ISCOM - HT803G-WS2 (N) - Configuration - Guide - (Web) - (Rel - 01)

www.raisecom.
com
ISCOM HT803G-WS2 (N)

Configuration Guide (Web)
(Rel_01)
Raisecom Technology Co., Ltd. provides customers with comprehensive technical support and services. For any
assistance, please contact our local office or company headquarters.
Website: http://www.raisecom.com
Tel: 8610-82883305
Fax: 8610-82883056
Email: export@raisecom.com
Address: Raisecom Building, No. 11, East Area, No. 10 Block, East Xibeiwang Road, Haidian District, Beijing,
P.R.China
Postal code: 100094
-----------------------------------------------------------------------------------------------------------------------------------------
Notice
Copyright © 2021
Raisecom
All rights reserved.
No part of this publication may be excerpted, reproduced, translated, or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in Writing from Raisecom
Technology Co., Ltd.
is the trademark of Raisecom Technology Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) Preface
Preface
Objectives
This document introduces the features supported by the ISCOM HT803G-WS2 (N) and its
related Web configurations. The contents include an introduction, preparing for configurations,
configuring basic Internet access functions, configuring basic functions, configuring IPv6,
management, and security. The appendix lists terms, acronyms, abbreviations involved in this
document.
This document will help you to master the principles and various configuration procedures of
the ISCOM HT803G-WS2 (N) device.
Versions
The following table lists the product versions related to this document.
Product name Hardware version Software version

ISCOM HT803G-WS2 (N) N.00 or later V5.00 or later
Conventions
Symbol conventions
The symbols that may be found in this document are defined as below.
Symbol Description
Indicate a hazard with a medium or low level of risk which, if
not avoided, could result in minor or moderate injury.
Indicate a potentially hazardous situation that, if not avoided,

could cause equipment damage, data loss, and performance
degradation, or unexpected results.
Provide additional information to emphasize or supplement
important points of the main text.
Raisecom Proprietary and Confidential

Copyright © Raisecom Technology Co., Ltd. i
Raisecom
Symbol Description
Indicate a tip that may help you solve a problem or save time.
General conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
Arial Paragraphs in Warning, Caution, Notes, and Tip are in Arial.
Boldface Buttons and navigation paths are in Boldface.
Italic Book titles are in italics.
Lucida Console Terminal display is in Lucida Console.
Book Antiqua Heading 1, Heading 2, Heading 3, and Block are in Book

Antiqua.
GUI conventions
Convention Description
Boldface Buttons, menus, parameters, tabs, windows, and dialog titles
are in boldface. For example, click OK.
> Multi-level menus are in boldface and separated by the ">"
signs. For example, choose File > Create > Folder.
Keyboard operation
Format Description
Key Press the key. For example, press Enter and press Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl+C
means the two keys should be pressed concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means the
two keys should be pressed in turn.

Copyright © Raisecom Technology Co., Ltd. ii
Raisecom
Mouse operation
Action Description
Click Select and release the primary mouse button without moving
the pointer.
Double-click Press the primary mouse button twice continuously and quickly
without moving the pointer.
Right-click Press the right mouse button to pop up a menu for later
selection.
Drag Press and hold the primary mouse button and move the pointer
to a certain position.
Change history
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Issue 01 (2021-08-31)
Initial commercial release

Copyright © Raisecom Technology Co., Ltd. iii
Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) Contents
Contents
1 Introduction.................................................................................................................................... 1
2 Preparing for configurations ....................................................................................................... 2
2.1 Management mode ........................................................................................................................................... 2
2.1.1 Web interface .......................................................................................................................................... 2
2.1.2 NView NNM ........................................................................................................................................... 3
2.2 Logging in to device ......................................................................................................................................... 3
2.3 Web interface .................................................................................................................................................... 4
2.4 Device overview............................................................................................................................................... 6
2.4.1 Web configuration page .......................................................................................................................... 6
2.4.2 Introduction ............................................................................................................................................. 7
3 Configuring basic Internet access functions............................................................................ 8

3.1 Uplink interface ................................................................................................................................................ 8
3.1.1 GPON uplink interface............................................................................................................................ 8
3.1.2 WAN0 uplink interface ......................................................................................................................... 10
3.1.3 WAN sub-interface ................................................................................................................................ 16
3.2 Downlink interface ......................................................................................................................................... 17
3.2.1 Basic configurations .............................................................................................................................. 17
3.2.2 Binding VLAN ...................................................................................................................................... 18
3.2.3 Traffic statistics ..................................................................................................................................... 19
3.2.4 Wired terminal ...................................................................................................................................... 19
3.3 VLAN ............................................................................................................................................................. 20
3.3.1 VLAN configurations ........................................................................................................................... 20
3.4 DHCP ............................................................................................................................................................. 22
3.4.1 DHCP services ...................................................................................................................................... 22
3.4.2 DHCP configurations ............................................................................................................................ 25
3.4.3 DHCP monitoring ................................................................................................................................. 29
3.5 NAT ................................................................................................................................................................ 30
3.5.1 Application-layer gateway .................................................................................................................... 30
3.5.2 Virtual server ......................................................................................................................................... 31
3.5.3 Source NAT ........................................................................................................................................... 32
3.5.4 One-to-one address mapping................................................................................................................. 33
3.6 DNS/DDNS .................................................................................................................................................... 34

Copyright © Raisecom Technology Co., Ltd. 4
Raisecom
3.6.1 DNS ...................................................................................................................................................... 34

3.6.2 DDNS.................................................................................................................................................... 34
3.7 WLAN ............................................................................................................................................................ 36
3.7.1 WLAN configurations (2.4G) ............................................................................................................... 36
3.7.2 WLAN configurations (5G) .................................................................................................................. 41
3.7.3 WLAN monitoring (2.4G) .................................................................................................................... 47
3.7.4 WLAN monitoring (5G) ....................................................................................................................... 47
3.7.5 Statistics ................................................................................................................................................ 48
4 Configuring basic functions ..................................................................................................... 49

4.1 Routing ........................................................................................................................................................... 49
4.1.1 Routing table ......................................................................................................................................... 49
4.1.2 Static route ............................................................................................................................................ 50
4.1.3 Policy routing ........................................................................................................................................ 51
4.2 Multicast......................................................................................................................................................... 53
4.2.1 Multicast configurations ....................................................................................................................... 53
4.3 QoS................................................................................................................................................................. 54
4.3.1 User bandwidth management ................................................................................................................ 54
4.3.2 Advanced qos config ............................................................................................................................. 57
4.3.3 Session limits ........................................................................................................................................ 61
4.3.4 Connections management ..................................................................................................................... 62
4.4 Link backup .................................................................................................................................................... 63
4.4.1 Configuring link backup ....................................................................................................................... 63
4.5 DMZ ............................................................................................................................................................... 64
4.5.1 Configuring DMZ ................................................................................................................................. 64
4.6 UPnP .............................................................................................................................................................. 66
4.6.1 UPnP ..................................................................................................................................................... 66
4.6.2 Configuring UPnP ................................................................................................................................. 66
5 Configuring IPv6 ......................................................................................................................... 67

5.1 IPv6 basic configurations ............................................................................................................................... 67
5.1.1 Enabling IPv6........................................................................................................................................ 67
5.1.2 Configuring IPv6 .................................................................................................................................. 68
5.2 IPv6 route ....................................................................................................................................................... 71
5.2.1 Static route ............................................................................................................................................ 71
5.2.2 Routing table ......................................................................................................................................... 72
6 Management................................................................................................................................. 74
6.1 Managing device ............................................................................................................................................ 74
6.1.1 Modifying the host name ...................................................................................................................... 74
6.1.2 Restarting device ................................................................................................................................... 74
6.1.3 One key recovery .................................................................................................................................. 75
6.1.4 Configuration maintenance ................................................................................................................... 76
6.1.5 Upgrading software ............................................................................................................................... 78

Raisecom
6.2 Administrator.................................................................................................................................................. 79
6.2.1 Configuring administrator ..................................................................................................................... 79
6.3 Configuring clock........................................................................................................................................... 81
6.3.1 Configuring clock ................................................................................................................................. 81
6.4 Remote management ...................................................................................................................................... 83
6.4.1 Remote management ............................................................................................................................. 83
6.4.2 TR-069 .................................................................................................................................................. 83
6.5 Fault diagnosis ............................................................................................................................................... 85
6.5.1 Ping ....................................................................................................................................................... 85
6.5.2 Tracert ................................................................................................................................................... 86
6.5.3 HTTP Get .............................................................................................................................................. 87
6.5.4 DNS Query............................................................................................................................................ 88
6.5.5 TCP Query ............................................................................................................................................ 89
6.6 Log management ............................................................................................................................................ 90
6.6.1 Local log ............................................................................................................................................... 90
6.6.2 Remote log ............................................................................................................................................ 93
7 Security.......................................................................................................................................... 95
7.1 Firewall .......................................................................................................................................................... 95
7.1.1 Configuring Firewall ............................................................................................................................. 95
7.2 Filtering website ............................................................................................................................................. 96
7.2.1 Configuring website filtering ................................................................................................................ 96
7.2.2 Local uploading .................................................................................................................................... 99
7.3 Access control .............................................................................................................................................. 100
7.3.1 Configuring access control.................................................................................................................. 100
7.3.2 Time object.......................................................................................................................................... 102
7.3.3 Service object ...................................................................................................................................... 103
7.3.4 Address object ..................................................................................................................................... 105
7.4 MAC address filtering .................................................................................................................................. 106
7.4.1 Filtering MAC address ........................................................................................................................ 106
7.5 ARP attack prevention .................................................................................................................................. 108
7.5.1 Configuring ARP attack prevention .................................................................................................... 108
7.5.2 Self-defined packet sending ................................................................................................................ 108
7.5.3 ARP table ............................................................................................................................................ 110
7.5.4 Monitor ............................................................................................................................................... 110
7.5.5 ARP spoofing prevention .................................................................................................................... 110
7.6 DDoS attack prevention ............................................................................................................................... 111
7.6.1 Configuring DDoS attack prevention .................................................................................................. 111
8 Appendix .................................................................................................................................... 114

8.1 Terms ............................................................................................................................................................ 114
8.2 Acronyms and abbreviations ........................................................................................................................ 115

Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) Figures
Figures
Figure 2-1 Logging in to device ............................................................................................................................. 3

Figure 2-2 Web configuration interface .................................................................................................................. 5
Figure 2-3 Information interface ............................................................................................................................ 7
Figure 3-1 GPON Interface configuration interface ............................................................................................... 9

Figure 3-2 Optical Module Detection interface .................................................................................................... 10
Figure 3-3 Optical Module Statistics interface ..................................................................................................... 10
Figure 3-4 WAN Interface Configuration interface .............................................................................................. 11
Figure 3-5 WAN0 Modify interface ..................................................................................................................... 11
Figure 3-6 Router mode interface on the WAN0 Modify interface ...................................................................... 13
Figure 3-7 LAN interface configuration interface ................................................................................................ 17
Figure 3-8 VLAN Information List interface ....................................................................................................... 18
Figure 3-9 LAN statistics and VLAN statistics interface ..................................................................................... 19
Figure 3-10 Wired terminal interface ................................................................................................................... 19
Figure 3-11 VLAN Create & Delete .................................................................................................................... 20
Figure 3-12 VLAN Interface Configuration interface .......................................................................................... 21
Figure 3-13 Disabling DHCP services ................................................................................................................. 23
Figure 3-14 Interface acting as a DHCP client ..................................................................................................... 23
Figure 3-15 Interface acting as a DHCP server .................................................................................................... 24
Figure 3-16 Interface acting as a DHCP relay ...................................................................................................... 25

Figure 3-17 DHCP Address Pool interface........................................................................................................... 26
Figure 3-18 Excluded Address interface .............................................................................................................. 27
Figure 3-19 Add Static Address Allocation Item interface ................................................................................... 28

Figure 3-20 DHCP Address Pool Settings interface ............................................................................................. 28
Figure 3-21 DHCP Monitor List interface ........................................................................................................... 30
Figure 3-22 Application Layer Gateways Configuration interface ...................................................................... 30

Figure 3-23 Create Virtual Servers interface ........................................................................................................ 31

Raisecom
Figure 3-24 Create Source NAT rules interface ................................................................................................... 32
Figure 3-25 Create global static conversion rules interface ................................................................................. 33

Figure 3-26 Create a new domain entry interface ................................................................................................ 34
Figure 3-27 Add DDNS interface ......................................................................................................................... 35
Figure 3-28 WLAN Advanced Configuration ...................................................................................................... 37

Figure 3-29 WLAN Basic Configuration ............................................................................................................. 38
Figure 3-30 Modify Basic WLAN Configuration interface ................................................................................. 39
Figure 3-31 WLAN Advanced Configuration ...................................................................................................... 42

Figure 3-32 WLAN Basic Configuration interface .............................................................................................. 43
Figure 3-33 Modify Basic WLAN Configuration interface ................................................................................. 44
Figure 3-34 Wireless monitoring interface ........................................................................................................... 47

Figure 3-35 Wireless monitoring interface ........................................................................................................... 47
Figure 3-36 Statistics viewing page ..................................................................................................................... 48
Figure 4-1 Routing Table interface....................................................................................................................... 50

Figure 4-2 Add Static Route interface .................................................................................................................. 51
Figure 4-3 Add Policy Route interface ................................................................................................................. 52
Figure 4-4 L2 multicast configuration interface ................................................................................................... 54
Figure 4-5 Rate Limit Settings ............................................................................................................................. 55
Figure 4-6 Matching Condition ............................................................................................................................ 56
Figure 4-7 Advanced qos config interface............................................................................................................ 58
Figure 4-8 Advanced qos config page .................................................................................................................. 59
Figure 4-9 Session Counter Limit interface ......................................................................................................... 61
Figure 4-10 Advanced qos config interface.......................................................................................................... 62
Figure 4-11 Link detect config interface .............................................................................................................. 63
Figure 4-12 DMZ Configuration interface ........................................................................................................... 65
Figure 4-13 UPnP configuration interface............................................................................................................ 66
Figure 5-1 IPv6 Function interface ...................................................................................................................... 67
Figure 5-2 Uplink interface IPv6 configuration interface .................................................................................... 68
Figure 5-3 IPv6 Port Configuration interface ....................................................................................................... 70
Figure 5-4 IPv6 configuration interface for downlink interface ........................................................................... 71
Figure 5-5 Add Static Routing Entry interface ..................................................................................................... 72
Figure 6-1 Reboot interface .................................................................................................................................. 75
Figure 6-2 Software Update interface .................................................................................................................. 79

Raisecom
Figure 6-3 Administrator configuration interface ................................................................................................. 80
Figure 6-4 Add Administrator interface ............................................................................................................... 80

Figure 6-5 Online Users Information List ............................................................................................................ 81
Figure 6-6 Network Time Protocol interface........................................................................................................ 82
Figure 6-7 Web server port configuration interface ............................................................................................. 83

Figure 6-8 ACS Configuration interface .............................................................................................................. 84
Figure 6-9 CPE Configuration interface .............................................................................................................. 84
Figure 6-10 Ping Diagnostic interface .................................................................................................................. 86

Figure 6-11 Trace Route Diagnostic interface ...................................................................................................... 87
Figure 6-12 HTTP Get Diagnostic interface ........................................................................................................ 88
Figure 6-13 DNS Query Diagnostic interface ...................................................................................................... 89

Figure 6-14 TCP Query Diagnostic interface ....................................................................................................... 90
Figure 6-15 Local log configuration interface ...................................................................................................... 92
Figure 6-16 Local Log Configuration interface ................................................................................................... 93

Figure 6-17 Remote log configuration interface .................................................................................................. 94
Figure 7-1 Firewall Configuration interface......................................................................................................... 96
Figure 7-2 Web Filter interface ............................................................................................................................ 96
Figure 7-3 Page Redirect Set interface ................................................................................................................. 97
Figure 7-4 Filter Type Set interface...................................................................................................................... 97
Figure 7-5 Add Filter Rule interface .................................................................................................................... 97
Figure 7-6 Delete Filter Rule interface ................................................................................................................. 98
Figure 7-7 Advanced Options interface ................................................................................................................ 98
Figure 7-8 Black/White Lists upload interface and Black/White Lists download interface .............................. 100
Figure 7-9 Add policy interface ......................................................................................................................... 101
Figure 7-10 Time Object Modify/Add interface ................................................................................................ 103
Figure 7-11 Service Object Modify/Add interface ............................................................................................. 104
Figure 7-12 Address Object Modify/Add interface ............................................................................................ 106
Figure 7-13 Filter MAC Address interface ......................................................................................................... 107
Figure 7-14 MAC Address Add interface ........................................................................................................... 107
Figure 7-15 Prevent ARP Flood interface .......................................................................................................... 108
Figure 7-16 Custom Contract Configuration Information interface ................................................................... 109
Figure 7-17 ARP Table Information ................................................................................................................... 110
Figure 7-18 Monitor Information interface ........................................................................................................ 110

Raisecom
Figure 7-19 Prevent ARP CHEAR interface ...................................................................................................... 111
Figure 7-20 Abnormal Packet Attack Defense interface .................................................................................... 112

Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) Tables
Tables
Table 2-1 Default user names and passwords ......................................................................................................... 3
Table 2-2 Common buttons on the Web configuration interface ............................................................................ 5
Table 3-1 Configuration items in bridge mode on the WAN0 Modify interface .................................................. 12
Table 3-2 Configuration items in router mode on the WAN0 Modify interface ................................................... 13
Table 3-3 Additional configuration items for the sub-interface............................................................................ 16
Table 6-1 Log levels ............................................................................................................................................. 91

Copyright © Raisecom Technology Co., Ltd. xi
Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) 1 Introduction
1 Introduction
The ISCOM HT803G-WS2 (N) is a Gigabit passive fiber access user-end device, which
integrates routing, switching, data security, Wireless Local Area Network (WLAN) into one,
and deploys multi-services to the same one node under the situation of continuous enrichment
of enterprise network applications, providing an integrated solution for network construction.
The ISCOM HT803G-WS2 (N) has the following features:
 Support GPON uplink at the WAN side.
 Provide four 1000 Mbit/s downlink Ethernet electrical interfaces, 2.4G WLAN, and 5G
WLAN access at the LAN side.
 Support WLAN access, greatly improving the flexibility and convenience of networking.
 Support routing, bridging, Network Address Translation (NAT), Dynamic Host
Configuration Protocol (DHCP), and other functions to meet the basic access needs of
users.
 Support firewall, website filtering, access control, and so on.
 Support TR069, Web, OMCI, and other management modes to facilitate maintenance
and configuration of telecommunication administrators.

Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) 2 Preparing for configurations
2 Preparing for configurations
This chapter describes the preparation for logging into the Web configuration interface and
basic information about the Web configuration interface, including the following sections:
 Management mode
 Logging in to device
 Web interface
 Device overview
2.1 Management mode

The device mainly supports the following 2 management modes:
 Web interface: management through Web interfaces
 NView NNM: management through the Network Management System
2.1.1 Web interface

Web management is to manage the device through the web configuration interface. Web
management of the device can be done through the public network IP address (WAN IP) or
private network IP address (LAN IP) of the device.
 Use the LAN IP address to manage the device when logging in for the first time.
 By default, the LAN IP address of the device is 192.168.1.1. You need to configure
the IP address of the PC to "Automatically Obtain" or manually configure it to the
same network segment as the LAN IP address.
Manage the device on the Web interface through the LAN IP address according to the
following steps:
Step 1 Configure the LAN IP address of the device and IP address of the PC, and ensure that the
LAN IP address and PC IP address can ping each other.
Step 2 Connect the network interface of the PC to the LAN interface of the device with a network
cable.

Raisecom
Step 3 Open a browser on the PC, enter the LAN IP address of the device in the address bar of the
browser, such as "http://192.168.1.1", and then enter the device login interface.
Manage the device on the Web interface through the WAN IP address according to the
following steps:
Step 1 Activate the basic Internet access services on the device and ensure that the PC can connect to
the network (at this time, the PC and the device may not be in the same physical location).
Step 2 Open the browser on the PC and enter the WAN IP address of the device in the address bar of
the browser, such as "http://20.20.1.2", to enter the device login interface.
2.1.2 NView NNM

For the configuration of the NView NNM management mode, refer to the relevant manuals of
the NView NNM.
2.2 Logging in to device

Log in to the device according to the following steps:
Step 1 Enter the IP address (WAN IP or LAN IP) of the device in the address bar of the browser, and
press Enter to enter the login interface.
Step 2 Enter the user name and password for logging in to the device in the user name and password
text boxes, as shown in Figure 2-1.
If logging in to the device for the first time, you can use the default user name and password
of the device, as shown Table 2-1.
Figure 2-1 Logging in to device
Table 2-1 Default user names and passwords

User level User Password Right
name
Super superadmin q!w@e# Have the right to operate all
administrator functions, convenient for service
provisioning and troubleshooting.

Raisecom
User level User Password Right

name
Ordinary useradmin The password of the Open to administrators, it is
administrator ordinary convenient for users to configure
administrator is and view the opened services.
generated by the However, it has no right to operate
calculator. The carrier-grade functions (such as
password of system software upgrade,
different devices is configuration file operation, remote
different, and the management configuration, and user
device label shall management configuration).
prevail.
Step 3 Click Login to log in to the device and enter the device configuration interface. Click Reset
to clear the user name and password in the text boxes, and re-enter.
After login, you can modify the login password through the password modification
function, or you can log in to the device with the newly added user name and
password. For specific steps, refer to section 6.2 Administrator.
2.3 Web interface

Composition of Web configuration interface
Figure 2-2 shows the Web configuration interface of the ISCOM HT803G-WS2 (N).
 1: level 1 navigation bar
 2: level 2 navigation bar
 3: current location
 4: Tabs
 5: configuration interface

Raisecom
Figure 2-2 Web configuration interface
 Configuration items are not fixed on the configuration interface. They vary with
your selection.
 Configuration items marked with an asterisk are mandatory.
 Configuration items are subject to the actual configuration interface. The snapshot
is for reference only.
Common buttons
Table 2-2 lists common buttons on the Web configuration interface.
Table 2-2 Common buttons on the Web configuration interface

Button Description
It is used to create an item on the current interface.
It is used to submit the current configurations or confirm the currently

displayed information.
It is used to cancel the current configurations.
It is used to modify a selected item on the current interface.
It is used to delete a selected item on the current interface.
or
It is used to refresh the current interface.
It is used to go to the next interface, indicating:

The current configuration is incomplete, and you should click it to
continue.
The displayed information is incomplete, and you should click it to
view more information.

Raisecom
Button Description
It is used to return to the previous step for reconfiguration or viewing
information.
It is used to quit the current interface.
Saving configurations
After all configurations are complete or before the device restarts, save current
configurations to prevent configuration loss.
The web configuration interface provides the method for manually saving configurations.
Manual saving: click Save Config on the upper right color of the interface to save running
configurations into the configuration file.
Exiting Web configuration interface
Before exiting the Web configuration interface, save all configurations to avoid
configuration loss.
After all configurations are complete, exit the Web configuration interface to ensure system
security.
There are 2 ways to exit the Web configuration interface:
 Click the icon of the current interface on the IE, and then close the IE.
 Click the Logout button on the upper right corner on the Web configuration interface.
2.4 Device overview

2.4.1 Web configuration page
After logging in to the device successfully, you will enter the Information interface by default.
The Information interface displays the basic information about the device, device connection
status, and system logs.
Figure 2-3 shows the Information interface.

Raisecom
Figure 2-3 Information interface
 Click More to view more information.

 Choose the Refresh Period drop-down list to configure the refresh period.
2.4.2 Introduction
The Information interface displays the following information:
 Basic information: by view basic information about the HT803G-WS2, you can learn the
operating status. Basic information includes:
– Device information
– CPU usage
– Memory usage
 Connection status: you can view information about the connection status in this interface,
including:
– Broadband connection information
– LAN information
– WLAN information
 System logs: by viewing the system log, you can learn the latest events and status of the
system, which can help clear faults.

Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) 3 Configuring basic Internet access functions
3 Configuring basic Internet access

functions
This chapter describes basic Internet access configurations, including the following sections:
 Uplink interface
 Downlink interface
 VLAN
 DHCP
 NAT
 DNS/DDNS
 WLAN
3.1 Uplink interface

3.1.1 GPON uplink interface
Scenario
By configuring the GPON uplink interface, you can connect the HT803G-WS2 upstream to
the OLT.
Configuration steps
 GPON
Step 1 Choose Basic > Interface > GPON.
Step 2 Select the GPON Interface tab and enter the display Current Interface's Configuration and
Show the Attributes of the GPON interface.
Step 3 Configure related parameters and click OK.
Step 4 When registering the device to the OLT by using the LOID and Password, you can check the
OLT registration status on the GPON Interface configuration interface. If it displays
"registered and certified", the configuration succeeds.

Raisecom
Step 5 On this interface, you can view the PON MAC address, PON chip manufacturer, PON chip
model, and PON firmware version.
Figure 3-1 GPON Interface configuration interface
Item Description
Management Status Enable or disable the management status of the GPON
information.
LOID Configure the LOID of the HT803-WS2 for registration to the
OLT.
Password LOID authentication password
OLT Remote Configure the OLT remote management mode:
Administration mode  HGU(VEIP)
 HGU(CEIP)
 SFU
The difference between the VEIP and CEIP modes lies in that
the ONT card slots are different.
 GPON optical module detection

Step 2 Select the Optical Module Detection tab.
Step 3 You can view the current working parameters of the optical module on this interface,
including temperature, voltage, bias current, and transmit/receive optical power.

Raisecom
Figure 3-2 Optical Module Detection interface
 GPON optical module statistics

Step 2 Select the Optical Module Statistics tab.
Step 3 The interface displays the received and sent traffic statistics, including bytes, frames, unicast
frames, multicast frames, broadcast frames, PAUSE flow control frames, and FEC frames
received, HEC frames received, and dropped frames in the sending direction.
Figure 3-3 Optical Module Statistics interface
3.1.2 WAN0 uplink interface
Scenario
It is used to configure the WAN0 interface of the ISCOM HT803G-WS2 (N). The WAN0
interface corresponds to the GPON interface.
Configuration steps
Step 1 Choose Basic > Interface > WAN.
Step 2 On the WAN Interface Configuration interface, you can view the configurations.

Raisecom
 To modify the configured parameters, click .

 To add configurations, click Add.
 To delete configurations, click .
Figure 3-4 WAN Interface Configuration interface
Step 3 Configure related parameters and click OK.

After completing configurations, click Save Config.
Item description
The WAN interface supports the following two connection modes:
 Bridge
 Router
Each mode corresponds to different configuration items. You can configure the corresponding
items as required.
Table 3-1 and Table 3-2 list descriptions of the configuration items on the WAN0 Modify
interface.
Figure 3-5 WAN0 Modify interface

Raisecom
Table 3-1 Configuration items in bridge mode on the WAN0 Modify interface
Item Description
Connection Name (Non-configurable) it is automatically generated by the system.
Connect type Configure the connection type.
 IPoE
 PPPoE
Protocol Mode Configure the type of the transmission protocol on the WAN0
interface.
 IPV4
 IPV6
 IPV4/IPV6
Connection Mode Select a mode according to the actual application scenario:

 Bridge mode (applicable to this table)
 Router mode
Service Type The service type bound to the connection, including:
 Management_Internet: management and Internet access
Channel
 Management: management channel
 Internet: Internet access channel
 Other: other channels
 The WAN interface in Management_Internet mode will

automatically generate a default route and a 32-bit
administrative route.
 The WAN interface in Management mode will
automatically generate a 32-bit administrative route.

 The WAN interface in Internet mode will only
automatically generate a default route.

 The WAN interface in other modes does not
automatically generate a route.

LAN bind options Select the LAN interface to be bound. Available options are
LAN1–LAN4.
2.4G bind options Select the 2.4G WLAN interface to be bound. Available options
are ath0–ath3.
5G bind options Select the 5G WLAN interface to be bound. Available options
are athfs0–athfs3.
Belongs to Bridge (Non-configurable) it is the name of the bridge interface to
which the interface belongs. It is automatically generated by the
system.
MAC Address Show the MAC address.

Raisecom
Figure 3-6 Router mode interface on the WAN0 Modify interface
Table 3-2 Configuration items in router mode on the WAN0 Modify interface
Item Description
Connection Name (Non-configurable) it is automatically generated by the system.
Connect type Select any of the following modes according to the actual
application scenarios:
 IpoE
Available IPv4 obtainment mode: DHCP or Static
 PPPoE
Available IPv4 obtainment mode: PPPoE. Select this mode if the
ISP uses PPPoE.
Protocol Mode Configure the type of the transmission protocol on the WAN0
interface.
 IPV4 (applicable to this table)
 IPV6
 IPV4/IPV6 (compatible with both protocols, applicable to this
table)
Connection Mode Select a mode according to the actual application scenario:
 Bridge mode
 Router mode (applicable to this table)

Raisecom
Item Description
Service Type The service type bound to the connection, including:
 Management_Internet: management and Internet access channel
 Management: management channel
 Internet: Internet access channel
 Other: other channels
 The WAN interface in Management_Internet mode will

automatically generate a static route and a policy route.
 The WAN interface in Management mode will
automatically generate a policy route.

 The WAN interface in Internet mode will only
automatically generate a static route.

 The WAN interface in other modes does not
automatically generate a route.

LAN bind options Select the LAN interface to be bound. Available options are
LAN1–LAN4.
2.4G bind options Select the 2.4G WLAN interface to be bound. Available options
are ath0–ath3.
5G bind options Select the 5G WLAN interface to be bound. Available options are
athfs0–athfs3.
IPv4 Setting
IPv4 DHCP If you check the radio button, the interface will automatically
address obtain an IP address.
type

Raisecom
Item Description
Static If you check Static, you will need to manually configure a static
address. You need to configure the following items:
 (Optional) IP address: enter the IP address in dotted decimal
notation.
 (Optional) Subnet mask: enter the subnet mask in dotted decimal
notation.
 (Optional) Default Gateway: enter the default gateway in dotted
decimal notation.
 (Optional) Primary DNS: enter the preferred DNS server
address in dotted decimal notation.
 (Optional) Backup DNS: enter the backup DNS server address
in dotted decimal notation.
PPPoE Check PPPoE from the Connect type. It indicates that connections
are initiated based on PPPoE dialing. You need to configure the
following items:
 Username: enter the PPPoE user name which is provided by the
ISP.
 Password: enter the PPPoE password which is provided by the
ISP.
 (Optional) AC Name: PPPoE server address
 PPPoE dial-mode: include "now" and "demand".
 Idle time: when you select "demand" from the drop-down list of
PPPoE dial-mode, you need to enter the idle time in the idle time
text box. The idle time is an integer ranging from 10 to 65535, in
units of second. It is 0s by default, indicating that it will never
time out.
The idle time refers to the time when the user does not
have any service traffic. When the idle time exceeds the
set value, the device automatically disconnects the
network to save traffic for the user. When there is service
traffic again, the device automatically connects to the
network again.
Enable NAT Enable or disable the NAT. If you check it, the NAT will be
enabled. Then you need to configure the following items:
 To enable or disable NAT, check to enable. Item required:
(Optional) Enable NAT Address Pool: In the "Static" IPv4
address configuration mode, after enabling NAT, you can
configure whether to enable the NAT address pool. After
checking the Enable NAT Address Pool radio button, you need
to enter the range of the address pool to configure the WAN
interface to allow multiple IP addresses to access the internet. If
you check the radio button, the NAT will be enabled.

Raisecom
Item Description
Access Control (Optional) click to enable or disable
HTTPS, Ping, Telnet, SSH, or HTTP on the interface.
For example, if you disable Telnet, other PC devices

cannot log in to the HT803-WS2 remotely.
MAC Address Show the MAC address.
Set MTU Click to configure the MTU which is an
integer. The value range varies with the configured address mode:
 DHCP: the value ranges from 576 to 1500, and the default value
is 1500.
 Static: the value ranges from 576 to 1500, and the default value
is 1500.
 PPPoE: the value ranges from 576 to 1492, and the default value
is 1492.
3.1.3 WAN sub-interface
Scenario
Multiple connections can be added to the WAN interface, namely, adding sub-interfaces. Each
connection can be set with a sub-interface ID. The sub-interface ID is the VLAN ID that tags
the packets with VLAN tags so that upstream packets can be forwarded with VLAN tags.
When the device uses the WAN0 interface for uplink connections, a WAN sub-interface can
be added.
Configuration steps
Step 2 Click Add. The Add Subinterface on the WAN0 interface will appear.
Step 3 Configure related items and click OK. The difference between the sub-interface and the
WAN interface is that the sub-interface ID needs to be configured for identification.
Compared with the WAN interface, the sub-interface requires additional configurations, as
listed in Table 3-3. For the remaining configuration items, see section 3.1.2 WAN0 uplink
interface.
Table 3-3 Additional configuration items for the sub-interface

Item Description
Subinterface ID VLAN ID of the sub-interface, namely, the VLAN ID that tags
VLAN tag for the packets, ranging from 0 to 4080
802.1p Priority (Optional) QoS priority, ranging from 0 to 7

Raisecom
3.2 Downlink interface

3.2.1 Basic configurations
Scenario
You can configure the basic items of the LAN interface, including interface management, rate
and duplex mode, and loopback detection. At the same time, you can check whether there is a
loop and the connection status of the LAN interface.
Configuration steps
Step 1 Choose Basic > Interface > LAN.
Step 2 Select the ETH Configuration tab.
Step 3 Configure loopback detection, interface management, speed, and duplex mode on the
specified LAN interface, and click OK.
Figure 3-7 LAN interface configuration interface
Item Description
Loopback Detect Enable or disable loopback detection on the interface.
Shutdown Manage Enable or disable the current LAN interface.
 Enable: enable the current LAN interface.
 Disable: disable the current LAN interface.
Auto Negotiation Configure auto-negotiation on the LAN interface, including:
 Enable: enable auto-negotiation.
 Disable: disable auto-negotiation.
Eth Speed Configure the speed of the LAN interface. You can use this
function when Auto Negotiation is disabled.

