Page 1
Building Networks for People Unified Services Router User Manual DSR-250N / 500 / 500N / 1000 / 1000N Ver. 1.03 Small Business Gateway Solution http://security.dlink.com...
Page 3
RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE D-LINK PRODUCT OR FAILURE OF THE PRODUCT, EVEN IF D-LINK IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHERMORE, D - LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST CUSTOMER FOR LOSSES OR DAMAGES.
Unified Services Router User Manual Table of Contents Chapter 1. Introduction ........................10 About this User Manual ..................11 Typographical Conventions ................11 Chapter 2. Configuring Your Network: LAN Setup ................. 13 LAN Configuration ....................13 2.1.1 LAN Configuration in an IPv6 Network ............. 16 2.1.2 Configuring IPv6 Router Advertisements ............
Unified Services Router User Manual List of Figures Figure 1: Setup page for LAN TCP/IP settings .................. 15 Figure 2: IPv6 LAN and DHCPv6 configuration ................. 17 Figure 3: Configuring the Router Advertisement Daemon ..............20 Figure 4: IPv6 Advertisement Prefix settings ..................21 Figure 5: Adding VLAN memberships to the LAN ................
Page 9
Unified Services Router User Manual Figure 33: Virtual AP configuration ..................... 60 Figure 34: List of configured access points (Virtual APs) shows one enabled access point on the radio, broadcasting its SSID ....................61 Figure 35: Radio card configuration options ..................62 Figure 36: Advanced Wireless communication settings ..............
Page 10
Unified Services Router User Manual Figure 64: List of SSL VPN polices (Global filter) ................103 Figure 65: SSL VPN policy configuration ..................104 Figure 66: List of configured resources, which are available to assign to SSL VPN policies..106 Figure 67: List of Available Applications for SSL Port Forwarding ..........
Page 11
Unified Services Router User Manual Figure 98: List of connected 802.11 clients per AP ................. 144 Figure 99: List of LAN hosts ......................145 Figure 100: List of current Active VPN Sessions ................146...
(IPsec), Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Secure Sockets Layer (SSL). Empower your road warriors with clientless remote access anywhere and anytime using SSL VPN tunnels. With the D-Link Unified Services Router you are able to experience a diverse set of benefits: ...
DSR-1000N. 1.1 About this User Manual This document is a high level manual to allow new D-Link Unified Services Router users to configure connectivity, setup VPN tunnels, establish firewall rules and perform general administrative tasks. Typical deployment and use case scenarios are described in each section.
Chapter 2. Configuring Your Network: LAN Setup It is assumed that the user has a machine for management connected to the LAN to the router. The LAN connection may be through the wired Ethernet ports available on the router, or once the initial setup is complete, the DSR may also be managed through its wireless interface as it is bridged with the LAN.
Page 16
Unified Services Router User Manual To configure LAN Connectivity, please follow the steps below: In the LAN Setup page, enter the following information for your router: IP address (factory default: 192.168.10.1). If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again.
Page 17
Unified Services Router User Manual Lease Time: Enter the time, in hours, for which IP addresses are leased to clients. Enable DNS Proxy: To enable the router to act as a proxy for all DNS requests and communicate with the ISP‘s DNS servers, click the checkbox. Click Save Settings to apply all changes.
Unified Services Router User Manual 2.1.1 LAN Configuration in an IPv6 Network Advanced > IPv6 > IPv6 LAN > IPv6 LAN Config In IPv6 mode, the LAN DHCP server is enabled by default (similar to IPv4 mode). The DHCPv6 server will serve IPv6 addresses from configured address pools with the IPv6 Prefix Length assigned to the LAN.
Page 19
Unified Services Router User Manual Fig ure 2: IPv6 LAN a nd DHCPv6 co nfig uratio n If you change the IP address and click Save Settings, the GUI will not respond. Open a new connection to the new IP address and log in again. Be sure the LAN host (the machine used to manage the router) has obtained IP address from newly assigned pool (or has a static IP address in the router‘s LAN subnet) before accessing the router via changed IP address.
Unified Services Router User Manual DHCP Mode: The IPv6 DHCP server is either stateless or stateful. If stateless is selected an external IPv6 DHCP server is not required as the IPv6 LAN hosts are auto-configured by this router. In this case the router advertisement daemon (RADVD) must be configured on this device and ICMPv6 router discovery messages are used by the host for auto-configuration.
Page 21
Unified Services Router User Manual RADVD Advanced > IPv6 > IPv6 LAN > Router Advertisement To support stateless IPv6 auto configuration on the LAN, set the RADVD status to Enable. The following settings are used to configure RADVD: Advertise Mode: Select Unsolicited Multicast to send router advertisements (RA‘s) to all interfaces in the multicast group.
Page 22
Unified Services Router User Manual Fig ure 3: Co nf iguring the Ro uter Advert isem ent Daem on Advertisement Prefixes Advanced > IPv6 > IPv6 LAN > Advertisement Prefixes The router advertisements configured with advertisemen t prefixes allow this router to inform hosts how to perform stateless address auto configuration.
Unified Services Router User Manual IPv6 Prefix Length: This value indicates the number contiguous, higher order bits of the IPv6 address that define up the network portion of the address. Typically this is 64. Prefix Lifetime: This defines the duration (in seconds) that the requesting node is allowed to use the advertised prefix.
Unified Services Router User Manual will allow traffic from LAN hosts belonging to this VLAN ID to pass through to other configured VLAN IDs that have Inter VLAN Routing enabled. Fig ure 5: Adding VLAN m em berships to t he LAN 2.2.1 Associating VLANs to ports In order to tag all traffic through a specific LAN port with a VLAN ID, you can associate a VLAN to a physical port.
Page 25
Unified Services Router User Manual Fig ure 6: Port VLAN list In Access mode the port is a member of a single VLAN (and only one). All data going into and out of the port is untagged. Traffic through a port in access mode looks like any other Ethernet frame.
2.3 Configurable Port: DMZ Setup DSR-250N does not have a configurable port – there is no DMZ support. This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port. A DMZ is a subnetwork that is open to the public but behind the firewall.
Unified Services Router User Manual Fig ure 8: DMZ co nf ig urat io n In order to configure a DMZ port, the router‘s configurable port must be set to Setup > Internet Settings > Configurable Port DMZ in the page.
Page 28
Unified Services Router User Manual Once UPnP is enabled, you can configure the router to detect UPnP -supporting devices on the LAN (or a configured VLAN). If disabled, the router will not allow for automatic device configuration. Configure the following settings to use UPnP: ...
2.5 Captive Portal DSR-250N does not have support for the Captive Portal feature. LAN users can gain internet access via web portal authentication with the DSR. Also referred to as Run-Time Authentication, a Captive Portal is ideal for a web café...
Unified Services Router User Manual Chapter 3. Connecting to the Internet: WAN Setup This router has two WAN ports that can be used to esta blish a connection to the internet. The following ISP connection types are supported: DHCP, Static, PPPoE, PPTP, L2TP, 3G Internet (via USB modem).
Unified Services Router User Manual 3G Internet access with a USB modem is supported on the secondary WAN port (WAN2). The Internet Connection Setup Wizard assists with the pr imary WAN port (WAN1) configuration only. 3.2 WAN Configuration Setup > Internet Settings > WAN1 Setup You must either allow the router to detect WAN connection type automatically or configure manually the following basic settings to enable Internet connectivity: ...
Server IP Address: Enter the IP address of the PPTP or L2TP server. DSR-250N doesn‘t have a dual WAN support. 3.2.1 WAN Port IP address Your ISP assigns you an IP address that is either dynamic (newly generated ea ch time you log in) or static (permanent).
