DSR-500N Manual EN UK PDF

Building Networks for People
Unified Services Router

User Manual
DSR-150 / 150N / 250 / 250N / 500 / 500N /
1000 / 1000N
Ver. 1.05
Small Business Gateway Solution

User Manual
D-Link Corporation
Copyright © 2012.
http://www.dlink.com
Unified Services Router User Manual
User Manual
DSR-150 / 150N /250 / 250N / DSR-500 / 500N / 1000 / 1000N
Version 1.05
Co p y rig h t © 2012
Copyright Notice
Th is p u b licat io n , in clu d in g all p h o t o g rap h s , illu s t rat io n s an d s o ft ware, is p ro t ect ed u n d er
in t ern at io n al co p y rig h t laws , wit h all rig h t s res erv ed . Neit h er t h is man u al, n o r an y o f t h e
mat erial co n t ain ed h erein , may b e rep ro d u ced wit h o u t writ t en co n s en t o f t h e au t h o r.
Disclaimer
Th e in fo rmat io n in t h is d o cumen t is s ubject t o ch ange wit h o ut n o tice. Th e man u fact u rer makes
n o rep res ent at ions o r warran t ies wit h res p ect t o t h e co n t en t s h ereo f an d s p ecifically d is claim
an y imp lied warran t ies o f merch an t ab ilit y o r fit n es s fo r an y p art icu lar p u rp o s e. Th e
man u fact u rer res erv es t h e rig h t t o rev is e t h is p u b licat io n an d t o make ch an g es fro m t ime t o
t ime in t h e co n t ent h ereof wit h o ut o b lig at ion o f t h e man u factu rer t o n o t ify an y p ers o n o f s u ch
rev is io n o r ch an g es .
Limitations of Liability
UNDER NO CIRCUM STA NCES SHA LL D -LINK OR ITS SUPPLIERS BE LIA BLE FOR
DA M A GES OF A NY CHA RA CTER (E.G. DA M A GES FOR LOSS OF PROFIT, SOFTW A RE
RESTORA TION, W ORK STOPPA GE, LOSS OF SA VED DA TA OR A NY OTHER
COM M ERCIA L DA M A GES OR LOSSES) RESULTING FROM THE A PPLICA TION OR
IM PROPER USE OF THE D-LINK PRODUCT OR FA ILURE OF THE PRODUCT, EVEN IF
D-LINK IS INFORM ED OF THE POSSIBILITY OF SUCH DA M A GES. FURTHERM ORE, D-
LINK W ILL NOT BE LIA BLE FOR THIRD -PA RTY CLA IM S A GA INST CUSTOM ER FOR
LOSSES OR DA M A GES. D-LINK W ILL IN NO EVENT BE LIA BLE FOR A NY DA M A GES
IN EXCESS OF THE A M OUNT D -LINK RECEIVED FROM THE END-USER FOR THE
PRODUCT.
1
Table of Contents
Chapter 1. Introduction.......................................................................................................................................... 11
1.1 About this User Manual .................................................................................................... 12
1.2 Typographical Conventions ............................................................................................. 12
Chapter 2. Configuring Your Network: LAN Setup ...................................................................................... 13

2.1 LAN Configuration .............................................................................................................. 13
2.1.1 LAN DHCP Reserved IPs ................................................................................................ 16
2.1.2 LAN DHCP Leas ed Clients.............................................................................................. 17
2.1.3 LAN Configuration in an IP v6 Network ........................................................................ 18
2.1.4 Configuring IP v6 Router Advertisements ................................................................... 21
2.2 VLAN Configuration ........................................................................................................... 23
2.2.1 Associating VLANs to ports ............................................................................................. 24
2.2.2 Multiple VLA N Subnets ..................................................................................................... 26
2.2.3 VLAN configuration ............................................................................................................ 27
2.3 Configurable Port: DMZ Setup ....................................................................................... 28
2.4 Universal Plug and Play (UP nP).................................................................................... 29
2.5 Captive Portal ....................................................................................................................... 31
2.6 Captive portal setup ........................................................................................................... 32
Chapter 3. Connecting to the Int ernet: WAN Setup .................................................................................... 35

3.1 Internet Setup Wizard........................................................................................................ 35
3.2 WAN Configuration............................................................................................................. 36
3.2.1 WAN Port IP address ........................................................................................................ 37
3.2.2 WAN DNS Servers ............................................................................................................. 37
3.2.3 DHCP WAN .......................................................................................................................... 37
3.2.4 PPPoE .................................................................................................................................... 38
3.2.5 Russia L2TP and PP TP WAN ........................................................................................ 41
3.2.6 Russia Dual Access PPPoE............................................................................................ 42
3.2.7 WAN Configuration in an IP v6 Network ...................................................................... 43
3.2.8 Checking WAN Status....................................................................................................... 45
3.3 Bandwidth Cont rols ............................................................................................................ 47
3.4 Features with Multiple WAN Links ................................................................................ 49
3.4.1 Auto Failover ........................................................................................................................ 49
3.4.2 Load Balancing .................................................................................................................... 50
3.4.3 Protocol Bindings ................................................................................................................ 52
3.5 Routing Configuration........................................................................................................ 53
3.5.1 Routing Mode ....................................................................................................................... 53
3.5.2 Dynamic Routing (RIP) ..................................................................................................... 56
3.5.3 Static Routing ....................................................................................................................... 57
3.5.4 OSPFv2 .................................................................................................................................. 58
3.5.5 OSPFv3 .................................................................................................................................. 60
3.5.6 6to4 Tunneling ..................................................................................................................... 62
3.5.7 ISA TAP Tunnels .................................................................................................................. 63
3.6 Configurable Port - WAN Option ................................................................................... 64
3.7 WAN 3 (3G) Configuration............................................................................................... 64
3.8 WAN Port Settings.............................................................................................................. 66
2
Chapter 4. Wireless Access Point Setup ........................................................................................................ 68

4.1 Wireless Settings Wizard ................................................................................................. 68
4.1.1 Wireless Network Setup Wizard .................................................................................... 69
4.1.2 Add Wireless Device with WPS ..................................................................................... 69
4.1.3 Manual Wireless Net work Setup ................................................................................... 70
4.2 Wireless Profiles.................................................................................................................. 70
4.2.1 WEP Security ....................................................................................................................... 71
4.2.2 WPA or WPA2 with PSK .................................................................................................. 73
4.2.3 RADIUS Authentication .................................................................................................... 73
4.3 Creating and Using Access Points ............................................................................... 75
4.3.1 Primary benefits of Virtual APs: ..................................................................................... 77
4.4 Tuning Radio Specific Settings ...................................................................................... 78
4.5 WMM ....................................................................................................................................... 79
4.6 Wireless distribution system (WDS) ............................................................................. 80
4.7 Advanced Wireless Settings ........................................................................................... 81
4.8 Wi-Fi Protected Setup (WPS) ......................................................................................... 82
Chapter 5. Securing the Private Network ....................................................................................................... 85

5.1 Firewall Rules ....................................................................................................................... 85
5.2 Defining Rule Schedules .................................................................................................. 86
5.3 Configuring Firewall Rules ............................................................................................... 87
5.4 Configuring IP v6 Firewall Rules ..................................................................................... 92
5.4.1 Firewall Rule Configuration Examples......................................................................... 93
5.5 Security on Custom Servic es.......................................................................................... 97
5.6 ALG support .......................................................................................................................... 99
5.7 VPN Passthrough for Firewall ...................................................................................... 100
5.8 Application Rules .............................................................................................................. 101
5.9 Web Content Filtering...................................................................................................... 102
5.9.1 Cont ent Filtering ................................................................................................................ 102
5.9.2 Approved URLs ................................................................................................................. 103
5.9.3 Blocked Keywords ............................................................................................................ 104
5.9.4 Export Web Filter .............................................................................................................. 105
5.10 IP/MAC Binding ................................................................................................................. 106
5.11 Intrusion Prevention (IPS ).............................................................................................. 107
5.12 Protecting from Internet Attacks .................................................................................. 108
Chapter 6. IPsec / PPTP / L2TP VPN ............................................................................................................ 111

6.1 VPN Wizard ........................................................................................................................ 113
6.2 Configuring IPsec Policies ............................................................................................. 115
6.2.1 Extended Aut hentication (XAUTH) ............................................................................. 119
6.2.2 Internet over IPS ec tunnel ............................................................................................. 120
6.3 Configuring VPN clients .................................................................................................. 120
6.4 PPTP / L2TP Tunnels ...................................................................................................... 120
6.4.1 PPTP Tunnel Support ..................................................................................................... 120
6.4.2 L2TP Tunnel Support ...................................................................................................... 122
6.4.3 OpenVPN Support ............................................................................................................ 123
6.4.4 OpenVPN Remote Net work .......................................................................................... 125
6.4.5 OpenVPN Authentication ............................................................................................... 126
3
Chapter 7. SSL VPN ............................................................................................................................................ 129

7.1 Groups and Users............................................................................................................. 131
7.1.1 Users and Passwords ..................................................................................................... 137
7.2 Using SSL VPN Policies ................................................................................................. 138
7.2.1 Using Network Res ourc es ............................................................................................. 141
7.3 Application Port Forwarding .......................................................................................... 142
7.4 SSL VPN Client Configuration...................................................................................... 144
7.5 User Portal .......................................................................................................................... 147
7.5.1 Creating Portal Layouts .................................................................................................. 147
Chapter 8. Advanced Configuration Tools ................................................................................................... 150

8.1 USB Device Setup ............................................................................................................ 150
8.2 USB share port .................................................................................................................. 151
8.3 SMS service........................................................................................................................ 153
8.4 Authentication Certificates ............................................................................................. 154
8.5 Advanced S witch Configuration ................................................................................... 156
Chapter 9. Administration & Management ................................................................................................... 157

9.1 Configuration Access Control ....................................................................................... 157
9.1.1 Admin Settings ................................................................................................................... 157
9.1.2 Remote Management ...................................................................................................... 158
9.1.3 CLI Access .......................................................................................................................... 159
9.2 SNMP Configuration ........................................................................................................ 159
9.3 Configuring Time Zone and NTP ................................................................................. 161
9.4 Log Configuration.............................................................................................................. 162
9.4.1 Defining What to Log ....................................................................................................... 162
9.4.2 Sending Logs to E-mail or Syslog ............................................................................... 167
9.4.3 E vent Log Viewer in GUI ................................................................................................ 169
9.5 Backing up and Restoring Configuration Settings ................................................. 170
9.6 Upgrading Router Firmware.......................................................................................... 171
9.7 Upgrading Router Firmware via USB......................................................................... 172
9.8 Dynamic DNS Setup ........................................................................................................ 173
9.9 Using Diagnostic Tools ................................................................................................... 174
9.9.1 Ping........................................................................................................................................ 175
9.9.2 Trace Route ........................................................................................................................ 175
9.9.3 DNS Lookup ....................................................................................................................... 176
9.9.4 Rout er Options ................................................................................................................... 176
9.10 Localization ......................................................................................................................... 177
Chapter 10. Rout er Status and Statistics ........................................................................................................ 178

10.1 System Overview .............................................................................................................. 178
10.1.1 Device Status ..................................................................................................................... 178
10.1.2 Resource Utilization ......................................................................................................... 180
10.2 Traffic Statistics ................................................................................................................. 183
10.2.1 Wired Port Statistics......................................................................................................... 183
10.2.2 Wireless Statistics............................................................................................................. 184
10.3 Active Connections........................................................................................................... 185
10.3.1 Sessions through the Router ........................................................................................ 185
4
10.3.2 Wireless Clients ................................................................................................................. 187

10.3.3 LAN Clients ......................................................................................................................... 187
10.3.4 Active VPN Tunnels ......................................................................................................... 188
Chapter 11. Trouble Shooting ............................................................................................................................. 190

11.1 Internet connection ........................................................................................................... 190
11.2 Date and time ..................................................................................................................... 192
11.3 Pinging to Test LAN Connectivity................................................................................ 192
11.3.1 Testing the LA N path from your P C to your router ................................................ 192
11.3.2 Testing the LA N path from your P C to a remote device ...................................... 193
11.4 Restoring factory-default configuration settings ..................................................... 194
Chapter 12. Credits ................................................................................................................................................. 195
Appendix A. Glossary ............................................................................................................................................. 196
Appendix B. Factory Default Settings................................................................................................................ 199
Appendix C. Standard Services A vailable for Port Forwarding & Firewall Configuration ................ 200
Appendix D. Log Output Reference ................................................................................................................... 201
Appendix E. RJ-45 Pin-outs.................................................................................................................................. 255
Appendix F. Product Statement .......................................................................................................................... 256
5
List of Figures
Figure 1: Setup page for LA N TCP/IP settings ................................................................................................. 15
Figure 2: LAN DHCP Reserved IPs ..................................................................................................................... 17
Figure 3: LAN DHCP Leased Clients ................................................................................................................... 18
Figure 4: IP v6 LA N and DHCP v6 configuration ............................................................................................... 19
Figure 5: Configuring the Router Advertisement Daemon ........................................................................... 22
Figure 6: IP v6 Advertisement Prefix settings .................................................................................................... 23
Figure 7: Adding VLAN memberships to the LAN ........................................................................................... 24
Figure 8: Port VLAN list ............................................................................................................................................ 25
Figure 9: Configuring VLAN membership for a port........................................................................................ 26
Figure 10: Multiple VLAN Subnets........................................................................................................................ 27
Figure 11: VLA N Configuration .............................................................................................................................. 28
Figure 12: DMZ configuration ................................................................................................................................. 29
Figure 13: UP nP Configuration .............................................................................................................................. 30
Figure 14: Active Runtime sessions ..................................................................................................................... 32
Figure 15: Captive Port al Setup............................................................................................................................. 33
Figure 16: Customized Captive Portal Setup .................................................................................................... 34
Figure 17: Internet Connection Setup Wizard ................................................................................................... 35
Figure 18: Manual WAN configuration ................................................................................................................. 38
Figure 19: PPPoE configuration for standard ISPs ......................................................................................... 39
Figure 20: WAN configuration for Japanese Multiple PPPoE (part 1) ...................................................... 40
Figure 21: WAN configuration for Multiple PPPoE (part 2) .......................................................................... 41
Figure 22: Russia L2TP ISP configuration ......................................................................................................... 42
Figure 23: Russia Dual access PPPoE configuration .................................................................................... 43
Figure 24: IP v6 WAN Setup page ......................................................................................................................... 44
Figure 25: Connection Status information for both WAN ports ................................................................... 46
Figure 26: List of Configured Bandwidth Profiles ............................................................................................ 47
Figure 27: Bandwidth Profile Configuration page ............................................................................................ 48
Figure 28: Traffic Selector Configuration ............................................................................................................ 49
Figure 29: Load Balancing is available when multiple WAN ports are configured and Protocol
Bindings have been defined ............................................................................................................... 52
Figure 30: Protocol binding setup to associate a service and/or LAN source to a WAN and/or
destination network ................................................................................................................................ 53
Figure 31: Routing Mode is used to configure traffic routing between WAN and LAN, as well as
Dynamic routing (RIP) .......................................................................................................................... 55
Figure 32: Static route configuration fields......................................................................................................... 58
6
Figure 33: OSPFv2 configured parameters ....................................................................................................... 59

Figure 34: OSPFv2 configuration .......................................................................................................................... 60
Figure 35: OSPFv3 configured parameters ....................................................................................................... 61
Figure 36: OSPFv3 configuration .......................................................................................................................... 62
Figure 37: 6 to 4 tunneling ....................................................................................................................................... 63
Figure 38: ISA TAP Tunnels Configuration ......................................................................................................... 64
Figure 39: WAN3 configuration for 3G internet ................................................................................................ 66
Figure 40: Physical WAN port settings ................................................................................................................ 67
Figure 41: Wireless Network Setup Wizards ..................................................................................................... 69
Figure 42: List of A vailable Profiles shows the options available to secure the wireless link .......... 71
Figure 43: Profile configuration to set network security ................................................................................. 73
Figure 44: RA DIUS server (External Authentication) configuration .......................................................... 75
Figure 45: Virtual AP configuration ....................................................................................................................... 76
Figure 46: List of configured access points (Virtual APs) shows one enabled access point on the
radio, broadcasting its SSID ............................................................................................................... 77
Figure 47: Radio card configuration options ...................................................................................................... 78
Figure 48: Wi-Fi Multimedia .................................................................................................................................... 79
Figure 49: Wireless Distribution System ............................................................................................................. 80
Figure 50: Advanced Wireless communication settings ................................................................................ 82
Figure 51: WPS configuration for an AP with WPA/WPA2 profile ............................................................. 83
Figure 52: List of A vailable Firewall Rules ......................................................................................................... 86
Figure 53: List of A vailable Schedules to bind to a firewall rule ................................................................. 87
Figure 54: Example where an outbound SNAT rule is used to map an external IP address
(209.156.200.225) to a private DMZ IP address (10.30.30.30) ............................................. 90
Figure 55: The firewall rule configuration page allows you to define the To/From zone, service,
action, schedules, and specify source/destination IP addresses as needed. ................... 91
Figure 56: The IPv6 firewall rule configuration page allows you to define the To/From zone,
service, action, schedules, and specify source/ destination IP addresses as needed. .. 92
Figure 57: List of A vailable IP v6 Firewall Rules ............................................................................................... 93
Figure 58: Schedule configuration for the above example. .......................................................................... 96
Figure 59: List of us er defined services. ............................................................................................................. 98
Figure 60: Custom Services configuration ......................................................................................................... 98
Figure 61: A vailable ALG support on the router. ........................................................................................... 100
Figure 62: Passthrough options for VPN tunnels .......................................................................................... 101
Figure 63: List of A vailable Application Rules showing 4 unique rules .................................................. 102
Figure 64: Content Filtering used to block access to proxy servers and prevent ActiveX controls
from being downloaded...................................................................................................................... 103
7
Figure 65: Two trusted domains added to the Approved URLs List ....................................................... 104
Figure 66: One keyword added to the block list ............................................................................................. 105
Figure 67: Export Approved URL list ................................................................................................................. 106
Figure 68: The following example binds a LAN host’s MAC Address to an IP address served by
DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and
logs will be capt ured............................................................................................................................ 107
Figure 69: Intrusion Prevention features on the router ................................................................................ 108
Figure 70: Protecting the router and LAN from internet attacks ............................................................... 109
Figure 71: Example of Gateway-to-Gateway IPsec VPN tunnel using two DSR routers connected
to the Internet......................................................................................................................................... 111
Figure 72: Example of three IPsec client connections to the internal network through the DSR
IPsec gateway ....................................................................................................................................... 112
Figure 73: VPN Wizard launch screen .............................................................................................................. 113
Figure 74: IPsec policy configuration ................................................................................................................. 116
Figure 75: IPsec policy configuration continued (Auto policy via IKE) ................................................... 117
Figure 76: IPsec policy configuration continued (Auto / Manual Phas e 2) ........................................... 119
Figure 77: PP TP tunnel configuration – PP TP Client................................................................................... 121
Figure 78: PP TP VPN connection status.......................................................................................................... 121
Figure 79: PP TP tunnel configuration – PP TP Server ................................................................................. 122
Figure 80: L2TP tunnel configuration – L2TP Server................................................................................... 123
Figure 81: OpenVP N configuration ..................................................................................................................... 125
Figure 82: OpenVP N Remote Network ............................................................................................................. 126
Figure 83: OpenVP N Authentication .................................................................................................................. 127
Figure 84: Example of clientless SSL VPN connections to the DS R ...................................................... 130
Figure 85: List of groups ......................................................................................................................................... 131
Figure 86: User group configuration ................................................................................................................... 132
Figure 87: SSLVPN Settings................................................................................................................................. 133
Figure 88: Group login policies options ............................................................................................................. 134
Figure 89: Browser policies options ................................................................................................................... 135
Figure 90: IP policies options................................................................................................................................ 136
Figure 91: A vailable Users with login status and associated Group ....................................................... 137
Figure 92: User configuration options ................................................................................................................ 138
Figure 93: List of SSL VPN polices (Global filter) .......................................................................................... 139
Figure 94: SSL VPN policy configuration ......................................................................................................... 140
Figure 95: List of configured resources, which are available to assign to SSL VPN policies ........ 142
Figure 96: List of A vailable Applications for SSL Port Forwarding .......................................................... 144
Figure 97: SSL VPN client adapter and access configuration .................................................................. 145
8
Figure 98: Configured client routes only apply in split tunnel mode........................................................ 146
Figure 99: List of configured SSL VPN portals. The configured portal can then be associated with
an aut hentication domain .................................................................................................................. 147
Figure 100: SSL VPN Portal configuration ....................................................................................................... 149
Figure 101: USB Device Detection ..................................................................................................................... 151
Figure 102: USB SharePort................................................................................................................................... 152
Figure 103: SMS Service – Send SMS ............................................................................................................. 153
Figure 104: SMS Service – Receive SMS ....................................................................................................... 154
Figure 105: Certificate summary for IPsec and HTTPS management ................................................... 155
Figure 106: Advanced Switch Settings.............................................................................................................. 156
Figure 107: User Login policy configuration .................................................................................................... 157
Figure 108: Admin Settings ................................................................................................................................... 158
Figure 109: Remote Management from the WAN ......................................................................................... 159
Figure 110: SNMP Users, Traps, and Access Control ................................................................................ 160
Figure 111: SNMP system information for this router .................................................................................. 161
Figure 112: Date, Time, and NTP server setup ............................................................................................. 162
Figure 113: Facility settings for Logging ........................................................................................................... 164
Figure 114: Log configuration options for traffic through router ................................................................ 166
Figure 115: IP v6 Log configuration options for traffic through router ..................................................... 167
Figure 116: E-mail configuration as a Remote Logging option ................................................................. 168
Figure 117: Syslog server configuration for Remote Logging (continued)............................................ 169
Figure 118: VPN logs displayed in GUI event viewer .................................................................................. 170
Figure 119: Restoring configuration from a saved file will result in the current configuration being
overwritten and a reboot .................................................................................................................... 171
Figure 120: Firmware version information and upgrade option ................................................................ 172
Figure 121: Firmware upgrade and configuration restore/backup via USB .......................................... 173
Figure 122: Dynamic DNS configuration .......................................................................................................... 174
Figure 123: Router diagnostics tools available in the GUI ......................................................................... 175
Figure 124: Sample trace route out put .............................................................................................................. 176
Figure 125: Localization ......................................................................................................................................... 177
Figure 126: Device Status display ...................................................................................................................... 179
Figure 127: Device Status display (continued) ............................................................................................... 180
Figure 128: Resource Utilization statistics ....................................................................................................... 181
Figure 129: Resource Utilization data (continued) ........................................................................................ 182
Figure 130: Resource Utilization data (continued) ........................................................................................ 183
Figure 131: Physical port statistics ..................................................................................................................... 184
9
Figure 132: AP specific statistics......................................................................................................................... 185

Figure 133: List of current Active Firewall Sessions ..................................................................................... 186
Figure 134: List of connected 802.11 clients per AP .................................................................................... 187
Figure 135: List of LAN hosts ............................................................................................................................... 188
Figure 136: List of current Active VPN Sessions ........................................................................................... 189
10
Chapter 1. Introduction
D-Lin k Un ified Serv ices Ro u t ers o ffer a s ecu re, h ig h p erforman ce n et wo rkin g s o lu t io n
t o ad d ress t h e g rowin g n eed s o f s mall an d med iu m b u s in es s es . In t eg rat ed h ig h -s p eed
IEEE 802.11n an d 3G wireles s t ech n o lo g ies o ffer co mp arab le p erfo rman ce t o
t rad it io n al wired n et wo rks , b u t wit h fewer limit at io n s . Op t imal n et wo rk s ecu rit y is
p ro v id ed v ia feat u res s u ch as v irt u al p riv at e n et wo rk (VPN) t u n n els , IP Secu rit y
(IPs ec ), Po in t -t o -Poin t Tu n nelin g Pro t ocol (PPTP), Lay er 2 Tu n n elin g Pro t ocol (L2TP),
an d Secu re So cket s Lay er (SSL). Emp o wer y o u r ro ad warrio rs wit h clien t les s remo t e
acces s an y wh ere an d an y t ime u s in g SSL VPN t u n n els .
W it h t h e D-Lin k Un ified Serv ices Ro u t er y o u are ab le t o exp erien ce a d iv ers e s et o f
b en efit s :
 Co mp reh en s iv e M an ag emen t Cap ab ilit ies
Th e DSR-500, DSR-500N, DSR-1000 an d DSR-1000N in clu d e d u al-W A N
Gig ab it Et h ern et wh ich p ro v id es p o licy -b as ed s erv ice man ag emen t en s u rin g
maximu m p ro d u ct iv it y fo r y o u r b u s in es s o p erat io n s . Th e failo v er feat u re
main t ain s d at a t raffic wit h o ut d is conn ectin g wh en a lan d lin e co nnect io n is lo s t .
Th e Ou t b o u nd Lo ad Balan cin g featu re ad ju sts o u tgo ing t raffic acro ss t wo W AN
in t erfaces and o pt imizes t h e s ystem p erfo rman ce res u lt in g in h ig h av ailab ilit y .
Th e s eco nd W AN p o rt can b e co n figu red as a DM Z p o rt allo win g y o u t o is o late
s erv ers fro m y o u r LA N.
 DSR-150/ 150N/ 250 / 250N h av e a s in g le W A N in t erface, an d t h u s it d o es n o t

s u p p o rt A u t o Failo v er an d Lo ad Balan cin g s cen ario s .
 Su p erio r W ireles s Perfo rman ce

Des ig n ed t o d eliv er s u p erio r wireles s p erfo rman ce, t h e DSR -500N an d DSR-
1000N in clu d e 802.11 a/ b / g / n, allo win g fo r o p erat io n o n eit h er t h e 2.4 GHz o r
5 GHz rad io b an d s . M u lt ip le In M u lt ip le Ou t (M IM O) t ech n o lo g y allo ws t h e
DSR-500N an d DSR-1000N t o p ro v id e h ig h d at a rat es wit h min imal “d ead
s p o t s ” t h ro u g h o u t t h e wireles s co v erag e area.
 DSR-150N, 250N an d DSR-500N s u p p o rt s t h e 2.4GHz rad io b an d o n ly .
 Flexib le Dep lo y men t Op t io n s

Th e DSR-1000 / 1000N s u p p o rt s Th ird Gen erat io n (3G) Net wo rks v ia an
ext en d ab le USB 3G d o n g le. Th is 3G n et wo rk cap ab ilit y o ffers an ad d it io n al
s ecu re d at a co n n ect io n fo r n et wo rks t h at p ro v id e crit ical s erv ices . Th e DSR -
1000N can b e co n fig u red t o au t o mat ically s wit ch t o a 3G n et wo rk wh en ev er a
p h y s ical lin k is lo s t .
 Ro b u s t VPN feat u res
A fu lly feat u red v irt u al p riv at e n et wo rk (VPN) p ro v id es y o u r mo b ile wo rkers
an d b ran ch o ffices wit h a s ecu re lin k t o y o u r n et wo rk. Th e DSR-
150/ 150N/ 250/ 250N, DSR-500/ 500N an d DSR-1000 / 1000N are cap ab le o f
s imu lt an eo usly man ag in g 5, 5, 10, 20 Secu re So cket s Lay er (SSL) VPN t u n n els
res p ectiv ely , emp o werin g y o u r mo b ile u s ers b y p ro v id in g remo t e acces s t o a
11
cen t ral co rp o rat e d at ab as e. Sit e -t o -s it e VPN t u n n els u s e IP Secu rit y ( IPs ec )

Pro t o co l, Po in t -t o -Po in t Tu n n elin g Pro t o co l (PPTP), o r Lay er 2 Tu n n elin g
Pro t o co l (L2TP) t o facilit at e b ran ch o ffice co n n ect iv it y t h ro u g h en cry p t ed
v irt u al lin ks . Th e DSR-150/ 150N, DSR-250/ 250N, DSR-500/ 500N an d DSR-
1000/ 1000N s u p p o rt 10, 25, 35 an d 75 s imu lt an eo u s IPSec VPN t u n n els
res p ect iv ely .
 Efficien t D-Lin k Green Tech n o lo g y
A s a co n cern ed memb er o f t h e g lo b al co mmu n it y , D -Lin k is d ev o t ed t o
p ro v id in g eco -frien d ly p ro d u ct s . D-Lin k Green W iFi an d D-Lin k Green
Et h ern et s av e p o wer an d p rev en t was t e. Th e D -Lin k Green W LA N s ch ed u ler
red u ces wireles s p o wer au t o mat ically d u rin g o ff-p eak h o u rs . Likewis e t h e D-
Lin k Green Et h ern et p ro gram ad ju s ts p o wer u s ag e b ased o n t h e d et ect ed cab le
len g t h an d lin k s t at u s . In ad d it io n , co mp lian ce wit h Ro HS (Res t rict io n o f
Hazard o u s Su b stances) an d W EEE (W as t e Elect rical an d Elect ro ni c Eq u ip ment)
d irect iv es make D-Lin k Green cert ified d ev ices t h e en viro nmen tally res ponsible
ch o ice.
 Su p p o rt fo r t h e 3G wireles s W A N USB d o n g le is o n ly av ailab le fo r DSR-1000 an d

DSR-1000N.
1.1 About this User Manual

Th is d o cu men t is a h ig h lev el man u al t o allo w n ew D-Lin k Un ified Serv ices Ro u t er
u s ers t o co n fig u re co n n ect iv it y , s et u p VPN t u n n els , es t ab lis h firewall ru les an d
p erfo rm g en eral ad min is t rativ e t asks. Ty p ical d ep lo ymen t an d u se cas e s cen ario s are
d es crib ed in each s ect io n . Fo r mo re d et ailed s et u p in s t ru ct io n s an d exp lan at io n s o f
each co n fig u rat ion p aramet er, refer t o t h e o n lin e h elp t h at can b e acces s ed fro m each
p ag e in t h e ro u t er GUI.
1.2 Typographical Conventions

Th e fo llo win g is a lis t o f t h e v ario u s t erms , fo llo wed b y an examp le o f h o w t h at t erm
is rep res en t ed in t h is d o cu men t :
 Pro d u ct Name – D-Lin k Un ified Serv ices Ro u t er.
o M o d el n u mb ers DSR-500/ 500N/ 1000/ 1000N/ 250/ 250N/ 150/ 150N
 GUI M en u Pat h / GUI Nav ig at io n – Monitoring > Router Status
 Imp o rt an t n o t e – 
12
Chapter 2. Configuring Your Network:
LAN Setup
It is as s umed t h at t h e u ser h as a mach in e fo r man ag emen t co nnected t o t h e LA N t o t h e
ro u t er. Th e LA N co n n ectio n may b e t h ro u gh t h e wired Et h ern et p o rt s av ailab le o n t h e
ro u t er, o r o n ce t h e in it ial s et up is co mp let e, t h e DSR may als o b e ma n ag ed t h ro u g h it s
wireles s in t erface as it is b rid g ed wit h t h e LA N. A cces s t h e ro u t er’s g rap h ical u s er
in t erface (GUI) fo r man ag emen t b y u s in g an y web b ro wser, s uch as M icro s o ft In t ern et
Exp lo rer o r M o zilla Firefo x:
 Go t o http:/ / 1 9 2 .1 6 8 .1 0 .1 (d efau lt IP ad d res s ) t o d is p lay t h e ro u t er’s
man ag emen t lo g in s creen .
 Defau lt lo g in cred en t ials fo r t h e man ag emen t GUI:
 Us ern ame: admi n
 Pas s wo rd : admi n
 If t h e ro u t er’s LA N IP ad d res s was ch ang ed, u s e t h at IP ad d res s in t h e n av ig at io n

b ar o f t h e b ro ws er t o acces s t h e ro u t er’s man ag emen t UI.
2.1 LAN Configuration

Setup > Network Settings > LAN Configuration
By d efau lt , t h e ro u t er fu n ct io n s as a Dy n amic Ho s t Co n fig u rat io n Pro t o co l (DHCP)
s erv er t o t h e h ost s o n t h e W LA N o r LA N n et wo rk. W it h DHCP, PCs an d o t h er LA N
d ev ices can b e assig ned IP ad d resses as well as ad d resses fo r DNS s erv ers , W in d o ws
In t ern et Name Serv ice (W INS) s erv ers , an d t h e d efau lt g at eway . W it h t h e DHCP
s erv er en ab led t h e ro u t er’s IP ad d res s s erv es as t h e g at eway ad d res s fo r LA N an d
W LA N clien t s . Th e PCs in t h e LA N are as s ig n ed IP ad d res s es fro m a p o o l o f
ad d res ses s pecified in t h is p ro cedu re. Each p o o l ad dress is t ested b efore it is as sig ned
t o av o id d u p licat e ad d res s es o n t h e LA N.
Fo r mo s t ap p licat ion s t he d efault DHCP an d TCP/ IP s et t in g s are s at is fact o ry . If y o u
wan t an o t h er PC o n y o u r n et wo rk t o b e t h e DHCP s erv er o r if y o u are man u ally
co n fig u rin g t h e n et wo rk s et t in g s o f all o f y o u r PCs , s et t h e DHCP mo d e t o ‘n o n e’.
DHCP relay can b e u s ed t o fo rward DHCP leas e in fo rmat io n fro m an o t h er LA N
d ev ice t h at is t h e n et wo rk’s DHCP s erv er; t h is is p art icu larly u s efu l fo r wireles s
clien t s .
In s t ead o f u s in g a DNS s erv er, y o u can u s e a W in d o ws In t ern et Namin g Serv ice
(W INS) s erv er. A W INS s erv er is t h e eq u iv alen t o f a DNS s erv er b u t u s es t h e
Net BIOS p ro t o co l t o res o lv e h o s t n ames . Th e ro u t er in clu d es t h e W INS s erv er IP
ad d res s in t h e DHCP co n fig u rat io n wh en ackn o wled g in g a DHCP req u es t fro m a
DHCP clien t .
Yo u can als o en able DNS p ro xy fo r t h e LA N. W h en t h is is e n abled t he ro u t er t h en as
a p ro xy fo r all DNS req u es t s an d co mmu n icat es wit h t h e ISP’s DNS s erv ers . W h en
d is ab led all DHCP clien t s receiv e t h e DNS IP ad d res s es o f t h e ISP.
To co n fig u re LA N Co n n ect iv it y , p leas e fo llo w t h e s t ep s b elo w:

1. In the LAN Setup page, enter the following information for your router:
 IP ad d res s (fact o ry d efau lt : 192.168.10.1).
 If y o u ch an g e t h e IP ad d res s an d click Sav e Set t in g s , t h e GUI will n o t res p o n d .

Op en a n ew co n n ect io n t o t h e n ew IP ad d res s an d lo g in ag ain . Be s u re t h e LA N
h o s t (t h e mach in e u sed t o man ag e t h e ro u t er) h as o b t ain ed IP ad d res s fro m n ewly
as s ig n ed p o o l (o r h as a s t at ic IP ad d res s in t h e ro u t er’s LA N s u b n et ) b efo re
acces s in g t h e ro u t er v ia ch an g ed IP ad d res s .
 Su b n et mas k (fact o ry d e fau lt : 255.255.255.0).
2. In the DHCP section, select the DHCP mode:
 No n e: t h e ro u t er’s DHCP s erv er is d is ab led fo r t h e LA N
 DHCP Serv er. W it h t h is o p tio n t h e ro u ter assig ns an IP ad d res s wit h in t h e

s p ecified ran g e p lu s ad d it io n al s p ecified in fo rmat io n t o an y LA N d ev ice
t h at req u es t s DHCP s erv ed ad d res s es .
 DHCP Relay : W it h t h is o p t io n en ab led , DHCP clien t s o n t h e LA N can

receiv e IP ad d res s leas es an d co rres p o n d in g in fo rmat io n fro m a DHCP
s erv er o n a d ifferen t s u b n et . Sp ecify t h e Relay Gat eway , an d wh en LA N
clien t s make a DHCP req u es t it will b e p as s ed alo n g t o t h e s erv er
acces s ib le v ia t h e Relay Gat eway IP ad d res s .
 If DHCP is b ein g en ab led , en t er t h e fo llo win g DHCP s erv er p aramet ers :
 St art in g an d En d in g IP A d d res s es : En t er t h e firs t an d las t co n t in u o u s

ad d res ses in t h e IP ad d ress p o ol. A n y n ew DHCP clien t jo in in g t h e LA N is
as s ig n ed an IP ad d res s in t h is ran g e. Th e d efau lt s t art in g ad d res s is
192.168.10.2. Th e d efau lt en d in g ad d res s is 192.168.1 0.100. Th es e
ad d res ses s ho uld b e in t h e s ame IP ad d res s s u b n et as t h e ro u t er’s LA N IP
ad d res s . Yo u may wis h t o s av e p art o f t h e s u b n et ran g e fo r d ev ices wit h
s t at ically as s ig n ed IP ad d res s es in t h e LA N .
 Primary an d Seco n d ary DNS s erv ers : If co n fig u red d o main n ame s y s t em
(DNS) s erv ers are av ailab le o n t h e LA N en t er t h eir IP ad d res s es h ere.
 W INS Serv er (o p t io n al): En t er t h e IP ad d res s fo r t h e W INS s erv er o r, if

p res en t in y o u r n et wo rk, t h e W in d o ws Net Bio s s erv er.
14
 Leas e Time: En t er t h e t ime, in h o u rs , fo r wh ich IP ad d res s es are leas ed t o

clien t s .
 Relay Gat eway : En t er t h e g at eway add res s . Th is is t h e o n ly co n fig u rat io n

p aramet er req u ired in t h is s ect io n wh en DHCP Relay is s elect ed as it s
DHCP mo d e
3. In the DNS Host Name Mapping section:
 Ho s t Name: Pro v id e a v alid h o s t n ame
 IP ad d res s : Pro v id e t h e IP ad d res s o f t h e h o s t n ame,
4. In the LAN proxy section:
 En ab le DNS Pro xy : To en ab le t h e ro u t er t o act as a p ro xy fo r all DNS

req u es ts an d co mmu n icat e wit h t h e ISP’s DNS s erv ers , click t h e ch eckb o x.
5. Click Save Settings to apply all changes .
Figure 1 : Se tup page for LAN TCP/IP s e ttings
15
2.1.1 LAN DHCP Reserv ed IPs

Setup > Network Settings > LAN DHCP Reserved IPs
Th is ro u t er DHCP s erv er can as sig n TCP/ IP co n fig urat io n s t o co mp u t ers in t h e LA N

exp licit ly b y ad d in g clien t 's n etwo rk in t erface h ardware ad dress an d t he IP ad d ress t o
b e as s ig ned t o t h at clien t in DHCP s erv er's d atabase. W h enever DHCP s erv er receiv es
a req u est fro m c lien t , h ard ware ad dress o f t h at clien t is co mp ared wit h t h e h ard ware
ad d res s lis t p res en t in t h e d at ab as e, if an IP ad d res s is alread y as s ig n ed t o t h at
co mp u t er o r d ev ice in t h e d at ab as e , t h e cu s t o mized IP ad d res s is co n fig u red
o t h erwis e an IP ad d ress is ass ig n ed t o t h e clien t au t o mat ically fro m t h e DHCP p o o l.
Computer Name : Th e u s er d efin ed n ame fo r t h e LA N h o s t .
IP Addres s es : Th e LA N IP ad d res s o f a h o s t t h at is res erv ed b y t h e DHCP s erv er.
MAC Addres s es : Th e M A C ad d res s t h at will b e as s ig n ed t h e res e rv ed IP ad d res s

wh en it is o n t h e LA N.
As s oci ate wi th IP/ MAC B i ndi ng : W h en t h e u s er en ab les t h is o p t io n t h e Co mp u t er

Name, IP an d M A C ad d res s es are as s o ciat ed wit h t h e IP/ M A C b in d in g .
Th e act io n s t h at can b e t aken o n lis t o f res erv ed IP ad d res s es are:
S el ect: Select s all t h e res erv ed IP ad d res s es in t h e lis t .
Edi t: Op en s t h e LA N DHCP Res erv ed IP Co n fig u rat io n p ag e t o ed it t h e s elect ed

b in d in g ru le.
Del ete : Delet es t h e s elect ed IP ad d res s res erv at io n (s )
Add: Op en s t h e LA N DHCP Res erv ed IP Co n fig u rat io n p ag e t o ad d a n ew b in d in g

ru le.
16
Figure 2 : LAN DHCP Re s e rve d IPs
2.1.2 LAN DHCP Leased Clients

Setup > Network Settings > LAN DHCP Leased Clients
Th is p ag e p ro v id es t h e lis t o f clien t s co n n ect t o LA N DHCP s erv er.
17
Figure 3 : LAN DHCP Le as e d Clie nts
IP Addres s es : Th e LA N IP ad d res s o f a h o s t t h at mat ch es t h e res erv ed IP lis t .

MAC Addres s es : Th e M A C ad d ress o f a LA N h o s t t h at h as a co n figu red IP ad d res s
res erv at io n .
2.1.3 LAN Configuration in an IPv 6 Network

Advanced > IPv6 > IPv6 LAN > IPv6 LAN Config
(1) In IPv 6 mo d e, t h e LA N DHCP s erv er is en ab led b y d efau lt (s imilar t o IPv 4
mo d e). Th e DHCPv 6 s erv er will s erv e IPv 6 ad d resses fro m co n fig u red ad d res s
p o o ls wit h t h e IPv 6 Prefix Len g t h as s ig n ed t o t h e LA N.
 IPv 4 / IPv 6 mo d e mu s t b e en ab led in t h e Advanced > IPv6 > IP mode t o en ab le

IPv 6 co n fig u rat io n o p t io n s .
LAN Settings
Th e d efau lt IPv 6 LA N ad d ress fo r t h e ro u ter is fec0 ::1 . Yo u can ch ang e t h is 128 b it
IPv 6 ad d res s b ased o n y o ur n et wo rk req u iremen t s . Th e o t h er field t h at d efin es t h e
LA N s et t in g s fo r t h e ro u t er is t h e p refix len g t h . Th e IPv 6 n et wo rk (s u b n et ) is
id en t ified b y t h e in it ial b it s o f t h e ad d res s called t h e p refix. By d efau lt t h is is 6 4
b it s lo n g . A ll h o s ts in t h e n etwo rk h av e co mmo n in it ial b it s fo r t h eir IPv 6 ad d res s ;
t h e n u mb er o f co mmo n in it ial b it s in t h e n et wo rk’s ad d res s es is s et b y t h e p refix
len g t h field .
18
Figure 4 : IPv6 LAN and DHCPv6 configurat io n
 If y o u ch an g e t h e IP ad d res s an d click Sav e Set t in g s , t h e GUI will n o t res p o n d .

Op en a n ew co n n ect io n t o t h e n ew IP ad d res s an d lo g in ag ain . Be s u re t h e LA N
h o s t (t h e mach in e u sed t o man ag e t h e ro u t er) h as o b t ain ed IP ad d res s fro m n ewly
as s ig n ed p o o l (o r h as a s t at ic IP ad d res s in t h e ro u t er’s LA N s u b n et ) b efo re
acces s in g t h e ro u t er v ia ch an g ed IP ad d res s .
19
A s wit h an IPv 4 LA N n et wo rk, t h e ro u t er h as a DHCPv 6 s erv er. If en ab led , t h e

ro u t er as s ig n s an IP ad d res s wit h in t h e s p ecified ran g e p lu s ad d it io n al s p ecified
in fo rmat io n t o an y LA N PC t h at req u es t s DHCP s erv ed ad d res s es .
Th e fo llo win g s et t in g s are u s ed t o co n fig u re t h e DHCPv 6 s erv er:
 DHCP M o d e: Th e IPv 6 DHCP s erv er is eit h er s t at eless o r s t at efu l. If s t ateless is
s elect ed an ext ern al IPv 6 DHCP s erv er is n o t req u ired as t h e IPv 6 LA N h o s t s
are au t o -co nfig ured b y t h is ro u ter. In t h is case t h e ro u ter ad vertis emen t d aemo n
(RA DVD) mu s t b e co n fig u red o n t h is d ev ice an d ICM Pv 6 ro u t er d is co v ery
mes s ag es are u s ed b y t h e h o s t fo r au t o -co n fig u rat io n . Th ere are n o man ag ed
ad d res ses t o s erv e t h e LA N n o d es. If s t at efu l is s elected t h e IPv 6 LA N h o s t will
rely o n an ext ern al DHCPv 6 s erv er t o p ro v id e req u ired co n fig u rat io n s et t in g s
 Th e d o main n ame o f t h e DHCPv 6 s erv er is an o p t io n al s et t in g
 Serv er Preferen ce is u s ed t o in d icat e t h e p re feren ce lev el o f t h is DHCP s erv er.

DHCP ad v ert is e mes s ag es wit h t h e h ig h es t s erv er p referen ce v alu e t o a LA N
h o s t are p referred o v er o t h er DHCP s erv er ad v ert is e mes s ag es . Th e d efau lt is
255.
 Th e DNS s erv er d et ails can b e man u ally en t ered h ere (p rimary / s eco n d ary
o p t io n s . A n alt ern at iv e is t o allo w t h e LA N DHCP clien t t o receiv e t h e DNS
s erv er d et ails fro m t h e ISP d irect ly . By s elect in g Us e DNS p ro xy , t h is ro u t er
act s as a p ro xy fo r all DNS req u es t s an d co mmu n icat es wit h t h e ISP’s DNS
s erv ers (a W A N co n fig u ra t io n p aramet er).
 Primary an d Seco n d ary DNS s erv ers : If t h ere is co n fig u red d o main n ame
s y s t em (DNS) s erv ers av ailab le o n t h e LA N en t er t h e IP ad d res s es h ere.
 Leas e/ Reb in d t ime s et s t h e d uratio n o f t h e DHCPv 6 leas e fro m t h is ro u t er to the

LA N clien t .
IPv6 Address Pools

Th is feat u re allo ws y o u t o d efin e t h e IPv 6 d eleg at io n p refix fo r a ran g e o f IP
ad d res ses t o b e s erv ed b y t h e g at eway ’s DHCPv 6 s erv er . Us in g a d eleg at io n p refix
y o u can au t omat e t he p ro cess o f in fo rmin g o t h er n et workin g eq uip men t o n t h e LA N
o f DHCP in fo rmat io n s p ecific fo r t h e as s ig n ed p refix.
Prefix Delegation
Th e fo llo win g s et t in g s are u s ed t o co n fig u re t h e Prefix Deleg at io n :
 Prefix Deleg at io n : Select t h is o p t io n t o en ab le p refix d eleg at io n in DHCPv 6

s erv er. Th is o p t io n can b e s elect ed o n ly in St at eles s A d d res s A u t o
Co n fig u rat io n mo d e o f DHCPv 6 s erv er.
20
 Prefix A d d res s : IPv 6 p refix ad d res s in t h e DHCPv 6 s erv er p refix p o o l
 Prefix Len g t h : Len g t h p refix ad d res s
2.1.4 Configuring IPv 6 Router Adv ertisements

Ro u t er A d v ertis emen ts are an alo go us t o IPv 4 DHCP as s ig nmen ts fo r LA N clien t s , in
t h at t h e ro u t er will as s ig n an IP ad d res s an d s u p p o rt in g n et wo rk in fo rmat io n t o
d ev ices t hat are co n fig ured t o accept s uch d etails. Ro u t er A dv ert isemen t is req u ired
in an IPv 6 n et wo rk is req u ired fo r s t at eless au to con fig u rat io n o f t h e IPv 6 LA N. By
co n fig u rin g t he Ro u ter A d vertisemen t Daemo n o n t h is ro u ter, t h e DSR will lis t en o n
t h e LA N fo r ro u t er s o licit at io n s an d res p o n d t o t h es e LA N h o s t s wit h ro u t er
ad v is emen t s .
RADVD
Advanced > IPv6 > IPv6 LAN > Router Advertisement

To s u p p ort s tateless IPv 6 au t o co nfig uratio n o n t h e LA N, s et t h e RA DVD s t at u s t o
En ab le. Th e fo llo win g s et t in g s are u s ed t o co n fig u re RA DVD:
 A d v ert ise M o de: Select Un solicit ed M u lt icast t o send ro ut er ad v ert is emen t s
(RA ’s ) t o all in t erfaces in t h e mu lt icas t g ro u p . To res t rict RA ’s t o well-
kn o wn IPv 6 ad d res s es o n t h e LA N, an d t h ereb y red u ce o v erall n et wo rk
t raffic, s elect Un icas t o n ly .
 A d v ert ise In t erv al: W h en ad vert isemen ts are u n s o licit ed mu lt icas t p acket s ,
t h is in t erv al s et s t h e maximu m t ime b et ween ad v ert is emen t s fro m t h e
in t erface. Th e act u al d u rat io n b et ween ad v ert is emen t s is a ran d o m v alu e
b et ween o n e t h ird o f t h is field an d t h is field . Th e d efau lt is 30 s eco n d s .
 RA Flag s : Th e ro u t er ad vertis emen ts (RA ’s ) can b e s en t wit h o n e o r b o t h o f

t h es e flag s. Ch o se M an ag ed t o u s e t h e ad min is t ered / s t a t efu l p ro t o co l fo r
ad d res s au t o co n fig u rat io n . If t h e Ot h er flag is s elect ed t h e h o s t u s es
ad min is t ered / s t at efu l p ro t o co l fo r n o n -ad d res s au t o co n fig u rat io n .
 Ro u t er Preferen ce : t h is lo w/ med iu m/ h ig h p aramet er d et ermin es t h e

p referen ce asso ciat ed wit h t h e RA DVD p ro ces s o f t h e ro u t er. Th is is u s efu l
if t h ere are o t h er RA DVD en ab led d ev ices o n t h e LA N as it h elp s av o id
co n flict s fo r IPv 6 clien t s .
 M TU: Th e ro u t er ad v ert is emen t will s et t h is maximu m t ran s mis s io n u n it

(M TU) v alu e fo r all n o d es in t h e LA N t h at are au t o co n fig ured b y t he ro uter.
Th e d efau lt is 1500.
 Ro u t er Lifet ime : Th is v alu e is p res en t in RA ’s an d in d icat es t h e u s efu ln es s

o f t h is ro u t er as a d efau lt ro u t er fo r t h e in t erface. Th e d efau lt is 3600
21
s eco n ds. Up o n exp irat io n o f t h is v alu e, a n ew RA DVD exch an g e mu s t t ake

p lace b et ween t h e h o s t an d t h is ro u t er.
Figure 5 : Configu ri ng the Route r Adve rtis e me nt Dae mon
Advertisement Prefixes
Advanced > IPv6 > IPv6 LAN > Advertisement Prefixes

Th e ro u t er ad v ert isemen ts co nfig ured wit h ad v ert is emen t p refixes allo w t h is ro u t er
t o in fo rm h o s t s h o w t o p erfo rm s t at eles s ad d res s au t o co n fig u rat io n . Ro u t er
ad v ert is emen ts co n t ain a lis t o f s u b n et p refixes t h at allo w t h e ro u t er t o d et ermin e
n eig h b o u rs an d wh et h er t h e h o s t is o n t h e s ame lin k as t h e ro u t er .
Th e fo llo win g p refix o p t io n s are av ailab le fo r t h e ro u t er ad v ert is emen t s :
 IPv 6 Prefix Ty p e : To en s u re h o s t s s u p p o rt IPv 6 t o IPv 4 t u n n el s elect t h e
6t o 4 p refix t y p e. Select in g Glo b al/ Lo cal/ ISA TA P will allo w t h e n o d es t o
s u p p o rt all o t h er IPv 6 ro u t in g o p t io n s
 SLA ID: Th e SLA ID (Sit e -Lev el A g g reg at io n Id en t ifier) is av ailab le wh en

6t o 4 Prefixes are s elect ed . Th is s h o u ld b e t h e in t erface ID o f t h e ro u t er’s
LA N in t erface u s ed fo r ro u t er ad v ert is emen t s .
22
 IPv 6 Prefix: W h en u s ing Glo b al/ Lo cal/ISA TAP p refixes , t h is field is u s ed to

d efin e t h e IPv 6 n et wo rk ad v ert is ed b y t h is ro u t er.
 IPv 6 Prefix Len g t h : Th is v alu e in d icat e s t h e n u mb er co n t ig u o u s , h ig h er

o rd er b it s o f t h e IPv 6 ad d res s t h at d efin e u p t h e n et wo rk p o rt io n o f t h e
ad d res s . Ty p ically t h is is 64.
 Prefix Lifet ime: Th is d efin es t h e d u rat io n (in s eco n d s ) t h at t h e req u es t in g

n o d e is allo wed t o u s e t h e adv ert is ed p refix. It is an alo g o u s t o DHCP leas e
t ime in an IPv 4 n et wo rk.
Figure 6 : IPv6 Adve rtis e me nt Pre fix s e ttings
2.2 VLAN Configuration

Th e ro u t er s u p p o rt s v irt u al n et wo rk is o lat io n o n t h e LA N wit h t h e u s e o f VLA Ns .
LA N d ev ices can b e co n fig u red t o co mmu n icat e in a s u b n et wo rk d efin ed b y VLA N
id en t ifiers . LA N p o rt s can b e as s ig n ed u n iq u e VLA N IDs s o t h at t raffic t o an d fro m
t h at p h y s ical p o rt can b e is o lat ed fro m t h e g en eral LA N. VLA N filt erin g is
p art icu larly u s efu l t o limit b ro ad cas t p acket s o f a d ev ice in a larg e n et wo rk
VLA N s u p p ort is d is abled b y d efault in t h e ro u ter. In t h e VLA N Co n fig u rat io n p ag e,
en ab le VLA N s u p po rt o n t h e ro u ter a n d t h en p ro ceed t o t he n ext s ectio n t o d efin e t h e
v irt u al n et wo rk.
Setup > VLAN Settings > Available VLAN

Th e A v ailab le VLA N p ag e s h o ws a lis t o f co n fig ured VLA Ns b y n ame an d VLA N ID.
A VLA N memb ers h ip can b e creat ed b y clickin g t h e A d d b u t t o n b elo w t h e Lis t o f
A v ailab le VLA Ns .
A VLA N memb ers h ip en t ry co n s is t s o f a VLA N id en t ifier an d t h e n u merical VLA N
ID wh ich is as s ig n ed t o t h e VLA N memb ers h ip . Th e VLA N ID v alu e can b e an y
23
n u mb er fro m 2 t o 4091. VLA N ID 1 is res erv ed fo r t h e d efau lt VLA N, wh ich is u s e d

fo r u n t ag ged frames receiv ed o n t h e in t erface. By en ab lin g In t er VLA N Ro u t in g , y o u
will allo w t raffic fro m LA N h o s ts b elo ng ing t o t his VLA N ID t o p as s t h roug h t o o ther
co n fig u red VLA N IDs t h at h av e In t er VLA N Ro u t in g en ab led .
Figure 7 : Adding VLAN me mbe rs hips to the LAN
2.2.1 Associating VLANs to ports

In o rd er t o t ag all t raffic t h ro u g h a s p ecific LA N p o rt wit h a VLA N ID, y o u can
as s o ciat e a VLA N t o a p h y s ical p o rt .
Setup > VLAN Settings > Port VLAN

VLA N memb ers h ip p ro p ert ies fo r t h e LA N an d wireles s LA N are lis t ed o n t h is page.
Th e VLA N Po rt t ab le d is p lay s t he p o rt id en tifier, t h e mo d e s ett ing fo r t h at p o rt an d
VLA N memb ers h ip in fo rmat io n . Th e co n fig u rat io n p ag e is acces s ed b y s elect in g
o n e o f t h e fo u r p h y s ical p o rt s o r a co n fig u r ed acces s p o in t an d clickin g Ed it .
Th e ed it p ag e o ffers t h e fo llo win g co n fig u rat io n o p t io n s :
 M o d e: Th e mo d e o f t h is VLA N can b e Gen eral, A cces s , o r T ru n k. Th e
d efau lt is acces s .
 In Gen eral mo d e t h e p o rt is a memb er o f a u s er s elect ab le s et o f VLA Ns .

Th e p o rt s en ds an d receiv es d at a t h at is t ag g ed o r u n t ag g ed wit h a VLA N
ID. If t h e d at a in t o t h e p ort is u n tagged, it is as sig n ed t h e d efin ed PVID. In
t h e co n fig u rat io n fro m Fig u re 4, Po rt 3 is a Gen eral p o rt wit h PVID 3, s o
u n t ag ged d at a in t o Po rt 3 will b e as s ig ned PVID 3. A ll t ag g ed d ata s ent o u t
o f t h e p o rt wit h t h e s ame PVID will b e u n t ag ged. Th is is mo d e is t y p ically
u s ed wit h IP Ph o n es t h at h ave d ual Et h ern et p o rts. Dat a co min g fro m p h o ne
t o t h e s wit ch p o rt o n t h e ro u t er will b e t ag g ed . Dat a p as s in g t h ro u g h t h e
p h o n e fro m a co n n ect ed d ev ice will b e u n t ag g ed .
24
Figure 8 : Port VLAN lis t
 In A cces s mo d e t h e p o rt is a memb er o f a s in g le VLA N (an d o n ly o n e). A ll

d at a g o in g in t o an d o u t o f t h e p o rt is u n t ag g ed . Traffic t h ro u g h a p o rt in
acces s mo d e lo o ks like an y o t h er Et h ern et frame.
 In Tru n k mo d e t h e p o rt is a memb er o f a u s er s elect ab le s et o f VLA Ns . A ll

d at a g o in g in t o an d o u t o f t h e p o rt is t ag ged. Un t agged co min g in t o t he p o rt
is n o t fo rward ed , excep t fo r t h e d efau lt VLA N wit h PVID=1, wh ich is
u n t ag ged. Tru n k p o rt s mu lt ip lex t raffic fo r mu lt ip le VLA Ns o v er t h e s ame
p h y s ical lin k.
 Select PVID fo r t h e p o rt wh en t h e Gen eral mo d e is s elect ed .
 Co n fig u red VLA N memb ers h ip s will b e d is p lay ed on t h e VLA N

M emb ers h ip Co n fig u rat io n fo r t h e p o rt . By s elect in g o n e mo re VLA N
memb ers h ip o p t io n s fo r a Gen eral o r Tru n k p o rt , t raffic can b e ro u t ed
b et ween t h e s elect ed VLA N memb ers h ip IDs
25
Figure 9 : Configu ri ng VLAN me mbe rs hip for a port
2.2.2 Multiple VLAN Subnets
Setup > VLAN Settings > Multi VLAN Settings

Th is p ag e s ho ws a lis t o f av ailab le mu lt i-VLA N s u b n ets. Each co n fig u red VLA N ID
can map d irect ly t o a s u b n et wit h in t h e LA N. Each LA N p o rt can b e as s ig n ed a
u n iq u e IP ad d ress an d a VLA N s p ecific DHCP s erv er can b e co nfig ured t o ass ig n IP
ad d res s leas es t o d ev ices o n t h is VLA N.
VLAN ID: Th e PVID o f t h e VLA N t h at will h av e all memb er d ev ices b e p art o f t h e

s ame s u b n et ran g e.
IP Addres s : Th e IP ad d res s as s o ciat ed wit h a p o rt as s ig n ed t h is VLA N ID.
S ubnet Mas k : Su b n et M as k fo r t h e ab o v e IP A d d res s
26
Figure 10 : M ultiple VLAN Subne ts
2.2.3 VLAN configuration
Setup > VLAN Settings > VLANconfiguration

Th is p ag e allo ws en ab lin g o r d is ab lin g t h e VLA N fu n ct io n o n t h e ro u t er. Virt u al
LA Ns can b e creat ed in t h is ro ut er t o p ro vid e seg men t at io n cap ab ilit ies fo r firewall
ru les an d VPN p o licies . Th e LA N n et wo rk is co n s id ered t h e d efau lt VLA N. Ch eck
t h e En ab le VLA N b o x t o ad d VLA N fu n ct io n alit y t o t h e LA N.
27
Figure 11 : VLAN Configu rat ion
2.3 Configurable Port: DMZ Setup

 DSR-150/ 150N/ 250/ 250N d o es n o t h av e a co n fig u rab le p o rt – t h ere is n o DM Z
s u p p o rt .
Th is ro u t er s up port s o ne o f t h e p hy sical p o rt s t o b e co n fig u red as a s eco n d ary W A N

Et h ern et p o rt o r a d ed icated DM Z p o rt . A DM Z is a s u b n et wo rk t h at is o p en t o t h e
p u b lic b u t b eh ind t h e firewall. Th e DM Z ad d s an ad d it io n al lay er o f s ecu rit y t o t h e
LA N, as s p ecific s erv ices/p ort s t h at are exp o s ed t o t h e in t ern et o n t h e DM Z d o n o t
h av e t o b e exp o s ed o n t he LA N. It is reco mmen d ed t h at h osts t h at mu s t b e exp o sed t o
t h e in t ern et (s u ch as web o r email s erv ers ) b e p laced in t h e DM Z n et wo rk. Firewall
ru les can b e allo wed t o p ermit acces s s p ecific s erv ices / p o rt s t o t h e DM Z fro m b o t h
t h e LA N o r W A N. In t h e ev en t o f an at t ack t o an y o f t h e DM Z n o d es , t h e LA N is n o t
n eces s arily v u ln erab le as well.
Setup > DMZ Setup > DMZ Setup Configuration

DM Z co n fig u ratio n is id en tical t o t h e LA N co n fig u ratio n. Th ere are n o rest rictio ns on
t h e IP ad d res s o r s u bnet as sign ed t o t h e DM Z p o rt , o t h er t h an t h e fact t h at it can n o t
b e id en t ical t o t h e IP ad d res s g iv en t o t h e LA N in t erface o f t h is g at eway .
28
Figure 12 : DM Z configuratio n
 In o rd er t o co n fig u re a DM Z p o rt , t h e ro u t er’s co n fig u rab le p o rt mu s t b e s et t o

DM Z in t h e Setup > Internet Settings > Configurable Port p ag e.
2.4 Universal Plug and Play (UPnP)

Advanced > Advanced Network > UPnP
Un iv ers al Plu g an d Play (UPn P) is a feat u re t h at allo ws t h e ro u t er t o d is co v ery
d ev ices o n t h e n et wo rk t h at can co mmu n icat e wit h t h e ro u t er an d allo w fo r au t o
co n fig u ratio n . If a n et wo rk d ev ice is d etect ed b y UPn P, t h e ro u t er can o p en in t ern al
o r ext ern al p o rt s fo r t h e t raffic p ro t o co l req u ired b y t h at n et wo rk d ev ice.
On ce UPn P is en ab led , y o u can co n fig u re t h e ro u t er t o d et ect UPn P -s u p p o rt in g
d ev ices o n t h e LA N (o r a co n fig u red VLA N). If d is ab led , t he ro u ter will n o t allo w fo r
au t o mat ic d ev ice co n fig u rat io n .
Co n fig u re t h e fo llo win g s et t in g s t o u s e UPn P:
29
 A d v ert is emen t Perio d : Th is is t h e freq u en cy t h at t h e ro u t er b ro ad cas t s UPn P

in fo rmat io n o v er t h e n et wo rk. A larg e v alu e will min imize n et wo rk t raffic b u t
cau s e d elay s in id en t ify in g n ew UPn P d ev ices t o t h e n et wo rk.
 A d v ert isemen t Time t o Liv e: Th is is exp res s ed in h o p s fo r each UPn P p acket . Th is

is t h e n u mb er o f s t ep s a p acket is allo wed t o p ro p ag at e b efo re b ein g d is card ed .
Small v alu es will limit t h e UPn P b ro ad cas t ran g e. A d efau lt o f 4 is t y p ical fo r
n et wo rks wit h few s wit ch es .
Figure 13 : UPnP Configuratio n
UPn P Po rt map Tab le

Th e UPn P Po rt map Tab le h as t h e d et ails o f UPn P d ev ices t hat res po nd t o t h e ro u ter’s
ad v ert is emen t s . Th e fo llo win g in fo rmat io n is d is p lay ed fo r each d et ect ed d ev ice:
 A ct iv e: A y es /n o in d icatin g wh et her t he p o rt o f t h e UPn P d ev ice t hat es t ab lis h ed a
co n n ect io n is cu rren t ly act iv e
 Pro t o co l: Th e n et wo rk p ro t o co l (i.e. HTTP, FTP, et c.) u s ed b y t h e DSR
 In t . Po rt (In t ern al Po rt ): Th e in t ern al p o rt s o p en ed b y UPn P (if an y )
 Ext . Po rt (Ext ern al Po rt ): Th e ext ern al p o rt s o p en ed b y UPn P (if an y )
 IP A d d res s : Th e IP ad d res s o f t h e UPn P d ev ice d et ect ed b y t h is ro u t er
Click Refres h t o refres h t h e p o rt map t ab le an d s earch fo r an y n ew UPn P d ev ices .
30
2.5 Captive Portal

 DSR-150/ 150N/ 250/ 250N d o es n o t h av e s u p p o rt fo r t h e Cap t iv e Po rt al feat u re.
LA N u s ers can g ain in t ern et acces s v ia web p o rt al au t h en t icat io n wit h t h e DSR.

