R1000, R3000, R4000 Series Release Notes System Software 7.5.1. Copyright August 30, 2007 Funkwerk Enterprise Communications GmbH Version 1.

R1000, R3000, R4000 Series Release Notes System Software 7.5.1 Copyright August 30, 2007 Funkwerk Enterprise Communications GmbH Version 1.0

Purpose This document describes new features, changes, and solved problems of System Software 7.5.1. Liability Trademarks Copyright Guidelines and standards How to reach Funkwerk Enterprise Communications GmbH While every effort has been made to ensure the accuracy of all information in this manual, Funkwerk Enterprise Communications GmbH cannot assume liability to any party for any loss or damage caused by errors or omissions or by statements of any kind in this document and is only liable within the scope of its terms of sale and delivery. The information in this manual is subject to change without notice. Additional information and changes can be found at www.funkwerk-ec.com. As multiprotocol gateways, Bintec gateways set up WAN connections in accordance with the system configuration. To prevent unintentional charges accumulating, the operation of the product should be carefully monitored. Funkwerk Enterprise Communications GmbH accepts no liability for loss of data, unintentional connection costs and damages resulting from unsupervised operation of the product. Bintec and the Bintec logo are registered trademarks of Funkwerk Enterprise Communications GmbH. Other product names and trademarks mentioned are usually the property of the respective companies and manufacturers. All rights are reserved. No part of this publication may be reproduced or transmitted in any form or by any means graphic, electronic, or mechanical including photocopying, recording in any medium, taping, or storage in information retrieval systems, without the prior written permission of Funkwerk Enterprise Communications GmbH. Adaptation and especially translation of the document is inadmissible without the prior consent of Funkwerk Enterprise Communications GmbH. Bintec gateways comply with the following guidelines and standards: R&TTE Directive 1999/5/EG CE marking for all EU countries and Switzerland You will find detailed information in the Declarations of Conformity at www.funkwerk-ec.com. Funkwerk Enterprise Communications GmbH Suedwestpark 94 D-90449 Nuremberg Germany Telephone: +49 180 300 9191 0 Fax: +49 180 300 9193 0 Internet: www.funkwerk-ec.com Funkwerk Enterprise Communications 6 Avenue de la Grande Lande - CS 20102 33173 Gradignan cedex France Telephone: +33 (0)1 61 37 32 76 Fax: +33 (0)1 61 38 15 51 Internet: www.funkwerk-ec.com

1 Important Information.................................... 9 1.1 Validity.................................................... 9 1.2 Incompatibility............................................... 9 1.2.1 Preparation and update................................ 10 1.2.2 Downgrade......................................... 10 1.3 Updating to VoIP........................................... 11 2 New features.......................................... 17 2.1 DSP Module Installation and functional test..................... 18 2.2 Variable switching of ISDN S0 interfaces......................... 23 2.3 VoIP..................................................... 30 2.4 Music on Hold.............................................. 49 2.5 Input/Output chains (pipe).................................... 50 2.6 Enhanced Interface Monitoring................................ 51 2.7 Auto Complete with Tab Key (Tab Completion).................... 53 2.8 New "grep" Command....................................... 54 2.9 Wireless LAN Roaming...................................... 55 2.10 Funkwerk Discovery Server................................... 55 2.11 IP Address Ranges (Pools)................................... 56 2.12 BOOTP Relay.............................................. 59 2.13 PPPoE Passthrough......................................... 61 2.14 PPPoE Multilink............................................ 63 2.15 VLAN and Bridging.......................................... 66 2.16 Multicast.................................................. 73 2.17 Cobion Orange Filter Path depth setting........................ 96 Quick Install Guide bintec User s Guide 3

2.18 UPnP.....................................................97 2.19 Stateful Inspection Firewall Easier to configure...................99 2.20 QoS classification integrated into the Stateful Inspection Firewall.....101 2.21 New DynDNS provider selfhost and NO-IP.....................102 2.22 ISDN login supports ISDN sub-addresses........................103 2.23 ADSL Bit Swapping.........................................103 2.24 Ping command extended.....................................103 2.25 RADIUS: Using several dialup connections and MLPPP simultaneously 103 2.26 Information added to logging output............................104 3 Changes..............................................105 3.1 Configuration software file format changed.......................105 3.2 Expanded DHCP Implementation..............................108 3.3 New DHCP and BootP tables.................................122 3.4 Expanded Ethernet implementation.............................122 3.5 DNS Local Name Servers...................................124 3.6 Modified Channel Options for Wireless LAN......................125 3.7 Modified Wireless LAN VSS Configuration.......................127 3.7.1 IP configuration for wireless networks....................129 3.8 Modified WDS Link Configuration..............................130 3.9 Wireless LAN Advanced Settings..............................131 3.10 Expanded PIN length for UMTS and GSM.......................131 3.11 MGCP Proxy Support ended..................................133 3.12 Support for selected ISDN Layer 1 protocols ended................133 3.13 MIB variable DNSNegotiation changed..........................133 4 bintec User s Guide Quick Install Guide

3.14 ISDN interface behavior changed using active NAT............... 133 3.15 Application Level Gateway................................... 134 3.16 Spanning Tree algorithm removes............................. 134 4 Fixes................................................ 135 4.1 IP - Memory loss.......................................... 135 4.2 System reboot............................................ 135 4.3 Setup Tools crash......................................... 135 4.4 Problems with the system after 194 days........................ 136 4.5 Data transfer via S2M interrupted............................. 136 4.6 HTTP - System information incorrect........................... 136 4.7 Email Alert incompletely disabled.............................. 136 4.8 Restoring the IPSec and X.25 licenses with Easy Licensing failed.... 137 4.9 MS-CHAP Authentication error between Windows clients and router.. 137 4.10 Inadvertent use of MS-CHAPv2 instead of MS-CHAPv1............ 138 4.11 RADIUS - Reload with two servers failed........................ 138 4.12 RIP Failure to Send Next-Hop Information..................... 139 4.13 Stack trace with triggered RIP message........................ 139 4.14 V.42bis Compression missing................................ 139 4.15 DNS - Name resolution failed................................. 139 4.16 MSN not available for outgoing calls........................... 140 4.17 CAPI - Incorrect version number.............................. 140 4.18 CAPI - Unintentional system reboot............................ 140 4.19 Incorrectly deleted NAT entries............................... 140 4.20 PPP - Incomplete CLID check................................ 141 Quick Install Guide bintec User s Guide 5

4.21 PPP - Multi-user entries ignored...............................141 4.22 PPP - Multiple dialup connection usage failed.....................141 4.23 PPP - Authentication for leased lines failed.......................142 4.24 PPP - Unintentional system reboot.............................142 4.25 PPTP - Incorrect value in via IP interface field....................142 4.26 MPPE for X.21 leased line connections failed.....................143 4.27 Inconsistency in Layer 2 mode................................143 4.28 Bugs in the WLAN configuration Wizard.........................143 4.29 WLAN - Automatic key generation for WDS failed.................144 4.30 WLAN - Access point could not be used as DHCP server...........144 4.31 WLAN - SSID with 32 character length problematic................144 4.32 WLAN - Security mode not available............................145 4.33 SIF and NAT Extended passive FTP connections blocked.........145 4.34 SIF - Unintentional filtering...................................145 4.35 SIF - Default entries not loaded................................145 4.36 SIF - Unintentional blocking of data traffic........................146 4.37 SIF - Removing a service group caused a stack trace..............146 4.38 SIF - Unexpected entries in the MIB table........................146 4.39 SIF - System crash during registration with a provider..............147 4.40 VoIP together with SIF failed..................................147 4.41 New start mode for IPSec peers...............................147 4.42 IPSec Wizard - Incomplete messages in the configuration history.....148 4.43 IPSec - Name changed......................................148 4.44 IPSec - Dynamic peer does not work on a virtual interface...........148 6 bintec User s Guide Quick Install Guide

4.45 IPSec - Incorrect name resolution for IPSec peers................ 148 4.46 IPSec - RADIUS reload failed................................ 149 4.47 IPSec - Dynamic peer not functional........................... 149 4.48 IPSec - Automatic CRL import via Event Scheduler not possible..... 149 4.49 IPSec - Panic............................................. 149 4.50 DynVPN callback via voice call failed........................... 150 4.51 X.25 connection failed...................................... 150 4.52 X.25 - Renewed LLC connection failed......................... 150 4.53 SNMP Failed MIB search operations......................... 151 Quick Install Guide bintec User s Guide 7

8 bintec User s Guide Quick Install Guide

Important Information 1 1 Important Information Please carefully read the following information about System Software 7.5.1 to avoid problems when updating or using the software. 1.1 Validity System Software 7.5.1 is only to be used on the following devices and cannot be used on others: R1200 R1200w R1200wu R3000 R3000w R3400 R3800 R4100 R4300 1.2 Incompatibility Configurations created or saved under System Software 7.5.1 are incompatible with the system software versions 7.4.3 and 7.4.5. Nevertheless, please pay attention to the following notes on updates and the downgrade options. System Software Release Notes 9

1 Important Information 1.2.1 Preparation and update If necessary, proceed as follows to prepare for and perform an update to System Software 7.5.1: 1. Save the current boot configuration. Use one of the following methods: a) Enter cmd=save path=boot.alt in the SNMP shell. This saves the current boot configuration to the flash ROM of your gateway using the name "boot.alt". b) Start a TFTP server on your computer in your LAN and export the current boot configuration via the CONFIGURATION MANAGEMENT menu of the Setup Tool. Choose the following: OPERATION = put (FLASH -> TFTP) TFTP SERVER IP ADDRESS = <IP address of the TFTP server in the LAN> TFTP FILE NAME = boot.alt NAME IN FLASH = boot 2. Carry out the update to System Software 7.5.1 as usual and restart the gateway. The gateway starts with the new software, using the existing boot configuration. 1.2.2 Downgrade If you want to perform a downgrade, proceed as follows: 1. Replace the current boot configuration with the previously saved version. Use one of the following methods: a) Enter cmd=move path=boot.alt pathnew=boot in the SNMP shell. This replaces the current boot configuration with the previously saved version. The configuration named "boot.alt" is erased from the flash ROM as part of this process (if you want to keep it in the flash, enter cmd=copy instead of cmd=move). b) Start a TFTP server on your computer in your LAN and import the previously saved boot configuration via the CONFIGURATION MANAGEMENT menu of the Setup tool. Choose the following: 10 Release Notes System Software

Important Information 1 OPERATION = get (TFTP -> FLASH) TFTP SERVER IP ADDRESS = <IP address of the TFTP server in the LAN> TFTP FILE NAME = boot.alt NAME IN FLASH = boot 2. Proceed with the downgrade to the desired software version. 3. Reboot the gateway. The previously saved boot configuration along with the older version of the system software are used on startup. 1.3 Updating to VoIP If you intend to use the new Voice over IP (VoIP) feature of System Software 7.5.1, you may have to carry out an update of the so called Ident Version of your gateway. The necessity to do so depends on the type of your gateway, its serial number and the Ident Version currently stored on your gateway. This update is required for the DSP module to be recognized correctly. The following gateways may be in need to be updated if numbers four and five of the serial number are lower than 17: R1200 R1200w R3000 R3000w R4100. An update is necessary for these gateways if their Ident Version is lower than 1.8. These gateways are: R1200 R1200w R3000 System Software Release Notes 11

1 Important Information R3000w. An update is also necessary for R4100 gateways with an Ident Version lower than 1.71. In order to check if your gateways requires an update, first check the serial number, then the current Ident Version. If the criteria for an update are met, carry out the update. Proceed as follows: 1. Check the serial numbe of your gateway, you will find it printed on the label on the bottom of your gateway, e.g., Serial Number R1D160006100009. 2. Check digit four and five of the serial number. If this number is smaller than 17 (as in the example above), continue by checking the Ident Version of your gateway. If digits four and five constitute a number equal to or larger than 17, no update is required. 3. In order to check the Ident Version, open a serial connection to your gateway and login. Call show rev from the SNMP shell. You will see the Ident Version printed to the console, e.g. V.1.7. Since 1.7 is smaller than any of the values mentioned above (1.71 or 1.8), our example meets the criteria for an update independently of the gateway type. The Ident Version update is carried out via the BOOTmonitor using a BLUP (Bintec Large Update). Attention! Carrying out the Ident Version update involves the risk that the gateway may become unbootable if updating one of the components fails, e.g. through a failing power supply. In this case you will have to send it in to your retailer. Proceed as follows to update the Ident Version: 1. Configure a PC in your local network to act as TFTP server. For a Windows PC you can use the DIME Tools from the Companion CD. 2. Copy the BLUP file (e.g. bl_r1200_r3000_r4100_ident_update.rny from our web server) in to the root directory of the TFTP server in your local network. 12 Release Notes System Software

Important Information 1 3. Reboot the gateway by calling cmd=reboot from the SNMP shell. The gateway reboots, and after a number of messages you will see the following prompt: Press <sp> for boot monitor or any other key to boot system 4. Within four seconds, press the Space Bar to enter BOOTmonitor mode (all values shown below are examples only): R1200 Bootmonitor V.7.5 Rev. 1 from 2007/04/14 00:00:00 Copyright (c) 1996-2007 by Funkwerk Enterprise Communications GmbH (1) Boot System (2) Software Update via TFTP (3) Software Update via XMODEM (4) Delete Configuration (5) Default Bootmonitor Parameters (6) Show System Information Your Choice> 5. Choose 2 and confirm with Enter. You now must enter the IP address of your gateway, the IP address of the TFTP server and the name of the file to be used for updateing (in our case bl_r1200_r3000_r4100_ident_update.rny). Confirm with Enter after each step. Your choice> 2 Enter local IP address [192.168.1.254]: Enter IP address of TFTP server [192.168.1.1]: Enter file name of image [b6105.x8a]: bl_r1200_r3000_r4100_ident_update.rny Are your entries correct (y or n)? 6. Check your settings. If they are correct, press y and confirm with Enter. System Software Release Notes 13

1 Important Information Starting file transfer......ok (553172 bytes received) Checking new image... OK Loaded new image has release 7.5.1.100 Now choose from the following: (u) Update Flash ROM (r) Write image to RAM and start it (e) Exit Enter (u, r or e): 7. To update the software, press r and confirm with Enter. Booting BOSS... boss image started at 0x18d0034 R1200 BLUP V.7.5 Rev. 1 from 2007/04/17 00:00:00 Copyright (c) 1996-2005 by Funkwerk Enterprise Communications GmbH List of files in this update (len 393372): Version Length Name 1.8 131124 Ident 1.8 131124 Ident 1.71 131124 Ident Proceed with update (y or n)? 8. Confirm with y in order to update all necessary components and write them to the Flash memory of your gateway: 14 Release Notes System Software

Important Information 1 *** Don't power-off your router while the update takes place *** Updating Ident Erasing Flash-ROM. OK Writing Flash-ROM. OK Verify Flash-ROM. OK Updating Ident *** Ident image not matchin HW (2) [skipped] Updating Ident *** Ident image not matchin HW (2) [skipped] Rebooting... *** R1200 (Hardware-rev. 1.0, Firmware-Rev. 1.0) *** CPU Check... passed (MPC 8272 @ 400(100.0 MHz) SDRAM Check... passed (32 MByte) FLASH Check... passed (8 MByte) *** Selftest passed *** After rebooting the update is complete and your gateway is ready for Voice over IP. System Software Release Notes 15