Unified Services Router User Manual Fig ure 12: Ma nual WAN conf ig ura tio n 3.2.4 PPPoE Setup > Internet Settings The PPPoE ISP settings are defined on the WAN Configuration page. There are two types of PPPoE ISP‘s supported by the DSR: the standard username/password PPPoE and Japan Multiple PPPoE.
Page 34
Unified Services Router User Manual Fig ure 13: PPPoE config ura tio n fo r sta nd ard ISPs Most PPPoE ISP‘s use a single control and data connection, and require username / password credentials to login and authenticate the DSR with the ISP. The ISP connection type for this case is ―PPPoE (Username/Password)‖.
Page 35
Unified Services Router User Manual Fig ure 14: WAN config uratio n fo r Japa nese Mult iple PPPoE (pa rt 1) There are a few key elements of a multiple PPPoE connection: Primary and secondary connections are concurrent ...
Unified Services Router User Manual When Japanese multiple PPPoE is configured and secondary connection is up, some predefined routes are added on that interface. These routes are needed to access the internal domain of the ISP where he hosts various services. These routes can even be configured through the static routing page as well.
Unified Services Router User Manual Fig ure 16: R ussia L 2TP ISP co nfig uratio n 3.2.6 WAN Configuration in an IPv6 Network Setup > IPv6 > IPv6 WAN1 Config...
Page 38
Unified Services Router User Manual For IPv6 WAN connections, this router can have a static IPv6 address or receive connection information when configured as a DHCPv6 client. In the case where the ISP assigns you a fixed address to access the internet, the static conf iguration settings must be completed.
Unified Services Router User Manual Fig ure 17: I Pv6 WAN Set up page 3.2.7 Checking WAN Status Setup > Internet Settings > WAN Status The status and summary of configured settings for both WAN1 and WAN2 are available on the WAN Status page. You can view the following key connection status information for each WAN port: ...
Page 40
Unified Services Router User Manual Fig ure 18: Co nnectio n Sta tus inform atio n for bot h WAN ports The WAN status page allows you to Enable or Disable static WAN links. For WAN settings that are dynamically received from the ISP, you can Renew or Release the link parameters if required.
Unified Services Router User Manual 3.3 Bandwidth Controls Advanced > Advanced Network > Traffic Management > Bandwidth Profiles Bandwidth profiles allow you to regulate the traffic flow from the LAN to WAN 1 or WAN 2. This is useful to ensure that low priority LAN users (l ike guests or HTTP service) do not monopolize the available WAN‘s bandwidth for cost -savings or bandwidth-priority-allocation purposes.
Page 42
Unified Services Router User Manual For finer control, the Rate profile type can be used. With this option the minimum and maximum bandwidth allowed by this profile can be limited. Choose the WAN interface that the profile should be associated with . Fig ure 20: B and widt h Prof ile Co nfig uration pag e Advanced >...
Unified Services Router User Manual Fig ure 21: T raff ic S electo r Config ura tio n 3.4 Features with Multiple WAN Links This router supports multiple WAN links. This allows you to take advantage of failover and load balancing features to ensure certain internet dependent services are prioritized in the event of unstable WAN connectivity on one of the ports.
Unified Services Router User Manual Auto-Rollover using WAN port-WAN1: WAN1 is the primary internet link. Auto-Rollover using WAN port-WAN2: WAN2 is the primary internet link. Failover Detection Settings: To check connectivity of the primary internet link, one of the following failure detection methods can be selected: ...
Unified Services Router User Manual Load balancing is particularly useful when the connection speed of one WAN port greatly differs from another. In this case you can define protocol bindings to route low-latency services (such as VOIP) over the higher -speed link and let low-volume background traffic (such as SMTP) go over the lower speed link.
Unified Services Router User Manual addresses can be assigned to the other WAN link. Protocol bindings are only applicable when load balancing mode is enabled and more than one WAN is configured. Fig ure 23: Prot oco l binding setup t o asso ciat e a service a nd/or LAN source to a WAN a nd/or d estinat io n net work 3.5 Routing Configuration Routing between the LAN and WAN will impact the way this router handles traffic...
Page 47
Unified Services Router User Manual NAT is a technique which allows several computers on a LAN to share an Internet connection. The computers on the LAN use a "private" IP add ress range while the WAN port on the router is configured with a single "public" IP address.
Fig ure 24: Ro ut ing Mode is used to co nfigure traffic ro ut ing bet ween WAN and LAN, as well as Dy nam ic rout ing (RIP) 3.5.2 Dynamic Routing (RIP) DSR-250N does not support RIP.
Unified Services Router User Manual Setup > Internet Settings > Routing Mode Dynamic routing using the Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP) that is common in LANs. With RIP this router can exchange routing information with other supported routers in the LAN and allow f or dynamic adjustment of routing tables in order to adapt to modifications in the LAN without interrupting traffic flow.
Page 50
Unified Services Router User Manual router and other devices to account for changes in the path; once configured the static route will be active and effective until the network changes. The List of Static Routes displays all routes that have been added manually by an administrator and allows several operations on the static routes.
Unified Services Router User Manual Fig ure 25: Sta tic ro ute co nf ig urat io n fields 3.6 Configurable Port - WAN Option This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a dedicated DMZ port.
Page 52
Unified Services Router User Manual Fig ure 26: WAN2 co nfig uratio n f or 3 G internet (part 1) Cellular 3G internet access is available on WAN2 via a 3G USB modem for DSR- 1000 and DSR-1000N. The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish a connection.
Unified Services Router User Manual Fig ure 27: WAN2 co nfig uratio n f or 3 G internet ( part 2) 3.7 WAN Port Settings Advanced > Advanced Network > WAN Port Setup The physical port settings for each WAN link can be defined here. If your ISP account defines the WAN port speed or is associated with a MAC address, this information is required by the router to ensure a smooth connection with the network.
Page 54
Unified Services Router User Manual The default MAC address is defined during the manufacturing process for the interfaces, and can uniquely identify this router. You can customize each WAN port‘s MAC address as needed, either by letting the WAN port assume the current LAN host‘s MAC address or by entering a MAC address manually.
Unified Services Router User Manual Chapter 4. Wireless Access Point Setup This router has an integrated 802.11n radio that allows you to create an access point for wireless LAN clients. The security/encryption/authentication options are grouped in a wireless Profile, and each configured profile will be available for selection in the AP configuration menu.
Unified Services Router User Manual Fig ure 29: W ireless Net work Set up W iza rds 4.1.1 Wireless Network Setup Wizard This wizard provides a step-by-step guide to create and secure a new access point on the router. The network name (SSID) is the AP identifier that will be detected by supported clients.
Unified Services Router User Manual Personal Identification Number (PIN): The wireless device that supports WPS may have an alphanumeric PIN, and if entered in this field the AP will establish a link to the client. Click Connect to complete setup and connect to the client.
Unified Services Router User Manual server, or both. Note that WPA does not support 802.11n data rates; is it appropriate for legacy 802.11 connections. WPA2: this security type uses CCMP encryption (and the option to add TKIP encryption) on either PSK (pre-shared key) or Enterprise (RADIUS Server) authentication.
Unified Services Router User Manual size. Next choose one of the keys to be used for authentication. The selected key must be shared with wireless clients to connect to this device. Fig ure 31: Prof ile conf ig ura tio n to s et network s ecurity 4.2.2 WPA or WPA2 with PSK A pre-shared key (PSK) is a known passphrase confi gured on the AP and client both and is used to authenticate the wireless client.
Unified Services Router User Manual 4.2.3 RADIUS Authentication Setup > Wireless Settings > RADIUS Settings Enterprise Mode uses a RADIUS Server for WPA and/or WPA2 security. A RADIUS server must be configured and accessible by the router to authenticate wireless client connections to an AP enabled with a profile that uses RADIUS authentication.