A ls o referred t o as Ru n -Time A u t h en t icat io n , a Cap t iv e Po rt al is id eal fo r a web
café s cen ario wh ere u sers in it iat e HTTP c o n nectio n req uests fo r web acces s b u t are
n o t in t eres t ed in acces s in g an y LA N s erv ices . Firewall p o licies u n d ern eat h will
d efin e wh ich u s ers req u ire au t h en t icat io n fo r HTTP acces s , an d wh en a mat ch in g
u s er req u est is mad e t h e DSR will in t ercep t t h e req ues t an d p ro mp t fo r a u s ern ame /
p as s word . Th e lo g in cred en t ials are co mp ared ag ain s t t h e Ru n TimeA u t h u s ers in
u s er d at ab as e p rio r t o g ran t in g HTTP acces s .
 Cap t iv e Po rt al is av ailab le fo r LA N u s ers o n ly an d n o t fo r DM Z h o s t s .
Advanced > Captive Portal >Captive Portal Sessions

Th e A ct iv e Ru n t ime in t ern et s essio ns t h rou g h t h e ro u t er’s firewall are lis t ed in t h e
b elo w t ab le. Th es e u s ers are p resent in t h e lo cal o r ext ern al u s er d at ab ase an d h av e
h ad t h eir lo g in cred en t ials ap p ro v ed fo r in t ern et acces s . A ‘Dis co n n ect ’ b u t t o n
allo ws t h e DSR ad min t o s elect iv ely d ro p an au t h en t icat ed u s er.
31
Figure 14 : Active Runtime s e s s ions
2.6 Captive portal setup

Advanced > Captive Portal >Captive Portal Setup
Cap t iv e Po rt al is a s ecu rit y mech an is m t o s elect iv ely p ro v id e au t h en t icat io n o n
cert ain in t erfaces . Th is p ag e allo ws t o man ag e t h e Po licie s an d Pro files o f
Cap t iv ePo rt al.
32
Figure 15 : Captive Portal Se tup
Cap t iv e Po rt al Po licie s : Th e Lis t o f A v ailab le Cap t iv ePo rt al Po licies are s h o wn in

t h is t ab le.
A u t h en t icat io n Ty p e : Th is allo ws in ch o o s in g t h e au t h en t icat io n mo d e, t y p e an d
red irect io n t y p e .
Lis t o f A v ailab le Pro files : A n y o n e o f t h ese p ro files can b e u s ed fo r Cap t iv e Po rt al
Lo g in p ag e wh ile en ab lin g Cap t iv e Po rt al.
33
Figure 16 : Cus tomize d Captive Portal Se tup
Click “A d d ” in t h e Cap t iv e Po rtal s etu p p ag e t o allo w d efin in g cu s t o mized cap t iv e

p o rt al lo g in p ag e in fo rmat io n ( Pag e Backg ro u n d Co lo r, Head er Det ails , Head er
Cap t io n , Lo g in Sect io n Det ails, A d vertis emen t Det ails , Fo o t er Det ails an d Cap t iv e
Po rt al Head er Imag e ).
34
Chapter 3. Connecting to the Internet:

WAN Setup
Th is ro u t er h as t wo W A N p o rt s t h at can b e u s ed t o es t ab lis h a co n n ect io n t o t h e
in t ern et . Th e fo llo win g ISP co n n ect io n t y p es are s u p p o rt ed : DHCP, St at ic, PPPo E,
PPTP, L2TP, 3G In t ern et (v ia USB mo d em).
It is as s u med t h at y o u h av e arran g ed fo r in t ern et s erv ice wit h y o u r In t ern et Serv ice
Pro v id er (ISP). Pleas e co n tact y o ur ISP o r n et wo rk ad min is t rat o r fo r t h e co n fig u rat io n
in fo rmat io n t h at will b e req u ired t o s et u p t h e ro u t er.
3.1 Internet Setup Wizard

Setup > Wizard > Internet
Th e In t ern et Co n nect io n Set u p W izard is av ailab le fo r u s ers n ew t o n et wo rkin g . By
g o in g t h ro ug h a few s t raig ht forward co nfig uratio n p ag es y o u can t ake t h e in fo rmat io n
p ro v id ed b y y o ur ISP t o g et y o u r W A N co nnectio n u p an d en ab le in t ern et acces s fo r
y o u r n et wo rk.
Figure 17 : Inte rne t Conne ction Se tup Wizard
Yo u can s t art u sin g t h e W izard b y lo g g ing in wit h t h e ad min is trato r p as s wo rd fo r t h e

ro u t er. On ce au t hent icat ed s et t h e t ime zo n e t h at y o u are lo cat ed in , an d t h en ch o o s e
t h e t y p e o f ISP co n n ect io n t y p e: DHCP, St at ic, PPPo E, PPTP, L2TP. Dep en d in g o n
t h e co n n ectio n t y p e a u s ername/ passwo rd may b e req u ired t o reg ister t h is ro u t er wit h
t h e ISP. In mo s t cas es t h e d efault s ettin gs can b e u sed if t h e ISP d id n o t s p ecify t h at
p aramet er. Th e las t s tep in t h e W izard is t o click t h e Co n n ect b u t t o n , wh ich co n firms
t h e s et tin gs b y es tab lish ing a lin k wit h t h e ISP. On ce co n n ect ed , y ou can mo v e o n and
co n fig u re o t h er feat u res in t h is ro u t er.
35
 3G In t ern et acces s wit h a USB mo d em is s u p p o rt ed o n W A N 3. Th e In t ern et

Co n n ect io n Set u p W izard as s is t s wit h t h e p rimary W A N p o rt (W A N1)
co n fig u ratio n o n ly .
3.2 WAN Configuration

Setup > Internet Settings > WAN1 Setup
Yo u mu s t eit h er allo w t h e ro u t er t o d et ect W A N co n n ect io n t y p e au t o mat ically o r
co n fig u re man u ally t h e fo llo win g b as ic s et t in g s t o en ab le In t ern et co n n ect iv it y :
 ISP Co n n ect io n t y p e: Bas ed o n t h e ISP y o u h av e s elect ed fo r t h e p rimary W A N
lin k fo r t h is ro u t er, ch o o s e St at ic IP ad d res s , DHCP clien t , Po in t -t o -Po in t
Tu n n elin g Pro t ocol (PPTP), Po in t -t o -Po int Pro t oco l o v er Et h ern et (PPPo E), Lay er
2 Tu n n elin g Pro t o co l (L2TP). Req u ired field s fo r t h e s elect ed ISP t y p e b eco me
h ig h lig h t ed. En t er t h e fo llo win g in fo rmat ion as n eed ed an d as p ro v id ed b y y o u r
ISP:
 PPPo E Pro file Name. Th is men u lis t s co n fig u red PPPo E p ro files , p art icu larly
u s efu l wh en co n fig u rin g mu lt ip le PPPo E co n n ect i o n s (i.e. fo r Jap an ISPs t h at
h av e mu lt ip le PPPo E s u p p o rt ).
 ISP lo g in in fo rmat io n . Th is is req u ired fo r PPTP an d L2TP ISPs .
 Us er Name
 Pas s wo rd
 Secret (req u ired fo r L2TP o n ly )
 M PPE En cry p t io n: Fo r PPTP lin ks , y o u r ISP may req u ire y o u t o en able M icro so ft
Po in t -t o -Po in t En cry p t io n (M PPE).
 Sp lit Tu n n el (s u ppo rted fo r PPTP an d L2TP co n n ectio n). Th is s et tin g allo ws y o u r

LA N h o s t s t o access in t ernet s it es o v er t h is W A N lin k wh ile s t ill p ermit t in g VPN
t raffic t o b e d irect ed t o a VPN co n fig u red o n t h is W A N p o rt .
 If s p lit t u n n el is en abled, DSR wo n ’t exp ect a d efau lt ro u t e fro m t h e ISP s erv er. In
s u ch case, u ser h as t o t ake care o f ro u t ing man u ally b y co nfig u ring t he ro u tin g from
St at ic Ro u t in g p ag e.
 Co n n ect iv it y Ty pe : To keep t h e co n n ect io n alway s o n , click Keep Co n n ect ed . To

lo g o u t aft er t h e co nn ectio n is id le fo r a p erio d o f t ime (u s efu l if y o u r ISP co s t s are
b as ed o n lo g o n t imes ), click Id le Timeo u t an d en t er t h e t ime, in min u t es , t o wait
b efo re d is co n n ect in g in t h e Id le Time field .
36
 M y IP A d d res s : En t er t h e IP ad d res s as s ig n ed t o y o u b y t h e ISP.
 Serv er IP A d d res s : En t er t h e IP ad d res s o f t h e PPTP o r L2TP s erv er.
 DSR-150/ 150N/ 250/ 250N d o es n ’t h av e a d u al W A N s u p p o rt .
3.2.1 W AN Port IP address

Yo u r ISP as s ig n s y o u an IP ad d res s t h at is eit h er d y n amic (n ewly g en erat ed each
t ime y o u lo g in ) o r s t at ic (p erman ent). Th e IP A d d ress So u rce o p t io n allo ws y o u t o
d efin e wh et h er t h e ad d ress is s t at ically p ro v id ed b y t h e ISP o r s h o u ld b e receiv ed
d y n amically at each lo g in . If s t at ic, en t er y o ur IP ad d ress, IPv 4 s u b net mas k, and the
ISP g at eway ’s IP ad d ress. PPTP an d L2TP ISPs als o can p ro v ide a s t at ic IP ad d res s
an d s u b n et t o co n fig u re, h o wev er t h e d efau lt is t o receiv e t h at in fo rmat io n
d y n amically fro m t h e ISP.
3.2.2 W AN DNS Serv ers

Th e IP A d d res s es o f W A N Do main Name Serv ers (DNS) are t y p ically p ro v id ed
d y n amically fro m t h e ISP b u t in s o me cas es y ou can d efin e t h e s tatic IP ad d resses of
t h e DNS s erv ers . DNS s erv ers map In t ern et d o main n ames (examp le:
www.g o o g le.co m) t o IP ad d res s es . Click t o in d icat e wh et h er t o g et DNS s erv er
ad d res s es au t o mat ically fro m y o u r ISP o r t o u s e ISP -s p ecified ad d res s es . If it s
lat t er, en t er ad d res s es fo r t h e p rimary an d s eco n d ary DNS s erv ers . To av o id
co n n ect iv it y p ro b lems , en s u re t h at y o u en t er t h e ad d res s es co rrect ly .
3.2.3 DHCP W AN
Fo r DHCP clien t co n n ect io n s , y o u can ch o o s e t h e M A C ad d res s o f t h e ro u t er t o
reg is t er wit h t h e ISP. In s o me cas es y o u may n eed t o clo n e t h e LA N h o s t ’s M A C
ad d res s if t h e ISP is reg is t ered wit h t h at LA N h o s t .
37
Figure 18 : M anual WAN configuratio n
3.2.4 PPPoE
Setup > Internet Settings
Th e PPPo E ISP s et t in g s are d efin ed o n t h e W A N Co n fig u rat io n p age. Th ere are t wo

t y p es o f PPPo E ISP’s s u p p o rt ed b y t h e DSR: t h e s t an d ard u s ern ame/ p as s wo rd
PPPo E an d Jap an M u lt ip le PPPo E.
38
Figure 19 : PPPoE configuratio n for s tandard ISPs
M o s t PPPo E ISP’s u s e a s in g le co nt rol an d d ata co nnect ion , an d req u ire u s ern ame /
p as s wo rd cred en t ials t o lo g in an d au t h en t icat e t h e DSR wit h t h e ISP. Th e ISP
co n n ect io n t y p e fo r t h is cas e is “PPPo E (Us ern ame/ Pas s wo rd )”. Th e GUI will
p ro mp t y o u fo r au t h en ticatio n, s erv ice, an d co nnect io n s et tin gs in o rd er t o es t ab lis h
t h e PPPo E lin k.
Fo r s o me ISP’s , mo s t p o p u lar in Jap an , t h e u s e o f “ Jap an es e M u lt ip le PPPo E” is
req u ired in o rd er t o es t ablis h co n cu rren t p rimary an d s eco ndary PPPo E co n n ect io n s
b et ween t h e DSR an d t h e ISP. Th e Primary co n n ect ion is u s ed fo r t h e b u lk o f d at a
an d in t ern et t raffic an d t h e Seco n d ary PPPo E co n n ect io n carries ISP s p ecific (i.e.
co n t ro l) t raffic b et ween t h e DSR an d t h e ISP.
39
Figure 20 : WAN configurat io n for Japane s e M ultiple PPPoE (part 1)
Th ere are a few key elemen t s o f a mu lt ip le PPPo E co n n ect io n :

 Primary an d s eco n d ary co n n ect io n s are co n cu rren t
 Each s es sio n h as a DNS s erv er s ou rce fo r d o main n ame lo o ku p , t h is can b e assig ned b y
t h e ISP o r co n fig u red t h ro u g h t h e GUI
 Th e DSR act s as a DNS p ro xy fo r LA N u s ers
 On ly HTTP req u es ts t h at s pecifically id en t ify t h e s econd ary co nnectio n’s d o main n ame
(fo r examp le * .flet s ) will u s e t h e s eco n d ary p ro file t o acces s t h e co n t en t av ailab le
t h ro u g h t h is s econ dary PPPo E t ermin al. A ll o t h er HTTP / HTTPS req u es ts g o t h ro u g h
t h e p rimary PPPo E co n n ect io n .
40
W h en Jap anese mu lt ip le PPPo E is co n fig u red an d s eco ndary con nect ion is u p , so me p red efin ed
ro u t es are ad ded o n t hat in t erface. Th ese ro u tes are n eeded t o access t he in t ern al d o main o f t h e
ISP wh ere h e h o s t s v ario us s erv ices . Th es e ro u t es can ev en b e co n fig u red t h ro u g h t h e s t at ic
ro u t in g p ag e as well.
Figure 21 : WAN configurat io n for M ultiple PPPoE (part 2)
3.2.5 Russia L2TP and PPTP W AN

Fo r Ru s s ia L2TP W A N co n n ect io n s , y o u can ch o o s e t h e ad d res s mo d e o f t h e
co n n ect io n t o g et an IP ad d res s fro m t h e ISP o r co n fig u re a s t at ic IP ad d res s
p ro v id ed b y t h e ISP. Fo r DHCP clien t co n n ect io n s , y o u can ch o o s e t h e M A C
ad d res s o f t h e ro u t er t o reg ist er wit h t h e ISP. In s o me cas es y o u may n eed t o clo n e
t h e LA N h o s t ’s M A C ad d res s if t h e ISP is reg is t er ed wit h t h at LA N h o s t .
41
Figure 22 : Rus s ia L2TP ISP configurat io n
3.2.6 Russia Dual Access PPPoE

Fo r Ru s s ia d u al access PPPo E co n n ectio ns, y o u can ch oose t h e ad dres s mo d e o f t h e
co n n ect io n t o g et an IP ad d res s fro m t h e ISP o r co n fig u re a s t at ic IP ad d res s
p ro v id ed b y t h e ISP.
42
Figure 23 : Rus s ia Dual acce s s PPPoE configuratio n
3.2.7 W AN Configuration in an IPv 6 Network
Advanced > IPv6 > IPv6 WAN1 Config

Fo r IPv 6 W A N co n n ect io n s , t h is ro u t er can h av e a s t at ic IPv 6 ad d res s o r receiv e
co n n ectio n in fo rmat io n wh en co nfig ured as a DHCPv 6 clien t . In t h e cas e wh ere t h e
ISP as s ig n s y o u a fixed ad d res s t o acces s t h e in t ern et , t h e s t at ic co n fig u rat io n
s et t in gs mu s t b e co mp leted. In ad d it ion t o t h e IPv 6 ad d ress as sign ed t o y o u r ro u t er,
t h e IPv 6 p refix len g t h d efin ed b y t h e ISP is n eed ed . Th e d efau lt IPv 6 Gat eway
ad d res s is t h e s erv er at t h e ISP t h at t h is ro u t er will co n n ect t o fo r acces s in g t h e
in t ern et . Th e p rimary an d s eco n d ary DNS s erv ers o n t h e ISP’s IPv 6 n et wo rk are
u s ed fo r res o lvin g in t ernet ad d resses, and t h ese are p ro vid ed alo ng wit h t h e s tat ic IP
ad d res s an d p refix len g t h fro m t h e ISP.
W h en t h e ISP allo ws y o u t o o b t ain t h e W A N IP s et t in g s v ia DHCP, y o u n eed t o
p ro v id e d et ails fo r t h e DHCPv 6 clien t co n fig u rat io n . Th e DHCPv 6 clien t o n t h e
g at eway can b e eit her s tateless o r s t ateful. If a s t at eful clien t is s elected t h e g at eway
will co n n ect t o t h e ISP’s DHCPv 6 s erv er fo r a leas ed ad d res s . Fo r s t at eles s DHCP
43
t h ere n eed n o t b e a DHCPv 6 s erv er av ailab le at t h e ISP, rat h er ICM Pv 6 d is co v er

mes s ag es will o rig in at e fro m t h is g at eway an d will b e u s ed fo r au t o co nfig u rat ion. A
t h ird o p t io n t o s p ecify t h e IP ad d res s an d p refix len g t h o f a p referred DHCPv 6
s erv er is av ailab le as well.
Figure 24 : IPv6 WAN Se tup page
Prefix Deleg at io n : Select t his o pt ion t o req uest ro ut er ad v ert isemen t p refix fro m an y
av ailab le DHCPv 6 s erv ers a vailab le o n t h e ISP, t h e o b tain ed p refix is u p d at ed t o t he
ad v ert is ed p refixes o n t h e LA N s id e. Th is o pt ion can b e s elect ed o n ly in St at es les s
A d d res s A u t o Co n fig u rat io n mo d e o f DHCPv 6 Clien t .
W h en IPv 6 is PPPo E t y p e, t h e fo llo win g PPPo E field s are en ab le d .

 Us ern ame: En t er t h e u s ern ame req u ired t o lo g in t o t h e ISP.
44
 Pas s wo rd : En t er t h e p as s wo rd req u ired t o lo g in t o t h e ISP.
 A u t h ent icat ion Ty pe: Th e t y pe o f A u t hent icatio n in u se b y t he p ro file: A u to -

Neg o t iat e/ PA P/ CHA P/ M S-CHA P/ M S-CHA Pv 2.
 Dh cp v 6 Op t io n s : Th e mo d e o f Dh cp v 6 clien t t h at will s t art in t h is mo d e:

d is ab le d h cpv6/ stateless d hcpv6/ stateful d h cpv 6/st at eless d h cp v6 wit h p refix
d eleg at io n .
 Primary DNS Serv er: En t er a v alid p rimary DNS Serv er IP A d d res s .
 Seco n d ary DNS Serv er: En t er a v alid s eco n d ary DNS Serv er IP A d d res s .
Click Sav e Set t in g s t o s av e y o u r ch an g es .
3.2.8 Checking W AN Status
Setup > Internet Settings > WAN 1 Status

Th e s t at us an d s u mmary o f co n fig u red sett in g s fo r b o t h W A N1 , W A N2 an d W A N3
are av ailab le o n t h e W A N St at us p age. Yo u can v iew t h e fo llo win g key co n n ect io n
s t at u s in fo rmat io n fo r each W A N p o rt :
 Co n n ect io n t ime : Th e co n n ect io n u p t ime
 Co n n ect io n t y p e: Dy n amic IP o r St at ic IP
 Co n n ect io n s tate: Th is is wh et her t h e W AN is co n n ected o r d is con n ect ed t o

an ISP. Th e Lin k St at e is wh et h er t h e p h y s ical W A N co n n ect io n in p lace;
t h e Lin k St at e can b e UP (i.e. cab le in s ert ed ) wh ile t h e W A N Co n n ect io n
St at e is d o wn .
 IP ad d res s / s u b n et mas k: IP A d d res s as s ig n ed
 Gat eway IP ad d res s : W A N Gat eway A d d res s
45
Figure 25 : Conne ction Status inform at io n for both WAN ports
Th e W A N s t at us p age allo ws y ou t o En ab le o r Dis ab le s t at ic W A N lin ks . Fo r W A N

s et t in gs t h at are d y namically receiv ed fro m t h e ISP, y o u can Ren ew o r Releas e t h e
lin k p aramet ers if req u ired .
46
3.3 Bandwidth Controls

Advanced > Advanced Network > Traffic Management > Bandwidth Profiles
Ban d wid t h p ro files allo w y o u t o reg u late t h e t raffic flo w fro m t h e LA N t o W A N 1 o r
W A N 2. Th is is u s efu l t o en s u re t h at lo w p rio rit y LA N u s ers (l ike g u es t s o r HTTP
s erv ice) d o n o t mo n o p o lize t h e av ailab le W A N’s b an d wid t h fo r co s t -s av in g s o r
b an d wid t h -p rio rit y -allo cat io n p u rp o s es .
Ban d wid t h p ro files co nfig uratio n co nsis ts o f en ab lin g t h e b an d wid t h co n t ro l feat u re
fro m t h e GUI an d ad d in g a p ro file wh ich d efin es t h e co n t ro l p aramet ers . Th e p ro file
can t h en b e asso ciat ed wit h a t raffic s electo r, so t h at b an dwid th p ro file can b e ap p lied
t o t h e t raffic mat ch in g t h e s elect o rs . Select o rs are elemen t s like IP ad d res s es o r
s erv ices t h at wo u ld t rig g er t h e co n fig u red b an d wid t h reg u lat io n .
Figure 26 : Lis t of Configure d B andwi dt h Profile s
To creat e a n ew b an d wid t h p ro file, click A d d in t h e Lis t o f Ban d wid t h Pro files . Th e

fo llo win g co n fig u rat io n p aramet ers are u s ed t o d efin e a b an d wid t h p ro file:
 Pro file Name: Th is id en t ifier is u s ed t o as s o ciat e t h e co n fig u red p ro file t o t h e
t raffic s elect o r
 Yo u can ch o o s e t o limit t h e b an d wid t h eit h er u s in g p rio rit y o r rat e.
 If u s in g p rio rit y “Lo w” , “Hig h ”, an d “ M ed iu m” can b e s elect ed . If t h ere

is a lo w p rio rit y p ro file as s o ciat ed wit h t raffic s elect o r A an d a h ig h
p rio rit y p ro file as s o ciat ed wit h t raffic s elect o r B, t h en t h e W A N
b an d wid t h allo cat io n p referen ce will b e t o t raffic s elect o r B p acket s .
47
 Fo r fin er co n t ro l, t h e Rat e p ro file t y pe can b e u s ed . W it h t h is o p t io n t h e

min imu m an d maximu m b an d wid t h allo wed b y t h is p ro file can b e limit ed .
 Ch o o s e t h e W A N in t erface t h at t h e p ro file s h o u ld b e as s o ciat ed wit h .
Figure 27 : B andwid t h Profile Configurat io n page
Advanced > Advanced Network > Traffic Management > Traffic Selectors
On ce a p ro file h as b een creat ed it can t h en b e as s o ciat ed wit h a t raffic flo w fro m t h e
LA N t o W A N. To creat e a t raffic s elect o r, click A d d o n t h e Traffic Select o rs p ag e.
Traffic s elect or co n fig uratio n b in d s a b an d wid t h p ro file t o a t y p e o r s o u rce o f LA N
t raffic wit h t h e fo llo win g s et t in g s :
 A v ailab le p ro files : A s s ig n o n e o f t h e d efin ed b an d wid t h p ro file s
 Serv ice: Yo u can h av e t h e s elect ed b an d wid t h reg u lat io n ap p ly t o a s p ecific

s erv ice (i.e. FTP) fro m t h e LA N. If y o u d o n o t s ee a s ervice t h at y ou wan t , y o u
can co n fig u re a cu sto m s erv ice t h rou gh t h e Advanced > Firewall Settings >
Custom Services p age. To h ave t h e p ro file ap p ly t o all s erv ices , s elec t A NY.
 Traffic Select o r M at ch Ty p e: t h is d efin es t h e p aramet er t o filt er ag ain s t wh en
ap p ly in g t h e b an d wid t h p ro file. A s p ecific mach in e o n t h e LA N can b e
id en t ified v ia IP ad d res s o r M A C ad d res s , o r t h e p ro file can ap p ly t o a LA N
p o rt o r VLA N g ro u p . A s well a wireles s n et wo rk can b e s elect ed b y it s BSSID
fo r b an d wid t h s h ap in g .
48
Figure 28 : Traffi c Se le ctor Configu rat io n
3.4 Features with Multiple WAN Links

Th is ro u t er s u p p o rt s mu lt ip le W A N lin ks . Th is allo ws y o u t o t ake ad v an t ag e o f
failo v er an d lo ad b alan cing featu res t o en sure certain in t ern et d epend en t s erv ices are
p rio rit ized in t h e ev en t o f u n s t ab le W A N co n n ect iv it y o n o n e o f t h e p o rt s .
Setup > Internet Settings > WAN Mode

To u s e A u t o Failo v er o r Lo ad Balan cin g , W A N lin k failu re d et ect io n mu s t b e
co n fig u red. Th is in v olv es accessin g DNS s erv ers o n t h e in t ern et o r p in g t o an in t ernet
ad d res s (u s er d efin ed ). If req u ired , y o u can co n fig u re t h e n u mb er o f ret ry at t emp t s
wh en t h e lin k s eems t o b e d is con nect ed o r t h e t h reshold o f failu res t h at d et ermin es if
a W A N p o rt is d o wn .
3.4.1 Auto Failov er

In t h is cas e o n e o f y o u r W A N p o rt s is as s ig n ed as t h e p rimary in t ern et lin k fo r all
in t ern et t raffic. Th e s econ dary W A N p o rt is u s ed fo r red un dancy in cas e t h e p rimary
lin k g o es d o wn fo r an y reaso n . Bo t h W A N p o rt s (p rimary an d s eco n d ary ) mu s t b e
co n fig u red t o co n n ect t o t h e res p ect iv e ISP’s b efo re en ab lin g t h is feat u re. Th e
s eco n d ary W A N p o rt will remain u n co n n ect ed u n t il a failu re is d et ect ed o n t h e
p rimary lin k (eit h er p o rt can b e as sign ed as t h e p rimary ). In t h e ev en t o f a failu re o n
t h e p rimary p o rt , all in t ern et t raffic will b e ro lled o v er t o t h e b acku p p o rt . W h en
co n fig u red in A u t o Failo v er mo d e, t h e lin k s t at u s o f t h e p rimary W A N p o rt is
ch ecked at reg u lar in t erv als as d efin ed b y t h e failu re d et ect io n s et t in g s .
49
No t e t h at b o th W AN1, W A N2 an d W A N3 can b e co nfig ured as t h e p rimary in t ern et

lin k.
 A u t o -Ro llo v er u s in g W A N p o rt
 Primary W A N: Select ed W A N is t h e p rimary lin k ( W A N1/ W A N2/ W A N3)
 Seco n d ary W A N: Select ed W A N is t h e s eco n d ary lin k.
Failo v er Det ect io n Set tin gs: To ch eck co nn ectiv it y o f t h e p rimary in t ern et lin k, o n e
o f t h e fo llo win g failu re d et ect io n met h o d s can b e s elect ed :
 DNS lo o ku p u s in g W A N DNS Serv ers : DNS Lo o ku p o f t h e DNS Serv ers o f
t h e p rimary lin k are u s ed t o d et ect p rimary W A N co n n ect iv it y .
 DNS lo o ku p u s in g DNS Serv ers : DNS Lo o ku p o f t h e cu s t o m DNS Serv ers
can b e s p ecified t o ch eck t h e co n n ect iv it y o f t h e p rimary lin k.
 Pin g t h es e IP ad d res s es : Th es e IP's will b e p in g ed at reg u lar in t erv als t o
ch eck t h e co n n ect iv it y o f t h e p rimary lin k.
 Ret ry In t erv al is : Th e n u mb er t ells t h e ro u t er h o w o ft en it s h o u ld ru n t h e
ab o v e co n fig u red failu re d et ect io n met h o d .
 Failo v er aft er: Th is s et s t h e n u mb er o f ret ries aft er wh ich failo v er is
in it iat ed .
3.4.2 Load Balancing

Th is feat u re allo ws y o u t o u se mu lt ip le W A N lin ks (an d p res u mab ly mu lt ip le ISP’s )
s imu lt an eo u s ly . A ft er co n fig u rin g mo re t h an o n e W A N p o rt , t h e lo ad b alan cin g
o p t io n is av ailab le t o carry t raffic o v er mo re t h an o n e lin k. Pro t o co l b in d in g s are
u s ed t o s eg reg at e an d as s ig n s erv ices o v er o n e W A N p o rt in o rd er t o man ag e
in t ern et flo w. Th e co n fig ured failu re d et ect ion met h od is u sed at reg ular in t erv als on
all co n fig u red W A N p o rt s wh en in Lo ad Balan cin g mo d e.
DSR cu rren t ly s u p p o rt t h ree alg o rit h ms fo r Lo ad Bal an cin g :
Round Robi n: Th is alg o rit h m is p art icu larly u s efu l wh en t h e co n n ect io n s p eed o f
o n e W A N p o rt g reat ly d iffers fro m an o t h er. In t h is cas e y o u can d efin e p ro t o co l
b in d in g s t o ro u t e lo w-lat en cy s erv ices (s u ch as VOIP) o v er t h e h ig h er -s p eed lin k
an d let lo w-v o lu me b ackg ro u nd t raffic (s u ch as SM TP) g o o v er t h e lo wer s p eed lin k.
Pro t o co l b in d in g is exp lain ed in n ext s ect io n .
S pi l l Over : If Sp ill Ov er met h o d is s elect ed , W A N1 act s as a d ed icat ed lin k t ill a
t h res h old is reached. A ft er t h is , W A N2 will b e u s e d fo r n ew co n n ect io n s . Yo u can
co n fig u re s p ill-o v er mo d e b y u s in g fo llo win g o p t io n s :
 Lo ad To leran ce: It is t h e p ercen t ag e o f b an d wid t h aft er wh ich t h e ro u t er
s wit ch es t o s eco n d ary W A N.
 M ax Ban d wid t h : Th is s et s t h e maximu m b an d wid t h t o lerab le b y t h e p rimary
W A N.
If t h e lin k b an d wid t h g o es ab o v e t h e lo ad t o leran ce v alu e o f max b an d wid t h , t h e
ro u t er will s p ill-o v er t h e n ext co n n ect io n s t o s eco n d ary W A N.
Fo r examp le, if t h e maximu m b an d wid t h o f p rimary W A N is 1 Kb p s an d t h e lo ad
t o leran ce is s et t o 70. No w ev ery t ime a n ew co n n ect io n is es t ab lis h ed t h e
b an d wid t h in creases. A ft er a cert ain n u mb er o f co n nect ions s ay b an d wid t h reach ed
50
70% o f 1Kb p s , t h e n ew co n n ect io n s will b e s p illed -o v er t o s eco n d ary W A N. Th e

maximu m v alu e o f lo ad t o leran ce is 80 an d t h e leas t is 20.
Protocol B i ndi ng s : Refer Sect io n 3.4.3 fo r d et ails
Lo ad b alan cin g is p art icularly u sefu l wh en t h e co n n ect io n s p eed o f o n e W A N p o rt
g reat ly d iffers fro m an o t h er. In t h is case y o u can d efin e p ro t o co l b in d in g s t o ro u t e
lo w-lat en cy s ervices (s uch as VOIP) o v er t h e h ig h er -s p eed lin k an d let lo w-v o lu me
b ackg ro u n d t raffic (s u ch as SM TP) g o o v er t h e lo wer s p eed lin k.
51
Figure 29 : Load B alancing is available whe n multiple WAN ports are

configure d and Protocol B indings have be e n de fine d
3.4.3 Protocol Bindings
Advanced > Routing > Protocol Bindings

Pro t o co l b in d in gs are req uired wh en t h e Lo ad Balan cin g feat ure is in u s e. Ch o o s in g
fro m a lis t o f co n fig u red s erv ices o r an y o f t h e u s er-d efin ed s erv ices , t h e t y p e o f
t raffic can b e as s ig n ed t o g o o v er o n ly o n e o f t h e av ailab le W A N p o rt s . Fo r
in creas ed flexib ilit y t h e s o u rce n et work o r mach in es can b e s p ecified as well as t h e
d es t in at io n n et wo rk o r mach in es . Fo r examp le t h e VOIP t raffic fo r a s et o f LA N IP
ad d res ses can b e assig ned t o o n e W A N an d an y VOIP t raffic fro m t h e remain in g IP
52
ad d res s es can b e as s ig n ed t o t h e o t h er W A N lin k. Pro t o co l b in d in g s are o n ly

ap p licab le wh en lo ad b alan cin g mo d e is en ab led an d mo r e t h an o n e W A N is
co n fig u red .
Figure 30 : Protocol binding s e tup to as s ociate a s e rvice and/or LAN
s ource to a WAN and/or de s tination ne twork
3.5 Routing Configuration

Ro u t in g b et ween t h e LA N an d W A N will imp act t h e way t h is ro u t er h an d les t raffic
t h at is receiv ed o n an y o f it s p h ysical in t erfaces. Th e ro u t in g mo d e o f t h e g at eway is
co re t o t h e b eh av io u r o f t h e t raffic flo w b et ween t h e s ecu re LA N an d t h e in t ern et .
3.5.1 Routing Mode
Setup > Internet Settings > Routing Mode

Th is d ev ice s u p p o rt s clas s ical ro u t in g , n et wo rk ad d res s t ran s lat io n (NA T), an d
t ran s p o rt mo d e ro u t in g .
 W it h clas s ical ro u t ing , d evices o n t h e LA N can b e d irect ly acces s ed fro m t h e
in t ern et b y t heir p u b lic IP ad d resses (as sumin g ap pro priat e firewall s et t in gs). If
y o u r ISP h as as s ig n ed an IP ad d res s fo r each o f t h e co mp u t ers t h at y o u u s e,
s elect Clas s ic Ro u t in g .
53
 NA T is a t ech n iq u e wh ich allo ws s ev eral co mp u t ers o n a LA N t o s h are an

In t ern et co n n ect io n . Th e co mp u t ers o n t h e LA N u s e a " p riv at e" IP ad d res s
ran g e wh ile t h e W A N p o rt o n t h e ro u ter is co n figu red wit h a s in g le " p u b lic" IP
ad d res s. A lo ng wit h co n nectio n s harin g, NA T als o h id es in t ern al IP ad d res s es
fro m t h e co mp u t ers o n t h e In t ern et . NA T is req u ired if y o u r ISP h as as s ig n ed
o n ly o n e IP ad d res s t o y o u. Th e co mp u te rs t hat co n nect t h ro u g h t h e ro u t er will
n eed t o b e as s ig n ed IP ad d res s es fro m a p riv at e s u b n et .
 Tran s p aren t ro u t in g b et ween t h e LA N an d W A N d o es n o t p erfo rm NA T.

Bro ad cas t an d mu lt icast p ackets t h at arriv e o n t h e LA N in t erface are s wit ch ed
t o t h e W A N an d v ice v ers a, if t h ey d o n o t g et filt ered b y firewall o r VPN
p o licies . To main t ain t h e LA N an d W A N in t h e s ame b ro ad cas t d o main s elect
Tran s p aren t mo d e , wh ich allo ws b rid g ing o f t raffic fro m LA N t o W A N an d v ice
v ers a, excep t fo r ro u t er-t ermin at ed t raffic an d o t h er man ag emen t t raffic . A ll
DSR feat u res (su ch as 3G mo d em s u p p o rt ) are s u p p o rt ed in t ran s p aren t mo d e
as s u min g t h e LA N an d W A N are co n fig u red t o b e in t h e s ame b ro ad cas t
d o main .
 NA T ro u t in g h as a feat u re called “NA T Hair -p in nin g” t h at allo ws in t ern al n e t wo rk

u s ers o n t h e LA N an d DM Z t o access in t ern al s erv ers (eg . an in t ern al FTP s erv er)
u s in g t h eir ext ern ally -kn o wn d o main n ame. Th is is als o referred t o as “NA T
lo o p b ack” s ince LA N g en erat ed t raffic is red irect ed t h ro u g h t h e firewall t o reach
LA N s erv ers b y t h eir ext ern al n ame.
54
Figure 31 : Routing M ode is us e d to configure traffic routing be twe e n

WAN and LAN, as we ll as Dynamic routing (RIP)
55
3.5.2 Dynamic Routing (RIP)
 DSR- 150/ 150N/ 250/ 250N d o es n o t s u p p o rt RIP.
Setup > Internet Settings > Routing Mode

Dy n amic ro u t in g u s in g t h e Ro u t in g In fo rmat io n Pro t o co l (RIP) is an In t erio r
Gat eway Pro t o co l (IGP) t h at is co mmo n in LA Ns . W it h RIP t h is ro u t er can exchange
ro u t in g in fo rmat io n wit h o t her s upp orted ro u ters in t h e LA N an d allo w fo r d y n amic
ad ju s t men t o f ro u t in g t ables in o rd er t o ad ap t t o mo d ificat io n s in t h e LA N wit h o u t
in t erru p t in g t raffic flo w.
Th e RIP d irect io n will d efin e h o w t h is ro u t er s en d s an d receiv es RIP p acket s .
Ch o o s e b et ween :
 Bo t h : Th e ro u t er b o t h b ro ad cas t s it s ro u t in g t ab le an d als o p ro ces s es RIP
in fo rmat io n receiv ed fro m o t h er ro u ters. Th is is t h e recommen d ed s et t in g in
o rd er t o fu lly u t ilize RIP cap ab ilit ies .
 Ou t On ly : Th e ro u t er b ro adcasts it s ro u t in g t ab le p erio d ically b u t d o es n o t

accep t RIP in fo rmat io n fro m o t h er ro u t ers .
 In On ly : Th e ro u t er accept s RIP in fo rmat io n fro m o t h er ro u t ers, b u t d o es not

b ro ad cas t it s ro u t in g t ab le.
 No n e: Th e ro u t er n eit h er b ro ad cas t s it s ro u t e t ab le n o r d o es it accep t an y

RIP p acket s fro m o t h er ro u t ers . Th is effect iv ely d is ab les RIP.
 Th e RIP v ers io n is d ep en d en t o n t h e RIP s u p p o rt o f o t h er ro u t in g

d ev ices in t h e LA N.
 Dis ab led : Th is is t h e s et t in g wh en RIP is d is ab led .
 RIP-1 is a clas s -b as ed ro u t in g v ers io n t h at d o es n o t in clu d e s u b n et

in fo rmat io n . Th is is t h e mo s t co mmo n ly s u p p o rt ed v ers io n .
 RIP-2 in clu d es all t h e fu n ct io n alit y o f RIPv 1 p lu s it s u p p o rt s s u b n et

in fo rmat io n . Th o u g h t h e d at a is s en t in RIP -2 fo rmat fo r b o t h RIP-2B an d
RIP-2M , t h e mo d e in wh ich p acket s are s en t is d ifferen t. RIP-2B b ro ad cas t s
d at a in t h e en t ire s u b n et wh ile RIP-2M s en d s d at a t o mu lt icas t ad d res s es .
If RIP-2B o r RIP-2M is t h e s elect ed v ersio n, au th en ticat io n b etween t h is ro u t er an d

o t h er ro u t ers (co n fig u red wit h t h e s ame RIP v ers io n ) is req u ired . M D5
au t h en ticat io n is u sed in a firs t / s eco n d key exch an g e p ro ces s . Th e au t h en t icat io n
key v alid it y lifet imes are co n fig u rab le t o en s u re t h at t h e ro u t in g in fo rmat io n
exch an g e is wit h cu rren t an d s u p p o rt ed ro u t ers d et ect ed o n t h e LA N.
56
3.5.3 Static Routing
Advanced > Routing > Static Routing
Advanced > IPv6 > IPv6 Static Routing

M an u ally ad d ing s tatic ro u tes t o t h is d evice allo ws y o u t o d efin e t h e p at h s elect io n
o f t raffic fro m o n e in t erface t o an o t h er. Th ere is n o co mmu n icat io n b et ween t h is
ro u t er an d o t h er d ev ices t o acco u n t fo r ch an g es in t h e p at h ; o n ce co n fig u red t h e
s t at ic ro u t e will b e act iv e an d effect iv e u n t il t h e n et wo rk ch an g es .
Th e Lis t o f St at ic Ro u t es d is play s all ro u t es t h at h av e b een ad d ed man u ally b y an
ad min is t rat o r an d allo ws s ev eral o p erat io n s o n t h e s t at ic ro u t es . Th e Lis t o f IPv 4
St at ic Ro u t es an d Lis t o f IPv 6 St at ic Ro u t es s h are t h e s ame field s (wit h o n e
excep t io n ):
 Name: Name o f t h e ro u t e, fo r id en t ificat io n an d man ag emen t .
 A ct iv e: Det ermin es wh et her t h e ro u t e is act iv e o r in act iv e. A ro u t e can b e

ad d ed t o t h e t able an d mad e in act ive, if n o t n eeded. Th is allo ws ro u t es t o b e
u s ed as n eeded wit h o ut d eletin g an d re -ad din g t h e en try . A n in activ e ro ute is
n o t b ro ad cas t if RIP is en ab led .
 Priv at e: Det ermin es wh et h er t he ro u te can b e s hared wit h o t her ro u ters wh en

RIP is en ab led . If t h e ro u t e is mad e p riv at e , t h en t he ro u te will n o t b e s h ared
in a RIP b ro ad cas t o r mu lt icas t . Th is is o n ly ap p licab le fo r IPv 4 s t at ic
ro u t es .
 Des t in at io n : t h e ro u t e will lead t o t h is d es t in at io n h o s t o r IP ad d res s .
 IP Su b n et M as k: Th is is v alid fo r IPv 4 n et wo rks o n ly , an d id en t ifies t h e

s u b n et t h at is affect ed b y t h is s t at ic ro u t e
 In t erface: Th e p h ysical n et wo rk in t erface (W A N1, W A N2, W A N3, DM Z o r

LA N), t h ro u g h wh ich t h is ro u t e is acces s ib le.
 Gat eway : IP a d d ress o f t h e g ateway t h ro u g h wh ich t h e d es t in at io n h o s t o r

n et wo rk can b e reach ed .
 M et ric: Det ermin es t h e p rio rit y o f t h e ro u t e. If mu lt ip le ro u t es t o t h e s ame

d es t in at io n exis t , t h e ro u t e wit h t h e lo wes t met ric is ch o s en .
57
Figure 32 : Static route configurat io n fie lds
3.5.4 OSPFv 2
Advanced > Routing > OSPF

OSPF is an in t erio r g at eway p ro t ocol t h at ro u tes In ternet Pro t o col (IP) p acket s s o lely
wit h in a s in g le ro u t ing d omain . It g at h ers lin k s t at e in fo rmat io n fro m av ailab le ro uters
an d co n s t ru ct s a t o p o lo g y map o f t h e n et wo rk.
OSPF v ers io n 2 is a ro u t in g p ro to co l wh ich d es crib ed in RFC2328 - OSPF Vers io n 2.
OSPF is IGP (In t erio r Gat eway Pro t o co ls ).OSPF is wid ely u s ed in larg e n et wo rks
s u ch as ISP b ackb o n e an d en t erp ris e n et wo rks .
58
Figure 33 : OSPFv2 configure d parame te rs
In t erface : Th e p h y s ical n et wo rk in t erface o n wh ich OSPFv 2 is En ab led / Dis ab led .

St at u s : Th is co lu mn d is p lay s t h e En ab le/ Dis ab le s t at e o f OSPFv 2 fo r a p art icu lar
in t erface.
A rea: Th e area t o wh ich t h e in t erface b elo n g s . Two ro u t ers h av in g a co mmo n
s eg men t ; t h eir in t erfaces h av e t o b elo n g t o t h e s ame area o n t h at s eg men t . Th e
in t erfaces s h o u ld b elo n g t o t h e s ame s u b n et an d h av e s imilar mas k.
Prio rit y : Help s t o d et ermin e t h e OSPFv 2 d es ig nated ro u t er fo r a n et wo rk. Th e ro u t er
wit h t h e h ig h es t p rio rit y will b e mo re elig ib le t o b eco me Des ig n at ed Ro u t er. Set t in g
t h e v alu e t o 0, makes t h e ro u t er in elig ib le t o b eco me Des ig n at ed Ro u t er. Th e d efau lt
v alu e is 1.Lo wer v alu e mean s h ig h er p rio rit y .
Hello In t erv al: Th e n u mb er o f s eco n d s fo r Hello In t erv al t imer v alu e . Set t in g t h is
v alu e, Hello p acket will b e s en t ev ery t imer v alu e s eco nds o n t h e s p ecified in t erface.
Th is v alu e mu s t b e t h e s ame fo r all ro u t ers at t ach ed t o a co mmo n n et wo rk. Th e
d efau lt v alu e is 10 s eco n d s .
Dead In t erv al: Th e n u mb er o f s econ ds t h at a d evice’s h ello p acket s mu s t n o t h ave been
s een b efo re it s n eig h b o u rs d eclare t h e OSPF ro u t er d o wn . Th is v alu e mu s t b e t h e
s ame fo r all ro u t ers at tach ed t o a co mmo n n et wo rk. Th e d efau lt v alu e is 40 s eco n d s .
OSPF req u ires t h ese in t erv als t o b e exact ly t h e s ame b et ween t wo n eig h b o u rs . If an y
o f t h es e in t erv als are d ifferen t , t h es e ro u t ers will n o t b eco me n eig h b o u rs o n a
p art icu lar s eg men t
Co s t : Th e co s t o f s en d in g a p acket o n an OSPFv 2 in t erface.
A u t h ent icat ion Ty pe:. Th is co lu mn d is play s t he t y pe o f au t h en t icat io n t o b e u s ed fo r
OSPFv 2.If A u t h en t icat io n t y p e is n o n e t h e in t erface d o es n o t au t h en t icat e o s p f
p acket s . If A u t hent icatio n Ty pe is Simp le t h en o s p f p acket s are au t h en t icat ed u s in g
s imp le t ext key . If A u t h enticatio n Ty p e is M D5 t h en t h e in t erface au t h en t ica t es o s p f
p acket s wit h M D5 au t h en t icat io n .
59
Figure 34 : OSPFv2 configurat io n
3.5.5 OSPFv 3
Advanced > IPv6 > OSPF

Op en Sh o rt es t Pat h Firs t v ers io n 3 (OSPFv 3) s u p p o rt s IPv 6 . To en ab le an OSPFv 3
p ro ces s o n a ro u t er, y o u n eed t o en ab le t h e OS PFv 3 p ro ces s g lo b ally , as s ig n t h e
OSPFv 3 p ro ces s a ro u t er ID, an d en ab le t h e OSPFv 3 p ro ces s o n relat ed in t erfaces
60
Figure 35 : OSPFv3 configure d parame te rs
In t erface: Th e p h y s ical n et wo rk in t erface o n wh ich OSPFv 3 is En ab led / Dis ab led .

St at u s : Th is co lu mn d is p lay s t h e En ab le/ Dis ab le s t at e o f OSPFv 3 fo r a p art icu lar
in t erface.
Prio rit y : Help s t o d et ermin e t h e OSPFv 3 d es ig nated ro u t er fo r a n et wo rk. Th e ro u t er
wit h t h e h ig h es t p rio rit y will b e mo re elig ib le t o b eco me Des i g n at ed Ro u t er. Set t in g
t h e v alu e t o 0, makes t h e ro u t er in elig ib le t o b eco me Des ig n at ed Ro u t er. Th e d efau lt
v alu e is 1.Lo wer Valu e mean s h ig h er p rio rit y .
Hello In t erv al: Th e n u mb er o f s eco n d s fo r Hello In t erv al t imer v alu e. Set t in g t h is
v alu e, Hello p acket will b e s en t ev ery t imer v alu e s eco nds o n t h e s p ecified in t erface.
Th is v alu e mu s t b e t h e s ame fo r all ro u t ers at t ach ed t o a co mmo n n et wo rk. Th e
d efau lt v alu e is 10 s eco n d s .
Dead In t erv al: Th e n u mb er o f s econ ds t h at a d evice’s h ello p acket s mu s t n o t h ave bee n
s een b efo re it s n eig hbo urs d eclare t h e OSPF ro u t er d o wn .This v alue mu s t b e t h e s ame
fo r all ro u t ers at t ach ed t o a co mmo n n et wo rk. Th e d efau lt v alu e is 40 s eco n d s .
OSPF req u ires t h ese in t erv als t o b e exact ly t h e s ame b et ween t wo n eig h b o u rs . If an y
o f t h es e in t erv als are d ifferen t , t h es e ro u t ers will n o t b eco me n eig h b o u rs o n a
p art icu lar s eg men t
Co s t : Th e co s t o f s en d in g a p acket o n an OSPFv 3 in t erface.
61
Figure 36 : OSPFv3 configurat io n
3.5.6 6to4 Tunneling

Advanced > IPv6 > 6to4 Tunneling
6t o 4 is an In t ern et t ran sitio n mech an ism fo r mig rat in g fro m IPv 4 t o IPv 6,
a s y s t em t h at allo ws IPv 6 p acket s t o b e t ran s mit t ed o v er an IPv 4
n et wo rk. Select t h e ch eck b o x t o Enabl e Automati c Tunnel i ng an d
allo w t raffic fro m an IPv 6 LA N t o b e s en t o v er a IP v 4 Op t io n t o reach a
remo t e IPv 6 n et wo rk.
62
Figure 37 : 6 to 4 tunne ling
3.5.7 ISATAP Tunnels

Advanced > IPv6 > 6to4 Tunneling
ISA TA P (In t ra -Sit e A u t o mat ic Tu n n el A d d res s in g Pro t o co l) is an IPv 6

t ran s it io n mech an ism mean t t o t ran smit IPv 6 p acket s b etween d u al-s t ack
n o d es o n t o p o f an IPv 4 n et wo rk. ISA TA P s p ecifies an IPv 6-IPv 4
co mp at ib ilit y ad d res s fo rmat as well as a mean s fo r s it e b o rd er ro u t er
d is co v ery . ISA TAP als o s p ecifies t h e o p erat io n o f IPv 6 o v er a s p ecific
lin k lay er - t h at b ein g IPv 4 u s ed as a lin k lay er fo r IPv 6.
63
Figure 38 : IS ATAP Tunnel s Confi g ura ti o n
ISA TA P Su b n et Prefix: Th is is t h e 64-b it s u b n et p refix t h at is as s ig n ed

t o t h e lo g ical ISA TA P s u bn et fo r t h is in t ranet. Th is can b e o b tained fro m
y o u r ISP o r in t ern et reg is t ry , o r d eriv ed fro m RFC 4193.
En d Po in t A d d ress: Th is is t h e en dpo int ad dress fo r t h e t u nn el t h at s t art s

wit h t h is ro u t er. Th e en d p o in t can b e t h e LA N in t erface (as s u min g t h e
LA N is an IPv 4 n et wo rk), o r a s p ecific LA N IPv 4 ad d res s .
IPv 4 A d d res s : Th e en d p o in t ad d res s if n o t t h e en t ire LA N.
3.6 Configurable Port - WAN Option

Th is ro u t er s up port s o ne o f t h e p hy sical p o rt s t o b e co n fig u red as a s eco n d ary W A N
Et h ern et p o rt o r a d ed icated DM Z p o rt . If t h e p o rt is s elected t o b e a s econ d ary W A N
in t erface, all co n fig u rat io n p ag es relat in g t o W A N2 are en ab led .
3.7 WAN 3 (3G) Configuration

Th is ro u t er s up port s o ne o f t h e p hy sic al p o rt s W AN3 t o b e co n fig ured fo r 3G in t ern et
acces s.
Setup > Internet Settings > WAN 3 Setup

W A N3 co n fig u rat io n fo r t h e 3G USB mo d em is av ailab le o n ly o n W A N 3 in t erface.
Th ere are a few key elemen t s o f W A N 3 co n fig u rat io n .
 Reco n n ect M o d e: Sele ct o n e o f t h e fo llo win g o p t io n s
o A lway s On : Th e co n n ect ion is alway s o n . Us ern ame: En t er t h e u s ern ame

req u ired t o lo g in t o t h e ISP.
64
o On Deman d : Th e co n n ect io n is au t o mat ically en d ed if it is id le fo r a

s p ecified n u mb er o f min u t es . En t er t h e n u mb er o f min u t es in t h e
M aximu m Id le Time field . Th is feat u re is u s efu l if y o u r ISP ch arg es y o u
b as ed o n t h e amo u n t o f t ime t h at y o u are co n n ect ed .
 Pas s wo rd : En t er t h e p as s wo rd req u ired t o lo g in t o t h e ISP.
 Dial Nu mb er: En t er t h e n u mb er t o d ial t o t h e ISP.
 A u t h en t icat io n Pro t o co l: Select o n e o f No n e, PA P o r CHA P A u t h en t icat io n

Pro t o co ls t o co n n ect t o t h e ISP.
 A PN: En t er t h e A PN (A cces s Po in t Name) p ro v id ed b y t h e ISP.
Domai n Name S ys tem (DNS ) S ervers
 Do main n ame s erv ers (DNS) co n v ert In t ern et n ames s u ch as www.d lin k.co m, t o
IP ad d res s es t o ro u t e t raffic t o t h e co rrect res o u rces o n t h e In t ern et . If y o u
co n fig u re y o u r ro u t er t o g et an IP ad d res s d y n amically fro m t h e ISP, t h en y o u
n eed t o s p ecify t h e DNS s erv er s o u rce in t h is s ect io n .
 DNS Serv er So u rce: Ch o o s e o n e o f t h e fo llo win g o p t io n s :
o Get Dy n amically fro m ISP: Ch o o s e t his o pt ion if y o u r ISP d id n o t as s ig n

a s t at ic DNS IP ad d res s .
o Us e Th es e DNS Serv ers : Ch o o se t his o pt ion if y o u r ISP as s ig n ed a s t at ic

DNS IP ad d res s fo r y o u t o u s e. A ls o co mp let e t h e field s t h at are
h ig h lig h t ed wh it e in t h is s ect io n .
o Primary DNS Serv er: En t er a v alid p rimary DNS Serv er IP A d d res s .
o Seco n d ary DNS Serv er: En t er a v alid s eco n d ary DNS Serv er IP A d d res s .
 Co n fig u rab le Po rt : Th is p age allo ws y ou t o as sig n t h e fu n ct io n alit y in t en d ed fo r

t h e Co n fig u rab le Po rt . Ch o o s e fro m t h e fo llo win g o p t io n s :
o W A N: If t h is o p t io n is s elect ed , co n fig u re t h e W A N 3. Th e W A N M o d e
o p t io n s are n o w av ailab le as t h ere are t wo W A N p o rt s fo r t h e g at eway .
o DM Z: If t h is o p t io n is s elect ed , y o u are ab le t o co n fig u re t h e DM Z p o rt

o n t h e DM Z Co n fig u rat io n men u .
Click Sav e Set t in g s t o s av e y o u r ch an g es .
Click Do n 't Sav e Set t in g s t o rev ert t o t h e p rev io u s s et t in g s .
65
Figure 39 : WAN3 configurat io n for 3G inte rne t
 3G W A N s u p p o rt is av ailab le o n t h e s e d u al W A N p ro d u ct s : DSR-1000 an d DSR-

1000N.
Cellu lar 3G in t ern et acces s is av ailab le o n W A N 3 v ia a 3G USB mo d em fo r DSR-

1000 an d DSR-1000N. Th e cellu lar ISP t h at p ro v id es t h e 3G d at a p lan will p ro v id e
t h e au t h enticatio n req u iremen ts t o establis h a co n n ect io n . Th e d ial Nu mb er an d A PN
are s p ecific t o t h e cellu lar carriers . On ce t he co nnectio n t y pe s et t in g s are co n f ig u red
an d s av ed, n avig ate t o t h e W AN s t at us p age ( Setup > Internet Settings > WAN 3
Status ) an d En ab le t h e W A N3 lin k t o es t ab lis h t h e 3G co n n ect io n .
3.8 WAN Port Settings

Advanced > Advanced Network > WAN Port Setup
Th e p h y s ical p o rt s et tin gs fo r each W A N lin k can b e d efin ed h ere. If y o u r ISP account
d efin es t h e W A N p o rt sp eed o r is as so ciated wit h a M A C ad d ress, t h is in fo rmat io n is
req u ired b y t h e ro u t er t o en s u re a s mo o t h co n n ect io n wit h t h e n et wo rk.
66
Th e d efau lt M TU s ize s u p p o rt ed b y all p o rt s is 1500. Th is is t h e larg es t p acket s ize

t h at can p ass t h roug h t h e in t erface wit h o ut frag men t at io n. Th is s ize can b e in creas ed ,
h o wev er larg e p ackets can in t rod uce n etwo rk lag an d b rin g d own t h e in t erface s p eed .
No t e t h at a 1500 b y t e s ize p acket is t h e larg est allo w ed b y t h e Et h ernet p ro to co l at the
n et wo rk lay er.
Th e p o rt s p eed can b e s en sed b y t h e ro ut er wh en A u to is s elected. W it h t h is o p tion the
o p t imal p o rt s et t ing s are d et ermin ed b y t h e ro u t er an d n et wo rk. Th e d u p lex (h alf o r
fu ll) can b e d efin ed b ased o n t h e p o rt s up port , as well as o n e o f t h ree p o rt s p eed s : 10
M b p s , 100 M b p s an d 1000 M b p s (i.e. 1 Gb p s ). Th e d efau lt s ett in g is 100 M b p s fo r all
p o rt s .
Th e d efau lt M A C ad d res s is d efin ed d u rin g t h e man u fact u rin g p ro ces s fo r t h e
in t erfaces , and can u n iq uely id en tify t h is ro u ter. Yo u can cu st omize each W A N p o rt ’s
M A C ad d res s as n eed ed , eit h er b y let t in g t h e W A N p o rt as s u me t h e cu rren t LA N
h o s t ’s M A C ad d res s o r b y en t erin g a M A C ad d res s man u ally .
Figure 40 : Phys ical WAN port s e ttings
67
Chapter 4. Wireless Access Point

Setup
Th is ro u t er h as an in t egrated 802.11n rad io t h at allo ws y o u t o create an access p oin t for
wireles s LA N clien t s . Th e s ecurit y/ en cry ptio n/ au thent icat io n o p t io n s are g ro u p ed in a
wireles s Pro file, an d each co n fig u red p ro file will b e av ailab le fo r s elect io n in t h e A P
co n fig u ratio n men u . Th e p ro file d efin es v ario u s p aramet ers fo r t h e A P, in clu d in g t h e
s ecu rit y b et ween t h e wireles s clien t an d t h e A P, an d can b e s h ared b et ween mu lt ip le
A Ps in s t an ces o n t h e s ame d ev ice wh e n n eed ed .
 Th e co n t en t in t h is s ect io n is ap p licab le t o t h e DSR -500N an d DSR-1000N

p ro d u ct s .
Up t o fo u r u n iq u e wireles s n et wo rks can b e creat ed b y co n fig u rin g mu lt ip le “v irt u al”

A Ps . Each s u ch v irt ual A P ap p ears as an in d ep en d en t A P (u n iq u e SSID) t o s u p p o rt ed
clien t s in t h e en v iro nmen t, b u t is act ually ru n nin g o n t h e s ame p h ysical rad io in t egrated
wit h t h is ro u t er.
Yo u will n eed t h e fo llo win g in fo rmat io n t o co n fig u re y o u r wireles s n et wo rk:
 Ty p es o f d ev ices exp ect ed t o access t he wireles s n et wo rk an d t h eir s u p p o rt ed W i-
Fi™ mo d es
 Th e ro u t er’s g eo g rap h ical reg io n
 Th e s ecu rit y s et t in g s t o u s e fo r s ecu rin g t h e wireles s n et wo rk.
 Pro files may b e t h o u gh t o f as a g ro u pin g o f A P p aramet ers t h at can t h en b e ap p lied

t o n o t ju s t o ne b u t mu lt ip le A P in s t ances (SSIDs ) , t h u s av o id in g d u p licat io n if t h e
s ame p aramet ers are t o b e u s ed o n mu lt ip le A P in s t an ces o r SSIDs .
4.1 Wireless Settings Wizard

Setup > Wizard > Wireless Settings
Th e W ireles s Net wo rk Set u p W izard is av ailab le fo r u s ers n ew t o n et wo rkin g . By
g o in g t h ro ug h a few s t raig h t fo rward co n fig u rat io n p ag es y o u can en ab le a W i -Fi™
n et wo rk o n y o u r LA N an d allo w s u p p ort ed 802.11 clien t s t o co n nect t o t h e con fig ured
A cces s Po in t .
68
Figure 41 : Wire le s s Ne twork Se tup Wizards
4.1.1 W ireless Network Setup W izard

Th is wizard p ro v id es a s t ep -by-st ep g uid e t o creat e an d secure a n ew access p oint on
t h e ro u t er. Th e n et wo rk n ame (SSID) is t h e A P id en t ifier t h at will b e d et ect ed b y
s u p p ort ed clien ts. Th e W izard u ses a TKIP+A ES cip h er fo r W PA / W PA 2 s ecu rit y ;
d ep e n d ing o n s up port o n t he clien t sid e, d evices as sociate wit h t h is A P u s in g eit h er
W PA o r W PA 2 s ecu rit y wit h t h e s ame p re -s h ared key .
Th e wizard h as t h e o p tio n t o au to mat ically g enerate a n et wo rk key fo r t h e A P. Th is
key is t h e p re -s h ared key fo r W PA o r W PA 2 t y p e s ecu rit y . Su p p o rt ed clien t s t h at
h av e b een g iv en t his PSK can as s o ciat e wit h t h is A P. Th e d efau lt (au t o -as s ig n ed )
PSK is “p as s p h ras e”.
Th e las t s t ep in t h e W izard is t o click t h e Co n n ect b u t t o n , wh ich co n firms t h e
s et t in g s an d en ab les t h is A P t o b ro ad cas t it s av ailab ilit y in t h e LA N.
4.1.2 Add W ireless Dev ice with W PS

W it h W PS en ab led o n y ou r ro u ter, t h e s elected access p o in t allo ws s u p p o rt ed W PS
clien t s t o jo in t h e n et wo rk v ery eas ily . W h en t h e A u t o o p t io n fo r co n n ect in g a
69
wireles s d ev ice is ch o s e, y o u will b e p res en t ed wit h t wo co mmo n W PS s et u p

o p t io n s :
 Pers onal Identi fi cati on Number (PIN): Th e wireles s d ev ice t h at s u p p o rt s
W PS may h av e an alp h an umeric PIN, an d if en t ered in t h is field t h e A P will
es t ab lish a lin k t o t h e clien t . Click Co n n ect t o co mp let e s etu p an d co n nect to
t h e clien t .
 Pus h B utton Confi g urati on (PB C): fo r wireles s d ev ices t h at s u p p o rt PBC,

p res s an d h o ld d o wn o n t h is b u t t o n an d wit h in 2 min u t es , click t h e PBC
co n n ect b u tt on. Th e A P will d et ect t h e wireles s d ev ice an d es t ab lis h a lin k
t o t h e clien t .
 Yo u n eed t o en able at leas t o n e A P wit h W PA / WPA 2 s ecu rity an d als o en able W PS

in t h e Advanced > Wireless Settings > WPS p ag e t o u s e t h e W PS wizard .
4.1.3 Manual W ireless Network Setup

Th is b u t t on o n t h e W izard p ag e will lin k t o t h e Setup> Wireless Settings> Access
Points p ag e. Th e man u al o p t io n s allo w y o u t o creat e n ew A Ps o r mo d ify t h e
p aramet ers o f A Ps creat ed b y t h e W izard .
4.2 Wireless Profiles

Setup > Wireless Settings > Profiles
Th e p ro file allo ws y o u t o as sig n t h e s ecu rit y t y p e, en cry p t io n an d au t h en t icat io n t o
u s e wh en co n nectin g t he A P t o a wireles s clien t . Th e d efau lt mo d e is “o p en ”, i.e. n o
s ecu rit y . Th is mo d e is in s ecu re as it allo ws an y comp at ib le wireles s clien ts t o co nnect
t o an A P co n fig u red wit h t h is s ecu rit y p ro file.
To creat e a n ew p ro file, u s e a u n iq u e p ro file n ame t o id en t ify t h e co mb in at io n o f
s et t in g s . Co n fig u re a u n iq u e SSID t h at will b e t h e id en t ifier u s ed b y t h e clien t s t o
co mmu n icat e t o t h e A P u s in g t h is p ro file. By ch o o s in g t o b ro ad cas t t h e SSID,
co mp at ib le wireles s clien t s wit h in ran g e o f t h e A P can d et ect t h is p ro file’s
av ailab ilit y .
Th e A P o ffers all ad v an ced 802.11 s ecu rit y mo d es, in clu din g W EP, W PA , W PA 2 an d
W PA +W PA 2 o p t io ns. Th e securit y o f t h e A ccess p oin t is co n fig ured b y t h e W ireles s
Secu rit y Ty p e s ect io n :
 Op en : s elect t h is o p tio n t o create a p u blic “o p en” n etwo rk t o allo w u n aut henticat ed
d ev ices t o acces s t h is wireles s g at eway .
 W EP (W ired Eq u iv alen t Priv acy ): t h is o p tio n req u ires a s t at ic (p re -s h ared ) key t o

b e s h ared b et ween t h e A P an d wireles s clien t . No t e t h at W EP d o es n o t s u p p o rt
802.11n d at a rat es ; is it ap p ro p riat e fo r leg acy 802.11 co n n ect io n s .
70
 W PA (W i-Fi Pro t ect ed A ccess): Fo r s t ro n g er wireles s s ecu rit y t h an W EP, ch o o s e

t h is o p t io n. Th e en cry ptio n fo r W PA will u s e TKIP an d als o CCM P if req u ired . The
au t h en t icat io n can b e a p re-s h ared key (PSK), En t erp ris e mo d e wit h RA DIUS
s erv er, o r b o t h . No t e t h at W PA d o es n o t s u p p o rt 802.11n d at a rat es ; is it
ap p ro p riat e fo r leg acy 802.11 co n n ect io n s .
 W PA 2: t h is s ecu rit y t y p e u s es CCM P en cry p t io n (an d t h e o p t io n t o ad d TKIP

en cry p t io n ) o n eit h er PSK (p re -s h ared key ) o r En t erp ris e (RA DIUS Serv er)
au t h en t icat io n .
 W PA + W PA 2: t h is u s es b o t h en cry p t io n alg o rit h ms , TKIP an d CCM P. W PA

clien t s will u s e TKIP an d W PA 2 clien t s will u s e CCM P en cry p t io n alg o rit h ms .
 “W PA +W PA 2” is a s ecurit y o p tio n t h at allo ws d evices t o co n n ect t o an A P u s in g

t h e s t ro ng est s ecurit y t h at it s u p p o rt s . Th is mo d e allo ws leg acy d ev ices t h at o n ly
s u p p ort W PA2 key s (s uch as an o ld er wireles s p rin t er) t o co n n ect t o a s ecu re A P
wh ere all t h e o t h er wireles s clien t s are u s in g W PA 2.
Figure 42 : Lis t of Available Profile s s hows th e options availab le to

s e cure the wire le s s link
4.2.1 W EP Security
If W EP is t h e ch o sen s ecurit y o pt ion , y ou mu s t s et a u n iq u e s t at ic key t o b e s h ared
wit h clien t s t h at wis h t o access t h is s ecu red wireles s n etwo rk. Th is s t at ic key can b e
g en erat e d fro m an eas y -to -rememb er p as sphrase and t h e s elected en cryp t io n len g t h .
 A u t h en t icat io n : s elect b et ween Op en Sy s t em, o r Sh ared Key s ch emes
71
 En cry p t io n : s ele ct t h e en cry p t io n key s ize -- 64 b it W EP o r 128 b it W EP.

