
UTT Technologies Chapter 5 System Status this check box. Enable ARP Log: It allows you to enable or disable ARP log. If you want the Device to store and display the ARP related logs in the System Log, please select this check box. Enable Other Log: It allows you to enable or disable other log. If you want the Device to store and display other logs in the System Log, please select this check box. ¾ Save: Click it to save the system log settings. 5.7.
UTT Technologies Chapter 5 System Status System Log Meaning Keyword Sample The specified physical interface is enabled. Ethernet Up ieX ie0: LAN; ie1~ie4: WAN1~WAN4. MAC New 00:22:aa:00:22:bb The new MAC address of the specified user. MAC Old 00:22:aa:00:22:aa The old MAC address of the specified user. ARP SPOOF 192.168.1.1 Session Up PPPOE The MAC address of the user with IP address 192.168.1.1 has changed. The Device has successfully established a session whose name is PPPOE.
UTT Technologies Session up test Chapter 5 System Status The Device has successfully established a session whose name is test. The Device has successfully negotiated with the remote Assigned to port @answerIncomingCall:8012 dial-in device, and has assigned a port to the remote device. Call Connected Incoming Call @_netiNetworkStateChanged: The physical layer and data link layer connections have 6244, on line 1, on channel 0 been established, but IP still couldn¶t be used.
UTT Technologies Chapter 5 System Status A DHCP IP address conflict has occurred, that is, when DHCP:IP conflicted acting as a DHCP server, the Device detected that the specified IP address is already used in the LAN before [arp: IP Address] assigning it to a user, and then the Device assigned another IP address to this user. notice Give notice to user: The device has given a notice to the user with IP address 192.168.16.35 192.168.16.35. Table 5-1 System Logs List 5.
UTT Technologies Chapter 5 System Status 5.8.2 View Web Logs Figure 5-27 View Web Logs A web log consists of date and time, an IP address of a LAN user, and a domain name. Ɣ Date and time: It displays the date and time at which a LAN user accessed a web page. Ɣ IP address: It displays the IP address of the LAN user who has accessed a web page. Ɣ Domain name: It displays the domain name of a web page which is accessed by the LAN user. ¾ Clear: Click it to clear all the web logs in the list box.
UTT Technologies Chapter 5 System Status the system clock in the System > Time page. 5.9 Application Traffic Statistics In the Status > APP Traffic page, you can view the traffic statistics of some predefined applications. For each application, you can view the traffic statistics of each WAN interface, and the traffic statistics of each LAN user. 5.9.
UTT Technologies Chapter 5 System Status Interface: It allows you select a WAN interface to display the application traffic statistics of this interface. Application: It indicates the type of application traffic. The Device provides six types of application traffic, including TCP, UDP, Web, FTP, P2P and Game applications. Therein, there are multiple specific types of P2P and Game applications, please refer to section 11.2 Internet Behavior Management for more information.
UTT Technologies http://www.uttglobal.
UTT Technologies Chapter 5 System Status 5.10 WAN Traffic Statistics Through the WAN Traffic Statistics list in the Status > WAN Traffic page, you can view traffic and rate related information of each Internet connection. Figure 5-31 WAN Traffic Statistics List Interface: It specifies a WAN interface on which the Internet connection is established. Tx Bandwidth: It is the Uplink Bandwidth of the Internet connection configured in the Basic > WAN page.
UTT Technologies Chapter 6 Basic Setup Chapter 6 Basic Setup This chapter describes how to configure and use the basic features of the Device, which include LAN interface settings, WAN interface settings, load balancing (only multi-WAN products support it), DHCP and DNS features. 6.1 LAN Settings This section describes the Basic > LAN page. After you have configured the Internet Connection through the Quick Wizard, you can modify the IP address and subnet mask of the LAN interface in this page.
UTT Technologies Chapter 6 Basic Setup MAC Address: It specifies the MAC address of the LAN interface. In most cases, please leave the default value. Proxy ARP: It allows you to enable or disable proxy ARP on the LAN interface. The available options are Disabled, Enabled and Nat. Ɣ Disabled: Select it to disable the proxy ARP on the LAN interface. Ɣ Enabled: Select it to enable the proxy ARP on the LAN interface. Ɣ Nat: Select it to enable the NAT proxy ARP on the LAN interface.
UTT Technologies 6.2 Chapter 6 Basic Setup WAN Settings 6.2.1 WAN List After you have configured the Internet connection through the Quick Wizard, you can view its configuration and status in the Basic > WAN > WAN List page; also you can modify or delete it if needed. Figure 6-2 WAN Internet Connection List Note If you want to use multiple connections to access the Internet, please configure them in this page, and then go to the Basic > Load Balancing page to configure load balancing and failover. 6.
UTT Technologies Chapter 6 Basic Setup Status Description Closed The physical interface isn¶t connected, or doesn¶t dial up yet. Dialing Start dialing up, but not receive response yet. Authenticating Server responded and is authenticating. Connected Authentication succeeded, and the connection is established and ready for data transmission. Disconnecting The PPPoE session is disconnecting. Hang up Either peer has hanged up.
UTT Technologies Chapter 6 Basic Setup Connected The connection is established between the Device and peer device. Internal Error Undefined status. Table 6-2 Description of Static IP Connection Status 3. DHCP Connection Status There are four kinds of status for DHCP connection (see Table 6-3). When it is connected, it will also display the time left (days: hours: minutes: seconds) before the lease expires for the current IP address, which is assigned by your ISP¶s DHCP server.
UTT Technologies ¾ Chapter 6 Basic Setup Delete an Internet Connection: If you want to delete a configured Internet connection, click Delete of the connection to delete it. 6.2.1.3 How to Dial and Hang up a PPPoE connection For the PPPoE connection, the Dial, Hang Up and Delete are shown in the Operation column (see Figure 6-3). If the PPPoE connection¶s Dial Type is set to Manual (see section 6.2.2.1), you need click Dial to dial-up the Internet connection, and click Hang Up to hang it up.
UTT Technologies Chapter 6 Basic Setup Figure 6-4 WAN List DHCP Internet Connection http://www.uttglobal.
UTT Technologies Chapter 6 Basic Setup 6.2.2 WAN Internet Connection Settings This section describes how to configure PPPoE, Static IP and DHCP Internet connection respectively, and how to delete the connection. Note Only after you have configured the Internet connection on the WAN1, you can configure other connections. The system will automatically set these connections¶ Primary DNS Server to the IP address of the WAN1 Internet connection¶s Primary DNS Server, and you cannot modify them. 6.2.2.
UTT Technologies Chapter 6 Basic Setup Figure 6-5 PPPoE Internet Connection Settings Connection Type: It specifies the type of the Internet connection. Here please select PPPoE. Uplink Bandwidth: It specifies the uplink bandwidth of the Internet connection, which is provided by your ISP. You may ask the ISP about the uplink bandwidth. Downlink Bandwidth: It specifies the downlink bandwidth of the Internet connection, which is provided by your ISP.
UTT Technologies Chapter 6 Basic Setup using correct user name and password, you may try to use another mode. DNS Server: It specifies the method by which you configure the DNS server(s). If you know the local DNS server IP address, you may select Manual, then enter the DNS server IP address in the Primary DNS server text box, and the secondary DNS server IP address in the Secondary DNS Server if available. Else, please select Auto, then the Device will automatically obtain the DNS server IP address.
UTT Technologies Chapter 6 Basic Setup Dial Schedule: It specifies a schedule during which the Device can dial up. If you select a schedule here, it will allow the Device to dial up only in the selected schedule range; else, the Device can always dial up. The schedule is configured in the Security > Schedule page. Online Schedule: It specifies a schedule during which the Device can access the Internet.
UTT Technologies Ɣ Chapter 6 Basic Setup Nat: Select it to enable the NAT proxy ARP on the WAN interface. Mode: It specifies the speed and duplex mode of the WAN interface. The Device supports five or six modes (Note that only the gigabit WAN interface supports 1000M-HD), which include Auto (Auto-negotiation), 100M-FD (100M Full-Duplex), 100M-HD (100M Half-Duplex), 10M-FD (10M Full-Duplex), and 10M-HD (10M Half-Duplex) , 1000M-FD (1000M Full-Duplex). In most cases, please leave the default value.
UTT Technologies Chapter 6 Basic Setup 6.2.2.2 Static IP Internet Connection Settings If you are required to use a static IP address, please select Static IP from the Connection Type drop-down list. Then the following page will be showed. Figure 6-6 Static IP Internet Connection Settings Connection Type: It specifies the type of the Internet connection. Here please select Static IP. Uplink Bandwidth: It specifies the uplink bandwidth of the Internet connection, which is provided by your ISP.
UTT Technologies Chapter 6 Basic Setup Primary DNS Server: It specifies WKH ,3 DGGUHVV RI \RXU ,63¶V SULPDU\ '16 server. Secondary DNS Server: It specifies the IP address of your ISP¶s secondary DNS server. If it is available, you may set it. Else, please leave it blank. ¾ Advanced Options: Click it to view and configure advanced parameters. In most cases, you need not configure them. MAC Address: It specifies the MAC address of the WAN interface.
UTT Technologies Chapter 6 Basic Setup 6.2.2.3 DHCP Internet Connection Settings If your ISP automatically assigns an IP address, please select DHCP from the Connection Type drop-down list. Then the following page will be showed. Figure 6-7 DHCP Internet Connection Settings Connection Type: It specifies the type of the Internet connection. Here please select DHCP. Uplink Bandwidth: It specifies the uplink bandwidth of the Internet connection, which is provided by your ISP.
UTT Technologies Chapter 6 Basic Setup Ɣ Disabled: Select it to disable the proxy ARP on the WAN interface. Ɣ Enabled: Select it to enable the proxy ARP on the WAN interface. Ɣ Nat: Select it to enable the NAT proxy ARP on the WAN interface. Mode: It specifies the speed and duplex mode of the WAN interface.
UTT Technologies Chapter 6 Basic Setup Figure 6-9 Prompt Dialog Box - Delete an Internet Connection Note You can only delete one Internet connection at a time. And you can only delete the WAN1 Internet connection at last, that is, there is no any other connection in the WAN List. 6.2.2.
UTT Technologies 6.3 Chapter 6 Basic Setup Load Balancing This section describes the Basic > Load Balancing page. Note that only after you have configured more than one Internet connections, the second level menu Load Balancing will be displayed. When using multiple Internet connections, you can configure load balancing related parameters, such as, load balancing policy, load balancing mode, detection method, detection interval, retry times, and ID binding, and so on. 6.3.
UTT Technologies Chapter 6 Basic Setup mechanisms are different, the following describes them respectively. For a normal Internet connection, the detection mechanism is as follows: The Device periodically sends a detection packet at the specified time interval to the target IP address. Once no response packet received during a detection period, the Device will consider that the connection is faulty and shield it immediately.
UTT Technologies Chapter 6 Basic Setup through the faulty connection will be distributed to other normal connections automatically. 3. Once the faulty connection is back to normal, the Device will enable it immediately, and the traffic will be redistributed automatically. If you choose to use Partial Load Balancing, some Internet connections are used as primary connections, and others are used as backup connections. The operation principle is as follows: 1.
UTT Technologies Chapter 6 Basic Setup Ɣ ARP: The Device will monitor an Internet connection by sending ARP request packets to the connection¶s default gateway IP address. Ɣ DNS: The Device will monitor an Internet connection by sending DNS query packets to the public DNS server IP address you specify. The following table describes detection target IP supported by each detection method, and the restriction of using each detection method.
UTT Technologies Chapter 6 Basic Setup disabled. Note that when performing ARP request test, the detection target IP should be the gateway IP address; and you cannot perform ARP request test on a PPPoE Internet connection. 3. The DNS method applies to a network environment in which the Internet connection is connected always, but the access time is restricted by the ISP.
UTT Technologies Chapter 6 Basic Setup respectively. Ɣ In the case of Partial Load Balancing, let¶s assume that connection A and B are used as primary connections, and connection C and D are used as backup connections, then we may set connection A¶s and B¶s Weight to 5 and 3 respectively, and set both connection C¶s and D¶s Weight to 1. 6.3.2.2 Two Load Balancing Policies The Load Balancing Policy is used to control and balance the traffic among multiple Internet connections.
UTT Technologies Chapter 6 Basic Setup 3. How to Choose the Load Balancing Policy In most cases, it is suggested that you choose IP address as the load balancing policy.
UTT Technologies Chapter 6 Basic Setup 6.3.4 Load Balancing Global Settings The following sections describe the global settings related to Full Load Balancing and Partial Load Balancing respectively. For more information about them, please refer to section 6.3.1.2 Load Balancing Mode. 6.3.4.1 Global Settings - Full Load Balancing Figure 6-11 Global Settings - Full Load Balancing Detection Method: It specifies the detection method which is used to monitor Internet connections.
UTT Technologies Chapter 6 Basic Setup and NAT Session, and the default value is IP Address. Refer to section 6.3.2.2 Two Load Balancing Policies for more information. Load Balancing Mode: It specifies the mode of load balancing. Here please select Full Load Balancing. Refer to section 6.3.1.2 Load Balancing Mode for more information. ¾ Save: Click it to save the load balancing global settings. 6.3.4.
UTT Technologies Chapter 6 Basic Setup Backup list box is a backup connection. Refer to section 6.3.1.2 Load Balancing Mode for more information. ==>: Select one or more Internet connections in the Primary list box, and then click ==> to move the selected connection(s) to the Backup list box. <==: Select one or more Internet connections in the Backup list box, and then click ==> to move the selected connection(s) to the Primary list box.
UTT Technologies Chapter 6 Basic Setup Figure 6-13 Detection and Weight Settings Detection Target IP: It indicates the IP address of a detection target device. The Device will monitor an Internet connection by sending the detection packets to the detection target IP address.
UTT Technologies Chapter 6 Basic Setup 6.3.6 Load Balancing List Figure 6-14 Load Balancing List ¾ Edit an Internet Connection: If you want to configure or modify the detection related parameters and Weight of an Internet connection, click its Edit hyperlink, the related information will be displayed in the Detection & Weight page. Then configure or modify it, and click the Save button.
UTT Technologies Chapter 6 Basic Setup configure detection related parameters and Weight for the selected connection. Then continue to configure these parameters for other connection(s) one by one. 3. Go to the Basic > Load Balancing > Global Settings page to configure global parameters as required. 4. Go to the Basic > Load Balancing > ID Binding page to enable ID binding feature if needed. 6.3.7.
UTT Technologies Chapter 6 Basic Setup 6.3.7.4 The Configuration Steps of ID Binding Step 1 Go to the Basic > Load Balancing > ID Binding page. Step 2 Select the Enable ID Binding check box if needed. Step 3 Click the Save button to save the ID binding settings. 6.3.8 Related Detection Route When connection detection is enabled on an Internet connection (i.e.
UTT Technologies 6.4 Chapter 6 Basic Setup DHCP & DNS This section describes the Basic > DHCP & DNS page. The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP allows a host to be configured automatically, eliminating the need for intervention by a network administrator.
UTT Technologies Chapter 6 Basic Setup Default Gateway: It specifies the IP address of the default gateway for a DHCP client. In most cases, this address should be the same with the Device¶s LAN IP address, that is, the Device is used as the default gateway for the LAN hosts. Lease Time: It specifies a length of time (in seconds) during which a client host can use an assigned IP address. If the lease expires, the client is automatically assigned a new dynamic IP address.
UTT Technologies Chapter 6 Basic Setup Figure 6-16 DHCP Auto Binding Enable DHCP Auto Binding: It allows you to enable or disable DHCP auto binding. If you select this check box to enable DHCP auto binding, once a LAN host obtains an IP address from the Device that acts as a DHCP server, the Device will immediately bind this host¶s IP and MAC address pair. Else, the Device will not perform auto binding operation. Enable DHCP Auto Deleting: It allows you to enable or disable DHCP auto deleting.
UTT Technologies Chapter 6 Basic Setup Enable DNS Proxy: It allows you to enable or disable DNS proxy. If you want to enable DNS proxy on the Device, please select this check box. ¾ Save: Click it to save the DHCP proxy settings. Note 1. If the DNS proxy is enabled on the Device, in order to use DNS proxy service normally, you need set the LAN hosts¶ primary DNS server to the Device¶s LAN IP address.
UTT Technologies Chapter 7 Advanced Setup Chapter 7 Advanced Setup This chapter describes how to configure and use the Device advanced features, which include static route, policy-based routing, DNS redirection, Plug and Play, SNMP, SYSLOG, DDNS, and switch, and so on. 7.1 Static Route This section describes the Advanced > Static Route page. In this page, you can configure not only static routes, but also static route PDBs (PDB: Policy Database).