1 Important Information 16 Release Notes System Software

New features 2 2 New features System Software 7.5.1 comes with a series of new features that considerably extend the functionality of System Software 7.4.10: DSP Module Installation and functional test on page 18 Variable switching of ISDN S0 interfaces on page 23 VoIP on page 30 Music on Hold on page 49 VoIP on page 30 Enhanced Interface Monitoring on page 51 Auto Complete with Tab Key (Tab Completion) on page 53 New "grep" Command on page 54 Wireless LAN Roaming on page 55 Funkwerk Discovery Server on page 55 IP Address Ranges (Pools) on page 56 BOOTP Relay on page 59 PPPoE Passthrough on page 61 PPPoE Multilink on page 63 VLAN and Bridging on page 66 Multicast on page 73 Cobion Orange Filter Path depth setting on page 96 UPnP on page 97 Stateful Inspection Firewall Easier to configure on page 99 QoS classification integrated into the Stateful Inspection Firewall on page 101 New DynDNS provider selfhost and NO-IP on page 102 System Software Release Notes 17

2 New features ISDN login supports ISDN sub-addresses on page 103 ADSL Bit Swapping on page 103 Ping command extended on page 103 RADIUS: Using several dialup connections and MLPPP simultaneously on page 103 Information added to logging output on page 104 2.1 DSP Module Installation and functional test System Software 7.5.1 now supports an optional DSP module. bintec R1200 / R1200w(u) / R3000 / R3000w / R4100 each feature an internal mini PCI slot for a DSP module. Once installed, these devices can function as VoIP/VoVPN gateways. R1200 / R1200w(u) / R3000 / R3000w: Vinetic DSP module with up to four concurrent high-compression voice channels for VoIP applications. R4100: Vinetic DSP module with up to eight concurrent high-compression voice channels for VoIP applications (only S0, not S2M). AudioCodes DSP module with up to 30 concurrent high-compression voice channels for VoIP applications. Coding and encoding do not place any demand on the system resources of the core hardware. The DSP module supports voice codecs G.711, G.723.1, G.726, G.729a/b. The DSP module converts voice data into speech during the switchover from IP to telephone. In this process, voice data compression causes a reduction in bandwidth. Conversely, this module generates standard phone sounds (dial tone, busy signal etc.) for the IP side. The DSP module is installed as follows: 18 Release Notes System Software

New features System Software 1. Remove the center screw on the back panel of the device and lift the cover up and off. 2. The slot is located on the left-hand side at the front of the device. 3. Plug in the DSP module with the contacts facing the slot and insert the module at a 45 angle into the slot connector. Press the module until it snaps into place in the slot. The contacts should no longer be visible. Release Notes 2 19

2 New features Please make sure to position the slot on the row of DSP module contacts on the slot connector projection. 20 Release Notes System Software

New features 2 4. Press the high side of the DSP module down into a horizontal position until it snaps into place in both metal brackets. A DSP test program is available for versions System Software 7.5.1 and higher. This allows you to quickly confirm that the DSP is connected properly and in working order. Once the DSP module is installed as specified above, begin the test as follows: 1. Enter dsptest into the shell. System Software Release Notes 21

2 New features 2. The following information will be displayed: > r4100:> dsptest > Checking AudioCodes boot status... > Detected AC491 module in slot 5, unit 0 > FPGA status: 1 (OK) > Core 0 status: 2 (OK) > Core 1 status: 2 (OK) > Core 2 status: 2 (OK) > Core 3 status: 2 (OK) > Core 4 status: 2 (OK) > Core 5 status: 2 (OK) > 1 AudioCodes module detected. > Performing functional tests... > Testing AudioCodes module in slot 5, unit 0 > Testing FPGA scratch memory > Walking 1s test: 0 (OK) > Walking 0s test: 0 (OK) > Address test: 0 (OK) > AudioCodes module in slot 5, unit 0 appears to be working > r4100:> 3. The line > Detected AC491 module in slot 5, unit 0 indicates whether the module has been detected by the system. If this message does not appear, the DSP module has not been inserted correctly. In this case, repeat the steps described above. 4. The line > AudioCodes module in slot 5, unit 0 appears to be working indicates whether the DSP module is functioning properly. If this line is displayed, the module should be working correctly. If this message is not displayed or > AudioCodes module in slot 5, unit 0 is broken! is displayed, the slot is either dirty or the DSP module is damaged. In this case, unplug the module, remove any dust from the slot and reinsert the module as described above. If it still does not work, replace the module with a new one. 22 Release Notes System Software

New features 2 2.2 Variable switching of ISDN S0 interfaces System Software 7.5.1 supports switching from external to internal ISDN S0 interfaces. The devices R1200, R1200w, R1200wu, R3000, R3000w, R4100 and R4300 have either two or four ISDN ports. These can all be configured as internal or external connections. External ISDN ports are used to connect to the ISDN network of the network operator. Internal ISDN ports are used to connect various ISDN peripherals (phones, PCs, etc.). When shipped, these ISDN connections are configured as external connections. The two ISDN S0 interfaces ISDN-0 and ISDN-1 for the devices R1200, R1200w, R1200wu, R3000, R3000w and R4300 can be switched from external (factory setting) to internal via a plug-in jumper field located on the device mainboard. In the case of R4100, this can also be done for the first two ISDN S0 ports: ISDN-0 and ISDN-1. For the remaining interfaces (ISDN-2 and ISDN- 3), this is done using the plug-in jumpers located on the side of the ISDN-L module. When using an ISDN S0 interface as an internal port, you can select whether the interface should be powered by your device if the terminal being connected does not have its own power supply. This can be done for each interface individually. The plug-in jumpers need to be repositioned accordingly. You can also activate or deactivate the 100-ohm termination resistors for each interface using a different set of plug-in jumpers. Termination resistors are also required: if you are connecting an external interface directly to an external NTBA. when using a point-to-point connection. if the bus starts immediately where your device is connected. R4100 provides you with an option for interconnecting the ISDN-2 and ISDN-3 interfaces. This can provide power to a terminal over an ISDN interface in internal mode if your device is switched off or does not have its own power supply. This also represents a method for switching an external S0 to internal System Software Release Notes 23

2 New features mode. In this case, an idle relay loops through the external S0 to the internal S0 and, in the process, provides back-up power to the internal S0 bus/phone. To switch from external to internal, proceed as follows: 1. Remove the center screw on the back panel of the device and lift the cover up and off. 2. The plug-in jumpers for the ISDN-0 and ISDN-1 interfaces are located on all devices on the mainboard behind the ISDN terminal block. 24 Release Notes System Software

New features 2 3. Plug in jumpers for interfaces ISDN-0 and ISDN-1 as shown in the illustration: Use Interface Jumper slot Pos. Pos. Switch internal/external ISDN-0 J0M intern al extern al Switch internal/external ISDN-1 J1M intern al extern al System Software Release Notes 25

2 New features Use Interface Jumper slot Pos. Pos. Power supply for internal interface ISDN-0 J0P Off On Power supply for internal interface ISDN-1 J1P Off On 100-ohm termination resistor ISDN-0 J0T Off On 100-ohm termination resistor ISDN-1 J1T Off On 26 Release Notes System Software

New features 2 4. With the R4100 unit you can also switch the mode of interfaces ISDN-2 and ISDN-3. In this case, the jumpers are located on the side of the ISDN-L module. System Software Release Notes 27

2 New features 5. On the R4100 unit, plug in the jumpers for interfaces ISDN-2 and ISDN-3 as shown in the illustration: * 'on' is only permitted if J2M ISDN-2 is set to internal mode and J3M ISDN-3 is set to external mode. 28 Release Notes System Software

New features 2 Use Interface Jumper slot Pos. Pos. Switch internal/external ISDN-2 J2M intern al extern al Switch internal/external ISDN-3 J3M intern al extern al Power supply for internal interface ISDN-2 J2P Off On Power supply for internal interface ISDN-3 J3P Off On 100-ohm termination resistor ISDN-2 J2T Off On 100-ohm termination resistor ISDN-3 J3T Off On Connection between ISDN-2 and ISDN-3 - J23 Off On System Software Release Notes 29

2 New features 2.3 VoIP System Software 7.5.1 now for the first time supports the use of multiple VoIP providers, the creation of a extension numbers plan, the use of various codes, a software-based telephone system for VoIP, as well as voice data transfer optimisation with a low upload connection bandwidth. R1200w Setup Tool [VOIP]: Configuration Funkwerk Enterprise Communications GmbH MyGateway Application Level Gateways > Providers Extensions PBX Configuration > Dynamic Bandwidth Control > EXIT 30 Release Notes System Software

New features 2 VoIP Provider The required VoIP providers are configured in the VOIP PROVIDERS ADD/EDIT menu: R1200w Setup Tool Funkwerk Enterprise Communications GmbH [VOIP][PROV][ADD]: Provider Configuration MyGateway Description Admin State Oper State enabled unknown Domain / Proxy User ID Password/PIN Port Number 5060 Assigned VoIP Protocol SIP Advanced Settings > SAVE CANCEL System Software Release Notes 31

2 New features The menu contains the following fields: Parameter Description Admin State Value Enter a name for the VoIP provider. Maximum number of characters: 40. Specify the status of the VoIP provider. Possible values: enabled (default): The provider is enabled. disabled: The provider is disabled. Oper State Shows the current operating state of the provider. Possible values: up: The connection to the provider is in place and ready for data transfer. down: The connection to the provider has yet to be established. testing: The connection to the provider is being tested. unknown: The status of the connection is unknown. dormant: The connection to the provider is dormant, but can be reactivated at any time. blocked: The connection to the provider is blocked. Domain / Proxy User ID Enter the IP address or the domain name of the VoIP provider here. Maximum number of characters: 40. Enter the user name if you were assigned one by your VoIP provider. Maximum number of characters: 40. 32 Release Notes System Software

New features 2 Parameter Password/PIN Port Number Assigned VoIP Protocol Value The VoIP provider may assign you a PIN and/or PASSWORD. You need to enter this information here. Maximum number of characters: 40. Number of the port to be used by the provider for the connection. Default value: 5060. Protocol used to manage the VoIP session. Possible values: SIP (default): SIP protocol is used. Table 2-1: Fields in the VOIP PROVIDERS ADD/EDIT menu Enter SIP protocol settings under VOIP PROVIDERS ADD/EDIT ADVANCED SETTINGS. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [VOIP][PROV][ADD][SIP]: Advanced Settings MyGateway Outbound Proxy Auth ID Realm Registration Mode on Expire Time 3600 Transport UDP Codec Settings > SAVE CANCEL System Software Release Notes 33

2 New features The submenu contains the following fields: Parameter Outbound Proxy Auth ID Realm Registration Mode Value Name or IP address of the SIP outbound proxy server. Maximum number of characters: 32. Only enter a name if this is required explicitly by the provider. A name can be entered here for use during authentication. If a name is not entered here, the name in the USER ID field will be used. Only enter a name if this is required explicitly by the provider. An additional SIP proxy server domain name can be entered here. If a domain name is not entered here, the name in the DOMAIN / PROXY field will be used. Only enter a name if this is required explicitly by the provider. Enable or disable the registration mode. Possible values: on (default): Registration mode is enabled. off: Registration mode is disabled. Expire Time Transport Time (in seconds) that must pass until a new registration query is sent. Possible values: 0.. 99999. Default value: 600. Protocol for use in data transfers. Possible values: UDP (default): User Datagram Protocol 34 Release Notes System Software

New features 2 Table 2-2: Fields in the VOIP PROVIDERS ADD/EDIT ADVANCED SETTINGS submenu Codec The possible codecs for the provider can be selected in the VOIP PROVIDERS ADD/EDIT ADVANCED SETTINGS CODEC SETTINGS menu: R1200w Setup Tool Funkwerk Enterprise Communications GmbH [VOIP][PROV][ADD][SIP][CODEC]: Profile Settings MyGateway Available Codecs: Sorting order default Packet Size in ms 40 Echo cancellation on Comfort noise on <x> G.711 ulaw <x> G.711 alaw <x> G.729 <x> G.726-24 <x> G.726-16 <x> G.726-32 <x> G.726-40 <x> DTMF outband SAVE CANCEL System Software Release Notes 35

2 New features The menu contains the following fields: Parameter Sorting order Value Order in which attempts are made to use a codec. Possible values: default: The codec that comes first in the list on the device will be used, if this is possible. quality (default): The codecs are sorted according to quality. The codec with the best quality will be used, if possible. lowest bandwidth: The codecs are sorted according to bandwidth. The codec with the lowest bandwidth will be used, if possible. highest bandwidth: The codecs are sorted according to bandwidth. The codec with the highest bandwidth will be used, if possible. Packet Size in ms Echo Cancellation Length of packets in milliseconds. Possible values: 10.. 210. Default value: 40. Echo suppression. Procedure for filtering out acoustic echo feedback during voice communication over fullduplex lines. Possible values: on (default): Acoustic echo feedback is filtered out. off: Acoustic echo feedback is not filtered out. 36 Release Notes System Software

New features 2 Parameter Comfort noise Value Comfort Noise Generation (CNG) In digital voice transmission, COMFORT NOISE GENERATION creates a minor background noise so that the parties to the call do not get the impression that the call has been cut off when there are pauses in the conversation. Possible values: on (default): CNG is used. off: CNG is not used. Available Codecs: Default for voice encoding. Possible values: G.711 ulaw, G.711 alaw, G.729, G.726-24, G.726-16, G.726-32, G.726-40, DTMF outband. All codecs are active by default. The displayed codecs can be individually deactivated. Table 2-3: Fields in the VOIP PROVIDERS ADD/EDIT ADVANCED SETTINGS CODEC SETTINGS menu System Software Release Notes 37

2 New features Extensions You can add new extensions under VOIP EXTENSIONS ADD/EDIT: R1200w Setup Tool Funkwerk Enterprise Communications GmbH [VOIP][EXT][ADD]: Extension Configuration MyGateway Number Extension Type SIP Advanced Settings > SAVE CANCEL The menu contains the following fields: Parameter Number Extension Type Value Telephone number. Maximum number of characters: 40. Type of extension. Possible values: SIP: An SIP device is used to place the call. Digital: An ISDN device is used to place the call. ( o ) bri 2-0 ( ) bri 2-1 Only when using EXTENSION TYPE = Digital. If more than one connection exists, the desired ISDN connection may be selected here. Table 2-4: Fields in the VOIP EXTENSIONS ADD/EDIT menu 38 Release Notes System Software

New features 2 Enter SIP protocol settings under VOIP EXTENSIONS ADD/EDIT ADVANCED SETTINGS. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [VOIP][EXT][ADD][SIP]: Advanced Settings MyGateway Auth ID Password Codec Settings > SAVE CANCEL The submenu contains the following fields: Parameter Auth ID Password Value A name can be entered here for use during authentication. This name must also be entered on the SIP telephone. Maximum number of characters: 20. If a name is not entered here, the name in the USER ID field will be used. Enter a password here. This password must also be entered on the SIP telephone. Maximum number of characters: 20. Table 2-5: Fields in the VOIP EXTENSIONS ADD/EDIT ADVANCED SETTINGS submenu System Software Release Notes 39