Th e larg er s ize key s p ro v id e s tron ger en cry pt ion , t h u s makin g t h e key mo re
d ifficu lt t o crack
 W EP Pas s p hras e: en t er an alp h an u meric p h ras e an d click Gen erat e Key t o

g en erat e 4 u n iq u e W EP ke y s wit h len g t h d et ermin ed b y t h e en cry p t io n key
s ize. Next c h o o se o n e o f t h e key s t o b e u sed fo r au t henticatio n. Th e s elect ed
key mu s t b e s h ared wit h wireles s clien t s t o co n n ect t o t h is d ev ice.
72
Figure 43 : Profile configuratio n to s e t ne twork s e curity
4.2.2 W PA or W PA2 with PSK

A p re -s h ared key (PSK) is a kn o wn p as sp hrase co nfig u red o n t h e A P an d clien t b o th
an d is u s ed t o au t henticate t he wireles s clien t . A n acceptable p assph ras e is b et ween
8 t o 63 ch aract ers in len g t h .
4.2.3 RADIUS Authentication
Advanced > RADIUS Settings

En t erp ris e M o d e u s es a RA DIUS Serv er fo r W PA an d / o r W PA 2 s ecu rit y . A
RA DIUS s erv er mu s t b e co n fig u red an d acces s ib le b y t h e ro u t er t o au t h en t icat e
73
wireles s clien t co n n ect io n s t o an A P en ab led wit h a p ro file t h at u s es RA DIUS

au t h en t icat io n .
 Th e A u t h en t icat io n IP A d d res s is req u ired t o id en t ify t h e s erv er. A
s eco n dary RA DIUS s erv er p ro vid es red und an cy in t h e event t hat t h e p rimary
s erv er can n o t b e reach ed b y t h e ro u t er wh en n eed ed .
 A u t h en t icat io n Po rt : t h e p o rt fo r t h e RA DIUS s erv er co n n ect io n
 Secret : en t er t h e s h ared s ecret t h at allo ws t h is ro u t er t o lo g in t o t h e

s p ecified RA DIUS s erv er(s). Th is key mu s t mat ch t h e s h ared s ecret o n t h e
RA DIUS Se rv er.
 Th e Timeo u t an d Ret ries field s are u sed t o eit h er mo v e t o a s econ dary s erver
if t h e p rimary can n o t b e reached, o r t o g iv e u p t h e RA DIUS au t h en t icat io n
at t emp t if co mmu n icat io n wit h t h e s erv er is n o t p o s s ib le.
74
Figure 44 : RADIUS s e rve r (Exte rnal Authe nticatio n ) configurat io n
4.3 Creating and Using Access Points

Setup > Wireless Settings > Access Points
On ce a p ro file (a g ro u p o f s ecu rity s et tin gs) is created, it can b e as sig ned t o an A P o n
t h e ro u t er. Th e A P SSID can b e co n fig u red t o b ro adcas t it s av ailab ilit y t o t h e 802.11
en v iro n men t can b e u s ed t o es t ab lis h a W LA N n et wo rk.
Th e A P co n fig u rat io n p ag e allo ws y o u t o creat e a n ew A P an d lin k t o it o n e o f t h e
av ailab le p ro files . Th is ro u t er s u p p o rt s mu lt ip le A P’s referred t o as v irt u al acces s
p o in t s (VA Ps ). Each v irt u al A P t h at h as a u n iq u e SSIDs ap p ears as an in d ep en d en t
acces s p o in t t o clien t s . Th is v alu ab le feat u re allo ws t h e ro u t er’s rad io t o b e
co n fig u red in a way t o o p t imize s ecu rit y an d t h ro u g h p u t fo r a g ro u p o f clien t s as
req u ired b y t h e u s er. To creat e a VA P, click t h e “ad d ” b u t t o n o n t h e Setup >
Wireless Settings > Access Points p ag e. A ft er s et t in g t h e A P n ame, t h e p ro file
d ro p d o wn men u is u s ed t o s elect o n e o f t h e co n fig u red p ro files .
75
 Th e A P Name is a u n iq u e id en t ifier u s ed t o man ag e t h e A P fro m t h e GUI, an d is

n o t t h e SSID t h at is d et ect ed b y clien t s wh en t h e A P h as b ro ad cas t en ab led .
Figure 45 : Virtu al AP configurat io n
A v alu ab le p o wer s av in g feat u re is t h e s t art an d s t o p t ime co n t ro l fo r t h is A P. Yo u

can co n s erv e o n t h e rad io p o wer b y d is ab lin g t h e A P wh en it is n o t in u s e. Fo r
examp le o n ev en in gs an d weekends if y o u kn o w t h ere are n o wireles s clien t s, t h e s tart
an d s t o p t ime will en ab le/ d is ab le t h e acces s p o in t au t o mat ically .
On ce t h e A P s et t in g s are co n fig u red , y o u mu s t en ab le t h e A P o n t h e rad io o n t h e
Setup > Wireless Settings > Access Points p ag e. Th e s t at u s field ch an g es t o
“En ab led ” if t h e A P is av ailab le t o accep t wireles s clien ts. If t h e A P is co n fig u red t o
b ro ad cas t it s SSID (a p ro file p aramet er), a g reen ch eck mark in d icat in g it is
b ro ad cas t in g will b e s h o wn in t h e Lis t o f A v ailab le A cces s p o in t s .
76
Figure 46 : Lis t of configure d acce s s points (Virtu al APs ) s hows one

e nable d acce s s point on the radio, broadcas t i ng its SSID
Th e clien t s co nn ected t o a p art icular A P can b e v iewed b y u s ing t he St atu s Bu t t o n o n

t h e Lis t o f A v ailab le A cces s Po in t s . Traffic s t at is t ics are s h o wn fo r t h at in d iv id u al
A P, as co mp ared t o t h e s ummary s t ats fo r each A P o n t h e St at ist ics t ab le. Co n n ect ed
clien t s are s o rted b y t h e M A C ad d ress an d in d icat e t h e s ecu rit y p aramet ers u s ed b y
t h e wireles s lin k, as well as t h e t ime co n n ect ed t o t h is p art icu lar A P. Clickin g t h e
Det ails b u t t o n n ext t o t h e co n n ect ed clien t will g iv e t h e d et ailed s en d an d receiv e
t raffic s t at is t ics fo r t h e wireles s lin k b et ween t h is A P an d t h e clien t .
4.3.1 Primary benefits of Virtual APs:

 Op t imize t h ro u g hpu t: if 802.11b , 802.11 g , an d 802.11n clien t s are exp ect ed
t o acces s t he LA N v ia t h is ro u t er, creat in g 3 VA Ps will allo w y o u t o man age
o r s h ap e t raffic fo r each g ro up o f clien ts. A u n iq u e SSID can b e creat ed fo r
t h e n et wo rk o f 802.11b clien t s an d an o t h er SSID can b e as s ig n ed fo r t h e
802.11n clien t s . Each can h av e d ifferen t s ecu rit y p aramet ers – rememb er,
t h e SSID an d s ecu rit y o f t h e lin k is d et ermin ed b y t h e p ro file. In t h is way
leg acy clien t s can acces s t h e n et wo rk wit h o u t b rin g in g d o wn t h e o v erall
t h ro u g h p u t o f mo re cap ab le 802.11n clien t s .
 Op t imize s ecu rit y : y o u may wis h t o s u p p o rt s elect leg a cy clien t s t h at o n ly

o ffer W EP s ecu rit y wh ile u s in g W PA 2 s ecu rit y fo r t h e majo rit y o f clien t s
fo r t h e rad io . By creat in g t wo VA Ps co n fig u red wit h d ifferen t SSIDs an d
d ifferen t s ecurit y p aramet ers, b ot h t y pes o f clien ts can co n n ect t o t h e LA N.
Sin ce W PA 2 is mo re s ecu re, y o u may wan t t o b ro ad cas t t h is SSID an d n o t
77
b ro ad cast t h e SSID fo r t h e VA P wit h W EP s in ce it is mean t t o b e u s ed fo r a

few leg acy d ev ices in t h is s cen ario .
4.4 Tuning Radio Specific Settings

Setup > Wireless Settings > Radio Settings
Th e Rad io Set t in g s p ag e let s y o u co n fig u re t h e ch an n els an d p o wer lev els av ailab le
fo r t h e A P’s en abled o n t h e DSR. Th e ro u t er h as a d u al b an d 802.11n rad io , mean in g
eit h er 2.4 GHz o r 5 GHz freq u en cy o f o p erat io n can b e s elect ed (n o t co n cu rren t ly
t h o u g h). Bas ed o n t he s elected o p erat in g freq u en cy , t h e mo d e s elect io n will let y o u
d efin e wh et h er leg acy co nnectio ns o r o n ly 802.11n co n n ect io ns (o r b o th ) are accep ted
o n co n fig u red A Ps .
Figure 47 : Radio card configurat io n options
Th e rat ified 802.11n s u p po rt o n t h is rad io req uires s electin g t h e ap prop riate b ro adcast
(NA o r NG et c.) mo d e, an d t h en d efinin g t h e ch an n el s p acin g an d co n t ro l s id e b an d
fo r 802.11n t raffic. Th e d efau lt s et t in g s are ap p ro p riat e fo r mo s t n et wo rks . Fo r
examp le, ch an g in g t h e ch an n el s p acin g t o 40 M Hz can imp ro v e b an d wid t h at t h e
exp en s e o f s u p p o rt in g earlier 802.11n clien t s .
Th e av ailab le t ran smis sio n ch ann els are g o v ern ed b y reg u latory co nst rain t s b as ed o n
t h e reg io n s et t in g o f t h e ro u t er. Th e maximu m t ran s mis s io n p o wer is s imilarly
g o v ern ed b y reg u lat o ry limit s ; y o u h av e t h e o p t io n t o d ecreas e fro m t h e d efau lt
maximu m t o red u ce t h e s ig n al s t ren g t h o f t raffic o u t o f t h e rad io .
78
4.5 WMM
Setup > Wireless Settings > WMM
W i-Fi M u lt imed ia (W M M ) p ro v id es b as ic Qu alit y o f s erv ice ( Qo S) feat u res t o IEEE
802.11 n et wo rks . W M M p rio rit izes t raffic accordin g t o fo u r A ccess Cat ego ries (A C) -
v o ice, v id eo , b es t effo rt , an d b ackg ro u n d .
Figure 48 : Wi-Fi M ultime dia
Profi l e Name :
Th is field allo ws y o u t o s elect t h e a v ailab le p ro files in wireles s s et t in g s .
Enabl e WMM:
Th is field allo ws y o u t o en ab le W M M t o imp ro v e mu lt imed ia t ran s mis s io n .
Defaul t Cl as s Of S ervi ce :
Th is field allo ws y o u t o s elect t h e av ailab le A cces s Cat eg o ries (v o ice, v id eo , b es t
effo rt , an d b ackg ro u n d ).
79
4.6 Wireless distribution system (WDS)

Setup > Wireless Settings > WDS
W ireles s d is t rib u t io n s y s t em is a s y s t em en ab lin g t h e wireles s in t erco n n ect io n o f
acces s p o in t s in a n et wo rk. Th is feat u re is o n ly g u aran t eed t o wo rk o n ly b et ween
d ev ices o f t h e s ame t y p e .
Figure 49 : Wire le s s Dis tribut ion Sys te m
 Th is feat u re is o n ly g uaranteed t o wo rk o n ly b etween d evices o f t h e s ame t y p e (i.e.

u s in g t h e s ame ch ip s et / d riv er). Fo r examp le b et ween t wo DSR250N b o xes , o r
b et wee n t wo DSR1000N. It s h o u ld als o in t ero p erat e b et ween a DSR 1000N an d
DSR 500 N b o xes s in ce t h ey are b as ed o n t h e s ame ch ip s et / d riv er.
W h en t h e u s er en ab les t h e W DS lin ks u s e t h e s ame s ecu rit y co n fig u rat io n as t h e

d efau lt access p oin t . Th e W DS lin ks d o n o t h ave t ru e W PA /WPA 2 s up port , as in t h ere
is n o W PA key h an d sh ake p erfo rmed . In stead t h e Ses sion Key t o b e u s ed wit h a W DS
Peer is co mp u t ed u sing a h as h in g fu n ct io n (s imilar t o t h e o n e u s ed fo r co mp u t in g a
W PA PM K). Th e in p u t s t o t his fu nctio n are a PSK (co n fig u rab le b y an ad mi n is t rat o r
fro m t h e W DS p ag e) an d an in t ern al " mag ic" s t rin g (n o n -co n fig u rab le).
In effect t h e W DS lin ks u s e TKIP/ A ES en cry p t io n , d ep en d in g o n t h e en cry p t io n
co n fig u red fo r t h e d efault A P. In cas e t h e d efau lt A P u s e s mixed en cry p t io n (TKIP +
A ES).Th e W DS lin k will u s e t h e A ES en cry p t io n s ch eme.
80
 Fo r a W DS lin k t o fu n ct io n p rop erly t h e Rad io s et tin g s o n t h e W DS p eers h av e t o

b e t h e s ame.
Th e W DS p ag e wo u ld co n sist o f t wo s ect ions. Th e firs t s ectio n p ro v ides g eneral W DS

s et t in g s s h ared b y all it s W DS p eers .
WDS Enabl e - Th is wo u ld b e a ch eck b o x
W DS En cry p t io n - Dis p lay s t he t y pe o f en crypt ion u s ed . It co u ld b e o n e o f OPEN/ 64
b it W EP/ 128 b it W EP/ TKIP/ A ES (Us e t h e t erm b ein g u s ed t h ro u g h o u t t h e b o x i.e.
eit h er CCM P o r A ES).
WDS Pas s phras e - Th is is req u ired if t h e en cry p t io n s elect ed is TKIP/ CCM P. W e
wo u ld exp ect it t o b e wit h in 8~63 A SCII ch aract ers . In t h e W DS co n fig u rat io n p ag e
t h is field is man d at o ry an d h as t o b e s ame o n t h e t wo W DS p eers, wh en t h e s ecurity is
co n fig u red in TKIP/ A ES mo d e. Th e W DS lin ks u s e t h is as t h e PSK fo r t h e
co n n ect io n .
DUT' s Mac Addres s - Th is wo u ld b e t h e mac ad d res s o f t h is b o x. Th is s h o u ld b e
co n fig u red in t h e p eer's W DS co n fig urat io n p ag e t o b e ab le t o es t ab lis h a W DS lin k
wit h t h is b o x. Th is field in t h e W DS Co n fig u rat io n s ectio n d is p lay s t h e d ev ice's mac
ad d res s, wh ich n eeds t o b e s pecified o n t h e W DS p eer fo r makin g a co n n ect ion t o t h is
d ev ice (Similarly t h e W DS p eers M A C ad d res s will h av e t o b e s p ecified o n t h is
d ev ice fo r t h e W DS lin k t o b e es t ab lis h ed b et ween t h e t wo d ev ices ).
Th e s eco n d s ect io n will h av e t h e lis t o f co n fig u red W DS p eers wit h b u t t o n s t o
A d d / Delet e Peer en t ries . W e s u p p o rt u p t o a maximu m o f 4 W DS lin ks p er b o x.
 Th e b o t h d evices n eed t o h av e s ame wireles s s et t in g s (wireles s mo d e, en cry p t io n ,

au t h en ticat io n met h o d , W DS p as s p h ras e, W DS M A C ad d res s an d wireles s SSID)
wh en we co n fig u re W DS feat u res in DSR ro u t er .
Th e " A d d W DS Peer" s ect io n allo ws t h e u s er t o s p ecify a W DS p eer. Th e " W DS

Peers " t ab le d is p lay s t h e lis t o f W DS p eers cu rren t ly co n fig u red o n t h e d ev ice. A
maximu m o f 4 W DS p eers can b e s p ecified in an y g iv en mo d e.
4.7 Advanced Wireless Settings

Advanced > Wireless Settings > Advanced Wireless
So p h is t icat ed wireles s ad min is t rat o rs can mo d ify t h e 802.11 co mmu n icat io n
p aramet ers in t h is p ag e. Gen erally , t h e d efau lt s et t in g s are ap p ro p riat e fo r mo s t
n et wo rks . Pleas e refer t o t h e GUI in t eg rat ed h elp t ext fo r fu rt h er d et ails o n t he u s e o f
each co n fig u rat io n p aramet er.
81
Figure 50 : Advance d Wire le s s communic at io n s e ttings
4.8 Wi-Fi Protected Setup (WPS)

Advanced > Wireless Settings > WPS
W PS is a s imp lified met h o d t o ad d s up port ing wireles s clien ts t o t h e n et work. W PS is
o n ly ap p licab le fo r A Ps t hat emp lo y W PA o r W PA 2 s ecu rit y. To u s e W PS, s elect t h e
elig ib le VA Ps fro m t h e d ro p d o wn lis t o f A Ps t h at h av e b een co n fig u red wit h t h is
s ecu rit y an d en ab le W PS s t at u s fo r t h is A P.
Th e W PS Cu rren t St at u s s ect ion o ut lin es t h e securit y, au th en ticatio n , an d en cry p t io n
s et t in gs o f t h e s elected A P. Th ese are co nsist en t wit h t h e A P’s p ro file. Th ere are t wo
s et u p o p t io n s av ailab le fo r :
 Pers onal Identi fi cati on Number (PIN): Th e wireles s d ev ice t h at s u p p o rt s W PS
may h av e an alp h an u meric PIN, if s o ad d t h e PIN in t h is field . Th e ro u t er will
co n n ect wit h in 60 s eco n ds o f clickin g t h e “Co n fig ure v ia PIN” b u t t o n immed iat ely
b elo w t h e PIN field . Th ere is n o LED in d icat io n t h at a clien t h as co n n ect ed .
 Pus h B utton Confi g urati on (PB C): fo r wireles s d ev ices t h at s u p p o rt PBC, p res s
an d h o ld d o wn o n t his b ut to n an d wit h in 2 min u t es click t h e PBC co n n ect b u t t o n .
Th e A P will d et ect t h e wireles s d ev ice an d es t ab lis h a lin k t o t h e clien t .
82
 M o re t h an o n e A P can u s e W PS, b u t o n ly o n e A P can b e u s ed t o es t ab lis h W PS

lin ks t o clien t at an y g iv en t ime.
Figure 51 : WPS configurat io n for an AP with WPA/WP A2 profile
83
Chapter 5. Securing the Private
Network
Yo u can s ecu re y ou r n etwo rk b y creat in g an d ap p ly in g ru les t h at y o u r ro u t er u s es t o
s elect iv ely b lo ck an d allo w in b o u n d an d o u t b o u n d In t ern et t raffic. Yo u t h en s p ecify
h o w an d t o wh o m t h e ru les ap p ly . To d o s o , y o u mu s t d efin e t h e fo llo win g :
 Serv ices o r t raffic t y p es (examp le s : web b ro ws in g , Vo IP, o t h er s t an d ard s erv ices
an d als o cu s t o m s erv ices t h at y o u d efin e)
 Direct io n fo r t h e t raffic b y s p ecifyin g t h e s ource an d d es t in at io n o f t raffic ; t h is is

d o n e b y s p ecify in g t h e “Fro m Zo n e” (LA N/ W A N/ DM Z) an d “To Zo n e”
(LA N/ W A N/ DM Z)
 Sch ed u les as t o wh en t h e ro u t er s h o u ld ap p ly ru les
 A n y Key wo rd s (in a d o main n ame o r o n a URL o f a web p ag e) t h at t h e ro u t er

s h o u ld allo w o r b lo ck
 Ru les fo r allo win g o r b lo ckin g in b o un d an d o u tb oun d In t ern et t raffic fo r s p ecified

s erv ices o n s p ecified s ch ed u les
 M A C ad d res s es o f d ev ices t h at s h o u ld n o t acces s t h e in t ern et
 Po rt t rig g ers t h at s ign al t h e ro u ter t o allo w o r b lo ck acces s t o sp ecified s erv ices as

d efin ed b y p o rt n u mb er
 Rep o rt s an d alert s t h at y o u wan t t h e ro u t er t o s en d t o y o u
Yo u can , fo r examp le, es t ab lis h res t rict ed -acces s p o licies b as ed o n t ime -o f-d ay , web
ad d res ses, an d web ad d ress key wo rd s . Yo u can b lo ck In t ern et acces s b y ap p licat io n s
an d s erv ices o n t h e LA N, s u ch as ch at ro o ms o r g ames . Yo u can b lo ck ju s t cert ain
g ro u p s o f PCs o n y o u r n et wo rk fro m b ein g acces s ed b y t h e W A N o r p u b lic DM Z
n et wo rk.
5.1 Firewall Rules

Advanced > Firewall Settings > Firewall Rules
In b o u n d (W A N t o LA N/ DM Z) ru les rest rict acces s t o t raffic en t erin g y o u r n et wo rk,
s elect iv ely allo win g o n ly s pecific o u t side u sers t o access s p ecific lo cal res o u rces . By
d efau lt all acces s fro m t h e in s ecure W AN s id e are b lo cked fro m acces sin g t h e s ecu re
LA N, excep t in res p o nse t o req uest s fro m t h e LA N o r DM Z. To allo w o u t s id e d ev ices
t o acces s s erv ices o n t h e s ecu re LA N, y o u mu s t creat e a n in b o u n d firewall ru le fo r
each s erv ice.
If y o u wan t t o allo w in co min g t raffic, y o u mu s t make t h e ro u t er’s W A N p o rt IP
ad d res s kn o wn t o t h e p u blic. Th is is called “exp o sin g y o ur h o st.” Ho w y o u make y o u r
ad d res s kn o wn d ep en d s o n h o w t h e W A N p o rt s are co n fig u red ; fo r t h is ro u t er y o u
may u s e t h e IP ad d res s if a s t at ic ad d res s is as s ig n ed t o t h e W A N p o rt , o r if y o u r

W A N ad d res s is d y n amic a DDNS (Dy n a mic DNS) n ame can b e u s ed .
Ou t b o u nd (LA N/ DM Z t o W A N) ru les res trict access t o t raffic leav in g y o u r n et wo rk,
s elect iv ely allo win g o n ly s pecific lo cal u s ers t o access s p ecific o u tsid e res ou rces . The
d efau lt o u t b o u n d ru le is t o allo w acces s fro m t h e s ecu re zo n e (LA N) t o eit h er t h e
p u b lic DM Z o r in s ecu re W A N. On o t h er h an d t h e d efau lt o u t b o u n d ru le is t o d en y
acces s fro m DM Z t o in s ecu re W A N. Yo u can ch an g e t h is d efau lt b eh av io u r in t h e
Firewall Settings > Default Outbound Policy p ag e. W h en t h e d efau lt o u t b o u n d
p o licy is allo w alway s , y o u can t o b lo ck h o s t s o n t h e LA N fro m acces s in g in t ern et
s erv ices b y creat in g an o u t b o u n d firewall ru le fo r each s erv ice.
Figure 52 : Lis t of Available Fire wal l Rule s
5.2 Defining Rule Schedules

Tools > Sche dules
Firewall ru les can b e en abled o r d is ab led au t o mat ically if t h ey are as s o ciat ed wit h a
co n fig u red s chedule. Th e s ched u le co n fig u rat io n p ag e allo ws y o u t o d efin e d ay s o f
t h e week an d t h e t ime o f d ay fo r a n ew s ch ed u le, an d t h en t h is s ch ed u le can b e
s elect ed in t h e firewall ru le co n fig u rat io n p ag e.
 A ll s ch ed ules will fo llo w t h e t ime in t h e ro u t ers con fig ured t ime zo n e. Refer t o t h e
s ect io n o n ch o o s in g y o u r Time Zo n e an d co n fig u rin g NTP s erv ers fo r mo re
in fo rmat io n .
86
Figure 53 : Lis t of Available Sche dule s to bind to a fire wal l rule
5.3 Configuring Firewall Rules

Advanced > Firewall Settings > Firewall Rules
A ll co n fig u red firewall ru les o n t h e ro u t er are d is p lay ed in t h e Firewall Ru les lis t .
Th is lis t als o in d icat es wh et h er t h e ru le is en ab led (act iv e) o r n o t , an d g iv es a
s u mmary o f t h e Fro m/ To zo n e as well as t h e s erv ices o r u s ers t h at t h e ru le affect s .
To creat e a n ew firewall ru les , fo llo w t h e s t ep s b elo w:
1. View the existing rules in the List of Available Firewall Rules table.
2. To edit or add an outbound or inbound services rule, do the following:
 To ed it a ru le, click t h e ch eckb o x n ext t o t h e ru le an d click Ed it t o reach t h at ru le’s

co n fig u rat io n p ag e.
 To ad d a n ew ru le , click A d d t o b e t aken t o a n ew ru le’s co n fig u rat io n p ag e. On ce

creat ed , t h e n ew ru le is au t o mat ically ad d ed t o t h e o rig in al t ab le.
3. Chose the From Zone to be the source of originating traffic: either the secure LAN, public
DMZ, or insecure WAN. For an inbound rule WAN should be selected as the From Zone.
4. Choose the To Zone to be the destination of traffic covered by this rule. If the From Zone
is the WAN, the to Zone can be the public DMZ or secure LAN. Similarly if the From
Zone is the LAN, then the To Zone can be the public DMZ or insecure WAN.
5. Parameters that define the firewall rule include the following:
87
 Serv ice : A NY mean s all t raffic is affect ed b y t h is ru le. Fo r a s p ecific

s erv ice t h e d ro p d o wn lis t h as co mmo n s erv ices , o r y o u can s elect a
cu s t o m d efin ed s erv ice.
 A ct io n & Sch ed u le: Select o n e o f t h e 4 act io n s t h at t h is ru le d efin es :

BLOCK alway s , A LLOW alway s , BLOCK b y s ch ed u le o t h erwis e
A LLOW , o r A LLOW b y s ch ed u le o t h erwis e BLOCK . A s ch ed u le mu s t
b e p re co n fig ured in o rd er fo r it t o b e av ailab le in t h e d ro p d o wn lis t t o
as s ig n t o t h is ru le .
 So u rce & Des t in at io n u sers: Fo r each relev an t cat ego ry, s elect t he u sers
t o wh ich t h e ru le ap p lies :
 A n y (all u s ers )
 Sin g le A d d res s (en t er an IP ad d res s )
 A d d res s Ran g e (en t er t h e ap p ro p riat e IP ad d res s ran g e)
 Lo g : t raffic t h at is filt ered b y t h is ru le can b e lo g g ed ; t h is req u ires

co n fig u rin g t h e ro u t er’s lo g g in g feat u re s ep arat ely .
 Qo S Prio rit y : Ou t b o u n d ru les (wh ere To Zo n e = in s ecu re W A N o n ly )

can h av e t h e t raffic marked wit h a Qo S p rio rit y t ag . Select a p rio rit y
lev el:
 No rmal-Serv ice: To S=0 (lo wes t Qo S)
 M in imize -Co s t : To S=1
 M aximize -Reliab ilit y : To S=2
 M aximize -Th ro u g h p u t : To S=4
 M in imize -Delay : To S=8 (h ig h es t Qo S)
6. Inbound rules can use Destination NAT (DNAT) for managing traffic from the WAN.
Destination NAT is available when the To Zone = DMZ or secure LAN.
 W it h an in b o u n d allo w ru le y o u can en t er t h e in t ern al s erv er ad d res s

t h at is h o s t in g t h e s elect ed s erv ice.
 Yo u can en ab le p o rt fo rward in g fo r an in co min g s erv ice s p ecific ru le

(Fro m Zo n e = W A N) b y s elect in g t h e ap p ro p riat e ch eckb o x. Th is will
allo w t h e s elect ed s erv ice t raffic fro m t h e in t ern et t o reach t h e
ap p ro p riat e LA N p o rt v ia a p o rt fo rward in g ru le.
 Tran s lat e Po rt Nu mb er: W it h p o rt fo rward in g , t h e in co min g t raffic t o

b e fo rward ed t o t h e p o rt n u mb er en t ered h ere.
88
 Ext ern a l IP ad d ress: Th e ru le can b e b o un d t o a s p ecific W A N in t erface

b y s elect in g eit h er t h e p rimary W A N o r co n fig urab le p o rt W A N as t h e
s o u rce IP ad d res s fo r in co min g t raffic.
 Th is ro u t er s up port s mu lt i-NA T an d s o t h e Ext ern al IP ad d res s d o es n o t n ecessarily

h av e t o b e t h e W A N ad d res s . On a s in g le W A N in t erface, mu lt ip le p u b lic IP
ad d res ses are s u ppo rted. If y o u r ISP as s ig ns y o u mo re t h an o n e p u b lic IP ad d res s ,
o n e o f t h es e can b e u s ed as y o u r p rimary IP ad d res s o n t h e W A N p o rt , an d t h e
o t h ers can b e assig ned t o s erv ers o n t h e LA N o r DM Z. In t h is way t h e LA N/ DM Z
s erv er can b e acces s ed fro m t h e in t ern et b y it s alias ed p u b lic IP ad d res s .
7. Outbound rules can use Source NAT (SNAT) in order to map (bind) all LAN/DMZ traffic
matching the rule parameters to a specific WAN interface or external IP address (usually
provided by your ISP).
On ce t h e n ew o r mo d ified ru le p aramet ers are s av ed , it ap p ears in t h e mas t er lis t o f

firewall ru les . To en ab le o r d is ab le a ru le, click t h e ch eckb o x n ext t o t h e ru le in t h e
lis t o f firewall ru les an d ch o o s e En ab le o r Dis ab le.
 Th e ro u t er ap p lies firewall ru les in t h e o rd er lis t ed . A s a g en eral ru le, y o u s h o u ld

mo v e t h e s t rict est ru les (t h ose wit h t h e mo s t s pecif ic s erv ices o r ad d res s es ) t o t h e
t o p o f t h e lis t . To reo rd er ru les , click t h e ch eckb o x n ext t o a ru le an d click u p o r
d o wn .
89
Figure 54 : Example whe re an outbound SNAT rule is us e d to map an

e xte rnal IP addre s s (209.156.200.225) to a private DM Z IP
addre s s (10.30.30.30)
90
Figure 55 : The fire wal l rule configuratio n page allows you to de fine the
To/From zone , s e rvice , action, s che dule s , and s pe cify
s ource /de s tination IP addre s s e s as ne e de d.
91
5.4 Configuring IPv6 Firewall Rules

Advanced > Firewall Settings > IPv6 Firewall Rules
A ll co n fig u red IPv 6 firewall ru les o n t h e ro u t er are d is p lay ed in t h e Firewall Ru les
lis t . Th is lis t als o in d icat es wh et h er t h e ru le is en ab led (act iv e) o r n o t , an d g iv es a
s u mmary o f t h e Fro m/ To zo n e as well as t h e s erv ices o r u s ers t h at t h e ru le affect s .
Figure 56 : The IPv6 fire wall rule configuratio n page allows you to de fine
the To/From zone , s e rvice , action, s che dule s , and s pe cify
s ource /de s tination IP addre s s e s as ne e de d.
92
Figure 57 : Lis t of Available IPv6 Fire wall Rule s
5.4.1 Firewall Rule Configuration Examples
Exampl e 1 : A llo w in b o u n d HTTP t raffic t o t h e DM Z

S i tuati on: Yo u h o s t a p u b lic web s erv er o n y o u r lo cal DM Z n et wo rk . Yo u wan t t o
allo w in b o u n d HTTP req u ests fro m an y o u t sid e IP ad d ress t o t h e IP ad d res s o f y o u r
web s erv er at an y t ime o f d ay .
S ol uti on: Creat e an in b o u n d ru le as fo llo ws .
Par am eter V alu e
From Zone Insecure (WAN1/WAN2/WAN3)
To Zone Public (DMZ)
Service HTTP
Action ALLOW alw ays
Send to Local Server (DNAT IP) 192.168.5.2 (w eb server IP address)
Destination Users Any
Log Never
Exampl e 2 : A llo w v id eo co n feren cin g fro m ran g e o f o u t s id e IP ad d res s es

S i tuati on: Yo u wan t t o allo w in co min g v id eo co n feren cin g t o b e in it iat ed fro m a
res t rict ed ran g e o f o u t s id e IP ad d res s es (132.177.88.2 - 132.177.88.254), fro m a
b ran ch o ffice.
93
S ol uti on: Creat e an in b o u n d ru le as fo llo ws . In t h e examp le, CUSeeM e (t h e v id eo

co n feren ce s erv ice u s ed ) co n n ect io n s are allo wed o n ly fro m a s p ecified ran g e o f
ext ern al IP ad d res s es .
Par am eter V alu e
To Zone Secure (LAN)
Service CU-SEEME:UDP
Send to Local Server (DNAT IP) 192.168.10.11
Destination Users Address Range
From 132.177.88.2
To 134.177.88.254
Enable Port Forw arding Yes (enabled)
Exampl e 3 : M u lt i-NA T co n fig u rat io n

S i tuati on: Yo u wan t t o co n fig u re mu lt i-NA T t o s u p p o rt mu lt ip le p u b lic IP
ad d res s es o n o n e W A N p o rt in t erface.
S ol uti on: Creat e an in b o u n d ru le t h at co n fig u res t h e firewall t o h o s t an ad d it io n al
p u b lic IP ad d res s . A s s o ciat e t h is ad d res s wit h a web s erv er o n t h e DM Z. If y o u
arran g e wit h y o u r ISP t o h av e mo re t h an o ne p u blic IP ad d ress fo r y o u r u se, y ou can
u s e t h e ad dit io nal p u blic IP ad d resses t o map t o s erv ers o n y o u r LA N. On e o f t h es e
p u b lic IP ad d resses is u sed as t h e p rimary IP ad d res s o f t h e ro u t er. Th is ad d res s is
u s ed t o p ro vid e In t ernet access t o y o ur LA N PCs t h ro u g h NA T. Th e o t her ad dress es
are av ailab le t o map t o y o u r DM Z s erv ers .
Th e fo llo win g ad d res s in g s ch eme is u s ed t o illu s t rat e t h is p ro ced u re:
 W A N IP ad d res s : 10.1.0.118
 LA N IP ad d res s : 192.168.10.1; s u b n et 255.255.255.0
 W eb s erv er h o s t in t h e DM Z, IP ad d res s : 192.168.12.222
 A cces s t o W eb s erv er: (s imu lat ed ) p u b lic IP ad d res s 10.1.0.52
Par am eter V alu e
To Zone Public (DMZ)
Service HTTP
Send to Local Server (DNAT IP) 192.168.12.222 ( w eb server local IP address)
Destination Users Single Address
94
E
From 10.1.0.52
x
WAN
a Users Any
m
Log Never
p
l e 4 : Blo c
Exampl e 4 : Blo ck t raffic b y s ch edu le if g en erated fro m s p ecific ran g e o f mach in es

Us e Cas e: Blo ck all HTTP t raffic o n t h e weeken d s if t h e req u es t o rig in at es fro m a
s p ecific g ro u p o f mach in es in t h e LA N h av in g a kn o wn ran g e o f IP ad d res s es , an d
an y o n e co min g in t h ro u g h t h e Net wo rk fro m t h e W A N (i.e. all remo t e u s ers ).
Confi g urati on:
1. Setup a schedule:
 To s et u p a s chedule t h at affects t raffic o n weeken ds o n ly, n av igate t o Secu rit y :

Sch ed u le, an d n ame t h e s ch ed u le “W eeken d ”
 Defin e “weeken d ” t o mean 12 am Sat u rd ay mo rn in g t o 12 am M o n d ay mo rn in g

– all d ay Sat u rd ay & Su n d ay
 In t h e Sch ed u led d ays b o x, ch eck t h at y o u wan t t h e s ch ed u le t o b e act iv e fo r

“s p ecific d ay s ”. Select “Sat u rd ay ” an d “Su n d ay ”
 In t h e s ch ed u led t ime o f d ay , s elect “all d ay ” – t h is will ap p ly t h e s ch ed u le

b et ween 12 am t o 11:59 p m o f t h e s elect ed d ay .
 Click ap p ly – n o w s ch edu le “Weeken d ” is o lat es all d ay Sat u rd ay an d Su n d ay

fro m t h e res t o f t h e week.
95
Figure 58 : Sche dule configurat io n for the above e xample .
2. Since we are trying to block HTTP requests, it is a service with To Zone: Insecure
(WAN1/WAN2/WAN3) that is to be blocked according to schedule “Weekend”.
96
3. Select the Action to “Block by Schedule, otherwise allow”. This will take a predefined
schedule and make sure the rule is a blocking rule during the defined dates/times. All
other times outside the schedule will not be affected by this firewall blocking rule
4. As we defined our schedule in schedule “Weekend”, this is available in the dropdown

menu
5. We want to block the IP range assigned to the marketing group. Let’s say they have IP
192.168.10.20 to 192.168.10.30. On the Source Users dropdown, select Address Range
and add this IP range as the from and To IP addresses.
6. We want to block all HTTP traffic to any services going to the insecure zone. The
Destination Users dropdown should be “any”.
7. We don’t need to change default QoS priority or Logging (unless desired) – clicking apply
will add this firewall rule to the list of firewall rules .
8. The last step is to enable this firewall rule. Select the rule, and click “enable” below the
list to make sure the firewall rule is active
5.5 Security on Custom Services

Advanced > Firewall Settings > Custom Services
Cu s t o m s erv ices can b e d efin ed t o ad d t o t he lis t o f s ervices av ailab le d u rin g firewall
ru le co n fig u rat io n . W h ile co mmo n s erv ices h av e kn o wn TCP/ UDP/ ICM P p o rt s fo r
t raffic, man y cu s t o m o r u n co mmo n ap p licat io n s exis t in t h e LA N o r W A N. In t h e
cu s t om s erv ice co nfig uratio n men u y o u can d efin e a ran g e o f p o rt s an d id en t ify t h e
t raffic t y p e (TCP/ UDP/ ICM P) fo r t h is s erv ice. On ce d efin ed , t h e n ew s erv ice will
ap p ear in t h e s erv ices lis t o f t h e firewall ru les co n fig u rat io n men u .
97
Figure 59 : Lis t of us e r de fine d s e rvice s .
Figure 60 : Cus tom Se rvice s configuratio n
Creat ed s erv ices are av ailab le as o p t io n s fo r firewall ru le co n fig u rat io n .

Name: Name o f t h e s erv ice fo r id en t ificat io n an d man ag emen t p u rp o s es .
Ty p e: Th e lay er 3 Pro t o co l t h at t h e s erv ice u s es . (TCP, UDP, BOTH, ICM P o r
ICM Pv 6)
Po rt Ty p e: Th is field s allo ws t o s elect Po rt Ran g e o r M u lt ip le Po rt s
ICM P Ty p e: Th is field is en ab led wh en t h e lay er 3 p ro t o co l (in t h e Ty p e field ) is
s elect ed as ICM P o r ICM Pv 6. Th e ICM P t y p e is a n u meric v alu e t h at can ran g e
b et ween 0 an d 40, wh ile fo r ICM Pv 6 t h e t y p e ran g es fro m 1 t o 255. Fo r a lis t o f
98
ICM P t y p es , v is it the fo llo win g URL:h t t p :/ / www.ian a.o rg / as s ig n men t s / icmp -

p aramet ers .
St art Po rt : Th e firs t TCP, UDP o r BOTH p o rt o f a ran g e t h at t h e s erv ice u s es . If t h e
s erv ice u s es o n ly o n e p o rt , t h en t h e St art Po rt will b e t h e s ame as t h e Fin is h Po rt .
Fin is h Po rt : Th e las t p o rt in t h e ran ge t hat t h e s erv ice u s es . If t h e s erv ice u s es o n ly
o n e p o rt , t h en t h e Fin is h Po rt will b e t h e s ame as t h e St art Po rt .
Po rt : Th e p o rt t h at t h e s erv ice u s es .
5.6 ALG support

Advanced > Firewall Settings > ALGs
A p p licat io n Lev el Gat eway s (A LGs ) are s ecu rit y co mp o nent t hat en h ance t h e firewall
an d NA T s u p p ort o f t h is ro u ter t o s eamles sly s up p o rt ap p licat io n lay er p ro t o co ls . In
s o me cas es en ablin g t h e A LG will allo w t h e firewall t o u s e d y n amic ep h emeral TCP/
UDP p o rt s t o co mmu n icat e wit h t h e kn o wn p o rts a p art icular clien t ap p licat io n (s u ch
as H.323 o r RTSP) req u ires , wit h o u t wh ich t h e ad min wo u ld h av e t o o p en larg e
n u mb er o f p o rt s t o accomp lis h t h e s ame s u p p o rt . Becau s e t h e A LG u n d ers t an d s t h e
p ro t o co l u s ed b y t h e s p ecific ap p licat io n t h at it s u p p o rt s , it is a v ery s ecu re an d
efficien t way o f in t ro d u cin g s u p p o rt fo r clien t ap p licat io n s t h ro u g h t h e ro u t er’s
firewall.
99
Figure 61 : Available ALG s upport on the route r.
5.7 VPN Passthrough for Firewall

Advanced > Firewall Settings > VPN Passthrough
Th is ro u t er’s firewall s et t in g s can b e co n fig u red t o allo w en cry p t ed VPN t raffic fo r
IPs ec , PPTP, an d L2TP VPN t u n n el co n n ect io n s b et ween t h e LA N an d in t ern et . A
s p ecific firewall ru le o r s erv ice is n o t ap p ro p riat e t o in t ro d u ce t h is p as s t h ro u g h
s u p p ort ; in s tead t he ap p ro p riat e ch eck b o xes in t h e VPN Pas s t h ro u g h p ag e mu s t b e
en ab led .
100
Figure 62 : Pas s through options for VPN tunne ls
5.8 Application Rules

Advanced > Application Rules > Application Rules
A p p licat io n ru les are als o referred t o as p o rt t rig g erin g . Th is feat u re allo ws d ev ices
o n t h e LA N o r DM Z t o req u es t o n e o r mo re p o rt s t o b e fo rward ed t o t h em. Po rt
t rig g erin g wait s fo r an o u t b o u n d req u es t f ro m t h e LA N/ DM Z o n o n e o f t h e d efin ed
o u t g o ing p ort s, an d t h en o pens an in co min g p ort fo r t h at s pecified t y pe o f t raffic. This
can b e t h o u g h t o f as a fo rm o f d y n amic p o rt fo rward in g wh ile an ap p licat io n is
t ran s mit t in g d at a o v er t h e o p en ed o u t g o in g o r in co min g p o rt (s ).
Po rt t rig g erin g ap plicat ion ru les are mo re flexib le t h an s t at ic p o rt fo rward in g t h at is
an av ailab le o p t io n wh en co nfig urin g firewall ru les . Th is is b ecaus e a p o rt t rig g erin g
ru le d o es n o t h ave t o referen ce a s p ecific LA N IP o r IP ran g e. A s well p o rt s are n o t
left o p en wh en n o t in u s e, t h ereby p ro vid in g a lev el o f s ecu rit y t h at p o rt fo rward in g
d o es n o t o ffer.
 Po rt t rig g erin g is n o t ap p ro p riat e fo r s erv ers o n t h e LA N, s in ce t h ere is a

d ep en d en cy o n t h e LA N d ev ice makin g an o u t g o in g co n n ect io n b ef o re in co min g
p o rt s are o p en ed .
So me ap p licat io n s req uire t h at wh en ext ern al d ev ices co n n ect t o t h em, t h ey receiv e

d at a o n a s p ecific p o rt o r ran g e o f p o rts in o rd er t o fu n ct ion p rop erly . Th e ro u ter mu s t
s en d all in co min g d at a fo r t h at ap p licat io n o n ly o n t h e req u ired p o rt o r ran g e o f p o rts.
Th e ro u t er h as a lis t o f co mmo n ap p licat io n s and g ames wit h co rresp ond ing o ut bou n d
an d in b o u nd p ort s t o o p en. Yo u can als o sp ecify a p o rt t rig gerin g ru le b y d efin ing t h e
t y p e o f t raffic (TCP o r UDP) an d t h e ran g e o f in co min g an d o u t g o in g p o rt s t o o p en
wh en en ab led .
101
Figure 63 : Lis t of Available Applicat io n Rule s s howing 4 unique rule s
Th e ap p licat io n ru le s t atus p age will lis t an y act iv e ru les , i.e. in co min g p o rt s t h at are
b ein g t rig g ered b a s ed o n o u t b o u n d req u es t s fro m a d efin ed o u t g o in g p o rt .
5.9 Web Content Filtering

Th e g at eway o ffers s ome s t andard web filt erin g o p t io n s t o allo w t h e ad min t o eas ily
creat e in t ern et access p o licies b etween t h e s ecu re LA N an d in s ecure W AN. In s tead o f
creat in g p o licies b ased o n t he t y pe o f t raffic (as is t h e case wh en u s ing firewall ru les),
web b as ed co n t en t it s elf can b e u s ed t o d et ermin e if t raffic is allo wed o r d ro p p ed .
5.9.1 Content Filtering
Advanced > Website Filter > Content Filtering

Co n t en t filt erin g mu s t b e en abled t o co n figu re an d u se t h e s ubsequent featu res (lis t o f
Tru s t ed Do main s , filt erin g o n Blo cked Key wo rds , et c.). Pro xy s erv ers , wh ich can b e
u s ed t o circu mv en t cert ain firewall ru les an d t h u s a p o t en t ial s ecu rit y g ap , can b e
b lo cked fo r all LA N d ev ice s . Jav a ap p let s can b e p rev en t ed fro m b ein g d o wn lo ad ed
fro m in t ern et s it es , an d s imilarly t h e g at eway can p rev en t A ct iv eX co n t ro ls fro m
b ein g d o wn lo aded v ia In t ernet Exp lo rer. Fo r ad d ed s ecu rit y co o kies , wh ich t y p ically
co n t ain s es s io n in fo rmat io n , can b e b lo cked as well fo r all d ev ices o n t h e p riv at e
n et wo rk.
102
Figure 64 : Conte nt Filte ring us e d to block acce s s to proxy s e rve rs and

pre ve nt Active X controls from be ing downloade d
5.9.2 Approv ed URLs
Advanced > Website Filter > Approved URLs

Th e A p p ro ved URLs is an accep t ance lis t fo r all URL d o main n ames . Do main s ad d ed
t o t h is lis t are allo wed in an y fo rm. Fo r examp le, if t h e d o main “y ah o o ” is ad d ed t o
t h is lis t t h en all o f t h e fo llo win g URL’s are p ermit t ed acces s fro m t h e LA N:
www.yahoo.com, yahoo.co.uk, et c. Imp o rt / exp o rt fro m a t ext o r CSV file fo r
A p p ro v ed URLs is als o s u p p o rt ed
103
Figure 65 : Two trus te d domains adde d to the Approve d URLs Lis t
5.9.3 Blocked Keywords
Advanced > Website Filter > Blocked Keywords

Key wo rd b lo ckin g allo ws y o u t o b lo ck all web s it e URL’s o r s it e co n t ent t h at con tains
t h e key wo rd s in t h e co n fig u red lis t . Th is is lo wer p rio rit y t h an t h e A p p ro v ed URL
Lis t ; i.e. if t h e b lo cked key wo rd is p res en t in a s it e allo wed b y a Tru s t ed Do main in
t h e A p p ro ved URL Lis t , t h en access t o t hat s it e will b e allo wed . Imp o rt / exp o rt fro m a
t ext o r CSV file fo r key wo rd b lo ckin g is als o s u p p o rt ed .
104
Figure 66 : One k e yword adde d to the block lis t
5.9.4 Export W eb Filter
Advanced > Website Filte r > Export

Exp o rt A p p ro v ed URLs : Feat u re en ables t h e u ser t o exp o rt t h e URLs t o b e allo wed t o
a cs v file wh ich can t h en b e d o wnlo ad ed t o t h e lo cal h o s t . Th e u s er h as t o click t h e
exp o rt b u t t o n t o g et t h e cs v file.
Exp o rt Blo cked Key wo rd s : Th is feat ure en ab les t he u ser t o exp o rt t he key wo rds t o b e
b lo cked t o a cs v file wh ich can t h en b e d o wn loaded t o t h e lo cal h o st. Th e u s er h as t o
click t h e exp o rt b u t t o n t o g et t h e cs v file .
105
Figure 67 : Export Approve d URL lis t
5.10 IP/MAC Binding

Advanced > IP/MAC Binding
A n o t h er av ailab le securit y meas u re is t o o n ly allo w o u t bou nd t raffic (fro m t h e LA N to
W A N) wh en t h e LA N n o d e h as an IP ad d ress mat ch in g t h e M A C ad dress b o u n d t o it .
Th is is IP/ M A C Bin d in g , an d b y en fo rcin g t h e g ateway t o v alid ate t h e s ou rce t raffic’s
IP ad d res s wit h t h e u n iq u e M A C A d d res s o f t h e co n fig u red LA N n o d e , t h e
ad min is t rat o r can en sure t raffic fro m t h at IP ad d res s is n ot s poo fed . In t h e ev en t o f a
v io lat io n (i.e. t h e t raffic’s s ou rce IP ad d ress d oesn’t mat ch u p wit h t h e exp ect ed MAC
ad d res s h avin g t h e s ame IP ad d ress) t h e p ackets will b e d ro p p ed an d can b e lo g ged for
d iag n o s is .
106
Figure 68 : The followi ng e xample binds a LAN hos t’s M AC Addre s s to an

IP addre s s s e rve d by DSR. If the re is an IP/M AC B inding
violation, the violating pack e t will be droppe d and logs will be
capture d
5.11 Intrusion Prevention (IPS)

Advanced > Advanced Network > IPS
Th e g at eway ’s In t rusio n Prev entio n Sy s tem (IPS) p rev en t s malicio u s at tacks fro m t h e
in t ern et fro m acces s in g t h e p riv at e n et wo rk. St at ic at t ack s ig n at u res lo ad ed t o t h e
DSR allo w co mmo n at t acks t o b e d etect ed an d p revent ed . Th e ch ecks can b e en ab led
b et ween t h e W A N an d DM Z o r LA N, an d a ru n n in g co u n t er w ill allo w t h e
ad min is t rat o r t o see h ow man y malicio u s in t ru sio n at temp t s fro m t h e W A N h av e b een
d et ect ed an d p rev en t ed .
 DSR-150/ 150N d o es n o t s u p p o rt In t ru s io n Prev en t io n S y s t em.
107
Figure 69 : Intrus ion Pre ve ntion fe ature s on the route r
5.12 Protecting from Internet Attacks

Advanced > Advanced Network > Attack Checks
A t t acks can b e malicio u s s ecu rit y b reach es o r u n in t en t io n al n et wo rk is s u es t h at
ren d er t h e ro u t er u n u s ab le. A t t ack ch ecks allo w y o u t o man ag e W A N s ecu rit y
t h reat s s uch a s co ntin ual p in g req uests an d d is co very v ia A RP s can s . TCP an d UDP
flo o d at t ack ch ecks can b e en ab led t o man ag e ext reme u s ag e o f W A N res o u rces .
A d d it io n ally cert ain Den ial-o f-Serv ice (Do S) at t acks can b e b lo cked. Th ese at t acks ,
if u n in h ib it ed , can u s e u p p ro ces s in g p o wer an d b an d wid t h an d p rev en t reg u lar
n et wo rk s erv ices fro m ru n n in g n o rmally . ICM P p acket flo o d in g , SYN t raffic
flo o d in g , an d Ech o s torm t h res ho lds can b e con fig ured t o t emp orarily s usp ect t raffic
fro m t h e o ffen d in g s o u rce.
108
Figure 70 : Prote cting the route r and LAN from inte rne t attack s
WAN S ecuri ty Check s :

En ab le St ealt h M o d e: If St ealt h M o de is en ab led, t h e ro u ter will n o t res p ond t o p o rt
s can s fro m t h e W A N. Th is makes it les s s u s cep t ib le t o d is co v ery an d at t acks .
Blo ck TCP Flo o d : If t h is o p t io n is en ab led , t h e ro u t er will d ro p all in v alid TCP
p acket s an d b e p ro t ect ed fro m a SYN flo o d at t ack.
LAN S ecuri ty Check s :
Blo ck UDP Flo o d : If t h is o p t io n is en abled, t h e ro u t er will n o t accep t mo re t h an 20
s imu lt an eo u s , act iv e UDP co n n ect io n s fro m a s in g le co mp u t er o n t h e LA N.
UDP Co n n ect io n Limit : Yo u can s et t h e n u mb er o f s imu lt an eo u s act iv e UDP
co n n ect io n s t o b e accep t ed fro m a s in g le co mp u t er o n t h e LA N; t h e d efau lt is 25
ICS A S etti ng s :
Blo ck ICM P No t ificat io n : s elect in g t h is p rev en t s ICM P p acket s fro m b ein g
id en t ified as s uch. ICM P p acket s, if id en t ified , can b e cap t u red an d u s ed in a Pin g
(ICM P) flo o d Do S at t ack.
109
Blo ck Frag men t ed Packet s : s elect in g t h is o p t io n d ro p s an y frag men t ed p acket s

t h ro u g h o r t o t h e g at eway
Blo ck M u lt icas t Packets: s elect ing t h is o pt io n d ro ps mu lt icast p acket s , wh ich co u ld
in d icat e a s p o o f at t ack, t h ro u g h o r t o t h e g at eway .
DoS Attack s :
SYN Flo o d Det ect Rat e (max/ s ec): Th e rat e at wh ich t h e SYN Flo o d can b e
d et ect ed .
Ech o St o rm (p in g p kt s / s ec): Th e n u mb er o f p in g p acket s p er s eco n d at wh ich t h e
ro u t er d et ect s an Ech o s t orm at t ack fro m t h e W A N an d p rev ent s fu rt h er p in g t raffic
fro m t h at ext ern al ad d res s .
ICM P Flo o d (ICM P p kt s / sec): Th e n u mb er o f ICM P p acket s p er s econ d at wh ich t h e
ro u t er d et ect s an ICM P flo o d at t ack fro m t h e W A N an d p rev en t s fu rt h er ICM P
t raffic fro m t h at ext ern al ad d res s .
 Th e p in g o n LA N in t erfaces is en ab led in d efau lt . To d is ab le t h e p in g res p o n s e

fro m LA N h o s t s t o t h e LA N/ W AN p o rt o f t h e d ev ice u n ch eck t h e " Allo w Pin g fro m
LA N" o p t io n .
110
Chapter 6. IPsec / PPTP / L2TP VPN

A VPN p ro v id es a s ecu re co mmu n icat io n ch an n el (“t u n n el”) b et ween t wo g at eway
ro u t ers o r a remo t e PC clien t . Th e fo llo win g t y p es o f t u n n els can b e creat ed :
 Gat eway -t o -g ateway VPN: t o co n n ect t wo o r mo re ro u t ers t o s ecure t raffi c b et ween
remo t e s it es .
 Remo t e Clien t (clien t -t o -g at eway VPN t u n n el): A remo t e clien t in it iat es a VPN
t u n n el as t h e IP ad d res s o f t h e remo t e PC clien t is n o t kn o wn in ad v an ce. Th e
g at eway in t h is cas e act s as a res p o n d er.
 Remo t e clien t b eh in d a NA T ro u t er: Th e clien t h as a d y n amic IP ad d res s an d is

b eh in d a NA T Ro u t er. Th e remo t e PC clien t at t h e NA T ro u t er in it ia t es a VPN
t u n n el as t h e IP ad d res s o f t h e remo t e NA T ro u t er is n o t kn o wn in ad v an ce. T h e
g at eway W A N p o rt act s as res p o n d er.
 PPTP s erv er fo r LA N / W A N PPTP clien t co n n ect io n s .
 L2TP s erv er fo r LA N / W A N L2TP clien t co n n ect io n s .
Figure 71 : Example of Gate way-to - Gate way IPs e c VPN tunne l us ing two
DSR route rs conne cte d to the Inte rne t
111
Figure 72 : Example of thre e IPs e c clie nt conne ctions to the inte rnal
ne twork through the DSR IPs e c gate way
112
6.1 VPN Wizard

Setup > Wizard > VPN Wizard
Yo u can u s e t h e VPN wizard t o q u ickly creat e b o t h IKE an d VPN p o licies . On ce t h e
IKE o r VPN p o licy is creat ed , y o u can mo d ify it as req u ired .
Figure 73 : VPN Wizard launch s cre e n
To eas ily es t ab lis h a VPN t u n n el u s in g VPN W izard , fo llo w t h e s t ep s b elo w:

1. Select the VPN tunnel type to create
 Th e t u n n el can eit her b e a g at eway t o g at eway co n nect ion (s it e -t o -s it e) o r a t u n n el

t o a h o s t o n t h e in t ern et (remo t e acces s ).
 Set t h e Co n n ect io n Name an d p re -s h ared key : t h e co n n ect io n n ame is u s ed fo r

man ag emen t , an d t h e p re -sh ared key will b e req u ired o n t h e VPN clien t o r g at eway
t o es t ab lis h t h e t u n n el
 Det ermin e t h e lo cal g at eway fo r t h is t u n n el; if t h ere is mo re t h an 1 W A N

co n fig u red t h e t u n n el can b e co n fig u red fo r eit h er o f t h e g at eway s .
113
2. Configure Remote and Local WAN address for the tunnel endpoints
 Remo t e Gat eway Ty p e: id en t ify t h e remo t e en d p o in t o f t h e t u n n el b y FQDN o r

s t at ic IP ad d res s
 Remo t e W A N IP ad d res s / FQDN: Th is field is en ab led o n ly if t h e p eer y o u are

t ry in g t o co n n ect t o is a Gat eway . Fo r VPN Clien t s , t h is IP ad d res s o r In t ern et
Name is d et ermin ed wh en a co n n ect io n req u es t is re ceiv ed fro m a clien t .
 Lo cal Gat eway Ty p e: id en t ify t h is ro u t er’s en d p o in t o f t h e t u n n el b y FQDN o r

s t at ic IP ad d res s
 Lo cal W A N IP ad d ress / FQDN: Th is field can b e left b lan k if y o u are n o t u s in g a

d ifferen t FQDN o r IP ad d res s t h an t h e o n e s p ecified in t h e W A N p o rt ’s
co n fig u rat io n .
3. Configure the Secure Connection Remote Accessibility fields to identify the remote
network:
 Remo t e LA N IP ad d res s : ad d res s o f t h e LA N b eh in d t h e p eer g at eway
 Remo t e LA N Su b n et M as k: t h e s u b n et mas k o f t h e LA N b eh in d t h e p eer
 Note: Th e IP ad d res s ran ge u sed o n t h e remo t e LA N mu s t b e d ifferen t fro m t h e IP

ad d res s ran g e u s ed o n t h e lo cal LA N.
4. Review the settings and click Connect to establish the tunnel.
Th e W izard will creat e an A u t o IPs ec p o licy wit h t h e fo llo win g d efau lt v alu es fo r a
VPN Clien t o r Gat eway p o licy (t h es e can b e acces s ed fro m a lin k o n t h e W izard
p ag e):
Par am eter De f au lt value f rom Wizard
Exchange Mode Aggressive (Client policy ) or Main (Gatew ay policy)
ID Type FQDN
Local WAN ID w an_local.com (only applies to Client policies)
Remote WAN ID w an_remote.com (only applies to Client policies)
Encryption Algorithm 3DES
Authentication Algorithm SHA-1
Authentication Method Pre-shared Key
PFS Key-Group DH-Group 2(1024 bit)
Life Time (Phase 1) 24 hours
114
Par am eter De f au lt value f rom Wizard
Exchange Mode Aggressive (Client policy ) or Main (Gatew ay policy)
ID Type FQDN
Local WAN ID w an_local.com (only applies to Client policies)
Remote WAN ID w an_remote.com (only applies to Client policies)
Encryption Algorithm 3DES
Authentication Algorithm SHA-1
Authentication Method Pre-shared Key
PFS Key-Group DH-Group 2(1024 bit)
NETBIOS Enabled (only applies to Gatew ay policies)
 Th e VPN W izard is t h e reco mmen d ed met h o d t o s et u p an A u t o IPs ec p o licy .