UTT Technologies Chapter 7 Advanced Setup route. The following describes them respectively. 1. Default Routes A default route is used to forward packets that don¶t match any other route in the routing table. The packets will be forwarded to the default gateway specified by the default route. The default route¶s destination IP address and subnet mask both are 0.0.0.0.
UTT Technologies Chapter 7 Advanced Setup Static IP DETEFIX_04 DHCP DETEDYN _04 PPPoE DETEPPP_02 Static IP DETEFIX_05 DHCP DETEDYN_05 PPPoE DETEPPP_03 WAN3 WAN4 Table 7-1 Reserved Detection Route Name 7.1.1.3 Static Route Settings Figure 7-1 Static Route Settings Predefined: When creating a static route, please leave the default value of None. Else, select one predefined route PDB (policy database).
UTT Technologies Chapter 7 Advanced Setup Gateway IP Address: It specifies the IP address of the next hop gateway or router to which to forward the packets. Bind to: It specifies an outbound interface through which the packets are forwarded to the next hop gateway or router. The available options are the name of each physical interface, and Local. Local means internal soft-route interface, and the packets will be forwarded to the Device itself.
UTT Technologies Chapter 7 Advanced Setup 7.1.1.4 Static Route List Figure 7-2 Static Route List ¾ Add a Static Route: If you want to add a new static route, click the New button or select the Route Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ View Static Routes: When you have configured some static routes, you can view them in the Static Route List.
UTT Technologies Step 4 Chapter 7 Advanced Setup Specify the next hop IP address by the Gateway IP Address or Bind to. If the outbound interface is a physical interface, you should specify the Gateway IP Address, but may leave the Bind to blank. In this case, the Device will select an optimal transmission path. For example, a static route¶s destination network is 192.168.1.0/24, gateway IP address is 192.168.1.254, and the outbound interface is a physical interface. Here you should enter 192.168.1.
UTT Technologies Chapter 7 Advanced Setup Figure 7-4 Static Route Settings - Example Two Step 5 Specify the Detection Interval if you want to detect connection status. Step 6 Specify the Priority and Metric for the static route as required. Step 7 Click the Save button to save the settings. You can view the static route in the Static Route List. Step 8 If you want to add another new static route, please repeat the above steps.
UTT Technologies Chapter 7 Advanced Setup for them from different ISPs, for example, one is TEL Internet connection, and another is CNC Internet connection. In some cases, if packets accessing one ISP¶s servers are forwarded through another ISP¶s connection, the access rate may be very slow, or the access even be forbidden.
UTT Technologies Chapter 7 Advanced Setup 7.1.2.2 Static Route PDB Settings Figure 7-5 Static Route PDB Settings Because each static route PDB encapsulates many IP addresses and subnet masks, you needn¶t configure the Destination IP and Subnet Mask when creating a static route PDB entry as shown in Figure 7-5. As a route PDB entry¶s Gateway IP Address, Bind to, Detection Interval, Priority and Metric are the same with a static route¶s, please refer to section 7.1.1.
UTT Technologies z Chapter 7 Advanced Setup ID values are 1, 2, 3 ... incrementally. Note If there is a static route PDB entry bound to an Internet connection, once the connection is activated, all the static routes created by the route PDB entry will take effect immediately. You can go to the Status > Route Stats page to view the settings and status of these static routes in the Routing Table. 7.1.2.
UTT Technologies Chapter 7 Advanced Setup If the outbound interface is a dial interface, you should select the corresponding physical interface from the Bind to drop-down list, but need leave the Gateway IP Address the default value 0.0.0.0. In this case, the next hop IP address is assigned by a dial server (e.g., PPPoE server). For example, you want to create a CNC route PDB entry.
UTT Technologies Chapter 7 Advanced Setup the Restriction > Policy Database page, and click the Update hyperlink of the route PDB in the Policy Database List. Then the Device will download the latest PDB from designated web site and apply it automatically. Note that if the route PDB has been referenced, you should reference it again in this page to let the related settings take effect.
UTT Technologies 7.2 Chapter 7 Advanced Setup Policy-Based Routing This section describes the Advanced > PBR page. PBR (policy-based routing) provides a tool for forwarding and routing data packets based on the user-defined policies. Different from the traditional destination-based routing mechanism, PBR enables you to use policies based on source and destination address, protocol, port, schedule, and other criteria to route packets flexibly. 7.2.
UTT Technologies Chapter 7 Advanced Setup Description: It specifies the description of the PBR entry. It is usually used to describe the purpose of the entry. Source: It specifies the source IP addresses of the packets to which the PBR entry applies. There are two options: Ɣ Addresses: Select it to enter the start and end addresses in the associated text boxes. Ɣ Address Group: Select it to choose an address group from the associated drop-down list.
UTT Technologies Chapter 7 Advanced Setup Note PBR (Policy-based routing) takes precedence over the Device¶s normal destination-based routing. That is, if a packet matches all the criteria (source address, destination address, protocol type, port, etc.) specified in a PBR entry, it will be forwarded through the outbound interface specified in the PDB entry.
UTT Technologies Chapter 7 Advanced Setup Figure 7-10 PBR List ¾ Add a PBR Entry: If you want to add a new PBR entry, click the New button or select the PBR Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ Enable a PBR Entry: The Enable check box is used to enable or disable the corresponding PBR entry. The default value is selected, which means the PBR entry is in effect.
UTT Technologies 7.3 Chapter 7 Advanced Setup DNS Redirection This section describes the Advanced > DNS Redirection page. 7.3.1 Introduction to DNS Redirection DNS redirection is used to redirect domain names directly to the specified IP addresses, that is, the domain names aren¶t resolved by DNS server, but are queried in a user-defined list of names-to-addresses mappings.
UTT Technologies Chapter 7 Advanced Setup 7.3.3 DNS Redirection List Figure 7-12 DNS Redirection List ¾ Add a DNS Redirection Entry: If you want to add a new DNS redirection entry, click the New button or select the DNS Redirection Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ Enable a DNS Redirection Entry: The Enable check box is used to enable or disable the corresponding DNS redirection entry.
UTT Technologies Chapter 7 Advanced Setup accessing www.sina.com, the Device will redirect www.sina.com to the IP address specified by the first entry because of higher accuracy. 2. For the entries whose domain names have the same accuracy, in reverse chronological order of creation, the last created entry will be matched first. 7.3.4 DNS Redirection Settings Figure 7-13 DNS Redirection Settings IP Address: It specifies the IP address to which the specified domain name(s) are redirected.
UTT Technologies 3. Chapter 7 Advanced Setup The domain names that belong to the same Domain List should be different. 7.3.5 How to Configure DNS Redirection Do the following to configure DNS Redirection. Step 1 Go to the Advanced > DNS Redirection page. Step 2 Click the New button or select the DNS Redirection Settings tab to go to the setup page. Step 3 Specify the IP Address, Description and Domain List for a DNS Redirection entry. Step 4 Click the Save button to save the settings.
UTT Technologies 7.4 Chapter 7 Advanced Setup Plug and Play This section describes the Advanced > Plug and Play page. 7.4.1 Introduction to Plug and Play Plug and Play is a new feature of UTT series security firewalls. If you enable plug and play feature on the Device, the LAN users can access the Internet through the Device without changing any network parameters, no matter what IP address, subnet mask, default gateway and DNS server they might have.
UTT Technologies Chapter 7 Advanced Setup 2. Once plug and play is enabled, the Device will automatically enable proxy ARP, enable DNS proxy, and disable IP spoofing defense. 3. Once plug and play is enabled, the Device will allow those non-IP/MAC binding users to access the Device and Internet. 4. The users with the same IP address cannot access the Internet at the same time. For example, if a LAN user with IP address 1.1.1.
UTT Technologies Chapter 7 Advanced Setup Figure 7-15 SNMP Settings Enable SNMP: It allows you to enable or disable the SNMP agent. If you want to enable the SNMP agent on the Device, please select this check box. Community Name: It specifies a community name to restrict access to the Device. The SNMP community name is used as a shared secret for SNMP managers to access the SNMP agent. The default value is uTt22aA.
UTT Technologies Chapter 7 Advanced Setup If you want to use SNMP Manager to manage the Device via Internet, please select the SNMP check box in the System > Remote Admin page first. http://www.uttglobal.
UTT Technologies 7.6 Chapter 7 Advanced Setup SYSLOG This section describes the Advanced > SYSLOG page. Syslog is a standard protocol used to capture a lot of running information about network activity. The Device supports this protocol and can send its activity logs to an external syslog server. It helps the network administrator monitor, analyze and troubleshoot the Device and network. Figure 7-16 SYSLOG Settings Enable Syslog: It allows you to enable or disable syslog feature.
UTT Technologies Chapter 7 Advanced Setup So far, only the Xport HiPER Manager software of UTT Technologies Co., Ltd. can identify the heartbeat message. http://www.uttglobal.
UTT Technologies 7.7 Chapter 7 Advanced Setup DDNS This section describes the Advanced > DDNS page. Note To ensure that DDNS operates properly, you should synchronize the system clock in the System > Time page. 7.7.1 Introduction to DDNS Dynamic Domain Name Service (DDNS) is a service used to map a domain name which never changes to a dynamic IP address which can change quite often.
UTT Technologies Chapter 7 Advanced Setup domain name (FQDN) with suffix of iplink.com.cn and a key. Figure 7-17 Apply for a DDNS Account from IPLink.com.cn Host Name: It specifies a unique host name of the Device. The suffix of iplink.com.cn will be appended to the host name to create a fully qualified domain name (FQDN) for the Device. For example, if the Device¶s host name is test, then its FQDN is test.iplink.com.cn; and it allows you to use test.iplink.com.cn to access the Device.
UTT Technologies Chapter 7 Advanced Setup 7.7.2.1 DDNS Settings Related to ipink.com.cn Figure 7-18 DDNS Settings Related to iplink.com.cn Interface: It specifies the WAN interface on which DDNS service is applied. All the WAN interfaces support DDNS feature, and you can use DDNS service on each WAN interface at the same time. Registry Website: It allows you to click http://www.utt.com.cn/ddns to go to this website to register a DDNS account for the Device.
UTT Technologies Chapter 7 Advanced Setup 7.7.3 DDNS Service Offered by 3322.org 7.7.3.1 Apply for a DDNS Account from 3322.org To use DDNS offered by 3322.org on the Device, you should login to http://www.3322.org to apply for a fully qualified domain name (FQDN) with suffix of 3322.org. Figure 7-19 Apply for a DDNS Account from 3322.org Host Name: It specifies a unique host name of the Device. The suffix of iplink.com.
UTT Technologies Chapter 7 Advanced Setup 7.7.3.2 DDNS Settings Related to 3322.org Figure 7-20 DDNS Settings Related to 3322.org Interface: It specifies the WAN interface on which DDNS service is applied. All the WAN interfaces support DDNS feature, and you can use DDNS service on each WAN interface at the same time. Registry Website: It allows you to click http://www.3322.org to go to this website to register a DDNS account for the Device.
UTT Technologies Chapter 7 Advanced Setup Device. Refer to section 7.6.3.1 Apply for a DDNS Account from 3322.org for detailed operation. 7.7.4 DDNS Verification To verify whether DDNS is updated successfully, you can use the ping command at the MS-DOS command prompt on the PC, for example: ping abc.iplink.com.cn If the displayed page is similar to the screenshot below: the domain name is resolved to an IP address successfully (200.200.202.152 in this example), DDNS is updated successfully. Note 1.
UTT Technologies http://www.uttglobal.
UTT Technologies 7.8 Chapter 7 Advanced Setup Advanced DHCP This section describes the Advanced > DHCP pages. 7.8.1 Introduction to DHCP 7.8.1.1 Overview The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP allows a host to be configured automatically, eliminating the need for intervention by a network administrator.
UTT Technologies Chapter 7 Advanced Setup DHCPDISCOVER DHCPOFFER DHCP Client DHCP Server DHCPREQUEST DHCPACK Figure 7-21 Requesting for an IP Address from a DHCP Server As shown in Figure 7-20, the process of a DHCP client requesting for an IP address from a DHCP server falls into four basic phases: z DHCP Discover: It is the phase that the DHCP client locates a DHCP server to ask for an IP address. The client broadcasts a DHCPDISCOVER message on its local physical subnet.
UTT Technologies Chapter 7 Advanced Setup DHCP server will reclaim the IP address if the lease expires, so the client has to renew the lease in order to use the IP address longer. When one half of the lease time has expired, the client will send a DHCPREQUEST message to the DHCP server, asking to extend the lease for the given configuration. The DHCP server will respond with a DHCPACK message if it agrees to renew the lease.
UTT Technologies DHCPDECLINE DHCPACK Chapter 7 Advanced Setup Message from a client to server indicating that the offered address is already in use. Acknowledgement message from a server to a client with configuration parameters, including IP address. Negative acknowledgement message from a server to a client, refusing the DHCPNAK request for parameters. If the client receives a DHCPNAK message, it will restart the configuration process.
UTT Technologies Chapter 7 Advanced Setup 7.8.2.1 Introduction to DHCP Server When acting as a DHCP server, the Device can allocate network addresses and deliver other TCP/IP configuration parameters (such as gateway IP address, DNS server IP address, WINS server IP address, etc.) to the LAN hosts. 7.8.2.1.
UTT Technologies Chapter 7 Advanced Setup 7.8.2.1.3 DHCP Manual Binding Through DHCP manual binding, you can assign a static IP address to a specific host (client). You may create a manual binding by mapping the IP address to the host¶s MAC address, Remote ID or Client ID. The DHCP server will always assign the specified IP address to the host that matches the manual binding. 7.8.2.1.
UTT Technologies Chapter 7 Advanced Setup Address is free, the DHCP server will assign it to the client. If a match is found, but this Requested IP address is in use, the DHCP server will try to assign another address dynamically from the address pool. Else, do the next step. 7˅ If no matching parameter found, the DHCP server will find an assignable IP address from each DHCP address pool in the chronological order of creation.
UTT Technologies Chapter 7 Advanced Setup other TCP/IP configuration parameters from a DHCP server. All of the physical interfaces support DHCP client feature, and you can enable DHCP client on each interface at the same time. In order to meet different needs, DHCP client can use client ID to identify itself, send DHCPREQUEST messages in broadcast or unicast mode, and require DHCP server to respond in broadcast or unicast mode.
UTT Technologies Chapter 7 Advanced Setup message, it will process message according to the settings of these two parameters, see the following table for detailed description: Option Policy The message is from another relay The message is from a client directly, agent, and already contains option 82. and doesn¶t contain option 82. drop Drop the message. keep The relay agent will retain the existing option 82 in the message and forward it.
UTT Technologies Chapter 7 Advanced Setup data items that are stored in the options field of the DHCP message. The data items themselves are also called options. For detailed information about DHCP options, see RFC 2132, with updates in RFC 3942. Most DHCP options are predefined in RFC, although new options will come out with DHCP development. The Device provides Raw Option feature to support for the predefined options, and also new options.
UTT Technologies Chapter 7 Advanced Setup Enable DHCP Client: It allows you to enable or disable DHCP client. If you want to enable DHCP client on the specified interface, please select this check box. Enable PnP: It allows you to enable or disable PnP. If you select this check box to enable PnP, the DHCP client can obtain IP address and subnet mask, and other TCP/IP configuration parameters such as default gateway address, DNS server addresses and so on.
UTT Technologies Chapter 7 Advanced Setup 7.8.3.2 DHCP Client List Figure 7-24 DHCP Client List ¾ Configure DHCP Client: If you want to apply DHCP client function on a physical interface, select the DHCP Client Settings tab to go to the setup page, and then select the interface and configure other parameters, lastly click the Save button.
UTT Technologies Chapter 7 Advanced Setup Step 4 In most cases, select the Enable PnP check box to enable PnP for the client. Step 5 Specify the Request Mode and Required Response Mode if required. Step 6 Specify the Client ID if required. Step 7 In most cases, select the Allow AutoIP check box to allow the DHCP client to use AutoIP. Step 8 Click the Save button to save the settings.
UTT Technologies Chapter 7 Advanced Setup Figure 7-26 DHCP Server Global Settings Enable DHCP Server: It allows you to enable or disable DHCP server. If you want to enable DHCP server on the Device, please select this check box. DHCP Ping Packets: It specifies the maximum number of ping packets which is used by ICMP address conflict detection method. It should be between 0 and 10, and the default value is 2. If you want to turn off ICMP detection feature, please set its value to 0.