2 New features Codec If the menu VOIP EXTENSIONS ADD/EDIT the field EXTENSION TYPE = SIP is set, the menu VOIP EXTENSIONS ADD/EDIT ADVANCED SETTINGS CODEC SETTINGS can be used to select the possible codecs for the telephones. (The possible codecs can be found under Codec on page 35). Telephone system The VoIP telephone system is configured under VOIP PBX CONFIGURATION : R1200w Setup Tool Funkwerk Enterprise Communications GmbH [VOIP][EXT][ADD][SIP]: Configuration MyGateway PBX Settings: SIP termination off Dial latency (sec.) 5 Call Routing > Call Translation > Speed Dialing > SAVE CANCEL 40 Release Notes System Software

New features 2 The menu contains the following fields: Parameter SIP termination Value Specifies how SIP calls are forwarded. Possible values: on: SIP calls are forwarded over the gateway. off (default): SIP calls are transferred directly. Dial latency (sec.) Period (in seconds) that passes from the time the final digit of the phone number was pressed before the number is actually dialed. Default value: 5. If # is pressed after the number was entered, it is dialed immediately. Table 2-6: Fields in the VOIP PBX CONFIGURATION menu System Software Release Notes 41

2 New features You can create a list of calls to be routed in the VOIP PBX CONFIGURATION CALL ROUTING ADD/EDIT submenu: R1200w Setup Tool Funkwerk Enterprise Communications GmbH [VOIP][EXT][ADD][SIP][CALL][ADD]: Routing MyGateway Description Type external Destination Prefix Provider Not assigned SAVE CANCEL 42 Release Notes System Software

New features 2 The menu contains the following fields: Parameter Description Type Value Enter a description of the call here. Specifies how calls are routed. Possible values: external (default): For calls that will be routed outgoing as external calls. trunk: For calls that are routed to a telephone system. deny: For calls that are not routed (blocked). Destination Specifies the number to be dialed depending on what was entered under PREFIX. When only using digits, the following applies: PREFIX + DESTINATION = telephone number. A wildcard can be used in place of the final digit of the telephone number. This is entered under DESTINATION and PREFIX. If DESTINATION = 70*, PREFIX = 9673 and a caller enters 7053, the phone will dial 96737053. If DESTINATION = 0*, PREFIX = 0049* and a caller enters 0911616263, the phone will dial 0049911616263. System Software Release Notes 43

2 New features Parameter Prefix Provider Interface Table 2-7: Value Only when TYPE = external or TYPE = trunc. Specifies which numbers are dialed depending on what was entered under DESTINATION. A wildcard can be used in place of the final digit of the telephone number. This is entered under PREFIX and DESTINATION. If PREFIX = 9673, DESTINATION = 70* and a caller enters 7053, the phone will dial 96737053. If DESTINATION = 0*, PREFIX = 0049* and a caller enters 0911616263, the phone will dial 0049911616263. Only when using TYPE = external. Select the provider to use for external, outbound calls. You can select from the providers saved under VOIP PROVIDERS ADD/EDIT. Only when using TYPE = trunc. Specifies the port to use for routing the external, outbound calls from a telephone system. Fields in the VOIP PBX CONFIGURATION CALL ROUTING ADD/EDIT menu 44 Release Notes System Software

New features 2 You can create a list to translate phone numbers in the VOIP PBX CONFIGURATION CALL TRANSLATION ADD/EDIT submenu: R1200w Setup Tool Funkwerk Enterprise Communications GmbH [VOIP][EXT][ADD][SIP][CALL][ADD]: Translation MyGateway Description Local Number External Number Assigned to Not assigned SAVE CANCEL System Software Release Notes 45

2 New features The menu contains the following fields: Parameter Description Local Number External Number Assigned to Value Enter a description of the call translation here. Enter the number of the extension to which incoming calls are translated from EXTERNAL NUMBER or from which outbound calls are translated to EXTERNAL NUMBER. Enter the external number where outgoing calls to an extension are translated to LOCAL NUMBER or incoming calls are translated to LOCAL NUMBER. Specifies the port or provider used to translate the calls. Table 2-8: Fields in the VOIP PBX CONFIGURATION CALL TRANSLATION ADD/EDIT menu Quick dial keys can be assigned for frequently used numbers in the VOIP PBX CONFIGURATION SPEED DIALING ADD/EDIT submenu: R1200w Setup Tool Funkwerk Enterprise Communications GmbH [VOIP][EXT][ADD][SIP][CALL][ADD]: Speed Dialing MyGateway Description Shortcut number Replace to SAVE CANCEL 46 Release Notes System Software

New features 2 The menu contains the following fields: Parameter Description Shortcut Number Replace to Value Enter a description of the user here. The desired shortcut for the user is entered here, e.g., 123. The telephone number of the user is entered, which is to be dialed when the shortcut is used, e.g., 09119673. If, in the example above, the user types in *123, the device will dial the number 09119673. Should the user wish to dial the extension 111, the shortcut should be entered as follows: *123111. The device will dial 09119673111. Table 2-9: Fields in the VOIP PBX CONFIGURATION SPEED DIALING ADD/EDIT menu Dynamic Bandwidth Control Note When placing calls over the Internet, VoIP packets generally have top priority. If insufficient bandwidth is available in the upload direction, there may be pronounced delays in the voice transmission if other data packets are being routed at the same time. The Dynamic Bandwidth Control function in VoIP implementation solves this problem. To ensure that the 'line' for VoIP packets is not blocked for too long, the size of the other data packets is reduced for the duration of the call as required. You are also required to enter the current bandwidth for the upload direction when using an external modem and Dynamic Bandwidth Control. Note When using an external modem, you will need to go to QOS INTERFACES AND POLICIES EDIT QOS SCHEDULING AND SHAPING and set QUEUING AND SCHEDULING ALGORITHM = priority queuing (PQ) and SPECIFY TRAFFIC SHAPING = yes. System Software Release Notes 47

2 New features This is configured in the VOIP DYNAMIC BANDWIDTH CONTROL ADD/EDIT menu. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [VOIP][LFI][ADD]: Configure Jitter Reduction MyGateway Interface 1000 en1-0 Mode enabled for all RTP data Maximum Link Speed in Upload Direction (bit/s) 10000000 Please specify really available Upload Speed 0 SAVE CANCEL 48 Release Notes System Software

New features 2 The menu contains the following fields: Parameter Interface Mode Value The upload connection on which voice transmission is to be optimised is selected here. Determines the optimisation mode. Possible values: enabled for all RTP data (default): The system detects VoIP data communications according to RTP data and optimises the voice transmission. enabled for controlled RTP data only: The system recognises the VoIP data traffic on the basis of the data routed over the media gateway and optimises voice transmission. always: Voice data transmission optimisation always takes place. disabled: Voice data transmission is not optimised. Maximum Link Speed in Upload Direction (bit/s) Please specify really available Upload Speed Shows the maximum bandwidth in the upload direction. You need to enter the bandwidth when using an external DSL modem. Table 2-10: Fields in the VOIP DYNAMIC BANDWIDTH CONTROL ADD/EDIT menu 2.4 Music on Hold The Music on Hold function is available for VoIP from System Software 7.5.1. System Software Release Notes 49

2 New features To enable the system to play hold music, the corresponding file in the desired language must be loaded into your system. You can find it at www.funkwerkec.com. The file is available in the following languages: German English Spanish French Italian Dutch. To load the file, proceed as for a system software update. Instructions can be found in the User s Guide, in the chapter Gateway Management. 2.5 Input/Output chains (pipe) A pipe is used to interlink the input from a second command with the output from the first command. This is explained further in the example below. r1200:> echo test cat test r1200:> In this example, the echo command displays the character string test, which is used by the cat command as the default entry and displayed. Please make sure to always leave a space before and after the pipe character ' '. Note There is also an alternative command called pipe that can be used as follows: r1200:> pipe Usage: pipe <cmd1> <cmd2> Function: Execute two commands in a pipe (i.e., <cmd1> <cmd2>) 50 Release Notes System Software

New features 2 2.6 Enhanced Interface Monitoring System Software 7.5.1 offers new and improved options for monitoring interfaces and analysing and logging sent and received data. One way to do this is by entering 'trace' in the command line of your gateway or by using a similar program on a PC (bricktrace for UNIX or DimeTools for Windows). Using either remote programs on the PC or the trace command, you can log activity on Ethernet, ISDN, ATM and WLAN interfaces and record unencrypted data traffic in an IPSec tunnel if this was created as a virtual interface. bricktrace, DimeTools The following additions have been made to the remote programs on the PC: For security reasons, interface logging is only possible with authentication (admin password for the router). You can write data in 'libpcap' format for subsequent analysis using default programs such as tcpdump, Ethereal (now: wireshark) or ntop. New built-in, easy-to-use IP session filters (options -I and -B). Your trace connection (PC <-> gateway) is now filtered if the computer is performing interface logging on the interface to which it is connected. bricktrace bricktrace allows you to write data to a libpcap file and, where required, start Ethereal to view the data (live trace). You can also save the data for subsequent analysis. To view more information on the options available with bricktrace, enter the command -? (help) or --help (advanced help). Examples: bricktrace --ethereal router-ip 1000 starts the trace on LAN interface 1000 while at the same time automatically opening Ethereal via a pipe. export TRACE_EXEC="wireshark -Sk -i" starts the wireshark program instead of Ethereal when --ethereal is entered. bricktrace --pcap-file router 1000 saves all data packets to a libpcap file. This file is then available for subsequent analysis. System Software Release Notes 51

2 New features The program lists the available physical interfaces on the gateway without the interface number. -V 1..3 specifies the version of the trace interface log; for older devices: 1 or 2; 3 is the default value. --pwd=password Sets the gateway password (version 3). DimeTools DimeTools allows you to save data to a libpcap file and then open it using Ethereal. A live trace via a pipe is not possible in Windows. Note Please note that a live trace via a pipe is only possible in Ethereal versions 0.10.12 and above due to an error in the program. trace The following features have been added to the trace command: New built-in, easy-to-use IP session filters (options -I and -B). You can enter the interface number directly, e.g., trace 10001 for the first LAN interface or trace 100001 for the first IPSec interface. IP session filter The options -I and -B (negates -I! and -B!) make it possible to filter IP packets by ip-source, ip-destination, protocol, src-port and dst-port. When specifying multiple filters with no options, these are linked using the logical AND operation; the option -o links them with the OR operation. 52 Release Notes System Software

New features 2 syntax: -I: -B: filter, unidirectional session filter, bidirectional session usage: -I ip1:ip2:proto:port1:port2 -B ip1:ip2:proto:port1:port2 ip1: source IP address ip2: destination IP address proto: protocol (1=ICMP, 6=TCP, 17=UDP, 50=ESP, 51=AH, 2=IGMP, 8=EGP, 46=RSVP) port1: source port port 2: destination port examples: -I 1.1.1.10 : all packets from 1.1.1.10 -I!1.1.1.10 : no packets from 1.1.1.10 -B!1.1.1.10 : no packets from and to 1.1.1.10 -I :1.1.1.10 : all packets to 1.1.1.10 -I 1.1.1.10:1.1.1.20 : all packets from 1.1.1.10 to 1.1.1.20 -B 1.1.1.10:1.1.1.20 : all packets between 1.1.1.10 and 1.1.1.20 -I ::6 : all TCP packets -I ::6 -o -I..17 : all TCP and UDP packets -I!::50 : no ESP packets -I ::17::512 : all UDP packets to port 512 -I 1.2.3.4::17::512 : all UDP packets from 1.2.3.4 to any host/port 512 -B ::6:1026:23 : all TCP packets between ports 1026 and 23 More information on IP session filters is available for the trace command by entering -? and for the bricktrace program by entering --help. 2.7 Auto Complete with Tab Key (Tab Completion) System Software 7.5.1 supports tab completion. Entries in the SNMP shell of your device can now be automatically completed using the tab key, which means you can enter the first characters of a command and then press the tab key to complete the command. This option is available when making the following entries: external commands (ping, ifconfig etc.) local commands (echo, sleep, halt etc.) System Software Release Notes 53

2 New features SNMP commands (tables, values) MIB groups. There is also a complete command (e. g. where it is not possible to get the desired results by pressing the tab key due to the terminal settings), which can be used as follows: complete <required character string> Example: All commands that begin with l should be listed. r1200:> complete l l loop linkd l2tpd l2tp l2tpglobals l2tpsessiontable l2tptunnelprofiletable l2tptunneltable localtcpallowtable localudpallowtable r1200:> 2.8 New "grep" Command System Software 7.5.1 supports a basic grep command. This command allows you to search for terms in the SNMP shell on your device. Lines matching the search criteria are displayed and all others are ignored. This makes it possible to interlink the output of all commands on the shell. The following syntax is employed: r1200:> grep -h Usage: grep [hvdie:] <pattern> -e <pattern> specify multiple <pattern> -i ignore case -v invert match -d debug -h display help and exit Example: You can locate the process ID for the DynDNS daemon by entering: r1200:> ps -ef grep ddnsd Example: 54 Release Notes System Software

New features 2 You can search for the process ID for ddnsd and bootpd using: r1200:> ps -ef grep -e ddnsd -e bootpd Example: To factor out NAT debug messages, enter: r1200:> debug all grep -v NAT The grep command supports basic regular expressions. The characters *? [ ] can be used for this. Example: r1200:> echo test grep *t[ae]s? * returns a match containing a character string of any length.? returns a match containing any single character. [ ] corresponds to the OR operator, e.g., one of the specified characters must match. 2.9 Wireless LAN Roaming System Software 7.5.1 now includes a feature for WLAN roaming. This allows free movement of clients within a multi-cell WLAN. Also, when roaming between radio cells, the client can log off from one access point and log onto another without the user noticing. 2.10 Funkwerk Discovery Server System Software 7.5.1 now features the Funkwerk Discovery Server. System Software Release Notes 55

2 New features The funkwerk Discovery protocol is used to detect and configure funkwerk access points located within the same cable-based network as your device. Once an access point is detected, certain basic parameters (node name, IP address, netmask and device address) can be configured on the access point (provided you have the admin password). With System Software 7.5.1, your device can also be detected and configured by other APs and gateways using the Discovery function. This is configured in the EXTERNAL SYSTEMS ARTEM ACCESS POINT DISCOVERY/CONFIGURATION submenu. The DISCOVERY SERVER parameter allows you to define whether your device will be detected and configured in the network by other Funkwerk devices. Options include: disabled (default): The Discovery server is disabled. enabled: The Discovery server is enabled. 2.11 IP Address Ranges (Pools) System Software 7.5.1 allows your gateway to support the central administration of dynamic IP address ranges (pools). 56 Release Notes System Software

New features 2 The address range is configured in the IP IP ADDRESS POOLS POOLS ADD/EDIT menu. Here you can add new pools or edit existing ones. The pools are available to all users regardless of how many addresses they contain. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][DYNAMIC][POOL][ADD]: Define Range of IP Addresses MyGateway Identifier 0 Description IP Address Number of Consecutive Addresses 1 Primary Domain Name Server Secondary Domain Name Server SAVE CANCEL System Software Release Notes 57