Raisecom
Item Description
Eth Duplex Configure the duplex mode of the interface.
You can use this function when Auto Negotiation is disabled.
Eth Flow Ctrl Configure the flow control mode of the LAN interface, including:
 Enable: enable flow control.
 Disable: disable flow control.
3.2.2 Binding VLAN
Scenario
It is used to divide the access domain. PCs in different departments can be connected to
different LAN interfaces of the device, and different VLANs can be bound through the LAN
interface to isolate different departments and prohibit mutual access.
Configuration steps
Step 2 Select the VLAN Configuration tab.
Step 3 In the VLAN Information List section, configure the interface mode, PVID, and the bound
VLAN of various LAN interfaces and then click Binding.
Figure 3-8 VLAN Information List interface
Item Description
Mode The LAN interface supports the following two VLAN modes:
 Access
 Trunk
PVID Default VLAN ID of the LAN interface
The VLAN ID is created.
vlanID Created VLANs
Check the LAN interface to be added to this VLAN.

Raisecom
3.2.3 Traffic statistics
Scenario
View the statistics on traffic and packets received/sent on the LAN interface.
Configuration steps
Step 2 Select the Interface statistics tab.
Step 3 It will display the LAN interface statistics and the VLAN traffic statistics.
Figure 3-9 LAN statistics and VLAN statistics interface
3.2.4 Wired terminal
Scenario
View the IP address and MAC address of the terminal connected to the LAN interface.
Steps
Step 2 Select the Wired terminal tab.
Step 3 It will display the terminal ID, LAN interface, VLAN interface, IP address, and MAC address.
Figure 3-10 Wired terminal interface

Raisecom
3.3 VLAN
3.3.1 VLAN configurations
Scenario
It is used to create VLANs and configure VLAN interfaces. After configuring the VLAN
interface, you can bind the LAN interface to this VLAN interface to enable the LAN interface
with the forwarding function.
Configuration steps
 Create/Delete a VLAN.
Step 2 Select the VLAN Configuration tab.
Step 3 In the VLAN Create & Delete section, enter the VLAN ID, check Create or Delete, and then
click OK.
Figure 3-11 VLAN Create & Delete
Item Description
 Check Create to create a VLAN.
Create/Delete
 Check Delete to delete a VLAN.
VLAN ID VLAN ID that needs to be created or deleted, ranging from 1 to 4093
 Configure the VLAN interface.

Step 2 Select the VLAN Interface Configuration tab.
Step 3 Configure the IP address and subnet mask of the VLAN interface. At the same time, you can
choose to configure the extended IP address, subnet mask, and DHCP of the VLAN interface,
and then click OK.

Raisecom
Figure 3-12 VLAN Interface Configuration interface
Item Description
VLAN Select the created VLAN from the drop-down list.
IP Address Configure the IP address of the VLAN in dotted
decimal notation, such as 192.168.1.1.
Netmask Configure the VLAN subnet mask in dotted
decimal notation, such as 255.255.255.0.
Secondart IP Config Configure the IP address and subnet mask of the
extended IP address. Up to two extended IP
addresses are supported.
Management Access Enable or disable HTTPS, Ping, Telnet, SSH, and
HTTP. Check to enable.
DHCP Server Enable Enable DHCP Server on the VLAN interface.
Disable IP address of the DHCP subnet, in dotted decimal
notation, such as 192.168.1.0

Raisecom
Item Description
Netmask Subnet mask of the DHCP subnet, in dotted
decimal notation, such as 255.255.255.0
Start IP Starting IP address of the DHCP server address
pool, in dotted decimal notation, such as
192.168.1.1
End IP End IP address of the DHCP server address pool,
in dotted decimal notation, such as 192.168.1.254
Gateway Address Default gateway address of the subnet connected
to the interface, in dotted decimal notation, such as
192.168.1.1
Primary DNS IP address of the preferred DNS server required
for DNS, in dotted decimal notation, such as
192.168.101.1
Backup DNS IP address of the backup DNS server required for
DNS, in dotted decimal notation, such as
218.30.118.6
Reserved IP It is not an automatically assigned IP address in
the DHCP address pool. You can enter up to 8 at a
time, separated by ",".
Lease Time After the client obtains an IP address, the period of
using the IP address can be configured from 5
minutes to 100 days. When set to 0 minutes, it can
be used indefinitely.
Step 4 After configuring DHCP Server on the VLAN interface, check the DHCP service information
of the VLAN interface in the "DHCP Service List" section. Click the check box in front of
one or more VLAN interfaces, or click the check box at the top of the table header (indicating
that all VLAN interfaces are selected), and click Delete to delete the DHCP service
configuration of the VLAN interface.
3.4 DHCP
3.4.1 DHCP services
Scenario
It is used to centrally configure the DHCP service type of a specified interface, including
DHCP server, DHCP client, and DHCP relay.
The DHCP service is only introduced here in a centralized manner. You can also
configure the DHCP service on each interface configuration interface, such as:

Raisecom
 In the configuration of the uplink interface, when you configure DHCP-based

Internet access, you need to configure the WAN interface as a DHCP client.
 In the configuration of the VLAN interface, when you configure the "server", you
need to configure the VLAN interface as a DHCP server. Binding the VLAN with
the downlink interface indicates that the DHCP service of the downlink interface is
configured.
Configuration steps
Step 1 Choose Basic > Network > DHCP.
Step 2 Select the DHCP Service tab. It will display the DHCP service list of all interfaces.
Step 3 Click the corresponding to the interface that needs to be configured. The Interface
DHCP Settings interface will appear.
Step 4 Configure related parameters and then click Confirm.
 Figure 3-11 shows how to disable DHCP services.
 Figure 3-12 shows how to configure the interface as a DHCP client.
 Figure 3-13 shows how to configure the interface as a DHCP server.
 Figure 3-14 shows how to configure the interface as a DHCP relay.
Figure 3-13 Disabling DHCP services
Item Description
Interface Name Interface which needs to be configured with a service type
DHCP Service Type Disable
Figure 3-14 Interface acting as a DHCP client
Item Description

Raisecom
Item Description
DHCP Service Type DHCP client
Enable Option60 Check the radio box to enable the Option60 field.
Address Pool Name in Server-side address pool name, a character string, with the
DHCP Server length ranging from 1 to 64, including letters, numbers, and
underscores
Match the name with that of the Option60 address pool
configured on the server. If they match, the server delivers the
host configurations.
Option125 Match Option125, a character string, with the length ranging from 1 to
String 64, including letters, numbers, and underscores
Match the character string with the Option125 configured on
the client. If they match, the client receives the host
configurations delivered by the server.
Figure 3-15 Interface acting as a DHCP server
Item Description
DHCP Service Type DHCP server
Option125 Match Option125, a character string, with the length ranging from 1 to
String 64, including letters, numbers, and underscores
Match the character string with the Option125 configured on
the client. If they match, the server delivers the host
configurations.
Option43 Match String Configure the Option43 character string. The client obtains the
information of the server by obtaining the packets carrying the
option43 from the server.

Raisecom
Figure 3-16 Interface acting as a DHCP relay
Item Description
DHCP Service Type DHCP relay
DHCP Server IP IP address of the DHCP server
3.4.2 DHCP configurations
Scenario
After configuring an interface as a DHCP server, you need to configure the DHCP service
address pool, disabled addresses, IP/MAC binding, and so on.
Configuration steps
1. Configure DHCP address pool
Step 2 Select the DHCP Address Pool tab. The DHCP Service List interface will appear.
 To delete the specified DHCP server, click the corresponding .

 To enter the DHCP Address Pool Modification interface, click corresponding to a
specified DHCP server.
 To add an interface that is enabled with DHCP Server, click Add. And the DHCP
Address Pool Settings interface will appear.
Step 3 The configuration items on the DHCP Address Pool Modification interface are the same as
those on the DHCP Address Pool Settings interface. Configure related parameters and click
OK.

Raisecom
Figure 3-17 DHCP Address Pool interface
Item Description
Interface Select an interface to be configured as a DHCP server.
Start IP Address The start IP address of the DHCP server address pool is generally
smaller than the end IP address.
End IP Address End IP address of the DHCP server address pool
Subnet Network segment corresponding to each interface
Subnet Mask Subnet mask of the subnet IP
Gateway (Optional) The gateway address of the network segment where the
subnet is located.
Lease Period Configure the time limit for the client to obtain an IP address:
 Infinite
 Finite
Lease Time When checking Finite, you need to configure the time range (5
minutes to 100 days) for the client to use the IP address.
IP/MAC Binding (Optional) Bind the IP address with the MAC address.
Primary DNS (Optional) Configure the IP address of the preferred DNS server
Servers required for DNS.
Secondary DNS (Optional) Configure the IP address of the backup DNS server
Server required for DNS.
Primary WINS (Optional) Configure the IP address of the preferred WINS server,
Server which is used to dynamically register and query the mapping
between IP address and NetBIOS name.

Raisecom
Item Description
Secondary WINS (Optional) Configure the IP address of the backup WINS server,
Server which is used to dynamically register and query the mapping
between IP address and NetBIOS name.
Domain Name (Optional) Configure the domain suffix for the client.
2. Configure the addresses denied by the DHCP server.

Step 2 Select the Excluded Address tab. The Excluded Address List interface will appear.
 To delete the currently excluded addresses, click corresponding to the excluded

address range.
 To enter the Modify Excluded Address interface, click corresponding to the
excluded address range.
 To add a range of excluded addresses, click Add. The Excluded Address interface will
appear.
Step 3 The configuration items on the Modify Excluded Address interface are the same as those on
the Excluded Address interface.
Figure 3-18 Excluded Address interface
Item Description
Start IP Address Start IP address which is prohibited by the DHCP server to be
assigned to the client
End IP Address End IP address which is prohibited by the DHCP server to be
assigned to the client
3. Configure IP/MAC binding of DHCP services.

Step 2 Select the Static Address Allocation tab. The Static Address Allocation List interface will
appear.
 To delete a binding list, click corresponding to the binding list.

 To enter the Modify Static Address Allocation Item interface, click corresponding
to the binding list.

Raisecom
 To add an IP/MAC binding table of the DHCP services, click Add. The Add Static
Address Allocation Item interface will appear.
Step 3 The configuration items on the Modify Static Address Allocation Item interface are the same
as those on the Add Static Address Allocation Item interface. Configure related items, and
click OK.
Figure 3-19 Add Static Address Allocation Item interface
Item Description
Item Name IP/MAC-bound identifier, used to distinguish the names from other
identifiers, a character string, composed of letters, numbers, and
underscores, ranging from 1 to 64
Client IP Static IP address of this binding relation, in dotted decimal notation,
such as 10.0.0.1
Mac bind MAC address of this binding relation, in colon hexadecimal
notation, such as 3001::3
4. Configure the Option60 address pool of the DHCP service.

Step 2 Select the Option60 Address Pool. The DHCP Service List appears.
 To delete a DHCP server, click corresponding to the specified DHCP server.

 To enter the DHCP Address Pool Modify interface, click corresponding to the
specified DHCP server.
 To add an interface which serves as a DHCP server, click Add. The DHCP Address Pool
Settings interface will appear.
Step 3 The items on the DHCP Address Pool Modify interface and the DHCP Address Pool Settings
interface are the same. Configure related items and then click OK.
Figure 3-20 DHCP Address Pool Settings interface

Raisecom
Item Description
Interface Interface enabled with DHCP service
Address Pool Name Name of the Option60 address pool, a character string,
ranging from 1 to 64, including letters, numbers, and
underscores
If the client uses this address pool, you need to enable
Option60 and configure its "server address pool name" to
be the same as the name of the address pool.
Start IP Address The start IP address of the DHCP server address pool is
generally smaller than the end IP address.
End IP Address End IP address of the DHCP server address pool
The start address of the Option60 address pool and

the start address of the common DHCP address
pool under this interface cannot be inclusive.
Lease Period It refers to the period for using the IP address after the
client obtains an IP address. It is divided into: finite and
indefinite.
Lease Time When selecting Finite, you have to configure the time
range for the client to use the IP address.
IP/MAC Binding Enable IP/MAC binding.
After it is enabled, if a computer obtains an IP

address through DHCP, its IP address and MAC
address will be automatically bound.
3.4.3 DHCP monitoring
Scenario
It is used to view the MAC address, assigned IP address, and start and end time of the client
currently attached to the DHCP server of the device.
Configuration steps
Step 2 Select the DHCP Monitoring tab. The DHCP Monitor List interface will appear.

Raisecom
Figure 3-21 DHCP Monitor List interface
3.5 NAT
NAT type
 Source NAT: refers to the source address of the first packet with connection changed,
which is processed after routing, that is, before the packet reaches the network cable. IP
masquerading belongs to source NAT.
 Destination NAT (Virtual Server): refers to the destination address of the first packet
with connection changed, which is processed before routing. Interface forwarding, load
balancing, and transparent proxy all belong to the destination NAT.
 The virtual server refers to the destination address translation. According to server
address and interface mapping, one-way mapping of external network address and
internal address can be realized or interface conversion can be realized at the same time.
According to server service offloading, the system can convert the destination address to
a different internal server address according to the service accessed.
 One-to-one address translation: one-to-one address translation is a one-to-one
bidirectional address mapping. In this case, the mapped internal host can actively access
the outside, and the external can also actively access the internal host, which is
equivalent to establishing a bidirectional channel between the internal and external
networks.
3.5.1 Application-layer gateway
Scenario
It is used to configure the application layer gateway of the device to support some special
application layer protocols, such as GRE, L2TP, and RTSP.
Configuration steps
Step 1 Choose Basic > Network > NAT.
Step 2 Select the ALG tab.
Step 3 Check the application protocols supported by the NAT and then click OK.
Figure 3-22 Application Layer Gateways Configuration interface

Raisecom
3.5.2 Virtual server
Scenario
The virtual server refers to the destination NAT, used for advertising the internal server
outside.
Configuration steps
Step 2 Select the Virtual Server tab.
Step 3 Configure related items in the Create Virtual Servers section and then click Add.
Figure 3-23 Create Virtual Servers interface
Item Description
In Interface Ingress interface matching the NAT rule
Protocol Protocol name matching the NAT rule
External IP address Destination address matching the NAT rule, which can be
the address of the ingress interface or the manually
configured IP address
Internal IP address The translated destination address, which can be a single IP
address or an address segment
Internal Port The translated interface. The default interface is used by
default. You need to select the IP range when interface
mapping is required and enters the interface ID, which
ranges from 1 to 65535.

Raisecom
Step 4 View the created virtual server in the The list of the internal servers section. Click the check
box in front of one or more virtual servers, or click the check box at the top of the table
header (indicating that all virtual servers are selected), and click Delete to delete the created
virtual server.
3.5.3 Source NAT
Scenario
It is used to configure the source NAT rules of the device.
Configuration steps
Step 2 Select the Source NAT tab.
Step 3 In the Create Source NAT rules section, configure related items and click Add.
Figure 3-24 Create Source NAT rules interface
Item Description
Egress Egress interface matching the NAT rule
Service Select the protocol type of NAT rules.
Internal IP Address The source address matching the NAT rule
You can specify all IP addresses or custom address segments.
External IP Address The translated source address, which can be the address of the
egress interface or a self-defined address segment
Step 4 View the created source NAT rules in the The list of source NAT rules section. Click the
check box in front of one or more source NAT rules, or click the check box at the top of the

Raisecom
table header (indicating that all virtual servers are selected), and click Delete to delete the
created source NAT rules.
3.5.4 One-to-one address mapping
Scenario
It is used to create global static mapping rules for the device.
Configuration steps
Step 2 Select the One to One Address Translation tab.
Step 3 In the Create global static conversion rules section, configure related items and click Add.
Figure 3-25 Create global static conversion rules interface
Item Description
External Port Name of the interface connected to the external network
External IP Address Translated external address
Internal IP Address Internal address that needs to be translated
Step 4 View the created static translation rules in the The list of static rules section. Click the check
box in front of one or more static translation rules, or click the check box at the top of the
table header (indicating that all virtual servers are selected), and click Delete to delete the
created static translation rules.

Raisecom
3.6 DNS/DDNS
3.6.1 DNS
Scenario
Domain Name System (DNS) is used to establish a one-to-one (or one-to-multiple) mapping
between domain names and IP addresses. All PCs in the network apply to the DNS server,
which will generate a lot of network traffic. The device can act as a DNS proxy to create a
static domain name resolution list. When the IP address is not available in this table, the
device queries the DNS server and replies to the PC.
Configuration steps
Step 1 Choose Basic > Network > DNS.
Step 2 In the DNS Proxy section, check Enable or Disable and then click OK.
Step 3 In the Static DNS List section, the host name and the host IP address are displayed.
 To delete a static DNS entry, click the corresponding .