UTT Technologies Chapter 7 Advanced Setup bindings, you can view them in the Manual Binding List. ¾ Edit DHCP Manual Binding: If you want to modify a configured DHCP manual binding, click its Edit hyperlink, the related information will be displayed in the setup page. Then modify it, and click the Save button. ¾ Delete DHCP Manual Binding(s): If you want to delete one or more DHCP manual bindings, select the leftmost check boxes of them, and then click the Delete button.
UTT Technologies Chapter 7 Advanced Setup belongs. User Name: It specifies a unique name for the DHCP manual binding. It is used to identify the host that want to be assigned a static IP address. It should be between 1 and 31 characters long. IP Address: It specifies the IP address for the DHCP manual binding. It must be a valid IP address of the related address pool. The requesting host that matches the manual binding will be assigned this specified address.
UTT Technologies Chapter 7 Advanced Setup 7.8.4.4 How to Add the DHCP Manual Bindings If you want to add one or more DHCP manual bindings, do the following: Step 1 Go to the Advanced > DHCP page, and select the DHCP Server radio button to go to the DHCP Server page. Step 2 Select the Manual Binding Settings tab to go to the setup page. Step 3 From the Bind to drop-down list, select a DHCP address pool to which this DHCP manual binding belongs.
UTT Technologies Chapter 7 Advanced Setup ¾ Add a DHCP Address Pool: If you want to add a new DHCP address pool, select the Address Pool Settings tab, and then configure it, lastly click the Save button. ¾ View DHCP Address Pool(s): When you have configured some DHCP address pools, you can view them in the Address Pool List. ¾ Edit DHCP Address Pool: If you want to modify a configured DHCP address pool, click its Edit hyperlink, the related information will be displayed in the setup page.
UTT Technologies Chapter 7 Advanced Setup Figure 7-30 DHCP Address Pool Settings Interface: It specifies a physical interface to which the DHCP address pool is bound. Pool Name: It specifies a unique name for the DHCP address pool. It should be between 1 and 11 characters long. Start IP Address: It specifies the starting IP address assigned from the DHCP address pool. Number of Addresses: It specifies the maximum number of IP addresses that can be assigned from the DHCP address pool.
UTT Technologies Chapter 7 Advanced Setup needs to renew its address lease assignment with the server. The duration for a lease determines when it will expire and how often the client needs to renew it with the server. The default value is 3600 seconds. Primary DNS Server: It specifies the IP address of the primary DNS server that is available to a DHCP client. Secondary DNS Server: It specifies the IP address of the secondary DNS server that is available to a DHCP client.
UTT Technologies ¾ Chapter 7 Advanced Setup Ɣ B-Node: It indicates a broadcast node that uses broadcasts for name resolution. Ɣ P-Node: It indicates a peer-to-peer node that uses a WINS server to resolve NetBIOS names. P-Node does not use broadcasts but queries the WINS server directly. Ɣ M-Node: It indicates a mixed node that is a combination of a B-Node and P-Node. By default, an M-Node functions as a B-Node firstly. If the broadcast name query is unsuccessful, it uses a WINS server.
UTT Technologies Chapter 7 Advanced Setup Step 3 From the Interface drop-down list, select a physical interface to which the DHCP address pool is bound. Step 4 Specify the Pool Name, Start IP Address, Number of Addresses and Primary DNS Server. Step 5 Specify the Subnet Mask, Default Gateway and Lease Time as required. Step 6 Specify the Secondary DNS Server, Primary WINS Server and Secondary WINS Server if needed. Step 7 Specify the Domain Name, DHCP Relay IP and Relay Agent ID if needed.
UTT Technologies Chapter 7 Advanced Setup 7.8.5.1 DHCP Relay Agent Settings Figure 7-32 DHCP Relay Agent Settings Interface: It specifies physical interface on which the DHCP relay agent is applied. Enable DHCP Relay Agent: It allows you to enable or disable DHCP relay agent. If you want to enable DHCP relay agent on the specified interface, please select this check box. DHCP Server 1 ~ 3: It specifies one or more DHCP servers for the relay agent.
UTT Technologies Chapter 7 Advanced Setup characters long. ¾ Ɣ ascii: It is used to specify an ASCII character string. It should be between 1 and 27 characters long. Ɣ ip: It is used to specify an IP address. Response Mode: It specifies the mode in which DHCP relay agent sends the DHCP response messages to the client. The available options are Client Determine, Unicast and Broadcast.
UTT Technologies Chapter 7 Advanced Setup Figure 7-33 DHCP Relay Agent List ¾ Configure DHCP Relay Agent: If you want to apply DHCP relay agent function on a physical interface, select the Relay Agent Settings tab to go to the setup page, and then select the interface and configure other parameters, lastly click the Save button.
UTT Technologies Chapter 7 Advanced Setup 7.8.6 Raw Option Go to the Advanced > DHCP page firstly, and then select the Raw Option radio button (see the following figure) to go to the Raw Option page, which includes the Raw Option List and Raw Option Settings subpages. Figure 7-34 Select Raw Option 7.8.6.1 Raw Option Settings In this page, you can easily create DHCP raw options.
UTT Technologies Chapter 7 Advanced Setup Ɣ ascii: It is used to specify an ASCII character string. It should be between 1 and 27 characters long. Ɣ ip: It is used to specify an IP address. Interface: It specifies the physical interface on which the DHCP raw option is applied. ¾ Save: Click it to save the DHCP raw option settings. Note For detailed information about DHCP options, see RFC 2132, with updates in RFC 3942. 7.8.6.
UTT Technologies Chapter 7 Advanced Setup the leftmost check boxes of them, and then click the Delete button. 7.8.6.3 How to Add the DHCP Raw Options If you want to add one or more DHCP raw options, do the following: Step 1 Go to the Advanced > DHCP page, and select the Raw Option radio button to go to the Raw Option page. Step 2 Select the Raw Option Settings tab or click the New button to go to the setup page. Step 3 Specify the Option Name, Option Code and Option Value.
UTT Technologies Chapter 7 Advanced Setup 1. Network Requirements In this example, the Device acts as a DHCP server to dynamically assign the IP addresses to the clients that reside on the same subnet. The Device¶s LAN interface IP address is 192.168.16.1/24. We need to create two address pools (pool1 and pool2). The pool1¶s address range is from 192.168.16.2/24 to 192.168.16.101/24, primary and secondary DNS servers IP addresses are 202.96.209.5 and 202.96.199.133, domain name is utt.com.
UTT Technologies Chapter 7 Advanced Setup Figure 7-38 DHCP Server Global Settings - Example Step 4 Click the Save button to save the settings. Till now you have finished configuring DHCP server global settings. 2˅ Configuring the DHCP Address Pool - pool1 As mentioned earlier, the pool1 is the default address pool provided by the Device. And it is editable, but can¶t be deleted. So you could modify the pool1 according to your requirements.
UTT Technologies Chapter 7 Advanced Setup Figure 7-39 DHCP Address Pool Settings - Example (pool1) Step 3 Enter 192.168.16.2 in the Start IP Address text box, enter 100 in the Number of Addresses text box, enter 192.168.16.1 in the Default Gateway text box, enter 202.96.209.5 in the Primary DNS Server text box, enter 202.96.199.133 in Secondary DNS Server text box, and enter utt.com.cn in the Domain Name text box. Leave the default values for the other parameters.
UTT Technologies Chapter 7 Advanced Setup Figure 7-40 DHCP Address Pool Settings - Example (pool2) Step 3 Enter 192.168.16.102 in the Start IP Address text box, enter 153 in the Number of Addresses text box, enter 192.168.16.1 in the Default Gateway text box, enter 7200 in the Lease Time text box, enter 202.96.209.5 in the Primary DNS Server text box, enter 202.96.199.133 in the Secondary DNS Server text box, and enter utt.com.cn in the Domain Name text box.
UTT Technologies Chapter 7 Advanced Setup Figure 7-41 DHCP Manual Binding Settings - Example Step 3 Select pool1 from the Bind to drop-down list, enter binding1 in the User Name text box, enter 192.168.16.10 in the IP Address text box and enter 000795a81c3d in the MAC Address text box. Step 4 Select hex from the Client ID drop-down list and enter 01000795a81c3d in the associated text box, enter test in the Host Name text box. Leave the default values for the other parameters.
UTT Technologies Chapter 7 Advanced Setup DHCP Server 200.200.200.0/24 LAN WAN Interface DHCP Client Figure 7-42 Network Topology Where DHCP Client is Applied on WAN Interface 3. Configuration Procedure Step 1 Go to the Advanced > DHCP page, select the DHCP Client radio button and then select the DHCP Client Settings tab to go to the setup page, see the following figure. Figure 7-43 DHCP Client Settings - Example Step 2 Select WAN from the Interface drop-down list.
UTT Technologies Step 5 Chapter 7 Advanced Setup Click the Save button to save the settings. Till now you have finished configuring the DHCP client, and then you can view its configuration and status in the DHCP Client List. 7.8.7.3 Configuration Example for the DHCP Relay Agent 1. Network Requirements In this example, the DHCP clients reside on the subnet 192.168.16.0/254, and the DHCP server¶s IP address is 200.200.200.254/24.
UTT Technologies Chapter 7 Advanced Setup Figure 7-45 DHCP Relay Agent Settings - Example Step 3 Select LAN from the Interface drop-down list. Step 4 Select the Enable DHCP Relay Agent check box. Step 5 Enter 200.200.200.254 in the DHCP Server 1 text box. Leave the default values for the other parameters. Step 6 Click the Save button to save the settings. Till now you have finished configuring the DHCP relay agent, and then you can view its configuration and status in the DHCP Relay Agent List.
UTT Technologies Chapter 7 Advanced Setup Figure 7-46 Raw Option Settings - Example Step 3 Enter ven_inf in the Option Name text box, enter 43 in the Option Code text box, select ascii from the Option Value drop-down list and enter Test in the associated text box. Step 4 Select LAN from the Interface drop-down list. Step 5 Click the Save button to save the settings. Till now you have finished configuring the DHCP raw option, and then you can view its configuration in the Raw Option List. 7.8.7.
UTT Technologies Chapter 7 Advanced Setup building2 ... building10, and call the Devices residing on each building DHCP Relay1, DHCP Realy2 ... DHCP Realy10. Each relay agent Device has its own ID. The Device residing on the center network acts as a DHCP server, and the DHCP address pools are bound to the LAN interface with IP address 200.200.200.254/24. The Devices residing on each building act as the DHCP relay agents. The DHCP relay agent is enabled on each Device¶s LAN interface.
UTT Technologies Chapter 7 Advanced Setup Ɣ Every DHCP address pool¶s number of addresses is 253, which is the maximum number of valid addresses in each subnet where the client hosts reside. Ɣ Every DHCP address pool¶s lease time is 3600 seconds, primary and secondary DNS VHUYHUV¶ IP addresses are 202.96.209.6 and 202.96.199.133. Ɣ Their relay agent IDs are Test_Relay1, Test_Relay2 ... Test_Relay10 respectively, which are in ASCII format.
UTT Technologies Chapter 7 Advanced Setup Internet Network Center DHCP Server LAN: 200.200.200.254/24 Switch WAN: 200.200.200.1/24 WAN: 200.200.200.10/24 WAN: 200.200.200.2/24 ĂĂ DHCP Relay1 DHCP Relay2 DHCP Relay10 192.168.2.0/24 192.168.1.0/24 DHCP Client 192.168.10.0/24 DHCP Client DHCP Client Figure 7-47 Network Topology for DHCP Comprehensive Example 3.
UTT Technologies Chapter 7 Advanced Setup Figure 7-48 DHCP Server Global Settings - Comprehensive Example Step 4 b) Click the Save button to save the settings. Till now you have finished configuring DHCP server global settings. Configuring the DHCP Address Pool - pool1 As mentioned earlier, the pool1 is the system default address pool. And it is editable, but can¶t be deleted. So you could modify the pool1 according to your requirements.
UTT Technologies Chapter 7 Advanced Setup Figure 7-49 DHCP Address Pool Settings - Comprehensive Example (pool1) Step 3 Enter 192.168.1.2 in the Start IP Address text box, enter 253 in the Number of Addresses text box, enter 192.168.1.1 in the Default Gateway text box, enter 202.96.209.5 in the Primary DNS Server text box and enter 202.96.199.133 in the Secondary DNS Server text box. Step 4 Select ascii from the Relay Agent ID drop-down list and enter Test_Relay1 in the associated text box.
UTT Technologies Chapter 7 Advanced Setup 2) Configuring DHCP Relay1 Step 1 Go to the Advanced > DHCP page, select the DHCP Relay Agent radio button and then select the Relay Agent Settings tab to go to the setup page, see the following figure. Figure 7-50 DHCP Relay Agent Settings - Comprehensive Example (DHCP Relay1) Step 2 Select LAN from the Interface drop-down list. Step 3 Select the Enable DHCP Relay Agent check box. Step 4 Enter 200.200.200.254 in the DHCP Server 1 text box.
UTT Technologies http://www.uttglobal.
UTT Technologies 7.9 Chapter 7 Advanced Setup Switch This section describes Advanced > Switch page. 7.9.1 Port Mirroring 7.9.1.1 Introduction to Port Mirroring The port mirroring allows an administrator to mirror and monitor network traffic. It copies the traffic from the specified ports to another port where the traffic can be monitored with an external network analyzer. Then the administrator can perform traffic monitoring, performance analysis and fault diagnosis. 7.9.1.
UTT Technologies Chapter 7 Advanced Setup 7.9.2 Port-Based VLAN 7.9.2.1 Introduction to VLAN A VLAN (Virtual Local Area Network) is a group of devices that form a logical LAN segment, that is, a broadcast domain. The members on the same VLAN can communicate with each other. The traffic will not disturb among different VLANs, that is, any traffic (unicast, broadcast or multicast) within a VLAN doesn¶t flow to another VLAN. The VLAN feature offers the benefits of both security and performance.
UTT Technologies Chapter 7 Advanced Setup Note 1. The ports that have the same VLAN ID will be grouped into a VLAN. The ports on the same VLAN can communicate with each other, but the ports that belong to the different VLANV FDQ¶t communicate. 2. By default, all the LAN switch ports are members of the same VLAN. The most complex case is that each port is grouped into a VLAN respectively.
UTT Technologies Chapter 7 Advanced Setup Enable Traffic Destined for Same IP Address via Different WANs: It allows you to enable or disable traffic destined for same IP address via different WANs. When using multiple Internet connections to access the Internet, if you select this check box, the packets destined for the same IP address will be transmitted through different Internet connections to implement load balancing. ¾ Save: Click it to save your settings. 7.10.
UTT Technologies Ɣ Chapter 7 Advanced Setup User-defined: If you want to add a new user-defined task, please select this option, and then enter the related CLI command in the Task Content. Note that you can only enter one command for one task. Task Content: It specifies the content of the task. ¾ Save: Click it to save the scheduled task settings. http://www.uttglobal.
UTT Technologies Chapter 8 NAT Chapter 8 NAT This chapter describes how to configure and use NAT features, including port forwarding, DMZ hosts, NAT rule and UPnP. 8.1 Port Forwarding This section describes the NAT > Port Forwarding page, which allows you to configure port forwarding rules. 8.1.1 Introduction to Port Forwarding By default, NAT is enabled on the Device, so the Device will block all the requests initiated from outside users.
UTT Technologies Chapter 8 NAT 8.1.2 Port Forwarding Settings Figure 8-1 Port Forwarding Settings Protocol: It specifies the transport protocol used by the service. The available options are TCP, UDP and GRE. Start External Port: It specifies the lowest port number provided by the Device. The external ports are opened for outside users to access. Internal IP Address: It specifies the IP address of the local host that provides the service.
UTT Technologies Chapter 8 NAT Description: It specifies the description of the port forwarding rule. ¾ Save: Click it to save the port forwarding rule settings. Note 1. If you choose the Protocol as GRE, you should set the Start External Port and Start Internal Port to 0, and set the Port Count to 1. 2.
UTT Technologies Chapter 8 NAT 8.1.4 How to Add the Port Forwarding Rules If you want to add one or more port forwarding rules, do the following: Step 1 Go to the NAT > Port Forwarding page, and then click the New button or select the Port Forwarding Settings tab to go to the setup page. Step 2 Specify the Protocol, Internal IP Address and Start Internal Port as required. Step 3 Specify the Start External Port as required. The Start External Port and Start Internal Port can be different.