On ce t h e W izard creat es t h e mat ch in g IKE an d VPN p o licies req u ired b y t h e A u t o
p o licy , o n e can mo d ify t h e req uired field s t h ro ugh t he ed it lin k. Refer t o t h e o n lin e
h elp fo r d et ails .
Eas y Set u p Sit e t o Sit e VPN Tu n n el:

If y o u fin d it d ifficu lt t o co n fig u re VPN p o licies t h ro ugh VPN wizard u s e easy s et up
s it e t o s it e VPN t u n n el. Th is will ad d VPN p o licies b y imp o rt in g a file co n t ain in g v pn
p o licies .
6.2 Configuring IPsec Policies

Setup > VPN Settings > IPsec > IPsec Policies
A n IPs ec p o licy is b et ween t his ro ut er an d an oth er g at eway o r t h is ro u t er an d a IPs ec
clien t o n a remo t e h o s t . Th e IPs ec mo d e can b e eit her t u nnel o r t ran s p o rt d ep en d in g
o n t h e n et wo rk b ein g t rav ers ed b et ween t h e t wo p o licy en d p o in t s .
 Tran s p ort : Th is is u sed fo r en d -to -en d co mmu n icat ion b et ween t h is ro u t er an d t h e
t u n n el en d p o in t , eit h er an o t h er IPs ec g at eway o r an IPs ec VPN clien t o n a h o s t .
On ly t h e d at a p ay lo ad is en cry pted an d t he IP h ead er is n o t mo d ified o r en cry p t ed .
 Tu n n el: Th is mo d e is u s ed fo r n et wo rk -t o -n et wo rk IPs ec t u n n els wh ere t h is

g at eway is o n e en dpo int o f t h e t u nn el. In t h is mo d e t h e en t ire IP p acket in clu d in g
t h e h ead er is en cry p t ed an d / o r au t h en t icat ed .
W h en t u n n el mo d e is s elect ed , y o u can en ab le Net BIOS an d DHCP o v er IPs ec .

DHCP o v er IPs ec allo ws t h is ro ut er t o s erve IP leas es t o h o sts o n t h e remo t e LA N. A s
well in t h is mo d e y o u can d efin e t h e s ing le IP ad d ress, ran ge o f IPs , o r s u b net o n b oth
t h e lo cal an d remo t e p riv at e n et wo rks t h at can co mmu n icat e o v er t h e t u n n el.
115
Figure 74 : IPs e c policy configurat ion
On ce t h e t u n nel t y p e an d en d poin t s o f t h e t u n n el are d efin ed y o u can d et ermin e t h e

Ph as e 1 / Ph as e 2 n eg o t iatio n t o u se fo r t h e t un nel. Th is is co v ered in t h e IPs ec mode
s et t in g , as t h e p o licy can b e M an u al o r A u t o . Fo r A u t o p o licies , t h e In t ern et Key
Exch an g e (IKE) p ro t o co l d y namically exch an g es key s b et ween t wo IPs ec h o s t s . Th e
Ph as e 1 IKE p aramet ers are u s ed t o d efin e t h e t u n n el’s s ecu rit y as s o ciat io n d et ails .
Th e Ph as e 2 A u t o p o licy p aramet ers co v er t h e s ecu rit y as s o ciat io n lifet ime an d
en cry p t io n / a u t h en t icat io n d et ails o f t h e p h as e 2 key n eg o t iat io n .
116
Th e VPN p o licy is o n e h alf o f t h e IKE/ VPN p o licy p air req u ired t o est ab lis h an A u t o
IPs ec VPN t u n n el. Th e IP ad d res s es o f t h e mach in e o r mach in es o n t h e t wo VPN
en d p o in ts are co nfig u red h ere, alo n g wit h t h e p o licy p aramet ers req u ired t o s ecure t he
t u n n el
Figure 75 : IPs e c policy configurat ion continue d (Auto policy via IKE)
A M an u al p o licy d o es n ot u s e IKE an d in s t ead relies o n man u al key in g t o exch an g e

au t h en ticat io n p aramet ers b etween t h e t wo IPs ec h o s t s . Th e in co min g an d o u t g o in g
s ecu rit y p aramet er in d ex (SPI) v alu es mu s t b e mirro red o n t h e remo t e t u n n el
117
en d p o in t. A s well t h e en cry pt io n an d in t egrit y alg o rit hms an d key s mu s t mat ch on the

remo t e IPs ec h o s t exact ly in o rd er fo r t h e t u nn el t o es t ab lis h s u cces s fu lly . No t e t h at
u s in g A u to p olicies wit h IKE are p referred as in s o me IPs ec imp lemen t at io n s t h e SPI
(s ecu rit y p aramet er in d ex) v alu e s req u ire co n v ers io n at each en d p o in t .
DSR s u p p orts VPN ro ll-o v er feat u re. Th is mean s t h at p o licies co n fig u red o n p rimary
W A N will ro llo v er t o t h e s eco n d ary W A N in cas e o f a lin k failu re o n a p rimary
W A N. Th is feat u re can b e u s ed o n ly if y o u r W A N is co n f ig u red in A u t o -Ro llo v er
mo d e.
118
Figure 76 : IPs e c policy configurat ion continue d (Auto / M anual Phas e 2)
6.2.1 Extended Authentication (XAUTH)

Yo u can als o co n fig ure ext en ded au t hen ticatio n (XA UTH). Rat h er t h an co n fig u re a
u n iq u e VPN p o licy fo r each u s er, y o u can co n fig u re t h e VPN g at eway ro u t er t o
au t h en t icat e u s ers fro m a s t o red lis t o f u s er acco u n t s o r wit h an ext ern al
au t h en ticat io n s erv er s u ch as a RA DIUS s erv er. W it h a u s er d atabase, u ser accou n t s
creat ed in t h e ro u t er are u s ed t o au t h en t icat e u s ers .
119
W it h a co n fig u red RA DIUS s erv er, t h e ro u t er co n n ect s t o a RA DIUS s erv er an d

p as s es t o it t h e credent ials t h at it receiv es fro m t h e VPN clien t . Yo u can s ecu re t h e
co n n ect io n b et ween t h e ro u t er an d t h e RA DIUS s erv er wit h t h e au t h en t icat io n
p ro t o co l s u p p o rt ed b y t h e s erv er (PA P o r CHA P). Fo r RA DIUS – PA P, t h e ro u t er
firs t ch ecks in t h e u ser d atabase t o s ee if t h e u s er cred en t ials are av ailab le; if t h ey
are n o t , t h e ro u t er co n n ect s t o t h e RA DIUS s erv er.
6.2.2 Internet ov er IPSec tunnel

In t h is feat u re all t h e t raffic will p as s t h rou gh t h e VPN Tu n n el an d fro m t h e Remo t e
Gat eway t h e p acket will b e ro u t ed t o In t ern et . On t h e remo t e g at eway s id e, t h e
o u t g o in g p acket will b e SNA T'ed .
6.3 Configuring VPN clients

Remo t e VPN clien t s mu s t b e co nfig u red wit h t h e s ame VPN p o licy p aramet ers used in
t h e VPN t u n n el t h at t h e clien t wis h es t o u se: en crypt io n, au thent icat ion , life t ime, an d
PFS key -g ro u p . Up o n es t ab lis h in g t h es e au t h en t icat io n p aramet ers , t h e VPN Clien t
u s er d at ab a s e mu s t als o b e p o p u lat ed wit h an acco u n t t o g iv e a u s er acces s t o t h e
t u n n el.
 VPN clien t s o ft ware is req uired t o es t ab lis h a VPN t u n n el b et ween t h e ro u t er an d

remo t e en d p o in t. Op en so urce s o ftware (s uch as Op en VPN o r Op en s wan ) as well as
M icro s o ft IPs ec VPN s o ft ware can b e co n fig u red wit h t h e req u ired IKE p o licy
p aramet ers t o est ab lish an IPs ec VPN t u n n el. Refer t o t h e clien t s o ft ware g u id e fo r
d et ailed in s t ru ct io n s o n s et u p as well as t h e ro u t er’s o n lin e h elp .
Th e u s er d at abase co nt ain s t he lis t o f VPN u s er acco un ts t h at are au t h o rized t o u s e a

g iv en VPN t u n n el. A lt ern at iv ely VPN t u n n el u s ers can b e au t h en t icat ed u s in g a
co n fig u red Rad iu s d at ab ase. Refer t o t h e o nlin e h elp t o d et ermin e h o w t o p o pu late the
u s er d at ab as e an d / o r co n fig u re RA DIUS au t h en t icat io n .
6.4 PPTP / L2TP Tunnels

Th is ro u t er s up port s VPN t u n n els fro m eit h er PPTP o r L2TP ISP s erv ers . Th e ro u t er
act s as a b ro ker d ev ice t o allo w t h e ISP's s erv er t o creat e a TCP co n t ro l co n n ect io n
b et ween t h e LA N VPN clien t an d t h e VPN s erv er.
6.4.1 PPTP Tunnel Support

Setup > VPN Settings > PPTP > PPTP Client
PPTP VPN Clien t can b e co n fig u red o n t h is ro u ter. Us in g t h is clien t we can acces s
remo t e n et wo rk wh ich is lo cal t o PPTP s erv er. On ce clien t is en ab led , t h e u s er can
acces s Status > Active VPNs p ag e an d es t ab lis h PPTP VPN t u n n el clickin g
Co n n ect . To d is co n n ect t h e t u n n el, click Dro p .
120
Figure 77 : PPTP tunne l configuratio n – PPTP Clie nt
Figure 78 : PPTP VPN conne ction s tatus
Setup > VPN Settings > PPTP > PPTP Server

A PPTP VPN can b e es t ablis hed t h rou gh t h is ro u ter. On ce en ab led a PPTP s erv er is
av ailab le o n t h e ro u t er fo r LA N an d W A N PPTP clien t u s ers t o acces s . On ce t h e
PPTP s erv er is en ab led , PPTP clien t s t h at are wit h in t h e ran g e o f co n fig u red IP
ad d re s ses o f allo wed clien t s can reach t he ro u ter’s PPTP s erv er. On ce au t hen t icat ed
b y t h e PPTP s erv er (t h e t u nnel en d poin t), PPTP clien t s h av e acces s t o t h e n et wo rk
man ag ed b y t h e ro u t er.
121
Figure 79 : PPTP tunne l configuratio n – PPTP Se rve r
6.4.2 L2TP Tunnel Support
Setup > VPN Settings > L2TP > L2TP Server

A L2TP VPN can b e es t ablis hed t h rou gh t h is ro u ter. On ce en ab led a L2TP s erv er is
av ailab le o n t h e ro u t er fo r LA N an d W A N L2TP clien t u s ers t o acces s . On ce t h e
L2TP s erv er is en ab led , L2TP clien t s t h at are wit h in t h e ran g e o f co n fig u red IP
ad d res ses o f allo wed clien t s can reach t he ro u ter’s L2TP s erv er. On ce au t hen t icat ed
b y t h e L2TP s erv er (t h e t u nnel en d poin t ), L2TP clien t s h av e acces s t o t h e n et wo rk
man ag ed b y t h e ro u t er.
122
Figure 80 : L2TP tunne l configuratio n – L2TP Se rve r
6.4.3 OpenVPN Support
Setup > VPN Settings > OpenVPN > OpenVPN Configuration

Op en VPN allo ws p eers t o au t h en t icat e each o t h er u s in g a p re -s h ared s ecret key ,
cert ificat es , o r u sername/ passwo rd . W hen u sed in a mu lt iclien t -s erv er co n figu rat ion,
it allo ws t h e s erv er t o releas e an au t h en t icat io n cert ificat e fo r ev ery clien t , u s in g
123
s ig n at ure an d Cert ificat e au th o rit y . A n Op en VPN can b e es t ab lis h ed t h ro u g h t h is

ro u t er. Ch eck/ Un ch eck t h is an d click s av e s et t in g s t o s t art / s t o p o p en v p n s erv er.
 M o d e: Op en VPN d aemo n mo d e. It can ru n in s erv er mo d e, clien t mo d e o r
acces s s erv er clien t mo d e. In a cces s s erv er clien t mo d e, t h e u s er h as t o
d o wn lo ad t h e au t o lo g in p rofile fro m t h e Op en v p n A ccess Serv er an d u p load
t h e s ame t o co n n ect .
 Serv er IP: Op en VPN s erv er IP ad d res s to wh ich the clien t
co n n ect s (A p p licab le in clien t mo d e).
 Vp n Net wo rk: A d d res s o f t h e Virt u al Net wo rk.
 Vp n Net mas k: Net mas k o f t h e Virt u al Net wo rk.
 Po rt : Th e p o rt n u mb er o n wh ich o p en v p n s erv er(o r A cces s Serv er) ru n s .
 Tu n n el Pro t o col: Th e p ro t o co l u s ed t o co mmu n icat e wit h t h e remo t e h o s t .
Ex: Tcp , Ud p . Ud p is t h e d efau lt .
 En cry p t io n A lg orit hm: Th e cip h er wit h wh ich t h e p ackets are en cry pt ed . Ex:
BF-CBC, A ES-128,A ES-192 an d A ES-256. BF-CBC is t h e d efau lt
 Has h alg o rit h m: M es sage d ig est alg orit hm u s ed t o au t hen t icat e p acket s . Ex:
SHA 1, SHA 256 an d SHA 512. SHA 1 is t h e d efau lt .
 Tu n n el Ty p e: Select Fu ll Tu n n el t o red irect all t h e t raffic t h ro u g h t h e
t u n n el. Select Sp lit Tu n n el t o red irect t raffic t o o n ly s p ecified res o u rces
(ad d ed fro m o p en Vp n Clien t Ro u t es) t h ro u g h t h e t u n n el. Fu ll Tu n n el is t h e
d efau lt .
 En ab le Clien t t o Clien t co mmu n icat io n : En a b le t h is t o allo w o p env pn clients
t o co mmu n icat e wit h each o t h er in s p lit t u n n el cas e. Dis ab led b y d efau lt .
 Up lo ad A ccess Serv er Clien t Co n fig u rat io n : Th e u s er h as t o d o wn lo ad t h e
au t o lo g in p ro file an d u p lo ad h ere t o co n n ect t h is ro u t er t o t h e Op en VPN
A cces s Serv er.
 Cert ificat es : Select t h e s et o f cert ificat es o p en v p n s erv er u s es . Firs t Ro w:
Set o f cert ificat es an d key s t h e s erv er u ses. Seco n d Ro w: Set o f cert ificat es
an d key s n ewly u p lo ad ed .
 En ab le Tls A u t h ent icat ion Key : En ab lin g t h is ad ds Tls au th ent icat io n wh ich
ad d s an ad dit io nal lay er o f au t henticatio n. Can b e ch ecked o n ly wh en t h e t ls
key is u p lo ad ed . Dis ab led b y d efau lt .
Click Sav e Set t in g s t o s av e t h e s et t in g s .
124
Figure 81 : Ope nVPN configuratio n
6.4.4 OpenVPN Remote Network
Setup > VPN Settings > OpenVPN > OpenVPN Remote Network (Site-to-
Site)
Th is p ag e allo ws t h e u s er t o ad d / ed it a remo t e n et wo rk an d n et mas k wh ich allo ws t h e
o t h er Op en VPN clien t s t o reach t h is n et wo rk.
125
Figure 82 : Ope nVPN Re mote Ne twork
Common Name : Co mmo n Name o f t h e Op en VPN clien t cert ificat e.

Remote Network : Net wo rk ad d res s o f t h e remo t e res o u rce.
S ubnet Mas k : Net mas k o f t h e remo t e res o u rce.
6.4.5 OpenVPN Authentication
Setup > VPN Settings > OpenVPN > OpenVPN Authentication

Th is p ag e allo ws t h e u s er t o u p lo ad req u ired cert ificat es an d key s .
126
Figure 83 : Ope nVPN Authe nticat io n
Trus ted Certi fi cate (CA Certi fi cate) : Bro ws e an d u p lo ad t h e p em fo rmat t ed CA

Cert ificat e.
S erver/ Cl i ent Certi fi cate : Bro ws e an d u p lo ad t h e p em fo rmat t ed Serv er/ Clien t
Cert ificat e.
S erver/ Cl i ent Key: Bro ws e an d u p lo ad t h e p em fo rmat t ed Serv er/ Clien t Key .
DH Key: Bro ws e an d u p lo ad t h e p em fo rmat t ed Diffie Hellman Key .
Tl s Authenti cati on Key: Bro ws e an d u p lo ad t h e p em fo rmat t ed Tls A u t h en t icat io n
Key .
127
Chapter 7. SSL VPN
Th e ro u t er p ro v ides a n in t rin sic SSL VPN feat u re as an alt ern at e t o t h e s t an d ard IPs ec
VPN. SSL VPN d iffers fro m IPs ec VPN main ly b y remo v in g t h e req u iremen t o f a p re -
in s t alled VPN clien t o n t h e remo t e h o st. In s tead , u sers can s ecu rely lo g in t h ro u g h t h e
SSL Us er Po rt al u s in g a s t an d ard web b ro ws er an d receiv e acces s t o co n fig u red
n et wo rk res o u rces wit h in t h e co rp orate LA N. Th e ro u t er s u p p o rt s mu lt ip le co n cu rren t
s es s io n s t o allo w remo t e u s ers t o acces s t h e LA N o v er an en cry p t ed lin k t h ro u g h a
cu s t o mizab le u s er p o rt al in t erface, an d each SSL VPN u s er can b e as s ig n ed u n iq u e
p riv ileg es an d n et wo rk res o u rce acces s lev els .
Th e remo t e u s er can b e p ro vid ed d ifferent o pt io ns fo r SSL s erv ice t h ro u g h t h is ro u t er:
 VPN Tunnel : Th e remo t e u s er’s SSL en ab led b ro ws er is u s ed in p lace o f a VPN
clien t o n t h e remo t e h o s t t o es t ab lis h a s ecu re VPN t u n n el. A SSL VPN clien t
(A ct iv e -X o r Jav a b as ed ) is in s t alled in t h e remo t e h o s t t o allo w t h e clien t t o jo in
t h e co rp o rat e LA N wit h p re-co n fig u red acces s / p o licy p riv ileg es . A t t h is p o in t a
v irt u al n et wo rk in t erface is created o n t he u ser’s h o s t an d t h is will b e as s ig n ed an
IP ad d res s an d DNS s erv er ad d res s fro m t h e ro u t er. On ce es t ab lis h ed , t h e h o s t
mach in e can acces s allo cat ed n et wo rk res o u rces .
 Port Forwardi ng : A web -b as ed (A ct iv eX o r Jav a) clien t is in s t alled o n t h e clien t

mach in e ag ain . No t e t h at Po rt Fo rward in g s ervice o n ly s u p p o rt s TCP co n n ect io n s
b et ween t h e remo t e u s er an d t he ro u ter. Th e ro ut er ad min is t rat or can d efine s pecific
s erv ices o r ap p licatio ns t h at are av ailable t o remo t e p o rt fo rward in g u s ers in s t ead
o f acces s t o t h e fu ll LA N like t h e VPN t u n n el.
 A ct iv eX clien t s are u s ed wh en t h e remo t e u ser accesses t h e p o rt al u s ing t he In ternet

Exp lo rer b ro ws er. Th e Jav a clien t is u s ed fo r o t h er b ro ws ers like M o zilla Firefo x,
Net s cap e Nav ig at o r, Go o g le Ch ro me, an d A p p le Safari.
Figure 84 : Example of clie ntle s s SSL VPN conne ctions to the DSR
130
7.1 Groups and Users

Advanced > Users > Groups
Th e g ro u p p ag e allo ws creat in g , ed it in g an d d elet in g g ro u p s . Th e g ro u p s are
as s o ciat ed t o s et o f u s er t y pes. Th e lis ts o f av ailab le g ro ups are d is p layed in t h e “Lis t
o f Gro u p ” p ag e wit h Gro u p n ame an d d es crip t io n o f g ro u p .
 Click A d d t o creat e a g ro u p .
 Click Ed it t o u p d at e an exis t in g g ro u p .
 Click Delet e t o clear an exis t in g g ro u p .
Figure 85 : Lis t of groups
Gro u p co n fig u rat io n p age allo ws t o creat e a g ro u p wit h a d ifferen t t y pe o f u s ers . Th e

u s er t y p es are as fo llo ws :
 PPTP Us er: Th es e are PPTP VPN t u n n el LA N u s ers t h at can es tablis h a t unnel
wit h t h e PPTP s erv er o n t h e W A N.
 L2TP Us er: Th es e are L2TP VPN t u n n el LA N u s ers t h at can es tablis h a t unnel
wit h t h e L2TP s erv er o n t h e W A N.
 Xau t h Us er: Th is u s er’s au t h en t icat io n is p erfo rmed b y an ext ern ally
co n fig u red RA DIUS o r o t h er En t erp rise s erv er. It is n o t p art o f t h e lo cal u s er
d at ab as e.
 SSLVPN Us er: Th is u s er h as acces s t o t h e SSL VPN s erv ices as d et ermin ed
b y t h e g ro u p p o licies an d aut henticatio n d o main o f wh ich it is a memb er. Th e
d o main -d et ermin ed SSL VPN p o rt al will b e d is p lay ed wh en lo g g in g in wit h
t h is u s er t y p e.
131
 A d min : Th is is t h e ro u t er’s s u p er-u s er, an d can man ag e t h e ro u t er, u s e SSL

VPN t o acces s n et wo rk res o u rces , an d lo g in t o L2TP/ PPTP s erv ers o n t h e
W A N. Th ere will alway s b e o n e d efau lt ad min is t rat o r u s er fo r t h e GUI
 Gu es t Us er (read -o n ly ): Th e g uest u s er g ain s read o n ly acces s t o t h e GUI t o
o b s erv e an d rev iew co n fig uratio n s ettin gs. Th e g u est d oes n o t h av e SSL VPN
acces s .
 Cap t iv e Po rt al Us er: Th es e cap tiv e p ort al u s ers h as access t h ro ugh t h e ro u t er.
Th e acces s is d et ermin ed b as ed o n cap t iv e p o rt al p o licies .
Id le Timeo u t : Th is t h e lo g in t imeo u t p erio d fo r u s ers o f t h is g ro u p .
Figure 86 : Us e r group configu rat ion
W h en SSLVPN u s ers are s elect ed , t h e SSLVPN s et t in g s are d is p lay ed wit h t h e

fo llo win g p aramet ers as cap t u red in SSLVPN Set t in g s . A s p er t h e A u t h en t icat io n
Ty p e SSL VPN d et ails are co n fig u red .
 A u t h ent icat ion Ty p e: Th e au t h en t icat io n Ty p e can b e o n e o f t h e fo llo w in g :
Lo cal Us er Dat ab ase (d efault ), Rad iu s -PAP, Rad iu s-CHA P, Rad iu s -MSCHAP,
Rad iu s -M SCHA Pv 2, NT Do main , A ct iv e Direct o ry an d LDA P.
 A u t h en t icat io n Secret : If t h e d o main u s es RA DIUS au t h en t icat io n t h en t h e
au t h en ticat io n s ecret is req u ired (an d t h is h as t o mat ch t h e s ecret co n fig u red
o n t h e RA DIUS s erv er).
 W o rkg ro u p : Th is is req u ired is fo r NT d o main au t h en t icat io n . If t h ere are
mu lt ip le wo rkg ro u p s , u s er can en t er t h e d et ails fo r u p t o t wo wo rkg ro u p s .
 LDA P Bas e DN: Th is is t h e b as e d o main n ame fo r t h e LDA P au t h en t icat io n
s erv er. If t h ere are mu lt ip le LDA P au t h en ticatio n s erv ers , u s er can en t er t h e
d et ails fo r u p t o t wo LDA P Bas e DN.
132
 A ct iv e Direct o ry Do main : If t h e d o main u s es t h e A ct iv e Direct o ry

au t h en t icat io n , t h e A ct iv e Direct o ry d o main n ame is req u ired . Us ers
co n fig u red in t h e A ct ive Direct o ry d atabase are g iv en acces s t o t h e SSL VPN
p o rt al wit h t h eir A ct iv e Direct o ry u s ern ame an d p as s wo rd . If t h ere are
mu lt ip le A ct iv e Direct o ry d o main s , u s er can en t er t h e d et ails fo r u p t o t wo
au t h en t icat io n d o main s .
 Timeo u t : Th e t imeo u t p erio d fo r reach in g t h e au t h en t icat io n s erv er.
 Ret ries : Th e n u mb er o f ret ries t o au t henticat e wit h t h e au t h en t icat io n s erv er
aft er wh ich t h e DSR s t o p s t ry in g t o reach t h e s erv er.
Figure 87 : SSLVPN Se ttings
Log i n Pol i ci es
To s et lo g in p o licies fo r t h e g ro u p , s elect t h e co rres p o n d in g g ro u p click “Lo g in
p o licies ”. Th e fo llo win g p aramet ers are co n fig u red :
 Gro u p Name: Th is is t h e n ame o f t h e g ro u p t h at can h av e it s lo g in p o licy
ed it ed
133
 Dis ab le Lo g in : En ab le t o p rev en t t h e u sers o f t h is g ro up fro m lo g g in g in t o the

d ev ices man ag emen t in t erface(s )
 Den y Lo g in fro m W A N in t erface: En ab le t o p rev en t t h e u s ers o f t h is g ro u p
fro m lo g g in g in fro m a W A N (wid e area n et wo rk) in t erface. In t h is cas e o n ly
lo g in t h ro u g h LA N is allo wed .
Figure 88 : Group login policie s options
Pol i cy by B rows ers

To s et b ro ws er p olicies fo r t h e g ro up , s elect t h e co rrespo ndin g g ro u p click “ Po licy b y
Bro ws ers ”. Th e fo llo win g p aramet ers are co n fig u red :
ed it ed
 Den y Lo g in fro m Defin ed Bro ws ers : Th e lis t o f d efin ed b ro ws ers b elo w will
b e u s ed t o p revent t h e u sers o f t h is g ro up fro m lo g g in g in t o t h e ro u t ers GUI.
A ll n o n -d efin ed b ro ws ers will b e allo wed fo r lo g in fo r t h is g ro u p .
 A llo w Lo g in fro m Defin ed Bro ws ers : Th e lis t o f d efin ed b ro ws ers b elo w will
b e u s ed t o allo w t h e u s ers o f t h is g ro u p fro m lo g g in g in t o t h e ro u t ers GUI.
A ll n o n -d efin ed b ro ws ers will b e d en ied fo r lo g in fo r t h is g ro u p .
 Defin ed Bro ws ers :Th is lis t d is plays t h e web b ro ws ers t h at h ave b een add ed t o
t h e Defin ed Bro ws ers lis t , u p o n wh ich g ro u p lo g in p o licies can b e d efin ed .
(Ch eck Bo x A t Firs t Co lu mn Head er): Select s all t h e d efin ed b ro ws ers in t h e
t ab le.
 Delet e: Delet es t h e s elect ed b ro ws er(s ).
Yo u can ad d t o t h e lis t o f Defin ed Bro ws ers b y s elect ing a clien t b ro wser fro m the
d ro p d o wn men u an d clickin g A d d. Th is b rows er will t h en ap p ear in t h e ab ov e list
o f Defin ed Bro ws ers .
 Click Sav e Set t in g s t o s av e y o u r ch an g es .
134
Figure 89 : B rows e r policie s options
Pol i cy by IP
To s et p o licies b ye IP fo r t h e g ro u p , select t h e co rres p o n d in g g ro u p click “Po licy b y
IP”. Th e fo llo win g p aramet ers are co n fig u red :
ed it ed
 Den y Lo g in fro m Defin ed Bro ws ers : Th e lis t o f d efin ed b ro ws ers b elo w will
b e u s ed t o p revent t h e u sers o f t h is g ro up fro m lo g g in g in t o t h e ro u t ers GUI.
A ll n o n -d efin ed b ro ws ers will b e allo wed fo r lo g in fo r t h is g ro u p .
 A llo w Lo g in fro m Defin ed Bro ws ers : Th e lis t o f d efin ed b ro ws ers b elo w will
b e u s ed t o allo w t h e u s ers o f t h is g ro u p fro m lo g g in g in t o t h e ro u t ers GUI.
A ll n o n -d efin ed b ro ws ers will b e d en ied fo r lo g in fo r t h is g ro u p .
 Defin ed Bro ws ers :Th is lis t d is plays t h e web b ro ws ers t h at h ave b een add ed t o
t h e Defin ed Bro ws ers lis t , u p o n wh ich g ro u p lo g in p o licies can b e d efin ed .
(Ch eck Bo x A t Firs t Co lu mn Head er): Select s all t h e d efin ed b ro ws ers in t h e
t ab le.
 Delet e: Delet es t h e s elect ed b ro ws er(s ).
Yo u can ad d t o t h e lis t o f Defin ed Bro ws ers b y s elect ing a clien t b ro wser fro m the
d ro p d o wn men u an d clickin g A d d. Th is b rows er will t h en ap p ear in t h e ab ov e list
o f Defin ed Bro ws ers .
135
 Click Sav e Set t in g s t o s av e y o u r ch an g es .

Figure 90 : IP policie s options
 Lo g in Po licies , Po licy b y Bro ws ers , Po licy b y IP are ap p licab le SSL VPN u s er

o n ly .
Advanced > Users > Users

Th e u s ers p ag e allo ws ad d in g , ed it in g an d d elet in g exis t in g g ro u p s . Th e u s er are
as s o ciat ed t o co nfig u red g rou ps. Th e lis t s o f av ailable u sers are d is played in t h e “Lis t
o f Us ers ” p ag e wit h Us er n ame, as s o ciat ed g ro u p an d Lo g in s t at u s .
 Click A d d t o creat e a u s er.
 Click Ed it t o u p d at e an exis t in g u s er.
 Click Delet e t o clear an exis t in g u s er
136
Figure 91 : Available Us e rs with login s tatus and as s ociate d Group
7.1.1 Users and Passwords
Advanced > Users > Users

Th e u s er co n fig uratio ns allo w creat in g u sers asso ciat ed t o g ro u p . Th e u s er s et t in g s
co n t ain t h e fo llo win g key co mp o n en t s :
 Us er Name: Th is is u n iq u e id en t ifier o f t h e u s er.
 Firs t Name: Th is is t h e u s er’s firs t n ame
 Las t Name: Th is is t h e u s er’s las t n ame
 Select Gro u p : A g ro u p is ch o s en fro m a lis t o f co n fig u red g ro u p s .
 Pas s wo rd : Th e p as s wo rd as s o ciat ed wit h t h e u s er n ame.
 Co n firm Pas s wo rd : Th e s ame p as s wo rd as ab o v e is req u ired t o mit ig at e
ag ain s t t y p in g erro rs .
 Id le Timeo u t : Th e s es s io n t imeo u t fo r t h e u s er.
It is reco mmen d ed t h at p asswo rds co nt ain s n o d ict io nary wo rd s fro m an y lan g u ag e,
an d is a mixt u re o f let t ers (b o th u p p ercas e an d lo werca s e), n u mb ers , an d s y mb o ls .
Th e p as s wo rd can b e u p t o 30 ch aract ers .
137
Figure 92 : Us e r configurat ion options
7.2 Using SSL VPN Policies

Setup > VPN Settings > SSL VPN Server > SSL VPN Policies
SSL VPN Po licies can b e creat ed o n a Glo b a l, Gro u p , o r Us er lev el. Us er lev el
p o licies t ake p reced en ce o v er Gro u p lev el p o licies an d Gro u p lev el p o licies t ake
p reced ence o ver Glo b al p o licies . Th ese p o licies can b e ap p lied t o a s p ecific n et wo rk
res o u rce, IP ad d res s o r ran g es o n t h e LA N, o r t o d iffe ren t SSL VPN s erv ices
s u p p o rt ed b y t h e ro u t er. Th e Lis t o f A v ailab le Po licies can b e filt ered b as ed o n
wh et h er it ap p lies t o a u s er, g ro u p , o r all u s ers (g lo b al).
 A mo re s p ecific p o licy t akes p reced en ce o v er a g en eric p o licy wh en b o t h are

ap p lied t o t h e s ame u s er/g roup /glo b al d o main . I.e. a p o licy fo r a s p ecific IP ad d ress
t akes p recedence o v er a p o licy fo r a ran g e o f ad d res s es co n t ain in g t h e IP ad d res s
alread y referen ced .
138
Figure 93 : Lis t of SSL VPN police s (Global filte r)
To ad d a SSL VPN p o licy , y o u mu s t firs t as sig n it t o a u s er, g ro u p , o r make it g lo b al

(i.e. ap p licab le t o all SSL VPN u s ers ). If t h e p o licy is fo r a g ro u p , t h e av ailab le
co n fig u red g ro u p s are s h o wn in a d ro p d o wn men u an d o n e mu s t b e s elect ed .
Similarly , fo r a u s er d efin ed p o licy a SSL VPN u s er mu s t b e ch o s en fro m t h e
av ailab le lis t o f co n fig u red u s ers .
Th e n ext s t ep is t o d efin e t h e p o licy d et ails . Th e p olicy n ame is a u n iq u e id ent ifier for
t h is ru le. Th e p o licy can b e assig ned t o a s p ecific Net wo rk Res o urce (d etails fo llo w in
t h e s u b s eq u en t s ect io n ), IP ad d res s , IP n et wo rk, o r all d ev ices o n t h e LA N o f t h e
ro u t er. Bas ed o n t h e s elect io n o f o n e o f t h es e fo u r o p t io n s , t h e ap p ro p riat e
co n fig u ratio n field s are req u ired (i.e. ch o o s in g t h e n et wo rk res o u rces fr o m a lis t o f
d efin ed res o urces, o r d efin in g t h e IP ad d resses). Fo r ap p ly ing t he p o licy t o ad d res s es
t h e p o rt ran g e/ p o rt n u mb er can b e d efin ed .
Th e fin al s t ep s req uire t h e p o licy p ermis sio n t o b e s et t o eit h er p ermit o r d en y acces s
t o t h e s elected ad d resses o r n et wo rk res ources. A s well t h e p o licy can b e sp ecified for
o n e o r all o f t h e s u p p o rt ed SSL VPN s erv ices (i.e. VPN t u n n el)
On ce d efin ed , t h e p olicy g o es in t o effect immed iat ely . Th e p o licy n ame, SSL s erv ice
it ap p lies t o , d es t in at io n (n et wo rk res o u rce o r IP ad d res s es ) an d p ermis s io n
(d en y / p ermit ) is o u t lin ed in a lis t o f co n fig u red p o licies fo r t h e ro u t er.
139
Figure 94 : SSL VPN policy configurat io n
To co n fig u re a p o licy fo r a s in g le u s er o r g ro u p o f u s ers , en t er t h e fo llo win g

in fo rmat io n :
 Po licy fo r: Th e p o licy can b e as sig ned t o a g ro up o f u sers, a s in gle u ser, o r all
u s ers (makin g it a g lo b al p o licy ). To cu s to mize t h e p o licy fo r s p ecific u sers or
g ro u p s , t h e u s er can s elect fro m t h e A v ailab le Gro u p s an d A v ailab le Us ers
d ro p d o wn .
 A p p ly p o licy t o : Th is refers t o t he LA N res o u rces man ag ed b y t h e DSR, an d
t h e p o licy can p ro vid e (o r p rev ent ) access t o n etwo rk res ources, IP ad d ress, IP
n et wo rk, et c.
 Po licy n ame: Th is field is a u n iq u e n ame fo r id en t ify in g t h e p o licy . IP
ad d res s: Re q u ired wh en t h e g o verned res ource is id en t ified b y it s IP ad d res s
o r ran g e o f ad d res s es .
 M as k Len g t h : Req u ired wh en t h e g ov ern ed res o u rce is id en t ified b y a ran g e
o f ad d res s es wit h in a s u b n et .
140
 ICM P: Select t h is o p t io n t o in clu d e ICM P t raffic

 Po rt ran g e: If t h e p o licy g o v ern s a t y p e o f t raffic, t h is field is u s ed fo r
d efin in g TCP o r UDP p o rt n u mb er(s ) co rres p o n d in g t o t h e g o v ern ed t raffic.
Leav in g t h e s t art in g an d en d ing p ort ran ge b lank co rres p o n d s t o all UDP an d
TCP t raffic.
 Serv ice: Th is is t h e SSL VPN s erv ice mad e av ailab le b y t h is p o licy . Th e
s erv ices o ffered are VPN t u n n el, p o rt fo rward in g o r b o t h .
 Defin ed res o u rces : Th is p o licy can p ro v id e acces s t o s p ecific n et wo rk
res o u rces. Net wo rk res o urces mu s t b e co nfig ured in ad v an ce o f creat in g t h e
p o licy t o make t h em av ailab le fo r s elect io n as a d efin ed res o u rce. Net wo rk
res o u rces are creat ed wit h t h e fo llo win g in fo rmat io n
 Permis s io n : Th e as sig n ed res o u rces d efin ed b y t h is p o licy can b e exp licit ly
p ermit t ed o r d en ied .
7.2.1 Using Network Resources
Setup > VPN Settings > SSL VPN Server > Resources
Net wo rk res o u rces are s erv ices o r g ro u p s o f LA N IP ad d res s es t h at are u s ed t o
eas ily creat e an d co n fig u re SSL VPN p o licies . Th is s h o rt cu t s av es t ime wh en
creat in g s imilar p o licies fo r mu lt ip le remo t e SSL VPN u s ers .
A d d in g a Net wo rk Res o u rce in v o lv es creat in g a u n iq u e n ame t o id en t ify t h e
res o u rce and assig nin g it t o o n e o r all o f t h e s u p p o rt ed SSL s erv ices . On ce t h is is
d o n e, ed it in g o n e o f t h e creat ed n et wo rk res o u rces allo ws y o u t o co n fig u re t h e
o b ject t y p e (eit h er IP ad d ress o r IP ran g e) as sociat ed wit h t h e s erv ice. Th e Net wo rk
A d d res s , M as k Len g t h , an d Po rt Ran g e/ Po rt Nu mb er can all b e d efin ed fo r t h is
res o u rce as req u ired . A n et wo rk res o u rce can b e d efin ed b y co n fig u rin g t h e
fo llo win g in t h e GUI:
 Res o u rce n ame: A u n iq u e id en t ifier n ame fo r t h e res o u rce.
 Serv ice: Th e SSL VPN s erv ice co rres p o n d in g t o t h e res o u rce (VPN t u n n el,
Po rt Fo rward in g o r A ll).
141
Figure 95 : Lis t of configure d re s ource s , which are availab le to as s ign to

SSL VPN policie s
7.3 Application Port Forwarding

Setup > VPN Settings > SSL VPN Server > Port Forwarding
Po rt fo rward in g allo ws remo t e SSL u s ers t o access s pecified n et wo rk ap p licat io n s o r
s erv ices aft er t h ey lo g in t o t h e Us er Po rt al an d lau n ch t h e Po rt Fo rward in g s erv ice.
Traffic fro m t h e remo t e u s er t o t h e ro u t er is d et ect ed an d re -ro u t ed b as ed o n
co n fig u red p o rt fo rward in g ru les .
In t ern al h o st s erv ers o r TCP ap p licat io n s mu s t b e s pecified as b ein g mad e acces s ib le
t o remo t e u s ers . A llo win g access t o a LA N s erv er req u ires en terin g t h e lo cal s erver IP
ad d res s an d TCP p o rt n u mb er o f t h e ap plicat ion t o b e t u nn elled . Th e t able b elo w lis t s
s o me co mmo n ap p licat io n s an d co rres p o n d in g TCP p o rt n u mb ers :
T CP Ap p lication Po r t Num ber
FTP Data (usually not needed) 20
FTP Control Protocol 21
SSH 22
Telnet 23
SMTP (send mail) 25
HTTP (w eb) 80
POP3 (receive mail) 110
NTP (netw ork time protocol) 123
Citrix 1494
Terminal Services 3389
VNC (virtual netw ork computing) 5900 or 5800
142
A s a co n v enien ce fo r remo t e u s ers , t h e h o s t n ame (FQDN) o f t h e n et wo rk s erv er can

b e co n fig u red t o allo w fo r IP ad d ress res olu tio n . Th is h o s t n ame res o lu t io n p ro v id es
u s ers wit h eas y -t o -rememb er FQDN’s t o acces s TCP ap p licat io n s in s t ead o f erro r -
p ro n e IP ad d res s es wh en u s in g t h e Po rt Fo rward in g s erv ice t h ro u g h t h e SSL Us er
Po rt al.
To co n fig u re p o rt fo rward in g , fo llo win g are req u ired :
 Lo cal Serv er IP ad d ress: Th e IP ad d res s o f t h e lo cal s erv er wh ich is h o s t in g
t h e ap p licat io n .
 TCP p o rt : Th e TCP p o rt o f t h e ap p licat io n
On ce t h e n ew ap p licat io n is d efin ed it is d is p layed in a lis t o f co n fig u red ap plicat ion s
fo r p o rt fo rward in g .
allo w u s ers t o access t he p riv ate n et work s erv ers b y u sin g a h o st name in s tead o f an IP
ad d res s, t he FQDN co rres p on din g t o t he IP ad d ress is d efin ed in t h e p o rt fo rward in g
h o s t co n fig u rat io n s ect io n .
 Lo cal s erv er IP ad d res s : Th e IP ad d res s o f t h e lo cal s erv er h o s t in g t h e
ap p licat io n . Th e ap p licat io n s h o u ld b e co n fig u red in ad v an ce.
 Fu lly q u alified d o main n ame: Th e d o main n a me o f t h e in t ern al s erv er is t o b e
s p ecified
On ce t h e n ew FQDN is co n fig u red, it is d is p layed in a lis t o f co n fig u red h o sts fo r port
fo rward in g .
 Defin in g t h e h o s t n ame is o p t io n al as min imu m req u iremen t fo r p o rt fo rward in g is

id en t ify in g t h e TCP ap p licat io n an d lo cal s erv er IP ad d res s . Th e lo cal s erv er IP
ad d res s o f t h e co n fig u red h o s t n ame mu s t mat ch t h e IP ad d res s o f t h e co n fig u red
ap p licat io n fo r p o rt fo rward in g .
143
Figure 96 : Lis t of Available Applicat io ns for SSL Port Forward i ng
7.4 SSL VPN Client Configuration

Setup > VPN Settings > SSL VPN Client > SSL VPN Client
A n SSL VPN t u n n el clien t p ro vid es a p o in t-to -po int co nnect ion b etween t h e b ro ws er -
s id e mach in e an d t h is ro u t er. W h en a SSL VPN clien t is lau n ch ed fro m t h e u s er
p o rt al, a " n et wo rk ad ap t er" wit h an IP a d d res s fro m t h e co rp o rat e s u b n et , DNS an d
W INS s et t in g s is au t o mat ically creat ed . Th is allo ws lo cal ap p licat io n s t o acces s
s erv ices o n t h e p riv at e n et wo rk wit h o u t an y s p ecial n et wo rk co n fig u rat io n o n t h e
remo t e SSL VPN clien t mach in e.
It is imp o rt an t t o en s u re t h at t h e v irt u al (PPP) in t erface ad d res s o f t h e VPN t u n n el
clien t d o es n ot co nflict wit h p h ys ical d ev ices o n t h e LA N. Th e IP ad d res s ran g e fo r
t h e SSL VPN v irt u al n et wo rk ad ap t er s h o u ld b e eit h er in a d ifferen t s u b n et o r n o n -
o v erlap p in g ran g e as t h e co rp o rat e LA N.
 Th e IP ad d res ses o f t h e clien t’s n et work in t erfaces (Et h ern et, W ireless, et c.) canno t
b e id en t ical t o t h e ro u t er’s IP ad d res s o r a s erv er o n t h e co rp o rat e LA N t h at is
b ein g acces s ed t h ro u g h t h e SSL VPN t u n n el.
144
Figure 97 : SSL VPN clie nt adapte r and acce s s configuratio n
Th e ro u t er allo ws fu ll t u n n el an d s plit t u n nel s upp ort . Fu ll t u n nel mo d e ju s t s en d s all

t raffic fro m t h e clien t acro s s t h e VPN t u n n el t o t h e ro u t er. Sp lit t u n n el mo d e o n ly
s en d s t raffic t o t h e p riv a t e LA N b as ed o n p re -s p ecified clien t ro u t es . Th es e clien t
ro u t es g iv e t h e SSL clien t access t o s pecific p riv at e n et works , t hereby allo win g access
co n t ro l o v er s p ecific LA N s erv ices .
Clien t lev el co n fig u rat io n s u p p o rt s t h e fo llo win g :
 En ab le Sp lit Tu n n el Su p p o rt : W it h a s p lit t u n n el, o n ly res o u rces wh ich are
referen ced b y clien t ro u t es can b e acces s ed o v er t h e VPN t u n n el. W it h fu ll
t u n n el s u p p o rt (if t h e s p lit t u n n el o p t io n is d is ab led t h e DSR act s in fu ll
t u n n el mo d e) all ad d res s es o n t h e p riv at e n et wo rk are acces s ib le o v er t h e
VPN t u n n el. Clien t ro u t es are n o t req u ired .
 DNS Su ffix: Th e DNS s u ffix n ame wh ich will b e g iv en t o t h e SSL VPN
clien t . Th is co n fig u rat io n is o p t io n al.
 Primary DNS Serv er: DNS s erv er IP ad d res s t o s et o n t h e n et wo rk ad ap t o r
creat ed o n t h e clien t h o s t . Th is co n fig u rat io n is o p t io n al.
 Seco n d ary DNS Serv er: Seco n d ary DNS s erv er IP ad d res s t o s et o n t h e
n et wo rk ad ap t o r creat ed o n t h e clien t h o s t . Th is co n fig u rat io n is o p t io n al.
 Clien t A d d ress Ran g e Beg in : Clien t s wh o co n n ect t o t h e t u n n e l g et a DHCP
s erv ed IP ad d ress assig ned t o t he n etwo rk ad apt or fro m t h e ran g e o f ad d resses
b eg in n in g wit h t h is IP ad d res s
Clien t A d d res s Ran g e En d : Th e en d in g IP ad d res s o f t h e DHCP ran g e o f
ad d res s es s erv ed t o t h e clien t n et wo rk ad ap t o r.
145
Setup > VPN Settings > SSL VPN Client > Configured Client Routes
If t h e SSL VPN clien t is as s ig n ed an IP ad d res s in a d ifferen t s u b n et t h an t h e
co rp o rat e n et work, a clien t ro u t e mu s t b e ad d ed t o allo w acces s t o t h e p riv at e LA N
t h ro u g h t h e VPN t u n n el. A s well a s t at ic ro u t e o n t h e p riv at e LA N’s firewall
(t y p ically t h is ro u ter) is n eed ed t o fo rward p riv ate t raffic t h rou gh t h e VPN Firewall t o
t h e remo t e SSL VPN clien t . W h en s plit t u n nel mo d e is en ab led , t he u ser is req uired to
co n fig u re ro u t es fo r VPN t u n n el clien t s :
 Des t in at io n n et wo rk: Th e n et wo rk ad d res s o f t h e LA N o r t h e s u b n et
in fo rmat io n o f t h e d es t in at io n n et wo rk fro m t h e VPN t u n n el clien t s ’
p ers p ect iv e is s et h ere.
 Su b n et mas k: Th e s u b net in fo rmat io n o f t h e d es t in at io n n et wo rk is s et h ere.
Figure 98 : Configu re d clie nt route s only apply in s plit tunne l mode
 S teps to Ins tal l / Uni ns tal l S S LVPN tunnel i n MA C OS
 1.Op en t ermin al an d ru n " v is u d o " as ro o t an d it will o p en s u d o ers file
 2. A d d " u s ern ame A LL=NOPA SSW D: / u s r/ sbin /cho wn ,/ b in / ch mo d ,/ b in / rm" at t h e

b o t t o m o f t h e s u doers file, s av e an d clo s e t h e file. (Us ern ame is t h e u s er n ame o f
t h e M A C acco u n t b u t n o t SSLVPN u s er n ame).
 W h ile u n in s t allin g SSLVPN t u n n el, wh en it as ks fo r p asswo rd, en ter t h e M A C u s er

acco u n t p as s wo rd b u t n o t ro o t p as s wo rd o r s s lv p n u s er p as s wo rd
146
7.5 User Portal

Setup > VPN Settings > SSL VPN Client > SSL VPN Client Portal
W h en remo t e u s ers wan t t o access t he p riv ate n etwo rk t h ro u g h an SSL t u n n el (eit h er
u s in g t h e Po rt Fo rward in g o r VPN t u n n el s erv ice), t h ey lo g in t h ro u g h a u s er p o rt al.
Th is p o rt al p ro v ides t he au th en ticatio n field s t o p ro vid e t he ap pro priat e acces s lev els
an d p riv ileg es as d etermin ed b y t h e ro ut er ad min is t rat o r. Th e d o main wh ere t h e u s er
acco u n t is s t o red mu s t b e s p ecified , an d t h e d o main d et ermin es t h e au t h en t icat io n
met h o d an d p o rt al lay o u t s creen p res en t ed t o t h e remo t e u s er.
Figure 99 : Lis t of configure d SSL VPN portal s . The configure d portal
can the n be as s ociate d with an authe ntic at io n domain
7.5.1 Creating Portal Layouts
Setup > VPN Settings > SSL VPN Server > Portal Layouts
Th e ro u t er allo ws y o u t o creat e a cu s t o m p ag e fo r remo t e SSL VPN u s ers t h at is
p res en t ed u p o n au t h en t icat io n . Th ere are v ario u s field s in t h e p o rt al t h at are
cu s t o mizab le fo r t h e d o main , an d t h is a llo ws t h e ro u t er ad min is t rat o r t o
co mmu n icat e d et ails s uch as lo g in in s tructio ns, av ailable s erv ices , an d o t h er u s ag e
d et ails in t h e p o rt al v is ib le t o remo t e u sers. Du rin g d o main s etup , co n fig u red p o rt al
lay o u t s are av ailab le t o s elect fo r all u s ers au t h en t icat ed b y t h e d o main .
 Th e d efau lt LA N IP ad d res s is https://192.168.10.1/scgi-

p o rt al
bin/userPortal/portal. Th is is t h e s ame p ag e t h at o p ens wh en t h e “Us er Po rt al”
lin k is clicked o n t h e SSL VPN men u o f t h e ro u t er GUI.
Th e ro u t er ad min is t rator creat es an d ed it s p o rtal lay o uts fro m t h e co n fig u rat ion p ages
in t h e SSL VPN men u . Th e p o rt al n ame, t it le, b an n er n ame, an d b an n er co n t en t s are
all cu s t o mizab le t o t h e in t en ded u sers fo r t h is p o rtal. Th e p o rtal n ame is ap p en d ed t o
147
t h e SSL VPN p o rt al URL. A s well, t h e u s ers as s ig n ed t o t h is p o rt al (t h ro u g h t h eir

au t h en ticat io n d o main ) can b e p resent ed wit h o n e o r mo re o f t h e ro u t er’s s u p p o rt ed
SSL s erv ices s u ch as t h e VPN Tu n n el p ag e o r Po rt Fo rwa rd in g p ag e.
To co n fig u re a p o rt al lay o u t an d t h eme, fo llo win g in fo rmat io n is n eed ed :
 Po rt al lay o u t n ame: A d es crip t iv e n ame fo r t h e cu s t o m p o rt al t h at is b ein g
co n fig u red . It is u s ed as p art o f t h e SSL p o rt al URL.
 Po rt al s it e t it le: Th e p o rt al web b ro ws er win d o w t it le t h at ap p ears wh en t h e
clien t acces s es t h is p o rt al. Th is field is o p t io n al.
 Ban n er t it le: Th e b an n er t it le t h at is d is p lay ed t o SSL VPN clien t s p rio r t o
lo g in . Th is field is o p t io n al.
 Ban n er mes s ag e: Th e b an n er mes s ag e t h at is d is p lay ed t o SSL VPN clien t s
p rio r t o lo g in . Th is field is o p t io n al.
 Dis p lay b an n er mes s ag e o n t h e lo g in p age: Th e u s er h as t h e o p t io n t o eit h er
d is p lay o r h id e t h e b an n er mes s ag e in t h e lo g in p ag e.
 HTTP met a t ag s fo r cache co nt rol: Th is s ecu rity featu re p rev en ts exp ired web
p ag es an d d at a fro m b ein g s t o red in t h e clien t ’s web b ro ws er cach e. It is
reco mmen d ed t h at t h e u s er s elect s t h is o p t io n .
 A ct iv eX web cach e clean er: A n A ct iv eX cach e co n t ro l web clean er can b e
p u s h ed fro m t h e g at eway t o t h e clien t b ro ws er wh en ev er u s ers lo g in t o t h is
SSL VPN p o rt al.
 SSL VPN p o rt al p ag e t o d is play : Th e Us er can eit h er en able VPN t u n n el p ag e
o r Po rt Fo rward in g , o r b o t h d epend ing o n t h e SSL s erv ices t o d is p lay o n t h is
p o rt al.
On ce t h e p o rt al s ettin gs are co n fig u red , t h e n ewly co n fig u red p o r t al is ad d ed t o t h e
lis t o f p o rt al lay o u t s .
148
Figure 100 : SSL VPN Portal configu rat ion
149
Chapter 8. Advanced Configuration

Tools
8.1 USB Device Setup
Setup > USB Settings > USB Status
Th e DSR Un ified Serv ices Ro u t er h as a USB in t erface fo r p rin t er acces s , file s h arin g
an d on the DSR-1000 / DSR-1000N mo d els 3G mo d em s u p p o rt .
Th ere is n o co n fig u rat io n o n t he GUI t o en ab le USB d ev ice s u p p o rt . Up o n in s ert in g
y o u r USB s t o rag e d ev ice, p rin t er cab le o r 3G mo d em t h e DSR ro u t er will
au t o mat ically d et ect t h e t y p e o f co n n ect ed p erip h eral.
 USB M as s St o rag e: als o referred t o as a “s h are p o rt ”, files o n a USB d is k
co n n ect ed t o t h e DSR can b e acces s ed b y LA N u s ers as a n et wo rk d riv e.
 USB Prin t er: Th e DSR can p ro v id e t h e LA N wit h acces s t o p rin t ers co n n ect ed
t h ro u g h t h e USB. Th e p rin t er d riv er will h av e t o b e in s t alled o n t h e LA N h o s t
an d t raffic will b e ro u t ed t h ro u g h t h e DSR b et ween t h e LA N an d p rin t er.
 USB 3G mo d em: A 3G mo d em d o n g le can b e p lu g ged in an d u sed as a s eco n d ar y
W A N. Lo ad b alan cin g , au to-failo v er, o r p rimary W A N acces s can b e co n fig u red
t h ro u g h t h e 3G in t erface.
To co n fig u re p rin t er o n a W in d o ws mach in e, fo llo w b elo w g iv en s t ep s :
 Click 'St art ' o n t h e d es kt o p .
 Select ‘Prin t ers an d faxes ’ o p t io n .
 Rig h t click an d s elect 'ad d p rin t er' o r click o n 'A d d p rin t er' p res en t at t h e left
men u .
 Select t h e 'Net wo rk Prin t er' rad io b u t t on an d click n ext (s elect " d evice is n't lis t ed
in cas e o f W in d o ws 7" ).
 Select t h e 'Co n n ect t o p rin ter u sin g URL' rad io b u t t o n ('Select a s hared p rin t er b y
n ame ‘in cas e o f W in d o ws 7) an d g iv e t h e fo llo win g URL h t t p :/ / <Ro u t er's LA N
IP ad d res s>:631/ p rin ters / <M o d el Name> (M o d el Name can b e fo u n d in t h e USB
s t at u s p ag e o f ro u t er's GUI).
 Click 'n ext ' an d s elect t h e ap p ro p riat e d riv er fro m t h e d is p lay e d lis t .
 Click o n 'n ext ' an d 'fin is h ' t o co mp let e ad d in g t h e p rin t er.
150
Figure 101 : USB De vice De te ction
8.2 USB share port

Setup > USB Settings > USB SharePort
Th is p ag e allo ws co n fig u re t h e Sh arePo rt feat u re av ailab le in t h is ro u t er.
151
Figure 102 : USB Share Port
US B -1 :
En ab le USB Prin t er: Select t h is o p t io n t o allo w t h e USB p rin t er co n n ect ed t o t h e
ro u t er t o b e s h ared acro s s t h e n et wo rk.
Th e USB p rin t er can b e acces s ed o n an y LA N h o s t (wit h ap p ro p riat e p rin t er d riv er
in s t alled ) co n nected t o t h e ro u t er b y u s in g t h e fo llo win g co mman d in t h e h o s t 's ad d
p rin t ers win d o w
h t t p :/ / <Ro uter's IP:631>/ p rin t ers/ <Device M od el> (Dev ice M o d el can b e fo u n d in t h e
USB s et t in g s p ag e).
En ab le Sh arin g : Select t h is o p tio n t o allo w t h e USB s t o rag e d ev ice co n n ect ed t o t h e
US B -2 :
En ab le USB Prin t er: Select t h is o p t io n t o allo w t h e USB p rin t er co n n ect ed t o t h e
Th e USB p rin t er can b e acces s ed o n an y LA N h o s t ( wit h ap p ro p riat e p rin t er d riv er
in s t alled ) co n nected t o t h e ro u t er b y u s in g t h e fo llo win g co mman d in t h e h o s t 's ad d
p rin t ers win d o w
h t t p :/ / <Ro uter's IP:631>/ p rin t ers/ <Device M od el> (Dev ice M o d el can b e fo u n d in t h e
USB s et t in g s p ag e).
152
En ab le Sh arin g : Selec t t h is o p tio n t o allo w t h e USB s t o rag e d ev ice co n n ect ed t o t h e

S hari ng Enabl ed i nterfaces :
Th e LA N in t erfaces o n wh ich USB s h arin g is en ab led , at leas t o n e in t erface mu s t b e
s elect ed t o b eg in s h arin g .
En ab le Prin t er: En ab les p rin t er s h arin g o n t h e s elect ed in t erface.
En ab le St o rag e : En ab les s t o rag e d ev ice s h arin g o n t h e s elect ed in t erface .
8.3 SMS service

Setup > USB Settings > SMS Service
Th e DSR Un ified Serv ic es Ro u t er h as a USB in t erface t o co n n ect 3G mo d em s u p p o rt
t o s en d an d receiv e Sh o rt M essagin g Serv ice. Th e receiv ed mes s ag es can b e s een in
t h e In b o x a n d allo ws t h e u ser t o create a n ew SM S. If W A N3 is u s ed in d ed icat ed wan
mo d e, lo ad b alan cin g mo d e o r if 3G USB Dev ice is n o t co n n ect ed t o ro u t er t h en t h e
co n t ro ls o n t h is p ag e will b e g rey ed o u t .
Figure 103 : SM S Se rvice – Se nd SM S
Th e fo llo win g d et ails are d is p lay ed in SM S INBOX p ag e:

 Sn o : Dis p lay s t h e s erial n u mb er o f mes s ag e in t h e in b o x.
 Sen d er: Dis p lay s t h e s en d er o f t h e p art icu lar mes s ag e.
 TimeSt amp : Dis p lay s t h e t ime wh en t h e mes s ag e was s en t
 Text : Dis p lay s t h e co n t en t o f t h e p art icu lar M es s ag e.
Th e fo llo win g act io n s are p erfo rmed :
 Delet e : Delet es t h e SM S h av in g t h at p art icu lar Sn o . On ly o n e mes s ag e can b e
d elet ed at a t ime.
 Refres h : Up d at es t h e in b o x wit h n ew SM S (if an y ).
 Rep ly : Let s t h e u s er creat e a n ew SM S in rep ly t o a p art icu lar mes s ag e b y t h e
s elect ed s en d er. “Receiv er" field in t h e creat eSms .h t m p ag e is filled wit h t h e
s en d er's n u mb er.
 Fo rward : Let s t h e u s er fo rward a s elect ed SM S. " Text M es s ag e" field in t h e
creat eSms .h t m p ag e is filled wit h t h e " Text " o f t h e s elect ed mes s ag e.
153
Figure 104 : SM S Se rvice – Re ce ive SM S
Th e fo llo win g d et ails t o b e p ro v id ed in Creat e M es s ag e p ag e:

 Receiv er: En t er t h e p h o n e n u mb er o f t h e in t en d ed receiv er o f t h e mes s ag e.
 Text M es s ag e : En t er t h e b o d y o f t h e mes s ag e h ere
Click Sen d M es s ag e t o s en d t h e mes s ag e.
Click Do n 't Sav e Set t in g s t o res et Receiv er an d Text M es s ag e field s .
8.4 Authentication Certificates

Advanced > Certificates
Th is g at eway u s es d ig it al cert ificat es fo r IPs ec VPN au t h en t icat io n as well as SSL
v alid at io n (fo r HTTPS an d SSL VPN au t h en t icat io n ). Yo u can o b t ain a d ig it al
cert ificat e fro m a well-kn o wn Cert ificat e A u t h o rit y (CA ) s u ch as VeriSig n , o r
g en erat e and s ign y ou r o wn certificat e u s ing fu nctio nalit y av ailab le o n t h is g at eway .
Th e g at eway co mes wit h a s elf -s ig n ed cert ificat e, an d t h is can b e rep laced b y o n e
s ig n ed b y a CA as p er y o u r n et wo rkin g r eq u iremen t s . A CA cert ificat e p ro v id es
s t ro n g as s u ran ce o f t h e s erv er’s id en t it y an d is a req u iremen t fo r mo s t co rp o rat e
n et wo rk VPN s o lu t io n s .
Th e cert ificat es men u allo ws y o u t o v iew a lis t o f cert ificat es (b o t h fro m a CA an d
s elf-s ig n ed ) cu rren t ly lo ad ed o n t h e g at eway . Th e fo llo win g cert ificat e d at a is
d is p lay ed in t h e lis t o f Tru s t ed (CA ) cert ificat es :
CA Id en t it y (Su b ject Name): Th e cert ificat e is is s u ed t o t h is p ers o n o r o rg an izat io n
Is s u er Name: Th is is t h e CA n ame t h at is s u ed t h is cert ificat e
Exp iry Time: Th e d at e aft er wh ich t h is Tru s t ed cert ificat e b eco mes in v alid
A s elf cert ificat e is a cert ificat e is s u ed b y a CA id en t ify in g y o u r d ev ice (o r s elf -
s ig n ed if y o u d o n’t wan t t h e id ent ity p ro tect ion o f a CA ). Th e A ct iv e Self Cert ificat e
154
t ab le lis t s t h e s elf cert ificat es cu rren t ly lo ad ed o n t h e g at eway . Th e fo llo win g

in fo rmat io n is d is p lay ed fo r each u p lo ad ed s elf cert ificat e:
 Name: Th e n ame y o u u s e t o id en t ify t h is cert ificat e, it is n o t d is p lay ed t o IPs ec
VPN p eers o r SSL u s ers .
 Su b ject Name: Th is is t h e n ame t h at will b e d is p lay ed as t h e o wn er o f t h is
cert ificat e. Th is s ho uld b e y ou r o fficial reg is t ered o r co mp an y n ame, as IPs ec o r
SSL VPN p eers are s h o wn t h is field .
 Serial Nu mb er: Th e s erial n u mb er is main t ain ed b y t h e CA an d u s ed t o id en t ify
t h is s ig n ed cert ificat e.
 Is s u er Name: Th is is t h e CA n ame t h at is s u ed (s ig n ed ) t h is cert ificat e
 Exp iry Time: Th e d at e aft er wh ich t h is s ig n ed cert ificat e b eco mes in v alid – y o u
s h o u ld ren ew t h e cert ificat e b efo re it exp ires .
To req u es t a s elf cert ificat e t o b e s ig n ed b y a CA , y o u can g en erat e a Cert ificat e
Sig n in g Req u est fro m t h e g at eway b y ent erin g id ent ificatio n p aramet ers an d p ass ing it
alo n g t o t h e CA fo r s ig n in g . On ce s ig n ed , t h e CA ’s Tru s t ed Cert ificat e an d s ig n ed
cert ificat e fro m t h e CA are u p lo ad ed t o act iv at e t h e s elf-cert ificat e v alid at in g t h e
id en t it y o f t h is g at eway . Th e s elf cert ificat e is t h en u s ed in IPs ec an d SSL
co n n ect io n s wit h p eers t o v alid at e t h e g at eway ’s au t h en t icit y .
Figure 105 : Ce rtificate s ummary for IPs e c and HTTPS manage me nt
155
8.5 Advanced Switch Configuration