 To enter the Modify a DNS Entry interface, click the corresponding .
 To add a static DNS entry, click Add. The DNS Configuration interface will appear.
Step 4 The items on the Modify a DNS Entry interface are the same as that on the Create a new
domain entry interface. Configure related items and click OK.
Figure 3-26 Create a new domain entry interface
Item Description
Host Name Configure static domain name, a character string, ranging from 1 to 255
IP Address IP address corresponding to the static domain name
3.6.2 DDNS
Scenario
Most broadband operators only provide dynamic IP addresses. DDNS maps the user's
dynamic IP address to a fixed domain name. Each time the user connects to the network, the
client program passes the dynamic IP address of the host to the server program on the
operator's host through information transfer. The server program located on the host of the
service provider captures the IP address of each change of the user, and then maps it to the

Raisecom
domain name, so that other Internet users can communicate with the user through the domain
name.
Configuration steps
Step 1 Choose Basic > Network > DDNS.
Step 2 It displays the configured DDNS services.
 To delete a DDNS service, click the corresponding .

 To enter the Modify DDNS interface, click the corresponding .
 To add a DDNS service entry, Click Add. The Add DDNS interface will appear.
Step 3 The items on the Modify DDNS interface are the same as those on the Add DDNS interface.
Configure related items and click OK.
Figure 3-27 Add DDNS interface
Item Description
Host Name The domain name registered with the server provider, a
character string, ranging from 1 to 256
Server ISP Service providers which provide domain name services:
Configuration  3322.org
 no-ip.com
 oray.net
 dyndns.org
 tzo.com
 ipnodns.ru
Server IP The server address that provides the domain name

service, automatically generated according to the
selected service provider system, non-configurable

Raisecom
Item Description
Account Username Name of the user who is registered for the domain name,
configuration a character string, ranging from 1 to 256
Password Password registered for the domain name, a character
string, ranging from 1 to 256
Other Binding Bind the DDNS to a certain interface
Configuration Interface
 ON: enable DDNS on the bound interface, which is
DDNS
enabled by default.
 OFF: disable DDNS on the bound interface.
3.7 WLAN
3.7.1 WLAN configurations (2.4G)
Scenario
It is used to configure the basic WLAN access functions of the device, and can connect the
user's wireless device to the network.
Configuration steps
Step 1 Choose Basic > Interface > WLAN 2.4G. Select the Advanced Configuration tab.
Step 2 Configure advanced items of WLAN access.
 Click ON or OFF to enable/disable WLAN.
 Configure other items and click OK.
If there is no special requirement, you can use the default configurations without
further manual configurations.

Raisecom
Figure 3-28 WLAN Advanced Configuration
Item Description
Country Code The country code is used to identify the country where the radio
frequency is used. It specifies radio frequency characteristics,
such as power and the total number of channels available for
frame transmission. Before configuring the AP, you must
configure a valid country code or area code.
Country codes support: Australia, Canada, China, Israel, Japan,
Brazil, and United States.
Working Mode The WLAN working mode is as follows:
 Mixed (mixed): automatically select the working mode
according to the current environment.
 11b: the maximum transmission rate is 11 Mbit/s.
 11g-only: the maximum transmission rate is 54 Mbit/s.
 11n-only: the maximum transmission rate is 300 Mbit/s.
Band Width The WLAN band width can be selected when the operating
mode is mixed or 11n-only, and the selectable values are
20MHZ, 40MHZ or Auto.

Raisecom
Item Description
Working Channel WLAN working channel, with the value ranging from 1 to 13 or
Auto
The value Auto means automatically selecting a channel
according to the current network environment.
The selectable values of the working channel vary

according to the country code:
 When the country code is Australia, China or Japan, the
value of the working channel can be 1 to 13 or Auto.
 When the country code is Canada" or United States, the
value of the working channel can be 1 to 11 or Auto.
 When the country code is Israel, the value of the working
channel can be 1-9 or Auto.
Power Radio wave transmission power
You can choose 20%, 40%, 60%, 80%, or 100% of the
maximum power.
SSID Isolation Check the radio box to configure isolation between end users of
the same SSID.
ShortGI Enable short frame interval or not.
The short interval between frames is used to separate the frames
belonging to a conversation.
Step 3 Choose Basic > Interface > WLAN 2.4G. Select the Basic Configuration tab to check the
current wireless service ID, BSSID, data encryption, and service status.
Figure 3-29 WLAN Basic Configuration
Step 4 Enable/Disable WLAN.

 Click the check box in front of one or more wireless service IDs, or click the check box
at the top of the table header (indicating that all wireless services are selected), and click
ON or OFF. After the modification is successful, the current interface displays the latest
service status.
 Click corresponding to a wireless service ID to enter the Modify Basic WLAN
Configuration interface to modify the basic parameters of the wireless service.

Raisecom
Figure 3-30 Modify Basic WLAN Configuration interface
Item Description
Network Name (SSID) Wireless network name, a character string, ranging
from 1 to 31
The device currently supports 4 wireless networks.
Address Mode Static In static address mode, you need to configure the
following items:
 IP Address: enter the IP address which should be in
dotted decimal notation.
 Subnet Mask: enter the subnet mask which should be

 (Optional) DHCP Server: enable or disable the DHCP
service on the WLAN interface. After enabling it, you

need to configure the start/end IP address, gateway
address, primary/backup DNS, and lease time.
VLAN For the created VLAN interface binding, you need to
Binding configure:
 VLAN: select a VLAN to be bound.
HTTP services. Check to enable.
SSID Hide (Optional) Configure whether to hide this wireless
network. Check to hide.
WMM (Optional) Configure whether to enable wireless
multimedia, so that the video/audio data will have a
higher priority than ordinary data, but the client is also
required to support this function. Check to enable.
Station Isolation (Optional) After it is checked, users under the same
SSID cannot communicate with each other.

Raisecom
Item Description
Beacon Interval (Optional) Configure the Beacon frame transmission
interval, in units of milliseconds, ranging from 100 to
100, with default 100 milliseconds.
DTIM Interval (Optional) Configure the DTIM interval which ranges
from 1 to 31, being 1 by default.
BSS Max Associations Limit (Optional) Configure the maximum number of users
connected to the network at the same time. The value
ranges from 0 to 32. 0 indicates that the maximum
number of access terminals is 127, and the default is 0.
Authentication Disabled Use keyless authentication.
Mode
Open mode Use WEP to encrypt data. Any password can be
connected. But if the password is wrong, it will display
"restricted". You need to configure the following items:
 Key length: 128 bits (corresponding to 26-bit
hexadecimal numbers or 13-bit ASCII codes) or 64
bits (corresponding to 10-bit hexadecimal numbers or
5-bit ASCII codes).
 Key: enter a key with a fixed number of bytes
according to the key length.

 (Optional) Show password: when it is checked, the
key is displayed in clear text in the Key text box.

 Key Index: select a key index number, which is an
integer ranging from 1 to 4.

Share mode Use WEP to encrypt data. If the key is incorrect, it will
prompt "the network does not exist". You need to
configure the following items:
5-bit ASCII codes).



WPA-PSK Use WPA-PSK to encrypt data and verify the access
point and client instead of the server. You need to
 WPA Pre-Shared Key: enter the password, which
should be a character string, ranging from 8 to 63.
 (Optional) show password: when it is checked, the
key is displayed in clear text in the WPA Pre-Shared

Key text box.
 WPA Encryption: select the encryption algorithm for
the key, including TKIP-AES, TKIP and AES.

Raisecom
Item Description
WPA2-PSK Use WPA2-PSK to encrypt data and verify the access
point, client, and server. You need to configure the
following items:

Key text box.
the key, including TKIP-AES, TKIP, and AES.

WPA/WPA2- Use WPA/WPA2-PSK to encrypt data and verify the
PSK access point, client, and server. You need to configure
the following items:

Key text box.

MAC Filter Enable or disable MAC address filtering.
After enabling MAC Filter, you need to configure the
Filter Rule and Add MAC items.
Filter Rule (Optional) there are two filtering rules:
 Allow MAC on Table to Access: allow the MAC
addresses in the table to access the network.
 Deny MAC on Table to Access: deny the MAC
addresses in the table from accessing the network.

Add MAC (Optional) enter the MAC address in the text box and
click Add to add the MAC address to the MAC Filter
Table which will conduct MAC filtering according to
the filtering rules.
Double-click the MAC address in the MAC Filter Table
to delete the MAC address.
Step 5 After completing configurations, click OK.
3.7.2 WLAN configurations (5G)
Scenario
It is used to configure the basic WLAN access functions of the device, and can connect the
user's wireless device to the network.
Configuration steps
Step 1 Choose Basic > Interface > WLAN 5G. Select the Advanced Configuration tab.

Raisecom
Step 2 Configure advanced items of WLAN access.

 Click ON or OFF to enable/disable WLAN.
 Configure other items and click OK.
If there is no special requirement, you can use the default configurations without
further manual configurations.
Figure 3-31 WLAN Advanced Configuration
Item Description
Country Code The country code is used to identify the country where the radio
frequency is used. It specifies radio frequency characteristics,
such as power and the total number of channels available for
frame transmission. Before configuring the AP, you must
configure a valid country code or area code.
Country codes support: Australia, Canada, China, Israel, Japan,
Brazil, and United States.
Working Mode The WLAN working mode is as follows:
 Auto: automatically select the working mode according to the
current environment.
 11a: the maximum transmission rate is 54 Mbit/s.
 11n-only: the maximum transmission rate is 300 Mbit/s.
 11ac-only: the maximum transmission rate is 866.6 Mbit/s.
 11na/ac mixed: the working modes can be 11n, 11a, and 11ac.
Band Width When the working mode is automatic, 11n-only, 11ac-only, or

11na/ac mixed, you can select the WLAN frequency bandwidth,
of which the value can be 20MHZ, 40MHZ, 80MHZ, or "Auto".

Raisecom
Item Description
Working Channel WLAN working channel, with the value of 36, 40, 44, 48, 52,
56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136,
149, 153, 157 , 161 or Auto
Auto is to automatically select a channel according to the current
network environment.
The selectable values of the working channel vary

according to the country code:
 When the country code is Australia or Canada, the value
of the working channel can be 36, 40, 44, 48, 52, 56, 60,
64, 100, 104, 108, 112, 116, 120, 124, 128 , 132, 136,
149, 153, 157, 161, or Auto.
 When the country code is China, the value of the working
channel can be 36, 40, 44, 48, 52, 56, 60, 64, 149, 153,
157, 161, or Auto.
 When the country code is Japan, the value of the
working channel can be 36, 40, 44, 48, 52, 56, 60, 64,
100, 104, 108, 112, 116, 120, 124, 128, 132, 136, or
Auto.
 When the country code is United States, the value of the
working channel can be 36, 40, 44, 48, 52, 56, 60, 64,
100, 104, 108, 112, 132, 136, 149, 153, 157, 161, or
Auto.
 When the country code is Israel, the value of the working
channel can be 36, 40, 44, 48, 52, 56, 60, 64, or Auto.
Power Radio wave transmission power
You can choose 20%, 40%, 60%, 80% or 100% of the maximum
power.
SSID Isolation Check the radio box to configure isolation between end users of
the same SSID.
ShortGI Configure whether to enable short frame interval. The short
interval between frames is used to separate the frames belonging
to a conversation.
Step 3 Choose Basic > Interface > WLAN 5G. Select the Basic Configuration tab to check the
current wireless service ID, BSSID, data encryption, and service status.
Figure 3-32 WLAN Basic Configuration interface

Raisecom
Step 4 Enable/Disable WLAN.

 Click the check box in front of one or more wireless service IDs, or click the check box
at the top of the table header (indicating that all wireless services are selected), and click
ON or OFF. After the modification is successful, the current interface displays the latest
service status.
 Click corresponding to a wireless service ID to enter the Modify Basic WLAN
Configuration interface to modify the basic parameters of the wireless service.
Figure 3-33 Modify Basic WLAN Configuration interface
Item Description
Network Name (SSID) Wireless network name, a character string, ranging
from 1 to 31
The device currently supports 4 wireless networks.
Address Mode Static In static address mode, you need to configure the
following items:
 IP Address: enter the IP address which should be in
dotted decimal notation.
 Subnet Mask: enter the subnet mask which should be

 (Optional) DHCP Server: enable or disable the DHCP
service on the WLAN interface. After enabling it, you

need to configure the start/end IP address, gateway
address, primary/backup DNS, and lease time.
VLAN For the created VLAN interface binding, you need to
Binding configure:
 VLAN: select a VLAN to be bound.
HTTP services. Check to enable.

Raisecom
Item Description
SSID Hide (Optional) Configure whether to hide this wireless
network. Check to hide.
WMM (Optional) Configure whether to enable wireless
multimedia, so that the video/audio data will have a
higher priority than ordinary data, but the client is also
required to support this function. Check to enable.
Station Isolation (Optional) After it is checked, users under the same
SSID cannot communicate with each other.
Beacon Interval (Optional) Configure the Beacon frame transmission
interval, in units of milliseconds, ranging from 100 to
100, with default 100 milliseconds.
DTIM Interval (Optional) Configure the DTIM interval which ranges
BSS Max Associations Limit (Optional) Configure the maximum number of users
connected to the network at the same time. The value
ranges from 0 to 32. 0 indicates that the maximum
number of access terminals is 127, and the default is 0.
Authentication Disabled Use keyless authentication.
Mode
Open mode Use WEP to encrypt data. Any password can be
connected. But if the password is wrong, it will display
"restricted". You need to configure the following items:
5-bit ASCII codes).



Share mode Use WEP to encrypt data. If the key is incorrect, it will
prompt "the network does not exist". You need to
5-bit ASCII codes).



Raisecom
Item Description
WPA-PSK Use WPA-PSK to encrypt data and verify the access
point and client instead of the server. You need to

Key text box.

WPA2-PSK Use WPA2-PSK to encrypt data and verify the access
point, client, and server. You need to configure the
following items:

Key text box.

WPA/WPA2- Use WPA/WPA2-PSK to encrypt data and verify the
PSK access point, client, and server. You need to configure
the following items:

Key text box.

MAC Filter Enable or disable MAC address filtering.
After enabling MAC Filter, you need to configure the
Filter Rule and Add MAC items.
Filter Rule (Optional) there are two filtering rules:
 Allow MAC on Table to Access: allow the MAC
addresses in the table to access the network.
 Deny MAC on Table to Access: deny the MAC
addresses in the table from accessing the network.

Add MAC (Optional) enter the MAC address in the text box and
click Add to add the MAC address to the MAC Filter
Table which will conduct MAC filtering according to
the filtering rules.
Double-click the MAC address in the MAC Filter Table
to delete the MAC address.
Step 5 After completing configurations, click OK.

Raisecom
3.7.3 WLAN monitoring (2.4G)
Scenario
It is used to check the wireless terminal devices connected to the 2.4G WLAN.
Configuration steps
Step 1 Choose Basic > Interface > WLAN 2.4G.
Step 2 Select the Wireless Interface tab.
Step 3 Select a specified wireless interface and click View to check the wireless terminal devices
connected to the SSID.
Figure 3-34 Wireless monitoring interface
3.7.4 WLAN monitoring (5G)
Scenario
It is used to check the wireless terminal devices connected to the 5G WLAN.
Configuration steps
Step 1 Choose Basic > Interface > WLAN 5G.
Step 2 Select the Wireless Interface tab.
Step 3 Select a specified wireless interface and click View to check the wireless terminal devices
connected to the SSID.
Figure 3-35 Wireless monitoring interface

Raisecom
3.7.5 Statistics
Scenario
It is used to view the statistics of wireless terminal devices connected to 2.4GWLAN or
5GWLAN.
Configuration steps
Step 1 Choose Basic > Interface > WLAN 2.4G or WLAN 5G.
Step 2 Select the Statistic Info tab.
Step 3 Select a specified wireless interface and click View to check statistics on the wireless terminal
devices connected to the SSID.
Figure 3-36 Statistics viewing page

Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) 4 Configuring basic functions
4 Configuring basic functions
This chapter introduces basic functions, including the following sections:

 Routing
 Multicast
 QoS
 Link backup
 DMZ
 UPnP
4.1 Routing
4.1.1 Routing table
Scenario
The routing table is a spreadsheet or database stored in a router or Internet computer. This
interface is used to view the routing table of the device, showing only static routes, direct
routes, and host routes.
Configuration steps
Step 1 Choose Basic > Network > Route.
Step 2 The Routing Table interface will appear, which displays the contents of the routing table,
including type, destination address/mask, next hop, egress interface, distance, weight,
duration, and status (valid/invalid).

Raisecom
Figure 4-1 Routing Table interface
4.1.2 Static route
Scenario
Static routes refer to a fixed routing table set in the router. Unless the network administrator
intervenes, the static route will not change. Because static routes cannot respond to changes in
the network, it is generally used in networks of a small scale and with a fixed topology. Static
routes are simple, efficient, and reliable.
You manually add, modify, or delete the created static routing tables.
Configuration steps
Step 1 Choose Basic > Network > Static Route.
Step 2 The Static Route interface will appear.
 To delete a static route, click the corresponding or check the radio box before the
static route entry (click the check box at the top of the table header to select all static
route entries), and click Delete.
 To modify configurations, click corresponding to a specified static route to enter
the Static Route Modify interface.
 To add a static route, click Add. The Static Route interface will appear.
Step 3 The items on the Static Route Modify interface are the same as those on the Add Static Route
interface. Configure related items and click OK.