UTT Technologies Chapter 8 NAT Figure 8-3 Port Forwarding Settings - Example One 8.1.5.2 Example Two An organization wants a LAN server (IP Address: 192.168.16.100) to open ftp service (Protocol: TCP; Port: 20, 21) to the outside users. And the Device will use 2020 and 2021 as the external ports and the WAN2 IP address (200.200.201.18 in this example) as the external IP address. As the ftp service uses two ports, so we need set the Port Count to 2. Then all the requests for ftp from outside users to 200.
UTT Technologies Chapter 8 NAT from the ISP. Therein, 218.1.21.1/29 is used as the Internet connection¶s gateway IP address, 218.1.21.2/29 is used as the Device¶s WAN1 interfacH¶s IP address. The organization wants a LAN server (IP Address: 192.168.16.88) to open SMTP service (Protocol: TCP; Port: 25) to the outside users. And the Device will use 2025 as the external port and 218.1.21.3 as the external IP address. Firstly, we need to create a NAT rule, and set its External IP Address to 218.1.21.
UTT Technologies 8.2 Chapter 8 NAT DMZ Host This section describes the NAT > DMZ page. 8.2.1 Introduction to DMZ host The DMZ (Demilitarized Zone) host allows one local host to be exposed to the Internet for the use of a special service such as online game or video conferencing. When receiving the requests initiated from outside users, the Device will directly forward these requests to the specified DMZ host.
UTT Technologies Chapter 8 NAT 8.2.2 DMZ Host Settings 8.2.2.1 Global DMZ Host Settings Figure 8-6 Global DMZ Host Settings DMZ IP: It specifies the private IP address of the global DMZ host. ¾ Save: Click it to save the global DMZ host settings. 8.2.2.2 Interface DMZ Host Settings Figure 8-7 Interface DMZ Host Settings WANx DMZ IP: It specifies the private IP address of the interface DMZ host which is bound to the WAN interface.
UTT Technologies Chapter 8 NAT 8.2.3 The Priorities of Port Forwarding and DMZ Host The port forwarding has higher priority than the DMZ host. When receiving a request packet initiated from an outside user, the Device will firstly search the Port Forwarding List to find out if there is a port forwarding rule matching the destination IP address and port of the packet. If a match is found, the Device will forward the packet to the mapped local host.
UTT Technologies 8.3 Chapter 8 NAT NAT Rule 8.3.1 Introduction to NAT The NAT (Network Address Translation) is an Internet standard that is used to map one IP address space (i.e., Intranet) to another IP address space (i.e., Internet).
UTT Technologies Chapter 8 NAT local network, the LAN server still use the private IP address, which is provided to the LAN hosts to access; and on the Internet, the Device will assign an external IP address to the local server, then the outside users can using this external IP address to access the server through the Device. Ɣ EasyIP: It indicates network address and port translation (NAPT). Since it is the most common type of NAT, it is often simply referred to as NAT.
UTT Technologies Chapter 8 NAT as its external IP address. It allows you bind multiple port forwarding rules to the same EasyIP NAT rule. Ɣ Only after you have configured an Internet connection, you can create a NAT rule which is bound to this Internet connection; and only after you have configured an EasyIP NAT rule, you can create a port forwarding rule which is bound to this EasyIP NAT rule. 8.3.1.
UTT Technologies Chapter 8 NAT LAN hosts (that is, the hosts that have not been assigned a preferential channel) to process. On the Device, you can assign different preferential channel for different LAN hosts. 8.3.2.3 Allocating Traffic according to Connection Bandwidth On the Device, you can designate the ratio of traffic that will be allocated to each Internet connection in advance.
UTT Technologies Chapter 8 NAT Weight. In this case, the NAT sessions initiated from the same IP address will use the same NAT rule, that is, a LAN host will use only one NAT rule to access the Internet. For example, there are three EasyIP NAT rules whose Weights are 3, 2 and 1 respectively.
UTT Technologies Chapter 8 NAT the IP addresses or NAT sessions to each EasyIP NAT rule in turn. Then the Device will effectively control and balance the traffic among multiple Internet connections. 8.3.3 NAT Rule Settings The following sections describe three types of NAT rules respectively, which include: EasyIP NAT (see Figure 8-8), One2One NAT (see Figure 8-9), and Passthrough NAT (see Figure 8-10).
UTT Technologies Chapter 8 NAT external IP address; and it is non-editable. A user-defined NAT rule¶s external IP address can be neither 0.0.0.0 nor the WAN interface¶s IP address, that is, you can only use the other public IP addresses provided by your ISP as its external IP addresses. Start Internal IP Address and End Internal IP Address: They specify the internal address range of the NAT rule. The LAN hosts that belong to this address range will preferential use the NAT rule.
UTT Technologies Chapter 8 NAT Bind to: It specifies an Internet connection to which the NAT rule is bound. The LAN hosts that match the NAT rule will access the Internet through this Internet connection. Description: It specifies the description of the NAT rule. ¾ Save: Click it to save the NAT rule settings. Note 1.
UTT Technologies Chapter 8 NAT NAT Type: It specifies the type of the NAT rule. The available options are EasyIP, One2One, and Passthrough. Here please select Passthrough. Start Internal IP Address and End Internal IP Address: They specify the internal address range of the NAT rule. They are usually public IP addresses provided by the ISP.
UTT Technologies Chapter 8 NAT the related information will be displayed in the setup page. Then modify it, and click the Save button. ¾ Delete NAT Rule(s): If you want to delete one or more NAT rules, select the leftmost check boxes of them, and then click the Delete button. 8.3.5 How to Add the NAT Rules If you want to add one or more NAT rules, do the following: Step 1 Please decide the type of the NAT rule.
UTT Technologies Chapter 8 NAT 2. A system reserved NAT rule¶s external IP address is 0.0.0.0, which means that the rule will use the related WAN interface¶s IP address as its external IP address; and it is non-editable. A user-defined NAT rule¶s external IP address can be neither 0.0.0.0 nor the related WAN interface¶s IP address, that is, you can only use the other public IP addresses provided by your ISP as its external IP addresses. 3.
UTT Technologies Chapter 8 NAT Figure 8-12 EasyIP NAT Rule Settings - Example Step 3 Enter 218.1.21.3 in the External IP Address text box, enter 192.168.16.10 in the Start Internal IP address text box, and enter 192.168.16.100 in the End Internal IP address text box. Step 4 Enter 2 in the Weight text box. Step 5 Select WAN1 from the Bind to drop-down list. Step 6 Click the Save button to save the settings.
UTT Technologies Chapter 8 NAT Figure 8-13 Network Topology for One2One NAT Rule Configuration Example The business employees will share a single public IP address of 202.1.1.130/29 to access the Internet. The LAN¶s subnet number is 192.168.16.0, and subnet mask is 255.255.255.0. And the business want to use the remaining four public IP addresses (from 202.1.1.131/29 to 202.1.1.
UTT Technologies Chapter 8 NAT Figure 8-14 One2One NAT Rule Settings - Example Step 3 Enter 202.1.1.131 in the Start External IP Address text box, enter 192.168.16.200 in the Start Internal IP address text box, and enter 192.168.16.203 in the End Internal IP address text box. Step 4 Select WAN1 from the Bind to drop-down list. Step 5 Click the Save button to save the settings. Till now you have finished configuring the NAT rule, and then you can view its related configuration in the NAT Rule List.
UTT Technologies Chapter 8 NAT Figure 8-15 Network Topology for Passthrough NAT Rule Configuration Example 2. Analysis Firstly we need configure a static IP Internet connection on the WAN1 interface in the Basic > WAN page or through the Quick Wizard. After you have configured the Internet connection, the Device will automatically create the related system reserved NAT rule, and also enable NAT.
UTT Technologies Chapter 8 NAT Figure 8-16 Passthrough NAT Rule Settings - Example Step 3 Enter 202.96.100.2 in the Start Internal IP address text box, and enter 202.96.100.30 in the End Internal IP address text box. Step 4 Select WAN2 from the Bind to drop-down list. Step 5 Click the Save button to save the settings. Till now you have finished configuring the NAT rule, and then you can view its configuration in the NAT Rule List. http://www.uttglobal.
UTT Technologies 8.4 Chapter 8 NAT UPnP This section describes the NAT > UPnP page. The Universal Plug and Play (UPnP) is architecture that implements zero configuration networking, that is, it provides automatic IP configuration and dynamic discovery of the UPnP compatible devices from various vendors.
UTT Technologies Chapter 8 NAT The UPnP is enabled on the LAN interface by default. 8.4.2 UPnP Port Forwarding List Figure 8-18 UPnP Port Forwarding List ID: It is used to identify each UPnP port forwarding rule in the list. Internal IP: It displays the IP address of the LAN host. Internal Port: It displays the service port provided by the LAN host. Protocol: It displays the transport protocol used by the service. Remote IP: It displays the IP address of the remote host.
UTT Technologies Chapter 9 PPPoE Server Chapter 9 PPPoE Server 9.1 Introduction to PPPoE The PPPoE stands for Point-to-Point Protocol over Ethernet, which uses client/server model. The PPPoE provides the ability to connect the Ethernet hosts to a remote Access Concentrator (AC) over a simple bridging access device. And it provides extensive access control management and accounting benefits to ISPs and network administrators.
UTT Technologies Chapter 9 PPPoE Server 1. PADI (PPPoE Active Discovery Initiation): At the beginning, a PPPoE client broadcasts a PADI packet to find all the servers that can be connected possibly. Until it receives PADO packets from one or more servers. The PADI packet must contain a service name which indicates the service requested by the client. 2. PADO (PPPoE Active Discovery Offer): When a PPPoE server receives a PADI packet in its service range, it will send a PADO response packet.
UTT Technologies Chapter 9 PPPoE Server 9.1.4 PPPoE Session Termination After a session is established, either the server or client may send a PADT (PPPoE Active Discovery Terminate) packet at anytime to indicate the session has been terminated. The PADT packet¶s SESSION-ID must be set to indicate which session is to be terminated. Once received a PADT, no further PPP packets (even normal PPP termination packets) are allowed to be sent using the specified session.
UTT Technologies Chapter 9 PPPoE Server Enable PPPoE Server: It allows you to enable or disable PPPoE server. If you want to enable PPPoE server on the Device, please select this check box. Only after you have enabled PPPoE server, you can configure the other parameters in this page. Start IP Address: It specifies the starting IP address that is assigned by the PPPoE server. Number of Addresses: It specifies the maximum number of IP addresses that can be assigned to the PPPoE clients.
UTT Technologies Chapter 9 PPPoE Server through the Device, please select this option. The one exception is that you select an address group from Exception drop-down list. Exception: It specifies an address group that is exempt from the restriction of Only Allow PPPoE Users.
UTT Technologies 9.3 Chapter 9 PPPoE Server PPPoE Account This section describes the PPPoE > PPPoE Account page, which includes the PPPoE Account Settings, PPPoE Account List, Import Accounts and PPPoE Account Billing. 9.3.1 PPPoE Account Settings In the PPPoE > PPPoE Account > PPPoE Account Settings page, you can configure PPPoE account related parameters, which include basic parameters, rate limit parameters and security parameters. Figure 9-4 PPPoE Account Settings http://www.uttglobal.
UTT Technologies Chapter 9 PPPoE Server User Name: It specifies a unique user name of the PPPoE account. It should be between 1 and 31 characters long. The PPPoE server will use User Name and Password to identify the PPPoE client. Password: It specifies the password of the PPPoE account. Description: It specifies the description of the PPPoE account. ¾ Advanced Options: Click it to view and configure advanced parameters. In most cases, you need not configure them.
UTT Technologies Chapter 9 PPPoE Server reaches the specified megabytes. Refer to section 9.3.4 PPPoE Account Billing for more information. Max. Sessions: It specifies the maximum number of PPPoE sessions that can be created by using the current PPPoE account. Account/MAC Binding: It specifies the type of PPPoE account and MAC address binding. The available options are None, Auto and Manual.
UTT Technologies Chapter 9 PPPoE Server 2. The PPPoE IP/MAC binding has higher priority than the PPPoE account/IP binding, that is, if an IP/MAC binding and account/IP binding have the same IP address, the Device will assign this IP address to the user that matches the IP/MAC binding. The IP/MAC binding is configured in the PPPoE > PPPoE IP/MAC > IP/MAC Binding Settings page. 3.
UTT Technologies Chapter 9 PPPoE Server select the leftmost check boxes of them, and then click the Delete button. 9.3.3 Import Accounts The PPPoE > PPPoE Account > Import Accounts page provides PPPoE accounts import function to simplify operation. When you want to create a great deal of PPPoE accounts, you can import them at a time in the page. You can edit them in Notepad, and then copy them to the Import Accounts list box; also you can directly enter them in the Import Accounts list box.
UTT Technologies Chapter 9 PPPoE Server 9.3.4 PPPoE Account Billing 9.3.4.1 Introduction to PPPoE Account Billing Mechanism PPPoE Account Billing is a specific function of UTT Series Security Firewalls. It provides a billing mechanism. According to different Accounting Mode, the UTT Device will start to run the billing mechanism by Date, Hour or Traffic.
UTT Technologies Chapter 9 PPPoE Server 9.3.4.2 PPPoE Account Billing By Date If you want to create a PPPoE Billing Account by date, you can go to PPPoE > PPPoE Account > PPPoE Account Settings page and set the Accounting Mode as By Date, see Figure. Figure 9-8 PPPoE Account Billing By Date Accounting Mode: It specify the accounting mode of the PPPoE billing account. Here select By Date. Account Opening Date: It specify the opening date of the PPPoE account.
UTT Technologies Chapter 9 PPPoE Server Figure 9-9 PPPoE Account Billing By Hour Accounting Mode: It specify the accounting mode of the PPPoE billing account. Here select By Hour. Hours: It specify the max online time(by hour) of the PPPoE account. The device will accumulate the online time of the PPPoE account, once the online time reaches the max online time, the account cannot be used because it¶s been disabled by the UTT device. 0 means no limit, the account will be always enabled. Note 1.
UTT Technologies Chapter 9 PPPoE Server Tx. Traffic: It specify the max Tx. Traffic of the PPPoE account. The device will accumulate the upload traffic of the PPPoE account, once the accumulative upload traffic reaches the Tx. Traffic, the account cannot be used because it¶s been disabled by the UTT device. 0 means no limit for upload traffic. Rx. Traffic: It specify the max Rx. Traffic of the PPPoE account.
UTT Technologies Chapter 9 PPPoE Server server will always assign this address to the PPPoE dial-in host specified by the MAC Address. It must be a valid IP address in the range of address pool configured in the PPPoE > Global Settings page. MAC Address: It specifies the MAC address of a PPPoE dial-in host. Description: It specifies the description of the PPPoE IP/MAC binding. ¾ Save: Click it to save the PPPoE IP/MAC binding settings. Note 1.
UTT Technologies Chapter 9 PPPoE Server ¾ Add a PPPoE IP/MAC Binding: If you want to add a new PPPoE IP/MAC binding, click the New button or select the IP/MAC Binding Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ Edit a PPPoE IP/MAC Binding: If you want to modify a configured PPPoE IP/MAC binding, click its Edit hyperlink, the related information will be displayed in the setup page. Then modify it, and click the Save button.
UTT Technologies 9.5 Chapter 9 PPPoE Server PPPoE Status In the PPPoE > PPPoE Status page, you can view the status and usage information of each online PPPoE dial-in user. If a PPPoE dial-in user has established the PPPoE session to the Device successfully, you can view the assigned IP address, MAC address, Rx Rate and Tx Rate of the user, online time and session ID of the PPPoE session. Figure 9-13 PPPoE Status List User Name: It displays the PPPoE user name.
UTT Technologies http://www.uttglobal.
UTT Technologies 9.6 Chapter 9 PPPoE Server Configuration Example for PPPoE Server 1. Requirements In this example, an organization¶s administrator wants the LAN users to act as the PPPoE clients to dial up to the Device. And it only allows the PPPoE dial-in users to access the Internet through the Device. The exception is the CEO with IP address 192.168.16.2. When acting as a PPPoE server, the Device dynamically will assign the IP addresses to the LAN users.
UTT Technologies Step 3 Chapter 9 PPPoE Server Go to the PPPoE > Global Settings > Internet Access Control page, select the Only Allow PPPoE Users check box, and select CEO from the Exception drop-down list. The CEO address group only includes one IP address: 192.168.16.2, which is configured in the Security > Address Group page. Figure 9-15 Internet Control Settings - Example 2˅ Configuring PPPoE Accounts Step 1 Go to the PPPoE > PPPoE Account > PPPoE Account Settings page.