2 New features The menu contains the following fields: Parameter Identifier Description IP Address Number of Consecutive Addresses Primary Domain Name Server Value Unique integer for identifying the address range. Possible values: 0.. 999. Description of the address range. Maximum number of characters: 20. First IP address in the address range. Number of IP addresses in the address range; includes the first IP address (IP ADDRESS). Possible values: 1.. 254. Default value: 1. In earlier versions of the software, the addresses were assigned to specific clients using address ranges with a single IP address (NUMBER OF CONSECUTIVE ADDRESSES = 1). In version System Software 7.5.1 and above, you can assign individual IP address in the IP IP ADDRESS POOLS ASSIGNED IP ADDRESSES ADD/EDIT menu (see Page 112). Enter the IP address for a global Domain Name Server here. If this field is blank, the settings entered under IP STATIC SETTINGS are used if DHCP ASSIGNMENT = global is set in the IP DNS menu. If DHCP ASSIGNMENT = self, the gateway's IP address is transferred to the client. If DHCP ASSIGNMENT = none, no PRIMARY DOMAIN NAME SERVER or SECONDARY DOMAIN NAME SERVER is available. 58 Release Notes System Software

New features 2 Parameter Secondary Domain Name Server Value Enter the IP address for a secondary Domain Name Server here. If this field is blank, the settings entered under IP STATIC SETTINGS are used if DHCP ASSIGNMENT = global is set in the IP DNS menu. If DHCP ASSIGNMENT = self, the gateway's IP address is transferred to the client. If DHCP ASSIGNMENT = none, no PRIMARY DOMAIN NAME SERVER or SECONDARY DOMAIN NAME SERVER is available. Table 2-11: Fields in the IP IP ADDRESS POOLS POOLS ADD/EDIT menu At present, dynamic IP address ranges are only used for DHCP. Certain changes and adjustments have been made in implementing DHCP; these are described in Changes on page 105. 2.12 BOOTP Relay With System Software 7.5.1, your gateway is able to support the configuration of BOOTP relay servers not only for the system as a whole but also for selected interfaces. Global BOOTP relay server The global BOOTP relay server configuration has been moved from the IP STATIC SETTINGS menu to the IP BOOTP RELAY menu. System Software Release Notes 59

2 New features Specific BOOTP relay servers You can configure interface-specific BOOTP relay servers in the IP BOOTP RELAY ADD/EDIT menu. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][BOOTP][ADD]: BOOTP Relay Interface Settings MyGateway Interface Admin State enabled Primary BOOTP Server Secondary BOOTP Server 1 en1-0 SAVE CANCEL 60 Release Notes System Software

New features 2 The menu contains the following fields: Parameter Interface Admin State Value Shows your device's interfaces. Select an interface. If a BOOTP query is received via the selected interface, it is forwarded to the set BOOTP relay server. Disables or enables associations between the interface and BOOTP relay server(s). Possible values: enabled (default): Associations between the interface and BOOTP relay server(s) are enabled. disabled: Associations between the interface and BOOTP relay server(s) are disabled. Primary BOOTP Server Secondary BOOTP Server Enter the IP address of a server to which the BOOTP or DHCP queries will be forwarded. Enter the IP address for a secondary BOOTP or DHCP server here. Table 2-12: Fields in the IP BOOTP RELAY ADD/EDIT menu. 2.13 PPPoE Passthrough Along with the existing Internet connection, System Software 7.5.1 allows you to add multiple PPPoE connections from the LAN directly to the Internet via a DSL connection with the help of the PPPoE Passthrough option. Presently, PPPoE Passthrough can only be configured between two devices equipped with an Ethernet interface. At the moment, it is not possible, for instance, to use any filters or SIFs in conjunction with the PPPoE Passthrough function. System Software Release Notes 61

2 New features This option is configured in the PPP and PPPP PPPOE PASSTHROUGH menu. Select the interface for PPPoE connections under PPPOE ETHERNET INTERFACE in the PPP menu. (The menu contains example values.) R3400 Setup Tool Funkwerk Enterprise Communications GmbH [PPP]: PPP Profile Configuration MyGateway Authentication Protocol Radius Server Authentication PPP Link Quality Monitoring PPPoE Ethernet Interface CHAP + PAP + MS-CHAP inband no en1-1 PPPoE Passthrough > SAVE CANCEL Configure the required pairs of Ethernet ports in the PPP PPPOE PASSTHROUGH menu. You can select one Ethernet port for the PPPoE client and 62 Release Notes System Software

New features 2 one for the PPPoE server (or the DSL port represented by ethoa50-0 for devices with this type of port). (The menu contains example values.) R3400 Setup Tool Funkwerk Enterprise Communications GmbH [PPP]: PPPoE Passthrough Configuration MyGateway Physical or virtual Ethernet Port attached to PPPoE Client(s) <x> en1-0 < > en1-4 < > en1-1 < > en1-2 Physical or virtual Ethernet Port attached to PPPoE Server < > en1-0 < > en1-4 <x> en1-1 < > en1-2 SAVE CANCEL 2.14 PPPoE Multilink System Software 7.5.1 allows you to combine multiple DSL connections from one provider via PPP into a static bundle and thus obtain greater bandwidth. Each of these DSL connections should use a separate Ethernet connection. Many providers are in the process of introducing a PPPoE multilink function but do not offer it as yet. To configure PPPoE Multilink, you first need to add a suitable WAN partner. In the WAN PARTNER ADD ADVANCED SETTINGS menu select LAYER 1 PROTOCOL = PPP over Ethernet (PPPoE) for the WAN partner. PPPoE Multilink System Software Release Notes 63

2 New features is actually configured under WAN PARTNER ADD ADVANCED SETTINGS EXTENDED INTERFACE SETTINGS. (The menu contains example values.) R3400 Setup Tool Funkwerk Enterprise Communications GmbH [WAN][ADD][ADVANCED][EXTIF]: Extended Interface Settings (WAN Partner Name) MyGateway PPPoE Multilink yes Ethernet Ports to use < > en1-0 < > en1-4 <x> en1-1 <x> en1-2 SAVE CANCEL 64 Release Notes System Software

New features 2 The menu contains the following fields: Parameter PPPoE Multilink Value Select whether to use PPPoE Multilink. Possible values: no (default): PPPoE Multilink is not used. yes: PPPoE Multilink is used. Ethernet Ports to use Shows your device's Ethernet interfaces. You can choose from a range of interfaces depending on what device you are using and whether and how the Ethernet switch is run in split ports mode. Select the interfaces you wish to use for PPPoE Multilink. Table 2-13: Fields in the WAN PARTNER ADD ADVANCED SETTINGS EXTENDED INTERFACE SETTINGS menu Note When using PPPoE Multilink, we recommend that you operate the Ethernet switch on your device in split ports mode and that you use a separate Ethernet interface for each PPPoE connection, e.g., en1-1, en1-2. Note When using an external modem for PPPoE Multilink, the Ethernet switch on your device must be operated in split ports mode. Note When using an external modem, you will need to go to QOS INTERFACES AND POLICIES EDIT QOS SCHEDULING AND SHAPING and set QUEUING AND SCHEDULING ALGORITHM = priority queuing (PQ) and SPECIFY TRAFFIC SHAPING = yes. Note You are also required to enter the current bandwidth for the upload direction when using an external modem. System Software Release Notes 65

2 New features 2.15 VLAN and Bridging VLANs allow you to isolate individual network segments, e.g., individual departments within a company. With the new VLAN menu, System Software 7.5.1 now supports the configuration of VLANs on interfaces for which the bridging mode has been set. (For information on how to configure VLANs for interfaces in routing mode, see page 122.) You can view all configured VLANs, edit their settings and add new ones. Administration A list of existing bridge groups is shown in the VLAN ADMINISTRATION menu. (This list contains example values. If no bridge groups were previously created, the list is empty. For information on how to create bridge groups, see page 123.) R1200w Setup Tool [VLAN][ADMINISTRATION] Funkwerk Enterprise Communications GmbH MyGateway Bridge Group Name Status Non Mgmt Frames Mgmt VID br0 enable forward 1 br1 disable drop 2 br2 disable forward 1 EXIT 66 Release Notes System Software

New features 2 The basic settings for a VLAN are implemented in the VLAN ADMINISTRATION EDIT menu. The options should be configured separately for each bridge group. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [VLAN][ADMINISTRATION][EDIT]: br0 MyGateway Bridge Group Name Admin Status Management VID Non Mgmt Frames br0 disable Management forward SAVE CANCEL The menu contains the following fields: Parameter Bridge Group Name Admin Status Value Shows the selected bridge group. Enables or disables the VLAN for the selected bridge group. Possible values: disable (default): The VLAN is disabled. enable: The VLAN is enabled. Management VID Management VLAN ID. Enter the VLAN ID for the VLAN you wish to use for your device. System Software Release Notes 67

2 New features Parameter Non Mgmt Frames Value Defines whether frames that do not contain Management VLAN ID information are forwarded or dropped. Possible values: forward (default): The frames are forwarded. drop: The frames are dropped. Table 2-14: Fields in the VLAN ADMINISTRATION EDIT menu VLAN In the VLAN VLAN menu you can view which VLANs have been created and which VLAN NAME is assigned to which VLAN ID. R1200w Setup Tool [VLAN][VLANS] Funkwerk Enterprise Communications GmbH MyGateway VLAN Name VLAN ID Management 1 Support 2 ADD MEMBERS DELETE EXIT 68 Release Notes System Software

New features 2 You can create new assignments in the VLAN VLAN ADD menu. A VLAN with the name Management and the ID 1 is configured by default: R1200w Setup Tool [VLAN][VLANS][ADD]: VLAN ID Funkwerk Enterprise Communications GmbH MyGateway VLAN Name Management VLAN ID 1 SAVE CANCEL The VLAN VLAN ADD submenu contains the following fields: Parameter VLAN Name VLAN ID Value Enter the name for the VLAN here. Maximum number of characters: 32. VLAN Identifier Enter a unique integer that will be used to identify the VLAN. Possible values: 1.. 4094. Default value: 1. Table 2-15: Fields in the VLAN VLAN ADD/EDIT menu You can view which VLANS are assigned to which interfaces and which frames are transferred over the corresponding interface in the VLAN VLAN System Software Release Notes 69

2 New features Members menu. The Members button is shown if INTERFACE MODE = Bridging is set in the ETHERNET SWITCH FAST ETHERNET/EN1-X EDIT menu. R1200w Setup Tool [VLAN][VLANS][MEMBER] Funkwerk Enterprise Communications GmbH MyGateway VLAN ID Port Name Egress Rule 1 en1-0 untagged 1 en1-2 untagged 1 en1-3 untagged 2 en1-2 untagged 2 en1-3 tagged ADD DELETE EXIT 70 Release Notes System Software

New features 2 The VLAN VLAN Members ADD menu contains the following fields: Parameter VLAN ID Port Name Egress Rule Value VLAN Identifier Shows the name of the VLANS added in the VLAN VLAN ADD menu. You can select a VLAN. This is a list of all interfaces where the bridging option is configured (see ETHERNET SWITCH FAST ETHERNET/EN1-X ADD/EDIT menu, page 123). Select the interface that you wish to assign to the VLAN, i.e., that is to be a member of the selected VLAN. Specifies whether the frames with VLAN information or those without VLAN information are transferred at the selected interface. Possible values: untagged (default): The frames without VLAN information are transferred. tagged: The frames with VLAN information are transferred. Table 2-16: Fields in the VLAN VLAN MEMBERS ADD menu System Software Release Notes 71

2 New features PVID In the VLAN PVID menu you can view and set the rules for receiving frames at the VLAN ports. R1200w Setup Tool [VLAN][PVIDS] Funkwerk Enterprise Communications GmbH MyGateway Port Name PVID Untagged Frames Non Member Frames en1-0 1 forward forward en1-2 2 drop drop en1-3 1 forward forward MEMBERS EXIT 72 Release Notes System Software

New features 2 The VLAN PVID EDIT menu contains the following fields: Parameter Port Name PVID Untagged Frames Value Shows the port whose rules you are editing. Port VLAN Identifier Assign a PVID to the selected port. Specifies what happens to frames that contain no VLAN information. Possible values: forward (default): The frames without VLAN information are forwarded. drop: The frames without VLAN information are dropped. Non Member Frames Specifies whether frames whose VLAN information does not match the selected port are forwarded or dropped. Possible values: forward (default): The frames are forwarded. drop: The frames are dropped. Table 2-17: Fields in the VLAN PVID EDIT menu You can view which VLANS are assigned to which interfaces and which frames are transferred over the corresponding interface in the VLAN PVID Members menu. This information is the same as that found in the VLAN VLAN Members menu. 2.16 Multicast With the new IP MULTICAST menu, System Software 7.5.1 supports the transfer of messages to a group of recipients in TCP/IP networks. System Software Release Notes 73

2 New features FORWARDING simply transfers data directly to the recipient(s), whereas IGMP and PIM only send data to certain hosts thereby reducing unnecessary data communication. With multicast, data is transferred to a 'virtual address,' i.e., to the so-called multicast group. For IPv4 in the class D network, IP addresses 224.0.0.0 to 239.255.255.255 are reserved for multicast groups. Interested clients can enrol at as many multicast groups as they want. Hosts, in this context also called sources, that emit Internet radio broadcasts for example, send their packets to the respective multicast group. By means of the enrolments to the multicast groups, the packets will be forwarded to the receivers. IGMP (Internet Group Management Protocol) manages the multicast groups in local area networks and controls the exchange of member data for these groups via so-called queries and reports. The latest version of IGMP is v3; it is downwards compatible with versions 1 and 2. By contrast, PIM (Protocol Independent Multicast) is a multicast routing protocol. In PIM, information distribution is controlled from a central point, the so-called 'rendezvous point'. The data packets are initially forwarded to this point and made available to the recipient at the request of other routers. There are two modes for multicast routing protocols: sparse and dense. In dense mode, all packets are forwarded and only packets to groups that were explicitly unsubscribed are dropped. In sparse mode, groups are only sent packets that they have subscribed to. In System Software 7.5.1, MSDP (Multicast Source Discovery Protocol) is used to interlink PIM domains and thus perform inter-domain routing. 74 Release Notes System Software

New features 2 In the IP MULTICAST menu, you can enable or disable the multicast function. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][MCAST]: Multicast Configuration MyGateway Status enabled Forwarding > IGMP > PIM > MSDP > SAVE CANCEL The IP MULTICAST menu provides access to the following submenus: FORWARDING IGMP PIM MSDP. System Software Release Notes 75

2 New features Forwarding In the IP MULTICAST FORWARDING ADD/EDIT menu, you can forward multicast packets to a multicast group. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][MCAST][FORWARDING]: Add/Edit Rule MyGateway Group Address Status active Source Interface Destination Interface none none SAVE CANCEL 76 Release Notes System Software

New features 2 The IP MULTICAST FORWARDING ADD/EDIT menu contains the following fields: Parameter Group Address Status Value IP address of the group for which this entry is valid. The address must be within the range 224.0.0.0-239.255.255.255. Enter 224.0.0.0 to specify all multicast packets. Enables or disables the entry. Possible values: active (default): The entry is enabled and the data packets are forwarded. inactive: The entry is disabled and ignored. Source Interface Destination Interface Interface to be used to receive the data packets. The SOURCE INTERFACE and DESTINATION INTERFACE cannot be the same. Interface to which the data packets are forwarded. The SOURCE INTERFACE and DESTINATION INTERFACE cannot be the same. Table 2-18: Fields in the IP MULTICAST FORWARDING ADD/EDIT menu Note IGMP Please make sure, that the settings under FORWARDING do not overlap with interfaces configured also for IGMP and PIM. Packets for groups configured under FORWARDING will be forwarded, even if they are explicitly unsubscribed at the interfaces by means of IGMP or PIM. Specify whether IGMP should be used in the IP MULTICAST IGMP menu. You can indicate whether IGMP should only be run with version 3 hosts or whether to use the compatibility mode. The compatibility mode dynamically adjusts IGMP to the hosts of the relevant interface. Therefore, hosts can use System Software Release Notes 77