Unified Services Router User Manual Fig ure 32: RADIUS server (Ext erna l Aut hent icat io n) conf ig ura tio n 4.3 Creating and Using Access Points Setup > Wireless Settings > Access Points Once a profile (a group of security settings) is created, it can be assigned to an AP on the router.
Page 62
Unified Services Router User Manual Fig ure 33: V irt ua l AP config ura tio n A valuable power saving feature is the start and stop time control for this AP. You can conserve on the radio power by disabling the AP when it is not in use. For example on evenings and weekends if you know there are no wireless cli ents, the start and stop time will enable/disable the access point automatically.
Unified Services Router User Manual Fig ure 34: L ist of co nfig ured a ccess point s (Virt ual A Ps) sho ws o ne enab led a ccess po int o n t he radio, broadcasting its SSID The clients connected to a particular AP can be viewed by using the Status Button on the List of Available Access Points.
Unified Services Router User Manual broadcast the SSID for the VAP with WEP since it is meant to be used for a few legacy devices in this scenario. 4.4 Tuning Radio Specific Settings Setup > Wireless Settings > Radio Settings The Radio Settings page lets you configure the channels and power levels available for the AP‘s enabled on the DSR.
Unified Services Router User Manual 4.5 Advanced Wireless Settings Advanced > Wireless Settings > Advanced Wireless Sophisticated wireless administrators can modify the 802.11 communication parameters in this page. Generally, the default settings are appropriate for most networks. Please refer to the GUI integrated help tex t for further details on the use of each configuration parameter.
Page 66
Unified Services Router User Manual connect within 60 seconds of clicking the ―Configure via PIN‖ button immediately below the PIN field. There is no LED indication that a client has connected. Push Button Configuration (PBC): for wireless devices that support PBC, press and hold down on this button and within 2 minutes click the PBC connect button.
Chapter 5. Securing the Private Network You can secure your network by creating and applying rules that your router uses to selectively block and allow inbound and outbound Internet traffic. You then specify how and to whom the rules apply. To do so, you must define the following: ...
Unified Services Router User Manual may use the IP address if a static address is assigned to the WAN port, or if your WAN address is dynamic a DDNS (Dynamic DNS) name can be used. Outbound (LAN/DMZ to WAN) rules restrict access to traffic leaving your network, selectively allowing only specific local users to access specific outside resources.
Unified Services Router User Manual Fig ure 39: L ist of Ava ilab le S chedules t o bind to a firewa ll rule 5.3 Configuring Firewall Rules Advanced > Firewall Settings > Firewall Rules All configured firewall rules on the router are displayed in the Firewall Rules list. This list also indicates whether the rule is enabled (active) or not, and gives a summary of the From/To zone as well as the services or users that the rule affects.
Page 70
Unified Services Router User Manual Service: ANY means all traffic is affected by this rule. For a specific service the drop down list has common services, or you can select a custom defined service. Action & Schedule: Select one of the 4 actions that this rule defines: BLOCK always, ALLOW always, BLOCK by schedule otherwise ALLOW, or ALLOW by schedule otherwise BLOCK .
Page 71
Unified Services Router User Manual External IP address: The rule can be bound to a specific WAN interface by selecting either the primary WAN or configurable port WAN as the source IP address for incoming traffic. This router supports multi-NAT and so the External IP address does not necessarily have to be the WAN addr ess.
Page 72
Unified Services Router User Manual Fig ure 40: E xam ple where a n o utbo und S NAT rule is us ed to m ap an externa l IP address (209. 156.200. 225) to a privat e DMZ I P address (10.30.30 .30)
Page 73
Unified Services Router User Manual Fig ure 41: T he firewa ll rule co nf igurat io n page allo ws yo u to def ine t he To/From zone, service, act ion, sched ules, and specify source/destinat io n IP addresses as need ed .
Unified Services Router User Manual 5.3.1 Firewall Rule Configuration Examples Example 1: Allow inbound HTTP traffic to the DMZ Situation: You host a public web server on your local DMZ network. You want to allow inbound HTTP requests from any outside IP address to the IP address of your web server at any time of day.
Page 75
Unified Services Router User Manual Example 3: Multi-NAT configuration Situation: You want to configure multi-NAT to support multiple public IP addresses on one WAN port interface. Solution: Create an inbound rule that configures the firewall to host an additional public IP address. Associate this address with a web server on the DMZ. If you arrange with your ISP to have more than one public IP address for your use, you can use the additional public IP addresses to map to servers on your LAN.
Page 76
Unified Services Router User Manual In the Scheduled days box, check that you want the schedule to be active for ―specific days‖. Select ―Saturday‖ and ―Sunday‖ In the scheduled time of day, select ―all day‖ – this will apply the schedule between 12 am to 11:59 pm of the selected day.
Page 77
Unified Services Router User Manual Fig ure 42: S chedule co nfigu rat ion for the above ex am ple. Since we are trying to block HTTP requests, it is a service with To Zone: Insecure (WAN1/WAN2) that is to be blocked according to schedule ―Weekend‖.
Unified Services Router User Manual Select the Action to ―Block by Schedule, otherwise allow‖. This will take a predefined schedule and make sure the rule is a blocking rule during the defined dates/times. All other times outside the schedule will not be affected by this firewall blocking rule As we defined our schedule in schedule ―Weekend‖, this is available in the dropdown menu We want to block the IP range assigned to the marketing group.
Unified Services Router User Manual Fig ure 43: L ist of user def ined service s. 5.5 ALG support Advanced > Firewall Settings > ALGs Application Level Gateways (ALGs) are security component that enhance the firewall and NAT support of this router to seamlessly support application layer protocols. In some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports a particular client application (such as H.323 or RTSP) requires, without which the admin would have to open large...
Unified Services Router User Manual Fig ure 44: Ava ilab le AL G suppo rt o n t he rout er . 5.6 VPN Passthrough for Firewall Advanced > Firewall Settings > VPN Passthrough This router‘s firewall settings can be configured to allow encrypted VPN traffic for IPsec, PPTP, and L2TP VPN tunnel connections between the LAN and internet.
Unified Services Router User Manual Fig ure 45: Passthro ug h options f or VPN t unnel s 5.7 Application Rules Advanced > Application Rules > Application Rules Application rules are also referred to as port triggering. This feature allows devices on the LAN or DMZ to request one or more ports to be forwarded to them.
Unified Services Router User Manual Fig ure 46: L ist of Ava ilab le Applicat io n Rules s ho wing 4 unique rules The application rule status page will list any active rules, i.e. incoming ports that are being triggered based on outbound requests from a defined outgoing port. 5.8 Web Content Filtering The gateway offers some standard web filtering options to allow the admin to easily create internet access policies between the secure LAN and insecure WAN.
Unified Services Router User Manual Fig ure 47: Co nt ent Filt ering us ed to blo ck access to proxy s ervers a nd prevent Activ eX co ntrols f rom being downlo aded 5.8.2 Approved URLs Advanced > Website Filter > Approved URLs The Approved URLs is an acceptance list for all URL domain names.
Unified Services Router User Manual Fig ure 48: T wo trusted dom ains added to the Approved URLs List 5.8.3 Blocked Keywords Advanced > Website Filter > Blocked Keywords Keyword blocking allows you to block all website URL‘s or s ite content that contains the keywords in the configured list.
Unified Services Router User Manual Fig ure 49: T wo k ey words added to the block list 5.9 IP/MAC Binding Advanced > IP/MAC Binding Another available security measure is to only allow outbound traffic (from the LAN to WAN) when the LAN node has an IP address matching the MAC address bound to it. This is IP/MAC Binding, and by enforcing the gateway to validate the source traffic‘s IP address with the unique MAC Address of the configured LAN node, the administrator can ensure traffic from that IP address is not spoofed.