UTT Technologies Chapter 9 PPPoE Server Figure 9-16 Configuring the Universal PPPoE Account - Example Step 3 Creating the advanced PPPoE Account whose user name is Advanced. See the following figure, enter Advanced in the User Name, enter test2 in the Password, enter advanced account in the Description, and enter 10 in the Max. Sessions text box. Leave the default values for the other parameters. Then click the Save button to save the settings. http://www.uttglobal.
UTT Technologies Chapter 9 PPPoE Server Figure 9-17 Configuring the Advanced PPPoE Account - Example 3˅ Configuring a PPPoE IP/MAC Binding Step 1 Go to the PPPoE > PPPoE IP/MAC > IP/MAC Binding Settings page. Step 2 See the following figure, enter 10.0.0.50 in the IP Address, and enter 0021859b4544 in the MAC Address, then click the Save button to save the settings. Figure 9-18 Configuring a PPPoE IP/MAC Binding ± Example http://www.uttglobal.
UTT Technologies 9.7 Chapter 9 PPPoE Server PPPoE Account Expiration Notice The UTT series security firewalls provide PPPoE account expiration notice feature to remind a PPPoE dial-in user periodically that his/her account is going to expire. Then the user can avoid the loss due to the account expiration. When you have enabled PPPoE account expiration notice and the account is going to expire, the Device will pop up a notice message to remind the user.
UTT Technologies Chapter 9 PPPoE Server 9.7.1 PPPoE Account Expiration Notice by Date Figure 9-19 PPPoE Account Expiration Notice by Date PPPoE Account Expiration Notice Mode: It specifies the PPPoE account expiration notice mode. Here select By Date. Enable Notice by Date: It allows you to enable or disable the PPPoE account expiration notice by date. If you want to enable this feature, please select this check box. Remaining Days: It specifies the remaining days before account expires.
UTT Technologies ¾ Chapter 9 PPPoE Server Preview: Click it to preview the notice message you just configured. The following figure shows an example of a notice message. Figure 9-20 PPPoE Account Expiration Notice Preview ± Example 1 ¾ Back to Setup Page: Click it to go back to the PPPoE > PPPoE Notice > Expiration Notice page. http://www.uttglobal.
UTT Technologies Chapter 9 PPPoE Server 9.7.2 PPPoE Account Expiration Notice by Hours Figure 9-21 PPPoE Account Expiration Notice by Hours PPPoE Account Expiration Notice Mode: It specifies the PPPoE account expiration notice mode. Here select By Hours. Enable Notice by Hours: It allows you to enable or disable the PPPoE account expiration notice by hours. If you want to enable this feature, please select this check box.
UTT Technologies ¾ Chapter 9 PPPoE Server Preview: Click it to preview the notice message you just configured. The following figure shows an example of a notice message. Figure 9-22 PPPoE Account Expiration Notice Preview ± Example 2 ¾ Back to Setup Page: Click it to go back to the PPPoE > PPPoE Notice > Expiration Notice page. http://www.uttglobal.
UTT Technologies Chapter 9 PPPoE Server 9.7.3 PPPoE Account Expiration Notice by Traffic Figure 9-23 PPPoE Account Expiration Notice by Traffic PPPoE Account Expiration Notice Mode: It specifies the PPPoE account expiration notice mode. Here select By Traffic. Enable Notice by Traffic: It allows you to enable or disable the PPPoE account expiration notice by traffic. If you want to enable this feature, please select this check box.
UTT Technologies Chapter 9 PPPoE Server Notice Title: It specifies the title of the notice message. Signature: It specifies the signature of the notice message. Notice Content: It specifies the content of the notice message. ¾ Save: Click it to save your settings. ¾ Preview: Click it to preview the notice message you just configured. The following figure shows an example of a notice message. Figure 9-24 PPPoE Account Expiration Notice Preview ± Example 3 Note 1.
UTT Technologies Chapter 10 QoS Chapter 10 QoS This chapter describes how to control and manage Internet bandwidth of the LAN users, including global settings, rate limit rule settings and P2P rate limit settings. 10.1 Introduction to Bandwidth Management 10.1.
UTT Technologies Chapter 10 QoS 10.1.2 Token Bucket Algorithm As bandwidth management feature provided by the UTT products is based on token bucket algorithm, this section describe token bucket in brief. Token bucket algorithm is one of the most common algorithms which are used for network traffic shaping and rate limiting. Typically, token bucket algorithm is used to control the amount of data injected into a network, and it allows bursts of data to be sent.
UTT Technologies Chapter 10 QoS 10.1.3 Implementation of Bandwidth Management Using intelligent bandwidth management based on token bucket algorithm, the Device can flexibly control the upload and download bandwidth of the LAN hosts. There are four process mechanisms depending on the bandwidth utilization: 1. When the bandwidth utilization level is idle, each LAN host is likely to obtain its maximum bandwidth. 2.
UTT Technologies Chapter 10 QoS 10.2 Rate Limit Global Settings Figure 10-1 Rate Limit Global Settings Enable Rate Limit: It allows you to enable or disable rate limit. If you select the check box to enable rate limit, the configured rate limit rules will take effect. Else the rate limit rules will be of no effect. Capacity: It specifies the maximum number of network devices (PC or other network device) that can be connected to the Device at the same time.
UTT Technologies Chapter 10 QoS 10.3 Rate Limit Rule You can create rate limit rules based on source IP address, destination IP address, protocol type (TCP, UDP or ICMP), port, schedule, and so on. Note that if you want the rate limit rules to take effect, please make sure that the Enable Rate Limit check box is selected in the QoS > Global Settings page. 10.3.
UTT Technologies Chapter 10 QoS Figure 10-2 Rate Limit Rule Settings Source: It specifies the IP addresses of the LAN hosts to which the rate limit rule applies. There are two available options: Ɣ Addresses: Select it to enter the start and end addresses in the associated text boxes. Ɣ Address Group: Select it to choose an address group from the associated drop-down list. By default, the Address Group radio button is selected, and its value is Any Address.
UTT Technologies Chapter 10 QoS bandwidth, please select NoLimit. Min. Rx Bandwidth: It specifies the guaranteed download bandwidth allocated to the LAN hosts or applications that match the rate limit rule. Max. Tx Bandwidth: It specifies the maximum upload bandwidth allocated to the LAN hosts or applications that match the rate limit rule. Max. Rx Bandwidth: It specifies the maximum download bandwidth allocated to the LAN hosts or applications that match the rate limit rule.
UTT Technologies Chapter 10 QoS view, modify or delete address groups. ¾ Edit Service Group: Click it to go to the Security > Service Group page to add, view, modify or delete service groups. ¾ Save: Click it to save the rate limit rule settings. Note If the sum of specified Min. Tx/Rx Bandwidth LV ODUJHU WKDQ WKH ,QWHUQHW FRQQHFWLRQ¶V Uplink/Downlink Bandwidth (configured in the Basic > WAN page), the Device cannot guarantee the specified hosts or applications with minimum upload/download bandwidth.
UTT Technologies Chapter 10 QoS view them in the Rate Limit Rule List. ¾ Edit a Rate Limit Rule: If you want to modify a configured rate limit rule, click its Edit hyperlink, the related information will be displayed in the setup page. Then modify it, and click the Save button.
UTT Technologies Chapter 10 QoS 10.4 P2P Rate Limit This section describes the QoS > P2P Rate Limit page. P2P rate limit feature is specially designed for P2P application. The P2P rate limit has the highest priority, that is, even if you have created rate limit rules for some LAN users in the QoS > Rate Limit Rule page, the P2P traffic of these users is still restricted by P2P rate limit settings.
UTT Technologies Chapter 10 QoS Exception: It specifies an address group that is exempt from the restriction of P2P rate limit settings. If you select an address group here, the P2P traffic of the LAN users in the group will be exempt from the restriction of P2P rate limit settings. The address group is configured in the Security > Address Group page. ¾ Save: Click it to save the P2P rate limit settings. Note 1.
UTT Technologies Chapter 10 QoS 10.5 Application QoS This section describes the QoS > APP QoS page. The Device provides preferential forwarding for some predefined special applications traffic, that is, these applications traffic will be exempt from the restrictions of the rate limit rules configured in the QoS > Rate Limit Rule page. The predefined applications include hot online games, VoIP, Web browsing, VPN and Email.
UTT Technologies Chapter 10 QoS preferential forwarding for VoIP traffic. If you select the check box to enable this feature, the LAN userV¶ VoIP traffic will be exempt from the restriction of the rate limit rules. The VoIP applications mainly include: Network Phone, Video Conference, etc. Enable Preferential Forwarding for Web Traffic: It allows you to enable or disable preferential forwarding for Web traffic.
UTT Technologies Chapter 10 QoS We need to do the following settings: Ɣ Set the Internet connection¶s Uplink Bandwidth and Downlink Bandwidth to 10240 Kbit/s and 20480 Kbit/s respectively. Ɣ Enable rate limit and set the Capacity to 100 in the QoS > Global Settings page. Ɣ Create one rate limit rule to set guaranteed bandwidth for each LAN host: Min. Tx Bandwidth is 100 Kbit/s, and Min. Rx Bandwidth is 200 Kbit/s.
UTT Technologies Chapter 10 QoS Figure 10-7 Rate Limit Rule Settings - Example One Step 4 Go to the QoS > P2P Rate Limit page (see Figure 10-8), select the Enable P2P Rate Limit check box, and select 64K from the Max. Tx Rate drop-down list, and select 128K from the Max. Rx Rate drop-down list. Leave the default values for the other parameters. Lastly click the Save button. Figure 10-8 P2P Rate Limit Settings - Example One http://www.uttglobal.
UTT Technologies Chapter 10 QoS 10.6.2 Example Two 1. Requirements In this example, an Internet café has a single Internet connection with uplink bandwidth 50 Mbit/s and downlink bandwidth 100 Mbit/s. And the number of network devices is approximately 100. The Internet café consists of three areas: Video Area, Online Game Area, and Common Area. There are 30 hosts in Video Area, 30 hosts in Online Game Area, and 40 hosts in Common Area. The IP address ranges of the areas are as follows: Ɣ Video Area: 192.
UTT Technologies Chapter 10 QoS 3. Configuration Procedure Step 1 Go to Security > Address Group page to create two address groups: One is for the Video Area, and it contains the IP addresses from 192.168.16.2 to 192.168.16.40; the other is for the Online Game Area, and it contains the IP addresses from 192.168.16.41 to 192.168.16.80; and here we assume their names are video and game respectively.
UTT Technologies Chapter 10 QoS the Min. Rx Bandwidth drop-down list, and select Mid from the Bandwidth Priority drop-down list. Leave the default values for the other parameters. lastly click the Save button. Figure 10-10 Rate Limit Rule 2 Settings - Example Two Step 6 Creating rate limit rule 3: Go to the QoS > Rate Limit Rule > Rate Limit Rule Settings page (see Figure 10-11), select video from the Source Address Group, select 2M from the Min. Tx Bandwidth drop-down list, select 4M from the Min.
UTT Technologies Chapter 10 QoS Figure 10-11 Rate Limit Rule 3 Settings - Example Two Step 7 Go to the QoS > APP QoS page (see Figure 10-12), select the Enable Preferential Forwarding for Web Traffic check box, and then click the Save button. Figure 10-12 Enable Preferential Forwarding for Web Traffic- Example Two http://www.uttglobal.
UTT Technologies http://www.uttglobal.
UTT Technologies Chapter 11 Restriction Chapter 11 Restriction This chapter describes how to configure personal settings for each LAN user, Internet behavior management, policy database, QQ whitelist, notice and Web Authentication feature; and how to view the related status information. 11.
UTT Technologies Chapter 11 Restriction moreover, you can go to the Restriction > User Admin > Internet Behavior page to configure the personal Internet behavior management parameters for the user. If you move your mouse over the IP Address hyperlink, it will display the current effective settings of the user. MAC Address: It displays the MAC address of the LAN user. Binding Status: It indicates whether the LAN user is binding or not.
UTT Technologies Chapter 11 Restriction Note You can configure IP/MAC binding users in the Security > IP/MAC Binding > IP/MAC Binding Settings page, configure PPPoE IP/MAC binding users in the PPPoE > PPPoE IP/MAC > IP/MAC Binding Settings page, and configure DHCP manual binding users in the DHCP > DHCP Server > Manual Binding Settings page. 11.1.
UTT Technologies Chapter 11 Restriction selected user, see Figure 11-3. For detailed description of the related parameters, refer to section 11.2.1 Internet Behavior Management Settings. Figure 11-3 Personal Internet Behavior Management Settings http://www.uttglobal.
UTT Technologies Chapter 11 Restriction 11.2 Internet Behavior Management This section describes the Restriction > Behavior Mgmt page. In this page, you can easily control and manage the Internet behaviors of the LAN users, which include: allow or block the LAN users from using popular IM (e.g., QQ, MSN) and P2P applications (e.g., Bit Comet, Bit Spirit, Thunder Search), downloading the files with the extension .exe, .dll, .vbs, .com, .bat or .
UTT Technologies Chapter 11 Restriction 11.2.1 Internet Behavior Management Policy Settings Figure 11-4 Internet Behavior Management Policy Settings Address Group: It specifies an address group to which the Internet behavior management policy applies. The Device will control and manage the Internet behaviors of the LAN users that belong to this address group according to the policy. The address group is configured in the Security > Address Group page.
UTT Technologies Chapter 11 Restriction Description: It specifies the description of the Internet behavior management policy. It is usually used to describe the purpose of the policy. IM: You can allow or block some popular IM (Instant Message) applications, which include QQ, MSN, Ali Wangwang, WebQQ and Fetion. z Block QQ: Allow or block QQ application. If you want to block the specified LAN users (set by Address Group) from using QQ to chat with others, please select this check box.
UTT Technologies Chapter 11 Restriction z Block Sogou Search: Allow or block Sogou search application. If you want to block the specified LAN users from using Sogou to search resources, please select this check box. z Block PPLive: Allow or block PPLive application. If you want to block the specified LAN users from using PPLive to play videos, please select this check box. z Block QVOD: Allow or block QVOD (Quasi Video on Demand) application.
UTT Technologies Chapter 11 Restriction LAN users from playing Aion game, please select this check box. z Block Kartrider Rush: Allow or block Kartrider Rush application. If you want to block the specified LAN users from playing Kartrider Rush game, please select this check box. Web: You can allow or block downloading some predefined types of files over HTTP, and submitting input in the webpage. z Block Files: Allow or block downloading some predefined types of files over HTTP.
UTT Technologies Chapter 11 Restriction box. ¾ Save: Click it to save the Internet behavior management policy settings. Note 1. If a function option of an internet behavior management policy is not in effect as desired, please go to the Restriction > Policy Database > Policy Database List to check whether its corresponding policy database is the latest or not. Refer to section 11.3.2 Policy Database List for more information about how to update a policy database. 2.
UTT Technologies Chapter 11 Restriction Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ View Internet Behavior Management Policy(s): When you have configured some Internet behavior management policies, you can view them in the Behavior Mgmt. List. ¾ Enable an Internet Behavior Management Policy: The Enable check box is used to enable or disable the corresponding Internet behavior management policy.
UTT Technologies Chapter 11 Restriction 11.3 Policy Database This section describes the Restriction > Policy Database page. Note In this document the policy database is called PDB for short. 11.3.1 Introduction to Policy Database This page allows you to not only view the PDBs in the Policy Database List, but also upload and update PDBs. By introducing PDB, we can add a group of policies into a PDB; and we also provide PDB online update function to greatly facilitate the users.
UTT Technologies Chapter 11 Restriction 11.3.2 Policy Database List Figure 11-6 Policy Database List Name: It displays the name of the PDB. Type: It displays the type of the PDB. Now the Device provides four types of policy databases: Route, Firewall, Dns and Website. Description: It displays the description of the PDB. It is usually used to describe the purpose of the PDB. Referenced: It indicates whether the PDB is referenced or not.
UTT Technologies Chapter 11 Restriction 1. You cannot delete the system default PDBs. 2. By default, the Policy Database List only displays the system default PDBs, which include CNC, TEL, QQ, MSN, BT, Thunder, GAMEURL, STOCKURL, FileType, and upload. It allows you to customize firewall PDBs and modify the system default firewall PDBs via CLI. 3. Only the system default PDBs can be updated.
UTT Technologies Chapter 11 Restriction Check Time: It specifies a time at which PDB version check will be triggered. If you select Automatically from the Policy Database Version Check drop-down list, you should set the Check Time as required. ¾ Save: Click it to save the PDB version check settings.