Raisecom
Figure 4-2 Add Static Route interface
Item Description
Network Destination Address of the network to be reached by the static route
Subnet Mask Subnet mask of the network to be reached by the static route
Next Hop IP address of the next-hop router interface of the static route
Interface Egress interface of the static route
Only in the point-to-point mode can the static route configured
on the egress interface take effect, otherwise it is invalid.
Weight (Optional) routing cost, ranging from 1 to 100
Distance (Optional) routing priority, ranging from 1 to 255
Monitor Address (Optional) The reference address of the static route. If the
monitoring address can be pinged from the device, the static
route is considered valid, otherwise the route is considered
invalid. You need to configure the following items:
 Send Interval (seconds): configure the monitoring interval, in
units of second, ranging from 3 to 300.
 The number of packets: configure the number of ICMP packets
sent during each monitoring. The value ranges from 1 to 10.
4.1.3 Policy routing
Scenario
Policy routing is a more flexible packet routing and forwarding mechanism than the target
network routing. It configures routing policies for matching, so that users can specify that
packets sent from a network can only be forwarded to a specific interface, or that certain
routes must go through a specific path.

Raisecom
Configuration steps
Step 1 Choose Basic > Network > Policy Route.
Step 2 The Policy Route interface will appear.
 To delete a policy route, click the corresponding .

 To modify configurations, click corresponding to a specified policy route to enter
the Policy Route Modify interface.
 To add a policy route, click Add. The Add Policy Route interface will appear.
Step 3 The items on the Policy Route Modify interface are the same as those on the Add Policy
Route interface. Configure related items and click OK.
Figure 4-3 Add Policy Route interface
Item Description
Protocol type The protocol type used to configure this policy:
 IPV4
 IPV6
Policy Route ID It is used to identify a certain policy route. The value ranges from
1 to 100.
Source Interface Ingress interface of the traffic, one of the policy matching
conditions
Source Address Source address object name, a collection of various types of
addresses, including MAC addresses, host addresses, and IP/IPV6
address range
It is one of the policy matching conditions.

Raisecom
Item Description
Destination Address Destination address object name, a collection of various types of
addresses, including MAC addresses, host addresses, and IP/IPV6
address range
Service Name of the service object, a collection of protocols and interface
IDs, such as TCP, UDP, and interface range.
Schedule Time object name, which means that the strategy takes effect
within a certain period
Next Address Select the next hop as the specified address. You need to
Hop configure:
Mode  Next Hop Address: enter the next-hop IP address, in dotted
decimal notation
Interface Select the next hop as the specified interface for point-to-point
situations. You need to configure:
 Next Hop Interface: select a next-hop interface.
Reference Policy ID (Optional) It is used to adjust the priority order of policy routes, so
that the strategy with the highest position has higher priority. The
value ranges from 1 to 100.
Before/After It is used to configure the priority of this policy to be higher or
lower than the reference policy ID.
 Before: higher
 After: lower
4.2 Multicast
4.2.1 Multicast configurations
Scenario
Generally, IP multicast working at the network layer is called "Layer 3 multicast", and the
corresponding multicast protocol is called Layer 3 multicast protocol, including Internet
Group Management Protocol (IGMP). The IP multicast working at the data link layer is called
Layer 2 multicast, and the corresponding multicast feature is called Layer 2 multicast,
including Internet Group Management Protocol Snooping (IGMP Snooping). Multicast
configuration is used to configure the multicast working mode and multicast protocol of the
device.
Configuration steps
Step 1 Choose Basic > Network > Multicast.

Raisecom
Step 2 In the Bridge Mode area, configure layer 2 multicast, as shown in Figure 4-4.
Figure 4-4 L2 multicast configuration interface
Item Description
IGMP Disable Disable Layer 2 multicast protocols.
protocol
Passthrough Enable transparent transmission of Layer 2 multicast
protocols.
IGMP Snooping Enable Layer 2 multicast monitoring.
Bridge option Select a bridge interface.
IGMP vlan ID Add the multicast VLAN ID.
Fast leave Enable or disable fast leave.
When there are a large number of users and they join
and leave frequently, you can enable Fast leave, so that
the corresponding multicast forwarding entry can be
quickly deleted.
4.3 QoS
4.3.1 User bandwidth management
Scenario
It is used to configure the advanced bandwidth speed limit of the device and implement traffic
supervision at the IP layer. The advanced bandwidth speed limit can supervise the traffic
according to the interface and different speed limit modes, when the traffic meets the set
matching conditions, the packets are allowed to pass, and when the traffic fails to meet the
matching conditions, the packets are discarded to protect network resources from being
damaged.
Configuration steps
Step 1 Choose Basic > QoS.
Step 2 Select the User Rate Limit List tab.

Raisecom
Step 3 The interface displays the advanced bandwidth rate limit list:
 To delete an entry, click the corresponding .

 To modify configurations, click corresponding to a specified bandwidth rate limit
entry to enter the Modify Rate Limit interface.
 To add an advanced rate limit entry, click Add. The Add Rate Limit interface will appear.
Step 4 The items on the Modify Rate Limit interface are the same as those on the Add Rate Limit
 In the Rate Limit Settings section, configure the rate-limit interface, direction, and rate,
as shown in Figure 4-5.
 In the Matching Condition section, configure the matching rules, as shown in Figure 4-6.
Figure 4-5 Rate Limit Settings
Item Description
Description Description of relevant information used for this speed limit policy, a
character string, ranging from 1 to 32
Out interface Egress interface of data flow
Direction There are 3 choices:
 upload
 download
 bidirection
When selecting bidirection, you need to configure rate limiting in

both the uplink and downlink.
Traffic Traffic management is divided into:
Management  Bandwidth limit
 Average bandwidth allocation
 Share: bandwidths are equally allocated to the IP addresses in the
Type
selected IP address segment.
 Exclusive: each IP in the selected IP address segment will
exclusively enjoy this bandwidth.

Dynamic Check to enable dynamic bandwidth adjustment (applicable to the
Bandwidth share type with evenly allocated bandwidth).
adjustment

Raisecom
Item Description
Rate Average rate after rate limiting is configured. The unit is kbit/s, and
the value ranges from 10 to 100,000.
Type NULL –
of
 New flag value: configure the new flag value, which ranges from 0
Flag 802.1p
to 7, with 0 being the default.
 CFI: configure the standard format indicator. The value range is 0
or 1 with 0 being the default.
 Source direction value: configure the source direction value, which
DSCP
ranges from 0 to 63, with 0 being the default
 Reverse direction value: configure the reverse direction value,
which ranges from 0 to 63, with 0 being the default
Figure 4-6 Matching Condition
Item Description
LAN IP Rate Limit By IP Add the start IP address and end IP address that
(rate-limit Range needs to be configured with rate limiting, which
mode) should be in dotted decimal notation.
Source IP/Mask Add the source IP address that needs to be
configured with rate limiting, which should be in
dotted decimal format, and enter the subnet mask.
Click Add to add the source address/mask list.
Address Object At this time, the parameter in the drop-down list of
the Address Object is Any by default, which means
that all IP addresses are rate-limited.
Ingress Ingress interface of the data flow

Raisecom
Item Description
Time Limited period.
Select the start time and end time. NULL indicates
a non-stop limit.
Protocol Protocol Name Select the protocol of which the rate should be
type limited. If you choose ANY, other protocols cannot
be chosen.
Self-defined You can select UDP or TCP.
protocol type
Source port ID of the interface that limits the rate of received
data. The value ranges from 1 to 65535.
Destination port ID of the interface that limits the rate of sent data.
The value ranges from 1 to 65535.
4.3.2 Advanced qos config
Scenario
On this interface, you can modify the DSCP, 802.1p, MAC address, source/destination IP
address, source/destination interface, and ToS of the data flow, and modify the protocol type
as policy matching conditions.
Configuration steps
Step 2 Select the Advanced qos config tab.
Step 3 Configure advanced QoS on the interface:
 In the Global configuration section, configure global QoS.
 In the Queue configuration section, configure the weight and priority of the QoS queue.
Step 4 Click OK.

Raisecom
Figure 4-7 Advanced qos config interface
Item Description
Advanced QoS Enable or Disable advanced QoS.
Description Configure the description of advanced QoS, which is
usually the service flow used by advanced QoS, such as
TR069. It is a character string with a length ranging from 1
to 31.
Egress rate Configure the upper limit of the bandwidth on the egress
interface. The unit is kbit/s. The value ranges from 10 to
1000000.
Enforce weight Checking it indicates mandatory bandwidth, which is used
in the weighted QoS mechanism to force the upload
bandwidth of each queue. Even if there is no other queue,
the uploading bandwidth shall not exceed the set
bandwidth. The default value is Disable.
Enable DSCP rewrite Check it to enable DSCP rewrite, and rewrite the DSCP
value in the packet on the egress interface. The default
value is Disable.
Enable 802.1p rewrite Check it to enable 802.1P rewrite, and rewrite the 802.1P
value in the packet on the egress interface. The default
value is Disable.
Queue type Configure the QoS queue mechanism:
 Priority
 Weight
It is Weight by default.

Raisecom
Item Description
Out interface Select the egress interface to which advanced QoS can be
applied.
The interface option varies with actual

configurations.
Weight Configure the weight of this queue. This configuration
takes effect when Queue Type is configured as Weight.
Priority Configure the weight of this queue. This configuration
takes effect when Queue Type is configured as Weight.
Step 5 In the Match policy section, the matching policies are displayed:
 To delete a match policy, click the corresponding .

 To modify configurations, click corresponding to a specified policy route to enter
the Policy configuration Modify interface.
 To add a match policy, click Add. The Add Policy configuration interface will appear.
Step 6 The items on the Policy configuration Modify interface are the same as those on the Add
Policy configuration interface. Configure related items and click OK.
Figure 4-8 Advanced qos config page
Item Description
Enable Enable or disable this matching policy.

Raisecom
Item Description
Matched Queue Configure the ingress queue label to which this matching
policy will be applied. The system will compare the packets
according to the matching policy, and put the packets into the
designated queue according to the policy settings.
Matched Service System pre-defined service type: select the service type of the
Mode model policy.
 TR069
 Set DSCP Value: configure the DSCP value, which ranges
Policy model
from 0 to 63.
 Set 802.1P Value: configure the 802.1P value, which ranges
from 0 to 7.
 Source MAC: configure the MAC address range of the
packets matching the policy, and select the protocol of the

policy service, which can be applied to packets within this
range.
 802.1P Value: configure the 802.1P range of the packets
matching this policy, and select the protocol of the policy

service.
 Source Ip: configure the source IP address range of the

policy service.
 Destination IP: configure the destination IP address range of
the packets matching the policy, and select the protocol of

the policy service.
 Source port: configure the source interface range of the

policy service.
 Destination Port: configure the destination interface range
of the packets matching the policy, and select the protocol

of the policy service.
 IP Precedence: configure the ToS range of the packets
matching the policy, and select the protocol of the policy

service.
 DSCP Value: configure the DSCP range of the packets
matching the policy, and select the protocol of the policy

service.
 Wan interface: configure the uplink interface range of the

policy service.
 Lan interface: configure the downlink interface range of the

policy service.
The protocol types of policy services that can be

selected include any, tcp, udp, icmp, rtp, and
combinations of related protocol types.

Raisecom
4.3.3 Session limits
Scenario
It is used to configure the session limits.
Configuration steps
Step 2 Click Add and then select the Session Counter Limit tab.
Step 3 On the Session Counter Limit interface, configure related items and click OK.
Figure 4-9 Session Counter Limit interface
Item Description
Session counter Enable or disable session limits.
switch
Session limit by ip It is used to limit the sessions of each IP address within a certain
IP address range:
 IP Range: IP range with session limits
 Max session per ip: maximum session limits per IP address,
ranging from 10 to 65535
Session limit by It is used to limit the sessions of each VLAN within a certain
vlan VLAN range:
 VLAN Range vlan: VLAN range with session limits
 Max session per vlan: maximum session limits per VLAN,
ranging from 10 to 2000000
Total session Limit the count of total sessions, ranging from 10 to 2000000
counter limit

Raisecom
4.3.4 Connections management
Scenario
Configure a threshold for the number of connections in each session to control the number of
sessions. If this threshold is exceeded, no new connections will be established.
Configuration steps
Step 2 Click Add and then select the Connection Counter Management List tab.
Step 3 Click corresponding to a specified session connection to modify parameters. Then click
Submit.
Figure 4-10 Advanced qos config interface
Item Description
Total Threshold Enable or disable session limits. The default value is
Connection 2000000.
Half Max The number of uncompleted connections, 2000000 by
Connection default
Min The number of uncompleted connections, 40000 by
default
New Max The upper threshold of the number of new connections per
connection minute, 2000000 by default
per minute
Min The lower threshold of the number of new connections per
minute, 40000 by default

Raisecom
4.4 Link backup

4.4.1 Configuring link backup
Scenario
Link backup realizes the backup of the active link and supports link detection. When the
active link is disconnected, services can automatically switch to the backup link to achieve
link backup. This section is used to configure link backup on the device.
You can use the WAN and WAN sub-interface for link backup.
Configuration steps
Step 1 Choose Basic > Interface > WAN. Click Add and configure the Connection Mode to router
mode and Service Type to Management_Internet or Internet. If you configure the IPv4
address type to Static, you need to configure the default gateway.
Step 2 Choose Basic > Interface > Link_DETECT. To delete the backup link, click
corresponding to the specified backup link or check the radio box in front of the backup link
list (click the check box at the top of the table header to select all backup links), and click
Delete.
Step 3 To add a backup link, click Add. The Link detect config will appear. Configure related items
and click OK.
Figure 4-11 Link detect config interface
Item Description
Main link Select an interface to be the active link.
Backup link Select an interface to be the backup link.
The backup link and the active link cannot be the same
interface.

Raisecom
Item Description
ICMP message detect Peer IP address of the active link
server
ICMP message detect Sending interval for ICMP packets
interval
Max retry times Configure the maximum retry times for sending ICMP packets.
If there is a problem with the link, if the maximum retry

times for sending ICMP packets are exceeded, the
system switches services to the backup link.
Probe type Adopt the Ping or BFD mode.
4.5 DMZ
4.5.1 Configuring DMZ
Scenario
It is used to configure the DMZ interface of the device.
Demilitarized Zone (DMZ) is a buffer zone between a non-secure system and a secure system
established to solve the problem that the external network cannot access the internal network
server after the firewall is installed. Some open servers can be provided in the area to support
access by users on the external networks.
Configuration steps
Step 1 Choose Basic > Interface > DMZ.
Step 2 The DMZ Configuration interface will appear:
 Check OFF and then click OK to disable DMZ.
 Check ON. Configure related items and click OK to enable DMZ.

Raisecom
Figure 4-12 DMZ Configuration interface
Item Description
Attach to DMZ Select an interface to be added to the DMZ. The interfaces
can be LAN1 to LAN4 interfaces.
The interface selected should be based on the

actual condition.
IP Address IP address of the subnet where the DMZ is located
This subnet address cannot be on the same network
segment as the subnet address of the internal network.
Subnet Mask Mask of the DMZ subnet
Interface address It is enabled by default (check the Interface address radio
box), otherwise you need to manually configure DMZ
interface mapping.
Interface Select the WAN0 interface or WAN sub-interface
(pon0.46) from the drop-down list as the external network
interface.
Inside Server IP Configure the intranet server IP address.
TCP/UDP Reserved Ports Configure the DMZ reserved interface.

Raisecom
4.6 UPnP
4.6.1 UPnP
4.6.2 Configuring UPnP
Background
It is used to configure UPnP.
The PC is connected to the Internet by the gateway. When it downloads data through P2P
software (such as eMule, Thunder, and BT), the gateway enabled with UPnP will
automatically add a port mapping for the P2P software (adding a DNAT) so that the PC is
exposed to the public network and shares local resources. As stipulated by the P2P software
algorithm, the PC sharing more resources can download more resources, so it will gain a
faster downloading speed. In this case, the gateway, as the UPnP device end, provides the port
mapping service only, while the PC, as the UPnP controlling point, controls the gateway to
add or delete port mapping.
Configuration steps
Step 1 Choose Basic > Network > UPnP Config.
Step 2 Enable or Disable UPnP port mapping.
Figure 4-13 UPnP configuration interface
Item Description
UPnP PortMapping Enable or Disable UPnP port mapping

Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) 5 Configuring IPv6
5 Configuring IPv6
This chapter describes IPv6 configurations, including:

 IPv6 basic configurations
 IPv6 route
5.1 IPv6 basic configurations

5.1.1 Enabling IPv6
Scenario
It is used to enable or disable IPv6.
Configuration steps
Step 1 Choose Basic > Network > IPv6.
Step 2 Select the Basic Configuration tab.
Step 3 Configure related items and click OK.
Figure 5-1 IPv6 Function interface
Item Description
IPv6 Enable Enable or disable IPv6.
IPv4 Enable Enable or disable IPv4.