Unified Services Router User Manual Fig ure 50: T he fo llo wing exam ple binds a LAN host’s MAC Address to a n IP address served by DSR . If t here is an IP/MAC B ind ing violat io n, t he vio lat ing packet will be dro pped and lo gs will be captured 5.10 Intrusion Prevention (IPS) Advanced >...
Unified Services Router User Manual Fig ure 51: I nt rus io n Prev ent io n f eat ures on t he ro uter 5.11 Protecting from Internet Attacks Advanced > Advanced Network > Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the router unusable.
Page 88
Unified Services Router User Manual Fig ure 52: Prot ect ing t he ro uter a nd LA N from int ernet attacks...
Unified Services Router User Manual Chapter 6. IPsec / PPTP / L2TP VPN A VPN provides a secure communication channel (―tunnel‖) between two gateway routers or a remote PC client. The following types of tunnels can be created: Gateway-to-gateway VPN: to connect two or more routers to secure traffic between remote sites.
Unified Services Router User Manual Fig ure 54: E xam ple of t hree I Psec client connect io ns to t he internal net wo rk t hro ug h t he DSR IPsec gat eway 6.1 VPN Wizard Setup >...
Page 91
Unified Services Router User Manual Fig ure 55: V PN Wizard launch screen To easily establish a VPN tunnel using VPN Wizard, follow the steps below: Select the VPN tunnel type to create The tunnel can either be a gateway to gateway connection (site -to-site) or a tunnel to a host on the internet (remote access).
Page 92
Unified Services Router User Manual Local WAN IP address / FQDN: This field can be left blank if you are not using a different FQDN or IP address than the one specified in the WAN port‘s configuration. Configure the Secure Connection Remote Accessibility fields to identify the remote network: ...
Unified Services Router User Manual 6.2 Configuring IPsec Policies Setup > VPN Settings > IPsec > IPsec Policies An IPsec policy is between this router and another gateway or this router and a IPsec client on a remote host. The IPsec mode can be either tunnel or transport depending on the network being traversed between the two policy endpoints.
Page 94
Unified Services Router User Manual Fig ure 56: I Psec po licy conf ig ura tio n Once the tunnel type and endpoints of the tunnel are defined you can determine the Phase 1 / Phase 2 negotiation to use for the tunnel. This is covered in the IPsec mode setting, as the policy can be Manual or Auto.
Page 95
Unified Services Router User Manual Fig ure 57: I Psec po licy conf ig ura tio n continued (Aut o policy v ia IKE) A Manual policy does not use IKE and instead relies on ma nual keying to exchange authentication parameters between the two IPsec hosts.
Unified Services Router User Manual Fig ure 58: I Psec po licy conf ig ura tio n continued (Aut o / Ma nual Phase 2) 6.2.1 Extended Authentication (XAUTH) You can also configure extended authentication (XAUTH). Rather than configure a unique VPN policy for each user, you can configure the VPN gateway router to authenticate users from a stored list of user accounts or with an external authentication server such as a RADIUS server.
Unified Services Router User Manual 6.3 Configuring VPN clients Remote VPN clients must be configured with the same VPN policy parameters used in the VPN tunnel that the client wishes to use: encryption, authentication, life time, and PFS key-group. Upon establishing these authentication parameters, the VPN Client user database must also be populated with an account to give a user access to the tunnel.
Unified Services Router User Manual Fig ure 59: PPT P t unnel co nfigurat ion – PPTP Server 6.4.2 L2TP Tunnel Support Setup > VPN Settings > L2TP > L2TP Server A L2TP VPN can be established through this router. Once enabled a L2TP server is available on the router for LAN and WAN L2TP client users to access.
Chapter 7. SSL VPN The router provides an intrinsic SSL VPN feature as an alternate to the standard IPsec VPN. SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre- installed VPN client on the remote host. Instead, users can securely login through the SSL User Portal using a standard web browser and receive access to configured network resources within the corporate LAN.
Unified Services Router User Manual Fig ure 61: E xam ple of clientless SSL VPN connect ions to t he DSR 7.1 Users, Groups, and Domains Advanced > Users > Users Authentication of the users (IPsec, SSL VPN, or GUI) is done by the router using either a local database on the router or external authentication servers (i.e.
Page 101
Unified Services Router User Manual Idle Timeout: The session timeout for the user. Once the user is configured, the DSR will display a list of all configured users. Fig ure 62: Ava ilab le Users wit h login stat us a nd associated Gro up/Dom ain Advanced >...
Unified Services Router User Manual Timeout: The timeout period for reaching the authentication server. Retries: The number of retries to authenticate with the authentication server after which the DSR stops trying to reach the server. Workgroup: This is required is for NT domain authentication. If there are multiple workgroups, user can enter the details for upto two workgroups.
Page 103
Unified Services Router User Manual Guest (read only): The guest user gains read only access to the GUI to observe and review configuration settings. The guest does not have SSL VPN access. SSL VPN User: This user has access to the SSL VPN services as determined by the group policies and authentication domain of which it is a member.
Unified Services Router User Manual Fig ure 63: User co nf ig urat io n opt ions 7.2 Using SSL VPN Policies Setup > VPN Settings > SSL VPN Server > SSL VPN Policies SSL VPN Policies can be created on a Global, Group, or User level. User level policies take precedence over Group level policies and Group level policies take precedence over Global policies.
Unified Services Router User Manual Fig ure 64: L ist of SSL VPN po lices ( Glob al filter) To add a SSL VPN policy, you must first assign it to a user, group, or make it global (i.e. applicable to all SSL VPN users). If the policy is for a group, the available configured groups are shown in a drop down menu and one must be selected.
Unified Services Router User Manual Fig ure 65: SSL VPN po licy co nf ig urat io n To configure a policy for a single user or group of users, enter the following information: Policy for: The policy can be assigned to a group of users, a single user, or all users (making it a global policy).
Unified Services Router User Manual Port range: If the policy governs a type of traffic, this field is used for defining TCP or UDP port number(s) corresponding to the governed traffic. Leaving the starting and ending port range blank corresponds to all UDP and TCP traffic.
Unified Services Router User Manual Fig ure 66: L ist of co nfig ured reso urces, which are available to assign to SSL VPN polic ies 7.3 Application Port Forwarding Setup > VPN Settings > SSL VPN Server > Port Forwarding Port forwarding allows remote SSL users to access specified network applications or services after they login to the User Portal and launch the Port Forwarding serv ice.
Page 109
Unified Services Router User Manual As a convenience for remote users, the hostname (FQDN) of the network server can be configured to allow for IP address resolution. This host name resolution provides users with easy-to-remember FQDN‘s to access TCP applications instead of error - prone IP addresses when using the Port Forwarding service through the SSL User Portal.
Unified Services Router User Manual Fig ure 67: L ist of Ava ilab le Applicat io ns for SSL Po rt Fo rward ing 7.4 SSL VPN Client Configuration Setup > VPN Settings > SSL VPN Client > SSL VPN Client An SSL VPN tunnel client provides a point -to-point connection between the browser - side machine and this router.
Unified Services Router User Manual Fig ure 68: SSL VPN client adapt er a nd a ccess config ura tio n The router allows full tunnel and split tunnel support. Full tunnel mode just sends all traffic from the client across the VPN tunnel to the router. Split tunnel mode only sends traffic to the private LAN based on pre-specified client routes.
Unified Services Router User Manual Setup > VPN Settings > SSL VPN Client > Configured Client Routes If the SSL VPN client is assigned an IP address in a different subnet than the corporate network, a client route must be added to allow access to the private LAN through the VPN tunnel.