UTT Technologies Chapter 11 Restriction 11.4 QQ Whitelist The Device provides QQ whitelist feature, which allows you to add some QQ numbers into the QQ Whitelist, then those QQ numbers will be exempt from the restriction of the Internet behavior management policies configured in the Restriction > Behavior Mgmt. > Behavior Mgmt. Settings page, that is, the LAN users still can use those QQ numbers to login to QQ even if you have blocked these users from using QQ by policies. 11.4.
UTT Technologies Chapter 11 Restriction QQ Number: It specifies a unique QQ number. It should be a number less than 11 digits. The QQ number will be exempt from the restriction of the Internet behavior management policies, that is, a LAN user still can use this QQ number to login to QQ even if you have blocked the user from using QQ by a policy. Description: It specifies the description of the QQ number. ¾ Save: Click it to save the QQ whitelist settings. 11.4.
UTT Technologies 11.5 Configuration Chapter 11 Restriction Example for Internet Behavior Management 1. Requirements In 2011, a business CEO wants to control online behavior of the employees. He wants to block all the predefined IM and P2P applications, online games, game and stock websites during working time, but allow all the Internet services during rest periods. But there are some exceptions which are as follows: Ɣ The CEO and vice CEO can access the Internet without any restrictions.
UTT Technologies Chapter 11 Restriction Ɣ Go to the Security > Address Group page to create two address groups, one is for the two CEOs, and it contains two IP addresses: 192.168.16.4 and 192.168.16.5; the other is for Customer Service and Sales Departments¶ employees, and it contains two IP address ranges: from 192.168.16.50 to 192.168.16.70, and from 192.168.16.100 to 192.168.16.120. Here we assume the first group¶s name is Directors, and the second group¶s name is CSD_SD. Refer to section 12.6.
UTT Technologies Chapter 11 Restriction Figure 11-12 Internet Management Behavior Example - Policy 1 Step 3 Creating Policy 2: Select CSD_SD from the Address Group drop-down list, select work from the Schedule drop-down list, select all the check boxes in P2P, Games and DNS configuration fields, and then click the Save button, see Figure 11-13. http://www.uttglobal.
UTT Technologies Chapter 11 Restriction Figure 11-13 Figure 11-9 Internet Management Behavior Example - Policy 2 Step 4 Creating Policy 3: Select Directors from the Address Group drop-down list, select Always from the Schedule drop-down list, and unselect all the check boxes in the page, and then click the Save button, see Figure 11-14. http://www.uttglobal.
UTT Technologies Chapter 11 Restriction Figure 11-14 Internet Management Behavior Example - Policy 3 Step 5 Go to Restriction > QQ Whitelist page, select the Enable QQ Whitelist check box, and click the Save button, see Figure 11-15. Click the New button to go to the QQ Whitelist Settings page to add the first QQ number (i.e., 21586375) into the QQ Whitelist, and then add the other four QQ numbers one by one, see Figure 11-16.
UTT Technologies Chapter 11 Restriction Figure 11-16 Internet Management Behavior Example -QQ Whitelist http://www.uttglobal.
UTT Technologies Chapter 11 Restriction 11.6 Notice This section describes the Restriction > Notice page. 11.6.1 Introduction to Notice The Device provides notice feature which is used to push notice messages to the specified LAN users. After you enable notice feature, if a specified LAN user accesses the Internet via a web browser (e.g., IE, Firefox), the Device will automatically push a notice message to the user. The Device provides one-time notice and daily notice.
UTT Technologies Chapter 11 Restriction Figure 11-17 One-Time Notice Settings - Customized Mode Enable One-Time Notice: It allows you to enable or disable one-time notice. If you want to enable one-time notice, please select this check box. Address Group: It specifies an address group to which the notice message will be pushed. When you enable one-time notice, the Device will directly push the notice message to the LAN users that belong to this address group.
UTT Technologies Chapter 11 Restriction advance; thus, if a specified LAN user accesses the Internet via a web browser, the requested web page will automatically jump to the specified URL to display the notice. Notice Title: It specifies the title of the notice message. If you select Customized from the Notice Mode check box, you need set it. Signature: It specifies the signature of the notice message. If you select Customized from the Notice Mode check box, you need set it.
UTT Technologies Chapter 11 Restriction Figure 11-19 One-Time Notice Settings - URL Mode Note 1. If the Device pushes a notice message to a LAN user who hasn¶t launched a web browser, it will fail to push; and once the user launched the web browser and accessed an Internet domain name or IP address, he/she will receive the notice message immediately.
UTT Technologies Chapter 11 Restriction Figure 11-20 Daily Notice Settings Enable Daily Notice: It allows you to enable or disable daily notice. If you want to enable daily notice, please select this check box. Please refer to section 11.5.2.1 One-Time Notice Settings for detailed description of the other parameters. 11.7 Web Authentication UTT series security firewalls provide Web authentication feature. This new feature will enhance network security.
UTT Technologies Chapter 11 Restriction 11.7.2 Web Authentication User Account Settings Figure 11-22 Web Authentication User Account Settings User Name: It specifies a unique user name of the web authentication account. It should be between 1 and 31 characters long. The Device will use the User Name and Password to authenticate a user. Password: It specifies the password of the web authentication account. Description: It specifies the description of the web authentication account.
UTT Technologies Chapter 11 Restriction ¾ Add a Web Authentication User Account: If you want to add a web authentication user account, click the New button or select the User Account Settings tab to go to setup page, and then configure it, lastly click the Save button. ¾ Edit a Web Authentication User Account: If you want to modify a configured web authentication user account, click its Edit hyperlink, the related information will be displayed in the setup page. Then modify it, and click Save button.
UTT Technologies Chapter 11 Restriction Save button, the system will pop up a prompt page (see figure 11-14). Figure 11-25 Web Authentication Prompt Page Note Do not close the prompt page; else, the user cannot access the Internet. http://www.uttglobal.
UTT Technologies Chapter 12 Security Chapter 12 Security This chapter describes how to configure security features, including attack defense, IP/MAC binding, firewall, DNS filtering, NAT session limit, address group, service group and schedule. 12.1 Attack Defense This section describes the Security > Attack Defense page, which includes internal attack defense and external attack defense. 12.1.
UTT Technologies Chapter 12 Security Figure 12-1 Internal Attack Defense Settings 1. Virus Attacks Defense Enable Blaster Virus Defense: It allows you to enable or disable anti-blaster virus defense. If you select the check box to enable this feature, it will effectively protect the Device against blaster and sasser virus attacks.
UTT Technologies Chapter 12 Security exceeds the threshold, the Device will consider that the LAN host with IP address 192.168.16.66 is performing UDP flood attack, and then randomly discard the further UDP packets from that source to that destination. In most cases, leave Threshold the default value. Enable ICMP Flood Defense: It allows you to enable or disable ICMP flood defense. If you select this check box to enable this feature, it will effectively protect the Device against ICMP flood attack.
UTT Technologies Chapter 12 Security 3) Only allow the LAN hosts that belong to the range specified by Allowed IP Addresses to access the web or telnet service provided by the Device, but block the other hosts. 4) Block LAN hosts from accessing any other services provided by the Device. Allowed IP Addresses: It specifies an address range of the allowed LAN hosts.
UTT Technologies Chapter 12 Security Enable WAN Ping Respond: It allows you to enable or disable WAN ping respond. If you select the check box to enable WAN ping respond, all the Device¶s WAN interfaces will respond to ping requests from the outside hosts. ¾ Save: Click it to save the external attack defense settings. http://www.uttglobal.
UTT Technologies Chapter 12 Security 12.2 IP/MAC Binding This section describes the Security > IP/MAC Binding page. 12.2.1 Introduction to IP/MAC Binding 12.2.1.1 IP/MAC Overview To achieve network security management, you should firstly implement user identification, and then you should implement user authorization. Section 12.3 Security > Firewall describes how to configure and use access control rules to control the Internet behaviors of the LAN users.
UTT Technologies Chapter 12 Security Undefined User: An undefined user¶s IP address and MAC address both are different from any IP/MAC binding. The undefined users are all the users except legal and illegal users. It allows the legal users to access the Device and access the Internet through the Device, and denies the illegal users.
UTT Technologies Chapter 12 Security Figure 12-3 IP/MAC Binding List - Example One Then, when receiving a packet initiated from LAN, the Device will process it according to the following cases: 1. A packet with IP address 192.168.16.65 and MAC address 00:15:c5:67:41:0f is allowed to pass, and then it will be further processed by the firewall access control function module. 2. A packet with IP address 192.168.16.65 but with a different MAC address is dropped immediately to prevent IP spoofing. 3.
UTT Technologies Chapter 12 Security Figure 12-4 IP/MAC Binding List - Example Two Note 1. If you have added the IP and MAC address pair of a trusted LAN host in the IP/MAC Binding List, and later changed this host¶s IP address or MAC address, you must also change the corresponding binding in the IP/MAC Binding List; otherwise the host cannot access the Device and Internet.
UTT Technologies Chapter 12 Security 12.2.2 IP/MAC Binding Settings Figure 12-5 IP/MAC Binding Settings ¾ Scan: If you click the Scan button, the Device will immediately scan the LAN to detect active hosts connected to the Device, learn and display dynamic ARP information (that is, IP and MAC address pairs). Note that if you have added a LAN host¶s IP and MAC address pair in the IP/MAC Binding List, this IP/MAC address pair will not be displayed here.
UTT Technologies Chapter 12 Security 12.2.3 IP/MAC Binding Global Setup Figure 12-6 IP/MAC Binding Global Setup Allow Undefined LAN PCs: It allows or blocks the undefined LAN hosts from accessing the Device and access the Internet through the Device. If you want to allow the undefined LAN hosts to access the Device and Internet, select this check box; else unselect it. For more information about undefined LAN hosts, please refer to section 12.2.1.2 Operation Principle of IP/MAC Binding.
UTT Technologies Chapter 12 Security 12.2.4 IP/MAC Binding List Figure 12-7 IP/MAC Binding List ¾ Add an IP/MAC Binding: If you want to add a new IP/MAC binding, click the New button or select the IP/MAC Binding Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ Edit an IP/MAC Binding: If you want to modify a configured IP/MAC binding, click its Edit hyperlink, the related information will be displayed in the setup page.
UTT Technologies Step 2 Chapter 12 Security There are two methods to add IP/MAC bindings: 1) Method One: Click the Scan button to learn current dynamic ARP information (that is, IP and MAC address pairs) of the LAN hosts, and then click the Bind button to bind all the valid IP and MAC address pairs in the list box. 2) Method Two: You can manually add one or more IP/MAC address pairs in the list box, and then click the Bind button to bind these IP/MAC address pairs. Refer to section 12.2.
UTT Technologies Chapter 12 Security can configure an Internet blacklist for these users. Then only the users that belong to the blacklist cannot access the Internet, and all the other users can access. On the Device, a user who belongs to the whitelist is a legal user, that is, the user¶s IP and MAC address pair matches an IP/MAC binding whose Allow Internet Access check box is selected.
UTT Technologies Chapter 12 Security Figure 12-8 IP/MAC Binding List - Example Three 12.2.6.3 How to Configure Internet Blacklist If you want to configure an Internet blacklist, do the following: Step 1 Go to the Security > IP/MAC Binding page, and then click the New button or select the IP/MAC Binding Settings tab to go to the setup page. Step 2 Specify the illegal users by creating the IP/MAC bindings.
UTT Technologies Chapter 12 Security Figure 12-9 IP/MAC Binding List - Example Four http://www.uttglobal.
UTT Technologies Chapter 12 Security 12.3 Firewall This section describes the Security > Firewall page, which includes the Access Control List and ACL Settings subpages. The access control rules that you have created will be listed in the Access Control List. Note that by default the rules are listed in reverse chronological order of creation, and it allows you to manually move a rule to a different position in the list. 12.3.1 Introduction to Access Control 12.3.1.
UTT Technologies Chapter 12 Security valid packets received by the LAN interface. After you have enabled access control, the Device will examine each packet received by the LAN interface to determine whether to forward or drop the packet, based on the criteria you specified in the access control rules.
UTT Technologies Chapter 12 Security you only allow a LAN user to access Web service, and block any other service, then the rule that allows the user to access Web service should be listed above the rule that denies the user to access any other service. 12.3.1.
UTT Technologies lan dns dhcp pass generic Chapter 12 Security It is used to allow the LAN users to access the Device¶s LAN interface. And it is the first rule, but it is implicit and not displayed in the list. It is used to allow the DNS packets to pass by default. It is used to allow the DHCP packets to pass by default. It is a global rule for IP packets. By default, it is used to allow all the IP packets to pass. And it is always listed and displayed at the bottom of the list.
UTT Technologies Chapter 12 Security Also, you can directly specify the source or destination IP addresses, or services of access control rules in this page. The following describes the definitions of a rule¶s parameters. Figure 12-10 Access Control Rule Settings Action: It determines the action of the access control rule. There are two available options: Ɣ Allow: It indicates that the Device will allow the packets that match the rule to pass, that is, the Device will forward these packets.
UTT Technologies Chapter 12 Security Source: It specifies the source IP addresses of the packets to which the access control rule applies. There are two options: Ɣ Addresses: Select it to enter the start and end addresses in the associated text boxes. Ɣ Address Group: Select it to choose an address group from the associated drop-down list. By default, the Address Group radio button is selected, and its value is Any Address.
UTT Technologies Chapter 12 Security You can create the IP address groups in the Security > Address Group page or service groups in the Security > Service Group page firstly, and then reference them by name in the source or destination address group, or service group fields of access control rules. And if the addresses or service ports are consecutive, you also can directly specify the source or destination IP addresses, or services of rules in this page. 12.3.
UTT Technologies Chapter 12 Security ¾ Add an Access Control Rule: If you want to add a new access control rule, click the New button or select the ACL Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ View Access Control Rule(s): When you have configured some access control rules, you can view them in the Access Control List.
UTT Technologies Ɣ Customer Service Department: 192.168.16.31~192.168.16.60 Ɣ Financial Department: 192.168.16.61~192.168.16.70 Ɣ Sales Department: 192.168.16.71~192.168.16.100 Chapter 12 Security The CEO wants to control Internet behaviors of the Technology and Financial Departments¶ employees: 1. Allow them to access WEB and FTP services during working time. 2. Deny them to access all other services during working time. 3. Allow them to access any service during rest periods.
UTT Technologies Chapter 12 Security Figure 12-13 The Schedule of work Settings - Example 1 Step 2 Go to the Security > Address Group > Address Group Settings page to create an address group for the Technology and Financial Departments¶ employees. It includes two address ranges: one is from 192.168.16.2 to 192.168.16.30, the other is from 192.168.16.61 to 192.168.16.70, and here we assume its name is TD_FD, see Figure 12-14.
UTT Technologies Chapter 12 Security Figure 12-15 The Service Group of WEB_FTP Settings - Example 1 Step 4 Go to the Security > Firewall > ACL Settings page to configure rule 1, see Figure 12-16: select Allow from the Action, select work from the Schedule, select TD_FD from the Source Address Group drop-down list, select Any Address from the Destination Address Group drop-down list, and select WEB_FTP from the Service Group drop-down list, lastly click the Save button to save the settings. http://www.
UTT Technologies Chapter 12 Security Figure 12-16 The Access Control Rule 1 Settings - Example 1 2˅ Configuring Access Control Rule 2 Go to the Security > Firewall > ACL Settings page to create rule 2, see Figure 12-17: select Deny from the Action, select work from the Schedule, select TD_FD from the Source Address Group drop-down list, select Any Address from the Destination Address Group drop-down list, and select Any Service from the Service Group drop-down list, lastly click the Save button to save t
UTT Technologies Chapter 12 Security Figure 12-17 The Access Control Rule 2 Settings - Example 1 3˅ Enabling Access Control You should enable access control feature to let access control rules take effect, see Figure 12-18. Figure 12-18 Enable Access Control - Example 1 12.3.5.2 Example Two 1. Requirements A company uses the Device as a network access device. The requirements are as follows: 1) Block an outside user with IP address 202.106.11.22 from attacking a LAN user with http://www.uttglobal.
UTT Technologies Chapter 12 Security IP address 200.200.200.251 maliciously; 2) Block all the LAN users from accessing the websites which contain illegal content. Here we take pornography for example. 2. Analysis We need to create two access control rules to meet requirements: Ɣ Rule 1: It is used to protect the LAN user with IP address 200.20.200.251 against attack from outside IP address 202.106.11.22.
UTT Technologies Chapter 12 Security Figure 12-20 The Address Group of Outside Settings - Example 2 Step 2 Go to the Security > Firewall > ACL Settings page to configure rule 1, see Figure 12-21: select Deny from the Action, select Always from the Schedule, select Inside from the Source Address Group drop-down list, select Outside from the Destination Address Group drop-down list, and select Any Service from the Service Group drop-down list, lastly click the Save button to save the settings.