Th e DSR allo ws y o u t o ad ju st t h e p o wer co nsu mp tio n o f t h e h ard ware b as ed o n y o u r
act u al u s ag e. Th e t wo “g reen ” o p t io n s av ailab le fo r y o u r LA N s wit ch are Po wer
Sav in g b y Lin k St at u s an d Len g t h Det ect io n St at e. W it h “Po wer Sav in g b y Lin k
St at u s ” o p tio n en abled, t h e t ot al p o wer co n sump t ion b y t h e LA N s wit ch is d ep en d en t
fu n ct io n o f o n t h e n u mb er o f co n nect ed p o rt s. Th e o v erall cu rren t d raw wh en a s in g le
p o rt is co n n ect ed is les s t h an wh en all t h e p o rt s are co n n ect ed . W it h “Len g t h
Det ect io n St ate” o p t ion enabled , t he o v erall cu rren t s up plied t o a LA N p o rt is red u ced
wh en a s maller cab le len g t h is co n n ect ed o n a LA N p o rt .
Ju mb o Frames s u p p ort can b e co n figu red as an ad vanced s wit ch co nfig uratio n. Ju mb o
frames are Et h ern et frames wit h mo re t h an 1500 b y t es o f p ay lo ad . W hen t h is o p tio n is
en ab led , t h e LA N d ev ices can exch an g e in fo rmat io n at Ju mb o frames rat e.
Figure 106 : Advance d Switch Se ttings
156
Chapter 9. Administration &

Management
9.1 Configuration Access Control
Th e p rimary mean s t o co n fig ure t h is g ateway v ia t h e b ro ws er -in d ep en d en t GUI. Th e
GUI can b e acces s ed fro m LA N n o d e b y u s in g t h e g at eway ’s LA N IP ad d res s an d
HTTP, o r fro m t h e W A N b y u s in g t h e g at eway ’s W AN IP ad d ress an d HTTPS (HTTP
o v er SSL).
A d min is t rat o r an d Gu es t u s ers are p ermit t ed t o lo g in t o t h e ro u t er’s man ag emen t
in t erface. Th e u s er t y pe is s et in t h e Advanced > Users > Users p ag e. Th e A d min or
Gu es t u s er can b e co nfig ured t o acces s t h e ro u t er GUI fro m t h e LA N o r t h e In t ern et
(W A N) b y en ab lin g t h e co rres p o n d in g Lo g in Po licy .
Figure 107 : Us e r Login policy configuratio n
9.1.1 Admin Settings
Tools > Admin > Admin settings

Th is p ag e allo ws t o p ro v id e t h e n ame o f t h e ro u t er.
157
Figure 108 : Admin Se ttings
9.1.2 Remote Management
Tools > Admin > Remote Management

Bo t h HTTPS an d t eln et acces s can b e res t rict ed t o a s u b s et o f IP ad d res s es . Th e
ro u t er ad min is t rat o r can d efin e a kn o wn PC, s in g le IP ad d res s o r ran g e o f IP
ad d res ses t h at are allo wed t o access t he GUI wit h HTTPS. Th e o p en ed p o rt fo r SSL
t raffic can b e ch an g ed fro m t h e d efau lt o f 443 at t h e s ame t ime as d efin in g t h e
allo wed remo t e man ag emen t IP ad d res s ran g e .
158
Figure 109 : Re mote M anage me nt from the WAN
9.1.3 CLI Access

In ad d it io n t o t h e web -b as ed GUI, t h e g at eway s u p p o rt s SSH an d Teln et
man ag emen t fo r co mman d -lin e in t eract io n . Th e CLI lo g in cred en t ials are s h ared
wit h t h e GUI fo r ad min is t rat o r u s ers . To acces s t h e CLI, t y p e “cli” in t h e SSH o r
co n s o le p ro mp t an d lo g in wit h ad min is t rat o r u s er cred en t ials .
9.2 SNMP Configuration

Tools > Admin > SNMP
SNM P is an ad d it io n al man ag emen t t o o l t h at is u s efu l wh en mu lt ip le ro u t ers in a
n et wo rk are b ein g man ag ed b y a cen t ral M as t er s y s t em. W h en a n ext ern al SNM P
man ag er is p ro v id ed wit h t h is ro u ter’s M anag emen t In fo rmat io n Bas e (M IB) file, t h e
man ag er can u p d ate t he ro u ter’s h ierarch al v ariab les t o v iew o r u p d at e co n fig u rat io n
p aramet ers . Th e ro u ter as a man ag ed d evice h as an SNM P ag en t t h at allo ws t h e M IB
co n fig u rat io n v ariab les t o b e acces s ed b y t h e M as t er (t h e SNM P man ag er). Th e
A cces s Co n tro l Lis t o n t h e ro ut er id en tifies man ag ers in t h e n et wo rk t h at h av e read -
o n ly o r read -writ e SNM P cred en t ials . Th e Trap s Lis t o u t lin es t h e p o rt o v er wh ich
n o t ificat io ns fro m t h is ro u t er a re p ro v id ed t o t h e SNM P co mmu n it y (man ag ers ) an d
als o t h e SNM P v ers io n (v 1, v 2c, v 3) fo r t h e t rap .
159
Figure 110 : SNM P Us e rs , Traps , and Acce s s Control
Tools > Admin > SNMP System Info

Th e ro u t er is id en t ified b y an SNM P man ag er v i a t h e Sy s t em In fo rmat io n . Th e
id en t ifier s et t ing s Th e Sy s Name s et h ere is als o u sed t o id en tify t he ro u ter fo r Sy s Lo g
lo g g in g .
160
Figure 111 : SNM P s ys te m inform at io n for this route r
9.3 Configuring Time Zone and NTP

Tools > Date and Time
Yo u can co n fig u re y o u r t ime zo n e, wh et h er o r n o t t o ad ju s t fo r Day lig h t Sav in g s
Time, an d wit h wh ich Net wo rk Time Pro t o co l (NTP) s erv er t o s y n ch ro n ize t h e d at e
an d t ime. Yo u can ch o o s e t o s et Dat e an d Time man u ally , wh ich will s t o re t h e
in fo rmat io n o n t h e ro u t er’s real t ime clo ck (RTC). If t h e ro u t er h as acces s t o t h e
in t ern et , t h e mo s t accurate mech anism t o s et t h e ro u t er t ime is t o en ab le NTP s erv er
co mmu n icat io n .
 A ccu rat e d at e an d t ime o n t h e ro u ter is crit ical fo r firewall s ch ed u les , W i -Fi p o wer
s av in g s u p p o rt t o d is ab le A Ps at cert ain t imes o f t h e d ay , an d accu rat e lo g g in g .
Pleas e fo llo w t h e s t ep s b elo w t o co n fig u re t h e NTP s erv er:

1. Select the router’s time zone, relative to Greenwich Mean Time (GMT).
2. If supported for your region, click to Enable Daylight Savings.
3. Determine whether to use default or custom Network Time Protocol (NTP) servers. If
custom, enter the server addresses or FQDN.
161
Figure 112 : Date , Time , and NTP s e rve r s e tup
9.4 Log Configuration

Th is ro u t er allo ws y o u t o capt ure lo g mes sag es fo r t raffic t h ro u g h t h e firewall, VPN,
an d o v er t h e wireles s A P. A s an ad min is t rat or y o u can mo n it o r t he t y pe o f t raffic t h at
g o es t h rou gh t h e ro ut er an d als o b e n ot ified o f p o t en t ial at t acks o r erro rs wh en t h ey
are d et ect ed b y t h e ro u t er. Th e fo llo win g s ect io n s d es crib e t h e lo g co n fig u rat io n
s et t in g s an d t h e way s y o u can acces s t h es e lo g s .
9.4.1 Defining W hat to Log
Tools > Log Settings > Logs Facility

Th e Lo g s Facilit y p ag e allo ws y o u t o d et ermin e t h e g ran u larit y o f lo g s t o receiv e
fro m t h e ro u t er. Th ere are t h ree co re co mp o n en t s o f t h e ro u t er, referred t o as
Facilit ies :
162
 Kern el: Th is refers t o t h e Lin u x kern el. Lo g mes s ag es t h at co rres p o n d t o t h is

facilit y wo u ld co rres p o n d t o t raffic t h ro u g h t h e firewall o r n et wo rk s t ack.
 Sy s t em: Th is refers t o ap plicat ion an d man ag emen t lev el feat ures av ailab le o n this
ro u t er, in clu d in g SSL VPN an d ad min is t rat o r ch an g es fo r man ag in g t h e u n it .
 W ireles s : Th is facilit y co rres p o n d s t o t h e 802.11 d riv er u s ed fo r p ro v id in g A P
fu n ct io n alit y t o y o u r n et wo rk.
 Lo cal1-UTM : Th is facilit y co rres p o n d s t o IPS (In t ru s io n Prev en t io n Sy s t em)
wh ich h elp s in d et ect in g malicio u s in t ru s io n at t emp t s fro m t h e W A N.
Fo r each facilit y , t h e fo llo win g ev en t s (in o rd er o f s ev erit y ) can b e lo g g ed :
Emerg en cy , A lert , Crit ical, Erro r , W arn in g , No t ificat io n , In fo rmat io n , Deb u g g in g .
W h en a p art icu lar s ev erit y lev el is s elect ed , all ev en t s wit h s ev erit y eq u al t o an d
g reat er t h an t h e ch osen s ev erit y are cap t u red . Fo r examp le if y o u h av e co n fig u red
CRITICA L lev el lo g g in g fo r t h e W ireles s facilit y , t h en 802.11 lo g s wit h s ev erit ies
CRITICA L, A LERT, an d EM ERGENCY are lo g g ed . Th e s ev erit y lev els av ailab le
fo r lo g g in g are:
 EM ERGENC Y: s y s t em is u n u s ab le
 A LERT: act io n mu s t b e t aken immed iat ely
 CRITICA L: crit ical co n d it io n s
 ERROR: erro r co n d it io n s
 W A RNING: warn in g co n d it io n s
 NOTIFICA TION: n o rmal b u t s ig n ifican t co n d it io n
 INFORM A TION: in fo rmat io n al
 DEBUGGIN G: d eb u g -lev el mes s ag es
163
Figure 113 : Facility s e ttings for Logging
Th e d is p lay fo r lo g g in g can b e cu st omized b as ed o n wh ere t h e lo g s are s en t , eit h er

t h e Ev en t Lo g v iewer in t h e GUI (t h e Ev en t Lo g v iewer is in t h e Status > Logs
p ag e ) o r a remo t e Sy s lo g s erv er fo r lat er rev iew. E-mail lo g s , d is cu s s ed in a
s u b sequ en t s ectio n, fo llo w t h e s ame co n fig u rat io n as lo g s co n fig u red fo r a Sy s lo g
s erv er.
Tools > Log Settings > Logs Configuration

Th is p ag e allo ws y o u t o d et ermin e t h e t y p e o f t raffic t h ro u g h t h e ro u t er t h at is
lo g g ed fo r d is p lay in Sy s lo g, E-mailed lo g s , o r t h e Ev en t Viewer. Den ial o f s erv ice
at t acks , g en eral at t ack in fo rmat io n , lo g in at t emp t s , d ro p p ed p acket s , an d s imilar
ev en t s can b e cap t u red fo r rev iew b y t h e IT ad min is t rat o r.
Traffic t h ro u g h each n etwo rk s egmen t (LA N, W A N, DM Z) can b e t racked b as ed o n
wh et h er t h e p acket was accep t ed o r d ro p p ed b y t h e firewall.
A ccep t ed Packet s are t h o s e t h at were s u cces s fu lly t ran s ferred t h ro u g h t h e
co rres p o n d in g n et wo rk s eg men t (i.e. LA N t o W A N). Th is o p t io n is p art icu larly
u s efu l wh en t h e Defau lt Ou t b o u n d Po licy is “Blo ck A lway s ” s o t h e IT ad min can
mo n it o r t raffic t h at is p as s ed t h ro u g h t h e firewall.
 Examp le: If A ccep t Packet s fro m LA N t o W A N is en ab led an d t h ere is a
firewall ru le t o allo w SSH t raffic fro m LA N, t h en wh en ev er a LA N mach in e
164
t ries t o make an SSH co n n ect io n , t h o s e p acket s will b e accep t ed an d a

mes s ag e will b e lo g g ed . (A s s u min g t h e lo g o p t io n is s et t o A llo w fo r t h e
SSH firewall ru le.)
Dro p p ed Packet s are p acket s t hat were in t en tio nally b lo cked fro m b ein g t ran s ferred
t h ro u g h t h e co rrespo ndin g n et work s eg men t. Th is o p tio n is u s efu l wh en t h e Defau lt
Ou t b o u n d Po licy is “A llo w A lway s ”.
 Examp le: If Dro p Packet s fro m LA N t o W A N is en ab led an d t h ere is a
firewall ru le t o b lo ck SSH t raffic fro m LA N, t h en wh en ev er a LA N mach in e
t ries t o make an SSH co n n ect io n , t h o s e p acket s will b e d ro p p ed an d a
mes s ag e will b e lo g g ed . (M ake s u re t h e lo g o p t io n is s et t o allo w fo r t h is
firewall ru le.)
 En ab lin g accep t ed p acket lo g g in g t h ro u g h t h e firewall may g en erat e a s ig n ifican t

v o lu me o f lo g mes s ag es d ep en d in g o n t h e t y p ical n et wo rk t raffic. Th is is
reco mmen d ed fo r d eb u g g in g p u rp o s es o n ly .
In ad d it io n t o n et work s egmen t lo g gin g, u n icast an d mu lt icast t raffic can b e lo g g ed .

Un icas t p acket s h av e a s in g le d es t in at io n o n t h e n et wo rk, wh ereas b ro ad cas t (o r
mu lt icas t ) p acket s are s en t t o all p o s s ib le d es t in at io n s s imu lt an eo u s ly . On e o t h er
u s efu l lo g co n tro l is t o lo g p acket s t h at are d ro p p ed d u e t o co n fig u red b an d wid t h
p ro files o v er a p art icu lar in t erface. Th is d ata will in d icat e t o t h e ad min wh et h er t h e
b an d wid t h p ro file h as t o b e mo d ified t o acco u n t fo r t h e d es ired in t ern et t raffic o f
LA N u s ers .
165
Figure 114 : Log configuratio n options for traffic through route r
Tools > Log Settings > IPv6 logging

Th is p ag e allo ws y o u t o co n fig u re t h e IPv 6 lo g g in g
166
Figure 115 : IPv6 Log configuratio n options for traffi c through route r
9.4.2 Sending Logs to E-mail or Syslog
Tools > Log Settings > Remote Logging

On ce y o u h av e co nfig ured t h e t y pe o f lo g s t h at y o u wan t t h e ro u t er t o co llect , t h ey
can b e s en t t o eit h er a Sy s log server o r an E-M ail ad d res s. Fo r remo t e lo g g in g a key
co n fig u ratio n field is t h e Remo t e Lo g Id en t ifier. Ev ery lo g g ed mes sag e will co n t ain
t h e co n fig u red p refix o f t h e Remo t e Lo g Id en t ifier, s o t h at s y s lo g s erv ers o r email
ad d res s es t h at receiv e lo g s fro m mo re t h an o n e ro u t er can s o rt fo r t h e relev an t
d ev ice’s lo g s .
On ce y o u en ab le t h e o p t io n t o e -mail lo g s , en t er t h e e -mail s erv er’s ad d res s (IP
ad d res s o r FQDN) o f t h e SM TP s erv er. Th e ro u ter will co n n ect t o t h is s erv er wh en
s en d in g e -mails o u t t o t h e co nfig u red ad d res s es . Th e SM TP p o rt an d ret u rn e -mail
ad d res ses are req u ired field s t o allo w t h e ro u ter t o p ackage t he lo g s an d s end a v alid
e-mail t h at is accep ted b y o ne o f t h e co nfig ured “s end -to ” ad dress es . Up t o t h ree e -
mail ad d res s es can b e co n fig u red as lo g recip ien t s .
In o rd er t o es t ablis h a co n n ectio n wit h t h e co nfig ured SM TP p o rt an d s erv er, d efin e
t h e s erv er’s au t h en t icat io n req u iremen t s . Th e ro u t er s u p p o rt s Lo g in Plain (n o
en cry p t ion ) o r CRA M -M D5 (en cry p ted) fo r t h e u s ern ame an d p as s wo rd d at a t o b e
s en t t o t h e SM TP s erv er. A u th en ticat io n can b e d is ab led if t h e s erv er d o es n o t h av e
t h is req u iremen t . In s ome cas es t h e SM TP s erver may s en d o u t IDENT req u es ts, an d
t h is ro u t er can h av e t h is res p o n s e o p t io n en ab led as n eed e d .
On ce t h e e -mail s erv er an d recip ient d etails are d efin ed y o u can d etermin e wh en t h e
ro u t er s h ou ld s end o ut lo g s. E-mail lo g s can b e s ent o u t b ased o n a d efin ed s ch ed u le
b y firs t ch o o s in g t h e u n it (i.e. t h e freq u en cy ) o f s en d in g lo g s : Ho u rly , Daily , o r
W eekly . Select in g Nev er will d is ab le lo g e -mails b u t will p res erv e t h e e -mail s erv er
s et t in g s .
167
Figure 116 : E-mail configurat io n as a Re mote Logging option
A n ext ern al Sy s lo g s erver is o ft en u sed b y n etwo rk ad min is trato r t o collect an d s tore

lo g s fro m t h e ro u t er. Th is remo t e d evice t y pically h as les s memo ry co n s t rain t s t h an
t h e lo cal Ev en t Viewer o n t h e ro u t er’s GUI, an d t h u s can co llect a co n s id erab le
n u mb er o f lo g s o v er a s u stain ed p eriod . Th is is t y pically v ery u s efu l fo r d eb u g g in g
n et wo rk is s u es o r t o mo n it o r ro u t er t raffic o v er a lo n g d u rat io n .
Th is ro u t er s up port s u p t o 8 co n cu rren t S y s lo g s erv ers . Each can b e co n fig u red t o
receiv e d ifferen t lo g facilit y mes s ag es o f v ary in g s ev er it y. To en able a Sy s lo g s erver
s elect t h e ch eckbo x n ext t o an emp t y Sy s lo g s erver field an d assig n t h e IP ad d ress or
FQDN t o t h e Name field . Th e s elect ed facilit y an d s ev erit y lev el mes s ag es will b e
168
s en t t o t h e co nfig u red (an d en abled) S y s log server o n ce y o u s av e t h is co n fig u rat io n

p ag e’s s et t in g s .
Figure 117 : Sys log s e rve r configuratio n for Re mote Logging (continue d)
9.4.3 Ev ent Log Viewer in GUI
Status > Logs > View All Logs

Th e ro u t er GUI let s y o u o b s erv e co n fig u red lo g mes s ag es fro m t h e St at u s men u .
W h en ev er t raffic t h ro u g h o r t o t h e ro u t er mat ch es t h e s et t in g s d et ermin ed in t h e
Tools > Log Settings > Logs Facility o r Tools > Log Settings > Logs
Configuration p ag es , t h e co rres p o n d in g lo g mes s ag e will b e d is p lay ed in t h is
win d o w wit h a t imes t amp .
 It is v ery imp o rt an t t o h av e accu rat e s y s t em t ime (man u ally s et o r fro m a NTP

s erv er) in o rd er t o u n d ers t an d lo g mes s ag es .
Status > Logs > VPN Logs

Th is p ag e d is p lay s IPs ec VPN lo g mes s ag es as d et ermin ed b y t h e co n fig u rat io n
s et t in g s fo r facilit y an d s ev erit y . Th is d at a is u s efu l wh en ev alu at in g IPs ec VPN
t raffic an d t u n n el h ealt h .
169
Figure 118 : VPN logs dis playe d in GUI e ve nt vie we r
9.5 Backing up and Restoring Configuration

Settings
Tools > System
Yo u can b ack u p t h e ro u t er’s cu s t o m co n fig u rat io n s et t in g s t o res t o re t h em t o a
d ifferen t d ev ice o r t h e s ame ro u t er aft er s o me o t h er ch an g es . Du rin g b acku p , y o u r
s et t in gs are s aved as a file o n y o u r h o st. Yo u can res t o re t h e ro u t er's s av ed s et t in g s
fro m t h is file as well. Th is p ag e will als o allo w y o u rev ert t o facto ry d efau lt s et t in g s
o r execu t e a s o ft reb o o t o f t h e ro u t er.
 IMPORTANT! Du rin g a res t o re o p erat io n , d o NOT t ry t o g o o n lin e, t u rn o ff t h e

ro u t er, s h ut d o wn t h e PC, o r d o an y t h in g els e t o t h e ro u t er u n t il t h e o p erat io n is
co mp let e. Th is will t ake ap p ro ximat ely 1 min u t e . On ce t h e LEDs are t u rn ed o ff,
wait a few mo re s eco n d s b efo re d o in g an y t h in g wit h t h e ro u t er.
Fo r b ackin g u p co nfig u rat io n o r res t o rin g a p rev io u s ly s av ed co n fig u rat io n , p leas e

fo llo w t h e s t ep s b elo w:
1. To save a copy of your current settings, click the Backup button in the Save Current
Settings option. The browser initiates an export of the configuration file and prompts to
save the file on your host.
170
2. To restore your saved settings from a backup file, click Browse then locate the file on the
host. After clicking Restore, the router begins importing the file’s saved configuration
settings. After the restore, the router reboots automatically with the restored settings.
3. To erase your current settings and revert to factory default settings, click the Default
button. The router will then restore configuration settings to factory defaults and will
reboot automatically. (See Appendix B for the factory default parameters for the router).
Figure 119 : Re s toring configuratio n from a s ave d file will re s ult in the
curre nt configurat io n be ing ove rwritte n and a re boot
9.6 Upgrading Router Firmware

Tools > Firmware
Yo u can u p g rad e t o a n ewer s o ft ware v ers io n fro m t h e A d min is t rat io n web p ag e. In
t h e Firmware Up g rad e s ect io n , t o u p g rad e y o u r firmware, click Bro ws e , lo cat e an d
s elect t h e firmware imag e o n y o u r h o s t , an d click Up g rad e . A ft er t h e n ew firmware
imag e is v alid at ed , t h e n ew imag e is writ t en t o flas h , an d t h e ro u t er is au t o mat ically
reb o o t ed wit h t h e n ew firmware. Th e Firmware In fo rmat io n an d als o t h e Status >
Device Info > Device Status p ag e will reflect t h e n ew firmware v ers io n .
 IMPORTANT! Du rin g firmware u p g rad e, d o NOT t ry t o g o o n lin e, t u rn o ff t h e

DSR, s h u t d o wn t h e PC, o r in t erru p t t h e p ro ce s s in an y way u n t il t h e o p erat io n is
co mp let e. Th is s h o u ld t ake o n ly a min u t e o r s o in clu d in g t h e reb o o t p ro ces s .
In t erru p t ing t he u p grade p rocess at s pecific p o in t s wh en t h e flas h is b ein g writ t en
t o may co rru p t t h e flas h memo ry an d ren d er t h e ro ut er u n usa ble wit h o ut a lo w-lev el
p ro ces s o f res t o rin g t h e flas h firmware (n o t t h ro u g h t h e web GUI).
171
Figure 120 : Firmware ve rs ion inform atio n and upgrade option
Th is ro u t er als o s u ppo rts an au to mat ed n o t ificat io n t o d et ermin e if a n ewer f irmware

v ers io n is av ailab le fo r t h is ro u t er. By clickin g t h e Ch eck No w b u t t o n in t h e
n o t ificat io n sectio n, t h e ro u t er will ch eck a D -Lin k s erv er t o s ee if a n ewer firmware
v ers io n fo r t h is ro u t er is av ailab le fo r d o wn lo ad an d u p d at e t h e St at u s field b elo w .
 IMPORTANT! A ft er firmware 1.04B13, n ew u s er d at ab as e arch it ect u re is

in t ro d u ced . Th e n ew u s er d at ab as e is eas ier t o s et u p an d mo re in t u it iv ely t o u s e.
W h en u s ers u p g rad e DSR’s firmware t o 1.04B13 o r lat t er, DSR will au t o mat ically
merg e u s ers in t h e o ld d at ab ase in t o t h e n ew o n e. Ho wev er, all u s er d at ab as es will
b e s wep t away wh en u sers d own grade firmware fro m 1.04B13 t o t h e o ld er o n e, e.g .
1.03B43. Pleas e keep in min d : b acku p y o u r u ser d atabase fo r fu rt h er rest orin g o n ce
y o u d ecid e t o d o wn g rad e firmware t o t h e o ld er o n e.
9.7 Upgrading Router Firmware via USB

Tools > Firmware via USB
Th is p ag e allo ws u ser t o u pg rad e t h e firmware, b acku p an d rest ore t he s et tin gs u sing a
USB s t o rag e key .
172
Figure 121 : Firmware upgrade and configurat io n re s tore /back up via USB
9.8 Dynamic DNS Setup

Tools > Dynamic DNS
Dy n amic DNS (DDNS) is an In t ern et s ervice t h at allo ws ro u t ers wit h v ary in g p u b lic
IP ad d res s es t o b e lo cat ed u s in g In t ern et d o main n ames . To u s e DDNS, y o u mu s t
s et u p an acco u n t wit h a DDNS p ro v id er s u ch as Dy n DNS.o rg , D-Lin k DDNS, o r
Oray .n et .
Each co n fig u red W A N can h av e a d ifferen t DDNS s erv ice if req u ired . On ce
co n fig u red, t h e ro u ter will u p d at e DDNS s erv ices ch an ges in t h e W A N IP ad d res s s o
t h at feat u res t h at are d ep en d en t o n acces s in g t h e ro u t er’s W A N v ia FQDN will b e
d irect ed t o t h e co rrect IP ad d ress. W hen y o u s et u p an acco u n t wit h a DDNS s erv ice,
t h e h o s t an d d o main n ame, u s ername, p asswo rd an d wild card s u ppo rt will b e p ro v id ed
b y t h e acco u n t p ro v id er.
173
Figure 122 : Dynamic DNS configurat ion
9.9 Using Diagnostic Tools

Tools > System Check
Th e ro u t er h as b u ilt in t o o ls t o allo w an ad min is t rator t o ev alu at e t h e co mmu n icat io n
s t at u s an d o v erall n et wo rk h ealt h .
174
Figure 123 : Route r diagnos tics tools availab le in the GUI
9.9.1 Ping
Th is u t ilit y can b e u s ed t o t est co n nect ivit y b et ween t h is ro u t er an d an o t h er d ev ice
o n t h e n et wo rk co n n ect ed t o t h is ro u t er. En t er an IP ad d res s an d click PING. Th e
co mman d o u t p u t will a p p ear in d icat in g t h e ICM P ech o req u es t s t at u s .
9.9.2 Trace Route

Th is u t ilit y will d is p lay all t h e ro u t ers p res en t b et ween t h e d es t in at io n IP ad d res s
an d t h is ro u ter. Up t o 30 “h o p s ” (in t ermed iate ro u t ers ) b et ween t h is ro u t er an d t h e
d es t in at io n will b e d is p lay ed .
175
Figure 124 : Sample trace route output
9.9.3 DNS Lookup

To ret riev e t h e IP ad d ress o f a W eb , FTP, M ail o r an y o t h er s erv er o n t h e In t ern et ,
t y p e t h e In t ern et Name in t h e t ext b o x an d click Lo o ku p . If t h e h o s t o r d o main en t ry
exis t s , y o u will s ee a res p o n s e wit h t h e IP ad d res s . A mes s ag e s t at in g “Un kn o wn
Ho s t ” in d icat es t h at t h e s p ecified In t ern et Name d o es n o t exis t .
 Th is feat u re as s u mes t h ere is in t ern et acces s av ailab le o n t h e W A N lin k(s ) .
9.9.4 Router Options

Th e s t at ic an d d y namic ro u t es co n fig u red o n t h i s ro u t er can b e s h o wn b y clickin g
Dis p lay fo r t h e co rres po n d in g ro u t in g t ab le. Clickin g t h e Packet Trace b u t t o n will
allo w t h e ro u t er t o cap t u re an d d is p lay t raffic t h ro u g h t h e DSR b et ween t h e LA N
an d W A N in t erface as well. Th is in fo rmat io n is o ft en v ery u s efu l in d eb u g g in g
t raffic an d ro u t in g is s u es .
176
9.10 Localization
Tools > Set Language
Th e ro u t er h as b u ilt in t o o ls t o allo w ch an g e t h e d efau lt lan g u ag e (En g lis h ) t o fo u r
d ifferen t lan g u ag es . (Fren ch , Deu t s ch e , Sp an is h an d It alian )
Figure 125 : Localizatio n
177
Chapter 10. Router Status and

Statistics
10.1 System Overview
Th e St at u s p ag e allo ws y o u t o g et a d et ailed o v erv iew o f t h e s y s t em co n fig u rat io n .
Th e s et t in g s fo r t h e wired an d wireles s in t erfaces are d is p lay ed in t h e DSR St at u s
p ag e, an d t h en t h e res u lt in g h ard ware res o u rce an d ro u t er u s ag e d et ails are
s u mmarized o n t h e ro u t er’s Das h b o ard .
10.1.1 Dev ice Status
Status > Device Info > Device Status

Th e DSR St at u s p ag e g iv es a s u mmary o f t h e ro u t er co n fig u rat io n s et t in g s
co n fig u re d in t h e Set u p an d A d vanced men u s. Th e s tatic h ardware s erial n u mb er and
cu rren t firmware v ers io n are p resen t ed in t h e Gen eral s ect io n . Th e W A N an d LA N
in t erface in fo rmat io n s h o wn o n t h is p ag e are b as ed o n t h e ad min is t rat o r
co n fig u ratio n p aramet ers. Th e ra d io b and an d ch annel s ett in g s are p res en t ed b elo w
alo n g wit h all co n fig u red an d act iv e A Ps t h at are en ab led o n t h is ro u t er.
178
Figure 126 : De vice Status dis play
179
Figure 127 : De vice Status dis play (continue d)
10.1.2 Resource Utilization
Status > Device Info > Dashboard

Th e Das h b oard p ag e p resents h ard ware an d u sag e s t at is t ics . Th e CPU an d M emo ry
u t ilizat io n is a fu n ct io n o f t h e av ailab le h ard ware an d cu rren t co n fig u rat io n an d
t raffic t h ro u g h t h e ro u t er. In t erface s t at is t ics fo r t h e wired co n n ect io n s (LA N,
W A N1, W A N2/ DM Z, VLA Ns ) p ro v id e in d icat io n o f p acket s t h ro u g h an d p acket s
d ro p p ed b y t h e in t erface. Click refres h t o h av e t h is p ag e ret riev e t h e mo s t cu rren t
s t at is t ics .
180
Figure 128 : Re s ource Utilizatio n s tatis tics
181
Figure 129 : Re s ource Utilizatio n data (continue d)
182
Figure 130 : Re s ource Utilizatio n data (continue d)
10.2 Traffic Statistics

10.2.1 W ired Port Statistics
Status > Traffic Monitor > Device Statistics

Det ailed t ran s mit an d receiv e s t at is t ics fo r each p h y s ical p o rt are p res en t ed h ere.
Each in t erface (W A N1, W A N2/ DM Z, LA N, an d VLA Ns ) h av e p o rt s p ecific p acket
lev el in fo rmat io n p ro v id ed fo r rev iew. Tran s mit t ed/receiv ed p acket s, p ort co llis ions,
an d t h e cu mu lat in g b y tes/sec fo r t ran s mit / receiv e d irect io n s are p ro v id ed fo r each
in t erface alo n g wit h t h e p o rt u p t ime. If y o u s u s p ect is s u es wit h an y o f t h e wired
p o rt s , t h is t ab le will h elp d iag n o s e u p t ime o r t ran s mit lev el is s u es wit h t h e p o rt .
Th e s t at ist ics t ab le h as au t o-refresh co ntro l wh ich allo ws d is play o f t h e mo s t cu rrent
p o rt lev el d at a at each p ag e refres h . Th e d efau lt au t o -refres h fo r t h is p ag e is 10
s eco n d s .
183
Figure 131 : Phys ical port s tatis tics
10.2.2 W ireless Statistics
Status > Traffic Monitor > Wireless Statistics

Th e W ireles s St at is t ics t ab d is p lay s t h e in cremen t in g t raffic s t at is t ics fo r each
en ab led access p o in t . Th is p ag e will g iv e a s n ap s h o t o f h o w mu ch t raffic is b ein g
t ran s mit t ed o v er each wireles s lin k. If y o u s u s p ect t h at a rad io o r VA P may b e
d o wn , t h e d et ails o n t h is p ag e wo u ld co n firm if t raffic is b ein g s en t an d receiv ed
t h ro u g h t h e VA P.
Th e clien t s co nn ected t o a p art icular A P can b e v iewed b y u s in g t h e S t at u s Bu t t o n
o n t h e lis t o f A Ps in t h e Setup > Wireless > Access Points p age. Traffic s t atis tics
are s h o wn fo r t h at in d ivid ual A P, as co mp ared t o t h e s ummary s t at s fo r each A P o n
t h is St at is t ics p ag e . Th e p o ll in t erv al (t h e refres h rat e fo r t h e s t at is t ics ) can b e
mo d ified t o v iew mo re freq u en t t raffic an d co llis io n s t at is t ics .
184
Figure 132 : AP s pe cific s tatis tics
10.3 Active Connections

10.3.1 Sessions through the Router
Status > Active Sessions

Th is t ab le lis t s t h e act iv e in t ern et s es s io n s t h ro u g h t h e ro u t er’s firewall. Th e
s es s io n ’s p ro t o co l, s t at e , lo cal an d remo t e IP ad d res s es are s h o wn .
185
Figure 133 : Lis t of curre nt Active Fire wall Se s s ions
186
10.3.2 W ireless Clients
Status > Wireless Clients

Th e clien t s co n n ect ed t o a p art icu lar A P can b e v iewed o n t h is p ag e. Co n n ect ed
clien t s are s o rted b y t h e M A C ad d ress an d in d icat e t h e securit y p aramet ers u s ed b y
t h e wireles s lin k, as well as t h e t ime co n n ect ed t o t h e co rres p o n d in g A P.
Th e s t at ist ics t ab le h as au t o-refresh co ntro l wh ich allo ws d is pla y o f t h e mo s t cu rrent
p o rt lev el d at a at each p ag e refres h . Th e d efau lt au t o -refres h fo r t h is p ag e is 10
s eco n d s .
Figure 134 : Lis t of conne cte d 802.11 clie nts pe r AP
10.3.3 LAN Clients
Status > LAN Clients

Th e LA N clien t s t o t h e ro u t er are id en t ified b y a n A RP s can t h ro u g h t h e LA N
s wit ch . Th e Net Bio s n ame (if av ailab le), IP ad d ress an d M AC ad d ress o f d is co vered
LA N h o s t s are d is p lay ed .
187
Figure 135 : Lis t of LAN hos ts
10.3.4 Activ e VPN Tunnels
Status > Active VPNs

Yo u can v iew an d ch an g e t h e s t at us (co nn ect o r d ro p ) o f t h e ro ut er’s IPs ec s ecu rit y
as s o ciat ions. Here , t h e act iv e IPs ec SA s (s ecurit y as sociatio ns) are lis t ed alo n g wit h
t h e t raffic d et ails an d t u n n el s t at e. Th e t raffic is a cu mu lat iv e meas u re o f
t ran s mit t ed / receiv ed p acket s s in ce t h e t u n n el was es t ab lis h ed .
If a VPN p o licy s t at e is “ IPs ec SA No t Es t ab lis h ed ”, it can b e en ab led b y clickin g
t h e Co n n ect b u tt on o f t h e co rrespo ndin g p o licy . Th e A ct ive IPs ec SA s t ab le d isp lays
a lis t o f act iv e IPs ec SA s . Ta b le field s are as fo llo ws .
Fie ld De s cription
Policy Name IKE or VPN policy associated with this SA.
Endpoint IP address of the remote VPN gatew ay or client.
Tx (KB) Kilobytes of data transmitted over this SA.
Tx (Packets) Number of IP packets transmitted over this SA.
State Status of the SA for IKE policies: Not Connected or IPsec SA Established.
188
Figure 136 : Lis t of curre nt Active VPN Se s s ions
A ll act iv e SSL VPN co n n ect ion s, b ot h fo r VPN t u n n el an d VPN Po rt fo rward in g , are

d is p lay ed o n t h is p ag e as well. Tab le field s are as fo llo ws .
Fie ld De s cription
The SSL VPN user that has an active tunnel or port forwarding session to this
User Name
router.
IP Address IP address of the remote VPN client.
Local PPP Interface The interface (WAN1 or WAN2) through w hich the session is active.
Peer PPP Interface IP The assigned IP address of the virtual netw ork adapter.
Status of the SSL connection betw een this router and the remote VPN client: Not
Connect Status
Connected or Connected.
189
Chapter 11. Trouble Shooting

11.1 Internet connection
S ymptom: Yo u can n o t access t h e ro ut er’s web -co n fig u rat io n in t erface fro m a PC o n
y o u r LA N.
Recommended acti on:
1. Check the Ethernet connection between the PC and the router.
2. Ensure that your PC’s IP address is on the same subnet as the router. If you are using the
recommended addressing scheme, your PC’s address should be in the range 192.168.1 0.2
to 192.168.10.254.
3. Check your PC’s IP address. If the PC cannot reach a DHCP server, some versions of
Windows and Mac OS generate and assign an IP address. These auto-generated addresses
are in the range 169.254.x.x. If your IP address is in this range, check the connection from
the PC to the firewall and reboot your PC.
4. If your router’s IP address has changed and you don’t know what it is, reset the router
configuration to factory defaults (this sets the firewall’s IP address to 192.168.10.1).
5. If you do not want to reset to factory default settings and lose your configuration, reboot
the router and use a packet sniffer (such as Ethereal™) to capture packets sent during the
reboot. Look at the Address Resolution Protocol (ARP) packets to locate the router’s LAN
interface address.
6. Launch your browser and ensure that Java, JavaScript, or ActiveX is enabled. If you are
using Internet Explorer, click Refresh to ensure that the Java applet is loaded. Close the
browser and launch it again.
7. Ensure that you are using the correct login information. The factory default login name is
admin and the password is password. Ensure that CAPS LOCK is off when entering this
information.
S ymptom: Ro u t er d o es n o t s av e co n fig u rat io n ch an g es .

1. When entering configuration settings, click Apply before moving to another menu or tab;
otherwise your changes are lost.
2. Click Refresh or Reload in the browser. Your changes may have been made, but the
browser may be caching the old configuration.
190
S ymptom: Ro u t er can n o t acces s t h e In t ern et .

Pos s i bl e caus e: If y o u u se d y namic IP ad d resses, y ou r ro u ter may n o t h ave req ues t ed
an IP ad d res s fro m t h e ISP.
1. Launch your browser and go to an external site such as www.google.com.
2. Access the firewall’s configuration main menu at http://192.168.10.1.
3. Select Monitoring > Router Status .
4. Ensure that an IP address is shown for the WAN port. If 0.0.0.0 is shown, your firewall
has not obtained an IP address from your ISP. See the next symptom.
S ymptom: Ro u t er can n o t o b t ain an IP ad d res s fro m t h e ISP.

1. Turn off power to the cable or DSL modem.
2. Turn off the router.
3. Wait 5 minutes, and then reapply power to the cable or DSL modem.
4. When the modem LEDs indicate that it has resynchronized with the ISP, reapply power to
the router. If the router still cannot obtain an ISP address, see the next symptom.
S ymptom: Ro u t er s t ill can n o t o b t ain an IP ad d res s fro m t h e ISP.

1. Ask your ISP if it requires a login program — PPP over Ethernet (PPPoE) or some other
type of login.
2. If yes, verify that your configured login name and password are correct.
3. Ask your ISP if it checks for your PC's hostname.
4. If yes, select Network Configuration > WAN Settings > Ethernet ISP
Settings and set the account name to the PC hostname of your ISP account.
5. Ask your ISP if it allows only one Ethernet MAC address to connect to the Internet, and
therefore checks for your PC’s MAC address.
6. If yes, inform your ISP that you have bought a new network device, and ask them to use
the firewall’s MAC address.
7. Alternatively, select Network Configuration > WAN Settings > Ethernet ISP
Settings and configure your router to spoof your PC’s MAC address.
191
S ymptom: Ro u t er can o b tain an IP ad d ress, b ut PC is u n ab le t o lo ad In t ern et p ag es .

1. Ask your ISP for the addresses of its designated Domain Name System (DNS) servers.
Configure your PC to recognize those addresses. For details, see your operating system
documentation.
2. On your PC, configure the router to be its TCP/IP gateway.
11.2 Date and time

S ymptom: Dat e s h o wn is Jan u ary 1, 1970.
Pos s i bl e caus e: Th e ro u t er h as n o t y et s u cces s fu lly reach ed a n et wo rk t ime s erv er
(NTS).
1. If you have just configured the router, wait at least 5 minutes, select Administration >
Time Zone , and recheck the date and time.
2. Verify your Internet access settings.
S ymptom: Time is o ff b y o n e h o u r.
Pos s i bl e caus e : Th e ro ut er d o es n ot au tomat ically ad ju s t fo r Day lig h t Sav in g s Time.
1. Select Administration > Time Zone and view the current date and time settings.
2. Click to check or uncheck “Automatically adjust for Daylight Savings Time”, then click
Apply.
11.3 Pinging to Test LAN Connectivity

M o s t TCP/ IP t ermin al d ev ices an d firewalls co n tain a p in g u t ilit y t h at s end s an ICM P
ech o -req uest p acket t o t he d esign at ed d evice. Th e DSR res p o n d s wit h an ech o rep ly .
Tro u b les hoo tin g a TCP/ IP n et wo rk is mad e v ery eas y b y u s ing t he p in g u t ilit y in y o u r
PC o r wo rks t at io n .
11.3.1 Testing the LAN path from your PC to your

router
1. From the PC’s Windows toolbar, select Start > Run.
2. Type ping <IP_address> where <IP_address> is the router’s IP address. Example: ping
192.168.10.1.
3. Click OK.
192
4. Observe the display:
 If t h e p at h is wo rkin g , y o u s ee t h is mes s ag e s eq u en ce:
Pin g in g <IP ad d res s > wit h 32 b y t es o f d at a

Rep ly fro m <IP ad d res s >: b y t es =32 t ime=NN ms TTL=xxx
 If t h e p at h is n o t wo rkin g , y o u s ee t h is mes s ag e s eq u en ce:
Pin g in g <IP ad d res s > wit h 32 b y t es o f d at a

Req u es t t imed o u t
5. If the path is not working, Test the physical connections between PC and router
 If t h e LA N p o rt LED is o ff, g o t o t h e “LED d is p lay s” s ectio n o n p age B -

1 an d fo llo w in s t ru ct io n s fo r “LA N o r In t ern et p o rt LEDs are n o t lit .”
 Verify t h at t h e co rres p o n d in g lin k LEDs are lit fo r y o u r n et wo rk

in t erface card an d fo r an y h u b p o r t s t h at are co n n ect ed t o y o u r
wo rks t at io n an d firewall.
6. If the path is still not up, test the network configuration:
 Verify t h at t h e Et h ern et card d riv er s o ft ware an d TCP/ IP s o ft ware are

in s t alled an d co n fig u red o n t h e PC.
 Verify t h at t h e IP ad d res s fo r t h e ro u t er an d PC are co rrect an d o n t h e

s ame s u b n et .
11.3.2 Testing the LAN path from your PC to a remote

dev ice
1. From the PC’s Windows toolbar, select Start > Run.
2. Type ping -n 10 <IP_address> where -n 10 specifies a maximu m of 10 tries and <IP

address> is the IP address of a remote device such as your ISP’s DNS server. Example:
ping -n 10 10.1.1.1.
3. Click OK and then observe the display (see the previous procedure).
4. If the path is not working, do the following:
 Ch eck t h at t h e PC h as t h e IP ad d res s o f y o u r firewall lis t ed as t h e

d efau lt g at eway . (If t h e IP co n fig u rat io n o f y o u r PC is as s ig n ed b y
DHCP, t h is in fo rmat io n is n o t v is ib le in y o u r PC’s Net wo rk Co n t ro l
Pan el.)
193
 Verify t h at t h e n etwo rk (s ub net) ad dress o f y o ur PC is d ifferen t fro m t he

n et wo rk ad d res s o f t h e re mo t e d ev ice.
 Verify t h at t h e cab le o r DSL mo d em is co n n ect ed an d fu n ct io n in g .
 A s k y o u r ISP if it as s ig n ed a h o s t n ame t o y o u r PC.
If y es , s elect Network Configuration > WAN Settings > Ethernet ISP

Settings an d en t er t h at h o s t n ame as t h e ISP acco u n t n ame.
 A s k y o u r ISP if it reject s t h e Et h ernet M A C ad d res s es o f all b u t o n e o f
y o u r PCs .
M an y b ro adb an d ISPs res trict acces s b y allo win g t raffic fro m t h e M A C ad d res s o f
o n ly y o u r b ro adb and mo d em; b u t so me ISPs ad d it ion ally res trict access t o t h e M A C
ad d res s o f ju s t a s in g le PC co n n ect ed t o t h at mo d em. If t h is is t h e cas e, co n fig u re
y o u r firewall t o clo n e o r s p o o f t h e M A C ad d res s fro m t h e au t h o rized PC.
11.4 Restoring factory-default configuration

settings
To res t o re fact o ry -d efau lt co n fig u rat io n s et t in g s , d o eit h er o f t h e fo llo win g :
1. Do you know the account password and IP address?
 If y es , s elect Administration > Settings Backup & Upgrade an d

click d efau lt .
 If n o , d o t h e fo llo win g :
On t h e rear p an el o f t h e ro u ter, p ress an d h o ld t h e Res et b u t t o n ab o u t 10 s eco n d s ,

u n t il t h e t es t LED lig h t s an d t h en b lin ks .
Releas e t h e b u t t o n an d wait fo r t h e ro u t er t o reb o o t .
2. If the router does not restart automatically; manually restart it to make the default settings
effective.
3. After a restore to factory defaults —whether initiated from the configuration interface or
the Reset button — the following settings apply:
 LA N IP ad d res s : 192.168.10.1
 Us ern ame: ad min
 Pas s wo rd : ad min
 DHCP s erv er o n LA N: en ab led
 W A N p o rt co n fig u rat io n : Get co n fig u rat io n v ia DHCP
194
Chapter 12. Credits
M icro s o ft , W in d o ws are reg is t ered t rad emarks o f M icro s o ft Co rp .
Lin u x is a reg is t ered t rad emark o f Lin u s To rv ald s .
UNIX is a reg is t ered t rad emark o f Th e Op en Gro u p .
Appendix A. Glossary
ARP Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC address es.
CHAP Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP.
Dynamic DNS. System for updating domain names in real time. Allow s a domain name to be
DDNS
assigned to a device w ith a dynamic IP address.
Dynamic Host Configuration Protocol. Protocol for allocating IP addresses dynamically so that
DHCP
addresses can be reused w hen hosts no longer need them.
Domain Name System. Mechanism for translating H.323 IDs, URLs, or e-mail IDs into IP
DNS addresses. Also used to assist in locating remote gatekeepers and to map IP addresses to
hostnames of administrative domains.
Fully qualified domain name. Complete domain name, including the host portion. Example:
FQDN
serverA.companyA.com.
FTP File Transfer Protocol. Protocol for transferring files between network nodes.
HTTP Hypertext Transfer Protocol. Protocol used by w eb browsers and web servers to transfer files.
Internet Key Exchange. Mode for securely exchanging encryption keys in ISAKMP as part of
IKE
building a VPN tunnel.
IP security. Suite of protocols for securing VPN tunnels by authenticating or encrypting IP

IPsec packets in a data stream. IPsec operates in either transport mode (encrypts payload but not
packet headers) or tunnel mode (encrypts both payload and packet headers).
Internet Key Exchange Security Protocol. Protocol for establishing security associations and
ISAKMP
cryptographic keys on the Internet.
ISP Internet service provider.
Media-access-control address. Unique physical-address identifier attached to a netw ork

MAC Address
adapter.
Maximum transmission unit. Size, in bytes, of the largest packet that can be passed on. The
MTU
MTU for Ethernet is a 1500-byte packet.
Netw ork Address Translation. Process of rewriting IP addresses as a packet passes through a
NAT router or firew all. NAT enables multiple hosts on a LAN to access the Internet using the single
public IP address of the LAN’s gatew ay router.
Microsoft Window s protocol for file sharing, printer sharing, messaging, authentication, and
NetBIOS
name resolution.
Netw ork Time Protocol. Protocol for synchronizing a router to a single clock on the netw ork,
NTP
know n as the clock master.
Passw ord Authentication Protocol. Protocol for authenticating users to a remote access server
PAP
or ISP.
196
Point-to-Point Protocol over Ethernet. Protocol for connecting a netw ork of hosts to an ISP
PPPoE
w ithout the ISP having to manage the allocation of IP addresses.
Point-to-Point Tunneling Protocol. Protocol for creation of VPNs for the secure transfer of data
PPTP
from remote clients to private servers over the Internet.
Remote Authentication Dial-In User Service. Protocol for remote user authentication and
RADIUS
accounting. Provides centralized management of usernames and passw ords.
RSA Rivest-Shamir-Adleman. Public key encryption algorithm.
Transmission Control Protocol. Protocol for transmitting data over the Internet w ith guaranteed
TCP
reliability and in-order delivery.
User Data Protocol. Protocol for transmitting data over the Internet quickly but w ith no
UDP
guarantee of reliability or in-order delivery.
Virtual private netw ork. Netw ork that enables IP traffic to travel securely over a public TCP/IP
VPN netw ork by encrypting all traffic from one netw ork to another. Uses tunneling to encrypt all
information at the IP level.
Window s Internet Name Service. Service for name resolution. Allow s clients on different IP
WINS subnets to dynamically resolve addresses, register themselves, and browse the network without
sending broadcasts.
IKE Extended Authentication. Method, based on the IKE protocol, for authenticating not just
XAUTH devices (which IKE authenticates) but also users. User authentication is performed after device
authentication and before IPsec negotiation.
197
Appendix B. Factory Default Settings
Fe at u re De s cription De f au lt Setting
User login URL http://192.168.10.1
Device login User name (case sensitive) admin
Login password (case sensitive) admin
WAN MAC address Use default address
Internet
WAN MTU size 1500
Connection
Port speed Autosense
IP address 192.168.10.1
IPv4 subnet mask 255.255.255.0
RIP direction None
RIP version Disabled
RIP authentication Disabled
DHCP server Enabled

Local area network
(LAN)
DHCP starting IP address 192.168.10.2
DHCP ending IP address 192.168.10.100
Time zone GMT
Time zone adjusted for Daylight Saving Time Disabled
SNMP Disabled
Remote management Disabled
Disabled (except traffic on port

Inbound communications from the Internet
80, the HTTP port)
Outbound communications to the Internet Enabled (all)

Firew all
Source MAC filtering Disabled
Stealth mode Enabled

Appendix C. Standard Services

Available for Port Forwarding
& Firewall Configuration
A NY ICM P-TYPE-8 RLOGIN
A IM ICM P-TYPE-9 RTELNET
BGP ICM P-TYPE-10 RTSP:TCP
BOOTP_ CLIENT ICM P-TYPE-11 RTSP:UDP
BOOTP_ SERVER ICM P-TYPE-13 SFTP
CU-SEEM E:UDP ICQ SM TP
CU-SEEM E:TCP IM A P2 SNM P:TCP
DNS:UDP IM A P3 SNM P:UDP
DNS:TCP IRC SNM P-TRA PS:TCP
FINGER NEW S SNM P-TRA PS:UDP
FTP NFS SQL-NET
HTTP NNTP SSH:TCP
HTTPS PING SSH:UDP
ICM P-TYPE-3 POP3 STRM W ORKS
ICM P-TYPE-4 PPTP TA CA CS
ICM P-TYPE-5 RCM D TELNET
ICM P-TYPE-6 REA L-A UDIO TFTP
ICM P-TYPE-7 REXEC VDOLIVE
200
Appendix D. Log Output Reference
Facility: System (Networking)

Log Message Severity Log Message Severity
DBUpdate event: Table: %s opCode:%d BridgeConfig: too few arguments to
rowId:%d DEBUG command %s ERROR
BridgeConfig: too few arguments to
networkIntable.txt not found DEBUG command %s ERROR
sqlite3QueryResGet failed DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Interface is already deleted in bridge DEBUG ddnsDisable failed ERROR
removing %s from bridge %s... %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
adding %s to bridge %s... %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
stopping bridge... DEBUG ddnsDisable failed ERROR
stopping bridge... DEBUG failed to call ddns enable ERROR
stopping bridge... DEBUG ddnsDisable failed ERROR
%s:DBUpdate event: Table: %s
opCode:%d rowId:%d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Wan is not up DEBUG Error in executing DB update handler ERROR
opCode:%d rowId:%d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
doDNS:failed DEBUG Illegal invocation of ddnsView (%s) ERROR
doDNS:failed DEBUG sqlite3QueryResGet failed.Query:%s ERROR
doDNS:Result = FAILED DEBUG sqlite3QueryResGet failed.Query:%s ERROR
doDNS:Result SUCCESS DEBUG ddns: SQL error: %s ERROR
Write Old Entry: %s %s %s: to %s DEBUG Illegal operation interface got deleted ERROR
Write New Entry: %s %s #%s : to %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Write Old Entry: %s %s %s: to %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Write New Entry: %s %s #%s : to %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
ifStaticMgmtDBUpdateHandler: returning
with " DEBUG ddnsDisable failed ERROR
nimfLinkStatusGet: buffer: \ DEBUG ddns: SQL error: %s ERROR
nimfLinkStatusGetErr: returning with
status: %d DEBUG Failed to call ddns enable ERROR
nimfAdvOptSetWrap: current Mac
Option: %d DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: current Port Speed
Option: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfAdvOptSetWrap: current Mtu Option:
%d DEBUG Failed to call ddns enable ERROR
nimfAdvOptSetWrap: looks like we are
reconnecting. " DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: Mtu Size: %d DEBUG ddnsDisable failed ERROR
nimfAdvOptSetWrap: NIMF table is %s DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap:WAN_MODE
TRIGGER DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfAdvOptSetWrap: MTU: %d DEBUG Failed to call ddns enable ERROR
nimfAdvOptSetWrap: MacAddress: %s DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: old Mtu Flag: %d DEBUG ddnsDisable failed ERROR
201
nimfAdvOptSetWrap: user has changed

MTU option DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: MTU: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfAdvOptSetWrap: old MTU size: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfAdvOptSetWrap: old Port Speed
Option: %d DEBUG ddnsDisable failed ERROR
nimfAdvOptSetWrap: old Mac Address
Option: %d DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: MacAddress: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Setting LED [%d]:[%d] For %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
l2tpEnable: command string: %s DEBUG ddnsDisable failed ERROR
nimfAdvOptSetWrap: handling reboot
scenario DEBUG failed to call ddns enable ERROR
nimfAdvOptSetWrap: INDICATOR = %d DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: UpdateFlag: %d DEBUG ddnsDisable failed ERROR
nimfAdvOptSetWrap: returning with
status: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfGetUpdateMacFlag: MacTable Flag
is: %d DEBUG Error in executing DB update handler ERROR
Failed to open the resolv.conf file.
nimfMacGet: Mac Option changed DEBUG Exiting./n ERROR
Could not write to the resolv.conf file.
nimfMacGet: Update Flag: %d DEBUG Exiting. ERROR
nimfMacGet: MacAddress: %s DEBUG Error opening the lanUptime File ERROR
nimfMacGet: MacAddress: %s DEBUG Error Opening the lanUptime File. ERROR
nimfMacGet: MacAddress: %s DEBUG failed to open %s ERROR
nimfMacGet: MacAddress: %s DEBUG failed to open %s ERROR
nimfMacGet: MacAddress: %s DEBUG failed to query networkInterface table ERROR
nimfMacGet:Mac option Not changed \ DEBUG failed to query networkInterface table ERROR
nimfMacGet: MacAddress: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfMacGet: MacAddress: %s DEBUG failed to enable IPv6 forwarding ERROR
nimfMacGet: MacAddress: %s DEBUG failed to set capabilities on the " ERROR
nimfMacGet: returning with status: %s DEBUG failed to enable IPv6 forwarding ERROR
Now in enableing LanBridge function DEBUG failed to set capabilities on the " ERROR
sucessfully executed the command %s DEBUG failed to disable IPv6 forwarding ERROR
Now in disableing LanBridge function DEBUG failed to set capabilities on the " ERROR
sucessfully executed the command %s DEBUG failed to open %s ERROR
configPortTblHandler:Now we are in
Sqlite Update " DEBUG Could not create ISATAP Tunnel ERROR
The Old Configuration of ConfiPort
was:%s DEBUG Could not destroy ISATAP Tunnel ERROR
The New Configuration of ConfiPort
was:%s DEBUG Could not configure ISATAP Tunnel ERROR
The user has deselected the Could not de-configure ISATAP
configurable port DEBUG Tunnel ERROR
nimfStatusUpdate: updating
failed query %s DEBUG NimfStatus failed ERROR
nimfStatusUpdate: updating
failed query %s DEBUG NimfStatus failed ERROR
nimfLinkStatusGet: determinig link's
failed query %s DEBUG status failed ERROR
%s:DBUpdate event: Table: %s nimfLinkStatusGet: opening status file
opCode:%d rowId:%d DEBUG failed ERROR
202

opCode:%d rowId:%d DEBUG Failed to commit ERROR
%s:%d SIP ENABLE: %s DEBUG ifStatusDBUpdate: Failed to begin " ERROR
sipTblHandler:failed to update ifStatic DEBUG %s: SQL error: %s ERROR
sipTblHandler:failed to update Configport DEBUG %s: Failed to commit " ERROR
nimfNetIfaceTblHandler: unable to get
%s:%d SIP DISABLE: %s DEBUG LedPinId ERROR
%s:%d SIP SET CONF: %s DEBUG LedPinId ERROR
Failed to open %s: %s DEBUG LedPinId ERROR
Failed to start sipalg DEBUG %s: unable to kill dhclient ERROR
nimfAdvOptSetWrap: unable to get
Failed to stop sipalg DEBUG current Mac Option ERROR
Failed to get config info DEBUG current Port " ERROR
Network Mask: 0x%x DEBUG current MTU Option ERROR
nimfAdvOptSetWrap: error getting
RTP DSCP Value: 0x%x DEBUG Mac Address from " ERROR
Need more arguments DEBUG the MTU ERROR
nimfAdvOptSetWrap: error setting
Invalid lanaddr DEBUG interface advanced " ERROR
Invalid lanmask DEBUG MTU size ERROR
Invalid option DEBUG Mac Address ERROR
nimfAdvOptSetWrap: error setting
Failed to set config info DEBUG interface advanced " ERROR
nimfAdvOptSetWrap: failed to get old
Unknown option DEBUG connectiontype ERROR
nimfAdvOptSetWrap: old connection
sshdTblHandler DEBUG type is: %s ERROR
pPort: %s DEBUG MTU Option ERROR
pProtocol: %s DEBUG MTU size ERROR
nimfOldFieldValueGet: failed to get
pListerAddr: %s DEBUG old " ERROR
nimfOldFieldValueGet: user has
pKeyBits: %s DEBUG changed MTU size ERROR
pRootEnable: %s DEBUG Port Speed " ERROR
nimfAdvOptSetWrap: user has
pRsaEnable: %s DEBUG changed Port Speed ERROR
pDsaEnable: %s DEBUG Mac Address " ERROR
nimfAdvOptSetWrap: user has
pPassEnable: %s DEBUG changed Mac Address " ERROR
pEmptyPassEnable: %s DEBUG Mac Address ERROR
nimfAdvOptSetWrap:Failed to RESET
pSftpEnable: %s DEBUG the flag ERROR
nimfAdvOptSetWrap: setting
pScpEnable: %s DEBUG advanced options failed ERROR
nimfAdvOptSetWrap: interface
pSshdEnable: %s DEBUG advanced options applied ERROR
203
nimfGetUpdateMacFlag: unable to get

pPrivSep: %s DEBUG Flag from MacTable ERROR
%s:DBUpdate event: Table: %s nimfMacGet: Updating MAC address
opCode:%d rowId:%d DEBUG failed ERROR
Re-Starting sshd daemon.... DEBUG sqlite3QueryResGet failed.Query:%s ERROR
sshd re-started successfully. DEBUG error executing the command %s ERROR
sshd stopped . DEBUG error executing the command %s ERROR
failed query %s DEBUG error executing the command %s ERROR
vlan disabled, not applying vlan disableLan function is failed to disable
configuration.. DEBUG ConfigPort" ERROR
failed query %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
failed query %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Unable to Disable configurable port
no ports present in this vlanId %d DEBUG from ERROR
failed query %s DEBUG configPortTblHandler has failed ERROR
vlan disabled, not applying vlan
configuration.. DEBUG sqlite3QueryResGet failed.Query:%s ERROR
disabling vlan DEBUG Error in executing DB update handler ERROR
enabling vlan DEBUG sqlite3QueryResGet failed ERROR
vlan disabled, not applying vlan Failed to execute switchConfig for
configuration.. DEBUG port\ ERROR
Failed to execute switchConfig for
no ports present in this vlanId %d DEBUG port enable ERROR
Failed to execute ifconfig for port
failed query %s DEBUG enable ERROR
vlan disabled, not applying vlan
configuration.. DEBUG Failed to execute ethtool for\ ERROR
removing %s from bridge%s... %s DEBUG port disable ERROR
Failed to execute ifconfig for port
adding %s to bridge%d... %s DEBUG disable ERROR
restarting bridge... DEBUG sqlite3QueryResGet failed ERROR
[switchConfig] Ignoring event on port
number %d DEBUG sqlite3_mprintf failed ERROR
restarting bridge... DEBUG sqlite3QueryResGet failed ERROR
executing %s ... %s DEBUG port mirroring ERROR
Usage:%s <DB Name> <Entry
removing %s from bridge%s... %s DEBUG Name> <logFile> <subject> ERROR
adding %s to bridge%d... %s DEBUG sqlite3QueryResGet failed ERROR
Could not get all the required
[switchConfig] Ignoring event on %s DEBUG variables to email the Logs. ERROR
restarting bridge... DEBUG runSmtpClient failed ERROR
[switchConfig] Ignoring event on port
number %d DEBUG getaddrinfo returned %s ERROR
[switchConfig] executing %s ... %s DEBUG file not found ERROR
restarting bridge... DEBUG sqlite3QueryResGet failed.Query:%s ERROR
UserName: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Password: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
IspName: %s DEBUG No memory to allocate ERROR
Failed to Open SSHD Configuration
DialNumber: %s DEBUG File ERROR
Ipaddress should be provided with
Apn: %s DEBUG accessoption 1 ERROR
204
Subnetaddress should be provided

GetDnsFromIsp: %s DEBUG with accessoption 2 ERROR
IdleTimeOutFlag: %s DEBUG Failed to restart sshd ERROR
IdleTimeOutValue: %d DEBUG unable to open the " ERROR
AuthMetho: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
executing %s ... %s DEBUG Error in executing DB update handler ERROR
removing %s from bridge%d... %s DEBUG Error in executing DB update handler ERROR
adding %s to bridge%d... %s DEBUG unknown vlan state ERROR
Failed to execute vlanConfig binary
stopping bridge... DEBUG for vlanId %d ERROR
restarting bridge... DEBUG sqlite3_mprintf failed ERROR
Could not configure 6to4 Tunnel Access port can be present only in
Interface DEBUG single vlan ERROR
Could not de-configure 6to4 Tunnel Failed to execute vlanConfig binary
Interface DEBUG for vlanId %d ERROR
failed to restart 6to4 tunnel interfaces DEBUG unknown vlan state ERROR
BridgeConfig: too few arguments to Failed to execute vlanConfig binary
command %s DEBUG for port number %d ERROR
BridgeConfig: unsupported command %d DEBUG Failed to clear vlan for oldPVID %d ERROR
BridgeConfig returned error=%d DEBUG for port number %d ERROR
sqlite3QueryResGet failed DEBUG Failed to clear vlan for %d ERROR
Error in executing DB update handler DEBUG Failed to set vlan entry for vlan %d ERROR
Failed to set vlan entries, while
sqlite3QueryResGet failed DEBUG enabling \ ERROR
Failed to remove vlan Interface for vlanId
\ DEBUG sqlite3QueryResGet failed ERROR
sqlite3QueryResGet failed DEBUG for port number %d ERROR
Invalid oidp passed DEBUG for vlanId %d ERROR
Invalid oidp passed DEBUG Failed to enable vlan ERROR
Failed to get oid from the tree DEBUG Failed to disable vlan ERROR
Failed to set vlanPort table entries,
threegEnable: Input to wrapper %s DEBUG while \ ERROR
threegEnable: spawning command %s DEBUG Failed to enable vlan ERROR
threegMgmtHandler: query string: %s DEBUG unknown vlan state ERROR
threegMgmtHandler: returning with
status: %s DEBUG Error in executing DB update handler ERROR
adding to dhcprealy ifgroup failed DEBUG unknown vlan state ERROR
adding to ipset fwDhcpRelay failed DEBUG for vlanId %d ERROR
Disabling Firewall Rule for DHCP Relay
Protocol DEBUG sqlite3_mprintf failed ERROR
Enabling Firewall Rule for DHCP Relay Access port can be present only in
Protocol DEBUG single vlan ERROR
prerouting Firewall Rule add for Relay Failed to execute vlanConfig binary
failed DEBUG for vlanId %d ERROR
prerouting Firewall Rule add for Relay
failed DEBUG unknown vlan state ERROR
%s: SQL get query: %s DEBUG for port number %d ERROR
%s: sqlite3QueryResGet failed DEBUG Failed to clear vlan for oldPVID %d ERROR
%s: no result found DEBUG for port number %d ERROR
205
%s: buffer overflow DEBUG Failed to clear vlan for %d ERROR