Unified Services Router User Manual Fig ure 70: L ist of co nfig ured SSL VPN p ortal s. T he co nf ig ured porta l can then be associat ed wit h a n a ut hent ica tio n dom ain 7.5.1 Creating Portal Layouts Setup >...
Unified Services Router User Manual Banner message: The banner message that is displayed to SSL VPN clients prior to login. This field is optional. Display banner message on the login page: The user has the option to either display or hide the banner message in the login page.
Unified Services Router User Manual Chapter 8. Advanced Configuration Tools 8.1 USB Device Setup Setup > USB Settings The DSR Unified Services Router has a USB interface for printer access, file sharing DSR-1000 DSR-1000N models modem support. There is no configuration on the GUI to enable USB device support. Upon inserting your USB storage device, printer cable or 3G modem the DSR router will automatically detect the type of connected peripheral.
Unified Services Router User Manual Fig ure 72: USB Device Det ect io n 8.2 Authentication Certificates Advanced > Certificates This gateway uses digital certificates for IPsec VPN authentication as well as SSL validation (for HTTPS and SSL VPN authentication). You can obtain a digital certificate from a well known Certificate Authority (CA) such as VeriSign, or generate and sign your own certificate using functionality available on this gateway.
Page 117
Unified Services Router User Manual A self certificate is a certificate issued by a CA identifying your device (or self - signed if you don‘t want the identity protection of a CA). The Active Self Certificate table lists the self certificates currently loaded on the gateway. The following information is displayed for each uploaded self certificate: ...
Unified Services Router User Manual Fig ure 73: C ert ificate s um m ary for IPsec and HTTPS m anag em ent 8.3 Advanced Switch Configuration The DSR allows you to adjust the power consumption of the hardware based on your actual usage.
Unified Services Router User Manual Chapter 9. Administration & Management 9.1 Configuration Access Control The primary means to configure this gateway via the browser -independent GUI. The GUI can be accessed from LAN node by using the gateway‘s LAN IP address and HTTP, or from the WAN by using the gateway‘s WAN IP address and HTTPS (HTTP over SSL).
Unified Services Router User Manual Fig ure 76: R em ote Ma nagem ent f rom the WAN 9.1.2 CLI Access In addition to the web-based GUI, the gateway supports SSH and Telnet management for command-line interaction. The CLI login credentials are shared with the GUI for administrator users.
Unified Services Router User Manual Fig ure 77: SNMP Users, Traps, a nd Access Contro l Tools > Admin > SNMP System Info The router is identified by an SNMP manager via the System Information. The identifier settings The SysName set here is also used to identify the router for SysLog logging.
Unified Services Router User Manual Fig ure 78: SNMP system inform atio n fo r this ro uter 9.3 Configuring Time Zone and NTP Tools > Date and Time You can configure your time zone, whether or not to adjust for Daylight Savings Time, and with which Network Time Protocol (NTP) server to synchronize the date and time.
Unified Services Router User Manual Fig ure 79: Dat e, T im e, and NT P server setup 9.4 Log Configuration This router allows you to capture log messages for traffic through the firewall, VPN, and over the wireless AP. As an administrator you can monitor th e type of traffic that goes through the router and also be notified of potential attacks or errors when they are detected by the router.
Page 125
Unified Services Router User Manual System: This refers to application and management level features available on this router, including SSL VPN and administrator changes for man aging the unit. Wireless: This facility corresponds to the 802.11 driver used for providing AP functionality to your network.
Unified Services Router User Manual Fig ure 80: Facility settings fo r Logg ing The display for logging can be customized based on where the logs are sent, either Status > Logs the Event Log viewer in the GUI (the Event Log viewer is in the page) or a remote Syslog server for later review.
Page 127
Unified Services Router User Manual Example: If Accept Packets from LAN to WAN is enabled and there is a firewall rule to allow SSH traffic from LAN, then whenever a LAN machine tries to make an SSH connection, those packets will be accepted and a message will be logged.
Unified Services Router User Manual Fig ure 81: L og co nf ig urat io n options f or traffic t hro ug h ro uter 9.4.2 Sending Logs to E-mail or Syslog Tools > Log Settings > Remote Logging Once you have configured the type of logs that you want the router to collect, they can be sent to either a Syslog server or an E -Mail address.
Unified Services Router User Manual this requirement. In some cases the SMTP server may send out IDENT requests, and this router can have this response option enabled as needed. Once the e-mail server and recipient details are defined you can determine when the router should send out logs.
Unified Services Router User Manual the local Event Viewer on the router‘s GUI, and thus can collect a considerable number of logs over a sustained period. This is typically very useful for debugging network issues or to monitor router traffic over a long duration. This router supports up to 8 concurrent S yslog servers.
Unified Services Router User Manual Fig ure 84: V PN logs disp layed in GUI ev ent v iewer 9.5 Backing up and Restoring Configuration Settings Tools > System You can back up the router‘s custom configuration settings to restore them to a different device or the same router after some other changes.
Unified Services Router User Manual To restore your saved settings from a backup file, click Browse then locate the file on the host. After clicking Restore, the router begins importing the file‘s saved configuration settings. After the restore, the router reboots automatically with the restored settings. To erase your current settings and revert to factory default settings, click the Default button.
By clicking the Check Now button in the notification section, the router will check a D-Link server to see if a newer firmware version for this router is available for download and update the Status field below.
Unified Services Router User Manual Fig ure 87: Dy nam ic DNS co nf ig urat io n 9.8 Using Diagnostic Tools Tools > System Check The router has built in tools to allow an administrator to evaluate the communication status and overall network health.
Unified Services Router User Manual Fig ure 88: Ro ut er d iag nostics tools av aila ble in t he GUI 9.8.1 Ping This utility can be used to test connectivity between this router and another device on the network connected to this router. Enter an IP address and click PING . The command output will appear indicating the ICMP echo request status.
Unified Services Router User Manual Fig ure 89: Sam ple t racero ut e o utput 9.8.3 DNS Lookup To retrieve the IP address of a Web, FTP, Mail or any other server on the Internet, type the Internet Name in the text box and click Lookup. If the host or domain entry exists, you will see a response with the IP address.
Unified Services Router User Manual Chapter 10. Router Status and Statistics 10.1 System Overview The Status page allows you to get a detailed overview of the system configuration. The settings for the wired and wireless interfaces are displayed in the DSR Status page, and then the resulting hardware resource and router usage details are summarized on the router‘s Dashboard.
Unified Services Router User Manual Fig ure 91: D evice Stat us display (cont inued) 10.1.2 Resource Utilization Status > Device Info > Dashboard The Dashboard page presents hardware and usage statistics. The CPU and Memory utilization is a function of the available hardware and current configuration and traffic through the router.
Unified Services Router User Manual Fig ure 94: R esource Utilizatio n data (co ntinued) 10.2 Traffic Statistics 10.2.1 Wired Port Statistics Status > Traffic Monitor > Device Statistics Detailed transmit and receive statistics for each physical port are presented here. Each interface (WAN1, WAN2/DMZ, LAN, and VLANs) have port specific packet level information provided for review.
Unified Services Router User Manual Fig ure 95: Physical po rt statist ics 10.2.2 Wireless Statistics Status > Traffic Monitor > Wireless Statistics The Wireless Statistics tab displays the incrementing traffic statistics for each enabled access point. This page will give a snapshot of how much traffic is being transmitted over each wireless link.
Unified Services Router User Manual Fig ure 96: A P specific statist ics 10.3 Active Connections 10.3.1 Sessions through the Router Status > Active Sessions This table lists the active internet sessions through the router‘s firewall. The session‘s protocol, state, local and remote IP addresses are shown.