2 New features either version 3, 2 or 1. You can also define and edit the interfaces where IGMP will be used. The menu contains example values. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][MCAST][IGMP]: IGMP Configuration MyGateway Mode compat Advanced > Interface en1-0 Status active SAVE ADD DELETE EXIT 78 Release Notes System Software

New features 2 The IP MULTICAST IGMP menu contains the following fields: Parameter Mode Value Specifies whether and, where applicable, what mode is used for IGMP. Possible values: disabled (default): IGMP is not used. compat: IGMP is used in compatibility mode, i.e., version 1, 2 or 3 hosts are considered. If several versions are available in a network, the one with the lowest version number (the oldest version) is selected as the common default version. v3only: Only IGMP version 3 is used, i.e., only v3 hosts are considered. Table 2-19: Fields in the IP MULTICAST IGMP menu System Software Release Notes 79

2 New features In the IP MULTICAST IGMP ADD/EDIT menu, you can set the interfaces that will use IGMP. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][MCAST][IGMP][INTERFACE]: Configure IGMP Interface MyGateway Interface Status en1-0 active Query Interval (s) 125 Max Response Time (ms) 10000 Robustness 2 Last Member Query Interval (ms) 1000 StateLimit (msg/s) 0 ProxyIfIndex none SAVE CANCEL 80 Release Notes System Software

New features 2 The IP MULTICAST IGMP ADD/EDIT menu contains the following fields: Parameter Interface Status Value Select the interface used to send IGMP queries and to wait for responses. Simply chose the interface associated with the multicast recipients. Enables or disables IGMP for the selected interface. Possible values: active (default): The option is enabled; IGMP is used at the selected interface. inactive: The option is disabled; IGMP is not used at the selected interface. Query Interval Max Response Time (ms) Enter the interval (in seconds) for sending IGMP queries. Possible values: 0.. 600. Default value: 125. Enter the response time (in milliseconds) for the transmission of queries within which the hosts are required to respond. The hosts select a random delay within this period after which the response is sent. This distributes the dispatch of answers in networks containing many hosts, thereby reducing the load. Possible values: 0.. 25500. Default value: 10000. System Software Release Notes 81

2 New features Parameter Robustness Last Member Query Interval (ms) StateLimit ProxyIfIndex Value Select the multiplier for controlling internal timer values. Set a high value to compensate for packet loss in networks with high loss rates. If the value is set too high, the time between leaving and the end of incoming data communications may increase (leave latency). Possible values: Integers 2.. 8. Default value: 2. The amount of time (in milliseconds) that the IGMP router waits to receive a response to a query sent to a group. If you enter a lower number, it will take less time to detect that the last member has left the group and therefore packets must no longer be fowarded to this interface for this group. Specifies the maximum number of queries and/or reports for the selected interface per second. Select whether or not your device forwards IGMP reports from the hosts of the current interface via another proxy interface. To forward IGMP reports from the hosts, select the interface on your device that will act as the IGMP proxy. Normally, IGMP must also be active at this interface. Table 2-20: Fields in the IP MULTICAST IGMP ADD/EDIT menu The IP MULTICAST IGMP menu provides access to the ADVANCED submenu. 82 Release Notes System Software

New features 2 The IP MULTICAST IGMP ADVANCED menu contains the following fields: Parameter Max Groups Max Sources StateLimit Value Specifies the maximum number of total potential groups both internally and in reports. Default value: 64. Specifies the maximum number of total potential data sources for a group specified in version 3 reports and also the maximum number of internally administrated data sources per group. Default value: 64. Defines the maximum number of total possible incoming queries or reports per second. Default value: 0. Table 2-21: Fields in the IP MULTICAST IGMP ADVANCED menu The IP MULTICAST IGMP ADVANCED menu contains the following submenus: STATIC GROUPS MONITOR ACL. The IP MULTICAST IGMP ADVANCED STATIC GROUPS menu can be used to configure static groups. Multicast data for static groups are always forwarded to the appropriate interface, even if a specific group is not explicitly subscribed. The menu contains the following fields: Parameter Group Address Interface Value IP address of the static group. Enter an IP multicast address here. Interface used to forward data to the group. IGMP must be enabled on this interface. System Software Release Notes 83

2 New features Parameter Status Value Defines whether the static group is active. Possible values: active (default): The static group is active. inactive: The static group is inactive. Table 2-22: Fields in the IP MULTICAST IGMP ADVANCED STATIC GROUPS menu In the IP MULTICAST IGMP ADVANCED MONITOR menu, you can monitor certain IGMP parameters relating to an interface. The menu contains the following fields: Parameter Interface Compat Version Querier V1 ExpiryTime(s) ExpiryTime(s) V2 ExpiryTime(s) Joins Value Shows the interface where IGMP is active. Shows the IGMP version currently in use. Shows the router that acts as the querier and sends queries. If your network includes a V1 host, IGMP is run in V1 compatibility mode. If no V1 host reports within the V1 EXPIRYTIME(S), the mode is switched to V2 or V3. Shows the period of validity of the querier if your gateway is currently not the querier. 0 indicates, that your gateway is the querier. If your network includes a V2 host, IGMP is run in V2 compatibility mode. If no V2 host reports within the V2 EXPIRYTIME(S), the mode switches to V3. Shows the number of registrations received for groups (joins) on the respective interface. 84 Release Notes System Software

New features 2 Parameter Wrong Queries Group Value Shows the number of wrong queries that were received on the respective interface. Shows the number and IP addresses of the groups. Table 2-23: Fields in the IP MULTICAST IGMP ADVANCED MONITOR menu In the IP MULTICAST IGMP ADVANCED MONITOR GROUP menu, you can monitor certain IGMP parameters relating to a specific group. The menu contains the following fields: Parameter Group LastReporter Mode Value Shows the IGMP group. Shows the last host that sent a report on the group. Shows the IGMP filter mode. Possible values: EXCLUDE: Data from the specified sources are excluded from the transfer. INCLUDE: Data from the specified sources are included in the transfer. V1HostExpiryTime(s) ExpiryTime(s) V2HostExpiryTime(s) included / excluded Source Shows how long the host has been a member of the group if it registered with the group and uses IGMP version 1. Shows the length of group membership. Shows how long the host has been a member of the group if it registered with the group and uses IGMP version 2. Shows the IP addresses of the sources included in or excluded from data transmission based on the settings under MODE. System Software Release Notes 85

2 New features Table 2-24: Fields in the IP MULTICAST IGMP ADVANCED MONITOR GROUP menu In the IP MULTICAST IGMP ADVANCED ACL menu rules can be used to accept or deny reports and packets of specific hosts for specific groups. The sequence of the rules can be changed or rules deleted. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][MCAST][IGMP]: ACL Configuration MyGateway Press 'u' to move ACL up or press 'd' to move ACL down. Pos Interface Sender Group Type Action 0 en1-0 192.168.0.1/24 224.0.0.0/4 traffic deny 1 any 0.0.0.0/0 224.1.2.3/32 traffic deny ADD DELETE SAVE CANCEL 86 Release Notes System Software

New features 2 Rules can be configured in the IP MULTICAST IGMP ADVANCED ACL ADD menu. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][MCAST][IGMP]: Add/Edit ACL Rule MyGateway Interface en1-0 Sender Address 192.168.0.1 Sender Netmask 255.255.255.0 Group Address 224.0.0.0 Group Netmask 240.0.0.0 Type Action traffic deny SAVE CANCEL The menu contains the following fields: Parameter Interface Sender Address Sender Netmask Group Address Group Netmask Value Interface for which a rule is to be created. Sender IP address. With the type report this means the host sending IGMP messages, with traffic this corresponds to the host sending multicast data packets. Sender's netmask. Multicast group's IP address. Multicast group's netmask. System Software Release Notes 87

2 New features Parameter Type Value Differentiates between different types of data. Possible values: traffic: Multicast data report: IGMP messages. Action Specifies what should happen to the data. Possible values: deny: Data will be rejected. accept: Data will be accepted. Fields in the IP MULTICAST IGMP ADVANCED ACL EDIT menu PIM In the IP MULTICAST PIM menu, you can enable or disable the PIM function. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][MCAST][PIM]: PIM Configuration MyGateway Status enabled Interfaces > Rendezvous Points > AnycastRP SAVE EXIT The IP MULTICAST PIM menu provides access to the following submenus: INTERFACES RENDEZVOUS POINTS 88 Release Notes System Software

New features 2 ANYCASTRP. You can set the interfaces that will use PIM in the IP MULTICAST PIM INTERFACES ADD/EDIT menu. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][MCAST][PIM][INTERFACE]: Configure PIM Interface MyGateway Interface Status Mode Stub Interface en1-0 active Sparse disabled Role Router Hello Interval (s) 30 Propagation Delay (s) 1 Triggered Hello Delay (s) 5 Override Interval (s) 3 Hello HoldTime (s) 180 DR Priority 1 JoinPrune Interval (s) 30 JoinPrune HoldTime (s) 180 SAVE CANCEL System Software Release Notes 89

2 New features The IP MULTICAST PIM INTERFACES ADD/EDIT menu contains the following fields: Parameter Interface Status Value Select the interface for PIM, i.e., that will be used to perform multicast routing. Enables or disables the entry. Possible values: active (default): PIM is active on this interface. inactive: PIM is inactive on this interface. Mode Mode to be used for PIM. Sparse Mode (default): PIM will run in sparse mode. Dense Mode: Not available. Stub Interface Specifies whether the interface should be used for PIM data packets. With this parameter an interface can, e.g., be used for IGMP, but protected against (fake) PIM messages. Possible values: disabled: The interface is blocked to PIM data packets. enabled: The interface is open to PIM data packets. Role Specifies the role of the gateway. Possible values: Routers: The gateway serves as a router. RP: The gateway serves as a rendezvous point. 90 Release Notes System Software

New features 2 Parameter Hello Interval (s) Triggered Hello Delay (s) Hello HoldTime (s) JoinPrune Interval (s) JoinPrune HoldTime (s) Value Specifies the frequency of the PIM Hello messages transmitted over this interface. The value 0 means that no PIM Hello messages are sent over this interface. Possible values: 0.. 18000. Specifies the maximum interval before the router sends a PIM Hello message after a reboot or a reboot of a neighbour router. The value 0 means that PIM Hello messages are always sent immediately. Possible values: 0.. 60. Specifies the value of the Holdtime field in a PIM Hello message. This results in an interval of time the router is regarded as available. When the HELLO HOLDTIME (S) has passed and no further Hello Message was received, this PIM router is regarded as not available. Possible values: 0.. 65535. Specifies the frequency with which PIM Join/Prune messages are sent over the interface. The value 0 means, that no periodic PIM Join/Prune messages are sent over this interface. Possible values: 0.. 18000. Specifies the value inserted in the Holdtime field of a PIM Join/Prune message. This equals the time interval a receiver must hold the Join/Prune state. Possible values: 0.. 65535. System Software Release Notes 91

2 New features Parameter Propagation Delay (s) Override Interval (s) DR Priority Value Specifies the value inserted into the Propagation Delay field. This field is a component of the LAN Prune Delay option in the PIM hello messages sent over this interface. Propagation delay and override interval are indicated as LAN Prune delay settings. They cause a delayed routing of prune messages by upstream routers. If PROPAGATION DELAY (S) is too small, broadcasting Multicast packets may be interrupted before a downstream router sent a Prune Override message. Possible values: 0.. 32. Specifies the value inserted by the gateway in the Override_Interval field of the LAN Prune Delay option. OVERRIDE INTERVAL (S) determines the interval of time a downstream router may wait until it sends a Prune Override message. Specifies the value for Designated Router Priority to be inserted into the DR Priority option. The higher the value, the higher the likeliness that the respective router will become the designated router. Table 2-25: Fields in the IP MULTICAST PIM INTERFACES ADD/EDIT menu 92 Release Notes System Software

New features 2 In the IP MULTICAST PIM RENDEZVOUS POINTS ADD/EDIT menu, you can decide which rendezvous point is to be responsible for special groups. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][MCAST][PIM][RP]: Configure RP MyGateway Group Range All Groups RP Address Precedence 0 SAVE CANCEL The menu contains the following fields: Parameter Group Range Group Address Group Prefix Length RP Address Precedence Value Here you can choose all groups or specify a multicast network segment. Only for GROUP RANGE = Specify. IP address of the multicast network segment. Only for GROUP RANGE = Specify. The length of the netmask of the multicast network segment. 224.0.0.0/4 means the whole multicast class D segment. Possible values: 4.. 32. Rendezvous point IP address Priority Integers may be entered. System Software Release Notes 93

2 New features Table 2-26: Fields in the IP MULTICAST PIM RENDEZVOUS POINTS ADD/EDIT menu Two or more PIM domains can be connected and thus share the load in the IP MULTICAST PIM ANYCASTRP menu. Two gateways can back each other up. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [IP][MCAST][PIM]: AnycastRP Configuration MyGateway AnycastRP Address 1.1.1.1 Local RP Address 192.168.0.1 Remote RP Address 192.168.1.2 Via MSDP SAVE CANCEL The menu contains the following fields: Parameter AnycastRP Address Local RP Address Remote RP Address Via Value Virtual RP Address. Locally assigned RP address. IP address of the RP peer. Specifies what connects the PIM domains. Possible values: MSDP PIM Register. 94 Release Notes System Software

New features 2 Table 2-27: Fields in the IP MULTICAST PIM ANYCASTRP menu Note Please note that an aditional virtual address configuration is necessary for AnycastRP. MSDP MSDP (Multicast Source Discovery Protocol) allows you to link multiple domains that use PIM. Each domain uses its own rendezvous point. Use the IP MULTICAST MSDP menu to enable or disable the MSDP function and to configure MSDP. The IP MULTICAST MSDP ADD/EDIT menu contains the following fields: Parameter Remote Address Local Address Status Value IP address of the peer. Local IP address. Enables or disables the entry. Possible values: active (default): The entry is enabled. inactive: The entry is disabled. Retry Interval (s) Holdtime (s) KeepAlive (s) Interval (in seconds) that passes until the next attempt is made to set up a call after a failed attempt. Default value: 30. Time (in seconds) that may pass until a peer is considered inactive and the line is disconnected. Default value: 75. Time (in seconds) within which a KeepAlive message must be sent. Default value: 60. Table 2-28: Fields in the IP MULTICAST MSDP ADD/EDIT menu System Software Release Notes 95

2 New features 2.17 Cobion Orange Filter Path depth setting System Software 7.5.1 allows you to enter the maximum path depth for the Cobion Orange Filter when scanning a URL. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [SECURITY][ORANGE FILTER]: Static Settings MyGateway Admin Status : disable Orange Filter Ticket: B1BT Ticket Status : Filtered Interface : none History Entries : 64 URL path depth : 1 Configure Black List > Configure White List > Configure Filters > View History > SAVE CANCEL Use the URL PATH DEPTH field to enter the maximum path level accessed when checking a URL. When you enter 0, only the URL domain name is checked (e.g., www.server.com). This means that all pages on this Web server belong to the same category. When 1 is entered, the first level of the URL path is scanned. For example, www.server.com/info and www.server.com/games are checked separately and can be assigned to two different categories. The higher the setting, the longer it will take to load Internet pages because each URL has to be checked for multiple categories. If you enter a value that is too low, no distinctions are made between any categories of directories below the set depth. The actual classification on the Cobion filter servers is not affected by this, but the processing speed increases since the check is not made down to the maximum depth (32). 96 Release Notes System Software