UTT Technologies Chapter 12 Security Figure 12-21 The Access Control Rule 1 Settings - Example 2 2˅ Configuring Access Control Rule 2 Step 1 Go to the Security > Service Group page, enter Pornography in the Name text box, select Keyword from the Service Type drop-down list, select the New radio button, enter pornography in the Keyword text box, and then click ==> to move the specified keyword to the Service Members list box, lastly click the Save button. http://www.uttglobal.
UTT Technologies Chapter 12 Security Figure 12-22 The Access Control Rule 2 Settings - Example 2 Step 2 Go to the Security > Firewall > ACL Settings page to create rule 2, see Figure 12-23: select Deny from the Action, select Always from the Schedule, select Any Address from the Source Address Group drop-down list, select Any Address from the Destination Address Group drop-down list, and select Pornography from the Service Group drop-down list, lastly click the Save button to save the settings.
UTT Technologies Chapter 12 Security Figure 12-23 The Access Control Rule 2 Settings - Example 2 3˅ Enabling Access Control You should enable access control feature to make the configured access control rules take effect, see Figure 12-24. Figure 12-24 Enable Access Control - Example 2 http://www.uttglobal.
UTT Technologies Chapter 12 Security 12.4 Domain Filtering This section describes the Security > Domain Filtering page. 12.4.1 Domain Filtering Settings Figure 12-25 Domain Filtering Settings Enable Domain Filtering: It allows you to enable or disable domain filtering. If you select the check box to enable domain filtering, the configured domain filtering entries will take effect. Else, the domain filtering entries will be of no effect. Filtering Mode: It specifies the mode of domain filtering.
UTT Technologies ¾ Chapter 12 Security Save: Click it to save the domain filtering settings. Note 1. The matching rule of domain filtering is whole words matching, that is, only a domain name matches the whole words of the domain name in the Domain Name List, the Device will block or allow it according to the Filtering Mode. 2. You can use the wildcard "*" in a domain name to match multiple domain names. For example, if you have created www.163.
UTT Technologies Chapter 12 Security Figure 12-26 Domain Blocking Notice Enable Domain Blocking Notice: It allows you to enable or disable domain blocking notice. If you want to enable domain blocking notice, please select this check box. In this case, if a LAN user accesses a domain name which is blocked by the Device, the Device will pop up a notice message to remind the user.
UTT Technologies Chapter 12 Security ¾ Save: Click it to save domain blocking notice settings. ¾ Preview: Click it to preview the notice message you just configured. The following figure shows an example of a notice message. Figure 12-27 Domain Name Blocking Notice Preview Note Only after you have enabled domain filtering and chosen the Only Block Domain Names in Domain Name List as the filtering mode, the Device will pop up the domain blocking notice messages to the LAN users. 12.
UTT Technologies Chapter 12 Security 12.5.1 NAT Session Limit Rule Settings Figure 12-28 NAT Session Limit Rule Settings IP Addresses and To: They specify the start IP address and end IP address of the LAN hosts to which the NAT session limit rule applies. Please enter the start IP address in the first text box, and the end IP address in the second text box. The Device provides a default NAT session limit rule. Its start IP address and end IP address both are 0.0.0.
UTT Technologies Chapter 12 Security 1. When using NAT session limit function, the Device will search the Session Limit List to find out if there is a rule that matches a LAN host. It will check the host¶s IP address against each rule in the order in which the rules are listed. After a match is found, no further rules will be checked. Note that the rules are listed in reverse chronological order of creation, the later the rule is created, and the upper the rule is listed. 2.
UTT Technologies Chapter 12 Security ¾ Enable a NAT Session Limit Rule: The Enable check box is used to enable or disable the corresponding NAT session limit rule. The default value is selected, which means the NAT session limit rule is in effect. If you want to disable the NAT session limit rule temporarily instead of deleting it, please click it to remove the check mark.
UTT Technologies Chapter 12 Security 12.6 Address Group This section describes the Security > Address Group page. 12.6.1 Introduction to Address Group An address group can contain up to ten address members. A member may be an address range or address group. And an address group may contain address ranges only, or address groups only, or both.
UTT Technologies Chapter 12 Security 12.6.2 Address Group Settings Figure 12-30 Address Group Settings Name: It specifies a unique name of the address group. It should be between 1 and 11 characters long. Zone: It specifies a network zone to which the address group belongs. New: Select it to add a new address range to the group. Existing: Select it to display the configured address groups. Address Members: It displays the members of the address group.
UTT Technologies Chapter 12 Security 1. The Name of an address group is case insensitive. For example, the address group test or TEST is the same group. You must pay attention to it when creating an address group. 2. If an address group (e.g., group A) has already included another address group (e.g., group B), then the address group A cannot be added to any other address group. 12.6.
UTT Technologies Chapter 12 Security the Security > Firewall page or rate limit rule in the QoS > Rate Limit Rule page. If you actually want to delete it, please remove all the references firstly. 12.6.4 How to Add the Address Groups If you want to add one or more address groups, do the following: Step 1 Go to the Security > Address Group page, and then click the New button or select the Address Group Settings tab to go to the setup page. Step 2 Specify the Name of the address group.
UTT Technologies Chapter 12 Security list box to the left editable list, and then modify the Start Address and/or End Address, lastly click ==> to move the modified address range to the Address Members list box again. 2) Step 4 If you want to delete an address member, select the member in the Address Members list box, and then click the Delete button. Click the Save button to save the changes to make them take effect. http://www.uttglobal.
UTT Technologies Chapter 12 Security 12.7 Service Group This section describes Security > Service Group page. 12.7.1 Introduction to Service Group The Device provides five service types including general service, URL, Keyword, DNS and MAC address for the service group. Then the service groups can be used to match the protocol type (TCP, UDP or ICMP), port number, content, source MAC address of packets that are received by the Device.
UTT Technologies Chapter 12 Security 12.7.2 Service Group Settings Figure 12-32 Service Group Settings Name: It specifies a unique name of the service group. It should be between 1 and 11 characters long. Service Type: It specifies the service type of the service group. The Device provides five service types, which include General Service, URL, Keyword, DNS and MAC. z General Service: It is used to match the source port, destination port and protocol type of the packets.
UTT Technologies Chapter 12 Security New: Select it to add a new service to the group. For different Service Types, you need configure different parameters. Existing: Select it to display the service groups that you have configured. If you select General Service from the Service Type drop-down list, it will also display the system predefined services here. The Device provides 38 predefined services. Service Members: It displays the members of the service group.
UTT Technologies Chapter 12 Security 12.7.3 Service Group List Figure 12-33 Service Group List ¾ Add a Service Group: If you want to add a new service group, click the New button or select the Service Group Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ View Service Group(s): When you have configured some service groups, you can view them in the Service Group List.
UTT Technologies Chapter 12 Security Step 1 Go to the Security > Service Group page, and then click the New button or select the Service Group Settings tab to go to the setup page. Step 2 Specify the Name of the service group. Step 3 Select the type from the Service Type drop-down list. Step 4 Add services to the group. There are two methods to add them.
UTT Technologies Chapter 12 Security 12.8 Schedule This section describes the Security > Schedule page. 12.8.1 Introduction to Schedule The schedule feature lets you define schedules that can be applied to various time-related features, e.g., dial schedule, rate limit rule, access control rule, etc. The schedule is identified by a name and then referenced by a function, so that those time restrictions are imposed on the function itself.
UTT Technologies Chapter 12 Security 12.8.2 Schedule Settings Figure 12-34 Schedule Settings Schedule Name: It specifies a unique name of the schedule. It should be between 1 and 11 characters long. Start Date and End Date: They specify when the schedule begins and ends. If exceed the specified range, the schedule will be of no effect. The date is in the range of 1989-1-1 through 2050-12-31. If you want the schedule to be in effect for ever, set both of Start Date and End Date to 1990-1-1.
UTT Technologies Chapter 12 Security (Mon-Fri) and Weekends (Sat-Sun). Daily Start Time and Daily End Time: They specify a daily start time and end time during which the schedule is active. The default values of them are 00:00:00 and 23:59:59 respectively. Note that the time should be entered in the format HH:MM:SS and it is expressed in 24-hour clock. For example, 06:30:00 is 06:30:00 am and 18:30:00 is 06:30:00 pm. ¾ Save: Click it to save the schedule settings.
UTT Technologies Chapter 12 Security the Save button. ¾ Delete Schedule(s): If you want to delete one or more schedules, select the leftmost check boxes of them, and then click the Delete button. ¾ View a Schedule¶s Details: If you want to view the details of a configured schedule, click its Details hyperlink, then the schedule details page will be displayed (see Figure 12-36). Furthermore, if the schedule is referenced, the related information will be displayed too. Figure 12-36 Schedule Details 12.
UTT Technologies Chapter 12 Security in the Schedule List, and then click the Delete button. 12.8.5 Configuration Example for Schedule 1. Requirements In 2011, a business CEO wants to control online behavior of the sales department¶s employees. He only allows them to access WEB service during working time, but allows them to access all the Internet services during rest periods. The working time is: Monday to Friday, 9:00 to 12:00 am, and 1:00 to 6:00 pm. 2.
UTT Technologies Chapter 12 Security Figure 12-37 Schedule Settings Example Step 2 Enter work in the Schedule Name text box. Step 3 Enter 2011-1-1 in the Start Date, and enter 2011-12-31 in the End Date. Step 4 Configuring the two periods of the schedule respectively. Step 5 1) Configuring Period 1: Select Weekdays (Mon-Fri) from the Days of the Week drop-down list, enter 09:00:00 in the Daily Start Time, and enter 11:59:59 in the Daily End Time.
UTT Technologies Chapter 13 System Chapter 13 System This chapter describes how to manage the Device, including how to configure administrator accounts, system time, remote admin, Web server, and how to upgrade firmware, backup and restore configuration, and restart the Device. 13.1 Administrator In the System > Administrator page, you can add, view, modify and delete the administrator accounts. 13.1.
UTT Technologies Chapter 13 System password can be modified. ¾ x Execute: It gives the administrator the ability to view and configure the Device via the Web UI, except the Status > Session Monitor page. Note: This page will only display the current login administrator¶s information, and only the password can be modified. x Admin: It gives the administrator the full administrative privileges to view and configure the Device via the Web UI. Save: Click it to save the administrator account settings.
UTT Technologies Chapter 13 System ¾ Add an Administrator Account: If you want to add a new administrator account, click the New button or select the Administrator Settings tab to go to the setup page, and then configure it, lastly click the Save button. ¾ View Administrator Account(s): When you have configured some administrator accounts, you can view them in the Administrator List.
UTT Technologies Chapter 13 System 13.2 System Time In the System > Time page, you can view and configure the system time. To ensure that the time-related functions (e.g., DDNS, Schedule) work well, you should set the right time on the Device. You can manually configure the system time or enable SNTP (Synchronize with SNTP Server) to automatically synchronize time from a designated SNTP server on the Internet.
UTT Technologies Chapter 13 System default value is 192.43.244.18), and the Server 2 is the first backup server (the default value is 129.6.15.28), and the Server 3 is the second backup server (the default value is 0.0.0.0). Figure 13-4 System Time - Set Time Manually ¾ Save: Click it to save the system time settings. Note To find an NTP server with which you can synchronize your Device, please refer to the Website: http://www.ntp.org/. http://www.uttglobal.
UTT Technologies Chapter 13 System 13.3 Firmware Upgrade In the System > Upgrade page, you can view the current firmware version information and upgrade the firmware. 13.3.1 Save Firmware Figure 13-5 Save Firmware to Local PC The following figure describes the firmware version details: Figure 13-6 Firmware Version Details ¾ Backup Firmware to Local PC: Click the Save button to save the current running firmware to your local PC.
UTT Technologies Chapter 13 System 13.3.2 Firmware Upgrade Figure 13-7 Upgrade Firmware To upgrade the Device¶s firmware, do the following: Step 1 Download the Latest Firmware Click the Download Firmware hyperlink to download the latest firmware from the website of UTT Technologies Co., Ltd. Note 1. Please select the proper firmware that must accord with your product hardware platform. 2.
UTT Technologies Chapter 13 System Note 1. It is strongly recommended that you upgrade firmware when the Device is under light load. 2. If you upgrade firmware timely, the Device will have more functionality and better performance. The right upgrade will not change the Device¶s current settings. 3. The Device will take several minutes to upgrade its firmware. During this process, do not power off the Device and perform any other operation to avoid damaging it. 13.
UTT Technologies Chapter 13 System Figure 13-9 Restore Configuration Reset to Factory Defaults before Restore: If you select this check box, it will reset the Device to factory default settings before importing the configuration file; else import the file directly. Configuration File: Click the Browse button to choose an appropriate configuration file or enter the file path and name in the text box. ¾ Restore: Click it to import the selected configuration file.
UTT Technologies Chapter 13 System 13.5 Remote Admin This section describes System > Remote Admin page. As the Device has built-in firewall function, it will block all requests initiated from the Internet by default. To remotely configure and manage the Device via Internet, you should enable the HTTP remote management. Figure 13-11 Remote Admin Settings HTTP: It allows you to enable or disable HTTP remote management. Select this check box to enable HTTP remote management via Internet.
UTT Technologies Chapter 13 System Device via Internet. 4. Once you enable the HTTP remote management, the system will automatically create two port forwarding rules: their IDs are http and telnet respectively. You can go to the NAT > Port Forwarding page to view them in the Port Forwarding List. 5. Please enable the HTTP remote management before asking a UTT customer engineer for the technical support. http://www.uttglobal.
UTT Technologies Chapter 13 System 13.6 WEB Server In the System > WEB Server page, you can specify the port number that the Device Web service uses to listen for HTTP requests from the LAN hosts. Figure 13-12 WEB Server Port: The port number that the Web server uses to listen for HTTP requests from the LAN hosts. The default port number is 80. If it has been changed, you should enter http://Device¶s LAN IP address: port number (e.g., http://192.168.16.1:88) to access the Device.
UTT Technologies http://www.uttglobal.
UTT Technologies Chapter 13 System 13.7 Restart The System > Restart page lets you restart the Device. Figure 13-13 Restart the Device ¾ Restart: Click it to restart the Device. If you click the Restart button, the system will pop up a prompt dialog box (see Figure 13-19). Then you can click OK to restart the Device, and the system will jump to a countdown page (see Figure 13-20). Or click Cancel to cancel the operation.
UTT Technologies Chapter 13 System caution. The Device will return to the Status > System Info page after restarted. http://www.uttglobal.
UTT Technologies Appendix A How to Configure Your PC Appendix A How to configure your PC This appendix describes how to install and configure TCP/IP properties for Windows 95 and Windows 98. Step 1: Installing TCP/IP components To install TCP/IP component, do the following: 1. On the Windows taskbar, click Start > Settings > Control Panel. 2. Double-click the Network icon, and select the Configuration tab.
UTT Technologies Appendix A How to Configure Your PC 3. In the TCP/IP properties dialog box, select the IP address tab, and then select the Specify an IP address radio button. Enter 192.168.16.x (x is between 2 and 254, including 2 and 254) in the IP Address box, and enter 255.255.255.0 in the Subnet Mask box. 4. Select the Gateway WDE HQWHU WKH ,3 DGGUHVV RI WKH 'HYLFH¶V /$1 LQWHUIDFH GHIDXOW value is 192.168.16.1) in the New gateway box, and then click Add button. 5.
UTT Technologies Appendix A How to Configure Your PC to connect through a Local Area Network (LAN), and click the Next button. 3. Select I want to connect through a Local Area Network radio button, and click the Next button. 4. Uncheck all boxes in the LAN Internet Configuration screen, and click the Next button. 5. In the Set Up Your Internet Mail Account screen, select No and click the Next button. 6. In the Internet Connection Wizard screen, Click Finish button to complete the wizard.
UTT Technologies Appendix B FAQ Appendix B FAQ 1. How to connect the Device to the Internet using PPPoE Step 1 Set your ADSL Modem to bridge mode (RFC 1483 bridged mode). Step 2 Please make sure that your PPPoE Internet connection use standard dial-type. You may use Windows XP built-in PPPoE dial-in client to test. Step 3 Connect a network cable from the ADSL modem to a WAN port of the Device, and connect your telephone line to the ADSL modem¶s line port.