Unified Services Router User Manual 10.3.2 Wireless Clients Status > Wireless Clients The clients connected to a particular AP can be viewed on this page. Connected clients are sorted by the MAC address and indicate the security parameters used by the wireless link, as well as the time connected to the corresponding AP.
Unified Services Router User Manual Fig ure 99: L ist of LAN hosts 10.3.4 Active VPN Tunnels Status > Active VPNs You can view and change the status (connect or drop) of the router‘s IPsec security associations. Here, the active IPsec SAs (security associations) are listed along with the traffic details and tunnel state.
Page 148
Unified Services Router User Manual Fig ure 100: List of current Act ive VPN S essions All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, a re displayed on this page as well. Table fields are as follows. Field Description The SSL VPN user that has an active tunnel or port forwarding session to this...
Unified Services Router User Manual Chapter 11. Trouble Shooting 11.1 Internet connection Symptom: You cannot access the router‘s web-configuration interface from a PC on your LAN. Recommended action: Check the Ethernet connection between the PC and the router. Ensure that your PC‘s IP address is on the same subnet as the router. If you are using the recommended addressing scheme, your PC‘s address should be in the range 192.168.10.2 to 192.168.10.254.
Page 150
Unified Services Router User Manual Symptom: Router cannot access the Internet. Possible cause: If you use dynamic IP addresses, your router may not have requested an IP address from the ISP. Recommended action: www.google.com Launch your browser and go to an external site such as Access the firewall‘s configuration main menu at http://192.168.10.1 Monitoring >...
Unified Services Router User Manual Symptom: Router can obtain an IP address, but PC is unable to load Internet pages. Recommended action: Ask your ISP for the addresses of its designated Domain Name System (DNS) servers. Configure your PC to recognize those addresses. For details, see your operating system documentation.
Unified Services Router User Manual Observe the display: If the path is working, you see this message sequence: Pinging <IP address> with 32 bytes of data Reply from <IP address>: bytes=32 time=NN ms TTL=xxx If the path is not working, you see this message sequence: Pinging <IP address>...
Unified Services Router User Manual Verify that the network (subnet) address of your PC is different from the network address of the remote device. Verify that the cable or DSL modem is connected and functioning. Ask your ISP if it assigned a hostname to your PC. Network Configuration >...
Chapter 12. Credits Microsoft, Windows are registered trademarks of Microsoft Corp. Linux is a registered trademark of Linus Torvalds. UNIX is a registered trademark of The Open Group.
Unified Services Router User Manual Appendix A. Glossary Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC addresses. CHAP Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP. Dynamic DNS. System for updating domain names in real time. Allows a domain name to be DDNS assigned to a device with a dynamic IP address.
Page 157
Unified Services Router User Manual Point-to-Point Protocol over Ethernet. Protocol for connecting a network of hosts to an ISP PPPoE without the ISP having to manage the allocation of IP addresses. Point-to-Point Tunneling Protocol. Protocol for creation of VPNs for the secure transfer of data PPTP from remote clients to private servers over the Internet.
Appendix B. Factory Default Settings Feature Description Default Setting User login URL http://192.168.10.1 Device login User name (case sensitive) admin Login password (case sensitive) admin WAN MAC address Use default address Internet WAN MTU size 1500 Connection Port speed Autosense IP address 192.168.10.1 IPv4 subnet mask...
Unified Services Router User Manual Appendix D. Log Output Reference Facility: System (Networking) Log Message Severity Log Message Severity DBUpdate event: Table: %s opCode:%d BridgeConfig: too few arguments to rowId:%d DEBUG command %s ERROR BridgeConfig: too few arguments to networkIntable.txt not found DEBUG command %s ERROR...
Page 162
Unified Services Router User Manual nimfAdvOptSetWrap: user has changed MTU option DEBUG ddns: SQL error: %s ERROR nimfAdvOptSetWrap: MTU: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR nimfAdvOptSetWrap: old MTU size: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR nimfAdvOptSetWrap: old Port Speed Option: %d DEBUG ddnsDisable failed ERROR nimfAdvOptSetWrap: old Mac Address...
Page 163
Unified Services Router User Manual %s:DBUpdate event: Table: %s opCode:%d rowId:%d DEBUG Failed to commit ERROR %s:%d SIP ENABLE: %s DEBUG ifStatusDBUpdate: Failed to begin " ERROR sipTblHandler:failed to update ifStatic DEBUG %s: SQL error: %s ERROR sipTblHandler:failed to update Configport DEBUG %s: Failed to commit "...
Page 164
Unified Services Router User Manual nimfGetUpdateMacFlag: unable to get pPrivSep: %s DEBUG Flag from MacTable ERROR %s:DBUpdate event: Table: %s nimfMacGet: Updating MAC address opCode:%d rowId:%d DEBUG failed ERROR Re-Starting sshd daemon..DEBUG sqlite3QueryResGet failed.Query:%s ERROR sshd re-started successfully. DEBUG error executing the command %s ERROR sshd stopped .
Page 165
Unified Services Router User Manual Subnetaddress should be provided GetDnsFromIsp: %s DEBUG with accessoption 2 ERROR IdleTimeOutFlag: %s DEBUG Failed to restart sshd ERROR IdleTimeOutValue: %d DEBUG unable to open the " ERROR AuthMetho: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR executing %s ... %s DEBUG Error in executing DB update handler ERROR...
Page 166
Unified Services Router User Manual %s: buffer overflow DEBUG Failed to clear vlan for %d ERROR %s: value of %s in %s table is: %s DEBUG Failed to set vlan entry for vlan %d ERROR Failed to set vlan entries, while %s: returning with status: %s DEBUG enabling \...
Page 168
Unified Services Router User Manual pppoeMgmtTblHandler: unable to get l2tpMgmtTblHandler: UserName: %s DEBUG current Mtu Option ERROR pppoeMgmtTblHandler: unable to get l2tpMgmtTblHandler: Password: %s DEBUG the Mtu ERROR pppoeMgmtTblHandler: pppoe enable l2tpMgmtTblHandler: AccountName: %s DEBUG failed ERROR pppoeMgmtDBUpdateHandler: failed l2tpMgmtTblHandler: DomainName: %s DEBUG query: %s ERROR...
Page 169
Unified Services Router User Manual dhcpcMgmtTblHandler: dhclient The Enable Command is %s ERROR enable failed ERROR l2tpEnable:Executing the Command dhcpcMgmtTblHandler: dhcpc release failed ERROR failed ERROR dhcpcMgmtTblHandler: dhcpc disable l2tpDisable: command string: %s ERROR failed ERROR dhcpcMgmtDBUpdateHandler: failed l2tpDisable: unable to stop l2tp session ERROR query: %s ERROR...
Page 170
Unified Services Router User Manual Setting message in fragment buffer: Created EAP/PEAP context: OK DEBUG ERROR ERROR Allocating TLS read buffer is NULL: Deleted EAP/PEAP context: OK DEBUG ERROR ERROR Upper EAP sent us: decision = %d method state = %d DEBUG Setting last fragment: ERROR ERROR...
Page 171
Unified Services Router User Manual Error rcvd. opCode %d. DEBUG Plugin context is NULL ERROR pCtx NULL. DEBUG Deriving implicit challenge: Error ERROR TLS message len changed in the fragment, ignoring. DEBUG Generating NT response: Error ERROR no data to send while fragment ack received.
Page 172
Unified Services Router User Manual pFB->msgBuff is NULL. DEBUG Setting profile to glue layer: ERROR. ERROR Error calculating binary. DEBUG _eapCtxCreate failed. ERROR %d authentication not enabled in the Error calculating binary. DEBUG system. ERROR Initializing inner non-EAP auth plugin: adpDigestInit for SHA1 failed.