New features 2 2.18 UPnP UPnP is available for use with System Software 7.5.1. Universal Plug and Play (UPnP) enables you to use the latest messenger services (e.g., real-time video/audio conferences) for peer-to-peer communication, where one of the peers is behind a gateway with enabled NAT function. In most cases, UPnP allows Windows operating systems to control other UPnP devices in the local area network. These include gateways, access points and print servers. No special device driver is needed because known and shared protocols such as TCP/IP, HTTP and XML are used. Your gateway makes it possible to use the Internet Gateway Devices (IGD) subsystem, one of the functions available to you with UPnP. More information on UPnP is available at www.upnp.org. The gateway is configured in the IP UPNP menu: R1200w Setup Tool [IP][UPNP]: UPnP Configuration Funkwerk Enterprise Communications GmbH MyGateway UPnP status disabled TCP port number for UPnP 5678 SAVE CANCEL System Software Release Notes 97

2 New features The menu contains the following fields: Field UPnP status Meaning Select how the gateway responds to UPnP requests from the LAN. Options include: disabled (cleared) - The gateway discards UPnP requests, NAT enabling is not performed. restricted - The gateway arranges port enabling and mapping for the duration of the application only for the requesting client. A check is also made to determine whether the target IP address of the incoming packets matches the IP address of the LAN UPnP client. A LAN UPnP client is therefore unable to map ports on behalf of other hosts in the LAN. enabled - The gateway performs UpnP enabling using the parameters in the request from the requesting LAN UPnP client regardless of what IP address this client has. TCP port number for UPnP Enter the number of the port where the gateway will check for UPnP requests. Possible values are 1 to 65535; the default value is 5678. Table 2-29: IP UPNP 98 Release Notes System Software

New features 2 2.19 Stateful Inspection Firewall Easier to configure It is now easier to configure the bintec Stateful Inspection Firewall. Interfaces, services and addresses can now be combined into groups. Internal use of alias names has also been improved. Groups can be created and customised under SECURITY STATEFUL INSPECTION in the respective submenus. Interface Groups You can combine interfaces into groups in the SECURITY STATEFUL INSPECTION EDIT INTERFACE GROUPS ADD/EDIT menu. The menu consists of the following fields: Parameter Alias Interface Alias 1 Interface Alias 2 Interface Alias 10 Value Enter a name for the interface group that you wish to configure. Shows the alias names for your device's interfaces. You can choose an alias name and then combine up to ten interfaces into a group. Table 2-30: New fields in the SECURITY STATEFUL INSPECTION EDIT INTERFACE GROUPS ADD/EDIT menu System Software Release Notes 99

2 New features Service Groups You can combine services into groups in the SECURITY STATEFUL INSPECTION EDIT SERVICES GROUPS ADD/EDIT menu. The menu consists of the following fields: Parameter Alias Service Alias 1-10 Value Enter a name for the service group that you wish to configure. Shows the alias names for services that have been configured on your device. You can choose a service and then combine up to ten services into a group. Table 2-31: New fields in the SECURITY STATEFUL INSPECTION EDIT INTERFACE GROUPS ADD/EDIT menu Address groups You can combine address aliases into groups in the SECURITY STATEFUL INSPECTION EDIT ADDRESS GROUPS ADD/EDIT menu. The menu consists of the following fields: Parameter Alias Interface Alias 1-10 Value Enter a name for the address alias group that you wish to configure. Shows the alias names of interfaces that have been assigned an alias for an IP address or an IP address range on your device. You can chose an alias name and then combine up to ten aliases into a group. Table 2-32: New fields in the SECURITY STATEFUL INSPECTION EDIT ADDRESS GROUPS ADD/EDIT menu 100 Release Notes System Software

New features 2 2.20 QoS classification integrated into the Stateful Inspection Firewall In System Software 7.5.1, IP QoS classification has been added to the Stateful Inspection Firewall configuration. This allows you to use SIF-internal session handling even with packet classification as required for QoS policies. One major advantage is easier QoS configuration: There is no need to configure individual IP packet filters. Packet direction and target ports can be disregarded. Cross-references do not have to be configured separately for interdependent sessions, e.g., PPTP/GRE, H232/RTP, FTP etc. QoS classification is performed on each data stream that is not blocked by the SIF. The settings are configured under SECURITY STATEFUL INSPECTION EDIT FILTERS ADD/EDIT: R1200w Setup Tool Funkwerk Enterprise Communications GmbH [SECURITY][STATEFUL INSPECTION][ADD] MyGateway Source <-- Addresses select Addresses --> Destination <-- Addresses select Addresses --> Edit Addresses > Service <-- Services select Services --> Edit Services > Action accept QoS Priority default (no special IP QoS handling) SAVE CANCEL System Software Release Notes 101

2 New features The menu contains the following fields for QoS classification: Field QoS Priority Meaning Select the priority setting for handling data specified by the filter on the sending side. Possible values: default (no special IP QoS handling) (default): No priority. low latency (highest priority): Low Latency Transmission (LLT) or, in other words, handling data with the lowest possible latency, e.g., default mode for VoIP data (if no other settings have been made, e.g., in the VOIP menu). high medium low. QoS Class ID Defines the QoS packet class. Possible values: 1 (default) to 255. Table 2-33: SECURITY STATEFUL INSPECTION EDIT FILTERS ADD/EDIT Note Please note that you need to set the required rules for data classification for each interface as you normally would under QOS INTERFACES AND POLICIES. 2.21 New DynDNS provider selfhost and NO-IP DynDNS provider selfhost and NO-IP are available from System Software 7.5.1. 102 Release Notes System Software

New features 2 2.22 ISDN login supports ISDN subaddresses From System Software 7.5.1, isdnlogin supports both its own ISDN subaddress as well as called ISDN sub-addresses. 2.23 ADSL Bit Swapping From System Software 7.5.1 ADSL bit swapping can be turned on or off via the MIB ADSLLINEBITSWAPPING parameter. ADSL bit swapping is on in default mode. 2.24 Ping command extended From System Software 7.5.1 the SNMP shell ping command has been extended to include options -t and -Q. The new options allow you to explicitly define the TOS and TTL fields in ICMP packets. ping -Q <tos>: Sets the defined TOS value. (Possible values <tos>: 0-15.) ping -t <ttl>: Sets the defined TTL value. 2.25 RADIUS: Using several dialup connections and MLPPP simultaneously From System Software 7.5.1 multiple dialup connections with the same ID and the same password can be used together with channel bundling (MLPPP) in RADIUS. System Software Release Notes 103

2 New features 2.26 Information added to logging output The parameter DSLAM Vendor has been added to the logging output. It is useful for tracing ADSL problems. 104 Release Notes System Software

Changes 3 3 Changes The following changes have been made to our system software in order to improve performance and usability: Configuration software file format changed on page 105 Expanded DHCP Implementation on page 108 New DHCP and BootP tables on page 122 Expanded Ethernet implementation on page 122 DNS Local Name Servers on page 124 Modified Channel Options for Wireless LAN on page 125 Modified Wireless LAN VSS Configuration on page 127 Modified WDS Link Configuration on page 130 Wireless LAN Advanced Settings on page 131 Expanded PIN length for UMTS and GSM on page 131 MGCP Proxy Support ended on page 133 Support for selected ISDN Layer 1 protocols ended on page 133 MIB variable DNSNegotiation changed on page 133 ISDN interface behavior changed using active NAT on page 133 Application Level Gateway on page 134 Spanning Tree algorithm removes on page 134 3.1 Configuration software file format changed The file format of the configuration file has been expanded to allow for encryption and to ensure compatibility when restoring the configuration on the gateway in different versions of the system software. System Software Release Notes 105

3 Changes The new format is a CSV format, which can be read and modified easily. Furthermore, these files can be viewed in a clear format using Microsoft Excel, for example. Backup files of the configuration can be saved by the administrator in encrypted form. When sending configurations via email (for support purposes, for example) confidential configuration data can be completely secured where necessary. You can use the CONFIGURATION MANAGEMENT menu to transmit and receive files as usual via a TFTP host with the commands put and get. When using the put command to transmit a configuration file to a TFTP host, you can decide whether to save the configuration file in encrypted/unencrypted form or using the old format. Since importing a configuration file of the old format onto the device may not work in case of a different software version, the old format is no longer recommended. When using the get command, the system recognises the respective file format. If you are importing an encrypted format, you will be required to enter your password. 106 Release Notes System Software

Changes 3 In the CONFIGURATION MANAGEMENT menu the TFTP FILE NAME field has been expanded to include parameters that accommodate the new file format. Field TFTP File Name Meaning Only for OPERATION = put (FLASH -> TFTP). get (TFTP -> FLASH), state (MEMORY -> TFTP). Name of the configuration file on the TFTP server. The format of the file name can be used to specify the format of the configuration file. Possible formats: config.cf: Previous format V0, unencrypted. For config you can enter any name. pwd:config.cf: New format V1, encrypted. For pwd you can enter any password, for config any name. :config.cf: New format V1, unencrypted. For config you can enter any name. The cf_convert.exe program allows you to convert V1 configuration files into the V0 format and vice versa. This program can also be used to decrypt encrypted files if you know the password. You can find it at www.funkwerk-ec.com. System Software Release Notes 107

3 Changes The basic usage of the cf_convert.exe program is as follows: cf_convert usage: cf_convert [-options] infile [outfile] infile: input filename (or "stdin") outfile: output filename (or "stdout" or none) Options: -p <pwd>: decryption password -o <version>: 0 or 1: output format version -v: increment verbosity Examples: cf_convert -p passwd router.cf router.csv: decrypt file cat infile cf_convert -p passwd stdin..: usage within pipe 3.2 Expanded DHCP Implementation Because of the new implementation of the IP address ranges (pools), the DHCP implementation has been restructured and expanded. DHCP In the IP IP ADDRESS POOLS DHCP ADD/EDIT menu, you can assign an IP address range that has been previously created in the IP IP ADDRESS POOLS POOLS ADD/EDIT menu (see IP Address Ranges (Pools) on page 56) to the desired interface, and make further settings to the DHCP configuration. The IP IP ADDRESS POOLS DHCP menu replaces the IP IP ADDRESS POOL LAN (DHCP) menu. 108 Release Notes System Software

Changes 3 The IP IP ADDRESS POOLS DHCP ADD/EDIT menu contains the following fields: Parameter Interface Pool Assignment Mode Value Interface to which an address range is to be allocated. When a DHCP request is received via INTERFACE, one of the addresses from the address range is assigned. You can choose an interface here. Shows the description of the IP address ranges defined in the IP IP ADDRESS POOLS POOLS menu. The respective description is defined there in the DESCRIPTION field. You can choose an address range here. Defines which clients from the address range are served. Possible values: local (default): Clients in the local network are assigned addresses from the address range. relay: Clients making requests over a relay server are assigned addresses from the address range. local/relay: Clients from the local network and clients making requests over a relay server are assigned addresses from the address range. Lease Time (minutes) Defines the maximum amount of time an address from the address range is assigned to a host. Possible values: 1.. 300. Default value: 120. System Software Release Notes 109

3 Changes Parameter Gateway First TFTP Server Second TFTP Server Radius Accounting Value Defines which IP address is communicated to the DHCP client as the gateway. If no IP address is entered here, the address defined in the INTERFACE field is transmitted. Standard TFTP server based on which IP telephones receive their configuration. If the field FIRST TFTP SERVER = 0.0.0.0, the value for the SECOND TFTP SERVER field is used. If the fields FIRST TFTP SERVER = 0.0.0.0 and SECOND TFTP SERVER = 0.0.0.0, no TFTP server is available. Alternative TFTP server based on which IP telephones receive their configuration. If the field SECOND TFTP SERVER = 0.0.0.0, the value for the FIRST TFTP SERVER field is used. If the fields FIRST TFTP SERVER = 0.0.0.0 and SECOND TFTP SERVER = 0.0.0.0, no TFTP server is available. Logs the IP address assignment and use of the IP addresses with the help of a RADIUS server. Possible values: disabled (default): IP address assignment and use is not logged. enabled: IP address assignment and use is logged. Radius Group ID Specifies the group from which the RADIUS server is to originate. Possible values: 1.. 999999. 110 Release Notes System Software

Changes 3 Parameter Alive Check Value Checks whether the clients which were assigned an IP address from the IP address range can still be reached. Possible values: enabled: Checks whether the clients can be reached. disabled: Doesn't check whether the clients can be reached. Default value: disabled. Alive Test Period (seconds, 0=disabled) Admin State Defines the time period (in seconds) after which the clients that were assigned an IP address from the address range are checked as to whether they still can be reached. Possible values: 0.. 65535. Default value: 0. If the value 0 is set, the alive test is not performed. Enable or disable the association of the IP address range to the chosen interface. Possible values: enabled (default): The association between IP address range and interface is active. disabled: The association between IP address range and interface is inactive. Table 3-1: New fields in the IP IP ADDRESS POOLS DHCP ADD/EDIT menu IP Address Pool WAN (PPP) The IP IP ADDRESS POOL WAN (PPP) menu has been moved to IP IP ADDRESS POOLS IP ADDRESS POOL WAN (PPP). System Software Release Notes 111

3 Changes Assigned IP Addresses The IP IP ADDRESS POOLS ASSIGNED IP ADDRESSES menu shows you a list of reserved IP addresses and additional information. Parameter IP Address User Type Value Shows the reserved IP address. For ENTRY TYPE = dynamic. Shows the subsystem which has created the entry. For ENTRY TYPE = manual. Shows the subsystem that may allocate the IP address. Possible values: DHCP (default): DHCP subsystem. other: Other subsystem. none: The entry cannot be reserved. Type Entry Type Shows how the IP address has been allocated. Possible values: dynamic: The IP address was dynamically allocated. The entry was automatically created by the system. manual (default): The IP address was manually allocated by the administrator. Manual entries are saved in the configuration file. 112 Release Notes System Software

Changes 3 Parameter PhysAddr Host Name Value Physical Address For ENTRY TYPE = dynamic. Shows the client's MAC address. For ENTRY TYPE = manual and USER TYPE = DHCP. Shows the physical address that must match the address in the DHCP request. It is shown when configured and requested. For ENTRY TYPE = dynamic. Shows a host name if one is included in the address request. For ENTRY TYPE = manual and USER TYPE = DHCP. Shows the host name of the client if a host name has been configured. System Software Release Notes 113

3 Changes Parameter State Value Status This information is intended for support purposes. Possible values: in: init: initial value. ch: checking: Checks the use of an IP address (this is one of several temporary states). aw: awrequest: Checks the use of an IP address (this is one of several temporary states). rc: requestcheck: Checks the use of an IP address (this is one of several temporary states). cx: checkexpired: Checks the use of an IP address (this is one of several temporary states). fo: foreign: The IP address is being used by another system. ow: own: The IP address is being used by the router. re: reserved: The IP address is reserved for a certain client. al: allocated: The IP address is currently allocated to a client. Table 3-2: New fields in the IP IP ADDRESS POOLS ASSIGNED IP ADDRESSES menu The IP IP ADDRESS POOLS ASSIGNED IP ADDRESSES ADD/EDIT menu is used for allocating IP addresses or changing existing entries. 114 Release Notes System Software