%s: value of %s in %s table is: %s DEBUG Failed to set vlan entry for vlan %d ERROR
Failed to set vlan entries, while
%s: returning with status: %s DEBUG enabling \ ERROR
dnsResolverConfigure: addressFamily: Failed to execute vlanConfig binary
%d DEBUG for port number %d ERROR
dnsResolverConfigure: LogicalIfName: Failed to execute vlanConfig binary
%s DEBUG for vlanId %d ERROR
chap-secrets File found DEBUG Failed to enable vlan ERROR
PID File for xl2tpd found DEBUG Failed to disable vlan ERROR
Failed to set vlanPort table entries,
pid: %d DEBUG while \ ERROR
options.xl2tpd file found DEBUG Failed to enable vlan ERROR
options.xl2tpd file not found DEBUG unknown vlan state ERROR
threegMgmtInit: unable to open the
Conf File for xl2tpd found DEBUG database file %s ERROR
threegConnEnable: failed to get the
xl2tpd.conf not found DEBUG WanMode ERROR
Chap Secrets file found DEBUG threegEnable:spawning failed ERROR
threegDisable: unable to kill ppp
Chap Secrets file not found DEBUG daemon ERROR
opCode:%d rowId:%d DEBUG threegMgmtHandler: Query: %s ERROR
threegMgmtHandler: error in
chap-secrets File found DEBUG executing database update ERROR
PID File for pptpd found DEBUG Error in executing DB update handler ERROR
pid: %d DEBUG are we getting invoked twice ?? ERROR
PID File for pptpd interface found DEBUG could not open %s to append ERROR
pid: %d DEBUG could not write nameserver %s to %s ERROR
options.pptpd file found DEBUG could not write nameserver %s to %s ERROR
options.pptpd file not found DEBUG could not open %s to truncate ERROR
dnsResolverConfigMgmtInit: unable
Conf File for pptpd found DEBUG to open the " ERROR
resolverConfigDBUpateHandler:
pptpd.conf not found DEBUG sqlite3QueryResGet " ERROR
Chap Secrets file found DEBUG could not configure DNS resolver ERROR
dnsResolverConfigure: could not write
Chap Secrets file not found DEBUG nameserver:%s," ERROR
opCode:%d rowId:%d DEBUG unboundMgmt: unable to open the " ERROR
ioctl call Failed-could not update
chap-secrets File found DEBUG active user Details ERROR
pppoeMgmtTblHandler: MtuFlag: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
pppoeMgmtTblHandler: Mtu: %d DEBUG Can't kill xl2tpd ERROR
pppoeMgmtTblHandler:
IdleTimeOutFlag: %d DEBUG xl2tpd restart failed ERROR
pppoeMgmtTblHandler:
IdleTimeOutValue: %d DEBUG failed to get field value ERROR
pppoeMgmtTblHandler: UserName: %s DEBUG failed to get field value ERROR
pppoeMgmtTblHandler: Password: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
pppoeMgmtTblHandler: DNS specified:
%s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
pppoeMgmtTblHandler: Service: %s DEBUG unboundMgmt: unable to open the " ERROR
pppoeMgmtTblHandler: StaticIp: %s DEBUG writing options.xl2tpd failed ERROR
206
pppoeMgmtTblHandler: NetMask: %s DEBUG xl2tpdStop failed ERROR

pppoeMgmtTblHandler: AuthOpt: %d DEBUG writing xl2tpd.conf failed ERROR
pppoeMgmtTblHandler: Satus: %d DEBUG writing options.xl2tpd failed ERROR
pppoeEnable: ppp dial string: %s DEBUG xl2tpdStop failed ERROR
pppoeMgmtDBUpdateHandler: returning
with status: %s DEBUG xl2tpdStart failed ERROR
pptpMgmtTblHandler: MtuFlag: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
writing Chap-secrets/Pap-Secrets
pptpMgmtTblHandler: Mtu: %d DEBUG failed ERROR
pptpMgmtTblHandler: IdleTimeOutFlag:
%d DEBUG xl2tpdStop failed ERROR
pptpMgmtTblHandler: IdleTimeOutValue:
%d DEBUG xl2tpdStart failed ERROR
pptpMgmtTblHandler: GetDnsFromIsp:
%d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
pptpMgmtTblHandler: UserName: %s DEBUG failed ERROR
pptpMgmtTblHandler: Password: %s DEBUG xl2tpdStop failed ERROR
pptpMgmtTblHandler: dynamic MyIp
configured DEBUG xl2tpdStart failed ERROR
pptpMgmtTblHandler: MyIp: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
pptpMgmtTblHandler: ServerIp: %s DEBUG failed ERROR
pptpMgmtTblHandler: StaticIp: %s DEBUG Error in executing DB update handler ERROR
pptpMgmtTblHandler: NetMask: %s DEBUG unboundMgmt: unable to open the " ERROR
pptpMgmtTblHandler:
MppeEncryptSupport: %s DEBUG Can't kill pptpd ERROR
pptpMgmtTblHandler: SplitTunnel: %s DEBUG pptpd restart failed ERROR
pptpEnable: ppp dial string: %s DEBUG Can't kill pptpd ERROR
pptpEnable: spawning command %s DEBUG failed to get field value ERROR
PID File for dhcpc found DEBUG failed to get field value ERROR
pid: %d DEBUG unboundMgmt: unable to open the " ERROR
pptpMgmtDBUpdateHandler: query
string: %s DEBUG writing options.pptpd failed ERROR
pptpMgmtDBUpdateHandler: returning
with status: %s DEBUG pptpdStop failed ERROR
dhcpcReleaseLease: dhcpc release
command: %s DEBUG writing pptpd.conf failed ERROR
dhcpcMgmtTblHandler: MtuFlag: %d DEBUG writing options.pptpd failed ERROR
dhcpcMgmtTblHandler: Mtu: %d DEBUG pptpdStop failed ERROR
DHCPv6 Server started successfully. DEBUG pptpdStart failed ERROR
DHCPv6 Server stopped successfully DEBUG failed ERROR
DHCPv6 Client started successfully. DEBUG Error in executing DB update handler ERROR
pppStatsUpdate: unable to get default
DHCPv6 Client stopped successfully. DEBUG MTU ERROR
pppoeMgmtInit: unable to open the
DHCPv6 Client Restart successful DEBUG database file %s ERROR
pppoeDisable: unable to kill ppp
l2tpMgmtTblHandler: MtuFlag: %d DEBUG daemon ERROR
pppoeMultipleEnableDisable: pppoe
l2tpMgmtTblHandler: Mtu: %d DEBUG enable failed ERROR
pppoeMultipleEnableDisable: pppoe
l2tpMgmtTblHandler: IspName: %s DEBUG disable failed ERROR
207
pppoeMgmtTblHandler: unable to get

l2tpMgmtTblHandler: UserName: %s DEBUG current Mtu Option ERROR
pppoeMgmtTblHandler: unable to get
l2tpMgmtTblHandler: Password: %s DEBUG the Mtu ERROR
pppoeMgmtTblHandler: pppoe enable
l2tpMgmtTblHandler: AccountName: %s DEBUG failed ERROR
pppoeMgmtDBUpdateHandler: failed
l2tpMgmtTblHandler: DomainName: %s DEBUG query: %s ERROR
l2tpMgmtTblHandler: Secret: not pppoeMgmtDBUpdateHandler: error
specified DEBUG in executing " ERROR
pptpMgmtInit: unable to open the
l2tpMgmtTblHandler: Secret: %s DEBUG database file %s ERROR
l2tpMgmtTblHandler: dynamic MyIp pptpEnable: error executing
configured DEBUG command: %s ERROR
pptpEnable: unable to resolve
l2tpMgmtTblHandler: MyIp: %s DEBUG address: %s ERROR
l2tpMgmtTblHandler: ServerIp: %s DEBUG pptpEnable: inet_aton failed ERROR
l2tpMgmtTblHandler: StaticIp: %s DEBUG pptpEnable: inet_aton failed ERROR
l2tpMgmtTblHandler: NetMask: %s DEBUG pptpEnable:spawning failed ERROR
pptpDisable: unable to kill ppp
l2tpMgmtTblHandler: SplitTunnel: %s DEBUG daemon ERROR
needToStartHealthMonitor: returning with pptpMgmtTblHandler: unable to get
status: %s DEBUG current MTU Option ERROR
pptpMgmtTblHandler: unable to get
l2tpEnable: command string: %s DEBUG the Mtu ERROR
pptpMgmtTblHandler:
l2tpEnable: command: %s DEBUG dbRecordValueGet failed for %s " ERROR
pptpMgmtTblHandler: pptp enable
l2tpEnable: command string: %s DEBUG failed ERROR
pptpMgmtTblHandler: pptp disable
PID File for dhcpc found DEBUG failed ERROR
pptpMgmtDBUpdateHandler:
pid: %d DEBUG sqlite3QueryResGet " ERROR
l2tpMgmtDBUpdateHandler: query string: pptpMgmtDBUpdateHandler: error in
%s DEBUG executing " ERROR
l2tpMgmtDBUpdateHandler: returning
with status: %s DEBUG Illegal invocation of dhcpConfig (%s) ERROR
dhcpLibInit: unable to open the
RADVD started successfully DEBUG database file %s ERROR
RADVD stopped successfully DEBUG sqlite3QueryResGet failed.Query:%s ERROR
dhcpcMgmtInit: unable to open the
empty update. nRows=%d nCols=%d WARN database file %s ERROR
dhcpcReleaseLease: unable to
Wan is not up or in load balencing mode WARN release lease ERROR
threegMgmtHandler: no row found.
nRows = %d nCols = %d WARN dhcpcEnable: unable to kill dhclient ERROR
pppoeMgmtDBUpdateHandler: empty dhcpcEnable: enabling dhcpc failed
update. WARN on: %s ERROR
dhcpcEnable: dhclient already running
on: %s WARN dhcpcDisable: unable to kill dhclient ERROR
dhcpcDisable: delete failed for
dhcpcDisable: deleted dhclient.leases WARN dhclient.leases ERROR
l2tpMgmtInit: unable to open the
database file %s ERROR dhcpcDisable: failed to reset the ip ERROR
l2tpEnable: unable to resolve address: dhcpcMgmtTblHandler: unable to get
%s ERROR current Mtu Option ERROR
dhcpcMgmtTblHandler: unable to get
l2tpEnable: inet_aton failed ERROR the Mtu ERROR
208
dhcpcMgmtTblHandler: dhclient
The Enable Command is %s ERROR enable failed ERROR
l2tpEnable:Executing the Command dhcpcMgmtTblHandler: dhcpc release
failed ERROR failed ERROR
dhcpcMgmtTblHandler: dhcpc disable
l2tpDisable: command string: %s ERROR failed ERROR
dhcpcMgmtDBUpdateHandler: failed
l2tpDisable: unable to stop l2tp session ERROR query: %s ERROR
l2tpMgmtTblHandler: unable to get dhcpcMgmtDBUpdateHandler: error
current MTU option ERROR in executing " ERROR
l2tpMgmtTblHandler: unable to get the
Mtu ERROR DHCPv6 Client start failed. ERROR
l2tpMgmtTblHandler: dbRecordValueGet
failed for %s " ERROR DHCPv6 Client stop failed. ERROR
l2tpMgmtTblHandler: l2tpEnable failed ERROR failed to create/open DHCPv6 client " ERROR
failed to write DHCPv6 client
l2tpMgmtTblHandler: disabling l2tp failed ERROR configuration file ERROR
l2tpMgmtDBUpdateHandler:
sqlite3QueryResGet " ERROR failed to restart DHCPv6 Client ERROR
l2tpMgmtDBUpdateHandler: error in failed to create/open DHCPv6 Server
executing ERROR " ERROR
Illegal invocation of tcpdumpConfig (%s) ERROR Restoring old configuration.. ERROR
DHCPv6 Server configuration update
Failed to start tcpdump ERROR failed ERROR
Failed to stop tcpdump ERROR DHCPv6 Server Restart failed ERROR
Invalid tcpdumpEnable value ERROR sqlite3QueryResGet failed.Query:%s ERROR
Facility: System (VPN)

%d command not supported by eapAuth DEBUG PEAP key derive: ERROR ERROR
pCtx NULL. DEBUG PEAP context is NULL: ERROR ERROR
Current cert subject name= %s DEBUG Constructing P2 response: ERROR ERROR
X509_STORE_CTX_get_ex_data failed. DEBUG innerEapRecv is NULL: ERROR ERROR
Cannot get cipher, no session est. DEBUG Decrypting TLS data: ERROR ERROR
%s:
SSL_ERROR_WANT_X509_LOOKUP DEBUG Wrong identity size: ERROR ERROR
Wrong size for extensions packet:
err code = (%d) in %s DEBUG ERROR ERROR
BIO_write: Error DEBUG innerEapRecv is NULL: ERROR. ERROR
Decrypting: BIO reset failed DEBUG Inner EAP processing: ERROR ERROR
Encrypting BIO reset: ERROR DEBUG TLS handshake: ERROR. ERROR
BIO_read: Error DEBUG Sending P1 response: ERROR ERROR
EAP state machine changed from %s to Unexpected tlsGlueContinue return
%s. DEBUG value. ERROR
EAP state machine changed from %s to No more fragments in message.
%s. DEBUG ERROR ERROR
No phase 2 data or phase 2 data
Received EAP Packet with code %d DEBUG buffer NULL: ERROR ERROR
Allocating memory for PEAP Phase 2
Response ID %d DEBUG payload: ERROR ERROR
Response Method %d DEBUG TLS encrypting response: ERROR ERROR
209
Setting message in fragment buffer:

Created EAP/PEAP context: OK DEBUG ERROR ERROR
Allocating TLS read buffer is NULL:
Deleted EAP/PEAP context: OK DEBUG ERROR ERROR
Upper EAP sent us: decision = %d
method state = %d DEBUG Setting last fragment: ERROR ERROR
P2 decision=(%d); methodState=(%d) DEBUG Getting message: ERROR ERROR
Writing message to BIO: ERROR. DEBUG Processing PEAP message: ERROR ERROR
Encrypted (%d) bytes for P2 DEBUG Setting fragment: ERROR ERROR
P2: sending fragment. DEBUG Creating receive buffer: ERROR ERROR
P2: message size = %d DEBUG Setting first fragment: ERROR ERROR
P2: sending unfragmented message. DEBUG Sending P1 response: ERROR ERROR
NULL request (or response) PDU or
P1: Sending fragment. DEBUG NULL context: ERROR ERROR
Expecting start packet, got something
P1: Total TLS message size = (%d) DEBUG else: ERROR ERROR
P1: sending unfragmented message. DEBUG Protocol version mismatch: ERROR ERROR
peapFragFirstProcess: TLS record size Processing PEAP message (from
to receive = (%d) DEBUG frag): ERROR ERROR
Setting version %d DEBUG Processing PEAP message: ERROR ERROR
PEAP pkt rcvd: data len=(%d) flags=(%d)
version=(%d) DEBUG Processing PEAP message: ERROR ERROR
Got PEAP/Start packet. DEBUG Indicated length not valid: ERROR ERROR
Did not get Acknowledged result:
Got first fragment DEBUG ERROR ERROR
Cannot understand AVP value:
Got fragment (n) DEBUG ERROR ERROR
Got last fragment DEBUG eapExtResp is NULL: ERROR ERROR
eapWscCtxCreate:
Got unfragmented message DEBUG EAPAUTH_MALLOC failed. ERROR
eapWscProcess: umiIoctl req to WSC
Got frag ack. DEBUG failed, status = %d ERROR
Ext AVP parsed: flags=(0x%x) DEBUG eapWscCheck: Invalid frame ERROR
Mandatory bit not set: WARNING DEBUG eapWscBuildReq: Invalid state %d ERROR
eapWscProcessWscResp: Invalid data
Ext AVP parsed: type=(%d) DEBUG recd pData = %p, dataLen" ERROR
Data received for invalid context,
Ext AVP parsed: value=(%d) DEBUG dropping it ERROR
eapWscProcessWscResp: Build
Got PEAPv0 success! DEBUG Request failed ERROR
eapWscProcessWscResp: Invalid
Got PEAPv0 failure! DEBUG state %d ERROR
eapWscProcessWscResp: Message
pCtx NULL. DEBUG processing failed 0x%X ERROR
eapWscProcessWscData: Invalid
Authenticator response check: Error DEBUG notification recd %d ERROR
Authenticator response check: Failed DEBUG unable to initialize MD5 ERROR
MS-CHAP2 Response AVP size = %u DEBUG MDString: adpDigestInit for md5 failed ERROR
Created EAP/MS-CHAP2 context: OK. DEBUG EAPAUTH_MALLOC failed. ERROR
pCtx NULL. DEBUG EAPAUTH_MALLOC failed. ERROR
Deleted EAP/MS-CHAPv2 context: OK DEBUG NULL context created: Error ERROR
Not authenticated yet. DEBUG NULL context received: Error ERROR
Authenticator response invalid DEBUG Authenticator ident invalid. ERROR
EAP-MS-CHAPv2 password changed. DEBUG Success request message invalid: ERROR
210
Error
rcvd. opCode %d. DEBUG Plugin context is NULL ERROR
pCtx NULL. DEBUG Deriving implicit challenge: Error ERROR
TLS message len changed in the
fragment, ignoring. DEBUG Generating NT response: Error ERROR
no data to send while fragment ack
received. DEBUG NULL in/out buffer: Error ERROR
TLS handshake successful. DEBUG Incorrect vendor id. ERROR
Created EAP/TTLS context: OK DEBUG Allocating memory for outBuff: ERROR ERROR
Deleted EAP/TTLS context: OK DEBUG AVP code not recognized ERROR
No more fragments in message. ERROR DEBUG EAPAUTH_MALLOC failed. ERROR
Upper EAP sent us: method state = %d;
decision = %d DEBUG Converting password to unicode: Error ERROR
P2: sending fragment. DEBUG Generating password hash: Error. ERROR
Generating password hash hash:
P2 send unfragmented message. DEBUG Error. ERROR
P1: sending fragment. DEBUG Generating master key: Error. ERROR
Generating first 16 bytes of session
P1: sending unfragmented message. DEBUG key: Error.n ERROR
Generating second 16 bytes of session
\tTLSMsgLen = 0x%x DEBUG key: Error.n ERROR
Send req ptr = 0x%x; Send resp ptr =
0x%x DEBUG Converting password to unicode: Error ERROR
P2 decision=(%d); methodState=(%d) DEBUG Constructing failure response: ERROR ERROR
Default EAP: method state = %d;
decision = %d DEBUG Error checking authenticator response. ERROR
TTLS pkt: data len=(%d) flags=(0x%x) DEBUG Error generating NT response. ERROR
Username string more than 256 ASCII
Got start DEBUG characters: ERROR ERROR
Got first fragment (n). DEBUG Invalid Value-Size. ERROR
Invalid MS-Length. Got (%d), expected
Got fragment (n). DEBUG (%d) ERROR
Got last fragment DEBUG Error constructing response. ERROR
Got unfragmented message. DEBUG Got type (%d), expecting (%d) ERROR
Cannot handle message; opCode =
Got frag ack. DEBUG %d ERROR
Rcvd. AVP Code-%u: flags-0x%x: len-
%u: vendorId-%u: " DEBUG EAPAUTH_MALLOC failed. ERROR
MOD EAP: method state from upper =
%d; decision = %d DEBUG tlsGlueCtxCreate failed. ERROR
Got AVP len = %ul. Should be less than client certificate must be set in the
16777215 DEBUG profile. ERROR
AVP length extract: Error DEBUG received tls message length too big. ERROR
pFB is NULL DEBUG total frags len > initial total tls length. ERROR
Requesting message before assembly
complete DEBUG total frags len > initial total tls length. ERROR
total data rcvd(%d) doesnt match the
pFB is NULL DEBUG initial " ERROR
pFB is NULL DEBUG couldnt write %d data to TLS buffer. ERROR
invalid flags %s passed to
Buffer cannot hold message: ERROR DEBUG eapTlsBuildResp. ERROR
pFB is NULL: Error DEBUG EAPAUTH_MALLOC failed. ERROR
pFB is NULL DEBUG tlsGlueCtxCreate failed. ERROR
TLS_FB* is NULL. DEBUG Context NULL: ERROR ERROR
211
pFB->msgBuff is NULL. DEBUG Setting profile to glue layer: ERROR. ERROR

Error calculating binary. DEBUG _eapCtxCreate failed. ERROR
%d authentication not enabled in the
Error calculating binary. DEBUG system. ERROR
Initializing inner non-EAP auth plugin:
adpDigestInit for SHA1 failed. DEBUG ERROR ERROR
adpDigestInit for SHA1 failed. DEBUG TTLS key derive: ERROR ERROR
TTLS context from EAP plugin is
E = %d DEBUG NULL: ERROR ERROR
Allocating memory for TTLS Phase 2
R = %d DEBUG payload: ERROR ERROR
Could not initialize des -ecb DEBUG TLS Encrypting response: ERROR ERROR
Allocating TLS read buffer is NULL:
adpDigestInit for MD4 failed. DEBUG ERROR ERROR
Inner authentication (id: %d)
adpDigestInit for SHA1 failed. DEBUG unhandled ERROR
adpDigestInit for SHA1 failed. DEBUG innerEapRecv is NULL: ERROR. ERROR
Error converting received auth reponse to
bin. DEBUG Decrypting TLS data: ERROR ERROR
Gnerating challenge hash: Error DEBUG Processing Phase 2 method: Error ERROR
Generating password hash: Error DEBUG Writing message to BIO: ERROR. ERROR
Generating challenge response: Error DEBUG TLS handshake: ERROR. ERROR
Unexpected tlsGlueContinue return
Conn cipher name=%s ver=%s: %s DEBUG value. ERROR
Send req ptr = 0x%x; Send resp ptr = NULL request (or response) PDU or
0x%x DEBUG NULL context ERROR
Request ptr = 0x%x; DEBUG Protocol version mismatch: ERROR ERROR
Response ptr = 0x%x DEBUG Creating receive buffer: ERROR ERROR
Rcvd. AVP Code - %ul DEBUG Setting first fragment: ERROR ERROR
Rcvd. AVP flags - 0x%02x DEBUG Setting fragment: ERROR ERROR
Rcvd. AVP len - %ul DEBUG Setting last fragment: ERROR ERROR
Rcvd. AVP vendor id - %ul DEBUG Getting message: ERROR ERROR
\tCode = %d DEBUG Processing TTLS message: ERROR ERROR
\tIdent = %d DEBUG Processing TTLS message: ERROR ERROR
\tLen = %d DEBUG Processing TTLS message: ERROR ERROR
\tType = %d DEBUG Decapsulating AVP: ERROR ERROR
\tOpCode = %d DEBUG Processing EAP receive: Error ERROR
\tMSID = %d DEBUG AVP code not EAP: Error ERROR
\tmsLen = %d DEBUG Encapsulating AVP: ERROR ERROR
\tvalSize = %d DEBUG profile %s doesnt exist. ERROR
Frag Buffer bytes left = (%d) DEBUG profile %s is in use. ERROR
Stripped username=(%s) DEBUG profile %s already exists. ERROR
digestLen = %d. DEBUG EAPAUTH_MALLOC failed ERROR
ClearText = DEBUG User not found. ERROR
EAP-MD5 not enabled in system
CipherText = DEBUG configuration. ERROR
EAP-MSCHAPV2 not enabled in
digestLen = %d. DEBUG system configuration. ERROR
EAP-TLS not enabled in system
digestLen1 = %d. DEBUG configuration. ERROR
EAP-TTLS not enabled in system
digestLen2 = %d. DEBUG configuration. ERROR
212
password change is not allowed for this EAP-PEAP not enabled in system
user DEBUG configuration. ERROR
EAP-WSC not enabled in system
completed writing the policy DEBUG configuration. ERROR
PAP not enabled in system
completed writing the SA DEBUG configuration. ERROR
CHAP not enabled in system
completed writing the proposal block DEBUG configuration. ERROR
MSCHAP not enabled in system
cmdBuf: %s DEBUG configuration. ERROR
X509_DEBUG : Invalid Certificate for the MSCHAPV2 not enabled in system
generated" DEBUG configuration. ERROR
PAP/Token not enabled in system
X590_ERROR : Failed to create File '%s' DEBUG configuration. ERROR
EAP-MD5 not enabled in system
x509TblHandler DEBUG configuration. ERROR
EAP-MSCHAPV2 not enabled in
pCertType: %s DEBUG system config. ERROR
EAP-TLS not enabled in system
pRowQueryStr: %s DEBUG configuration. ERROR
EAP-TTLS and EAP-PEAP are not
x509SelfCertTblHandler DEBUG valid as inner" ERROR
pRowQueryStr: %s DEBUG invalid innerAuth %d. ERROR
opCode:%d rowId:%d DEBUG profile %s doesnt exist. ERROR
Re-assembling fragments incorrect
umiRegister failed ERROR size ERROR
eapAuthHandler: Invalid data received ERROR Error creating cipher context. ERROR
EAPAUTH_MALLOC failed. ERROR Error initializing cipher context. ERROR
malloc failed. ERROR Error creating digest context. ERROR
BIO_new_mem_buf failed. ERROR Error initializing digest context. ERROR
malloc failed. ERROR Error initializing DES in Klite ERROR
BIO_new_mem_buf failed. ERROR Error initializing MD4 in Klite ERROR
SSL_CTX_new (TLSv1_client_method)
failed. ERROR Error initializing RC4 in Klite ERROR
unable to set user configured CIPHER
list %s ERROR Error initializing SHA in Klite ERROR
Certificate verification failed. ERROR Error cleaning cipher context. ERROR
Server name match failed. Got (%s)
expected " ERROR Error destroying cipher context. ERROR
SSL_CTX_use_certificate_file (cert,
PEM) failed. ERROR Error cleaning digest context. ERROR
SSL_CTX_use_PrivateKey_file failed. ERROR Error destroying digest context. ERROR
private key does not match public key ERROR Error stripping domain name. ERROR
SSL_CTX_load_verify_locations failed ERROR Error cleaning digest context. ERROR
SSL_new failed. ERROR Error cleaning digest context. ERROR
Both SSL_VERIFY_PEER and Challenge not present in failure
SSL_VERIFY_NONE set: Error ERROR packet. ERROR
EAPAUTH_MALLOC failed. ERROR Wrong challenge length. ERROR
Incorrect password change version
EAPAUTH_MALLOC failed. ERROR value. ERROR
eapTimerCreate failed. ERROR Error generating password hash. ERROR
eapCtxDelete:pCtx == NULL ERROR Error generating password hash. ERROR
eapRole != EAP_ROLE_PEER or Error encrypting password hash with
EAP_ROLE_AUTHENTICATOR ERROR block ERROR
213
pEapCtx == NULL or pPDU == NULL. ERROR Could not initialize des -ecb ERROR
received EAP pdu bigger than
EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR
received EAP pdu bigger than
EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR
state machine is in invalid state. ERROR Error cleaning digest context. ERROR
unable to create method context. ERROR Error cleaning digest context. ERROR
method ctxCreate failed. ERROR adpDigestInit for SHA1 failed. ERROR
method profile set failed. ERROR X509_ERROR : .Query:%s ERROR
X509_ERROR : Invalid Certificate for
state machine is in invalid state. ERROR the " ERROR
Only StandAlone authenticator supported
currently. ERROR invalid x509 certificate ERROR
state machine is in invalid state. ERROR Couldn't get the x509 cert hash ERROR
BuildReq operation failed ERROR Memory allocation failed ERROR
No method ops defined for current
method ERROR FileName too lengthy ERROR
Process operation failed ERROR Couldn't execute command ERROR
state machine is in invalid state. ERROR Memory allocation failed ERROR
Packet length mismatch %d, %d ERROR Memory allocation failed ERROR
eapAuthTypeToType: Invalid
eapAuthType %d ERROR invalid certificate data ERROR
eapTypeToAuthType: Invalid eapType
%d ERROR .Query:%s ERROR
unable to create method context. ERROR .Query:%s ERROR
method ctxCreate failed. ERROR Memory allocation failed ERROR
Invalid condition, methodState = %d, X509_ERROR : Failed to validate the
respMethod = %d ERROR certficate " ERROR
A EAP Ctx map already exists ERROR Memory allocation failed ERROR
eapTimerCreate: Currently unsupported
for Peer role ERROR .Query:%s ERROR
eapTimerStart: Currently unsupported for
Peer role ERROR Invalid Sign Key Length : %d ERROR
eapTimerDestroy: Currently unsupported
for Peer role ERROR Invalid Hash Alg : %d ERROR
eapTimerCancel: Currently unsupported
for Peer role ERROR Invalid Sign Alg : %d ERROR
eapTimerHandler: Currently unsupported
for Peer role ERROR No Memory Available ERROR
pCtx is NULL: ERROR ERROR Certificate Request Failed ERROR
tlsGlueCtxCreate failed ERROR File Open Failed ERROR
eapVars is NULL ERROR File is Empty ERROR
Context NULL: ERROR ERROR Memory Allocation Failed ERROR
Initializing inner EAP auth: ERROR ERROR File Open Failed ERROR
pCtx is NULL: ERROR ERROR File is Empty ERROR
Memory Allocation Failed ERROR Error in executing DB update handler ERROR
Facility: System (Admin)

Usage:%s <DBFile> DEBUG unable to register to UMI ERROR
214
Could not open database: %s DEBUG sqlite3QueryResGet failed ERROR

CPU LOG File not found DEBUG radSendtoServer: socket: %s ERROR
radSendtoServer: bind() Failed: %s:
MEM LOG File not found DEBUG %s ERROR
cpuMemUsageDBUpdateHandler: radRecvfromServer: recvfrom() Failed:
update query: %s DEBUG %s ERROR
radRecvfromServer: Packet too small
Printing the whole list after inserting DEBUG from %s:%d: %s ERROR
%s at %d(minute) %d(hour) radCheckMsgAuth: Invalid Message-
%d(dayOfMonth) %d(month)" DEBUG Authenticator length in" ERROR
radDictLoad: couldn't open dictionary
adpCmdExec exited with return code=%d DEBUG %s: %s ERROR
radBuildAndSendReq: Invalid Request
%s op=%d row=%d DEBUG Code %d ERROR
radPairAssign: bad attribute value
sqlite3_mprintf failed DEBUG length ERROR
radPairAssign: unknown attribute type
sqlite3QueryResGet failed: query=%s DEBUG %d ERROR
Printing the whole list after delete DEBUG radPairNew: unknown attribute %d ERROR
%s at %d(minute) %d(hour) radPairGen: Attribute(%d) has invalid
%d(dayOfMonth) %d(month)" DEBUG length ERROR
radPairValue: unknown attribute type
Printing the whole list after inserting DEBUG %d ERROR
%s at %d(minute) %d(hour) radPairValueLen: unknown attribute
%d(dayOfMonth) %d(month)" DEBUG type %d ERROR
radPairLocate: Attribute(%d) has
email logs: No logging events enabled DEBUG invalid length ERROR
radPairUnpackDefault: Unknown-
%s DEBUG Attribute[%d]: ERROR
Mail sent and the Database is reset. DEBUG radConfigure: can't open %s: %s ERROR
radConfigure: %s: line %d: bogus
Disabled syslog server DEBUG format: %s ERROR
radConfAssert: No AuthServer
Event logs are full, sending logs to email DEBUG Specified ERROR
radConfAssert: No Default Timeout
Email logs sending failed DEBUG Specified ERROR
radConfAssert: No Default Retry
Packing attribute: %s DEBUG Count Specified ERROR
radExtractMppeKey: Invalid MS-
Server found: %s, secret: %s DEBUG MPPE-Key Length ERROR
Packed Auth. Reqest: code:%d, id:%d, radVendorMessage: Invalid Length in
len:%d DEBUG Vendor Message ERROR
radVendorMessage: Unknown Vendor
Sending Packet to %x:%d .... DEBUG ID received:%d ERROR
radVendorAttrGet: Invalid Length in
Receiving Reply Packet.... DEBUG Vendor Message ERROR
radVendorAttrGet: Unknown Vendor
Verified Reply Packet Integrity DEBUG ID:%d ERROR
radVendorMessagePack: Unknown
Generated Reply Attribute-Value pairs DEBUG Vendor ID:%d ERROR
radGetIPByName: couldn't resolve
Verified Message-Authenticator DEBUG hostname: %s ERROR
Unloaded RADIUS Dictionary DEBUG radGetHostIP: couldn't get hostname ERROR
radGetHostIP: couldn't get host IP
Adding Dictionary Attribute %s DEBUG address ERROR
Adding Dictionary Value %s DEBUG radius dictionary loading failed ERROR
Loaded Dictionary %s DEBUG Failed to set default timeout value ERROR
215
Adding Dictionary Attribute '%s' DEBUG Failed to set default retries value ERROR
ERROR: incomplete DB update
Adding Dictionary Value %s DEBUG information. ERROR
old values result does not contain 2
Receiving attribute: %s DEBUG rows ERROR
Processing attribute: %s DEBUG sqlite3QueryResGet failed ERROR
Processing attribute: %s DEBUG empty update. nRows=%d nCols=%d ERROR
Processing attribute: %s DEBUG Error in executing DB update handler ERROR
Processing attribute: %s DEBUG sqlite3QueryResGet failed ERROR
radConfGet: " DEBUG Invalid SQLITE operation code - %d ERROR
Added Server %s:%d with " DEBUG sqlite3QueryResGet failed ERROR
Added Server %s:%d with " DEBUG empty result. nRows=%d nCols=%d ERROR
Default Timeout Set to %d DEBUG sqlite3QueryResGet failed ERROR
Default Retry Count Set to %d DEBUG empty result. nRows=%d nCols=%d ERROR
%s - %s : %d DEBUG RADIUS Accounting Exchange Failed ERROR
Deleting Server %s:%d with " DEBUG Unable to set debug for radAcct. ERROR
Adding RowId:%d to Server %s:%d with " DEBUG Unable to set debug level for radAcct. ERROR
rowIds: %d - %d DEBUG ERROR: option value not specified ERROR
Deleting Server %s:%d with " DEBUG ERROR: option value not specified ERROR
RADIUS Deconfigured DEBUG Unable to initialize radius ERROR
radEapMsgQueueAdd: Invalid EAP
Found Option %s on line %d of file %s DEBUG packet length(%d) ERROR
radEapRecvTask: invalid EAP
Setting Option %s with value %s DEBUG code:%d ERROR
radEapRecvTask: Packet length
RADIUS Configured DEBUG mismatch %d, %d ERROR
No attributes received in Access-
%d : Server %s:%d with " DEBUG Challenge message ERROR
DBUpdate event: Table: %s opCode:%d No State Attribute in Access -
rowId:%d DEBUG Challenge message ERROR
Host IP address: %s DEBUG radEapRecvTask: " ERROR
Adding Packet for existing cookie:%p DEBUG failed to initialize UMI ERROR
Adding Packet and cookie:%p DEBUG umiRegister failed. errno=%d ERROR
Releasing Packet and cookie:%p DEBUG Invalid arguments to ioctl handler ERROR
Releasing Packet with cookie:%p DEBUG radEapSendRtn: Invalid Arguments ERROR
radEapSendRtn: failed to allocate
Received EAP-Identity from Pnac: %s DEBUG buffer ERROR
Filling User-Name: %s DEBUG umiIoctl failed ERROR
Filling State: DEBUG failed to initialize EAP message queue ERROR
Filling EAP-Message: DEBUG Unable to set debug for radEap. ERROR
Filling Service-Type: %d DEBUG Unable to set debug level for radEap. ERROR
Filling Framed-MTU: %d DEBUG ERROR: option value not specified ERROR
Received Access -Challenge from Server DEBUG ERROR: option value not specified ERROR
Sending Reply EAP Packet to Pnac DEBUG could not initialize MGMT framework ERROR
Error sending packet to Pnac DEBUG Unable to initialize radius ERROR
RADIUS Authentication Failed; " DEBUG Unable to set debug for radEap. ERROR
RADIUS Authentication Successful; " DEBUG Unable to set debug level for radEap. ERROR
Got Packet with cookie:%p DEBUG ERROR: option value not specified ERROR
Next DNS Retry after 1 min DEBUG Unable to initialize radius ERROR
Next Synchronization after" DEBUG Invalid username or password ERROR
216
Next Synchronization after" DEBUG Unable to set debug for radAuth. ERROR
Next Synchronization after %d \ DEBUG Unable to set debug level for radAuth. ERROR
Primary is not available, " DEBUG ERROR: option value not specified ERROR
Secondary is not available, " DEBUG Unable to initialize radius ERROR
Invalid username, challenge or
Invalid value for use default servers, " DEBUG response ERROR
No server is configured, " DEBUG Unable to set debug for radAuth. ERROR
Backing off for %d seconds DEBUG Unable to set debug level for radAuth. ERROR
Requesting time from %s DEBUG ERROR: option value not specified ERROR
Synchronized time with %s DEBUG Unable to initialize radius ERROR
Received KOD packet from %s DEBUG Invalid username or password ERROR
No suitable server found %s DEBUG usage : %s <DB fileName> ERROR
Received Invalid Length packet from %s DEBUG ntpd : umi initialization failed ERROR
Received Invalid Version packet from %s DEBUG ntpd : ntpInit failed ERROR
Received Invalid Mode packet from %s DEBUG ntpd : ntpMgmtInit failed ERROR
There was an error while getting the
Request Timed out from %s DEBUG timeZoneChangeScript." ERROR
Looking Up %s DEBUG unexpected reply from %d cmd=%d ! ERROR
Timezone difference :%d DEBUG cmd %d not supported. caller %d ERROR
Could not open file: %s DEBUG default reached ERROR
Could not read data from file DEBUG Unable to initialize ntpControl ERROR
ntpTblHandler DEBUG ntpMgmt : Couldn't open database %s ERROR
ERROR : incomplete DB update
status: %d DEBUG information ERROR
tz: %d DEBUG empty update. nRows=%d nCols=%d ERROR
DayLightsaving: %d DEBUG Error in executing DB update handler ERROR
pNtpControl-
>ServerNames[PRIMARY_SERVER]:
%s DEBUG requestNtpTime: Invalid addr ERROR
pNtpControl-
>ServerNames[SECONDARY_SERVER]
: %s DEBUG failed to take lock for compId: %d ERROR
failed to convert ioctl args to buffer
DS: %d DEBUG for" ERROR
pPriServ %s DEBUG request timeout dst(%d) <-- src(%d) ERROR
pSecServ %s DEBUG failed to take lock for compId: %d ERROR
umiIoctlArgsToBuf: failed to allocate
Making request from %d --> %d DEBUG memory ERROR
sent request dst(%d) <-- src(%d) using umiRecvFrom: could not allocate
option %d DEBUG memory ERROR
received request too small!(%d bytes) DEBUG adpMalloc failed ERROR
Received a UMI request from %d DEBUG context with ID: %d already registered ERROR
Failed to allocate memory for creating
sent a reply src(%d) ---> dst(%d) DEBUG UMI context ERROR
Failed to create recvSem for UMI
umiRegister (%x,%x,%x,%x) DEBUG context ERROR
srcId=%d(%s) --> destId=%d(%s) Failed to create mutex locks for UMI
cmd=%d inLen=%d outLen=%d DEBUG context ERROR
Failed to create mutex recvQLock for
waiting for reply...Giving Up DEBUG UMI context ERROR
No request in the list after semTake DEBUG Invalid arguments to umiIoctl ERROR
reply timeout DEBUG could not find the destination context ERROR
217
timeout after semTake DEBUG memPartAlloc for %d size failed ERROR

srcId=%d(%s) <-- destId=%d(%s)
cmd=%d DEBUG memPartAlloc for %d size failed ERROR
No Handler registered for this UMI
Un-registerting component with Id %d DEBUG context ERROR
failed to send ioctl request: dst(%d) <--- Couldn't find component with ID
src(%d) DEBUG (%d)," ERROR
processed a reply dst(%d) <-- src(%d) DEBUG id=%d handler=%x ERROR
request with no result option dst(%d) <-- Received NULL buffer in
src(%d) DEBUG umiBufToIoctlArgs() ERROR
usbMgmtInit: unable to open the
cmd = %s DEBUG database file %s ERROR
cmdstring is %s %s:%d DEBUG call to printConfig failed ERROR
Calling printerConfig binary ... DEBUG Failed to Disable Network Storage" ERROR
Some error occurred while removing
Calling unmount for USB ... DEBUG device ERROR
Some error occurred while removing
Calling mount for USB ... DEBUG device ERROR
usbdevice is %d %s:%d DEBUG Sqlite update failed ERROR
Query string: %s DEBUG Failed to enable printer properly ERROR
sqlite3QueryResGet failed.Query:%s DEBUG Failed to mount device on system ERROR
%s: 1. usb is already disconnected for Failed to enable network storage
old usb type. " DEBUG device" ERROR
%s: 2.call disable for new usb type ! DEBUG Failed to mount device on system ERROR
%s: 3. usb is already disconnected for
old usb type. " DEBUG Sqlite update failed ERROR
%s: 4. Disabled old usb type . Now " DEBUG USB1 Touch failed ERROR
usbdevice is %d %s:%d DEBUG USB2 Touch failed ERROR
USB: failed to begin transaction: %s DEBUG Sqlite update failed ERROR
USB: SQL error: %s pSetString = %s DEBUG Failed query: %s ERROR
Failed to execute usb database
USB: failed to commit transaction: %s DEBUG update handler ERROR
Usage:%s <DBFile> <opType>
USB: updated table: %s DEBUG <tblName> <rowId> ERROR
USB: returning with status: %s DEBUG Illegal invocation of snmpConfig (%s) ERROR
opCode:%d rowId:%d DEBUG Invalid Community Access Type ERROR
executing %s status =%d DEBUG Invalid User Access Type ERROR
executing %s DEBUG Invalid Security Level ERROR
%s returned status=%d DEBUG Invalid Authentication Algorithm ERROR
%s returned status=%d DEBUG Invalid Privacy Algorithm ERROR
snmpd.conf not found DEBUG Invalid Argument ERROR
Failed to allocate memory for
[SNMP_DEBUG] : Fwrite Successful DEBUG engineID ERROR
[SNMP_DEBUG]: Failed to get host
[SNMP_DEBUG] : Fwrite failed DEBUG address ERROR
radPairGen: received unknown attribute
%d of length %d WARN [SNMP_DEBUG] : FOPEN failed ERROR
radPairGen: %s has unknown type WARN sqlite3QueryResGet failed.Query:%s ERROR
radPairLocate: unknown attribute %ld of
length %d WARN sqlite3QueryResGet failed.Query:%s ERROR
radPairLocate: %s has unknown type WARN Invalid Security Level ERROR
Illegal invocation of cpuMemUsage (%s) ERROR Invalid Authentication Algorithm ERROR
218
cpuMemUsageDBUpdateHandler: SQL
error: %s ERROR Invalid Privacy Algorithm ERROR
unable to open the DB file %s ERROR Failed to Get Host Address ERROR
umiInit failed ERROR Invalid version ERROR
unable to register to UMI ERROR snmp v3 Trap Configuration Failed ERROR
Error Reading from the Database. ERROR sqlite3QueryResGet failed query:%s ERROR
short DB update event request! ERROR sqlite3QueryResGet failed.Query:%s ERROR
Failed to Open Snmp Configuration
Error in executing DB update handler ERROR File ERROR
adpListNodeRemove : Returned with an
error ERROR Failed to write access control entries ERROR
command too long. Try increasing " ERROR Failed to write snmpv3 users entries ERROR
failed to allocate memory for
CRON_NODE ERROR Failed to write snmp trap entries ERROR
sqlite3QueryResGet failed ERROR Failed to write system entries. ERROR
There was an error while reading the
schedules. ERROR Failed to restart snmp ERROR
unable to register to UMI ERROR %s failed with status ERROR
short DB update event request! ERROR Error in executing DB update handler ERROR
malloc(DB_UPDATE_NODE) failed ERROR %s: Unable to open file: %s ERROR
short ifDev event request! ERROR RADVD start failed ERROR
sqlite3_mprintf failed ERROR RADVD stop failed ERROR
failed to create/open RADVD
no component id matching %s ERROR configuration file %s ERROR
umiIoctl (%s,
UMI_CMD_DB_UPDATE(%d)) failed. ERROR Restoring old configuration.. ERROR
failed to write/update RADVD
sqlite3_mprintf failed ERROR configuration file ERROR
sqlite3_mprintf failed ERROR upnpDisableFunc failed ERROR
no component id matching %s ERROR upnpEnableFunc failed ERROR
umiIoctl (%s,
UMI_CMD_IFDEV_EVENT(%d)) failed. ERROR sqlite3QueryResGet failed.Query:%s ERROR
klogctl(9) failed ERROR Error in executing DB update handler ERROR
malloc failed for %d bytes ERROR unable to open the DB file %s ERROR
klogctl(4) failed ERROR umiInit failed ERROR
emailLogs: Invalid Number of
Arguments!! Exiting. ERROR unable to register to UMI ERROR
sqlite3QueryResGet failed ERROR short DB update event request! ERROR
Could not execute the smtpClient. ERROR short ifDev event request! ERROR
Error while cleaning the
database.Exiting. %s ERROR sqlite3_mprintf failed ERROR
%s failed. status=%d ERROR
Facility: System (Firewall)

Enabling rule for protocol binding. DEBUG Disable all NAT rules. DEBUG
Disabling rule for protocol binding. DEBUG Enable all NAT rules. DEBUG
Enabling Remote SNMP on WAN. DEBUG Enabling NAT URL filter rules. DEBUG
Disabling Remote SNMP on WAN DEBUG Restarting all NAT rules. DEBUG
219
wan traffic counters are restared DEBUG Deleting schedule based firewall rules. DEBUG
Deleting schedule based firewall rules
Traffic limit has been reached DEBUG from DB. DEBUG
Traffic meter monthly limit has been Update schedule based firewall rules in
changed to %d. DEBUG DB. DEBUG
Enabling traffic meter for only dowload. DEBUG Restart schedule based firewall rules. DEBUG
Enabling traffic meter for both directions. DEBUG inter vlan routing enabled DEBUG
Enabling traffic meter with no limit. DEBUG inter vlan routing disabled DEBUG
Email alert in traffic meter disabled. DEBUG Disabling Content Filter for %d DEBUG
Email alert in traffic meter enabled. DEBUG Enabling Content Filter for %d DEBUG
Traffic Meter:Monthly limit %d MB has ./src/firewall/linux/user/firewalld.c:59:#u
been " DEBUG ndef ADP_DEBUG2 DEBUG
Traffic Metering: Adding rule to drop all ./src/firewall/linux/user/firewalld.c:61:#d
traffic DEBUG efine ADP_DEBUG2 printf DEBUG
Traffic Metering: %sabling Email traffic DEBUG Enabling Source MAC Filtering DEBUG
Disabling attack checks for IPv6 rules. DEBUG Disabling Source MAC Filtering DEBUG
Adding MAC Filter Policy for Block &
Enabling attack checks for IPv6 rules. DEBUG Permit Rest DEBUG
Configuring one to one NAT settings with Adding MAC Filter Policy for Permit &
%s private start IP " DEBUG Block Rest DEBUG
Deleting forward one to one NAT having
setting %s private start" DEBUG Restarting Source MAC Address Policy DEBUG
Disabling attack check for Block ping to Disabling Firewall Rule for DHCP Relay
WAN interface. DEBUG Protocol DEBUG
Disabling attack check for Stealth mode Enabling Firewall Rule for DHCP Relay
for tcp DEBUG Protocol DEBUG
Disabling attack check for Stealth mode prerouting Firewall Rule add for Relay
for udp DEBUG failed DEBUG
prerouting Firewall Rule add for Relay
Disabling attack check for TCP Flood. DEBUG failed DEBUG
Deleting MAC Filter Policy for Address
Disabling attack check for UDP Flood. DEBUG %s DEBUG
Adding MAC Filter Policy for Address
Disabling attack check for IPsec. DEBUG %s DEBUG
Disabling attack check for PPTP. DEBUG Disabling Firewall Rules for DMZ host DEBUG
Disabling attack check for L2TP. DEBUG Enabling Firewall Rules for DMZ host DEBUG
Disabling Firewall Rules for Spill Over
Disabling attack check for UDP Flood. DEBUG Load Balancing DEBUG
Disabling Firewall Rules for Load
Disabling attack check for IPsec. DEBUG Balancing DEBUG
Enabling Firewall Rules for Load
Disabling attack check for PPTP. DEBUG Balancing DEBUG
Enabling Firewall Rules for Spill Over
Disabling attack check for L2TP. DEBUG Load Balancing DEBUG
Enabling attack check for Block ping to Enabling Firewall Rules for Auto
WAN " DEBUG Failover DEBUG
Enabling attack check for Stealth Mode Enabling Firewall Rules for Load
for tcp. DEBUG Balancing . DEBUG
Enabling attack check for Stealth Mode Enabling Firewall Rules for Spill Over
for udp. DEBUG Load Balancing . DEBUG
Enabling Firewall Rules for Auto
Enabling attack check for TCP Flood. DEBUG Failover DEBUG
Enabling attack check for UDP Flood. DEBUG Deleting BlockSites Keyword \ DEBUG
Enabling attack check for IPsec. DEBUG Enabling BlockSites Keyword \ DEBUG
Enabling attack check for PPTP. DEBUG Disabling BlockSites Keyword \ DEBUG
220
Enabling attack check for L2TP. DEBUG Updating BlockSites Keyword from \ DEBUG
Enabling attack check for UDP Flood. DEBUG Inserting BlockSites Keyword \ DEBUG
Enabling attack check for IPsec. DEBUG Deleting Trusted Domain \ DEBUG
Enabling attack check for PPTP. DEBUG Adding Trusted Domain \ DEBUG
Restarting Schedule Based Firewall
Enabling attack check for L2TP. DEBUG Rules DEBUG
Enabling DoS attack check with %d
SyncFlood detect rate, " DEBUG Enabling Remote SNMP DEBUG
Disabling DoS attack check having %d
SyncFlood detect rate," DEBUG Disabling Remote SNMP DEBUG
Enabling ICSA Notification Item for ICMP
notification. DEBUG Enabling Remote SNMP DEBUG
Enabling ICSA Notification Item for
Fragmented Packets. DEBUG Disabling DOS Attacks DEBUG
Enabling ICSA Notification Item for Multi
cast Packets. DEBUG Enabling DOS Attacks DEBUG
Disabling ICSA Notification Item for
ICMP notification. DEBUG Enabling DOS Attacks DEBUG
Disabling ICSA Notification Item for
Fragmented Packets. DEBUG Restarting Firewall [%d]:[%d] For %s DEBUG
Disabling ICSA Notification Item for Multi restartStatus = %d for LogicalIfName =
cast Packets. DEBUG %s DEBUG
Adding IP/MAC binding rule for %s MAC
address " DEBUG Deleting Lan Group %s DEBUG
Deleting IP/MAC binding rule for %s
MAC " DEBUG Adding Lan Group %s DEBUG
./src/firewall/linux/user/firewalld.c:60:#un
def ADP_DEBUG DEBUG Deleting lan host %s from group %s DEBUG
./src/firewall/linux/user/firewalld.c:62:#def
ine ADP_DEBUG printf DEBUG Adding lan host %s from group %s DEBUG
Restarting traffic meter with %d mins, Disabling Firewall Rule for IGMP
%d hours, " DEBUG Protocol DEBUG
Updating traffic meter with %d mins, %d Enabling Firewall Rule for IGMP
hours, " DEBUG Protocol DEBUG
Deleting IP/MAC Bind Rule for MAC
Deleting traffic meter. DEBUG address %s and IP " DEBUG
Adding IP/MAC Bind Rule for MAC
Disabling block traffic for traffic meter. DEBUG address %s and IP DEBUG
Deleting Protocol Bind Rule for Service
Enabling traffic meter. DEBUG %s DEBUG
Adding lan group %s. DEBUG %s DEBUG
Deleting lan group %s. DEBUG %s DEBUG
Adding Protocol Bind Rule for Service
Renaming lan group from %s to %s. DEBUG %s DEBUG
Deleting host %s from %s group. DEBUG %s Session Settings DEBUG
Adding host %s to %s group. DEBUG Restarting IPv6 Firewall Rules... DEBUG
Enabling Keyword blocking for %s Deleting Port Trigger Rule for
keyword. DEBUG %d:%d:%d:%d:%d DEBUG
Disabling keyword Blocking for %s Deleting Port Trigger Rule for
keyword . DEBUG %d:%d:%d:%d:%d DEBUG
Deleting trusted domain with keyword Enabling Port Trigger Rule for
%s. DEBUG %d:%d:%d:%d:%d DEBUG
Disabling Port Trigger Rule for
Adding %s keyword to trusted domain. DEBUG %d:%d:%d:%d:%d DEBUG
Enabling Management Access from DEBUG Enabling Port Trigger Rule for DEBUG
221
Internet on port %d %d:%d:%d:%d:%d

Enabling remote access management Disabling Port Trigger Rule for
for IP address range" DEBUG %d:%d:%d:%d:%d DEBUG
Enabling remote access management to Adding Port Trigger Rule for
only this PC. DEBUG %d:%d:%d:%d:%d DEBUG
Disabling Management Access from
Internet on port %d DEBUG Enabling Content Filter DEBUG
Disabling remote access management
for IP address range" DEBUG Disabling Content Filter DEBUG
Disabling remote access management
only to this PC. DEBUG Enabling Content Filter DEBUG
MAC Filtering %sabled for BLOCK and Setting NAT mode for pLogicalIfName
PERMIT REST. DEBUG = %s DEBUG
MAC Filtering %sabled for PERMIT and
BLOCK REST. DEBUG Enabling DROP for INPUT DEBUG
Enabling Content Filtering. DEBUG Enabling DROP for FORWARD DEBUG
Disabling Content Filtering. DEBUG Enabling NAT based Firewall Rules DEBUG
Deleting rule, port triggering for protocol Setting transparent mode for
TCP. DEBUG pLogicalIfName \ DEBUG
Deleting rule, port triggering for protocol
UDP. DEBUG Enabling Accept for INPUT DEBUG
Deleting rule, port triggering for protocol
TCP. DEBUG Enabling Accept for FORWARD DEBUG
Deleting rule, port triggering for protocol Setting Routing mode for
UDP. DEBUG pLogicalIfName \ DEBUG
Enabling rule, port triggering for protocol
TCP. DEBUG Enabling DROP for INPUT DEBUG
UDP. DEBUG Enabling DROP for FORWARD DEBUG
TCP. DEBUG Disabling NAT based Firewall Rules DEBUG
Enabling rule, port triggering for protocol Enabling Firewall Rules for URL
UDP. DEBUG Filtering & " DEBUG
Enabling DNS proxy. DEBUG Adding Firewall Rule for RIP Protocol DEBUG
Restarting Schedule Based Firewall
Restarting DNS proxy. DEBUG Rules DEBUG
enabling IPS checks between %s and
checking DNS proxy for Secure zone. DEBUG %s zones. DEBUG
disabling IPS checks between %s and
checking DNS proxy for Public zone. DEBUG %s zones. DEBUG
Enabling Block traffic from %s zone. DEBUG Stopping IPS...%s DEBUG
Configuring firewall session settings for " DEBUG IPS started. DEBUG
Disabling DMZ DEBUG Route already exists DEBUG
Route addition failed: Network
Disabling WAN-DMZ rules . DEBUG Unreachable DEBUG
Enabling WAN DMZ rules . DEBUG Route addition failed: Network is down DEBUG
Restarting DMZ rule having %s address
with %s address. DEBUG Route addition failed DEBUG
Enabling LAN DHCP relay. DEBUG Failed to add rule in iptables DEBUG
OneToOneNat configured successfully DEBUG Failed to delete rule from iptables DEBUG
fwLBSpillOverConfigure: Something
OneToOneNat configuration failed DEBUG going wrong here ERROR
fwLBSpillOverConfigure: unable to get
Deleting scheduled IPv6 rules. DEBUG interfaceName ERROR
delete from FirewallRules6 where fwLBSpillOverConfigure: Could not set
ScheduleName = '%s'. DEBUG PREROUTING rules ERROR
222
Update FirewallRules6 where fwLBSpillOverConfigure: Could not set

ScheduleName = '%s' to New " DEBUG POSTROUTING rules ERROR
fwLBSpillOverConfigure: Something
Dns proxy Restart failed DEBUG going wrong Here ERROR
fwL2TPGenericRules.c: unable to open
deleting interface to ifgroup failed DEBUG the database file " ERROR
adding interface to ifgroup failed DEBUG fwL2TPGenericRules.c: inet_aton failed ERROR
deleting interface pVirtIface %s from fwPPTPGenericRules.c: unable to
ifgroup %d" DEBUG open the database file " ERROR
adding interface pVirtIface %s to ifgroup fwPPTPGenericRules.c: inet_aton
%d failed DEBUG failed ERROR
DNS proxy firewall rule add failed for
Deleting IP address %s. DEBUG %s ERROR
deleting interface %s from ifgroup %d
Adding new IP address %s. DEBUG failed ERROR
Updating old IP address %s to new IP adding interface %s to ifgroup %d
address %s. DEBUG failed ERROR
Restarting Firewall For %s Address nimfBridgeTblHandler: unable to get
Update from %s:%s DEBUG interfaceName ERROR
Disabling Firewall Rule for MSS packet
marking DEBUG nimfBridgeTblHandler: \ ERROR
Enabling Firewall Rule for MSS packet
marking DEBUG nimfBridgeTblHandler: unable to get \ ERROR
Enabling packet marking rule for %s Failed to %s traffic from %s to %s to
IDLE timer DEBUG IPS. ERROR
Deleted firewall rule %s for service %s Failed to %s traffic from %s to %s to
with action %s DEBUG IPS. ERROR
%s firewall rule %s for service %s with
action %s DEBUG failed to start IPS service. ERROR
Added firewall rule %s for service %s Timeout in waiting for IPS service to
with action %s DEBUG start. ERROR
Deleting inbound(WAN-LAN) firewall Usage:%s <DBFile> <opType>
rule. DEBUG <tblName> <rowId> " ERROR
Deleting inbound(WAN-DMZ) firewall
rule. DEBUG xlr8NatConfig: illegal invocation of (%s) ERROR
RIPng disabled. DEBUG Illegal invocation of [%s] ERROR
xlr8NatMgmtTblHandler: failed query:
RIPng enabled. DEBUG %s ERROR
Disable IPv6 firewall rule. DEBUG Could not open file: %s ERROR
Enable IPv6 firewall rule. DEBUG Rip Error Command Too Long ERROR
Deleting IGMP proxy rule. DEBUG No authentication for Ripv1 ERROR
Enable IGMP proxy rule. DEBUG Invalid Rip Direction ERROR
Restarting IGMP rule. DEBUG Invalid Rip Version ERROR
Traffic meter enabled with no limit type. DEBUG Invalid Password for 1st Key ERROR
Traffic meter enabled for only download. DEBUG Invalid Time for 1st Key ERROR
Traffic meter enabled for both directions. DEBUG Invalid Password for 2nd Key ERROR
Deleted firewall rule %s for service %s
with action %s DEBUG Invalid Time for 2nd Key ERROR
%s firewall rule %s for service %s with
action %s DEBUG Invalid First KeyId ERROR
Added firewall rule %s for service %s
with action %s DEBUG Invalid Second KeyId ERROR
Enabling Inter VLAN routing. DEBUG Invalid Authentication Type ERROR
Updating inter VLAN routing status. DEBUG ripDisable failed ERROR
Deleting inter VLAN routing. DEBUG ripEnable failed ERROR
223
Facility: Local0 (Wireless)