Raisecom
5.1.2 Configuring IPv6
Scenario
IPv6 is the next generation IP designed by IETF to replace the current IPv4. You can
configure the IPv6 address of the uplink and downlink interfaces.
Configuration steps
 Configure the IPv6 address of the uplink interface.
Step 2 Select IPv6 for the Protocol Mode and Router Mode for the Connection Mode. Select IPoE
for the Connect Type. Configure the IPv6 address of the uplink interface, as shown in Figure
5-2.
Figure 5-2 Uplink interface IPv6 configuration interface
Item Description
IPv6 Prefix Address Configure the IPv6 prefix acquisition mode:
Type  DHCPv6-PD: obtain the prefix through DHCPv6.
 Static: manually configure the IPv6 prefix. You need to
configure IPv6 Prefix Address.
 None: no IPv6 address prefix is configured.
IPv6 Prefix Address Configure this item when the IPv6 prefix acquisition mode is
Static.

Raisecom
Item Description
 DHCPv6-PD: obtain an IPv6 address from ISP automatically
IPv6 Address Type
through DHCPv6.
 Static: static IPv6 address configured by ISP
– IPv6 Address: IPv6 address of the uplink interface, in
colon hexadecimal notation, such as 3001::3

– IPv6 Default Gateway: IPv6 default gateway of the uplink
interface, in colon hexadecimal notation, such as 3001::3

– IPv6 Primary DNS: IPv6 address of the preferred DNS
server of the uplink interface, in colon hexadecimal

– IPv6 Secondary DNS: IPv6 address of the secondary DNS
server of the uplink interface, in colon hexadecimal

 Auto: automatically obtain an IPv6 address through ND-RA
 None: no IPv6 address is obtained.
DSLite Work Mode Configure the dual stack Lite working mode.
 Off: off
 Auto: automatic mode. Support obtaining the remote domain
name through DHCPv6, resolving the remote IP address, and
establishing a virtual channel with the remote end.
 Static: static mode. Support static remote domain name and
static remote IP address.

AFR Domain Name Configure the AFR domain name when selecting Static for the
DSLite Work Mode.
 Configure the IPv6 address of the downlink interface.

Step 2 Select the IPv6 Configuration tab.

Raisecom
Figure 5-3 IPv6 Port Configuration interface
Item Description
VLAN Select a created VLAN interface from the drop-down list.
IPv6 Address IPv6 address of the selected interface, in colon hexadecimal
Pri source It is used to obtain the prefix assigned to the LAN side.
Prefix Information Configure the static prefix.
 State(DHCPv6)
Stateless cfg
 Stateless(SLAAC)
 State(DHCPv6)
Address/Prefix type
 Stateless(SLAAC)
IPv6 DNS Cfg Configure the DNS server type of the IPv6 address.
 Wanconnection: configure the DNS obtained by the WAN
interface as the advertisement DNS.
 HGW Proxy: configure the local link address as the
advertisement DNS.
 Static: statically configure the advertisement DNS.
First IPv6 DNS Enter the IPv6 preferred DNS server address when selecting
Static for the IPv6 DNS Cfg.
Second IPv6 DNS Enter the IPv6 backup DNS server address when selecting
Static for the IPv6 DNS Cfg.
Step 4 Click to configure related items and click OK.

Raisecom
Figure 5-4 IPv6 configuration interface for downlink interface
Item Description
Send interval Configure the interval for sending router advertisements. The
unit is seconds. The value ranges from 3 to 1800. The default is
600 seconds.
Router Lifetime Configure the valid time as the default route. The unit is
seconds. The value ranges from 3 to 9000. The default is 1800
seconds.
Prefix Lifetime Configure the lifetime of the advertisement prefix:
 Infinite
 Finite: configure Valid Lifetime and Preferred Lifetime
Valid Lifetime Lease period of the IPv6 prefix, an integer, ranging from 40 to
8640000, in units of second, 0s by default
Preferred Lifetime When there are multiple available prefixes within this period,
this prefix is preferred. The period shall not exceed the valid
lifetime. The value is an integer that ranges from 40s to
8640000s, being 0s by default.
5.2 IPv6 route

5.2.1 Static route
Scenario
Static routes are a fixed routing table set in the router. You can manually add, modify, or
delete the manually created IPv6 static routing tables.
Configuration steps
Step 2 Select the Static Routing List tab.
Step 3 On the Static Route List interface:

Raisecom
 To delete an IPv6 static route, click the corresponding or check the radio box before
the IPv6 static route entry (click the check box at the top of the table header to select all
IPv6 static route entries), and click Delete.
 To modify configurations, click corresponding to a specified IPv6 static route to
enter the Modify Static Routing Entry interface.
 To add an IPv6 static route, click Add. The Add Static Routing Entry interface will
appear.
Step 4 The items on the Modify Static Routing Entry interface are the same as those on the Add
Static Routing Entry interface. Configure related items and click OK.
Figure 5-5 Add Static Routing Entry interface
Item Description
Destination Address Destination IPv6 address
Prefix Length Prefix length of IPv6 address, ranging from 0 to 128
Next Hop Address Route gateway address
Next Hop Interface Egress interface of data forwarding
Weight (Optional) route weight, ranging from 1 to 100
Distance (Optional) route priority, ranging from 1 to 255
5.2.2 Routing table
Scenario
The routing table is a spreadsheet or class database stored in a router or Internet computer.
This interface is used to view the IPv6 routing table of the device.
Configuration steps
Step 2 Select the System Routing Table tab.
Step 3 View related items on the IPv6 Routing Table interface.

Raisecom

Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) 6 Management
6 Management
This chapter introduces configurations of system management, including:

 Managing device
 Administrator
 Configuring clock
 Remote management
 Fault diagnosis
 Log management
6.1 Managing device

6.1.1 Modifying the host name
Step 1 Choose System > Hostname.
Step 2 In the set hostname section, enter the host name, and then click OK.
6.1.2 Restarting device
Scenario
When the ISCOM HT803G-WS2 fails, you can restart it to solve the program.
 Restarting the device will interrupt the services, please proceed with caution.
 Save configurations as needed before restarting to avoid configuration loss.
 After the device restarts, you need to log in again.

Raisecom
Configuration steps
Step 1 Choose System > Reboot.
Step 2 In the Reboot area, click Reboot to directly restart the device (by default, the function of
automatically saving configurations is enabled, so configurations will not be lost after restart).
Step 3 In the scheduled Reboot section, configure related items and then click OK.
Figure 6-1 Reboot interface
Item Description
Save Config After this item is selected, the system will save configurations
before restarting the device.
Scheduled Reboot Configure the scheduled reboot of the device.
 ON
 OFF
Reboot Type When enabling scheduled reboot, you can select:
 Once: restart once.
 Cycle: cycle restart.
Reboot Time Enter the reboot time.
6.1.3 One key recovery
Scenario
One-key recovery is divided into restoring factory configuration and restoring installation
configuration.
 Restoring the factory configuration will clear all current configurations, restore the
current device to the factory configuration file (that is, the system default configuration
state, including the default Web login IP address, user name, and password), and restart
the device.
 Restoring the installation configuration will clear all current configurations and restore
the current device to the previously saved installation configuration file. If the

Raisecom
installation configuration file has not been saved previously, the system will be restored
to the factory configuration (system default configuration state), and the device will be
restarted.
 One-key recovery will cause the device to restart and the service will be
interrupted. Proceed with caution.
 One-key recovery will cause all current configurations to be lost.
 After restoring the installation configuration, you need to log in using the system IP
address, user name, and password specified in the Installation Configuration File.
If you did not select Save Config previously, you need to log in to the system using
the default IP address, user name, and password provided by the system.
Configuration steps
Step 1 Choose System > Recovery Config.
Step 2 In the Restore Install Configuration section, click OK to restore the device to the previously
saved installation configuration file.
Step 3 In the Restore Factory Configuration section, click OK to restore the device to the factory
configuration file.
6.1.4 Configuration maintenance
Scenario
The system has two configuration files: the system configuration file and system installation
configuration file.
 Configuration file: refer to the configuration information automatically loaded by the
system when the device is powered off or restarted. The information in the configuration
file will not be lost when the device is powered off or restarted.
 Installation configuration file: after you click OK for the Save the installing
configuration, the configuration file will be saved as the installation configuration file. If
you click OK for the Restore Setup Configuration on the One Key Recovery interface,
you can restore the system to the state where the installation configuration file is loaded.
After you click OK for the Save the installing configuration, all previous configurations
will be saved as the installation configuration file.
Configuration steps
1. Save configurations.
Step 1 Choose System > Configuration File.
Step 2 Select the Save Install Configuration tab.

Raisecom
Step 3 In the Save the installing Configuration section, click OK. A dialog box appears. Click OK.
The configuration file is saved as the installation configuration file.
Step 4 In the Import Install Configuration Files section, click Choose File, the system will pop up a
prompt dialog box, select the file to be imported according to the file path to be imported, and
click Open.
The Install configuration file to be imported must be suffixed with ".con".

Step 5 Click IMPORT. The system will automatically upload the file. A dialog box will pop up after
uploading. Click OK.
Step 6 Restart the device to complete file importing.
Step 7 In the Export Install Configuration Files section, click Export. The system will pop up a
prompt dialog box. Select the save path and click Save. The system will automatically export
the file to the specified path.
2. Import/Export the configuration file.
Step 2 Select the Import and Export Configuration Files tab.
Step 3 In the Import Configuration Files section, click Choose File, the system will pop up a prompt
dialog box, select the file to be imported according to the file path to be imported, and click
Open.

Raisecom
The configuration file to be imported must be suffixed with ".con".

Step 4 Click IMPORT. The system will automatically upload the file. A prompt dialog box will pop
up after uploading. Click OK.
Step 5 Restart the device to complete file importing.
Step 6 In the Export Configuration Files section, click Export. The system will pop up a prompt
dialog box. Select the save path and click Save. The system will automatically export the file
to the specified path.
3. Upload the configuration file.
Step 2 Select the Configuration File Upload tab.
Step 3 Click Upload. The system will prompt a dialog box. Click OK.
6.1.5 Upgrading software
Scenario
Software upgrade provides a method to obtain the system startup file from the current local
host.
The system startup file is divided into:
 Main version: the application file used to boot and start the device under normal
circumstances.
 Standby version: the backup application file used to boot and start the device when the
main version is unavailable
When the backup version file is unavailable, the system automatically finds the available
system file in the CF card for starting.
The system supports upgrading the main version and backup version files separately.
Generally, the files of the main version and the backup version should be kept the same.
 Place the system startup file on the local host for easy use.
 The system startup file must be suffixed with ".tar".
 After the upgrade is complete, the device automatically saves configurations and
is restarted.
Configuration steps
Step 1 Choose System > Software Update.

Raisecom
Step 2 Select the version to be upgraded on the Software Update interface and click Choose File.
The system will pop up a prompt dialog box. Select the file to be upgraded according to the
file path to be upgraded, and click Open.
Step 3 Click Upgrade. The system will automatically perform uploading. A prompt dialog box will
pop up after uploading. Click OK.
Step 4 Restart the device to complete the software upgrade.
Figure 6-2 Software Update interface
6.2 Administrator
6.2.1 Configuring administrator
Scenario
According to the permission level, users are classified into the following types:
 Super administrator: it has the highest authority and can configure all items of the device.
 Ordinary administrator: generally, it is an enterprise administrator, who has the
configuration permissions for some items of the device.
 General users: it is also known as service users, who are created by super administrators
or ordinary administrators, and usually only have query permissions for some items.
Ordinary administrators and service users can only see the configuration interface with their
permissions.
The user name and user rights cannot be modified once created.
You can modify the user timeout and uniqueness, add, modify, delete users, or view user
information as needed. At the same time, you can delete the current online user and view the
rights of the current logged-in user and online users with lower rights than the current logged-
in user.
Configuration steps
1. Configure the administrator.
Step 1 Choose System > Administrator.
Step 2 Select the Administrator tab.
Step 3 In the User Configuration section, configure related items and click OK.

Raisecom
Figure 6-3 Administrator configuration interface
Item Description
User Timeout Configure the user timeout period. If you do not conduct any
operation until the timeout period expires, you will be
automatically logged out. It is in units of minute. The value ranges
from 2 to 480, with 10 being the default one.
Unique Users Enable or disable user uniqueness. Only one user is allowed to log
in to each user type at the same time after this parameter is
enabled.
Step 4 In the User Information List section:
 To delete a user, click the corresponding .

 To modify configurations, click corresponding to a specified user to enter the
Administrator Modify interface.
 To add a new user, click Add. The Add Administrator interface will appear.
Step 5 The items on the Administrator Modify interface are the same as those on the Add
Administrator interface. Configure related items and click OK.
Figure 6-4 Add Administrator interface

Raisecom
Item Description
Username Configure the username of the newly added administrator.
User Permission Configure the permission for the newly added administrator:
 Super administrator
 Ordinary administrator
 General user
User Type Configure the type of newly added administrator:

Local user: configure the Password and Confirm password.
User Information Describe the newly added administrator. It is a string of 0 to 127
characters.
Password When the User Type is Local User, you need to enter the
authentication password. It is a string of 4 to 38 characters. It is
recommended that the password contain characters, numbers, and
special characters at the same time.
Confirm When the User Type is Local User, re-enter the authentication
Password password.
User Status Enable or disable the newly added administrators.
2. Configure the online administrator.

Step 1 Choose System > Administrator.
Step 2 Select the Online Administrator tab.
Step 3 View related items. To delete the current online user, click the corresponding so that the
online user will be logged out.
Figure 6-5 Online Users Information List
6.3 Configuring clock

6.3.1 Configuring clock
Scenario
To ensure cooperation with other devices in the network, you need to configure the system
time accurately. The device supports the manual setting of system time and NTP automatic
time synchronization.

Raisecom
NTP is used to configure the network clock source for device synchronization, to achieve
automatic and regular synchronization of the device's standard time and ensure clock
synchronization between the device and the network clock source.
Configuration steps
Step 1 Choose System > NTP.
Step 2 In the Settings network time protocol function section, the current system time is displayed.
Step 3 In the Sets the system time section, configure related items, and then click OK.
Figure 6-6 Network Time Protocol interface
Item Description
Time zone choices Select the current time zone.
Automatic Server/Backup Configure the domain name of the clock
synchronization server synchronization server and the backup clock
synchronization server.
You cannot configure the server and the

recommend server at the same time.
Recommend It lists the time servers commonly used on the
Server Internet for users to choose.
Synchronization The device periodically synchronizes the clock with
Time the NTP server. This period is the synchronization
time. The unit is minutes, the default value is 60,
and the value ranges from 5 to 65535.

Raisecom
Item Description
Manually Set Manually configure the system time. Limited by the
system, the time can only be configured up to the
year 2035.
6.4 Remote management

6.4.1 Remote management
Scenario
Remote management is used to configure the Web server port of the device so that the device
can be remotely logged in to through the Web server port.
Configuration steps
Step 1 Choose Basic > Remote > Remote.
Step 2 In the Web Server Port section, configure the port of the HTTP server and port of the HTTPS
server. Click OK.
Figure 6-7 Web server port configuration interface
Item Description
HTTPS Configure the port of the HTTPS server.
HTTP Configure the port of the HTTP server.
6.4.2 TR-069
Scenario
 The device supports TR069 remote management, which enables the management
personnel to complete remote maintenance, assistance, and control through computer
networks in different places, conducive to centralized deployment and maintenance.
 TR-069 is a terminal equipment-oriented network management protocol, called CPE
WAN Management Protocol (CWMP), developed by the Digital Subscriber Line (DSL)
Forum, which provides a general framework and protocol for the management and

Raisecom
configuration of the home network and is used for remote centralized management of
gateways, routers, STBs and other devices in the home network from the network side.
Configuration steps
1. Configure the ACS.
Step 1 Choose Basic > Remote > TR-069.
Step 2 In the ACS Configuration section, configure related parameters.
Figure 6-8 ACS Configuration interface
Item Description
URL ACS URL address
The URL must be a valid HTTP or HTTPS URL, such as
http://192.168.2.4:7547/ACS.
User Name When the CPE attempts to connect to the ACS through CWMP,
the ACS uses this username to authenticate the CPE.
The user name is only used for HTTP authentication.
Password When the CPE attempts to connect to the ACS through CWMP,
the ACS uses this password to authenticate the CPE.
The password is only used for HTTP authentication.
2. Configure the CPE.