Changes 3 The IP IP ADDRESS POOLS ASSIGNED IP ADDRESSES menu can be used to see how and whether certain IP addresses are being used. You can easily change the way IP addresses are allocated using this menu. For example, if an IP address has been allocated to a client via DHCP, you can permanently assign the address to this client. To do so, highlight the desired entry in the list using the space bar. Press s to allocate the current IP address permanently. You can also free up permanently assigned addresses for DHCP in the same way. In this case, highlight the desired entry in the list and press f. In previous software versions it was implicitly possible to manually allocate IP addresses in the IP IP ADDRESS POOL LAN (DHCP) menu. System Software Release Notes 115

3 Changes The IP IP ADDRESS POOLS ASSIGNED IP ADDRESSES ADD/EDIT menu has the following fields: Parameter IP Address User Type Value Reserved IP address. You can enter all IP addresses here that are included in the defined address ranges under IP IP ADDRESS POOLS POOLS. Use of the IP address. Possible values: DHCP (default): The IP address is used for DHCP. other: The IP address is used for another subsystem. none: The IP address is not used. Entry Type Allocation of the IP address. Possible values: dynamic: The IP address is dynamically allocated. You can approve existing entries for which the IP address has been manually assigned to make them available for dynamic IP address allocation. manual (default): The IP address is manually reserved for a specific client. These manual entries are saved in the configuration file. 116 Release Notes System Software

Changes 3 Parameter Client Identifier Physical Address Host Name Value Only for USER TYPE = DHCP. Identifies the client. For ENTRY TYPE = manual. If you enter a value here, the PHYSICAL ADDRESS field is ignored. However, you can also use the PHYSICAL ADDRESS field instead of the CLIENT IDENTIFIER field. For ENTRY TYPE = dynamic. CLIENT IDENTIFIER has been sent by the DHCP client. Possible values: Hexadecimal numbers. Maximum number of characters: 20. Only for USER TYPE = DHCP. For ENTRY TYPE = manual. The physical address of the client can be entered here. It must match the address in the DHCP request. You can use the PHYSICAL ADDRESS field as an alternative to the CLIENT IDENTIFIER field. For ENTRY TYPE = dynamic. MAC address of the client. Only for USER TYPE = DHCP. Host name of the client. For ENTRY TYPE = manual. Here you can enter a client host name which is sent with the response to an address request. For ENTRY TYPE = dynamic. Host name included in an address request. System Software Release Notes 117

3 Changes Parameter Use Default Parameters Value When there is a group of optional parameters, you can either use the default values or enter your own parameters. Depending on the setting, the parameters are either hidden or displayed. yes (default): Hides the optional parameters. The default values are used. no: Shows the optional parameters. You can set the parameters. LeaseTime Gateway For USE DEFAULT PARAMETERS = no. Defines the maximum amount of time an address from the address range is reserved for a host. Default value: -1. The default value adopts the value entered in the IP IP ADDRESS POOLS DHCP menu. For USE DEFAULT PARAMETERS = no. Defines which IP address should be communicated to the client as the gateway. Default value: 255.255.255.255. The default value adopts the setting from the IP IP ADDRESS POOLS DHCP ADD/EDIT menu. The value 0.0.0.0 transfers the address of the next gateway, which is either the IP address of the interface or the IP address of the relay server. 118 Release Notes System Software

Changes 3 Parameter Primary DNS Secondary DNS Value For USE DEFAULT PARAMETERS = no. Enter the IP address for a global Domain Name Server here. If a value is set in the PRIMARY DOMAIN NAME SERVER or SECONDARY DOMAIN NAME SERVER field, the respective settings in the IP IP ADDRESS POOLS POOLS ADD/EDIT menu are ignored. Default value: 255.255.255.255. The default value adopts the respective setting from the IP IP ADDRESS POOLS POOLS ADD/EDIT menu. If the field PRIMARY DOMAIN NAME SERVER = 0.0.0.0 and SECONDARY DOMAIN NAME SERVER = 0.0.0.0, the value from IP STATIC SETTINGS is used, provided that in the IP DNS menu DHCP ASSIGNMENT = global is set. For USE DEFAULT PARAMETERS = no. Enter the IP address for a secondary Domain Name Server here. If a value is set in the PRIMARY DOMAIN NAME SERVER or SECONDARY DOMAIN NAME SERVER field, the respective settings in the IP IP ADDRESS POOLS POOLS ADD/EDIT menu are ignored. Default value: 255.255.255.255. The default value adopts the respective setting from the IP IP ADDRESS POOLS POOLS ADD/EDIT menu. If the field PRIMARY DOMAIN NAME SERVER = 0.0.0.0 and SECONDARY DOMAIN NAME SERVER = 0.0.0.0, the value from IP STATIC SETTINGS is used, provided that in the IP DNS menu DHCP ASSIGNMENT = global is set. System Software Release Notes 119

3 Changes Parameter Primary TFTP Server Secondary TFTP Server Value For USE DEFAULT PARAMETERS = no. Here you can enter the IP address of a standard TFTP server through which IP telephones are to receive their IP address and configuration data. Default value: 255.255.255.255. The default value adopts the setting from the IP IP ADDRESS POOLS DHCP ADD/EDIT menu. If a value (other than 255.255.255.255) is set in the PRIMARY TFTP SERVER or SECONDARY TFTP SERVER fields, the respective settings in the IP IP ADDRESS POOLS DHCP ADD/EDIT menu are ignored. For USE DEFAULT PARAMETERS = no. Here you can enter the IP address of an alternative TFTP server through which IP telephones are to receive their IP address and configuration data. Default value: 255.255.255.255. The default value adopts the setting from the IP IP ADDRESS POOLS DHCP ADD/EDIT menu. If a value (other than 255.255.255.255) is set in the PRIMARY TFTP SERVER or SECONDARY TFTP SERVER fields, the respective settings in the IP IP ADDRESS POOLS DHCP ADD/EDIT menu are ignored. 120 Release Notes System Software

Changes 3 Parameter Alive Test Period Radius Accounting Value For USE DEFAULT PARAMETERS = no. Defines the time period (in seconds) after which the clients that were assigned an IP address are checked to see whether they still can be reached. If a client can no longer be reached, the IP address can be allocated elsewhere. Possible values: 0.. 65535. Default value: -1. The default value adopts the value from the ALIVE TEST PERIOD field in the IP IP ADDRESS POOLS DHCP ADD/EDIT menu. If ALIVE INTERVAL = 0 is set, no checking takes place. For USE DEFAULT PARAMETERS = no. Logs IP address assignment and use of the IP addresses with the help of a RADIUS server. Possible values: default (default): Adopts the value from the IP IP ADDRESS POOLS DHCP ADD/EDIT menu. enabled: IP address assignment and use is logged. disabled: IP address assignment and use is not logged. Radius Group ID For USE DEFAULT PARAMETERS = no. Specifies the group from which the RADIUS server is to originate. Default value: -1. The default value adopts the setting from the IP IP ADDRESS POOLS DHCP ADD/EDIT menu. System Software Release Notes 121

3 Changes Table 3-3: New fields in the IP IP ADDRESS POOLS ASSIGNED IP ADDRESSES ADD/EDIT menu 3.3 New DHCP and BootP tables The MIB table IPDHCPINUSETABLE is no longer used. The MIB tables IPDHCPPOOLTABLE, IPDYNADDRPOOLTABLE and IPDYNADDRTABLE are now used for DHCP. The MIB table IPBOOTPRELAYTABLE is used for BootP relay. 3.4 Expanded Ethernet implementation Ethernet implementation has been restructured and expanded. The FAST ETHERNET menu is now called ETHERNET SWITCH. The FAST ETHERNET FAST ETHERNET/EN1-X and FAST ETHERNET FAST ETHERNET/EN1-X VIRTUAL INTERFACES menus are now both part of the ETHERNET SWITCH FAST ETHERNET/EN1-X EDIT menu. Use the ETHERNET SWITCH FAST ETHERNET/EN1-X menu to select the Ethernet interface for which a virtual interface is to be configured. If you have selected a virtual interface or created a new one, you can configure VLAN for routing, i.e., VLANs directly assigned to an interface for routing. VLAN for bridging is configured in the VLAN menu (see VLAN and Bridging on page 66). 122 Release Notes System Software

Changes 3 The ETHERNET SWITCH FAST ETHERNET/EN1-X ADD/EDIT menu includes the following additional and modified fields: Parameter Interface Mode Value Mode in which the interface should be operated. Possible values: Routing (default): The interface is operated in routing mode. Routing/BRRP: The interface is operated in BRRP mode. Bridging: The interface is operated in bridging mode. Bridge Interface IP Configuration Only for INTERFACE MODE = Bridging. Bridge group to be used. If you set BRIDGE INTERFACE = new, the bridge group will be numbered automatically when saved. The bridge groups are numbered in the order in which they are created: br0, br1, br2... Choose how the IP address is assigned to the interface. Possible values: Manual (default): The interface is assigned a static IP address. DHCP: The interface is allocated an IP address dynamically via DHCP. System Software Release Notes 123

3 Changes Parameter Frame Format Value Only for INTERFACE MODE = Routing or INTERFACE MODE = Routing/BRRP. Possible values: Untagged (default): The frames are not tagged with a VLAN ID, which means no VLAN is used. Tagged: The frames are tagged with a VLAN ID, which means that VLANs are used. VLAN ID Table 3-4: Only for INTERFACE MODE = Routing or INTERFACE MODE = Routing/BRRP. Only for FRAME FORMAT = Tagged. Assign the selected interface a VLAN by entering the VLAN ID of the desired VLAN. Possible values: 1.. 4094. Default value: 1. New fields in the FAST ETHERNET/EN1-X menu 3.5 DNS Local Name Servers In addition to global name servers, local name servers can now be defined to resolve specific entries. Local name servers are configured in the IP DNS FORWARDED DOMAINS ADD/EDIT menu. 124 Release Notes System Software

Changes 3 The IP DNS FORWARDED DOMAINS ADD/EDIT menu includes the following additional fields: Parameter Forward to Value Defines where a host name is sent for name resolution. Possible values: Interface (default): Defines the WAN partner to which a connection is to be established for name resolution. Nameserver: Defines that a specific name server is to be used for name resolution. Primary Secondary Only for FORWARD TO Nameserver. IP address of the domain name server that is to resolve the indicated entry. Only for FORWARD TO Nameserver. The IP address of an alternative domain name server. Table 3-5: New fields of the IP DNS FORWARDED DOMAINS ADD/EDIT menu 3.6 Modified Channel Options for Wireless LAN The options for setting the frequency of the radio channel have changed due to a general WLAN redesign. System Software Release Notes 125

3 Changes The configuration of the radio channel is performed in the WLAN menu. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [WLAN-1]: Configure WLAN Interface MyGateway Operation Mode Access Point > Location Radio Band Channel Germany 2.4 GHz auto VSS Configuration > WDS Link Configuration > Advanced > SAVE CANCEL The options of the WLAN CHANNEL parameter have been changed. Select the radio channel frequency for this radio module in the CHANNEL field. The following values are currently available: auto (default): The frequency range is automatically checked by the access point at startup. The channel with the least traffic is chosen. In addition to automatic recognition, user-defined frequency selection is also supported. Manual channel selection is regulated by the respective country settings. In Germany, manual channel selection is only permissible on the 2.4 GHz frequency band, and on the 5 GHz band only automatic recognition is available. The following channels are available for manual selection: 1... 13: only for RADIO BAND = 2.4 GHz 36, 40, 44, 48: only for LOCATION = Greece, Ireland, Italy, Luxemburg, Netherlands, Norway, Portugal, Spain, Sweden, UK, United States and RADIO BAND = 5 GHz and USAGE AREA = indoor 126 Release Notes System Software

Changes 3 149, 153, 157, 161, 165: only for LOCATION = United States and RADIO BAND = 5 GHz and USAGE AREA = indoor or outdoor. 3.7 Modified Wireless LAN VSS Configuration The WIRELESS INTERFACES menu is now called VSS CONFIGURATION. The menu has two new configuration options. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [WLAN-1][WIRELESS][ADD]: Wireless Interface MyGateway AdminStatus enable Network Name Funkwerk-ec Name is visible yes Local Communication disabled Max. Clients 16 WMM disabled Security Mode NONE IP and Bridging > SAVE CANCEL System Software Release Notes 127

3 Changes The menu contains the following new fields: Parameter Local Communication Value This parameter was taken from the IP configuration menu of the VSS (WLAN WIRELESS INTERFACES ADD/EDIT IP AND BRIDGING) and moved into the general VSS configuration. The parameter allows communication between clients authenticated at this SSID, for example, for shared enabling. Possible values: enabled disabled (default). WMM Use this parameter to enable VSS speech or video data prioritisation via WMM (wireless multimedia) to achieve optimum transfer quality for time-critical applications. Data prioritisation according to DSCP (Differentiated Services Code Point) or IEEE802.1d are supported. Possible values: enabled disabled (default). Table 3-6: Fields in the WLAN VSS CONFIGURATION menu 128 Release Notes System Software

Changes 3 3.7.1 IP configuration for wireless networks The WLAN VSS CONFIGURATION ADD/EDIT IP AND BRIDGING menu has been altered slightly. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [WLAN-1]...[IP CONFIGURATION]: Interface <Funkwerk-ec> MyGateway Bridging no Local IP Address Local Netmask Proxy ARP no SAVE CANCEL The BRIDGING ENABLE field is now called BRIDGING. Bridging can still be enabled using the yes option or disabled using no. The LOCAL COMMUNICATION field has been moved to the WLAN VSS CONFIGURATION ADD/EDIT menu. The SECOND LOCAL IP ADDRESS and SECOND LOCAL NETMASK parameters are no longer available. System Software Release Notes 129

3 Changes 3.8 Modified WDS Link Configuration The WLAN WDS LINK CONFIGURATION ADD/EDIT menu has been altered slightly. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [WLAN-1][WDS LINK][ADD]: WDS Link MyGateway AdminStatus enable Remote WDS MAC Address Bridging Local IP Address Local Netmask no SAVE CANCEL It is no longer possible to operate a WDS link in transient routing mode. Thus, the fields MODE, PARTNER IP ADDRESS and REMOTE NETWORK with REMOTE NETMASK no longer exist. The bridging mode can now be configured in the new BRIDGING field. Here, bridging can be enabled or disabled for this WDS link. The field has the following options: no (default): Bridging is not active on this WDS link. new: If this option is confirmed with SAVE, a new bridge group is automatically created and the WDS link is added to it. Selecting an existing bridge group: You can select a bridge group that has already been configured; for example, select br0, br1. 130 Release Notes System Software

Changes 3 3.9 Wireless LAN Advanced Settings The WLAN ADVANCED menu has been modified slightly. R1200w Setup Tool Funkwerk Enterprise Communications GmbH [WLAN-1][ADVANCED]: WLAN Specific Settings MyGateway Wireless Mode Maximum Bitrate NITRO Burst 802.11 mixed AUTO ideal TX Power (dbm) 17 RTS threshold 2347 SAVE CANCEL The TIMEOUT (MINUTES) field is no longer available. You can use the new RTS THRESHOLD field to specify a threshold value in bytes (1..2346) that defines the data packet length starting from which the RTS/CTS mechanism should be used. This makes sense when multiple clients are connected to one access point without being within each other's wireless range. The default setting is 2347. 3.10 Expanded PIN length for UMTS and GSM When using a UMTS card or a GSM modem, a PIN with up to eight digits can now be entered instead of a four-digit PIN. System Software Release Notes 131