(node=%s) setting %s to val = %d DEBUG sqlite3QueryResGet failed ERROR
Custom wireless event: '%s' DEBUG sqlite3QueryResGet failed ERROR
Wireless event: cmd=0x%x len=%d DEBUG VAP(%s) set beacon interval failed ERROR
New Rogue AP
(%02x:%02x:%02x:%02x:%02x:%02x)
detected DEBUG VAP(%s) set DTIM interval failed ERROR
WPS session in progress, ignoring
enrolle assoc request DEBUG VAP(%s) set RTS Threshold failed ERROR
VAP(%s) set Fragmentation Threshold
ran query %s DEBUG failed ERROR
DBUpdate event: Table: %s opCode:%d
rowId:%d DEBUG VAP(%s) set Protection Mode failed ERROR
%sing VAPs using profile %s DEBUG VAP(%s) set Tx Power failed ERROR
%sing VAP %s DEBUG WDS Profile %s not found ERROR
ran query %s DEBUG Failed to initalize WPS on %s ERROR
%sing VAP instance %s DEBUG failed to get profile %s ERROR
VAP(%s) set Short Preamble failed DEBUG could not initialize MGMT framework ERROR
VAP(%s) set Short Retry failed DEBUG could not initialize MGMT framework ERROR
VAP(%s) set Long Retry failed DEBUG dot11VapBssidUpdt SQL error: %s ERROR
Decrypting context with key %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
KDOT11_GET_PARAM(IEEE80211_I
Unknown IAPP command %d received. DEBUG OC_CHANNEL) failed ERROR
unexpected reply from %d cmd=%d ! DEBUG Failed to get the channel setting for %s ERROR
unexpected reply from %d cmd=%d ! DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Recvied DOT11_EAPOL_KEYMSG DEBUG sqlite3QueryResGet failed.Query:%s ERROR
shutting down AP:%s DEBUG profile %s not found ERROR
APCtx Found DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Interface name and policy must be
APCtx Not-Found DEBUG specified ERROR
Interface name and policy must be
node not found *:*:*:%x:%x:%x DEBUG specified ERROR
error installing unicast key for %s DEBUG invalid ACL type %d ERROR
cmd =%d i_type =%d i_val=%d DEBUG interface name not specified ERROR
join event for new node %s DEBUG interface name not specified ERROR
wpa/rsn IE id %d/%d not supported DEBUG Invalid interface - %s specified ERROR
wpa IE id %d not supported DEBUG buffer length not specified ERROR
leave event for node %s DEBUG Invalid length(%d) specified ERROR
NodeFree request for node : %s DEBUG failed created iappdLock ERROR
installing key to index %d DEBUG failed to create cipher contexts. ERROR
iReq.i_val : %d DEBUG unable to register to UMI ERROR
pIfName : %s DEBUG iappSockInit() failed ERROR
iappInit got error, unregistering it with
iReq.i_val : %d DEBUG UMI ERROR
umiIoctl(UMI_COMP_UDOT11,%d,%d
setting mode: %d DEBUG ) failed ERROR
umiIoctl(UMI_COMP_KDOT11,%d,%d
Global counter wrapped, re-generating... DEBUG ) failed ERROR
224
Got
PNAC_EVENT_PREAUTH_SUCCESS
event for : %s DEBUG UDP failed, received Length is %d ERROR
event for non-existent node %s DEBUG umiIoctl(UMI_COMP_KDOT11, ERROR
PNAC_EVENT_EAPOL_START event umiIoctl(UMI_COMP_UDOT11,%d,%d
received DEBUG )\ ERROR
PNAC_EVENT_EAPOL_LOGOFF event umiIoctl(UMI_COMP_KDOT11,%d,%d
PNAC_EVENT_REAUTH event received DEBUG No IAPP Node found for req id %d ERROR
PNAC_EVENT_AUTH_SUCCESS event umiIoctl(UMI_COMP_UDOT11,%d,%d
PNAC_EVENT_PORT_STATUS_CHAN umiIoctl(UMI_COMP_KDOT11,%d,%d
GED event received DEBUG )\ ERROR
umiIoctl(UMI_COMP_UDOT11,%d,%d
unsupported event %d from PNAC DEBUG ) failed ERROR
event for non-existent node %s. Create
new node. DEBUG UDP socket is not created ERROR
Add new node to DOT11 Node list DEBUG UDP send failed ERROR
Update dot11STA database DEBUG IAPP: socket (SOCK_STREAM) failed. ERROR
Add PMKSA to the list DEBUG IAPP: TCP connect failed to %s. ERROR
eapolRecvAuthKeyMsg: received key
message DEBUG cmd %d not supported.sender=%d ERROR
umiIoctl(UMI_COMP_KDOT11,%d,%d
node not found DEBUG ) failed ERROR
eapolRecvKeyMsg: replay counter not IAPP-CACHE-NOTIFY-REQUEST
incremented DEBUG send to ERROR
eapolRecvKeyMsg: replay counter is not ./src/dot11/iapp/iappLib.c:1314:
same DEBUG ADP_ERROR ( ERROR
processing pairwise key message 2 DEBUG BSSID value passed is NULL ERROR
RSN IE matching: OK DEBUG reserved requestId is passed ERROR
processing pairwise key message 4 DEBUG interface name is NULL ERROR
processing group key message 2 DEBUG IP address value passed is NULL ERROR
processing key request message from
client DEBUG opening receive UDP socket failed ERROR
enabling broadcast for UDP socket
WPA version %2x %2x not supported DEBUG failed ERROR
opening receive TCP socket for new
(%s) group cipher %2x doesn't match DEBUG AP failed ERROR
./src/dot11/iapp/iappLib.c:1784:
(%s)Pairwise cipher %s not supported DEBUG ADP_ERROR( ERROR
(%s) authentication method %d not ./src/dot11/iapp/iappLib.c:1794:
supported DEBUG ADP_ERROR( ERROR
%s:Auth method=%s pairwise cipher=%s ./src/dot11/iapp/iappLib.c:1803:
IE size=%d DEBUG ADP_ERROR( ERROR
WPA version %2x %2x not supported DEBUG failed created dot11dLock. ERROR
Unable to obtain IE of type %d DEBUG failed initialize profile library. ERROR
PTK state changed from %s to %s DEBUG failed to create cipher contexts. ERROR
using PMKSA from cache DEBUG unable to register to UMI ERROR
PTK GK state changed from %s to %s DEBUG could not create MIB tree ERROR
GK state changed from %s to %s DEBUG unable to register to PNAC ERROR
Max registration attempts by DOT11 to
Sending PTK Msg1 DEBUG PNAC exceeded ERROR
Sending PTK Msg3 DEBUG Creation of EAP WPS Profile Failed ERROR
Sending GTK Msg1 DEBUG umiIoctl(UMI_COMP_IAPP,%d ) failed ERROR
225
DOT11_RX_EAPOL_KEYMSG:
sending EAPOL pdu to PNAC... DEBUG unknown ifname %s ERROR
creating pnac authenticator with values
%d %d - %s DEBUG cmd %d not supported.sender=%d ERROR
Profile %s does not exist DEBUG inteface name passed is NULL ERROR
IAPP initialized. DEBUG BSSID passed is NULL ERROR
Encrypting context key=%s for DEBUG inteface name passed is NULL ERROR
could not find access point context for unable to allocate memory for
%s DEBUG DOT11_CTX ERROR
join event for existing node %s DEBUG unable to install wme mapping on %s ERROR
failed to send
PNAC_FORCE_AUTHORIZED " DEBUG unable to get %s mac address ERROR
failed to send PNAC_AUTHORIZED " DEBUG Failed to set %s SSID ERROR
failed to send
PNAC_VAR_KEY_AVAIL ABLE (TRUE) " DEBUG Failed to set SSID broadcast status ERROR
failed to send PNAC_VAR_KEY_TX_EN
(TRUE) " DEBUG Failed to set PreAuth mode ERROR
failed to send PNAC_VAR_KEY_TX_EN
(FALSE) " DEBUG unable to install key ERROR
failed to send KDOT11_SET_PARAM:IEEE80211_I
PNAC_FORCE_AUTHORIZED " DEBUG OC_AUTHMODE failed ERROR
KDOT11_SET_PARAM:IEEE80211_I
failed to send PNAC_AUTHORIZED " DEBUG OC_PRIVACY failed ERROR
mic verification: OK DEBUG wpaInit failed ERROR
dot11InstallProfile: unable to get
pnacIfConfig: Invalid supplicant" DEBUG interface index ERROR
Failed to process user request DEBUG adpHmacInit(%s) failed ERROR
Failed to process user request - %s(%d) DEBUG interface %s not found ERROR
pnacIfConfigUmiIoctl: umiIoctl failed DEBUG AP not found on %s ERROR
pnacIfConfigUmiIoctl: usrPnac returned
%d DEBUG keyLen > PNAC_KEY_MAX_SIZE ERROR
%d DEBUG Invalid profile name passed ERROR
%d DEBUG Creation of WPS EAP Profile failed ERROR
pnacKernNotifier: invalid PAE
configuration " DEBUG unsupported command %d ERROR
From pnacEapDemoAuthRecv:
unsupported response " DEBUG device %s not found ERROR
From pnacEapDemoAuthRecv: invalid
codes received DEBUG unsupported command %d ERROR
From pnacRadXlateDemoRecv: received
unknown " DEBUG dot11NodeAlloc failed ERROR
From pnacRadXlateDemoRecv: invalid
codes received DEBUG Getting WPA IE failed for %s ERROR
Error from pnacRadXlateDemoRecv:
malloc failed DEBUG Getting WPS IE failed for %s ERROR
From pnacRadXlateRadPktHandle: Failed initialize authenticator for node
received a non-supported" DEBUG %s ERROR
Only md5 authentication scheme Failed to get the system up time while
currently supported. " DEBUG adding node %s ERROR
Message from authenticator: DEBUG error creating PNAC port for node %s ERROR
from pnacPDUXmit: bufsize = %d,
pktType = %d," DEBUG dot11NodeAlloc failed ERROR
pnacPDUXmit: sending eap packet. code
= %d, " DEBUG Invalid arguments. ERROR
226
pnacRecvRtn: no corresponding pnac

port pae found DEBUG umiIoctl(UMI_COMP_IAPP,%d) failed ERROR
sending unicast key DEBUG Invalid IE. ERROR
umiIoctl(UMI_COMP_KDOT11_VAP,
sending broadcast key DEBUG %d ) failed ERROR
from pnacAuthPAEDisconnected: calling umiIoctl(UMI_COMP_KDOT11,%d
pnacTxCannedFail DEBUG ,%d) failed ERROR
from pnacAuthPAEForceUnauth: calling KDOT11_SET_PARAM:IEEE80211_I
pnacTxCannedFail DEBUG OC_WME_CWMIN failed ERROR
state changed from %s to %s DEBUG OC_WME_CWMAX failed ERROR
PNAC user comp id not set. dropping KDOT11_SET_PARAM:IEEE80211_I
event %d DEBUG OC_WME_AIFS failed ERROR
KDOT11_SET_PARAM:80211_IOC_
sending event %d to %d DEBUG WME_TXOPLIMIT failed ERROR
requesting keys informantion from %d DEBUG OC_WME_ACM failed ERROR
pnacUmiPortPaeParamSet: error in KDOT11_SET_PARAM:IEEE80211_I
getting port pae DEBUG OC_WME failed ERROR
pnacUmiPortPaeParamSet: invalid
param - %d DEBUG invalid group cipher %d ERROR
pnacRecvASInfoMessage: Skey of length KDOT11_SET_PARAM:IEEE80211_I
%d set DEBUG OC_MCASTCIPHER failed ERROR
pnacRecvASInfoMessage: reAuthPeriod KDOT11_SET_PARAM:IEEE80211_I
set to: %d DEBUG OC_MCASTKEYLEN failed ERROR
pnacRecvASInfoMessage: suppTimeout KDOT11_SET_PARAM:IEEE80211_I
set to: %d DEBUG OC_UCASTCIPHERS failed ERROR
PORT SUCCESSFULLY DESTROYED DEBUG OC_KEYMGTALGS failed ERROR
creating physical port for %s DEBUG OC_WPA failed ERROR
pnacAuthInit: using defualt
pnacAuthParams DEBUG unknow cipher type = %d ERROR
pnacSuppInit: using defualt
pnacSuppParams DEBUG umiIoctl(UMI_COMP_IAPP,%d) failed ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG invalid media value=%d ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG invalid mediaOpt value=%d ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG invalid mode value=%d ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG dot11PnacIfCreate failed ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG wpaPRF failed ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG Error generating global key counter ERROR
Error from wpaCalcMic: unsupported key
pnacCombinedStMachTriggerFunc: " DEBUG descriptor version ERROR
Error from integrity failed. need to stop all stations
pnacCombinedStMachTriggerFunc: " DEBUG " ERROR
Error from couldn't find AP context for %s
pnacCombinedStMachTriggerFunc: " DEBUG interface ERROR
received a pdu on %s DEBUG dot11Malloc failed ERROR
pnacRecvMapi: protoType: %04x
pPhyPort->authToASSendRtn:%p DEBUG dot11Malloc failed ERROR
eapolRecvKeyMsg: unknown
port not found DEBUG descType =%d ERROR
227
from pnacRecvMapi: pkt body len = %d, eapolRecvKeyMsg: invalid descriptor

pktType = %d DEBUG version ERROR
from pnacPDUProcess: received eapolRecvKeyMsg: incorrect
PNAC_EAP_PACKET DEBUG descriptor version ERROR
eapolRecvKeyMsg: Ack must not be
from pnacPDUProcess: currentId = %d DEBUG set ERROR
from pnacPDUProcess: code = %d, eapolRecvKeyMsg: MIC bit must be
identifier = %d, " DEBUG set ERROR
from pnacPDUProcess: setting rxResp wpaAuthRecvPTKMsg2: unexpected
true DEBUG packet received ERROR
from pnacPDUProcess: code = %d, wpaAuthRecvPTKMsg2: mic check
identifier = %d, " DEBUG failed ERROR
wpaAuthRecvPTKMsg2: rsn ie
from pnacPDUProcess: received " DEBUG mismatch ERROR
wpaAuthRecvPTKMsg4: unexpected
from pnacPDUProcess: received " DEBUG packet received ERROR
from pnacPDUProcess: received wpaAuthRecvPTKMsg4:
PNAC_EAPOL_KEY_PACKET DEBUG keyDataLength not zero ERROR
wpaAuthRecvPTKMsg4: mic check
doing pnacTxCannedFail DEBUG failed ERROR
wpaAuthRecvGTKMsg2: unexpected
doing pnacTxCannedSuccess DEBUG packet received ERROR
doing pnacTxReqId DEBUG secureBit not set in GTK Msg2 ERROR
wpaAuthRecvGTKMsg2:
doing pnacTxReq DEBUG keyDataLength not zero ERROR
wpaAuthRecvGTKMsg2: mic check
doing pnacTxStart DEBUG failed ERROR
wpaAuthRecvKeyReq: unexpected
doing pnacTxLogoff DEBUG packet received ERROR
wpaAuthRecvKeyReq: keyDataLength
doing pnacTxRspId: 1st cond DEBUG not zero ERROR
wpaAuthRecvKeyReq: mic check
doing pnacTxRspId: entering 2nd cond DEBUG failed ERROR
from pnacTxRspId: code = %d, identifier
= %d, length = %d, " DEBUG invalid OUI %x %x %x ERROR
doing pnacTxRspId: 2nd cond DEBUG (%s) invalid OUI %x %x %x ERROR
doing pnacTxRspAuth: 1st cond DEBUG [%s:%d] Cipher in WPA IE : %x ERROR
doing pnacTxRspAuth: 2nd cond DEBUG (%s) invalid OUI %x %x %x ERROR
message for unknown port PAE DEBUG short WPA IE (length = %d) received ERROR
from pnacACToSuppRecvRtn: calling
pnacEapPktRecord DEBUG PTK state machine in unknown state. ERROR
from pnacEapPktRecord: code = %d,
identifier = %d, " DEBUG dot11InstallKeys failed ERROR
from pnacEapPktRecord: received group state machine entered into
success pkt DEBUG WPA_AUTH_GTK_INIT ERROR
from pnacEapPktRecord: received failure
pkt DEBUG dot11Malloc failed ERROR
from pnacEapPktRecord: received
request pkt DEBUG dot11Malloc failed ERROR
unknown EAP-code %d DEBUG dot11Malloc failed ERROR
Authenticator[%d]: DEBUG aesWrap failed ERROR
Auth PAE state = %s DEBUG unknown key descriptor version %d ERROR
Auth Reauth state = %s DEBUG dot11Malloc failed ERROR
Back auth state = %s DEBUG could not initialize AES128ECB ERROR
Supplicant[%d]: DEBUG could not initialize AES-128-ECB ERROR
Supp Pae state = %s DEBUG MD5 initialization failed ERROR
228
from pnacBackAuthFail: calling

pnacTxCannedFail DEBUG RC4 framework initialization failed ERROR
%s returned ERROR DEBUG PNAC framework initialization failed ERROR
pnacUmiIoctlHandler: cmd: %s(%d) DEBUG ERROR: option value not specified ERROR
%s not configured for 802.1x DEBUG ERROR: -u can be used only with -s ERROR
could not process PDU received from the
wire DEBUG ERROR: user-name not specified ERROR
pnacPDUForward: failed to foward the
received PDU DEBUG failed to enable debug ERROR
Creating PHY port with AUTH backend :
%s SendRtn: %p RecvRtn:%p DEBUG [%s]: failed to convert string to MAC " ERROR
pnacUmiAuthConfig: %s not configured
for 802.1x DEBUG failed to initialize UMI ERROR
pnacSuppRegisterUserInfo: not a valid pnacPhyPortParamSet:invalid
AC DEBUG arguments ERROR
pnacPhyPortParamSet:Failed to
pnacIfConfig: autoAuth Enabled DEBUG create socket ERROR
pnacSendRtn: no pnac port pae found for Error from pnacPhyPortParamSet:%s -
" DEBUG device invalid ERROR
Error from pnacPhyPortParamSet:%s -
sending portStatus: %s[%d] to dot11 DEBUG Getting MAC address " ERROR
pnacRecvASInfoMessage: Rkey of pnacPhyPortParamSet:Failed to add
length %d set DEBUG 802.1X multicast " ERROR
pnacIsInterfaceUp: failed to create a
ASSendRtn: %p ASToAuthRecv: %p DEBUG raw socket ERROR
adpRand failed:unable to generate pnacIsInterfaceUp: failed to get
random unicast key WARN interface flags ERROR
using group key as unicast key WARN failed to allocate buffer ERROR
Integrity check failed more than once in
last 60 secs. WARN UMI initialization failed ERROR
MIC failed twice in last 60 secs, taking
countermeasures WARN UMI initialization failed ERROR
Error from pnacEapDemoAuthLibInit:
Failed to set dot11 port status WARN malloc failed ERROR
Error from pnacEapDemoAuthRecv:
PTK state machine in NO_STATE. WARN received null EAP pkt ERROR
Error from pnacEapDemoAuthRecv:
PTK state machine in NO_STATE!! WARN send " ERROR
Error from pnacRadXlateASAdd:
PMKSA refcount not 1 WARN cannot open socket ERROR
IV verification failednknown subtype> WARN received null EAP pkt ERROR
pnacIfConfig: overwriting previous
interface " WARN From pnacRadXlateDemoRecv: send " ERROR
pnacIfConfig: overwriting previous " WARN radius " ERROR
pnacIfConfig: overwriting previous Error from pnacRadXlateDemoRecv:
username" WARN radius " ERROR
Error from
pnacIfConfig: overwriting previous pnacRadXlateRadIdRespSend: send
password" WARN to failed ERROR
Error from
pnacRadXlateRadNonIdRespSend:
%s: Failed to set port status WARN send to failed ERROR
Error from
pnacRadXlateRadRecvProc: recvfrom
%s: Failed to notify event to dot11 WARN failed ERROR
pnacLibDeinit: Failed to destroy the WARN From ERROR
229
phyPort:%s pnacRadXlateRadPktIntegrityChk: no
corresponding "
Error from
pnacPortPaeDeconfig:kpnacPortPaeDec pnacRadXlateRadPktIntegrityChk: no
onfig failed WARN message " ERROR
pnacPortPaeDeconfig:kpnacPortPaeDec Error from
onfig failed WARN pnacRadXlateRadPktIntegrityChk: " ERROR
From
pnacBackAuthSuccess: failed to notify pnacRadXlateRadChalPktHandle: no
the destination " WARN encapsulated eap " ERROR
Error from
pnacRadXlateRadChalPktHandle:
could not initialize MGMT framework ERROR malloc for eap " ERROR
Error from
pnacEapDemoSuppUserInfoRegister:
umiInit failed ERROR invalid " ERROR
Error from pnacEapDemoSuppRecv:
iappInit failed ERROR received null EAP pkt ERROR
could not initialize IAPP MGMT. ERROR send ptr to pnac supplicant" ERROR
From pnacEapDemoSuppRecv: user
dot11Malloc failed ERROR info not entered yet ERROR
buffer length not specified ERROR couldn't " ERROR
Invalid length(%d) specified ERROR MDString: adpDigestInit for md5 failed ERROR
Failed to get information about
authorized AP list. ERROR pnacUmiInit: UMI initialization failed ERROR
Recd IE data for non-existent AP %s ERROR could not start PNAC task ERROR
Recd IE data for wrong AP %s ERROR invalid aruments ERROR
Received Invalid IE data from WSC ERROR pnacIfNameToIndex failed ERROR
pnacPhyPortParamSet: device invalid
Recd IE data for non-existent AP %s ERROR %s%d ERROR
Recd WSC Start command without pnacPhyPortParamSet: EIOCGADDR
interface name ERROR ioctl failed ERROR
pnacPhyPortParamSet: multicast addr
Recd WSC start for non-existent AP %s ERROR add ioctl failed ERROR
pnacPhyPortParamUnset: multicast
Recd WSC start for wrong AP %s ERROR addr del ioctl failed ERROR
Unable to send
WSC_WLAN_CMD_PORT to WSC ERROR pnacPDUXmit: Invalid arguments ERROR
Failed to get the ap context for %s ERROR pnacPDUXmit: failed to get M_BLK_ID ERROR
WPS can only be applied to WPA/WPA2 from pnacIsInterfaceUp: device %s%d
security profiles ERROR invalid ERROR
pnacRecvRtn: dropping received
wpsEnable: running wsccmd failed ERROR packet as port is" ERROR
Failed to get the ap context for %s ERROR pnacSendRtn: Invalid arguments ERROR
WPS conf. under non WPA/WPA2 pnacSendRtn: no physical port
security setting ERROR corresponding to" ERROR
Failed to reset the Beacon Frame IE in pnacSendRtn: dropping packet as
the driver ERROR port" ERROR
Failed to reset the Beacon Frame IE in pnacAuthBuildRC4KeyDesc:
the driver ERROR adpEncryptInit(RC4) failed ERROR
pnacAuthBuildRC4KeyDesc:
WPS method cannot be NULL ERROR adpCipherContextCtrl" ERROR
PIN value length should be a multiple of pnacDot11UserSet: incorrect buffer
4 !! ERROR length ERROR
Failed to initiate PIN based association,
PIN = %s ERROR PNAC user component id not set. ERROR
230
Failed to initiate PBC based enrolle pnacKeyInfoGet:failed to allocate

association ERROR buffer ERROR
Invalid association mode. (Allowed PNAC user comp id not set. dropping
modes : PIN/PBC) ERROR EAPOL key pkt ERROR
pnacUmiPortPaeParamSet: invalid
wpsEnable: running wsccmd failed ERROR buffer received ERROR
Failed to send QUIT command to WSC
from DOT11 ERROR Error from pnacRecvASInfoMessage: " ERROR
Failed to clear off the WPS process ERROR pnacRecvASInfoMessage: " ERROR
pnacRecvASInfoMessage: Bad info
missing profile name ERROR length ERROR
A profile exists with the same name ERROR Error from pnacLibInit: malloc failed ERROR
Error in allocating memory for profile ERROR could not create phy ports lock ERROR
missing profile name ERROR could not create nodes ports lock ERROR
missing profile name ERROR port exists for iface - %s ERROR
Profile name and interface name must be
specified ERROR pnacPhyPortCreate failed ERROR
Profile %s does not exist ERROR kpnacPhyPortCreate failed ERROR
Could not set profile %s on the interface
%s ERROR invalid argument ERROR
pnacAuthConfig: maxAuth limit
missing profile name ERROR reached ERROR
Profile %s does not exist ERROR pnacAuthConfig: malloc failed ERROR
Error from pnacAuthConfig: pAsArg
Profile %s does not exist ERROR cannot be NULL ERROR
Error from pnacAuthConfig: receive
SSID should not be longer than %d ERROR routine hook " ERROR
Profile %s does not exist ERROR pnacAuthConfig: pnacAuthInit failed ERROR
Profile %s does not exist ERROR kpnacPortPaeConfig failed ERROR
Profile %s does not exist ERROR Invalid arguments ERROR
Error from pnacSuppConfig: malloc
Profile %s does not exist ERROR failed ERROR
Error from pnacSuppConfig: receive
Profile %s does not exist ERROR routine hook " ERROR
Error from pnacSuppConfig:
Profile %s does not exist ERROR pnacSuppInit failed ERROR
SSID not set. SSID is needed to
generate password hash ERROR kpnacPortPaeConfig failed ERROR
pnacAuthDeconfig failed: pPortPae
Password string too big ERROR NULL ERROR
Error from pnacPhyPortDestroy: port
dot11Malloc failed ERROR not configured ERROR
pnacPhyPortDestroy: Failed to
Profile %s does not exist ERROR deconfigure port ERROR
Hex string should only have %d hex
chars ERROR pnacPhyPortParamUnset FAILED ERROR
Error from pnacPhyPortCreate: malloc
dot11Malloc failed ERROR failed ERROR
Error from pnacPhyPortCreate:
Profile %s does not exist ERROR pnacPhyPortParamSet" ERROR
invalid key index %d. key index should error from pnacPhyPortCreate: malloc
be 0-3. ERROR failed ERROR
Error from pnacAuthInit:
wepKey length incorrect ERROR pnacPortTimersInit failed ERROR
Profile %s does not exist ERROR pnacAuthPAEInit failed ERROR
231

Invalid Cipher type %d ERROR pnacAuthKeyTxInit failed ERROR
Profile supports WEP stas,Group cipher Error from pnacAuthInit:
must be WEP ERROR pnacReauthTimerInit failed ERROR
Profile %s does not exist ERROR pnacBackAuthInit failed ERROR
Error from pnacAuthInit: pnacCtrlDirInit
Profile %s does not exist ERROR pnacKeyRecvInit failed ERROR
invalid pairwise cipher type %d ERROR Error from pnacSuppInit: malloc failed ERROR
Error from pnacSuppInit:
Cipher %s is already in the list. ERROR pnacPortTimersInit failed ERROR
Profile %s does not exist ERROR pnacKeyRecvInit failed ERROR
Invalid Cipher type %d ERROR pnacSuppKeyTxInit failed ERROR
Cipher %s not found in the list. ERROR pnacSuppPAEInit failed ERROR
Error from pnacRecvRtn: invalid
Profile %s does not exist ERROR arguments ERROR
Error from pnacRecvMapi:
Profile %s does not exist ERROR unsupported PDU received ERROR
Auth method %s is already in the list ERROR suppToACSendRtn returned not OK! ERROR
Error from pnacBasicPktCreate: malloc
Error from pnacEAPPktCreate: basic
Auth method %s not found in the list. ERROR pkt create failed ERROR
Error from pnacTxCannedFail: eap pkt
Profile %s does not exist ERROR create failed ERROR
Error from pnacTxCannedSuccess:
Profile %s does not exist ERROR eap pkt create failed ERROR
Error from pnacTxReqId: eap pkt
invalid type value %d. supported values Error from pnacTxReq: eap pkt create
are 1,2,3,4 ERROR failed ERROR
Error from pnacSendRespToServer:
Profile %s does not exist ERROR malloc failed ERROR
invalid type value %d. supported values Error from pnacSendRespToServer:
are 1,2,3,4 ERROR no AS configured ERROR
Error from pnacTxStart: basic pkt
invalid type value %d. supported values Error from pnacTxStart: basic pkt
are 1,2,3,4 ERROR create failed ERROR
Error from pnacTxRspId: eap pkt
invalid type value %d. supported values Error from pnacTxRspAuth: eap pkt
are 1,2,3,4 ERROR create failed ERROR
Error from pnacEapPktRecord: EAP
Profile %s does not exist ERROR packet too" ERROR
invalid type value %d. supported values
are 1,2,3,4 ERROR Error from pnacEapPktRecord: " ERROR
from pnacBackAuthTimeout: calling
Profile %s does not exist ERROR pnacTxCannedFail ERROR
ERROR: incomplete DB update hmac_md5: adpHmacContextCreate
information. ERROR failed ERROR
old values result does not contain 2 rows ERROR hmac_md5:adpHmacInit failed ERROR
sqlite3QueryResGet failed ERROR pnacUmiIoctlHandler: invalid cmd: %d ERROR
232
pnacEapRadAuthSend: Invalid
Error in executing DB update handler ERROR arguments ERROR
pnacEapRadAuthSend: failed to
sqlite3QueryResGet failed ERROR allocate inbuffer ERROR
ERROR: incomplete DB update
information. ERROR pnacXmit : umiIoctl failed[%d] ERROR
old values result does not contain 2 rows ERROR pnacPDUForward: Invalid input ERROR
pnacPDUForward: error in getting port
sqlite3QueryResGet failed ERROR pae information ERROR
pnacPDUForward: error allocating
Error in executing DB update handler ERROR memory ERROR
pnacUmiIfMacAddrChange: %s not
sqlite3QueryResGet failed.Query:%s ERROR configured for 802.1x ERROR
pnacUmiIfMacAddrChange: could not
sqlite3QueryResGet failed.Query:%s ERROR process PDU received" ERROR
pnacUmiPhyPortConfig: Invalid config
sqlite3QueryResGet failed.Query:%s ERROR data ERROR
pnacUmiPhyPortConfig: Invalid
sqlite3QueryResGet failed.Query:%s ERROR backend name specified ERROR
pnacUmiPhyPortConfig: could not
startStopVap failed to stop %s ERROR create PNAC physical" ERROR
pnacUmiAuthConfig: Invalid config
Invalid SQLITE operation code - %d ERROR data ERROR
./src/dot11/mgmt/dot11Mgmt.c:1177: pnacUmiAuthConfig: Invalid backend
ADP_ERROR ( ERROR name specified ERROR
only delete event expected on
dot11RogueAP. ERROR unable to create new EAP context. ERROR
unable to apply %s profile on the EAP
sqlite3QueryResGet failed ERROR context. ERROR
pnacUmiAuthConfig: could not
unhandled database operation %d ERROR configure PNAC PAE " ERROR
pnacUmiSuppConfig: Invalid config
sqlite3QueryResGet failed ERROR data ERROR
pnacUmiSuppConfig: Invalid backend
failed to configure WPS on %s ERROR name specified ERROR
pnacUmiSuppConfig: %s not
sqlite3QueryResGet failed ERROR configured for 802.1x ERROR
pnacUmiSuppConfig: could not PNAC
sqlite3QueryResGet failed ERROR port Access" ERROR
pnacUmiSuppConfig: Failed to register
sqlite3QueryResGet failed ERROR user information ERROR
pnacPortByMacDeconfig: port not
sqlite3QueryResGet failed ERROR found ERROR
pnacPortByMacDeconfig: port not
sqlite3QueryResGet failed ERROR found ERROR
no VAP rows returned. expected one ERROR pnacUmiIfDown: Invalid config data ERROR
multiple VAP rows returned. expected
one ERROR pnacUmiIfDown: Invalid config data ERROR
Error from pnacPortDeconfig: port not
sqlite3QueryResGet failed ERROR configured ERROR
pnacUmiIfDown: could not de-
invalid query result. ncols=%d nrows=%d ERROR configure port ERROR
pnacUmiPhyPortDestroy: Invalid
%s:VAP(%s) create failed ERROR config data ERROR
pnacUmiPhyPortDestroy: Invalid
sqlite3QueryResGet failed ERROR config data ERROR
pnacUmiPhyPortDestroy: Failed to
invalid query result. ncols=%d nrows=%d ERROR destroy the port ERROR
233
Invalid config data ERROR
Facility: Kernel

DNAT: multiple ranges no longer
supported DEBUG %s: %s%s:%d -> %s:%d %s, DEBUG
DNAT: Target size %u wrong for %u
ranges, DEBUG %s: %s%s:%d %s, DEBUG
%s: Failed to add WDS MAC: %s, dev-
DNAT: wrong table %s, tablename DEBUG >name, DEBUG
DNAT: hook mask 0x%x bad, %s: Device already has WDS mac
hook_mask DEBUG address attached, DEBUG
%s%d: resetting MPPC/MPPE %s: Added WDS MAC: %s, dev-
compressor, DEBUG >name, DEBUG
%s: WDS MAC address %s is not
%s%d: wrong offset value: %d, DEBUG known by this interface, DEBUG
%s%d: wrong length of match value: [madwifi] %s() : Not enough space.,
%d, DEBUG __FUNCTION__ DEBUG
%s%d: too big offset value: %d, DEBUG Returning to chan %d, ieeeChan DEBUG
%s%d: cannot decode offset value, DEBUG WEP DEBUG
%s%d: wrong length code: 0x%X, DEBUG AES DEBUG
%s%d: short packet (len=%d),
__FUNCTION__, DEBUG AES_CCM DEBUG
%s%d: bad sequence number: %d,
expected: %d, DEBUG CKIP DEBUG
expected: %d, DEBUG TKIP DEBUG
%s: cannot map channel to mode; freq
PPPIOCDETACH file->f_count=%d, DEBUG %u flags 0x%x, DEBUG
PPP: outbound frame not passed DEBUG %s: %s, vap->iv_dev->name, buf DEBUG
PPP: VJ decompression error DEBUG %s: [%s] %s, vap->iv_dev->name, DEBUG
%s: [%s] %s, vap->iv_dev->name,
PPP: inbound frame not passed DEBUG ether_sprintf(mac), buf DEBUG
[%s:%s] discard %s frame, %s, vap-
PPP: reconstructed packet DEBUG >iv_dev->name, DEBUG
[%s:%s] discard frame, %s, vap-
PPP: no memory for DEBUG >iv_dev->name, DEBUG
[%s:%s] discard %s information
missed pkts %u..%u, DEBUG element, %s, DEBUG
%s%d: resetting MPPC/MPPE [%s:%s] discard information element,
compressor, DEBUG %s, DEBUG
[%s:%s] discard %s frame, %s, vap-
%s%d: wrong offset value: %d, DEBUG >iv_dev->name, DEBUG
%s%d: wrong length of match value: [%s:%s] discard frame, %s, vap-
%d, DEBUG >iv_dev->name, DEBUG
%s%d: too big offset value: %d, DEBUG ifmedia_add: null ifm DEBUG
%s%d: cannot decode offset value, DEBUG Adding entry for DEBUG
%s%d: wrong length code: 0x%X, DEBUG ifmedia_set: no match for 0x%x/0x%x, DEBUG
%s%d: short packet (len=%d),
__FUNCTION__, DEBUG ifmedia_set: target DEBUG
expected: %d, DEBUG ifmedia_set: setting to DEBUG
234

expected: %d, DEBUG ifmedia_ioctl: no media found for 0x%x, DEBUG
ifmedia_ioctl: switching %s to , dev-
PPPIOCDETACH file->f_count=%d, DEBUG >name DEBUG
PPP: outbound frame not passed DEBUG ifmedia_match: multiple match for DEBUG
PPP: VJ decompression error DEBUG <unknown type> DEBUG
PPP: inbound frame not passed DEBUG desc->ifmt_string DEBUG
PPP: reconstructed packet DEBUG mode %s, desc->ifmt_string DEBUG
PPP: no memory for DEBUG <unknown subtype> DEBUG
missed pkts %u..%u, DEBUG %s, desc->ifmt_string DEBUG
%s: INC_USE_COUNT, now %d,
__FUNCTION__, mod_use_count \ DEBUG %s%s, seen_option++ ? , : , DEBUG
%s: DEC_USE_COUNT, now %d,
__FUNCTION__, mod_use_count \ DEBUG %s%s, seen_option++ ? , : , DEBUG
PPPOL2TP %s: _fmt, DEBUG %s, seen_option ? > : DEBUG
PPPOL2TP: --> %s, __FUNCTION__) DEBUG %s: %s, dev->name, buf DEBUG
%s: no memory for sysctl table!,
PPPOL2TP: <-- %s, __FUNCTION__) DEBUG __func__ DEBUG
%s: no memory for VAP name!,
%s: recv: , tunnel->name DEBUG __func__ DEBUG
%s: failed to register sysctls!, vap-
%s: xmit:, session->name DEBUG >iv_dev->name DEBUG
%s: no memory for new proc entry
%s: xmit:, session->name DEBUG (%s)!, __func__, DEBUG
%s: module use_count is %d,
__FUNCTION__, mod_use_count DEBUG %s: 0x%p len %u, tag, p, len DEBUG
PPPOL2TP %s: _fmt, DEBUG %03d:, i DEBUG
PPPOL2TP: --> %s, __FUNCTION__) DEBUG %02x, ((u_int8_t *)p)[i] DEBUG
PPPOL2TP: <-- %s, __FUNCTION__) DEBUG first difference at byte %u, i DEBUG
%s: recv: , tunnel->name DEBUG %s: , t->name DEBUG
%s: xmit:, session->name DEBUG FAIL: ieee80211_crypto_newkey failed DEBUG
%s: xmit:, session->name DEBUG FAIL: ieee80211_crypto_setkey failed DEBUG
PPPOL2TP %s: _fmt, DEBUG FAIL: unable to allocate skbuff DEBUG
PPPOL2TP: --> %s, __FUNCTION__) DEBUG FAIL: wep decap failed DEBUG
PPPOL2TP: <-- %s, __FUNCTION__) DEBUG FAIL: decap botch; length mismatch DEBUG
FAIL: decap botch; data does not
%s: recv: , tunnel->name DEBUG compare DEBUG
%s: xmit:, session->name DEBUG FAIL: wep encap failed DEBUG
%s: xmit:, session->name DEBUG FAIL: encap data length mismatch DEBUG
IRQ 31 is triggered DEBUG FAIL: encrypt data does not compare DEBUG
[%s:%d] , __func__, __LINE__\ DEBUG PASS DEBUG
\t[R%s %#0x %#0x 0x%08x%08x],
(status == ERROR ? # : ), page, addr,
(uint32_t)(*pValue >> 32), %u of %u 802.11i WEP test vectors
(uint32_t)(*pValue & 0xffffffff) DEBUG passed, pass, total DEBUG
\t[W%s %#0x %#0x 0x%08x%08x],
(status == ERROR ? # : ), page, addr,
(uint32_t)(value >> 32), (uint32_t)(value
& 0xffffffff) DEBUG %s: 0x%p len %u, tag, p, len DEBUG
%s: mac_add
%02X:%02X:%02X:%02X:%02X:%02X,
dev->name, addr[0], addr[1], addr[2],
addr[3], addr[4], addr[5] DEBUG %03d:, i DEBUG
235
%s: mac_del
%02X:%02X:%02X:%02X:%02X:%02X,
addr[3], addr[4], addr[5] DEBUG %02x, ((u_int8_t *)p)[i] DEBUG
%s: mac_kick
%02X:%02X:%02X:%02X:%02X:%02X,
addr[3], addr[4], addr[5] DEBUG first difference at byte %u, i DEBUG
%s: mac_undefined
%02X:%02X:%02X:%02X:%02X:%02X,
addr[3], addr[4], addr[5] DEBUG %s: , t->name DEBUG
%s: addr_add
%02X:%02X:%02X:%02X:%02X:%02X,
addr[3], addr[4], addr[5] DEBUG FAIL: ieee80211_crypto_newkey failed DEBUG
%s: addr_del
%02X:%02X:%02X:%02X:%02X:%02X,
addr[3], addr[4], addr[5] DEBUG FAIL: ieee80211_crypto_setkey failed DEBUG
%s: mac_undefined
%02X:%02X:%02X:%02X:%02X:%02X,
addr[3], addr[4], addr[5] DEBUG FAIL: unable to allocate skbuff DEBUG
%s: set_float %d;%d, DEBUG FAIL: ccmp encap failed DEBUG
IRQ 32 is triggered DEBUG FAIL: encap data length mismatch DEBUG
ip_finish_output2: No header cache and
no neighbour! DEBUG FAIL: encrypt data does not compare DEBUG
a guy asks for address mask. Who is it? DEBUG FAIL: ccmp decap failed DEBUG
icmp v4 hw csum failure) DEBUG FAIL: decap botch; length mismatch DEBUG
FAIL: decap botch; data does not
expire>> %u %d %d %d, expire, DEBUG compare DEBUG
expire++ %u %d %d %d, expire, DEBUG PASS DEBUG
%u of %u 802.11i AES-CCMP test
rt_cache @%02x: %u.%u.%u.%u, hash, DEBUG vectors passed, pass, total DEBUG
rt_bind_peer(0) @%p,
NET_CALLER(iph) DEBUG %s: 0x%p len %u, tag, p, len DEBUG
ip_rt_advice: redirect to DEBUG %03d:, i DEBUG
ip_rt_bug: %u.%u.%u.%u ->
%u.%u.%u.%u, %s, DEBUG %02x, ((u_int8_t *)p)[i] DEBUG
udp cork app bug 2) DEBUG first difference at byte %u, i DEBUG
udp cork app bug 3) DEBUG ieee80211_crypto_newkey failed DEBUG
udp v4 hw csum failure.) DEBUG ieee80211_crypto_setkey failed DEBUG
UDP: short packet: From
%u.%u.%u.%u:%u %d/%d to
%u.%u.%u.%u:%u, DEBUG unable to allocate skbuff DEBUG
UDP: bad checksum. From
%d.%d.%d.%d:%d to
%d.%d.%d.%d:%d ulen %d, DEBUG tkip enmic failed DEBUG
%s: lookup policy [list] found=%s, DEBUG enmic botch; length mismatch DEBUG
%s: called: [output START],
__FUNCTION__ DEBUG enmic botch DEBUG
%s: flow dst=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl4_dst, family) DEBUG tkip encap failed DEBUG
%s: flow src=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl4_src, family) DEBUG encrypt phase1 botch DEBUG
236
%s: flow dst=%s, __FUNCTION__,

XFRMSTRADDR(fl->fl6_dst, family) DEBUG encrypt data length mismatch DEBUG
%s: flow src=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl6_src, family) DEBUG encrypt data does not compare DEBUG
a guy asks for address mask. Who is it? DEBUG tkip decap failed DEBUG
icmp v4 hw csum failure) DEBUG decrypt phase1 botch DEBUG
expire>> %u %d %d %d, expire, DEBUG decrypt data does not compare DEBUG
expire++ %u %d %d %d, expire, DEBUG decap botch; length mismatch DEBUG
rt_cache @%02x: %u.%u.%u.%u, hash, DEBUG decap botch; data does not compare DEBUG
NET_CALLER(iph) DEBUG tkip demic failed DEBUG
ip_rt_advice: redirect to DEBUG 802.11i TKIP test vectors passed DEBUG
%u.%u.%u.%u, %s, DEBUG %s, buf DEBUG
%u.%u.%u.%u:%u %d/%d to Atheros HAL assertion failure: %s: line
%u.%u.%u.%u:%u, DEBUG %u: %s, DEBUG
%d.%d.%d.%d:%d to ath_hal: logging to %s %s,
%d.%d.%d.%d:%d ulen %d, DEBUG ath_hal_logfile, DEBUG
a guy asks for address mask. Who is it? DEBUG ath_hal: logging disabled DEBUG
fib_add_ifaddr: bug: prim == NULL DEBUG %s%s, sep, ath_hal_buildopts[i] DEBUG
ath_pci: No devices found, driver not
fib_del_ifaddr: bug: prim == NULL DEBUG installed. DEBUG
expire>> %u %d %d %d, expire, DEBUG _fmt, __VA_ARGS__ DEBUG
%s: Warning, using only %u entries in
expire++ %u %d %d %d, expire, DEBUG %u key cache, DEBUG
rt_cache @%02x: %u.%u.%u.%u, hash, DEBUG %s: TX99 support enabled, dev->name DEBUG
%s:grppoll Buf allocation failed
rt_bind_peer(0) @%p, DEBUG ,__func__ DEBUG
ip_rt_advice: redirect to DEBUG %s: %s: unable to start recv logic, DEBUG
%u.%u.%u.%u, %s, DEBUG %s: %s: unable to start recv logic, DEBUG
%s: lookup policy [list] found=%s, DEBUG %s: no skbuff, __func__ DEBUG
%s: called: [output START], %s: hardware error; resetting, dev-
__FUNCTION__ DEBUG >name DEBUG
%s: flow dst=%s, __FUNCTION__, %s: rx FIFO overrun; resetting, dev-
XFRMSTRADDR(fl->fl4_dst, family) DEBUG >name DEBUG
%s: flow src=%s, __FUNCTION__, %s: unable to reset hardware: '%s'
XFRMSTRADDR(fl->fl4_src, family) DEBUG (HAL status %u) DEBUG
%s: flow dst=%s, __FUNCTION__, %s: unable to start recv logic, dev-
XFRMSTRADDR(fl->fl6_dst, family) DEBUG >name DEBUG
%s: flow src=%s, __FUNCTION__, %s: %s: unable to reset hardware: '%s'
XFRMSTRADDR(fl->fl6_src, family) DEBUG (HAL status %u), DEBUG
a guy asks for address mask. Who is it? DEBUG %s: %s: unable to start recv logic, DEBUG
icmp v4 hw csum failure) DEBUG ath_mgtstart: discard, no xmit buf DEBUG
%s: [%02u] %-7s , tag, ix, ciphers[hk-
expire>> %u %d %d %d, expire, DEBUG >kv_type] DEBUG
expire++ %u %d %d %d, expire, DEBUG %02x, hk->kv_val[i] DEBUG
rt_cache @%02x: %u.%u.%u.%u, hash, DEBUG mac %s, ether_sprintf(mac) DEBUG
NET_CALLER(iph) DEBUG %s , sc->sc_splitmic ? mic : rxmic DEBUG
ip_rt_advice: redirect to DEBUG %02x, hk->kv_mic[i] DEBUG
237

%u.%u.%u.%u, %s, DEBUG txmic DEBUG
%u.%u.%u.%u:%u %d/%d to
%u.%u.%u.%u:%u, DEBUG %02x, hk->kv_txmic[i] DEBUG
%d.%d.%d.%d:%d to %s: unable to update h/w beacon
%d.%d.%d.%d:%d ulen %d, DEBUG queue parameters, DEBUG
REJECT: ECHOREPLY no longer %s: stuck beacon; resetting (bmiss
supported. DEBUG count %u), DEBUG
ipt_rpc: only valid for PRE_ROUTING,
FORWARD, POST_ROUTING,
LOCAL_IN and/or LOCAL_OUT targets. DEBUG move data from NORMAL to XR DEBUG
moved %d buffers from NORMAL to
ip_nat_init: can't setup rules. DEBUG XR, index DEBUG
ip_nat_init: can't register in hook. DEBUG move buffers from XR to NORMAL DEBUG
moved %d buffers from XR to
ip_nat_init: can't register out hook. DEBUG NORMAL, count DEBUG
%s:%d %s, __FILE__, __LINE__,
ip_nat_init: can't register adjust in hook. DEBUG __func__ DEBUG
ip_nat_init: can't register adjust out %s:%d %s, __FILE__, __LINE__,
hook. DEBUG __func__ DEBUG
%s: no buffer (%s), dev->name,
ip_nat_init: can't register local out hook. DEBUG __func__ DEBUG
%s: no skbuff (%s), dev->name,
ip_nat_init: can't register local in hook. DEBUG __func__ DEBUG
%s: HAL qnum %u out of range, max
ipt_hook: happy cracking. DEBUG %u!, DEBUG
ip_conntrack: can't register pre-routing grppoll_start: grppoll Buf allocation
defrag hook. DEBUG failed DEBUG
ip_conntrack: can't register local_out %s: HAL qnum %u out of range, max
defrag hook. DEBUG %u!, DEBUG
ip_conntrack: can't register pre-routing
hook. DEBUG %s: AC %u out of range, max %u!, DEBUG
ip_conntrack: can't register local out
hook. DEBUG %s: unable to update hardware queue DEBUG
ip_conntrack: can't register local in %s: bogus frame type 0x%x (%s), dev-
helper hook. DEBUG >name, DEBUG
ip_conntrack: can't register postrouting
helper hook. DEBUG ath_stoprecv: rx queue 0x%x, link %p, DEBUG
ip_conntrack: can't register post-routing %s: %s: unable to reset channel %u
hook. DEBUG (%u MHz) DEBUG
ip_conntrack: can't register local in
hook. DEBUG %s: %s: unable to restart recv logic, DEBUG
%s: unable to allocate channel table,
ip_conntrack: can't register to sysctl. DEBUG dev->name DEBUG
ip_conntrack_rtsp v %s: unable to allocate channel table,
IP_NF_RTSP_VERSION loading DEBUG dev->name DEBUG
ip_conntrack_rtsp: max_outstanding %s: unable to collect channel list from
must be a positive integer DEBUG HAL; DEBUG
ip_conntrack_rtsp: setup_timeout must R (%p %llx) %08x %08x %08x %08x
be a positive integer DEBUG %08x %08x %c, DEBUG
ip_conntrack_rtsp: ERROR registering T (%p %llx) %08x %08x %08x %08x
port %d, ports[i] DEBUG %08x %08x %08x %08x %c, DEBUG
ip_nat_rtsp v IP_NF_RTSP_VERSION %s: no memory for sysctl table!,
loading DEBUG __func__ DEBUG
%s: Sorry! Cannot find this match %s: no memory for device name
option., __FILE__ DEBUG storage!, __func__ DEBUG
238
%s: failed to register sysctls!, sc-

ipt_time loading DEBUG >sc_dev->name DEBUG
%s: mac %d.%d phy %d.%d, dev-
ipt_time unloaded DEBUG >name, DEBUG
ip_conntrack_irc: max_dcc_channels 5 GHz radio %d.%d 2 GHz radio
must be a positive integer DEBUG %d.%d, DEBUG
ip_conntrack_irc: ERROR registering radio %d.%d, ah->ah_analog5GhzRev
port %d, DEBUG >> 4, DEBUG
ip_nat_h323: radio %d.%d, ah->ah_analog5GhzRev
ip_nat_mangle_tcp_packet DEBUG >> 4, DEBUG
ip_nat_h323:
ip_nat_mangle_udp_packet DEBUG %s: Use hw queue %u for %s traffic, DEBUG
%s: Use hw queue %u for CAB traffic,
ip_nat_h323: out of expectations DEBUG dev->name, DEBUG
%s: Use hw queue %u for beacons,
ip_nat_h323: out of RTP ports DEBUG dev->name, DEBUG
Could not find Board Configuration
ip_nat_h323: out of TCP ports DEBUG Data DEBUG
Could not find Radio Configuration
ip_nat_q931: out of TCP ports DEBUG data DEBUG
ath_ahb: No devices found, driver not
ip_nat_ras: out of TCP ports DEBUG installed. DEBUG
ip_nat_q931: out of TCP ports DEBUG _fmt, __VA_ARGS__ DEBUG
ip_conntrack_core: Frag of proto %u., DEBUG _fmt, __VA_ARGS__ DEBUG
xlr8NatIpFinishOutput: Err.. skb2 ==
Broadcast packet! DEBUG NULL ! DEBUG
Should bcast: %u.%u.%u.%u- xlr8NatSoftCtxEnqueue: Calling
>%u.%u.%u.%u (sk=%p, ptype=%u), DEBUG xlr8NatIpFinishOutput () .., status DEBUG
xlr8NatSoftCtxEnqueue:
ip_conntrack version %s (%u buckets, xlr8NatIpFinishOutput () returned [%d],
%d max) DEBUG status DEBUG
ERROR registering port %d, DEBUG icmpExceptionHandler: Exception! DEBUG
netfilter PSD loaded - (c) astaro AG DEBUG fragExceptionHandler: Exception! DEBUG
netfilter PSD unloaded - (c) astaro AG DEBUG algExceptionHandler: Exception! DEBUG
%s , SELF DEBUG dnsExceptionHandler: Exception! DEBUG
%s , LAN DEBUG IPsecExceptionHandler: Exception! DEBUG
ESP Packet Src:%x Dest:%x Sport:%d
%s , WAN DEBUG dport:%d secure:%d spi:%d isr:%p, DEBUG
xlr8NatConntrackPreHook: We found
TRUNCATED DEBUG the valid context, DEBUG
SRC=%u.%u.%u.%u xlr8NatConntrackPreHook: Not a
DST=%u.%u.%u.%u , DEBUG secured packet. DEBUG
LEN=%u TOS=0x%02X xlr8NatConntrackPreHook: isr=[%p],
PREC=0x%02X TTL=%u ID=%u , DEBUG pIsr DEBUG
FRAG:%u , ntohs(ih->frag_off) & xlr8NatConntrackPreHook:
IP_OFFSET DEBUG secure=[%d], secure DEBUG
Context found for ESP %p,pFlowEntry-
TRUNCATED DEBUG >post.pIsr[0] DEBUG
xlr8NatConntrackPreHook: New
PROTO=TCP DEBUG connection. DEBUG
xlr8NatConntrackPostHook:
INCOMPLETE [%u bytes] , DEBUG postSecure=[%d] postIsr=[%p %p], DEBUG
proto %d spi %d <-------> proto %d spi
SPT=%u DPT=%u , DEBUG %d,pPktInfo->proto,pPktInfo->spi, DEBUG
SEQ=%u ACK=%u , DEBUG IPSEC_INF Clock skew detected DEBUG
239
IPSEC_ERR [%s:%d]: Max (%d) No of

WINDOW=%u , ntohs(th->window) DEBUG SA Limit reached, DEBUG
RES=0x%02x ,
(u8)(ntohl(tcp_flag_word(th) & IPSEC_ERR [%s:%d]: Max (%d) No of
TCP_RESERVED_BITS) >> 22) DEBUG SA Limit reached, DEBUG
URGP=%u , ntohs(th->urg_ptr) DEBUG IPSEC_ERR [%s:%d]: time(secs): %u DEBUG
ERROR: Failed to add entry to IPsec
TRUNCATED DEBUG sa table DEBUG
%02X, op[i] DEBUG sa table DEBUG
PROTO=UDP DEBUG sa table DEBUG
INCOMPLETE [%u bytes] , DEBUG sa table DEBUG
SPT=%u DPT=%u LEN=%u , DEBUG sa table DEBUG
SPT=%u DPT=%u LEN=%u , DEBUG sa table DEBUG
PROTO=ICMP DEBUG unknown oid '%s', varName DEBUG
could not find oid pointer for '%s',
INCOMPLETE [%u bytes] , DEBUG varName DEBUG
TYPE=%u CODE=%u , ich->type, ich-
>code DEBUG unRegistering IPsecMib ..... DEBUG
INCOMPLETE [%u bytes] , DEBUG sa table DEBUG
ID=%u SEQ=%u , DEBUG sa table DEBUG
PARAMETER=%u , DEBUG sa table DEBUG
GATEWAY=%u.%u.%u.%u , DEBUG sa table DEBUG
MTU=%u , ntohs(ich->un.frag.mtu) DEBUG sa table DEBUG
PROTO=AH DEBUG sa table DEBUG
INCOMPLETE [%u bytes] , DEBUG unknown oid '%s', varName DEBUG
could not find oid pointer for '%s',
SPI=0x%x , ntohl(ah->spi) DEBUG varName DEBUG
PROTO=ESP DEBUG unRegistering IPsecMib ..... DEBUG
. %u.%u.%u.%u, NIPQUAD(trt-
INCOMPLETE [%u bytes] , DEBUG >rt_dst) DEBUG
SPI=0x%x , ntohl(eh->spi) DEBUG %02x, *p DEBUG
PROTO=%u , ih->protocol DEBUG >rt_dst) DEBUG
UID=%u , skb->sk->sk_socket->file-
>f_uid DEBUG %02x, *p DEBUG
<%d>%sIN=%s OUT=%s , loginfo- . %u.%u.%u.%u, NIPQUAD(trt-
>u.log.level, DEBUG >rt_dst) DEBUG
level_string DEBUG %02x, *p DEBUG
%sIN=%s OUT=%s , DEBUG >rt_dst) DEBUG
%s , prefix == NULL ? loginfo->prefix :
prefix DEBUG %02x, *p DEBUG
unable to register vIPsec kernel comp
IN= DEBUG to UMI DEBUG
OUT= DEBUG unregistering VIPSECK from UMI .... DEBUG
PHYSIN=%s , physindev->name DEBUG in vIPsecKIoctlHandler cmd - %d, cmd DEBUG
240
%s: Error. DST Refcount value less

PHYSOUT=%s , physoutdev->name DEBUG than 1 (%d), DEBUG
for %s DEVICE refcnt: %d ,pDst-
MAC= DEBUG >dev->name, DEBUG
%s: Got Null m:%p *m:%p sa:%p
%02x%c, *p, DEBUG *sa:%p,__func__,ppBufMgr, DEBUG
%s Got Deleted SA:%p
NAT: no longer support implicit source state:%d,__func__,pIPsecInfo,pIPsecIn
local NAT DEBUG fo->state DEBUG
NAT: packet src %u.%u.%u.%u -> dst %s: %s: fmt, __FILE__,
%u.%u.%u.%u, DEBUG __FUNCTION__ , ## args) INFO
SNAT: multiple ranges no longer %s: %s: fmt, __FILE__,
supported DEBUG __FUNCTION__ , ## args) INFO
format,##args) DEBUG ipt_TIME: format, ## args) INFO
IPT_ACCOUNT_NAME : checkentry()
wrong parameters (not equals existing
version DEBUG table parameters). INFO
offset_before=%d, offset_after=%d,
correction_pos=%u, x->offset_before, x- IPT_ACCOUNT_NAME : checkentry()
>offset_after, x->correction_pos DEBUG too big netmask. INFO
failed to allocate %zu for new table
%s., sizeof(struct t_ipt_account_table),
ip_ct_h323: DEBUG info->name INFO
ip_ct_h323: incomplete TPKT IPT_ACCOUNT_NAME : checkentry()
(fragmented?) DEBUG wrong network/netmask. INFO
account: Wrong netmask given by
netmask parameter (%i). Valid is 32 to
ip_ct_h245: decoding error: %s, DEBUG 0., netmask INFO
ip_ct_h245: packet dropped DEBUG failed to create procfs entry. INFO
ip_ct_q931: decoding error: %s, DEBUG failed to register match. INFO
ip_ct_q931: packet dropped DEBUG failed to create procfs entry . INFO
MPPE/MPPC encryption/compression
ip_ct_ras: decoding error: %s, DEBUG module registered INFO
ip_ct_ras: packet dropped DEBUG module unregistered INFO
PPP generic driver version
ERROR registering port %d, DEBUG PPP_VERSION INFO
ERROR registering port %d, DEBUG module registered INFO
ipt_connlimit [%d]:
src=%u.%u.%u.%u:%d MPPE/MPPC encryption/compression
dst=%u.%u.%u.%u:%d %s, DEBUG module unregistered INFO
ipt_connlimit [%d]:
src=%u.%u.%u.%u:%d PPP generic driver version
dst=%u.%u.%u.%u:%d new, DEBUG PPP_VERSION INFO
ipt_connlimit: Oops: invalid ct state ? DEBUG PPPoL2TP kernel driver, %s, INFO
ipt_connlimit: Hmm, kmalloc failed :-( DEBUG PPPoL2TP kernel driver, %s, INFO
ipt_connlimit: src=%u.%u.%u.%u
mask=%u.%u.%u.%u DEBUG PPPoL2TP kernel driver, %s, INFO
_lvl PPPOL2TP: _fmt, ##args DEBUG failed to create procfs entry . INFO
%02X, ptr[length] DEBUG proc dir not created .. INFO
%02X, ((unsigned char *) m - DEBUG Initialzing Product Data modules INFO
241
>msg_iov[i].iov_base)[j]
%02X, skb->data[i] DEBUG De initializing by \ INFO
_lvl PPPOL2TP: _fmt, ##args DEBUG kernel UMI module loaded INFO
%02X, ptr[length] DEBUG kernel UMI module unloaded INFO
%02X, ((unsigned char *) m -
>msg_iov[i].iov_base)[j] DEBUG Loading bridge module INFO
%02X, skb->data[i] DEBUG Unloading bridge module INFO
_lvl PPPOL2TP: _fmt, ##args DEBUG unsupported command %d, cmd INFO
%02X, ptr[length] DEBUG Loading ifDev module INFO
%02X, ((unsigned char *) m -
>msg_iov[i].iov_base)[j] DEBUG Unloading ifDev module INFO
ERROR#%d in alloc_chrdev_region,
%02X, skb->data[i] DEBUG result INFO
KERN_EMERG THE value read is
%d,value*/ DEBUG ERROR#%d in cdev_add, result INFO
KERN_EMERG Factory Reset button is
pressed DEBUG using bcm switch %s, bcmswitch INFO
KERN_EMERG Returing error in INTR privlegedID %d wanporttNo: %d,
registration DEBUG privlegedID,wanportNo INFO
KERN_EMERG Initialzing Factory
defaults modules DEBUG Loading mii INFO
Failed to allocate memory for
pSipListNode DEBUG Unloading mii INFO
SIPALG: Memeory allocation failed for
pSipNodeEntryTbl DEBUG %s: Version 0.1 INFO
pkt-err %s, pktInfo.error DEBUG %s: driver unloaded, dev_info INFO
wlan: %s backend registered, be-
pkt-err %s, pktInfo.error DEBUG >iab_name INFO
pkt-err %s, pktInfo.error DEBUG wlan: %s backend unregistered, INFO
wlan: %s acl policy registered, iac-
%s Len=%d, msg, len DEBUG >iac_name INFO
wlan: %s acl policy unregistered, iac-
%02x , ((uint8_t *) ptr)[i] DEBUG >iac_name INFO
End DEBUG %s, tmpbuf INFO
CVM_MOD_EXP_BASE MISMATCH
cmd=%x base=%x, cmd, DEBUG VLAN2 INFO
op->sizeofptr = %ld, op->sizeofptr DEBUG VLAN3 INFO
opcode cmd = %x, cmd DEBUG VLAN4 <%d %d>, INFO
modexp opcode received DEBUG %s: %s, dev_info, version INFO
Memory Allocation failed DEBUG %s: driver unloaded, dev_info INFO
modexpcrt opcode received DEBUG %s, buf INFO
kmalloc failed DEBUG %s: %s (, dev_info, ath_hal_version INFO
kmalloc failed DEBUG %s: driver unloaded, dev_info INFO
%s: %s: mem=0x%lx, irq=%d
kmalloc failed DEBUG hw_base=0x%p, INFO
kmalloc failed DEBUG %s: %s, dev_info, version INFO
kmalloc Failed DEBUG %s: driver unloaded, dev_info INFO
kmalloc failed DEBUG %s: %s: mem=0x%lx, irq=%d, INFO
unknown cyrpto ioctl cmd received %x,
cmd DEBUG %s: %s: mem=0x%lx, irq=%d, INFO
register_chrdev returned ZERO DEBUG %s: %s, dev_info, version INFO
const char *descr, krb5_keyblock *k) { DEBUG %s: driver unloaded, dev_info INFO
F password, &pdata DEBUG %s, buf INFO
242
test key, key DEBUG %s: %s (, dev_info, ath_hal_version INFO

pre-hashed key, key DEBUG %s: driver unloaded, dev_info INFO
AES 128-bit key, &key DEBUG %s: Version 2.0.0 INFO
test key, key DEBUG %s: driver unloaded, dev_info INFO
wlan: %s backend registered, be-
pre-hashed key, key DEBUG >iab_name INFO
const char *descr, krb5_keyblock *k) { DEBUG wlan: %s backend unregistered, INFO
wlan: %s acl policy registered, iac-
128-bit AES key,&dk DEBUG >iac_name INFO
wlan: %s acl policy unregistered, iac-
256-bit AES key, &dk DEBUG >iac_name INFO
WARNING: DEBUG %s: %s, dev_info, version INFO
bwMonMultipathNxtHopSelect::
checking rates DEBUG %s: driver unloaded, dev_info INFO
hop :%d dev:%s usableBwLimit = %d
currBwShare = %d lastHopSelected =
%d weightedHopPrefer = %d , DEBUG %s: %s (, dev_info, ath_hal_version INFO
1. selecting hop: %d lastHopSelected =
%d , selHop, lastHopSelected DEBUG %s: driver unloaded, dev_info INFO
4. hop :%d dev:%s usableBwLimit = %d
currBwShare = %d lastHopSelected =
%d weightedHopPrefer = %d , DEBUG %s: %s: mem=0x%lx, irq=%d, INFO
%d , selHop, lastHopSelected DEBUG %s: %s, dev_info, version INFO
%d , selHop, lastHopSelected DEBUG %s: driver unloaded, dev_info INFO
bwMonitor multipath selection enabled DEBUG ath_pci: switching rfkill capability %s, INFO
bwMonitor multipath selection disabled DEBUG Unknown autocreate mode: %s, INFO
weightedHopPrefer set to %d
,weightedHopPrefer DEBUG %s: %s: mem=0x%lx, irq=%d, INFO
bwMonitor sysctl registration failed DEBUG %s: %s, dev_info, version INFO
bwMonitor sysctl registered DEBUG %s: driver unloaded, dev_info INFO
bwMonitor sysctl not registered DEBUG %s: %s, dev_info, version INFO
Unregistered bwMonitor sysctl DEBUG %s: unloaded, dev_info INFO
CONFIG_SYSCTL enabled ... DEBUG %s: %s, dev_info, version INFO
Initialized bandwidth monitor ... DEBUG %s: unloaded, dev_info INFO
Removed bandwidth monitor ... DEBUG %s: %s, dev_info, version INFO
Oops.. AES_GCM_encrypt failed
(keylen:%u),key->cvm_keylen DEBUG %s: unloaded, dev_info INFO
Oops.. AES_GCM_decrypt failed
(keylen:%u),key->cvm_keylen DEBUG failed to create procfs entry . INFO
%s, msg DEBUG ICMP: %u.%u.%u.%u: INFO
%02x%s, data[i], DEBUG ICMP: %u.%u.%u.%u: Source INFO
Wrong address mask %u.%u.%u.%u
Failed to set AES encrypt key DEBUG from INFO
Redirect from %u.%u.%u.%u on %s
Failed to set AES encrypt key DEBUG about INFO
AES %s Encrypt Test Duration: %d:%d, IP: routing cache hash table of %u
hard ? Hard : Soft, DEBUG buckets, %ldKbytes, INFO
source route option %u.%u.%u.%u ->
Failed to set AES encrypt key DEBUG %u.%u.%u.%u, INFO
243
Failed to set AES encrypt key DEBUG ICMP: %u.%u.%u.%u: INFO