Page 173
Unified Services Router User Manual password change is not allowed for this EAP-PEAP not enabled in system user DEBUG configuration. ERROR EAP-WSC not enabled in system completed writing the policy DEBUG configuration. ERROR PAP not enabled in system completed writing the SA DEBUG configuration.
Page 174
Unified Services Router User Manual pEapCtx == NULL or pPDU == NULL. ERROR Could not initialize des-ecb ERROR received EAP pdu bigger than EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR received EAP pdu bigger than EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR state machine is in invalid state.
Page 175
Unified Services Router User Manual Could not open database: %s DEBUG sqlite3QueryResGet failed ERROR CPU LOG File not found DEBUG radSendtoServer: socket: %s ERROR radSendtoServer: bind() Failed: %s: MEM LOG File not found DEBUG ERROR cpuMemUsageDBUpdateHandler: radRecvfromServer: recvfrom() Failed: update query: %s DEBUG ERROR radRecvfromServer: Packet too small...
Page 176
Unified Services Router User Manual Adding Dictionary Attribute '%s' DEBUG Failed to set default retries value ERROR ERROR: incomplete DB update Adding Dictionary Value %s DEBUG information. ERROR old values result does not contain 2 Receiving attribute: %s DEBUG rows ERROR Processing attribute: %s DEBUG...
Page 177
Unified Services Router User Manual Next Synchronization after" DEBUG Unable to set debug for radAuth. ERROR Next Synchronization after %d \ DEBUG Unable to set debug level for radAuth. ERROR Primary is not available, " DEBUG ERROR: option value not specified ERROR Secondary is not available, "...
Page 178
Unified Services Router User Manual timeout after semTake DEBUG memPartAlloc for %d size failed ERROR srcId=%d(%s) <-- destId=%d(%s) cmd=%d DEBUG memPartAlloc for %d size failed ERROR No Handler registered for this UMI Un-registerting component with Id %d DEBUG context ERROR failed to send ioctl request: dst(%d) <--- Couldn't find component with ID src(%d)
Page 179
Unified Services Router User Manual cpuMemUsageDBUpdateHandler: SQL error: %s ERROR Invalid Privacy Algorithm ERROR unable to open the DB file %s ERROR Failed to Get Host Address ERROR umiInit failed ERROR Invalid version ERROR unable to register to UMI ERROR snmp v3 Trap Configuration Failed ERROR Error Reading from the Database.
Page 180
Unified Services Router User Manual wan traffic counters are restared DEBUG Deleting schedule based firewall rules. DEBUG Deleting schedule based firewall rules Traffic limit has been reached DEBUG from DB. DEBUG Traffic meter monthly limit has been Update schedule based firewall rules in changed to %d.
Page 181
Unified Services Router User Manual Enabling attack check for L2TP. DEBUG Updating BlockSites Keyword from \ DEBUG Enabling attack check for UDP Flood. DEBUG Inserting BlockSites Keyword \ DEBUG Enabling attack check for IPsec. DEBUG Deleting Trusted Domain \ DEBUG Enabling attack check for PPTP.
Page 182
Unified Services Router User Manual Internet on port %d %d:%d:%d:%d:%d Enabling remote access management Disabling Port Trigger Rule for for IP address range" DEBUG %d:%d:%d:%d:%d DEBUG Enabling remote access management to Adding Port Trigger Rule for only this PC. DEBUG %d:%d:%d:%d:%d DEBUG Disabling Management Access from...
Page 183
Unified Services Router User Manual Update FirewallRules6 where fwLBSpillOverConfigure: Could not set ScheduleName = '%s' to New " DEBUG POSTROUTING rules ERROR fwLBSpillOverConfigure: Something Dns proxy Restart failed DEBUG going wrong Here ERROR fwL2TPGenericRules.c: unable to open deleting interface to ifgroup failed DEBUG the database file "...
Page 184
Unified Services Router User Manual Facility: Local0 (Wireless) Log Message Severity Log Message Severity (node=%s) setting %s to val = %d DEBUG sqlite3QueryResGet failed ERROR Custom wireless event: '%s' DEBUG sqlite3QueryResGet failed ERROR Wireless event: cmd=0x%x len=%d DEBUG VAP(%s) set beacon interval failed ERROR New Rogue AP (%02x:%02x:%02x:%02x:%02x:%02x)
Page 185
Unified Services Router User Manual PNAC_EVENT_PREAUTH_SUCCESS event for : %s DEBUG UDP failed, received Length is %d ERROR event for non-existent node %s DEBUG umiIoctl(UMI_COMP_KDOT11, ERROR PNAC_EVENT_EAPOL_START event umiIoctl(UMI_COMP_UDOT11,%d,%d received DEBUG ERROR PNAC_EVENT_EAPOL_LOGOFF event umiIoctl(UMI_COMP_KDOT11,%d,%d received DEBUG ERROR PNAC_EVENT_REAUTH event received DEBUG No IAPP Node found for req id %d ERROR...
Page 186
Unified Services Router User Manual DOT11_RX_EAPOL_KEYMSG: sending EAPOL pdu to PNAC... DEBUG unknown ifname %s ERROR creating pnac authenticator with values %d %d - %s DEBUG cmd %d not supported.sender=%d ERROR Profile %s does not exist DEBUG inteface name passed is NULL ERROR IAPP initialized.
Page 187
Unified Services Router User Manual pnacRecvRtn: no corresponding pnac port pae found DEBUG umiIoctl(UMI_COMP_IAPP,%d) failed ERROR sending unicast key DEBUG Invalid IE. ERROR umiIoctl(UMI_COMP_KDOT11_VAP, sending broadcast key DEBUG %d ) failed ERROR from pnacAuthPAEDisconnected: calling umiIoctl(UMI_COMP_KDOT11,%d pnacTxCannedFail DEBUG ,%d) failed ERROR from pnacAuthPAEForceUnauth: calling KDOT11_SET_PARAM:IEEE80211_I...
Page 188
Unified Services Router User Manual from pnacRecvMapi: pkt body len = %d, eapolRecvKeyMsg: invalid descriptor pktType = %d DEBUG version ERROR from pnacPDUProcess: received eapolRecvKeyMsg: incorrect PNAC_EAP_PACKET DEBUG descriptor version ERROR eapolRecvKeyMsg: Ack must not be from pnacPDUProcess: currentId = %d DEBUG ERROR from pnacPDUProcess: code = %d,...
Page 189
Unified Services Router User Manual from pnacBackAuthFail: calling pnacTxCannedFail DEBUG RC4 framework initialization failed ERROR %s returned ERROR DEBUG PNAC framework initialization failed ERROR pnacUmiIoctlHandler: cmd: %s(%d) DEBUG ERROR: option value not specified ERROR %s not configured for 802.1x DEBUG ERROR: -u can be used only with -s ERROR could not process PDU received from the...
Page 190
Unified Services Router User Manual phyPort:%s pnacRadXlateRadPktIntegrityChk: no corresponding " Error from pnacPortPaeDeconfig:kpnacPortPaeDec pnacRadXlateRadPktIntegrityChk: no onfig failed WARN message " ERROR pnacPortPaeDeconfig:kpnacPortPaeDec Error from onfig failed WARN pnacRadXlateRadPktIntegrityChk: " ERROR From pnacBackAuthSuccess: failed to notify pnacRadXlateRadChalPktHandle: no the destination " WARN encapsulated eap "...
Page 191
Unified Services Router User Manual Failed to initiate PBC based enrolle pnacKeyInfoGet:failed to allocate association ERROR buffer ERROR Invalid association mode. (Allowed PNAC user comp id not set. dropping modes : PIN/PBC) ERROR EAPOL key pkt ERROR pnacUmiPortPaeParamSet: invalid wpsEnable: running wsccmd failed ERROR buffer received ERROR...