UTT Technologies Appendix B FAQ to the PPPoE connection, see Table B-0-1. Call Syslog Call Result Session Up [x] PPPoE Up 00:0c:f8:f9:66:c6 PPPoE session has been established successfully. Call Connected, on Line1, on Channel 0 Outgoing Call @51:1-1 Call Terminated @clearSession: 1 Failed to establish the physical connection, please check whether the Internet connection is normal. You may use Windows XP built-in PPPoE dial-in client to test.
UTT Technologies Appendix B FAQ Figure B-0-2 PPPoE Connection Settings (Part) Step 8 You may go to the Status > Route Stats page to view the related route information in the Routing Table, such as the Gateway IP Address provided by your ISP, Flag (N should appear, which means NAT is enabled on the route), and so on, see Figure B-0-3. Figure B-0-3 Routing Table - Example 1 Step 9 Configure the LAN hosts according to the steps described in Appendix A How to configure your PC. http://www.uttglobal.
UTT Technologies 2. Appendix B FAQ How to connect the Device to the Internet using Static IP Step 1 Please make sure the Internet connection is normal. You may use your PC to test. Step 2 Connect a network cable from the network device provided by your ISP to a WAN port of the Device. Step 3 Configure the static IP Internet connection related parameters in the Basic > WAN page or through the Quick Wizard. Refer to section 6.2.2.2 Static IP Internet Connection Settings for more information.
UTT Technologies 3. Appendix B FAQ How to connect the Device to the Internet using DHCP Step 1 Please make sure the Internet connection is normal. You may use your PC to test. Step 2 Connect a network cable from the Cable modem to a WAN port of the Device. Step 3 Configure the DHCP Internet connection related parameters in the Basic > WAN page or through the Quick Wizard. Refer to section 6.2.2.3 DHCP Internet Connection Settings for more information.
UTT Technologies Appendix B FAQ Figure B-0-6 Routing Table - Example 3 Step 6 Configure the LAN hosts according to the steps described in Appendix A How to configure your PC. http://www.uttglobal.
UTT Technologies 4. Appendix B FAQ How to reset the Device to factory default settings The following describes how to reset the Device to factory default settings. There are two cases depending on whether you remember the administrator password or not. Note 1) The reset operation will clear all the custom settings on the Device, so do it with caution. 2) Here we take Windows XP for example.
UTT Technologies Appendix B FAQ HyperTerminal check box, and then click OK. Figure B-0-7 New Connection - Term9600 Step 3 The Connect To dialog box appears, see Figure B-0-8. From the Connect using drop-down list, select the COM port that links your PC to the Device (COM3 in this example), and then click OK button. http://www.uttglobal.
UTT Technologies Appendix B FAQ Figure B-0-8 Choose a COM Port - Term9600 Step 4 The COM port properties dialog box appears (see Figure B-0-9). Select 9600 from Bits per second, 8 from Data bits, None from Parity, 1 from Stop bits, None from Flow control, and then click OK button. Figure B-0-9 COM Port Properties - Term9600 Step 5 Now the HyperTerminal is started and ready for use, see Figure B-0-10. http://www.uttglobal.
UTT Technologies Appendix B FAQ Figure B-0-10 HyperTerminal Window - Term9600 Step 6 Directly press key, the Device will acknowledge active connection with the ³Login´ prompt, see Figure B-0-11. Enter the administrator user name (Default in this example) at the prompt and press key. Then the ³Password´ prompt appears; enter the password (test in this example) at the prompt and press key.
UTT Technologies Appendix B FAQ Figure B-0-11 Login to the Device - Term9600 Step 7 Enter nvramc at the prompt and press key (see Figure 8-12); the Device will immediately restore to factory default settings and restart itself. Once restarted, you can use the system default administrator account to login to the Device via Web UI. Note that by default, the LAN interface IP address is 192.168.16.1, and the administrator user name is Default (case sensitive) with a blank password. http://www.
UTT Technologies Appendix B FAQ Figure B-0-12 Reset to Factory Default Settings - Term9600 4-2 Case Two: Forget the administrator password If you forget the administrator password, you can use the following two ways to reset the Device to factory default settings. Note that only when the Device has a reset button, you can use the first way; and only when the Device has a terminal port, you can use the second way. ¾ The first way: Reset the Device to factory default settings via Reset Button.
UTT Technologies Step 2 Appendix B FAQ Click Start > Programs > Accessories > Communications > HyperTerminal, the first screen that appears is the New Connection dialog box, see Figure B-0-13; enter a name (Term115200 in this example) in the Name text box, and then click OK button.
UTT Technologies Appendix B FAQ Figure B-0-14 Choose a COM Port - Term115200 Step 4 The COM port properties dialog box appears (see Figure B-0-15). Select 115200 from Bits per second, 8 from Data bits, None from Parity, 1 from Stop bits, None from Flow control, and then click OK button. http://www.uttglobal.
UTT Technologies Appendix B FAQ Figure B-0-15 COM Port Properties - Term115200 Step 5 Now the HyperTerminal is started and ready for use, see Figure B-0-16. Figure B-0-16 The HyperTerminal Window - Term115200 Step 6 Restart the Device and immediately enter ast (lower case) in three seconds, then the ³Ast>´ prompt appears, see Figure B-0-17. Note that if failed to appear, please try several times until the ³Ast>´ prompt appears. http://www.uttglobal.
UTT Technologies Appendix B FAQ Figure B-0-17 Login to the Device - Term115200 Step 7 Enter nv at the prompt and press key (see Figure B-0-18), the Device will immediately restore to the factory default settings. The appearance of ³(UDVLQJ 195$0«««'RQH´ means that the Device has restored to the factory default settings successfully. Once you have restarted the Device, you can use the system default administrator to login to the Device via Web UI.
UTT Technologies Appendix B FAQ Figure B-0-18 Reset to Factory Default Settings - Term115200 http://www.uttglobal.
UTT Technologies 5. Appendix B FAQ How to use CLI Rescue Mode In most cases, the Device can normally boot or reboot in Normal Startup Mode. However, sometimes you are unable to start the Device in Normal Startup Mode due to configuration errors, forgetting the administrator password or other reasons. To solve this problem, we provide Rescue Mode in the Device with ReOS 5.0 or a latter version.
UTT Technologies Appendix B FAQ Figure B-0-19 New Connection - Rescue Step 3 The Connect To dialog box appears, see Figure B-0-20. From the Connect using drop-down list, select the COM port that links your PC to the Device (COM3 in this example), and then click OK button. Figure B-0-20 Choose a COM port - Rescue http://www.uttglobal.
UTT Technologies Step 4 Appendix B FAQ The COM port properties dialog box appears (see Figure B-0-21). Select 9600 from Bits per second, 8 from Data bits, None from Parity, 1 from Stop bits, None from Flow control, and then click OK button. Figure B-0-21 COM Port Properties - Rescue Step 5 Now the HyperTerminal is started and ready for use, see Figure B-0-22. http://www.uttglobal.
UTT Technologies Appendix B FAQ Figure B-0-22 The HyperTerminal Window - Rescue Step 6 Restart the Device; and during restarting, once the ³***booting with factory default configurationˈplease press Ctrl~C 3 times nowʽ***´ prompt appears, please immediately press keys three consecutive times within three seconds. Then the appearance of ³BREAK detected, skip restore user nvram profile by _restoreUserNvramTask.´ prompt means that the system has booted into Rescue Mode successfully.
UTT Technologies Appendix B FAQ Figure B-0-23 Boot into Rescue Mode - Rescue Step 7 After the Device has booted into Rescue Mode, you can use the system default administrator account to login to the Device. Enter Default at the ³Login´ prompt and press key, see Figure 8-24Then the ³Password´ prompt appears; directly press key.
UTT Technologies Appendix B FAQ Figure B-0-24 Login to Rescue Mode Configuration Interface - Rescue Step 8 In Rescue Mode configuration interface, see Figure B-0-25, if you enter show running-config at the prompt and press key, it will only output firmware version information, but not output any custom settings, which means that the system is running with the factory default settings; if you enter show nvram at the prompt and press key, it will output not only firmware version informati
UTT Technologies Appendix B FAQ Figure B-0-25 View Settings - Rescue Note In Rescue Mode, it will only save the settings you have made in Rescue Mode configuration interface by write command, and all of your original custom settings will be lost.
UTT Technologies 6. Appendix B FAQ IP/MAC Binding and Access Control This section mainly describes the characteristics of the IP/MAC binding and access control functions, and the relationship between them. Its purpose is to help you better understand them, and use them to flexibly control and manage the Internet behaviors of the LAN users to enhance network security.
UTT Technologies Appendix B FAQ control and manage the Internet behaviors of the LAN users. The latter is implemented by access control function module. 2) In most cases, you can create an access control rule for a group of users. If some users have the privileges of accessing the Internet, you can create an address group for these hosts even their IP addresses are discontinuous.
UTT Technologies Ɣ 2) Appendix B FAQ Undefined User: An undefined user¶s IP address and MAC address both are different from any IP/MAC binding. The undefined users are all the users except legal and illegal users. User authorization (i.e.
UTT Technologies Appendix B FAQ 9˅ Go to the Security > Firewall page to create access control rules for each address group respectively. http://www.uttglobal.
UTT Technologies 7. Appendix B FAQ How to find out who uses the most bandwidth? By viewing the NAT Statistics list in the Status > NAT Stats page, you can find out the LAN user who uses the most bandwidth. A. How to find out who has downloaded the most packets? Query the Rx Packets in the NAT Statistics list: the larger value means the more downloaded packets. The most Rx Packets means the corresponding LAN user has downloaded the most packets from the Internet. B.
UTT Technologies 8. Appendix B FAQ How to troubleshoot faults caused by worm viruses or hacker attacks on the Device? Note Each of the following points can only be used as a reference for network troubleshooting, but cannot be used as a basis for finding a network virus or attack. A.
UTT Technologies Appendix B FAQ applications on that suspicious host, and then run an effective antivirus software, lastly restart or reinstall the operating system. B. How to find out who is attacking an Internet host with DoS/DDoS A DoS attack (denial-of-service attack) or DDoS attack (distributed denial-of-service attack) is an attempt to make a host resource unavailable to its intended users.
UTT Technologies Appendix B FAQ You can view the NAT Statistics list in the Status > NAT Stats page to find out if there is a LAN host whose Tx Packets is very large but Rx Packets is very small or zero. If a host meets the above conditions and KDVQ¶W XVHG DQ\ /$1 VHUYHU the host is likely to be infected with Code Red worm virus. D.
UTT Technologies Appendix B FAQ crashes or restarts itself; there is a process named avserve.exe, avserve2.exe or skynetave.exe in Task Manager; there is a virus file named avserve.exe, avserve2.exe or skynetave.exe in the system directory; system is running extremely slow, and CPU usage is 100%. http://www.uttglobal.
UTT Technologies 9. Appendix B FAQ How to enable WAN ping respond? To facilitate debugging and testing your Internet connections, the Device provides Enable WAN Ping Respond feature; that is, it allows you to ping each WAN interface¶s IP address to detect whether each Internet connection is normal. The operation is as follows: Go to the Security > Attack Defense > External Defense page, select the Enable WAN Ping Respond check box, and then click the Save button.
UTT Technologies Appendix C Common IP Protocols Appendix C Common IP Protocols Protocol Name Protocol Number Full Name IP 0 Internet Protocol ICMP 1 Internet Protocol Message Protocol IGMP 2 Internet Group Management GGP 3 Gateway-Gateway Protocol IPINIP 4 IP in IP Tunnel Driver TCP 6 Transmission Control Protocol EGP 8 Exterior Gateway Protocol IGP 9 Interior Gateway Protocol PUP 12 PARC Universal Packet Protocol UDP 17 User Datagram Protocol HMP 20 Host Monitoring Prot
UTT Technologies Appendix D Common Service Ports Appendix D Common Service Ports Service Name Port Protocol echo 7 tcp echo 7 udp discard 9 tcp discard 9 udp systat 11 tcp Active users systat 11 udp Active users daytime 13 tcp daytime 13 udp qotd 17 tcp Quote of the day qotd 17 udp Quote of the day chargen 19 tcp Character generator chargen 19 udp Character generator ftp-data 20 tcp FTP, data ftp 21 tcp FTP.
UTT Technologies Appendix D Common Service Ports tftp 69 udp gopher 70 tcp finger 79 tcp http 80 tcp World Wide Web kerberos 88 tcp Kerberos kerberos 88 udp Kerberos hostname 101 tcp NIC Host Name Server iso-tsap 102 tcp ISO-TSAP Class 0 rtelnet 107 tcp Remote Telnet Service pop2 109 tcp Post Office Protocol - Version 2 pop3 110 tcp Post Office Protocol - Version 3 sunrpc 111 tcp SUN Remote Procedure Call sunrpc 111 udp SUN Remote Procedure Call auth 113
UTT Technologies Appendix D Common Service Ports irc 194 tcp Internet Relay Chat Protocol ipx 213 udp IPX over IP ldap 389 tcp Lightweight Directory Access Protocol https 443 tcp MCom https 443 udp MCom microsoft-ds 445 tcp microsoft-ds 445 udp kpasswd 464 tcp Kerberos (v5) kpasswd 464 udp Kerberos (v5) isakmp 500 udp Internet Key Exchange exec 512 tcp Remote Process Execution biff 512 udp login 513 tcp who 513 udp cmd 514 tcp syslog 514 udp printer
UTT Technologies Appendix D Common Service Ports kshell 544 tcp new-rwho 550 udp remotefs 556 tcp rmonitor 560 udp monitor 561 udp ldaps 636 tcp LDAP over TLS/SSL doom 666 tcp Doom Id Software doom 666 udp Doom Id Software kerberos-adm 749 tcp Kerberos administration kerberos-adm 749 udp Kerberos administration kerberos-iv 750 udp Kerberos version IV kpop 1109 tcp Kerberos POP phone 1167 udp Conference calling ms-sql-s 1433 tcp Microsoft-SQL-Server ms-sql
UTT Technologies Appendix F Table Index Appendix E Figure Index Figure 0-1 IP/MAC Binding List ................................................................................................. 2 Figure 0-2 NAT Statistics ........................................................................................................... 4 Figure 0-3 Enable DNS Proxy ...................................................................................................
UTT Technologies Appendix F Table Index Figure 5-13 Routing Table ....................................................................................................... 62 Figure 5-14 Session Monitor Settings ..................................................................................... 65 Figure 5-15 NAT Session List .................................................................................................. 67 Figure 5-16 Session Monitor Settings - Example1 ................................
UTT Technologies Appendix F Table Index Figure 7-1 Static Route Settings ............................................................................................ 121 Figure 7-2 Static Route List ................................................................................................... 123 Figure 7-3 Static Route Settings - Example One .................................................................. 124 Figure 7-4 Static Route Settings - Example Two ..........................................
UTT Technologies Appendix F Table Index Figure 7-37 Network Topology where DHCP Server and Clients on Same Subnet .............. 180 Figure 7-38 DHCP Server Global Settings - Example ........................................................... 181 Figure 7-39 DHCP Address Pool Settings - Example (pool1) ............................................... 182 Figure 7-40 DHCP Address Pool Settings - Example (pool2) ...............................................
UTT Technologies Appendix F Table Index Figure 9-1 PPPoE Discovery Stage Flows ............................................................................ 228 Figure 9-2 PPPoE Server Global Settings............................................................................. 230 Figure 9-3 Internet Access Control Settings .......................................................................... 231 Figure 9-4 PPPoE Account Settings ........................................................................
UTT Technologies Appendix F Table Index Figure 11-1 User Status List .................................................................................................. 277 Figure 11-2 Personal Rate Limit Settings .............................................................................. 279 Figure 11-3 Personal Internet Behavior Management Settings............................................. 280 Figure 11-4 Internet Behavior Management Policy Settings .................................................
UTT Technologies Appendix F Table Index Figure 12-12 Access Control List ........................................................................................... 330 Figure 12-13 The Schedule of work Settings - Example 1 .................................................... 333 Figure 12-14 The Address Group of TD_FD Settings - Example 1 ....................................... 333 Figure 12-15 The Service Group of WEB_FTP Settings - Example 1...................................
UTT Technologies Appendix F Table Index Figure 13-11 Remote Admin Settings .................................................................................... 374 Figure 13-12 WEB Server ..................................................................................................... 376 Figure 13-13 Restart the Device ............................................................................................ 378 Figure 13-14 Prompt Dialog Box - Restart the Device ...................................
UTT Technologies Appendix F Table Index Appendix F Table Index Table 0-1 Factory Default Settings of Interfaces ............................................................................... 6 Table 0-2 Document Organization ........................................................................................... 13 Table 1-1 Detailed Specifications ............................................................................................ 22 Table 2-1 Description of the System LEDs on the UTT 2512 ..