Step 3 Choose Basic > Remote > TR-069.
Figure 6-9 CPE Configuration interface

Raisecom
Item Description
URL Use an HTTP URL. ACS can connect to the URL of the
CPE. The format is http://host:port/path. The host part of
the URL may be the IP address of the CPE management
interface, for example: http://192.168.1.1:7547/cpe.
User Name When the ACS attempts to connect to the CPE, this
username is used to authenticate the ACS.
Password When the ACS attempts to connect to the CPE, this
password is used to authenticate the ACS. When reading
the value, the system always returns an empty string,
regardless of the value.
CPE Interface ACS connects to CPE through this interface. At the same
time, the host part of the URL of CPE will become the IP
address of this interface.
Send Period CPE reporting period, in units of second, ranging from 1 to
2000000000, 600 by default
CPE Enable or disable CPE CWMP.
LOID Certification Enable or disable LOID certification.
6.5 Fault diagnosis

6.5.1 Ping
Scenario
Ping is a network diagnostic tool, mainly used to detect whether the target host is available
and determine the network connection status.
Configuration steps
Step 1 Choose System > Diagnose Tool.
Step 2 Select the Ping tab.
Step 3 Configure related items and click Start.
Step 4 It takes a while for the Ping operation. After Ping finishes, the statistics will be displayed
automatically in the Result section. You can judge the network connection status according to
the statistics.

Raisecom
Figure 6-10 Ping Diagnostic interface
Item Description
Destination Address or Destination address or domain name used for Ping diagnosis
Domain Name
Packet Length Length of the packet sent during Ping diagnosis, ranging from
0 to 65507
Number of Packets Number of packets sent during Ping diagnosis, ranging from 1
to 65535
Source Address Click the radio box to configure the source address of packets
sent during Ping diagnosis.
Outgoing Interface Click the radio box and select the egress interface used to send
packets during Ping diagnosis from the drop-down list.
6.5.2 Tracert
Scenario
Tracert, the same as Ping, is a commonly used network diagnostic tool.
Tracert is often used to test the network node that a packet passes from the sender to the
destination, detect whether the network connection is available, and analyze the fault point in
the network.
Configuration steps
Step 2 Select the Tracert tab.

Raisecom

Step 4 It takes a while for the Tracert operation. After Tracert finishes, the statistics will be displayed
automatically in the Result section. You can judge the network connection status according to
the statistics.
Figure 6-11 Trace Route Diagnostic interface
Item Description
Trace Route Destination address or domain name used for Tracert
diagnosis
UDP Port Probe Enable UDP interface detection or not.
UDP Port Number Configure the UDP interface number that enables UDP
interface detection. The value ranges from 1 to 65534.
6.5.3 HTTP Get
Scenario
HTTP Get provides connectivity check between the device and the specified HTTP server to
determine the access permission to a certain HTTP service.
Configuration steps
Step 2 Select the HTTP Get tab.
Step 4 It takes a while for the Http Get operation. After Http Get finishes, the Http Get checking
results will be displayed automatically in the Result section.

Raisecom
Figure 6-12 HTTP Get Diagnostic interface
Item Description
Destination Address or Destination address or domain name for HTTP Get
Domain Name diagnosis
Port Configure the interface number for HTTP Get diagnosis.
The value range ranges from 1 to 65535, and the default
value is 80.
6.5.4 DNS Query
Scenario
Domain Name System (DNS) provides conversion between domain names and IP addresses.
When you need to query the IP address corresponding to a domain name, you can use DNS
Query.
Configuration steps
Step 2 Select the DNS Query tab.
Step 4 It takes a while for the DNS Query operation. After DNS Query finishes, the DNS Query

Raisecom
Figure 6-13 DNS Query Diagnostic interface
Item Description
Destination Domain Name Domain name of DNS Query diagnosis
6.5.5 TCP Query
Scenario
TCP Query is used to test whether a TCP connection can be established with the target host.
Configuration steps
Step 2 Select the TCP Query tab.
Step 4 It takes a while for the TCP Query operation. After TCP Query finishes, the TCP Query

Raisecom
Figure 6-14 TCP Query Diagnostic interface
Item Description
Destination Address or Destination address or domain name used for TCP Query
Domain Name diagnosis
Port Number Configure the interface number where TCP Query
diagnosis will be enabled. The number ranges from 0 to
65535.
Number of Packets Number of packets sent during TCP Query diagnosis
The value ranges from 1 to 10. The default value is 4.
6.6 Log management

6.6.1 Local log
Scenario
Local log means that the device records system information and debugging information in the
form of a log, which is convenient for users to view and locate the fault when the device fails.
There are 8 types of local logs by source:
 Device alarm log
 Login log
 Operation log
 ARP attack log
 DDoS log

Raisecom
 URL log
 Traffic logs
 NAT logs
Local logs are classified into 8 levels according to severity, as listed in Table 6-1.
Table 6-1 Log levels

Level Description
Urgent System unavailable message
Alarm Message that needs to be processed immediately
Severe Serious messages
Error Error message
Warning Warning message
Notice Normal but important message
Information Announcement message
Debugging Message generated during the debugging process
Configuration steps
1. Configure local logs.
Step 1 Choose Basic > Remote > Syslog.
Step 2 Select the Local tab.

Raisecom
Figure 6-15 Local log configuration interface
Item Description
Local Log (State/Level) Enable or disable the log server.
All Logs When this parameter is enabled, each of the following log
functions will be enabled. When this parameter is disabled,
each of the following log functions will be disabled.
Equipment Alarm Log Enable or disable the alarm log.
Login Log Enable or disable the login log.
Operation Log Enable or disable the operation log.
ARP Attack Log Enable or disable the ARP attack log.
DDoS Log Enable or disable the DDoS log.
URL Filtering Hit Enable or disable the URL filtering hit log.
Nat Log Enable or disable the NAT log.
2. Check local logs.

Step 1 Choose System > Local log.
Step 2 Configure related items and click Search.
Step 3 To clear all local logs, click Clear Log.

Raisecom
Figure 6-16 Local Log Configuration interface
Item Description
Type It includes:
 All Logs
 Equipment Alarm Log
 Login Log
 Operation Log
 ARP Attack Log
 DDoS Log
 URL Filtering Hit
 Flow Log
 nat log
 Private log
Level It includes:
 All
 Emergency
 Alarm
 Serious
 Error
 Warning
 Notice
 Information
 Debug
Time Range The format is year-month-day hour: minute: second, such as 2010-
04-19 01:02:03.
Number of records Log entries output per screen.
6.6.2 Remote log
Scenario
It is used to configure remote Syslog management.

Raisecom
Configuration steps
Step 1 Choose Basic > Remote > Syslog.
Step 2 Select the Remote tab.
Figure 6-17 Remote log configuration interface
Item Description
Log Server Status Enable or disable the log server.
Address or Hostname IP address or domain name of the log server
Server Port Service interface of the log server, ranging from 1 to
65535, 514 by default
All Logs When this parameter is enabled, each of the following log
functions will be enabled. When this parameter is disabled,
each of the following log functions will be disabled.
Equipment Alarm Log Enable or disable the alarm log.
Login Log Enable or disable the login log.
Operation Log Enable or disable the operation log.
ARP Attack Log Enable or disable the ARP attack log.
Flow Log Enable or disable the flow log.
DDoS Log Enable or disable the DDoS log.
URL Filtering Hit Enable or disable the URL filtering hit log.
Nat Log Enable or disable the NAT log.

Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) 7 Security
7 Security
This chapter introduces security configurations, including:

 Firewall
 Filtering website
 Access control
 MAC address filtering
 ARP attack prevention
 DDoS attack prevention
7.1 Firewall
7.1.1 Configuring Firewall
Scenario
On the one hand, the firewall can prevent unauthorized access to protected networks from the
Internet. On the other hand, it allows intranet users to access the Internet or send and receive
E-mail. The firewall can also be used as an access control gateway to access the Internet, such
as allowing specific hosts in the organization to access the Internet.
In addition to controlling the Internet connection, the firewall can also be used to protect the
mainframe and important resources (such as data) within the organization's network. Access
to the protected data must be filtered by the firewall. Even if users inside the network want to
access the protected data, they must also pass the firewall.
The security level of the firewall is divided into high, medium and low. You can enable or
disable the firewall as needed, and configure the security level of the firewall.
Configuration steps
Step 1 Choose Security > Security > Firewal.

Raisecom
Figure 7-1 Firewall Configuration interface
Item Description
Firewall Configuration Enable or disable Firewall.
Security Level The security level includes:
 low
 medium
 high
7.2 Filtering website

7.2.1 Configuring website filtering
Scenario
Configure basic and advanced options for website filtering. URL filtering restricts access to
web pages on the Internet that meet the filtering conditions by configuring URLs and
keywords.
Configuration steps
1. Configure website filtering.
Step 1 Choose Security > Security > URL Filter.
Step 2 Select the Web Filter tab.
Step 3 Click ON or OFF in the Web Filter section and then click OK.
Figure 7-2 Web Filter interface
Item Description
Web Filter Enable or disable web filtering.
Step 4 In the Page Redirect Set section, configure the redirection URL and then click OK.

Raisecom
Figure 7-3 Page Redirect Set interface
Item Description
Redirect URL The user's Web access request is redirected to the specified URL.
If the URL request of the internal user is blocked, a Web push page
will be displayed on the internal user's browser page to remind the
user that access is restricted.
Step 5 In the Filter Type Set section, configure related items and click OK.
Figure 7-4 Filter Type Set interface
Item Description
Filter Type Select Black List or White List.
Step 6 In the Add Filter Rule section, enter the URL and click Add.
Figure 7-5 Add Filter Rule interface
Item Description
URL Add an access control rule, which should be a character string with
the length ranging from 1 to 99.
Step 7 In the Delete Filter Rule section, all filtering rules are displayed. Click the check box in front
of one or more filter rules, or click the check box at the top of the table header (indicating that
all filter conditions are selected), and click Delete to delete the filter rule.
For the filter type:

Raisecom
 The blacklist contains entries that meet the rules and are refused to pass. For
entries which do not fall into the blacklist, they are allowed to pass by default. The
result is that URLs which meet the filtering rules are denied, and the rest are
allowed to pass.
 The whitelist contains entries that meet the rules and are allowed to pass. For
entries which do not fall into the whitelist, they are denied by default. The result is
that only URLs which meet the filtering rules are allowed to pass, and the rest are
denied.
When the filter rule is deleted, the corresponding filter rule in the content of the
blacklist/whitelist uploaded to the gateway will also be deleted.
Figure 7-6 Delete Filter Rule interface
Item Description
Delete Filter Rule You can delete one rule or multiple rules at once.
Step 8 Click and then configure related items.

Step 9 Click OK.
Figure 7-7 Advanced Options interface

Raisecom
Item Description
URL Keywords Configure URL keywords to be filtered.
Filter You can filter a certain type of file by using the suffix of the file name
as the URL keyword, for example: to filter GIF images, you can
add .gif to the URL keyword filtering list.
File Type Filter Configure the file types to be filtered.
Common file types can be selected from the list of file types. If it is not
a common file type, you can add a file type filtering policy by
configuring the file type and the multimedia type
HTTP Protocol Enable or disable HTTP verification.
Verify
Max Length of Configure the maximum length of the URL during the HTTP request.
URL Set Requests exceeding this length will be rejected. The value is an integer
with a length ranging from 10 to 2048. The default value is 1024.
Security Content filtering for HTTP responses, including:
Defend  APPLET: filter the content with applet tags in the HTML returned to
the user.
 COOKIE: clear the cookie header entity in HTTP requests and
responses.
 OBJECT: filter the content with object tags in the HTML returned to
the user.
 PROXY: block HTTP proxy requests.
 SCRIPT: filter the content with script tags in the HTML returned to
the user.
The blocked content contains the HTTP response with the specified tag,
or the HTTP response contains the HTTP header entity of the specified
type. Content filtering is effective for uncompressed and unencrypted
HTML documents.
 Always: filter at all times.
Time Range
 Select Time: filter within the specified time. You need to choose a
For URL Filter
specific period.
7.2.2 Local uploading
Scenario
On this interface, you can upload or download the blacklist/whitelist. You can upload the
blacklist/whitelist to the device, or download the blacklist/whitelist from the device.
Configuration steps
Step 1 Choose Security > Security > URL Filter.
Step 2 Select the Local Update tab.

Raisecom
Step 3 In the Black/White Lists Upload area, click Choose File. Choose the directory of the file to be
imported, and click Open. Click Upload. The system automatically uploads the file. After
uploading is complete, a dialog box appears. Click OK.
Step 4 In the Black/White Lists Download area, click Download. A dialog box appears. Choose the
directory to save the list. The system automatically saves the blacklist/whitelist file to the
specified directory.
Figure 7-8 Black/White Lists upload interface and Black/White Lists download interface
7.3 Access control

7.3.1 Configuring access control
Scenario
You can specify a specific intranet IP address segment by period and protocol to allow or
prohibit other devices from accessing the specified destination address. The access control
policy is divided into two parts:
 Security policy: filter data by the combination of source interface, source address name,
destination interface, destination address name, service, and time object.
 Connection limit: filter the data by PERMIT mode, and can limit the total number of
connections or host connections according to the filtering results. The host connection
limit can be based on the connection limit of the destination address or source address.
Configuration steps
Step 1 Choose Security > Security > Access Control.
Step 2 Select the Policy of Access Control tab.
Step 3 In the List of Policy section:
 To delete a policy, click the corresponding .

 To modify configurations, click corresponding to a specified policy list to enter the
Modify policy interface.

Raisecom
 To add a new policy list, click Add. The Add policy interface will appear.
Step 4 The items on the Modify policy interface are the same as those on the Add policy interface.
Configure related items and click Submit.
Figure 7-9 Add policy interface
Item Description
Source Interface Configure the ingress interface of the data packet to be controlled.
You can specify an interface. Any means all interfaces.
Source Address Configure the source IP address range of the data packet to be
Name controlled. You can refer to a defined address object or address
object group. Any indicates that the source address is arbitrary.
Destination Configure the egress interface of the data packet to be controlled.
Interface You can specify an interface. Any means all interfaces.
Destination Address Configure the destination IP address range of the data packet to be
Name controlled. You can refer to a defined address object or address
object group. Any indicates that the destination address is
arbitrary.
Service Configure the packet type or interface of the data packet to be
controlled. Any means that the service is arbitrary.
Time Object Valid time of the policy
You can refer to the configured time object. Always means all
time.
 On: this policy takes effect.
State of Security
 Off: this policy does not take effect.
Policy
Mode Actions performed on packets that match the matching conditions
 PERMIT: allow qualified data packets to pass.
 DENY: deny qualified data packets.

Raisecom
Item Description
Total Connection Total number of connections matching the current policy, ranging
count from 10 to 65535
 Source address: match the connection limit corresponding to the
Limit of Host
Connection Count source address of the policy.
 Destination address: match the connection limit corresponding to
the destination address of the policy.
Description Describe the policy.
7.3.2 Time object
Scenario
Configure the time object of access control to enable users to control access to data packets in
different periods. Time objects are used to describe a special time range. According to the
needs of users, some access control rules need to take effect within a certain period or certain
periods, while packet filtering is not performed in other periods. At this time, the user can first
configure one or more periods, and then refer to the time object when configuring access
control rules, thereby implementing access control based on the time object.
The configuration of the time object is as follows:
 Configure absolute time object: the event happens within a fixed period with a start time
and the end time.
 Configure cycle time object: the event happens in an absolute time, in the format of
certain days of the week.
Configuration steps
Step 2 Select the Time Object tab.
Step 3 In the List of Cycle Time section:
 To delete the time object, click the corresponding .

 To modify configurations, click corresponding to a specified time object to enter
the Time Object Modify interface.
 To add a time object, click Add.
The name of the time object cannot be modified when you modify the time object.
Step 4 The items on the Time Object Modify interface are the same as those on the Time Object Add

Raisecom
Figure 7-10 Time Object Modify/Add interface
Item Description
Name Name of the time object
Description Describe the time object.
Week For the week corresponding to the time object, configure the
effective time within a week.
Start Time Start time of the time object
End Time End time of the time object
 The start and end time and week must be set at the same time or not set at the
same time (that is, keep the start and end time as 00:00 – 00:00, and do not select
any item in the week). When none is set, it means that the access control policy is
effective at all times.
 The start time should be earlier than the end time.
7.3.3 Service object
Scenario
Service objects may be referenced when you configure access control entries. Some well-
known service objects have been created during system initialization. If these default service
objects still cannot meet the requirements, you can customize your service by creating service
objects.
The service object can be a combination of TCP source interface and destination interface, a
combination of UDP source interface and destination interface, a combination of ICMP
protocol type and code or IP number, or a combination of these protocols.
Configuration steps
Step 2 Select the Service Object tab.
Step 3 In the List of Customed Service section:

Raisecom
 To delete the service object, click the corresponding .

 To modify configurations, click corresponding to a specified service object to enter
the Service Object Modify interface.
 To add a service object, click Add.
The name of the service object cannot be modified when you modify the service
object.
Well-known service objects predefined by the system cannot be added again. The
system can include up to 200 service objects, including predefined well-known
service objects.
Step 4 The items on the Service Object Modify interface are the same as those on the Service Object
Add interface. Configure related items and click OK.
Figure 7-11 Service Object Modify/Add interface
Item Description
Name Name of the service object
Description Describe the service object.
Protocol Protocol type
Configure access control through the protocol used to transmit data
packets, including TCP, UDP, ICMP, and IP.
Source port The matching source interface range when the protocol is TCP or
number UDP
Configure this item only when the packet protocol is TCP or UDP.
Destination port The matching destination interface range when the protocol is TCP or
number UDP
Configure this item only when the packet protocol is TCP or UDP.
Type Specify the type of ICMP packets. Configure this item only when the
packet protocol is ICMP. The value ranges from 0 to 255.