3 Changes The UMTS PIN is configured in the PCCARD UMTS menu in the UMTS PIN field. R1200wu Setup Tool [UMTS]: Settings Funkwerk Enterprise Communications GmbH MyGateway UMTS Adminstatus : enable UMTS PIN : ******** Additional Initstring : ATX3 Access Point Name (APN): internet-entreprise Incoming call action : isdnlogin Current Modem Status : up UMTS Network Provider : Vodafone.de UMTS Signal Quality : -81 db (low) Last Modem Command : AT+CSQ Last Modem Answer : OK SAVE CANCEL The GSM PIN is configured in the AUX CONSOLE PROFILE <X> menu in the SIM card uses PIN field. R1200wu Setup Tool Funkwerk Enterprise Communications GmbH [AUXILIARY][SETUP]: Modem Configuration MyGateway Profile Configuration Incoming Dispatch Item : isdnlogin SIM card uses PIN : Modem Escape Character : + Additional Init Sequence : ATX3&K3\V1 Access Point Name (APN): SAVE CANCEL 132 Release Notes System Software

Changes 3 3.11 MGCP Proxy Support ended MGCP Proxy support will be discontinued from System Software 7.5.1. 3.12 Support for selected ISDN Layer 1 protocols ended Support for the following ISDN protocols will be discontinued from System Software 7.5.1: NATIONAL ISDN 1 AT&T NI1, EWSD NI1 AT&T 5ESS CUSTOM ISDN POINT TO MULTIPOINT AT&T 5ESS CUSTOM ISDN POINT TO POINT NATIONAL ISDN 1 NORTHERN TELECOM DMS100 JAPAN NTT INS64. 3.13 MIB variable DNSNegotiation changed System Software 7.5.1 was used to change the MIB variable DNSNEGOTIATION in the MIB table BIBOPPPDNS. The values enabled and dynamic_client will no longer request or transform WINS addresses in the MIB variable DNSNEGOTIATION. If WINS addresses need to be requested, the value dynamic_client_with_wins should be used. 3.14 ISDN interface behavior changed using active NAT The behavior of ISDN interfaces with active NAT in TCP sessions has been changed with System Software 7.5.1. System Software Release Notes 133

3 Changes Previously all NAT entries were deleted when the ISDN interface status changed from down to up. Now a check is run on the IP address to establish whether it remains the same. If so, the NAT entries are retained. 3.15 Application Level Gateway In System Software 7.5.1 Application Level Gateways are no longer used on an terminal basis, but on a session basis. In the Setup Tool the VOIP APPLICATION LEVEL GATEWAY MGCP TERMINAL CONFIGURATION and VOIP APPLICATION LEVEL GATEWAY SIP TERMINAL CONFIGURATION menus were removed for this reason. 3.16 Spanning Tree algorithm removes In System Software 7.5.1 the Spanning Tree algorithm was removed from the bridging function. 134 Release Notes System Software

Fixes 4 4 Fixes The following problems have been resolved in System Software 7.5.1: 4.1 IP - Memory loss (ID 4832) Incorrect deletion of sessions sometimes lead to memory loss and to a gateway reboot. This problem has been resolved. 4.2 System reboot (ID n/a) A system reboot could occur during call setup. The problem has been resolved. 4.3 Setup Tools crash (ID 8020) Accessing the menu SYSTEM SCHEDULE & MONITOR KEEPALIVE MONITORING (HOSTS & IFC) INTERFACES could sometimes cause the Setup Tool to crash. The problem has been resolved. System Software Release Notes 135

4 Fixes 4.4 Problems with the system after 194 days (ID 7309) It was still possible to log into the system after 194 days, but it was no longer possible to run commands and access the Setup Tool. The problem has been resolved. 4.5 Data transfer via S2M interrupted (ID n/a) Data transfer in transparent mode on an S2M interface was interrupted after 500 ms. The problem has been resolved. 4.6 HTTP - System information incorrect (ID 8345) The corresponding HTTP page contained false system information on S2M interfaces. The problem has been resolved. 4.7 Email Alert incompletely disabled (ID 3240) USERALERTADMINSTATUS = disable did not completely deactivate the email alert. The problem has been resolved. 136 Release Notes System Software

Fixes 4 4.8 Restoring the IPSec and X.25 licenses with Easy Licensing failed (ID 5447) Easy Licensing did not restore all licenses contained on the device at the time of delivery. The licenses for IPSec and X.25 were missing. The problem has been resolved. 4.9 MS-CHAP Authentication error between Windows clients and router (ID 2318) The authentication negotiation between Windows clients and the router sometimes failed for PPP or PPTP connections if the login name was used together with the domain name, for example, DEVELOPMENT\Developer. The problem has been resolved. In MS-CHAP V1 the entire identification name (domain and login name) is used for authentication. In MS-CHAP V2 only the login name is used for authentication. The domain name is checked separately. To do so, the domain name must be entered in the new MS DOMAIN field. The field is only shown if AUTHENTICATION = MS-CHAP, MS-CHAP V2 or CHAP + PAP + MS-CHAP. System Software Release Notes 137

4 Fixes R1200w Setup Tool Funkwerk Enterprise Communications GmbH [WAN][ADD][PPP]: PPP Settings (test) MyGateway Authentication Partner PPP ID Local PPP ID PPP Password MS Domain Keepalives Link Quality Monitoring MS-CHAP V2 r1200 off off OK CANCEL 4.10 Inadvertent use of MS-CHAPv2 instead of MS-CHAPv1 (ID 7016) During authentication via a RADIUS server using MS-CHAP V1, MS-CHAP V2 was inadvertently used for callback. The problem has been resolved. 4.11 RADIUS - Reload with two servers failed (ID 6873) If, when using two RADIUS servers, one was configured with reload interval (MIB variable RELOADINTERVAL in the MIB table RADIUSSERVERTABLE) and the second without, no reload was carried out after changing from the server with reload interval to the server without reload interval. 138 Release Notes System Software

Fixes 4 The problem has been resolved. 4.12 RIP Failure to Send Next-Hop Information (ID 4165) The next-hop information was not sent with the route announce (RFC 2453). The problem has been resolved. 4.13 Stack trace with triggered RIP message (ID n/a) Sending triggered RIP messages caused a stack trace. The problem has been resolved. 4.14 V.42bis Compression missing (ID n/a) In the WAN PARTNER ADD/EDIT menu, the value V.42bis was missing from the COMPRESSION field. The problem has been resolved. 4.15 DNS - Name resolution failed (ID 6916) Name resolution could suddenly stop functioning after several days. System Software Release Notes 139

4 Fixes The problem has been resolved. 4.16 MSN not available for outgoing calls (ID 8310) No MSNs could be used for outgoing calls. The problem has been resolved. 4.17 CAPI - Incorrect version number (ID 4965) CAPI version numbers 1.1 and 2.0 were listed. However the device only supports CAPI 2.0 The problem has been resolved. 4.18 CAPI - Unintentional system reboot (ID 7257) After a connection was established with the message "... Outgoing call established" an unintentional device reboot could occur. The problem has been resolved. 4.19 Incorrectly deleted NAT entries (ID n/a) 140 Release Notes System Software

Fixes 4 It was previously possible for NAT entries to be deleted even if the IP address had not changed. This was observed on PPP connections with dynamic clients, but could also happen with other connections. The problem has been resolved. 4.20 PPP - Incomplete CLID check (ID 6528 - only for devices with ISDN)) Incomplete CLID check could cause calls to be accepted, even where the calling party number was incorrect. The problem has been resolved. 4.21 PPP - Multi-user entries ignored (ID 5650) When determining whether or not an incoming call should be accepted, multiuser entries in the BIBOPPPTABLE were ignored. The problem has been resolved. 4.22 PPP - Multiple dialup connection usage failed (ID 8411) If multiple dialup connections were configured for a PPP interface and the first was not available, recourse was not made to the other numbers. The problem has been resolved. System Software Release Notes 141

4 Fixes 4.23 PPP - Authentication for leased lines failed (ID 7536) With PPP the authentication for leased lines failed. The problem has been resolved. 4.24 PPP - Unintentional system reboot (ID n/a) An unintentional system reboot could occur while establishing a connection. The problem has been resolved. 4.25 PPTP - Incorrect value in via IP interface field (ID 3105) If, in the PPTP ADD IP BASIC IP-SETTINGS menu, the fields PPTP VPN PARTNER S IP ADRESS, VIA IP INTERFACE, REMOTE IP ADDRESS and REMOTE NETMASK were set, and this menu was accessed again after this configuration had been saved, the field VIA IP INTERFACE incorrectly displayed the value AUTO. Furthermore, resetting the VIA IP INTERFACE field after saving doubled the host route to the PPTP VPN PARTNER S IP ADDRESS. The problem has been resolved. 142 Release Notes System Software

Fixes 4 4.26 MPPE for X.21 leased line connections failed (ID 7767) MPPE could not be used as encryption for leased line connections via X.21. The problem has been resolved. 4.27 Inconsistency in Layer 2 mode (ID 1737) The Layer 2 mode value for leased lines was inadvertently taken from the MIB table PPP and not from the ISDNCHTABLE or X21IFTABLE table. The problem has been resolved. 4.28 Bugs in the WLAN configuration Wizard (ID 5905) When configuring an access point using the Express Setup Wizard, the WEP128 security mode was set. The WLAN interface did not receive an IP address via DHCP and bridging was deactivated. This meant that no connection to the LAN or to the Internet could be established via the WLAN interface. In order to ensure a higher level of security, in future the safety mode WPA-PSK will be selected by the Express Setup Wizard. The WLAN interface will receive an IP address via DHCP and bridging will be activated. System Software Release Notes 143

4 Fixes 4.29 WLAN - Automatic key generation for WDS failed (ID 7275) If, in the WLAN menu, the field OPERATION MODE = Access Point was set, in the WLAN WDS LINK CONFIGURATION ADD menu the field SECURITY MODE = WEP 40/64 or SECURITY MODE = WEP 104/128 and GENERATE KEY = auto, no key was generated. The problem has been resolved. 4.30 WLAN - Access point could not be used as DHCP server (ID 5698) An access point could not be operated as DHCP server because BRIDGING was deactivated on the corresponding wireless interface. The problem has been resolved. 4.31 WLAN - SSID with 32 character length problematic (ID 8344) The SSID parameter (NETWORK NAME field in menu WLAN VSS CONFIGURATION WIRELESS INTERFACES EDIT) caused problems with the maximum possible length of 32 characters. The problem has been resolved. 144 Release Notes System Software

Fixes 4 4.32 WLAN - Security mode not available (ID n/a) If in the WLAN menu, in the OPERATION MODE field, the value was set to Access Point, the SECURITY MODE field was not available under WLAN VSS CONFIGURATION WIRELESS INTERFACES EDIT. The problem has been resolved. 4.33 SIF and NAT Extended passive FTP connections blocked (ID 7197) The SIF blocked the data connection of an extended passive FTP connection even though an allow rule for FTP connections had been defined. The problem has been resolved. 4.34 SIF - Unintentional filtering (ID n/a) Locally created data traffic was blocked by SIF, even when Local Filtering was deactivated. This could also occur when SIF was switched off completely, if there were deny-rules in the SIF configuration. The problem has been resolved. 4.35 SIF - Default entries not loaded (ID n/a) System Software Release Notes 145

4 Fixes The default entries for the IPSIFALIASSERVICETABLE and the IPSIFALIASADDRESSTABLE were sometimes not loaded if multiple configurations had been saved for the gateway. The problem has been resolved. 4.36 SIF - Unintentional blocking of data traffic (ID 7689) Unstable or inconsistent entries in the MIB tables IPSIFALIASADDRESSTABLE and IPSIFALIASTABLE could cause data traffic to be blocked. The problem has been resolved. 4.37 SIF - Removing a service group caused a stack trace (ID 7751) When configuring a Stateful Inspection Firewall, removing a service group caused a stack trace. The problem has been resolved. 4.38 SIF - Unexpected entries in the MIB table (ID 6194) Unexpected entries appeared in the MIB IPSIFALIASADDRESSTABLE. The problem has been resolved. 146 Release Notes System Software

Fixes 4 4.39 SIF - System crash during registration with a provider (ID 6016) A system crash could occur when attempting to register with a provider using an incorrect IP address. The problem has been resolved. 4.40 VoIP together with SIF failed (ID 6542) When using an SIP proxy, VoIP data traffic was blocked by the Stateful Inspection Firewall. The problem has been resolved. 4.41 New start mode for IPSec peers (ID 5294) In order to ensure that a tunnel is activated immediately after the gateway is switched on, a new parameter has been introduced for peer configuration. The IPSEC CONFIGURE PEERS APPEND/EDIT PEER SPECIFIC SETTINGS menu now offers a choice between START MODE Always Up and START MODE On demand. If START MODE Always Up is selected, the gateway attempts to establish a tunnel as soon as booting is completed. System Software Release Notes 147

4 Fixes 4.42 IPSec Wizard - Incomplete messages in the configuration history (ID 3332) When deleting the IPSec configuration using the IPSec Wizard, the messages in the CONFIGURATION HISTORY were incomplete. The messages have been extended and added to. 4.43 IPSec - Name changed (ID 3208) In the IPSEC CONFIGURE PEERS ADD/EDIT PEER SPECIFIC SETTINGS menu, p2 has been renamed Peer No. 2. 4.44 IPSec - Dynamic peer does not work on a virtual interface (ID 7689) When a dynamic peer was configured on a virtual interface, P2 negotiation did not function. The problem has been resolved. 4.45 IPSec - Incorrect name resolution for IPSec peers (ID 5754) For peers with multiple host names, the wrong IP addresses were assigned during name resolution. 148 Release Notes System Software

Fixes 4 The problem has been resolved. 4.46 IPSec - RADIUS reload failed (ID 5379) If the IPSec peer RADIUS reload was carried out very frequently, it failed after the gateway had been running for a certain length of time. The problem has been resolved. 4.47 IPSec - Dynamic peer not functional (ID 7284) If a dynamic peer was configured on a virtual interface, the configuration was not functional. A peer on a traffic list basis was functional. The problem has been resolved. 4.48 IPSec - Automatic CRL import via Event Scheduler not possible (ID n/a) A CRLS import managed using Event Scheduler was not possible, as the scheduler did not confirm the import. The problem has been resolved. 4.49 IPSec - Panic (ID 7218) System Software Release Notes 149

4 Fixes The message 'improper state 5' would sometimes appear on the console. A panic would follow. The problem has been resolved. 4.50 DynVPN callback via voice call failed (ID 7578) When attempting to initialize a DynVPN via a voice call, the message 'Requested L1 ressources not available' would appear. The problem has been resolved. 4.51 X.25 connection failed (ID 7960) No connection could be established between a CISCO device and a bintec device via the X.21 interfaces. The problem has been resolved. 4.52 X.25 - Renewed LLC connection failed (ID 3881) If an interrupted LLC connection was reestablished, this would fail. The problem has been resolved. 150 Release Notes System Software

Fixes 4 4.53 SNMP Failed MIB search operations (ID 4767) Search operations within the MIB sometimes failed. The problem has been resolved. System Software Release Notes 151

4 Fixes 152 Release Notes System Software