Page 192
Unified Services Router User Manual Error from pnacAuthInit: Invalid Cipher type %d ERROR pnacAuthKeyTxInit failed ERROR Profile supports WEP stas,Group cipher Error from pnacAuthInit: must be WEP ERROR pnacReauthTimerInit failed ERROR Error from pnacAuthInit: Profile %s does not exist ERROR pnacBackAuthInit failed ERROR Error from pnacAuthInit: pnacCtrlDirInit...
Page 193
Unified Services Router User Manual pnacEapRadAuthSend: Invalid Error in executing DB update handler ERROR arguments ERROR pnacEapRadAuthSend: failed to sqlite3QueryResGet failed ERROR allocate inbuffer ERROR ERROR: incomplete DB update information. ERROR pnacXmit : umiIoctl failed[%d] ERROR old values result does not contain 2 rows ERROR pnacPDUForward: Invalid input ERROR...
Page 195
Unified Services Router User Manual %s%d: bad sequence number: %d, expected: %d, DEBUG ifmedia_ioctl: no media found for 0x%x, DEBUG ifmedia_ioctl: switching %s to , dev- PPPIOCDETACH file->f_count=%d, DEBUG >name DEBUG PPP: outbound frame not passed DEBUG ifmedia_match: multiple match for DEBUG PPP: VJ decompression error DEBUG...
Page 197
Unified Services Router User Manual %s: flow dst=%s, __FUNCTION__, XFRMSTRADDR(fl->fl6_dst, family) DEBUG encrypt data length mismatch DEBUG %s: flow src=%s, __FUNCTION__, XFRMSTRADDR(fl->fl6_src, family) DEBUG encrypt data does not compare DEBUG a guy asks for address mask. Who is it? DEBUG tkip decap failed DEBUG icmp v4 hw csum failure)
Page 198
Unified Services Router User Manual ip_rt_bug: %u.%u.%u.%u -> %u.%u.%u.%u, %s, DEBUG txmic DEBUG UDP: short packet: From %u.%u.%u.%u:%u %d/%d to %u.%u.%u.%u:%u, DEBUG %02x, hk->kv_txmic[i] DEBUG UDP: bad checksum. From %d.%d.%d.%d:%d to %s: unable to update h/w beacon %d.%d.%d.%d:%d ulen %d, DEBUG queue parameters, DEBUG...
Page 199
Unified Services Router User Manual %s: failed to register sysctls!, sc- ipt_time loading DEBUG >sc_dev->name DEBUG %s: mac %d.%d phy %d.%d, dev- ipt_time unloaded DEBUG >name, DEBUG ip_conntrack_irc: max_dcc_channels 5 GHz radio %d.%d 2 GHz radio must be a positive integer DEBUG %d.%d, DEBUG...
Page 200
Unified Services Router User Manual IPSEC_ERR [%s:%d]: Max (%d) No of WINDOW=%u , ntohs(th->window) DEBUG SA Limit reached, DEBUG RES=0x%02x , (u8)(ntohl(tcp_flag_word(th) & IPSEC_ERR [%s:%d]: Max (%d) No of TCP_RESERVED_BITS) >> 22) DEBUG SA Limit reached, DEBUG URGP=%u , ntohs(th->urg_ptr) DEBUG IPSEC_ERR [%s:%d]: time(secs): %u DEBUG...
Page 201
Unified Services Router User Manual %s: Error. DST Refcount value less PHYSOUT=%s , physoutdev->name DEBUG than 1 (%d), DEBUG for %s DEVICE refcnt: %d ,pDst- MAC= DEBUG >dev->name, DEBUG %s: Got Null m:%p *m:%p sa:%p %02x%c, *p, DEBUG *sa:%p,__func__,ppBufMgr, DEBUG %s Got Deleted SA:%p NAT: no longer support implicit source state:%d,__func__,pIPsecInfo,pIPsecIn...
Page 202
Unified Services Router User Manual >msg_iov[i].iov_base)[j] %02X, skb->data[i] DEBUG De initializing by \ INFO _lvl PPPOL2TP: _fmt, ##args DEBUG kernel UMI module loaded INFO %02X, ptr[length] DEBUG kernel UMI module unloaded INFO %02X, ((unsigned char *) m- >msg_iov[i].iov_base)[j] DEBUG Loading bridge module INFO %02X, skb->data[i] DEBUG...
Page 203
Unified Services Router User Manual test key, key DEBUG %s: %s (, dev_info, ath_hal_version INFO pre-hashed key, key DEBUG %s: driver unloaded, dev_info INFO const char *descr, krb5_keyblock *k) { DEBUG %s: driver unloaded, dev_info INFO AES 128-bit key, &key DEBUG %s: Version 2.0.0 INFO...
Page 204
Unified Services Router User Manual Failed to set AES encrypt key DEBUG ICMP: %u.%u.%u.%u: INFO AES %s Decrypt Test Duration: %d:%d, hard ? Hard : Soft, DEBUG ICMP: %u.%u.%u.%u: Source INFO Wrong address mask %u.%u.%u.%u Failed to set AES encrypt key DEBUG from INFO...
Page 205
Unified Services Router User Manual MD5 Software Test %s, md5SoftTest(0) %s: options rejected: o[0]=%02x, WARNIN ? Failed : Passed DEBUG o[1]=%02x, WARNIN MD5 Hardware Test: DEBUG %s: don't know what to do: o[5]=%02x, MD5 Hardware Test %s, *** New port %d ***, ntohs(expinfo- WARNIN md5HardTest(0) ? Failed : Passed DEBUG...
Page 206
Unified Services Router User Manual Value = %x ::: At Page = %x : Addr = cix %u (%u) bad ratekbps %u mode WARNIN DEBUG WARNIN REG Size == 32 Bit DEBUG %s: no rates for %s?, Value = %x ::: At Page = %x : Addr = no rates yet! mode %u, sc- WARNIN DEBUG...
Page 207
Unified Services Router User Manual from WARNIN %s(): ADDBA mode is AUTO, __func__ DEBUG martian source %u.%u.%u.%u from WARNIN %s(): Invalid TID value, __func__ DEBUG ll header: Error in ADD- no node available DEBUG Unable to create ip_set_list ERROR %s(): Channel capabilities do not match, chan flags 0x%x, DEBUG Unable to create ip_set_hash...
Unified Services Router User Manual Appendix E. RJ-45 Pin-outs RJ-45 Signal Adapter Signal Cable RJ-45 PIN DB-9 PIN...
Page 216
Unified Services Router User Manual Appendix F. Product Statement 1. DSR-1000N Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules.
Page 217
Unified Services Router User Manual IMPORTANT NOTE: Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End users must follow the specific operating instructions for satisfying RF exposure compliance. To maintain compliance with IC RF exposure compliance requirements, please follow operation instruction as documented in this manual.
Page 218
Unified Services Router User Manual 2.DSR-500N Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 219
Unified Services Router User Manual IMPORTANT NOTE: Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End users must follow the specific operating instructions for satisfying RF exposure compliance. To maintain compliance with IC RF exposure compliance requirements, please follow operation instruction as documented in this manual.
Page 220
Unified Services Router User Manual 3.DSR-250N Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 221
Unified Services Router User Manual Regulatory statement (R&TTE) European standards dictate maximum radiated transmit power of 100mW EIRP and frequency range 2.400- 2.4835GHz; In France, the equipment must be restricted to the 2.4465-2.4835GHz frequency range and must be restricted to indoor use. Operation of this device is subjected to the following National regulations and may be prohibited to use if certain restriction should be applied.