Raisecom
Item Description
Code Code of ICMP packet type
Configure this item only when the packet protocol is ICMP. The value
range ranges from 0 to 255.
Protocol number IP number
Configure this item only when the packet protocol is IP.
7.3.4 Address object
Scenario
IP address objects need to be referenced when you configure access control entries. The
system uniformly manages the network sessions that need to be filtered through the IP address
object.
The address object can be a single host address, network segment address, MAC address or
address range, or any combination of the above several address types.
Configuration steps
Step 2 Select the Address Object tab.
Step 3 In the List of Address section:
 To delete an address object, click the corresponding .

 To modify configurations, click corresponding to a specified address object to enter
the Address Object Modify interface.
 To add an address object, click Add.
 The name of the address object cannot be modified when you modify the address
object.
 The system supports up to 512 IP address objects.
Step 4 The items on the Address Object Modify interface are the same as those on the Address
Object Add interface. Configure related items and click OK.

Raisecom
Figure 7-12 Address Object Modify/Add interface
Item Description
Name Name of the address object
Description Describe the address object.
 Host: the address object is a single host.
Type of Node
 Subnet/mask: the address object is a certain network segment.
 MAC address: the address object is a MAC address.
 Scope: the address object is a range of IP addresses.
Host Host address
Configure this item when you select Host from the Type of Node
drop-down list.
Subnet/mask Network segment of the address object
Configure this item when you select Subnet/mask from the Type
of Node drop-down list.
MAC address MAC address of the address object
Configure this item when you select MAC address from the Type
of Node drop-down list.
Scope IP address range of the computer to be controlled in the LAN
Configure this item when you select Scope from the Type of
Node drop-down list.
7.4 MAC address filtering

7.4.1 Filtering MAC address
Scenario
By configuring MAC address filtering of the enterprise gateway, you can limit the users who
access the network according to the configured MAC address filtering parameters.
MAC address filtering supports:
 Filter the Ethernet frames whose encapsulation content is not IP packets.

Raisecom
 Filter the Ethernet frames whose destination MAC address is the multicast address.
 Filter the Ethernet frames whose source MAC address or destination MAC address in the
frame header matches the configured MAC filter entry.
Configuration steps
Step 1 Choose Security > Security > MAC Filter.
Step 2 In the Function Set section, configure related items.
Figure 7-13 Filter MAC Address interface
Item Description
Enable Switch Enable or disable MAC address filtering.
Type of filter After enabling MAC address filtering, you can select:
 Allow: only allow this MAC address to access the network.
 Not allow: prohibit this MAC address from accessing the
network.
Step 3 In the List of MAC Address section:

 Check the radio box in front of a specified MAC address, or click the check box at the
top of the table header (indicating that all MAC addresses are selected), and click Delete
to delete the filtered MAC address.
 Click Add to add a MAC address. The interface for adding a MAC address will appear.
Enter the MAC address and click OK.
Figure 7-14 MAC Address Add interface
Item Description
MAC Address Used for filtering MAC addresses

Raisecom
7.5 ARP attack prevention

7.5.1 Configuring ARP attack prevention
Scenario
ARP spoofing can be implemented by forging IP addresses and MAC addresses, which can
generate a large amount of ARP traffic in the network and block the network. As long as the
attacker continuously sends out fake ARP response packets, the target host ARP cache can be
changed, causing network interruption or Man-in-the-Middle (MITM) attack.
After a network is attacked by ARP, there will be situations where the Internet cannot be
accessed normally; the number of ARP packets increases; MAC addresses are abnormal or
incorrect; one MAC address corresponds to multiple IPs; IP conflicts.
Configuration steps
Step 1 Choose Security > Security > ARP Prevent.
Step 2 Select the Prevent ARP Attack tab.
Figure 7-15 Prevent ARP Flood interface
Item Description
 Enable: enable ARP Flood prevention.
Prevent ARP Flood
 Disable: disable ARP Flood prevention.
ARP Flooding If the number of packets sent by the same host per second to the
Threshold device exceeds this threshold, it is considered a Flood attack. The
unit is packets/second. The default value is 300, and the value
ranges from 2 to 10000.
Attack Host It refers to the time when the device, after being attacked, does not
Inhibition Time receive the packet sent by the host which initiates the flood attack.
The unit is second. The default value is 60. The value ranges from
10 to 65535.
7.5.2 Self-defined packet sending
Scenario
The device supports self-defined packet sending. You can customize the ARP packet to be
sent from the specified interface.

Raisecom
Configuration steps
Step 2 Select the Custom Contract tab.
Step 3 Click Edit. Configure related items and click OK.
Figure 7-16 Custom Contract Configuration Information interface
Item Description
 ON: enable self-defined packet sending.
Operation
 OFF: disable self-defined packet sending.
 Request: the packet sent is a request packet.
Direction
 Response: the packet sent is a response packet.
Source IP Source IP address of the self-defined packet
Destination IP Destination IP address of the self-defined packet
Source MAC Source MAC address of the self-defined packet
The default value is 00:00:00:00:00:00.
Destination MAC Destination MAC address of the self-defined packet
The default value is 00:00:00:00:00:00.
Contract Number Packet sending times, ranging from 1 to 1000, being 1 by default
Time interval Interval for sending data packets, in units of second, ranging from
1 to 10, being 1 by default
Send interface Configure the packet sending interface.

Raisecom
7.5.3 ARP table
Scenario
After the device resolves the destination MAC address through ARP, it will add an IP-to-
MAC mapping entry to its ARP table for subsequent forwarding of packets to the same
destination. You can view the ARP entries that communicate with this device in the ARP table.
Configuration steps
Step 2 Select the ARP Table tab.
Step 3 To delete an ARP entry, click the corresponding to the entry.
Figure 7-17 ARP Table Information
7.5.4 Monitor
Scenario
You can view the log information about the ARP flood attack through the monitor.
Configuration steps
Step 2 Select the Monitor tab.
Step 3 View the logs on the Monitor Information interface.
Figure 7-18 Monitor Information interface
7.5.5 ARP spoofing prevention
Scenario
You can enable ARP spoofing prevention on this interface.

Raisecom
Configuration steps
Step 2 Select the Prevent ARP CHEAT tab.
Step 3 Click Enable.
Figure 7-19 Prevent ARP CHEAR interface
7.6 DDoS attack prevention

7.6.1 Configuring DDoS attack prevention
Scenario
In the network, the data packets are transmitted over the Internet through TCP/IP. The data
packets themselves are harmless, but too many data packets will cause overload of network
equipment or servers. Or the attackers use some protocols or application defects to artificially
construct incomplete or malformed data packets, which also causes the network device or
server to take a long time to process services and consume too many system resources, thus
failing to respond to normal services.
You can configure anti-DDoS for the device on this interface. It is generally classified into
three types: anti-DDoS attack, anti-abnormal packet attack, and anti-scan attack. Anti-DDoS
is configured to prevent the attack packets from attacking the CPU and ensure that the server
can operate normally under attack.
Configuration steps
Step 1 Choose Security > Security > DDos Prevent.

Raisecom
Figure 7-20 Abnormal Packet Attack Defense interface
Item Description
DDoS Attack Type Select the types of packets to be prevented, including
Attack SYN Flood, TCP Flood, DNS Flood, UDP Flood, and
Defence ICMP Flood.
Defend Action Defense action when being attacked: discard the
packet.
Threshold Configure the connection rate threshold for flood
attack prevention. The unit of SYN Flood and TCP
Flood packets is half connections/second, and the unit
of other types of packets is connections/second. The
default value is 2000 and the value ranges from 400 to
60000.
Abnormal Jolt2 Enable Jolt2 attack detection or not.
Packet
Attack Land-Base Enable Land-Base attack detection or not.
Defence PING of death Enable PING of death attack detection or not.
TCP flag Enable TCP flag attack detection or not.
Tear Drop Enable Tear Drop attack detection or not.
Winnuke Enable Winnuke attack detection or not.
Smurf Enable Smurf attack detection or not.
ICMP Redirect Enable ICMP Redirect attack detection or not.
Scan TCP Scan Detect TCP packets.
Attack
Defence UDP Scan Detect UDP packets.
ICMP Scan Detect ICMP packets.

Raisecom
Item Description
Scan Identity Configure the connection rate threshold for anti-scan
Threshold attacks, in units of connection/second. The default
value is 1000, and the range is from 10 to 65535.
Host Suppression The time when the device, after being attacked, does
Duration not receive packets sent by the host which initiates the
scan attack. The unit is seconds. The value ranges

Raisecom
ISCOM HT803G-WS2 (N) Configuration Guide (Web) 8 Appendix
8 Appendix
This chapter includes the following sections:

 Terms
 Acronyms and abbreviations
8.1 Terms
B
It refers to the process of forwarding network data
Bridging packets according to the address of the data link layer
in the OSI seven-layer model.
 Blacklist: those MAC addresses in the blacklist are
forbidden to pass.
Blacklist/Whitelist  Whitelist: those MAC addresses in the whitelist are
allowed to pass.
F
It is an application security technology based on
network communication technology and information
security technology. It is the unique ingress & egress
Firewall for different networks or security domains. It can
control ingress and egress traffic according to access
control policies (permit, deny, and monitor).
Moreover, it has strong resistance to attacks.

Raisecom
A process of transmitting packets of data from one

source to many destinations. The destination address
of the multicast packet uses Class D address, namely,
the IP address ranges from 224.0.0.0 to
Multicast 239.255.255.255. Each multicast address represents a
multicast group rather than a host. The multicast
technology can effectively solve problems of point-to-
multipoint transmission, save network resources, and
enhance information security.
P
It refers to quickly forwarding the collated information
resources to the user's interface in the form of a web
page to realize the user's multi-level needs, allowing
Page pushing
the user to set the required information channel
himself and receive customized information directly
on the user side.
T
It is a network management protocol made by the
Digital Subscriber Line (DSL) Forum for terminal
devices, also called Customer Premised Equipment
WAN Management Protocol (CWMP). It provides a
TR069 general framework and protocol for managing and
configuring home network devices in the next
generation network. It can remotely and centrally
manage gateways, routers, and Set Top Boxes (STBs)
in a home network at the network side.
V
Network scheme in which portions of a network are
connected via the Internet, but information sent across
the Internet is encrypted. The result is a virtual
network that is also part of a larger network entity.
Virtual Private Network (VPN) This enables corporations to provide telecommuters
and mobile professionals with local access to their
corporate network or another ISP network. VPNs are
possible because of technologies and standards such as
tunneling, screening, encryption, and IPsec.
8.2 Acronyms and abbreviations

A
ACL Access Control List

Raisecom
ARP Address Resolution Protocol

ALG Application Layer Gateway
C
CDMA Code Division Multiple Access
CHAP Challenge Handshake Authentication Protocol
D
DDoS Distributed Denial of Service
DHCP Dynamic Host Configuration Protocol
E
EVDO Evolution-Data Optimized
EoIP Ethernet over IP
F
FTP File Transfer Protocol
G
GRE Generic Routing Encapsulation
I
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering Task Force
IP Internet Protocol
International Telecommunications Union -
ITU-T
Telecommunication Standardization Sector
IGMP Internet Group Management Protocol
IPSec IP Security
L
L2TP Layer Two Tunneling Protocol
LAN Local Area Network

Raisecom
LDAP Lightweight Directory Access Protocol
M
MAC Medium Access Control
MIB Management Information Base
N
NTP Network Time Procotol
NAT Network Address Translation
O
OAM Operation, Administration, and Management
OSPF Open Shortest Path First
P
PC Personal Computer
PPPoE Point-to-Point Protocol over Ethernet
PTP Precision Time Protocol
PON Passive Optical Network
PAP Password Authentication Protocol
Q
QoS Quality of Service
R
RADIUS Remote Authentication Dial In User Service
RIP Routing Information Protocol
S
SIM Subscriber identity module
Syslog System Log
SSH Secure Shell
SSL Security Socket Layer

Raisecom
T
TCP Transmission Control Protocol
Time Division-Synchronous Code Division
TD-SCDMA
Multiple Access
U
URL Uniform Resource Locator
UA User Agent
V
VLAN Virtual Local Area Network
VPDN Virtual Private Dial Network
W
WLAN Wireless Local Area Network
WAN Wide Area Network

Address: Raisecom Building, No. 11, East Area, No. 10 Block, East Xibeiwang Road, Haidian
District, Beijing, P.R.China Postal code: 100094 Tel: +86-10-82883305
Fax: 8610-82883056 http://www.raisecom.com Email: export@raisecom.com

ISCOM - HT803G-WS2 (N) - Configuration - Guide - (Web) - (Rel - 01)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISCOM - HT803G-WS2 (N) - Configuration - Guide - (Web) - (Rel - 01)

Uploaded by

Copyright:

Available Formats

www.raisecom.

ISCOM HT803G-WS2 (N)

is the trademark of Raisecom Technology Co., Ltd.

Product name Hardware version Software version

Indicate a potentially hazardous situation that, if not avoided,

Raisecom Proprietary and Confidential

Book Antiqua Heading 1, Heading 2, Heading 3, and Block are in Book

Raisecom Proprietary and Confidential

Raisecom Proprietary and Confidential

3 Configuring basic Internet access functions............................................................................ 8

Raisecom Proprietary and Confidential

3.6.1 DNS ...................................................................................................................................................... 34

4 Configuring basic functions ..................................................................................................... 49

5 Configuring IPv6 ......................................................................................................................... 67

Raisecom Proprietary and Confidential

8 Appendix .................................................................................................................................... 114

Raisecom Proprietary and Confidential

Figure 2-1 Logging in to device ............................................................................................................................. 3

Figure 2-3 Information interface ............................................................................................................................ 7

Figure 3-1 GPON Interface configuration interface ............................................................................................... 9

Figure 3-3 Optical Module Statistics interface ..................................................................................................... 10

Figure 3-4 WAN Interface Configuration interface .............................................................................................. 11

Figure 3-5 WAN0 Modify interface ..................................................................................................................... 11

Figure 3-7 LAN interface configuration interface ................................................................................................ 17

Figure 3-8 VLAN Information List interface ....................................................................................................... 18

Figure 3-9 LAN statistics and VLAN statistics interface ..................................................................................... 19

Figure 3-10 Wired terminal interface ................................................................................................................... 19

Figure 3-11 VLAN Create & Delete .................................................................................................................... 20

Figure 3-12 VLAN Interface Configuration interface .......................................................................................... 21

Figure 3-13 Disabling DHCP services ................................................................................................................. 23

Figure 3-14 Interface acting as a DHCP client ..................................................................................................... 23

Figure 3-15 Interface acting as a DHCP server .................................................................................................... 24

Figure 3-16 Interface acting as a DHCP relay ...................................................................................................... 25

Figure 3-18 Excluded Address interface .............................................................................................................. 27

Figure 3-19 Add Static Address Allocation Item interface ................................................................................... 28

Figure 3-21 DHCP Monitor List interface ........................................................................................................... 30

Figure 3-22 Application Layer Gateways Configuration interface ...................................................................... 30

Raisecom Proprietary and Confidential

Figure 3-24 Create Source NAT rules interface ................................................................................................... 32

Figure 3-25 Create global static conversion rules interface ................................................................................. 33

Figure 3-27 Add DDNS interface ......................................................................................................................... 35

Figure 3-28 WLAN Advanced Configuration ...................................................................................................... 37

Figure 3-30 Modify Basic WLAN Configuration interface ................................................................................. 39

Figure 3-31 WLAN Advanced Configuration ...................................................................................................... 42

Figure 3-33 Modify Basic WLAN Configuration interface ................................................................................. 44

Figure 3-34 Wireless monitoring interface ........................................................................................................... 47

Figure 3-36 Statistics viewing page ..................................................................................................................... 48

Figure 4-1 Routing Table interface....................................................................................................................... 50

Figure 4-3 Add Policy Route interface ................................................................................................................. 52

Figure 4-4 L2 multicast configuration interface ................................................................................................... 54

Figure 4-5 Rate Limit Settings ............................................................................................................................. 55

Figure 4-6 Matching Condition ............................................................................................................................ 56

Figure 4-7 Advanced qos config interface............................................................................................................ 58

Figure 4-8 Advanced qos config page .................................................................................................................. 59

Figure 4-9 Session Counter Limit interface ......................................................................................................... 61

Figure 4-10 Advanced qos config interface.......................................................................................................... 62

Figure 4-11 Link detect config interface .............................................................................................................. 63

Figure 4-12 DMZ Configuration interface ........................................................................................................... 65

Figure 4-13 UPnP configuration interface............................................................................................................ 66

Figure 5-1 IPv6 Function interface ...................................................................................................................... 67

Figure 5-2 Uplink interface IPv6 configuration interface .................................................................................... 68

Figure 5-3 IPv6 Port Configuration interface ....................................................................................................... 70

Figure 5-4 IPv6 configuration interface for downlink interface ........................................................................... 71