AES %s Decrypt Test Duration: %d:%d,
hard ? Hard : Soft, DEBUG ICMP: %u.%u.%u.%u: Source INFO
Failed to set AES encrypt key DEBUG from INFO
Failed to set AES encrypt key DEBUG about INFO
IP: routing cache hash table of %u
Failed to set AES encrypt key DEBUG buckets, %ldKbytes, INFO
Failed to set AES encrypt key DEBUG %u.%u.%u.%u, INFO
Failed to set DES encrypt key[%d], i DEBUG from INFO
Failed to set DES decrypt key[%d], i DEBUG about INFO
Failed to set DES encrypt key[%d], i DEBUG source route option INFO
Failed to set DES decrypt key[%d], i DEBUG ICMP: %u.%u.%u.%u: INFO
Failed to set DES encrypt key DEBUG ICMP: %u.%u.%u.%u: Source INFO
Failed to set DES decrypt key DEBUG from INFO
Failed to set DES encrypt key DEBUG about INFO
IP: routing cache hash table of %u
Failed to set DES decrypt key DEBUG buckets, %ldKbytes, INFO
AES Software Test: DEBUG %u.%u.%u.%u, INFO
AES Software Test %s, aesSoftTest(0) IPsec: device unregistering: %s, dev-
? Failed : Passed DEBUG >name INFO
AES Hardware Test: DEBUG IPsec: device down: %s, dev->name INFO
AES Hardware Test %s, WARNIN
aesHardTest(0) ? Failed : Passed DEBUG mark: only supports 32bit mark G
WARNIN
3DES Software Test: DEBUG ipt_time: invalid argument G
3DES Software Test %s, WARNIN
des3SoftTest(0) ? Failed : Passed DEBUG ipt_time: IPT_DAY didn't matched G
WARNIN
3DES Hardware Test: DEBUG ./Logs_kernel.txt:45:KERN_WARNING G
3DES Hardware Test %s, WARNIN
des3HardTest(0) ? Failed : Passed DEBUG ./Logs_kernel.txt:59:KERN_WARNING G
ipt_LOG: not logging via system WARNIN
DES Software Test: DEBUG console G
DES Software Test %s, desSoftTest(0) %s: wrong options length: %u, fname, WARNIN
? Failed : Passed DEBUG opt_len G
%s: options rejected: o[0]=%02x, WARNIN
DES Hardware Test: DEBUG o[1]=%02x, G
DES Hardware Test %s, WARNIN
desHardTest(0) ? Failed : Passed DEBUG %s: wrong options length: %u, G
%s: options rejected: o[0]=%02x, WARNIN
SHA Software Test: DEBUG o[1]=%02x, G
SHA Software Test %s, shaSoftTest(0) WARNIN
? Failed : Passed DEBUG %s: don't know what to do: o[5]=%02x, G
%s: wrong options length: %u, fname, WARNIN
SHA Hardware Test: DEBUG opt_len G
SHA Hardware Test %s, %s: options rejected: o[0]=%02x, WARNIN
shaHardTest(0) ? Failed : Passed DEBUG o[1]=%02x, G
WARNIN
MD5 Software Test: DEBUG %s: wrong options length: %u, G
244
MD5 Software Test %s, md5SoftTest(0) %s: options rejected: o[0]=%02x, WARNIN
? Failed : Passed DEBUG o[1]=%02x, G
WARNIN
MD5 Hardware Test: DEBUG %s: don't know what to do: o[5]=%02x, G
MD5 Hardware Test %s, *** New port %d ***, ntohs(expinfo- WARNIN
md5HardTest(0) ? Failed : Passed DEBUG >natport) G
WARNIN
AES Software Test: %d iterations, iter DEBUG ** skb len %d, dlen %d,(*pskb)->len, G
WARNIN
AES Software Test Duration: %d:%d, DEBUG ********** Non linear skb G
WARNIN
AES Hardware Test: %d iterations, iter DEBUG End of sdp %p, nexthdr G
WARNIN
AES Hardware Test Duration: %d:%d, DEBUG %s: unknown pairwise cipher %d, G
WARNIN
3DES Software Test: %d iterations, iter DEBUG %s: unknown group cipher %d, G
WARNIN
3DES Software Test Duration: %d:%d, DEBUG %s: unknown SIOCSIWAUTH flag %d, G
WARNIN
3DES Hardware Test: %d iterations, iter DEBUG %s: unknown SIOCGIWAUTH flag %d, G
WARNIN
3DES Hardware Test Duration: %d:%d, DEBUG %s: unknown algorithm %d, G
WARNIN
DES Software Test: %d iterations, iter DEBUG %s: key size %d is too large, G
WARNIN
DES Software Test Duration: %d:%d, DEBUG try_module_get failed \ G
WARNIN
DES Hardware Test: %d iterations, iter DEBUG %s: request_irq failed, dev->name G
WARNIN
DES Hardware Test Duration: %d:%d, DEBUG try_module_get failed G
WARNIN
SHA Software Test: %d iterations, iter DEBUG try_module_get failed \ G
WARNIN
SHA Software Test Duration: %d:%d, DEBUG %s: unknown pairwise cipher %d, G
WARNIN
SHA Hardware Test: %d iterations, iter DEBUG %s: unknown group cipher %d, G
WARNIN
SHA Hardware Test Duration: %d:%d, DEBUG %s: unknown SIOCSIWAUTH flag %d, G
WARNIN
MD5 Software Test: %d iterations, iter DEBUG %s: unknown SIOCGIWAUTH flag %d, G
WARNIN
MD5 Software Test Duration: %d:%d, DEBUG %s: unknown algorithm %d, G
WARNIN
MD5 Hardware Test: %d iterations, iter DEBUG %s: key size %d is too large, G
unable to load %s, WARNIN
MD5 Hardware Test Duration: %d:%d, DEBUG scan_modnames[mode] G
./pnac/src/pnac/linux/kernel/xcalibur.c:2 WARNIN
09:#define DEBUG_PRINTK printk DEBUG Failed to mkdir /proc/net/madwifi G
WARNIN
bcmDeviceInit: registration failed DEBUG try_module_get failed G
WARNIN
bcmDeviceInit: pCdev Add failed DEBUG %s: request_irq failed, dev->name G
too many virtual ap's (already got %d), WARNIN
REG Size == 8 Bit DEBUG sc->sc_nvaps G
Value = %x ::: At Page = %x : Addr = WARNIN
%x DEBUG %s: request_irq failed, dev->name G
rix %u (%u) bad ratekbps %u mode WARNIN
REG Size == 16 Bit DEBUG %u, G
245
Value = %x ::: At Page = %x : Addr = cix %u (%u) bad ratekbps %u mode WARNIN
%x DEBUG %u, G
WARNIN
REG Size == 32 Bit DEBUG %s: no rates for %s?, G
Value = %x ::: At Page = %x : Addr = no rates yet! mode %u, sc- WARNIN
%x DEBUG >sc_curmode G
WARNIN
REG Size == 64 Bit DEBUG %u.%u.%u.%u sent an invalid ICMP G
WARNIN
REG Size is not in 8/16/32/64 DEBUG dst cache overflow G
Written Value = %x ::: At Page = %x : WARNIN
Addr = %x DEBUG Neighbour table overflow. G
WARNIN
bcm_ioctl :Unknown Ioctl Case : DEBUG host %u.%u.%u.%u/if%d ignores G
=========Register Dump for Port martian destination %u.%u.%u.%u WARNIN
Number # %d=========,port DEBUG from G
%s : Read Status=%s WARNIN
data=%#x,regName[j], DEBUG martian source %u.%u.%u.%u from G
%s : Read Status=%s WARNIN
data=%#x,regName[j], DEBUG ll header: G
powerDeviceInit: device registration WARNIN
failed DEBUG %u.%u.%u.%u sent an invalid ICMP G
WARNIN
powerDeviceInit: adding device failed DEBUG dst cache overflow G
%s: Error: Big jump in pn number. WARNIN
TID=%d, from %x %x to %x %x. DEBUG Neighbour table overflow. G
%s: The MIC is corrupted. Drop this WARNIN
frame., __func__ DEBUG host %u.%u.%u.%u/if%d ignores G
%s: The MIC is OK. Still use this frame martian destination %u.%u.%u.%u WARNIN
and update PN., __func__ DEBUG from G
ADDBA send failed: recipient is not a WARNIN
11n node DEBUG martian source %u.%u.%u.%u from G
WARNIN
Cannot Set Rate: %x, value DEBUG ll header: G
Getting Rate Series: %x,vap- WARNIN
>iv_fixed_rate.series DEBUG %u.%u.%u.%u sent an invalid ICMP G
Getting Retry Series: %x,vap- WARNIN
>iv_fixed_rate.retries DEBUG dst cache overflow G
WARNIN
IC Name: %s,ic->ic_dev->name DEBUG Neighbour table overflow. G
usage: rtparams rt_idx <0|1> per WARNIN
<0..100> probe_intval <0..100> DEBUG host %u.%u.%u.%u/if%d ignores G
usage: acparams ac <0|3> RTS <0|1> WARNIN
aggr scaling <0..4> min mbps <0..250> DEBUG martian source %u.%u.%u.%u from G
usage: hbrparams ac <2> enable <0|1> WARNIN
per_low <0..50> DEBUG ll header: G
martian destination %u.%u.%u.%u WARNIN
%s(): ADDBA mode is AUTO, __func__ DEBUG from G
WARNIN
%s(): Invalid TID value, __func__ DEBUG %u.%u.%u.%u sent an invalid ICMP G
WARNIN
%s(): ADDBA mode is AUTO, __func__ DEBUG dst cache overflow G
WARNIN
%s(): Invalid TID value, __func__ DEBUG Neighbour table overflow. G
WARNIN
%s(): Invalid TID value, __func__ DEBUG host %u.%u.%u.%u/if%d ignores G
Addba status IDLE DEBUG martian destination %u.%u.%u.%u WARNIN
246
from G
WARNIN
%s(): ADDBA mode is AUTO, __func__ DEBUG martian source %u.%u.%u.%u from G
WARNIN
%s(): Invalid TID value, __func__ DEBUG ll header: G
Error in ADD- no node available DEBUG Unable to create ip_set_list ERROR
%s(): Channel capabilities do not match,
chan flags 0x%x, DEBUG Unable to create ip_set_hash ERROR
%s: cannot map channel to mode; freq ip_conntrack_in: Frag of proto %u
%u flags 0x%x, DEBUG (hook=%u), ERROR
Unable to register netfilter socket
ic_get_currentCountry not initialized yet DEBUG option ERROR
Country ie is %c%c%c, DEBUG Unable to create ip_conntrack_hash ERROR
%s: wrong state transition from %d to Unable to create ip_conntrack slab
%d, DEBUG cache ERROR
%s: wrong state transition from %d to
%d, DEBUG Unable to create ip_expect slab cache ERROR
%s: wrong state transition from %d to Unable to create ip_set_iptreeb slab
%s: wrong state transition from %d to Unable to create ip_set_iptreed slab
%s: wrong state transition from %d to %s: cannot allocate space for
%d, DEBUG %scompressor, fname, ERROR
%s: wrong state transition from %d to %s: cannot allocate space for MPPC
%d, DEBUG history, ERROR
%s: cannot allocate space for MPPC
ieee80211_deliver_l2uf: no buf available DEBUG history, ERROR
%s: %s, vap->iv_dev->name, buf /*
NB: no */ DEBUG %s: cannot load ARC4 module, fname ERROR
%s: [%s] %s, vap->iv_dev->name, DEBUG %s: cannot load SHA1 module, fname ERROR
%s: [%s] %s, vap->iv_dev->name, %s: CryptoAPI SHA1 digest size too
ether_sprintf(mac), buf DEBUG small, fname ERROR
[%s:%s] discard %s frame, %s, vap- %s: cannot allocate space for SHA1
>iv_dev->name, DEBUG digest, fname ERROR
[%s:%s] discard frame, %s, vap-
>iv_dev->name, DEBUG %s%d: trying to write outside history ERROR
[%s:%s] discard %s information
element, %s, DEBUG %s%d: trying to write outside history ERROR
[%s:%s] discard information element,
%s, DEBUG %s%d: trying to write outside history ERROR
[%s:%s] discard %s frame, %s, vap- %s%d: too big uncompressed packet:
>iv_dev->name, DEBUG %d, ERROR
[%s:%s] discard frame, %s, vap- %s%d: encryption negotiated but not
>iv_dev->name, DEBUG an ERROR
HBR list
dumpNode\tAddress\t\t\tState\tTrigger\t %s%d: error - not an MPPC or MPPE
Block DEBUG frame ERROR
Nodes
informationAddress\t\t\tBlock\t\tDroped Kernel doesn't provide ARC4 and/or
VI frames DEBUG SHA1 algorithms ERROR
%d\t
%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2
x\t%s\t%s\t%s, DEBUG PPP: not interface or channel?? ERROR
%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2
x\t%s\t\t%d, DEBUG PPP: no memory (VJ compressor) ERROR
[%d]\tFunction\t%s, j, ni-
>node_trace[i].funcp DEBUG failed to register PPP device (%d), err ERROR
247
[%d]\tMacAddr\t%s, j, DEBUG PPP: no memory (VJ comp pkt) ERROR

[%d]\tDescp\t\t%s, j, ni-
>node_trace[i].descp DEBUG PPP: no memory (comp pkt) ERROR
[%d]\tValue\t\t%llu(0x%llx), j, ni-
>node_trace[i].value, DEBUG ppp: compressor dropped pkt ERROR
ifmedia_add: null ifm DEBUG PPP: no memory (fragment) ERROR
Adding entry for DEBUG PPP: VJ uncompressed error ERROR
ifmedia_set: no match for 0x%x/0x%x, DEBUG ppp_decompress_frame: no memory ERROR
ppp_mp_reconstruct bad seq %u <
ifmedia_set: target DEBUG %u, ERROR
ifmedia_set: setting to DEBUG PPP: couldn't register device %s (%d), ERROR
ifmedia_ioctl: switching %s to , dev- ppp: destroying ppp struct %p but
>name DEBUG dead=%d ERROR
ifmedia_match: multiple match for DEBUG ppp: destroying undead channel %p !, ERROR
PPP: removing module but units
<unknown type> DEBUG remain! ERROR
desc->ifmt_string DEBUG PPP: failed to unregister PPP device ERROR
%s: cannot allocate space for
mode %s, desc->ifmt_string DEBUG %scompressor, fname, ERROR
<unknown subtype> DEBUG history, ERROR
%s, desc->ifmt_string DEBUG history, ERROR
%s%s, seen_option++ ? , : , DEBUG %s: cannot load ARC4 module, fname ERROR
%s%s, seen_option++ ? , : , DEBUG %s: cannot load SHA1 module, fname ERROR
%s: CryptoAPI SHA1 digest size too
%s, seen_option ? > : DEBUG small, fname ERROR
%s: cannot allocate space for SHA1
%s: %s, dev->name, buf DEBUG digest, fname ERROR
%s: no memory for sysctl table!,
__func__ DEBUG %s%d: trying to write outside history ERROR
%s: failed to register sysctls!, vap-
>iv_dev->name DEBUG %s%d: trying to write outside history ERROR
Atheros HAL assertion failure: %s: line
%u: %s, DEBUG %s%d: trying to write outside history ERROR
ath_hal: logging to %s %s, %s%d: too big uncompressed packet:
ath_hal_logfile, DEBUG %d, ERROR
%s%d: encryption negotiated but not
ath_hal: logging disabled DEBUG an ERROR
%s%d: error - not an MPPC or MPPE
%s%s, sep, ath_hal_buildopts[i] DEBUG frame ERROR
ath_pci: No devices found, driver not Kernel doesn't provide ARC4 and/or
installed. DEBUG SHA1 algorithms ERROR
---:%d pri:%d qd:%u ad:%u sd:%u
tot:%u amp:%d %02x:%02x:%02x, DEBUG PPP: not interface or channel?? ERROR
SC Pushbutton Notify on %s::%s,dev-
>name,vap->iv_dev->name DEBUG PPP: no memory (VJ compressor) ERROR
Could not find Board Configuration Data DEBUG failed to register PPP device (%d), err ERROR
Could not find Radio Configuration data DEBUG PPP: no memory (comp pkt) ERROR
%s: No device, __func__ DEBUG ppp: compressor dropped pkt ERROR
ath_ahb: No devices found, driver not
installed. DEBUG PPP: no memory (VJ comp pkt) ERROR
PKTLOG_TAG %s:proc_dointvec failed,
__FUNCTION__ DEBUG PPP: no memory (comp pkt) ERROR
PKTLOG_TAG %s:proc_dointvec failed, DEBUG PPP: no memory (fragment) ERROR
248
__FUNCTION__
%s: failed to register sysctls!,
proc_name DEBUG PPP: VJ uncompressed error ERROR
PKTLOG_TAG %s: proc_mkdir failed,
__FUNCTION__ DEBUG ppp_decompress_frame: no memory ERROR
PKTLOG_TAG %s: pktlog_attach failed ppp_mp_reconstruct bad seq %u <
for %s, DEBUG %u, ERROR
PKTLOG_TAG %s:allocation failed for
pl_info, __FUNCTION__ DEBUG PPP: couldn't register device %s (%d), ERROR
PKTLOG_TAG %s:allocation failed for ppp: destroying ppp struct %p but
pl_info, __FUNCTION__ DEBUG dead=%d ERROR
PKTLOG_TAG %s: create_proc_entry
failed for %s, DEBUG ppp: destroying undead channel %p !, ERROR
PKTLOG_TAG %s: sysctl register failed PPP: removing module but units
for %s, DEBUG remain! ERROR
PKTLOG_TAG %s: page fault out of
range, __FUNCTION__ DEBUG PPP: failed to unregister PPP device ERROR
PKTLOG_TAG %s: page fault out of
range, __FUNCTION__ DEBUG JBD: bad block at offset %u, ERROR
PKTLOG_TAG %s: Log buffer
unavailable, __FUNCTION__ DEBUG JBD: corrupted journal superblock ERROR
PKTLOG_TAG DEBUG JBD: bad block at offset %u, ERROR
Logging should be disabled before
changing bufer size DEBUG JBD: Failed to read block at offset %u, ERROR
%s:allocation failed for pl_info, __func__ DEBUG JBD: error %d scanning journal, err ERROR
%s: Unable to allocate buffer, __func__ DEBUG JBD: IO error %d recovering block ERROR
%s:allocation failed for pl_info, __func__ DEBUG ./Logs_kernel.txt:303:KERN_ERR ERROR
%s: Unable to allocate buffer, __func__ DEBUG ./Logs_kernel.txt:304:KERN_ERR ERROR
Atheros HAL assertion failure: %s: line
%u: %s, DEBUG JBD: recovery pass %d ended at ERROR
ath_hal: logging to %s %s,
ath_hal_logfile, DEBUG %s: %s:%d: BAD SESSION MAGIC \ ERROR
ath_hal: logging disabled DEBUG %s: %s:%d: BAD TUNNEL MAGIC \ ERROR
msg->msg_namelen wrong, %d, msg-
%s%s, sep, ath_hal_buildopts[i] DEBUG >msg_namelen ERROR
failed to allocate rx descriptors: %d, addr family wrong: %d, usin-
error DEBUG >sin_family ERROR
udp addr=%x/%hu, usin-
ath_stoprecv: rx queue %p, link %p, DEBUG >sin_addr.s_addr, usin->sin_port ERROR
no mpdu (%s), __func__ DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
Reset rx chain mask. Do internal reset.
(%s), __func__ DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
OS_CANCEL_TIMER failed!! DEBUG socki_lookup: socket file changed! ERROR
__func__ DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
%s: unable to collect channel list from
hal; DEBUG %s: %s:%d: BAD SESSION MAGIC \ ERROR
%s: cannot map channel to mode; freq
%u flags 0x%x, DEBUG %s: %s:%d: BAD TUNNEL MAGIC \ ERROR
%s: unable to reset channel %u msg->msg_namelen wrong, %d, msg-
(%uMhz) DEBUG >msg_namelen ERROR
addr family wrong: %d, usin-
%s: unable to restart recv logic, DEBUG >sin_family ERROR
%s: start DFS WAIT period on channel udp addr=%x/%hu, usin-
%d, __func__,sc->sc_curchan.channel DEBUG >sin_addr.s_addr, usin->sin_port ERROR
249
%s: cancel DFS WAIT period on

channel %d, __func__, sc-
>sc_curchan.channel DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
Non-DFS channel, cancelling previous
DFS wait timer channel %d, sc-
>sc_curchan.channel DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
%s: unable to reset hardware; hal status
%u DEBUG socki_lookup: socket file changed! ERROR
%s: unable to start recv logic, __func__ DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
%s: unable to start recv logic, __func__ DEBUG %s: %s:%d: BAD SESSION MAGIC \ ERROR
%u, DEBUG %s: %s:%d: BAD TUNNEL MAGIC \ ERROR
msg->msg_namelen wrong, %d, msg-
hardware error; reseting DEBUG >msg_namelen ERROR
addr family wrong: %d, usin-
rx FIFO overrun; reseting DEBUG >sin_family ERROR
%s: During Wow Sleep and got BMISS, udp addr=%x/%hu, usin-
__func__ DEBUG >sin_addr.s_addr, usin->sin_port ERROR
AC\tRTS \tAggr Scaling\tMin
Rate(Kbps)\tHBR \tPER LOW
THRESHOLD DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
BE\t%s\t\t%d\t%6d\t\t%s\t%d, DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
BK\t%s\t\t%d\t%6d\t\t%s\t%d, DEBUG socki_lookup: socket file changed! ERROR
VI\t%s\t\t%d\t%6d\t\t%s\t%d, DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
VO\t%s\t\t%d\t%6d\t\t%s\t%d, DEBUG rebootHook: null function pointer ERROR
--%d,%p,%lu:0x%x 0x%x 0x%p 0x%x
0x%x 0x%x 0x%x, DEBUG Bad ioctl command ERROR
bb state: 0x%08x 0x%08x, bbstate(sc,
4ul), bbstate(sc, 5ul) DEBUG fResetMod: Failed to configure gpio pin ERROR
%08x %08x %08x %08x %08x %08x fResetMod: Failed to register interrupt
%08x %08x%08x %08x %08x %08x, DEBUG handler ERROR
noise floor: (%d, %d) (%d, %d) (%d,
%d), DEBUG registering char device failed ERROR
%p: %08x %08x %08x %08x %08x
%08x %08x %08x %08x %08x %08x
%08x, DEBUG unregistering char device failed ERROR
--%d,%p,%lu:0x%x 0x%x 0x%p 0x%x
0x%x 0x%x 0x%x, DEBUG proc entry delete failed ERROR
%08x %08x %08x %08x %08x %08x
%08x %08x%08x %08x %08x %08x, DEBUG proc entry initialization failed ERROR
%s: unable to allocate device object., testCompHandler: received %s from
__func__ DEBUG %d, (char *)pInBuf, ERROR
%s: unable to attach hardware; HAL
status %u, DEBUG UMI proto registration failed %d,ret ERROR
%s: HAL ABI msmatch; DEBUG AF_UMI registration failed %d,ret ERROR
%s: Warning, using only %u entries in
%u key cache, DEBUG umi initialization failed %d,ret ERROR
unable to setup a beacon xmit queue! DEBUG kernel UMI registration failed! ERROR
unable to setup CAB xmit queue! DEBUG ./Logs_kernel.txt:447:KERN_ERR ERROR
unable to setup xmit queue for BE ERROR msm not found properly %d,
traffic! DEBUG len %d, msm, ERROR
%s DFS attach failed, __func__ DEBUG ModExp returned Error ERROR
%s: Invalid interface id = %u, __func__,
if_id DEBUG ModExp returned Error ERROR
%s:grppoll Buf allocation failed DEBUG %s: 0x%p len %u, tag, p, (unsigned ERROR
250
,__func__ int)len
%s: unable to start recv logic, DEBUG %03d:, i ERROR
%s: Invalid interface id = %u, __func__,
if_id DEBUG %02x, ((unsigned char *)p)[i] ERROR
__func__ DEBUG mic check failed ERROR
%s: Tx Antenna Switch. Do internal %s: 0x%p len %u, tag, p, (unsigned
reset., __func__ DEBUG int)len ERROR
Radar found on channel %d (%d MHz), DEBUG %03d:, i ERROR
End of DFS wait period DEBUG %02x, ((unsigned char *)p)[i] ERROR
%s error allocating beacon, __func__ DEBUG mic check failed ERROR
failed to allocate UAPSD QoS NULL tx
descriptors: %d, error DEBUG [%s] Wrong parameters, __func__ ERROR
failed to allocate UAPSD QoS NULL
wbuf DEBUG [%s] Wrong Key length, __func__ ERROR
__func__ DEBUG [%s] Wrong parameters, __func__ ERROR
%s: unable to update h/w beacon queue
parameters, DEBUG [%s] Wrong Key length, __func__ ERROR
ALREADY ACTIVATED DEBUG [%s] Wrong parameters, __func__ ERROR
%s: missed %u consecutive beacons, DEBUG [%s] Wrong Key length, __func__ ERROR
%s: busy times: rx_clear=%d,
rx_frame=%d, tx_frame=%d, __func__,
rx_clear, rx_frame, tx_frame DEBUG [%s] Wrong parameters, __func__ ERROR
%s: unable to obtain busy times,
__func__ DEBUG [%s] Wrong Key length, __func__ ERROR
%s: beacon is officially stuck, DEBUG [%s]: Wrong parameters, __func__ ERROR
[%s] Wrong Key Length %d, __func__,
Busy environment detected DEBUG des_key_len ERROR
[%s] Wrong parameters %d, __func__,
Inteference detected DEBUG des_key_len ERROR
rx_clear=%d, rx_frame=%d, [%s] Wrong Key Length %d, __func__,
tx_frame=%d, DEBUG des_key_len ERROR
%s: resume beacon xmit after %u
misses, DEBUG [%s] Wrong parameters, __func__ ERROR
%s: stuck beacon; resetting (bmiss
count %u), DEBUG [%s] Wrong Key Length, __func__ ERROR
EMPTY QUEUE DEBUG [%s] Wrong parameters, __func__ ERROR
SWRInfo: seqno %d isswRetry %d
retryCnt %d,wh ? (*(u_int16_t *)&wh-
>i_seq[0]) >> 4 : 0, bf->bf_isswretry,bf-
>bf_swretries DEBUG [%s] Wrong Key Length, __func__ ERROR
Buffer #%08X --> Next#%08X
Prev#%08X Last#%08X,bf,
TAILQ_NEXT(bf,bf_list), DEBUG [%s] Wrong parameters, __func__ ERROR
Stas#%08X flag#%08X
Node#%08X, bf->bf_status, bf-
>bf_flags, bf->bf_node DEBUG [%s] Wrong parameters, __func__ ERROR
Descr #%08X --> Next#%08X
Data#%08X Ctl0#%08X Ctl1#%08X, bf-
>bf_daddr, ds ->ds_link, ds->ds_data,
ds->ds_ctl0, ds->ds_ctl1 DEBUG [%s] Wrong parameters, __func__ ERROR
Ctl2#%08X Ctl3#%08X
Sta0#%08X Sta1#%08X,ds ->ds_hw[0],
ds->ds_hw[1], lastds ->ds_hw[2], lastds -
>ds_hw[3] DEBUG [%s] Wrong parameters, __func__ ERROR
Error entering wow mode DEBUG device name=%s not found, pReq- ERROR
251
>ifName
Wakingup due to wow signal DEBUG unable to register KIFDEV to UMI ERROR
%s, wowStatus = 0x%x, __func__, ERROR: %s: Timeout at page %#0x
wowStatus DEBUG addr %#0x ERROR
ERROR: %s: Timeout at page %#0x
Pattern added already DEBUG addr %#0x ERROR
Error : All the %d pattern are in use.
Cannot add a new pattern ,
MAX_NUM_PATTERN DEBUG Invalid IOCTL %#08x, cmd ERROR
%s: unable to register device, dev-
Pattern added to entry %d ,i DEBUG >name ERROR
Remove wake up pattern DEBUG ath_pci: 32-bit DMA not available ERROR
mask = %p pat = %p ath_pci: cannot reserve PCI memory
,maskBytes,patternBytes DEBUG region ERROR
mask = %x pat = %x
,(u_int32_t)maskBytes, ath_pci: cannot remap PCI memory
(u_int32_t)patternBytes DEBUG region) ; ERROR
Pattern Removed from entry %d ,i DEBUG ath_pci: no memory for device state ERROR
Error : Pattern not found DEBUG >name ERROR
PPM STATE ILLEGAL %x %x, ath_dev_probe: no memory for device
forcePpmStateCur, afp->forceState DEBUG state ERROR
FORCE_PPM %4d %6.6x %8.8x %8.8x %s: no memory for device state,
%8.8x %3.3x %4.4x, DEBUG __func__ ERROR
failed to allocate tx descriptors: %d,
error DEBUG kernel MIBCTL registration failed! ERROR
failed to allocate beacon descripotrs:
%d, error DEBUG Bad ioctl command ERROR
failed to allocate UAPSD descripotrs:
%d, error DEBUG WpsMod: Failed to configure gpio pin ERROR
WpsMod: Failed to register interrupt
hal qnum %u out of range, max %u!, DEBUG handler ERROR
HAL AC %u out of range, max %zu!, DEBUG registering char device failed ERROR
HAL AC %u out of range, max %zu!, DEBUG unregistering char device failed ERROR
%s: unable to update hardware queue %s:%d - ERROR: non-NULL node
%u!, DEBUG pointer in %p, %p<%s>! ERROR
%s:%d - ERROR: non-NULL node
Multicast Q: DEBUG pointer in %p, %p<%s>! ERROR
%p , buf DEBUG can't alloc name %s, name ERROR
buf flags - 0x%08x --------- , buf- %s: unable to register device, dev-
>bf_flags DEBUG >name ERROR
failed to automatically load module:
buf status - 0x%08x, buf->bf_status DEBUG %s; \ ERROR
# frames in aggr - %d, length of
aggregate - %d, length of frame - %d, Unable to load needed module: %s; no
sequence number - %d, tidno - %d, DEBUG support for \ ERROR
isdata: %d isaggr: %d isampdu: %d ht:
%d isretried: %d isxretried: %d
shpreamble: %d isbar: %d ispspoll: %d
aggrburst: %d calcairtime: %d
qosnulleosp: %d, DEBUG Module \%s\ is not known, buf ERROR
%p: 0x%08x 0x%08x 0x%08x 0x%08x
0x%08x 0x%08x 0x%08x 0x%08x
0x%08x 0x%08x, DEBUG Error loading module \%s\, buf ERROR
0x%08x 0x%08x 0x%08x 0x%08x
0x%08x 0x%08x 0x%08x 0x%08x DEBUG Module \%s\ failed to initialize, buf ERROR
252
0x%08x 0x%08x,
0x%08x 0x%08x 0x%08x 0x%08x, DEBUG ath_pci: 32-bit DMA not available ERROR
ath_pci: cannot reserve PCI memory
sc_txq[%d] : , i DEBUG region ERROR
ath_pci: cannot remap PCI memory
tid %p pause %d : , tid, tid->paused DEBUG region) ; ERROR
%d: %p , j, tid->tx_buf[j] DEBUG ath_pci: no memory for device state ERROR
%s: unable to attach hardware: '%s'
%p , buf DEBUG (HAL status %u), ERROR
axq_q: DEBUG %s: HAL ABI mismatch; ERROR
%u, __func__, status DEBUG %s: failed to allocate descriptors: %d, ERROR
%s: unable to setup a beacon xmit
****ASSERTION HIT**** DEBUG queue!, ERROR
MacAddr=%s, DEBUG %s: unable to setup CAB xmit queue!, ERROR
%s: unable to setup xmit queue for %s
TxBufIdx=%d, i DEBUG traffic!, ERROR
Tid=%d, tidno DEBUG >name ERROR
AthBuf=%p, tid->tx_buf[i] DEBUG %s: autocreation of VAP failed: %d, ERROR
%s: unable to reset hardware; hal status ath_dev_probe: no memory for device
%u, DEBUG state ERROR
%s: unable to reset hardware; hal status kdot11RogueAPEnable called with
%u, DEBUG NULL argument. ERROR
kdot11RogueAPEnable: can not add
%s: unable to start recv logic, DEBUG more interfaces ERROR
kdot11RogueAPGetState called with
_fmt, __VA_ARGS__ \ DEBUG NULL argument. ERROR
sample_pri=%d is a multiple of kdot11RogueAPDisable called with
refpri=%d, sample_pri, refpri DEBUG NULL argument. ERROR
===========ft-
>ft_numfilters=%u===========, ft- %s: SKB does not exist.,
>ft_numfilters DEBUG __FUNCTION__ ERROR
filter[%d] filterID = %d
rf_numpulses=%u; rf->rf_minpri=%u; rf-
>rf_maxpri=%u; rf->rf_threshold=%u; rf-
>rf_filterlen=%u; rf->rf_mindur=%u; rf-
>rf_maxdur=%u,j, rf->rf_pulseid, DEBUG %s: recvd invalid skb ERROR
NOL DEBUG unable to register KIFDEV to UMI ERROR
WARNING!!! 10 minute CAC period as The system is going to factory
channel is a weather radar channel DEBUG defaults........!!! CRITICAL
%s disable detects, __func__ DEBUG %s, msg CRITICAL
%s enable detects, __func__ DEBUG %02x, *(data + i) CRITICAL
%s disable FFT val=0x%x , __func__,
val DEBUG Inside crypt_open in driver ###### CRITICAL
%s enable FFT val=0x%x , __func__,
val DEBUG Inside crypt_release in driver ###### CRITICAL
%s debug level now = 0x%x , __func__, Inside crypt_init module in driver
dfs_debug_level DEBUG @@@@@@@@ CRITICAL
RateTable:%d, maxvalidrate:%d,
ratemax:%d, pRc->rateTableSize,k,pRc- Inside crypt_cleanup module in driver
>rateMaxPhy DEBUG @@@@@@@@ CRITICAL
%s: txRate value of 0x%x is bad.,
__FUNCTION__, txRate DEBUG SKB is null : %p ,skb CRITICAL
Valid Rate Table:- DEBUG DST is null : %p ,dst CRITICAL
253
Index:%d, value:%d, code:%x, rate:%d,

flag:%x, i, (int)validRateIndex[i], DEBUG DEV is null %p %p ,dev,dst CRITICAL
RateTable:%d, maxvalidrate:%d,
ratemax:%d, pRc->rateTableSize,k,pRc- Packet is Fragmented %d,pBufMgr-
>rateMaxPhy DEBUG >len CRITICAL
Marked the packet proto:%d sip:%x
dip:%x sport:%d dport:%d
Can't allocate memory for ath_vap. DEBUG spi:%d,isr:%p:%p %p CRITICAL
SAV CHECK FAILED IN
Unable to add an interface for ath_dev. DEBUG DECRYPTION CRITICAL
%s: [%02u] %-7s , tag, ix, ciphers[hk-
>kv_type] DEBUG FAST PATH Breaks on BUF CHECK CRITICAL
%02x, hk->kv_val[i] DEBUG FAST PATH Breaks on DST CHECK CRITICAL
mac %02x-%02x-%02x-%02x-%02x- FAST PATH Breaks on MTU %d %d
%02x, mac[0], mac[1], mac[2], mac[3], %d,bufMgrLen(pBufMgr),mtu,dst_mtu(
mac[4], mac[5] DEBUG pDst->path) CRITICAL
FAST PATH Breaks on MAX PACKET
%d
%d,bufMgrLen(pBufMgr),IP_MAX_PA
mac 00-00-00-00-00-00 DEBUG CKET CRITICAL
SAV CHECK FAILED IN
%02x, hk->kv_mic[i] DEBUG ENCRYPTION CRITICAL
Match Found proto %d spi
%d,pPktInfo->proto,pFlowEntry-
txmic DEBUG >pre.spi CRITICAL
PRE: proto: %u srcip:%u.%u.%u.%u
sport :%u dstip: %u.%u.%u.%u dport:
%02x, hk->kv_txmic[i] DEBUG %u, CRITICAL
POST: proto: %u srcip:%u.%u.%u.%u
Cannot support setting tx and rx keys sport :%u dstip: %u.%u.%u.%u dport:
individually DEBUG %u, CRITICAL
bogus frame type 0x%x (%s), DEBUG Clearing the ISR %p,p CRITICAL
PROTO:%d %u.%u.%u.%u---
ERROR: ieee80211_encap ret NULL DEBUG >%u.%u.%u.%u, CRITICAL
ERROR: ath_amsdu_attach not called DEBUG ESP-DONE: %p %p,sav,m CRITICAL
%s: no memory for cwm attach,
__func__ DEBUG ESP-BAD: %p %p,sav,m CRITICAL
%s: error - acw NULL. Possible attach
failure, __func__ DEBUG Bug in ip_route_input_slow(). CRITICAL
%s: unable to abort tx dma, __func__ DEBUG Bug in ip_route_input_slow(). CRITICAL
%s: no memory for ff attach, __func__ DEBUG Bug in ip_route_input \ CRITICAL
Failed to initiate PBC based enrolle
association DEBUG Bug in ip_route_input_slow(). CRITICAL
KERN_EMERG Returing error in INTR AH: Assigning the secure flags for sav
registration DEBUG :%p,sav CRITICAL
ESP: Assigning the secure flags for
sav :%p skb:%p src:%x
dst:%x,sav,skb,ip->ip_src.s_addr,ip-
KERN_EMERG Initialzing Wps module DEBUG >ip_dst.s_addr CRITICAL
%s Buffer %d mtu %d path mtu %d
header %d trailer
%d,__func__,bufMgrLen(pBufMgr),mtu
%s:%d %s, __FILE__, __LINE__, ,dst_mtu(pDst->path),pDst-
__func__ DEBUG >header_len,pDst->trailer_len CRITICAL
254
Appendix E. RJ-45 Pin-outs
RJ-45
Signal Adapter Signal
Cable
RJ-45 PIN DB-9 PIN
CTS NC NC NC
DTR NC NC NC
TxD 6 3 RxD
GND 5 5 GND
GND 4 5 GND
RxD 3 2 TxD
DSR NC NC NC
RTS NC NC NC
255
Appendix F. Product Statement

1. DSR-1000N
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications. However, there is no guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the interference by
one or more of the following measures:
 Reorient or relocate the receiving antenna.
 Increase the separation between the equipment and receiver.
 Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
 Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement

This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment.
This equipment should be installed and operated with a minimum distance of 20 centimeters between the
radiator and your body.
This device complies with Part 15 of the FCC Rules. Opera tion is subject to the following two conditions:
1) This device may not cause harmful interference, and

2) This device must accept any interference received, including interference that may cause
undesired operation.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm
from all persons and must not be co-located or operating in conjunction with any other antenna or
transmitter.
This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range.
Non-modification Statement
Use only the integral antenna supplied by the manufacturer when operating this device. Unauthorized
antennas, modifications, or attachments could damage the TI Navigator access point and violate FCC
regulations. Any changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate this equipment.
Canadian Department of Communications Industry Canada (IC) Notice

This Class B digital apparatus complies with Canadian ICES-003 and RSS-210. Cet appareil numérique de
la classe B est conforme à la norme NMB-003 et CNR-210 du Canada.
ndustry Canada Statement

This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two
conditions:
256
IMPORTANT NOTE: Radiation Exposure Statement

This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End
users must follow the specific operating instructions for satisfying RF exposure compliance. To maintain
compliance with IC RF exposure compliance requirements, please follow operation instruction as
documented in this manual.
Europe – EU Declaration of Conformity
This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following
test methods have been applied in order to prove presumption of conformity with the essential requirements
of the R&TTE Directive 1999/5/EC:
- EN 60950-1: 2006+A11:2009
Safety of information technology equipment
- EN 300 328 V1.7.1 (2006-10)

Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband transmission systems; Data
transmission equipment operating in the 2,4 GHz ISM band and using wide band modulation techniques;
Harmonized EN covering essential requirements under article 3.2 of the R&TTE Directive
- EN 301 893-1 V1.5.1 (2008-12)

Broadband Radio Access Networks (BRAN); 5 GHz high performance RLAN; Harmonized EN covering
essential requirements of article 3.2 of the R&TTE Directive
- EN 301 489-17 V1.3.2 (2008-04) and EN 301 489-1 V1.8.1 (2008-04)

Electromagnetic compatibility and Radio spectrum Matters (ERM); Electro Magnetic Compatibility (EMC)
standard for radio equipment and services; Part 17: Specific conditions for 2,4 GHz wideband transmission
systems and 5 GHz high performance RLAN equipment
This device is a 2.4 GHz wideband transmission system (transceiver), intended for use in all EU member
states and EFTA countries under the following conditions and/or with the following restrictions:
- In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain
authorization to use the device for setting up outdoor radio links and/or for supplying public access to
telecommunications and/or network services.
- This device may not be used for setting up outdoor radio links in France and in some areas the RF output
power may be limited to 10 mW EIRP in the frequency range of 2454 – 2483.5 MHz. For detailed
information the enduser should contact the national spectrum authority in France.
This device is a 5 GHz wideband transmission system (transceiver), intended for use in all EU member
- This device may only be used indoors in the frequency bands 5150 – 5250 MHz.
- In France and Luxembourg a limited implementation of the frequency bands 5150 – 5250 MHz and 5250 –
5350 MHz. In Luxermbourg it is not allowed to make use of the frequency band 5470 – 5725 MHz. End-
users are encouraged to contact the national spectrum authorities in France and Luxembourg in order to
obtain the latest information about any restrictions in the 5 GHz frequency band(s).
257
Česky [D-Link Corporation] tímto prohlašuje, že tento [DSR-1000N] je ve shodě se základními

[Czech] požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES.
Dansk Undertegnede [D-Link Corporation] erklærer herved, at følgende udstyr [DSR -1000N]
[Danish] overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
Deutsch Hiermit erklärt [D-Link Corporation], dass sich das Gerät [DSR-1000N] in
[German] Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen
Bestimmungen der Richtlinie 1999/5/EG befindet.
Eesti Käesolevaga kinnitab [D-Link Corporation] seadme [DSR-1000N] vastavust direktiivi

[Estonian] 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele
sätetele.
English Hereby, [D-Link Corporation], declares that this [DSR-1000N] is in compliance with the
essential requirements and other relevant provisions of Directive 1999/5/EC.
Español Por medio de la presente [D-Link Corporation] declara que el [DSR-1000N] cumple con
[Spanish] los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la
Directiva 1999/5/CE.
Ελληνική ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ [D-Link Corporation] ΔΗΛΩΝΕΙ ΟΤΙ [DSR-1000N]

[Greek] ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ
ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999/5/ΕΚ.
Français Par la présente [D-Link Corporation] déclare que l'appareil [DSR-1000N] est conforme
[French] aux exigences essentielles et aux autres dispositions pertinentes de la directive
1999/5/CE.
Italiano Con la presente [D-Link Corporation] dichiara che questo [DSR-1000N] è conforme ai
[Italian] requisiti essenziali ed alle altre disposizioni pertinenti stabilite dall a direttiva 1999/5/CE.
Latviski Ar šo [D-Link Corporation] deklarē, ka [DSR-1000N] atbilst Direktīvas 1999/5/EK

[Latvian] būtiskajām prasībām un citiem ar to saistītajiem noteikumiem.
Lietuvių Šiuo [D-Link Corporation] deklaruoja, kad šis [DSR-1000N] atitinka esminius reikalavimus
[Lithuanian] ir kitas 1999/5/EB Direktyvos nuostatas.
Hierbij verklaart [D-Link Corporation] dat het toestel [DSR-1000N] in overeenstemming is

Nederlands met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG.
[Dutch]
Malti Hawnhekk, [D-Link Corporation], jiddikjara li dan [DSR-1000N] jikkonforma mal-ħtiġijiet

[Maltese] essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC.
Magyar Alulírott, [D-Link Corporation] nyilatkozom, hogy a [DSR-1000N] megfelel a vonatkozó

[Hungarian] alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
Polski Niniejszym [D-Link Corporation] oświadcza, że [DSR-1000N] jest zgodny z zasadniczymi

[Polish] wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC.
258
[D-Link Corporation] declara que este [DSR-1000N]está conforme com os requisitos

Português essenciais e outras disposições da Directiva 1999/5/CE.
[Portuguese]
[D-Link Corporation] izjavlja, da je ta [DSR-1000N] v skladu z bistvenimi zahtevami in

Slovensko ostalimi relevantnimi določili direktive 1999/5/ES.
[Slovenian]
[D-Link Corporation] týmto vyhlasuje, že [DSR-1000N] spĺňa základné požiadavky a

Slovensky všetky príslušné ustanovenia Smernice 1999/5/ES.
[Slovak]
Suomi [D-Link Corporation] vakuuttaa täten että [DSR-1000N] tyyppinen laite on direktiivin
[Finnish] 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.
Svenska Härmed intygar [D-Link Corporation] att denna [DSR-1000N] står I överensstämmelse
[Swedish] med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av
direktiv 1999/5/EG.
259
2.DSR-500N
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses, and can radiate radio frequency
one or more of the following measures:
connected.
FCC Radiation Exposure Statement

This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment.
This equipment should be installed and operated with a minimum dista nce of 20 centimeters between the
radiator and your body.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:

The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm
from all persons and must not be co-located or operating in conjunction with any other antenna or
transmitter.
Non-modification Statement
Use only the integral antenna supplied by the manufacturer when operating this device. Unauthorized
antennas, modifications, or attachments could damage the TI Navigator access point and violate FCC
regulations. Any changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate this equipment.
Canadian Department of Communications Industry Canada (IC) Notice

This Class B digital apparatus complies with Canadian ICES-003 and RSS-210. Cet appareil numérique de
la classe B est conforme à la norme NMB-003 et CNR-210 du Canada.
Industry Canada Statement

conditions:
IMPORTANT NOTE: Radiation Exposure Statement

This equipment complies with IC radiation expos ure limits set forth for an uncontrolled environment.
End users must follow the specific operating instructions for satisfying RF exposure compliance.
To maintain compliance with IC RF exposure compliance requirements, please follow operation instruction
as documented in this manual.
260
This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following
test methods have been applied in order to prove presumption of conformity with the essential requirements
of the R&TTE Directive 1999/5/EC:
- EN 60950-1: 2006+A11:2009
Safety of information technology equipment
- EN 300 328 V1.7.1 (2006-10)

Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband transmission systems; Data
transmission equipment operating in the 2,4 GHz ISM band and using wide band modulation techniques;
Harmonized EN covering essential requirements under article 3.2 of the R &TTE Directive
- EN 301 489-17 V1.3.2 (2008-04) and EN 301 489-1 V1.8.1 (2008-04)

Electromagnetic compatibility and Radio spectrum Matters (ERM); Electro Magnetic Compatibility (EMC)
standard for radio equipment and services; Part 17: Specific conditions for 2,4 GHz wideband transmission
systems and 5 GHz high performance RLAN equipment
- In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain authorization
to use the device for setting up outdoor radio links and/or for supplying public access to telecommunications and/or
network services.
- This device may not be used for setting up outdoor radio links in France and in some areas the RF output
power may be limited to 10 mW EIRP in the frequency range of 2454 – 2483.5 MHz. For detailed information the
enduser should contact the national spectrum authority in France.
261
Česky [D-Link Corporation] tímto prohlašuje, že tento [DSR-500N] je ve shodě se základními

Dansk Undertegnede [D-Link Corporation] erklærer herved, at følgende udstyr [DSR-500N]

[Danish] overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
Deutsch Hiermit erklärt [D-Link Corporation], dass sich das Gerät [DSR-500N] in Übereinstimmung
[German] mit den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen der
Richtlinie 1999/5/EG befindet.
Eesti Käesolevaga kinnitab [D-Link Corporation] seadme [DSR-500N] vastavust direktiivi

[Estonian] 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele
sätetele.
English Hereby, [D-Link Corporation], declares that this [DSR-500N] is in compliance with the
essential requirements and other relevant provisions of Directive 1999/5/EC.
Español Por medio de la presente [D-Link Corporation] declara que el [DSR-500N] cumple con los
[Spanish] requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la
Directiva 1999/5/CE.
ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ [D-Link Corporation] ΔΗΛΩΝΕΙ ΟΤΙ [DSR-500N] ΣΥΜΜΟΡΦΩΝΕΤΑΙ

Ελληνική ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ
[Greek] ΟΔΗΓΙΑΣ 1999/5/ΕΚ.
Par la présente [D-Link Corporation] déclare que l'appareil [DSR-500N] est conforme aux
Français exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.
[French]
Italiano Con la presente [D-Link Corporation] dichiara che questo [DSR-500N] è conforme ai
[Italian] requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.
Latviski Ar šo [D-Link Corporation] deklarē, ka [DSR-500N] atbilst Direktīvas 1999/5/EK

[Latvian] būtiskajām prasībām un citiem ar to saistītajiem noteikumiem.
Lietuvių Šiuo [D-Link Corporation] deklaruoja, kad šis [DSR-500N] atitinka esminius reikalavimus
[Lithuanian] ir kitas 1999/5/EB Direktyvos nuostatas.
Hierbij verklaart [D-Link Corporation] dat het toestel [DSR-500N] in overeenstemming is

Nederlands met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG.
[Dutch]
Malti Hawnhekk, [D-Link Corporation], jiddikjara li dan [DSR-500N] jikkonforma mal-ħtiġijiet

[Maltese] essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC.
Magyar Alulírott, [D-Link Corporation] nyilatkozom, hogy a [DSR-500N] megfelel a vonatkozó

[Hungarian] alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
Polski Niniejszym [D-Link Corporation] oświadcza, że [DSR-500N] jest zgodny z zasadniczymi

[Polish] wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC.
262
[D-Link Corporation] declara que este [DSR-500N]está conforme com os requisitos

Português essenciais e outras disposições da Directiva 1999/5/CE.
[Portuguese]
[D-Link Corporation] izjavlja, da je ta [DSR-500N] v skladu z bistvenimi zahtevami in

Slovensko ostalimi relevantnimi določili direktive 1999/5/ES.
[Slovenian]
[D-Link Corporation] týmto vyhlasuje, že [DSR-500N] spĺňa základné požiadavky a

Slovensky všetky príslušné ustanovenia Smernice 1999/5/ES.
[Slovak]
Suomi [D-Link Corporation] vakuuttaa täten että [DSR-500N] tyyppinen laite on direktiivin
[Finnish] 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.
Svenska Härmed intygar [D-Link Corporation] att denna [DSR-500N] står I överensstämmelse
[Swedish] med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av
direktiv 1999/5/EG.
263
3.DSR-250N
Federal Communication Commission Interference Statement
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses and can radiate radio frequency
radio communications. However, there is no guarantee that interference will not occ ur in a particular
one of the following measures:

connected.
FCC Caution:
Any changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate this equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1)
This device may not cause harmful interference, and (2) this device must accept any interference received,
including interference that may cause undesired operation.
RSS-GEN 7.1.4:
User Manual for Transmitters with Detachable Antennas
The user manual of transmitter devices equipped with detachable antennas shall contain the following
information in a conspicuous location:
This device has been designed to operate with the antennas listed below, and having a maximum gain of
[1.8] dB. Antennas not included in this list or having a gain greater than [1.8] dB are strictly prohibited for use
with this device. The required antenna impedance is [50] ohms.
RSS-GEN 7.1.5
To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that
the equivalent isotropically radiated power (e.i.r.p.) is not more than that permitted for successful
communication.
Le présent appareil est conforme aux CNR d'Industrie Canada appli cables aux appareils radio exempts de
licence. L'exploitation est autorisée aux deux conditions suivantes : (1) l'appareil ne doit pas produire de
brouillage, et (2) l'utilisateur de l'appareil doit accepter tout brouillage radioélectrique subi, même si le
brouillage est susceptible d'en com Spromettre le fonctionnement.
Is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximation
of the Laws of the Member States relating to Electromagnetic Compatibility (2004/108/EC), Low-voltage
Directive (2006/95/EC), the procedures given in European Council Directive 99/5/EC and 2004/104/EC.
The equipment was passed. The test was performed according to the following European standards:
EN 300 328 V.1.7.1
EN 301 489-1 V.1. 8.1 / EN 301 489-17 V.2.1.1
EN 62311
EN 60950-1
264
Regulatory statement (R&TTE)

European standards dictate maximum radiated transmit power of 100mW EIRP and frequency range 2.400 -
2.4835GHz; In France, the equipment must be restricted to the 2.4465 -2.4835GHz frequency range and
must be restricted to indoor use.
Operation of this device is subjected to the following National regulations and may be prohibited to use if
certain restriction should be applied.
D=0.020m is the minimum safety distance between the EUT and human body when the E-Field strength is
61V/m.
NCC Warning Statement
Article 12
Without permission, any company, firm or user shall not alter the frequency, increase the power, or change
the characteristics and functions of the original design of the certified lower power frequency electric
machinery.
Article 14
The application of low power frequency electric machineries shall not affect the navigation safety nor
interfere a legal communication, if an interference is found, the service will be suspended until improvement
is made and the interference no longer exists.
265
4. DSR-150N
Federal Communication Commission Interference Statement
Part 15 of the FCC Rules. These limits are designed to provide reasonable protecti on against harmful
interference in a residential installation. This equipment generates, uses and can radiate radio frequency
determined by turning the equipment off and on, the user is en couraged to try to correct the interference by
one of the following measures:

connected.
FCC Caution:
Any changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate this equipment. This device complies with Part 15 of the FCC Rules. Operation is
subject to the following two conditions:
(1) This device may not cause harmful interference, and

(2) this device must accept any interference received, including interference th at may cause undesired
operation.
IMPORTANT NOTE:
FCC Radiation Exposure Statement:

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This
equipment should be installed and operated with minimum distance 20cm between the radiator & your body.
The availability of some specific channels and/or operational frequency bands are country dependent and
are firmware programmed at the factory to match the intended destination. The firmware setting is not
accessible by the end user.
Note: The country code selection is for non-US model only and is not available to all US model. Per FCC
regulation, all WiFi product marketed in US must fixed to US operation channels only..

This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following test
methods have been applied in order to prove presumption of conformity with the essential requirements of
the R&TTE Directive 1999/5/EC:
EN 60950-1:
Safety of Information Technology Equipment
EN50385 : (2002-08)
Product standard to demonstrate the compliance of radio base stations and fixed terminal stations for
wireless telecommunication systems with the basic restrictions or the reference levels related to human
exposure to radio frequency electromagnetic fields (110MHz - 40 GHz) - General public
EN 300 328 V1.7.1: (2006-10)

Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband Transmission systems; Data
transmission equipment operating in the 2,4 GHz ISM band and using spread spectrum modulation
techniques; Harmonized EN covering essential requirements under article 3.2 of the R& TTE Directive
EN 301 489-1 V1.8.1: (2008-04)
266
Electromagnetic compatibility and Radio Spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC)
standard for radio equipment and services; Part 1: Common technical requirements
EN 301 489-17 V2.1.1 (2009-05)

Electromagnetic compatibility and Radio spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC)
standard for radio equipment; Part 17: Specific conditions for Broadband Data Transmission Systems
states and EFTA countries, except in France and Italy where restrictive use applies.
In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain
authorization to use the device for setting up outdoor radio links and/or for supplying public access to
telecommunications and/or network services.
This device may not be used for setting up outdoor radio links in France and in some areas the RF output
power may be limited to 10 mW EIRP in the frequency range of 2454 – 2483.5 MHz. For detailed
information the end-user should contact the national spectrum authority in France.
Česky [Jméno výrobce] tímto prohlašuje, že tento [typ zařízení] je ve shodě se základními
Dansk Undertegnede [fabrikantens navn] erklærer herved, at følgende udstyr [udstyrets
[Danish] typebetegnelse] overholder de væsentlige krav og øvrige relevante krav i direktiv
1999/5/EF.
Deutsch Hiermit erklärt [Name des Herstellers], dass sich das Gerät [Gerätetyp] in
[German] Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen
Bestimmungen der Richtlinie 1999/5/EG befindet.
Eesti Käesolevaga kinnitab [tootja nimi = name of manufacturer] seadme [seadme tüüp = type of
[Estonian] equipment] vastavust direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist
tulenevatele teistele asjakohastele sätetele.
English Hereby, [name of manufacturer], declares that this [type of equipment] is in compliance
with the essential requirements and other relevant provisions of Directive 1999/5/EC.
Español Por medio de la presente [nombre del fabricante] declara que el [clase de equipo] cumple
[Spanish] con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de
la Directiva 1999/5/CE.
Ελληνική ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ [name of manufacturer] ΔΗΛΩΝΕΙ ΟΤΙ [type of equipment]
[Greek] ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ
ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999/5/ΕΚ.
Français Par la présente [nom du fabricant] déclare que l'appareil [type d'appareil] est conforme aux
[French] exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.
Italiano Con la presente [nome del costruttore] dichiara che questo [tipo di apparecchio] è
[Italian] conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva
1999/5/CE.
Latviski Ar šo [name of manufacturer / izgatavotāja nosaukums] deklarē, ka [type of equipment /
[Latvian] iekārtas tips] atbilst Direktīvas 1999/5/EK būtiskajām prasībām un citiem ar to saistītajiem
noteikumiem.
Lietuvių Šiuo [manufacturer name] deklaruoja, kad šis [equipment type] atitinka esminius
[Lithuanian] reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas.
Hierbij verklaart [naam van de fabrikant] dat het toestel [type van toestel] in
Nederlands overeenstemming is met de essentiële eisen en de andere relevante bepalingen van
[Dutch] richtlijn 1999/5/EG.
Malti Hawnhekk, [isem tal-manifattur], jiddikjara li dan [il-mudel tal-prodott] jikkonforma mal-
[Maltese] ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid -Dirrettiva 1999/5/EC.
Magyar Alulírott, [gyártó neve] nyilatkozom, hogy a [... típus] megfelel a vonatkozó alapvetõ
267
[Hungarian] követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.

Polski Niniejszym [nazwa producenta] oświadcza, że [nazwa wyrobu] jest zgodny z zasadniczymi
[Polish] wymogami oraz pozostałym i stosownymi postanowieniami Dyrektywy 1999/5/EC.
Português [Nome do fabricante] declara que este [tipo de equipamento] está conforme com os
[Portuguese] requisitos essenciais e outras disposições da Directiva 1999/5/CE.
Slovensko [Ime proizvajalca] izjavlja, da je ta [tip opreme] v skladu z bistvenimi zahtevami in ostalimi
[Slovenian] relevantnimi določili direktive 1999/5/ES.
Slovensky [Meno výrobcu] týmto vyhlasuje, že [typ zariadenia] spĺňa základné požiadavky a všetky
[Slovak] príslušné ustanovenia Smernice 1999/5/ES.
Suomi [Valmistaja = manufacturer] vakuuttaa täten että [type of equipment = laitteen
[Finnish] tyyppimerkintä] tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä
koskevien direktiivin muiden ehtojen mukainen.
Svenska Härmed intygar [företag] att denna [utrustningstyp] står I överensstämmelse med de
[Swedish] väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv
1999/5/EG.
Industry Canada statement:

conditions:
(1) This device may not cause harmful interference, and

(2) This device must accept any interference received, including interference that may cause undesired
operation.
Ce dispositif est conforme à la norme CNR-210 d'Industrie Canada applicable aux appareils radio exempts
de licence. Son fonctionnement est sujet aux deux conditions suivantes: (1) le dispositif ne doit pas produire
de brouillage préjudiciable, et (2) ce dispositif doit accepter tout brouillage reçu, y compris un brouillage
susceptible de provoquer un fonctionnement indésirable.
Radiation Exposure Statement:

This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. This
equipment should be installed and operated with minimum distance 20cm between the radiator & your body.
Déclaration d'exposition aux radiations:

Cet équipement est conforme aux limites d'exposition aux rayonnemen ts IC établies pour un environnement
non contrôlé. Cet équipement doit être installé et utilisé avec un minimum de 20 cm de distance entre la
source de rayonnement et votre corps.
Wall-Mount Option
The Router has four wall-mount slots on its bottom panel.
Before you begin, make sure you have two screws that are size #4 - this indicates a diameter measurement
of 0.112inches (2.845mm).
1. Determine where you want to mount the Router.

2. Drill two holes into the wall. Make sure adjacent holes are 2.36 inches (60mm) apart.
3. Insert a screw into each hole, and leave 0.2inches (5mm) of its head exposed.
4. Maneuver the Router so the wall-mount slots line up with the two screws.
5. Place the wall-mount slots over the screws and slide the Router down until the screws fit snugly into the
wall-mount slots.
268

DSR-500N Manual EN UK PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DSR-500N Manual EN UK PDF

Uploaded by

Copyright:

Available Formats

Building Networks for People

Unified Services Router

Small Business Gateway Solution

Chapter 2. Configuring Your Network: LAN Setup ...................................................................................... 13

Chapter 3. Connecting to the Int ernet: WAN Setup .................................................................................... 35

Chapter 4. Wireless Access Point Setup ........................................................................................................ 68

Chapter 5. Securing the Private Network ....................................................................................................... 85

Chapter 6. IPsec / PPTP / L2TP VPN ............................................................................................................ 111

Chapter 7. SSL VPN ............................................................................................................................................ 129

Chapter 8. Advanced Configuration Tools ................................................................................................... 150

Chapter 9. Administration & Management ................................................................................................... 157

Chapter 10. Rout er Status and Statistics ........................................................................................................ 178

10.3.2 Wireless Clients ................................................................................................................. 187

Chapter 11. Trouble Shooting ............................................................................................................................. 190

Chapter 12. Credits ................................................................................................................................................. 195

Appendix A. Glossary ............................................................................................................................................. 196

Appendix B. Factory Default Settings................................................................................................................ 199

Appendix D. Log Output Reference ................................................................................................................... 201

Appendix E. RJ-45 Pin-outs.................................................................................................................................. 255

Appendix F. Product Statement .......................................................................................................................... 256

Figure 33: OSPFv2 configured parameters ....................................................................................................... 59

Figure 132: AP specific statistics......................................................................................................................... 185

 DSR-150/ 150N/ 250 / 250N h av e a s in g le W A N in t erface, an d t h u s it d o es n o t

 Su p erio r W ireles s Perfo rman ce

 DSR-150N, 250N an d DSR-500N s u p p o rt s t h e 2.4GHz rad io b an d o n ly .

 Flexib le Dep lo y men t Op t io n s

cen t ral co rp o rat e d at ab as e. Sit e -t o -s it e VPN t u n n els u s e IP Secu rit y ( IPs ec )

 Su p p o rt fo r t h e 3G wireles s W A N USB d o n g le is o n ly av ailab le fo r DSR-1000 an d

1.1 About this User Manual

1.2 Typographical Conventions

o M o d el n u mb ers DSR-500/ 500N/ 1000/ 1000N/ 250/ 250N/ 150/ 150N

 GUI M en u Pat h / GUI Nav ig at io n – Monitoring > Router Status

 Defau lt lo g in cred en t ials fo r t h e man ag emen t GUI:

 Us ern ame: admi n

 If t h e ro u t er’s LA N IP ad d res s was ch ang ed, u s e t h at IP ad d res s in t h e n av ig at io n

2.1 LAN Configuration

To co n fig u re LA N Co n n ect iv it y , p leas e fo llo w t h e s t ep s b elo w:

 IP ad d res s (fact o ry d efau lt : 192.168.10.1).

 If y o u ch an g e t h e IP ad d res s an d click Sav e Set t in g s , t h e GUI will n o t res p o n d .

 Su b n et mas k (fact o ry d e fau lt : 255.255.255.0).

2. In the DHCP section, select the DHCP mode:

 No n e: t h e ro u t er’s DHCP s erv er is d is ab led fo r t h e LA N

 DHCP Serv er. W it h t h is o p tio n t h e ro u ter assig ns an IP ad d res s wit h in t h e

 DHCP Relay : W it h t h is o p t io n en ab led , DHCP clien t s o n t h e LA N can

 If DHCP is b ein g en ab led , en t er t h e fo llo win g DHCP s erv er p aramet ers :

 St art in g an d En d in g IP A d d res s es : En t er t h e firs t an d las t co n t in u o u s

 W INS Serv er (o p t io n al): En t er t h e IP ad d res s fo r t h e W INS s erv er o r, if

 Leas e Time: En t er t h e t ime, in h o u rs , fo r wh ich IP ad d res s es are leas ed t o

 Relay Gat eway : En t er t h e g at eway add res s . Th is is t h e o n ly co n fig u rat io n

3. In the DNS Host Name Mapping section:

 Ho s t Name: Pro v id e a v alid h o s t n ame

 IP ad d res s : Pro v id e t h e IP ad d res s o f t h e h o s t n ame,

4. In the LAN proxy section:

 En ab le DNS Pro xy : To en ab le t h e ro u t er t o act as a p ro xy fo r all DNS

5. Click Save Settings to apply all changes .

Figure 1 : Se tup page for LAN TCP/IP s e ttings

2.1.1 LAN DHCP Reserv ed IPs

Th is ro u t er DHCP s erv er can as sig n TCP/ IP co n fig urat io n s t o co mp u t ers in t h e LA N

Computer Name : Th e u s er d efin ed n ame fo r t h e LA N h o s t .

IP Addres s es : Th e LA N IP ad d res s o f a h o s t t h at is res erv ed b y t h e DHCP s erv er.

MAC Addres s es : Th e M A C ad d res s t h at will b e as s ig n ed t h e res e rv ed IP ad d res s

As s oci ate wi th IP/ MAC B i ndi ng : W h en t h e u s er en ab les t h is o p t io n t h e Co mp u t er

Th e act io n s t h at can b e t aken o n lis t o f res erv ed IP ad d res s es are: