You must enable javascript in order to view this page or you can go
here
to view the webhelp.
Reference Manual
LCOS 9.20
Inhalt
Suche
Loading, please wait ...
Copyright
About this documentation
Constituents of this documentation
LCOS, the operating system of LANCOM devices
Validity
Security settings
This documentation was created by …
System design
Introduction
Configuration
Configuration tools and approaches
What is the difference between these three possibilities?
Configuration software
Configuration with WEBconfig
Secure with HTTPS
Access with WEBconfig
Network without a DHCP server
Network with DHCP server
Login
Setup Wizards
System information
Configuration
LCOS menu tree
File management
Extras
HTTP session
Configuration with other tools
Telnet
Open Telnet session
Changing the console language
Close the Telnet session
Structure of the command-line interface
Command-line commands
Addition(s) to LCOS 8.60
View contents of all subdirectories
Output filter for command-line entries
Line-by-line display of table entries
Functions for editing commands
Function keys for the command line
SNMP
Encrypted configuration with SSH access
SSH authentication
Generating key pairs
Entering users into the public key
Installing the private key on the SSH client
Load public key into the LANCOM Router
Configuring the authentication methods
Certificate check on SSH access
ISDN Remote configuration via Dial-Up Network
This is what you need for ISDN remote configuration
The first remote connection using Dial-Up Networking
The first remote connection using a PPP client and Telnet
The default layer for remote field installations
The administrator access for ISDN remote management
Addition(s) to LCOS 8.80
Configurable SSH algorithms
Additions to the Setup menu
SSH
Cipher algorithms
MAC algorithms
Key exchange algorithms
Host key algorithms
Min host key length
Max host key length
DH groups
File transfer via SCP
Working with configuration files
Backup copies of configuration
Convenient series configuration
Running function
New firmware with FirmSafe
This is how FirmSafe works
Asymmetric Firmsafe
Switching over to asymmetric Firmsafe
Firmware upgrade with asymmetric Firmsafe
How to load new software
LANconfig
WEBconfig
Terminal program (e.g. Telix or Hyperterminal in Windows)
TFTP
Firmware upload via the serial interface with configuration reset
Load files directly from a TFTP or HTTP server into the device
TFTP
Loading firmware, device configuration or script via HTTP(S)
Loading firmware, device configuration or script via HTTP(S) or TFTP
How to reset the device?
Scripting
Applications
Scripting function
Generating script files
Read out the configuration via the console
Via TFTP from the command line interface (DOS box)
Via Hyperterminal
Download script from deviceLANconfig:Download script
Uploading configuration commands and script files
Command input via console session (Telnet, SSH)
Upload script with TFTP client
Upload script with LANconfig
Upload script with Hyperterminal
Multiple parallel script sessions
Scripting commands
Addition(s) to LCOS 8.80
Tab command when scripting
Rollout Wizard
General settings in the Rollout Wizard
Variables
Actions to be executed by the Rollout Wizard
Actions for managing the Rollout Wizard
Addition(s) to LCOS 8.50
Custom Rollout Wizard
Introduction
Structure of the custom wizard
String tables
Definition of the wizard
Sections
Conditions
Fields and attributes
Variables
Actions
set
del
cat
cut
trigger_config_change
exec
Trace for rollout wizards
Using user-defined HTML templates
Using device properties as variables
Uploading files for the wizard
Deleting wizard files from the device
The Rollout Wizard in the LCOS menu
Operating
Title
Use extra checks
Starting the Rollout Wizard
Example of a Rollout Wizard:
Addition(s) to LCOS 8.60
Checking the system-time source in the customized Rollout Wizard
Fields and attributes
LANCOM Layer 2 Management protocol (LL2M)
Introduction
Configuration of the LL2M server
Commands for the LL2M client
Messaging
Example: Broken connection alert as an SMS to a mobile telephone
Suppress messaging in case of re-connects with a DSL connection
Addition(s) to LCOS 7.70
Sending attachments with the mailto command
Managing rights for different administrators
Rights for the administrators
Administrator groupsAdministrator groups
Function rightsFunction rights
Administrators' access via TFTP and SNMP
Access with LANconfig
Access with TFTP
Access with SNMP management systems
Configuration of user rights
Examples:
Limitation of the configuration commands
TCP port tunnel
Configuring the TCP/HTTP tunnel
Create the TCP/HTTP tunnel
Deleting the tunnel prematurely
Named loopback addresses
Loopback addresses with ICMP polling
Loopback addresses for time servers
Loopback addresses for SYSLOG clients
Addition(s) to LCOS 8.00
Automatic upload of firmware or configuration from external data media
Introduction
Automatic upload of loader and/or firmware files
Automatic upload of configuration and/or script files
Configuration
Meta data for configuration files
Alternative boot config
Introduction
Using the boot configuration
Restoring the LANCOM factory settings via the serial port
Storing and uploading the boot configurations
Deleting the boot configuration
Working with certificates
Addition(s) to LCOS 8.20
Automatic uploading of firmware, configuration and scripts
Introduction
2.60 Autoload
2.60.1 Network
Parameters for the commands LoadFirmware, LoadConfig and LoadScript
2.60.1.1 Firmware
2.60.1.1.1 Condition
2.60.1.1.2 Minimum version
2.60.1.1.3 URL
2.60.1.2 Configuration
2.60.1.2.1 Condition
2.60.1.2.3 URL
2.60.1.3 Script
2.60.1.3.1 Condition
2.60.1.3.3 URL
2.60.1.4 TFTP client
2.60.1.4.1 Bytes per hashmark
2.60.56 USB
2.60.56.1 Firmware and loader
2.60.56.2 Configuration and script
Addition(s) to LCOS 8.50
The commands LoadFirmware, LoadConfig, LoadScript and LoadFile
Example applications
Regularly updating configuration and firmware
Update configuration after first updating firmware
Enhanced Sysinfo
Addition(s) to LCOS 8.60
Configurable action for alive test
Additions to the menu system
Alive test
Action
Boot type
Fail limit
Test interval
Retry interval
Retry count
Target address
Addition(s) to LCOS 8.80
Setting the device time from GPS
Additions to the menu system
Additions to the Setup menu
Fetch method
Operating
Operating
Additions to the Status menu
Timestamp (GPS)
SYSLOG accounting is disabled by default
Boot-persistent SYSLOG, event log and boot log
Additions to the Setup menu
Backup interval
Backup active
Save bootlog
Enhancements to command-line commands
Delete bootlog
Enhancements to LANconfig
Boot-persistent SYSLOG, event log and boot log
SYSLOG: Delete old messages
Additions to the menu system
Max. message age, hours
Remove old messages
Enhancements to LANconfig
Automatically delete SYSLOG entries
Logging configuration changes made via the command line
Additions to the Setup menu
Log CLI changes
Enhancements to LANconfig
Sending configuration changes made with the command line to the SYSLOG server
SYSLOG: Change to the default order
Additions to the Setup menu
Message table order
Enhancements to LANconfig
Order of the system events
Addition(s) to LCOS 8.84
Default Rollout Wizard
Additions to the Setup menu
Presets
Name
Preset
Use preset
Delete Wizard
Automatic generation of device-specific SSH keys
Suppress security confirmations during SSH key generation
Addition(s) to LCOS 9.00
Output additional ports in SYSINFO at the console
Specifying a custom SNMP port
Additions to the Setup menu
2.9.2.5 Port
2.9.21 Port
Password protection for WLAN keys
Sorted display of a menu on the console
Customize the management ports for device access
Additions to the Setup menu
2.11.73 Sort-menu
Comment box for access stations
Additions to the Setup menu
2.7.6.4 Comment
Elliptic curve cryptography (ECC)
Additions to the Setup menu
2.21.40 SSL
2.21.40.10 Port
2.21.40.11 Use-User-Provided-Certificate
2.21.40.3 Versions
2.21.40.4 Key-exchange algorithms
2.21.40.5 Crypto-Algorithms
2.21.40.6 Hash algorithms
2.11.28.3 Key-exchange algorithms
2.11.28.4 Hostkey algorithms
2.11.28.9 Elliptic curves
2.11.29 Telnet-SSL
2.11.29.10 PORT
2.11.29.2 Versions
2.11.29.3 Key-exchange algorithms
2.11.29.4 Crypto-Algorithms
2.11.29.5 Hash algorithms
2.25.10.10.19 EAP-TLS
2.25.10.10.19.10 Check username
2.25.10.10.19.3 Key-exchange algorithms
2.25.10.10.19.4 Crypto-Algorithms
2.25.10.10.19.5 Hash algorithms
2.25.20 RADSEC
2.25.20.1 Versions
2.25.20.2 Key-exchange algorithms
2.25.20.3 Crypto-Algorithms
2.25.20.4 Hash algorithms
Changing the SIM card PIN
Additions to the Status menu
1.49.42 PIN change
Additions to the Setup menu
2.23.41.12 PIN change
Addition(s) to LCOS 9.10
TR-069 support
CPE WAN Management Protocol (CWMP)
Setting up CWMP with LANconfig
Device configuration via CWMP
Additions to the Setup menu
2.44 CWMP
2.44.1 NTP server
2.44.1.1 NTP-Server-1
2.44.1.2 NTP-Server-2
2.44.1.3 NTP-Server-3
2.44.1.4 NTP-Server-4
2.44.1.5 NTP-Server-5
2.44.2 Operating
2.44.3 Allow file download
2.44.4 Inform retry limit
2.44.5 Source address
2.44.6 ACS URL
2.44.7 ACS username
2.44.8 ACS password
2.44.9 Periodic inform activated
2.44.10 Periodic inform interval
2.44.11 Periodic inform time
2.44.12 Connection request username
2.44.13 Updates managed
2.44.14 Allow user change
2.44.15 Provisioning code
2.44.16 Parameter key
2.44.17 Command-Key
Additions to the Status menu
1.85 CWMP
1.85.1 Operating
1.85.2 Allow file download
1.85.3 Provisioning code
1.85.4 Parameter key
1.85.5 Command-Key
1.85.6 NTP-Server-1
1.85.7 NTP-Server-2
1.85.8 NTP-Server-3
1.85.9 NTP-Server-4
1.85.10 NTP-Server-5
1.85.11 Allow user change
Encrypted storage of configurations with LANconfig
Saving and loading device-configuration and script files
Configuration management with WEBconfig and the console
Script management with WEBconfig and the console
Configuration management with LANconfig
Additions to the Status menu
1.11.23 Script log
1.11.23.1 Index
1.11.23.2 Time
1.11.23.3 Comment
1.11.23.4 Successful
1.11.23.5 Error line
Each device has its own SSL key & changes to the default SSL settings
Automatic generation of device-specific SSH/SSL keys
Manually create custom SSH keys
Additions to the Setup menu
2.21.40.5 Crypro algorithms
Addition(s) to LCOS 9.20
Preventing password form fields in the browser from storing passwords
Preventing password form fields in the browser from storing passwords
DHCP rollout agent
Receiving LSR information via DHCP server (zero-touch rollout)
Configuring the zero-touch rollout
Configuration with LANconfig
Support of ChaCha20/Poly1305 for SSH access
Enforcing password complexity for device passwords
LBS server 1.1: Making elements in the LBS measurements fields selectable
Making elements in the LBS measurements fields selectable in WEBconfig
Preventing the storage of passwords in WEBconfig
Signature verification of UPX files
Integrity check of firmware by Secure Upload
LANconfig: Icon for *.LCS files in Windows Explorer
LANCOM Management System (LCMS)
Searching and configuring devices
Configuration with LANconfig
Starting LANconfig
Find new devices
The expanded range of functions for professionals
The integrated Help function
Management of multiple devices
Switch graphical user interface language
Project management with LANconfig
User-specific settings for LANconfig
Customizing the toolbar
Automatic backup of configuration with LANconfig
Directory structure
Better overview in LANconfig with more columns
Multithreading
Manual and automatic searches for firmware updates
Automatic search for firmware updates
Manual search for firmware updates
View a full list of all firmware versions
Password protection for SNMP read-only access.
Device-specific settings for communications protocols
Configuration of the global communication settings
Configuration of the specific communication settings
LANconfig behavior at Windows startup
Configuring the behavior of LANconfig at startup
Choice of Wizard or configuration dialog
WLAN configuration with the wizards in LANconfig
Country settings
WLAN module operation
Physical WLAN settings
Logical WLAN networks
Point-to-point settings
Addition(s) to LCOS 8.00
LANconfig configuration tree
Addition(s) to LCOS 8.50
LANCOM QuickFinder
LANCOM QuickFinder in LANconfig
LANCOM QuickFinder in LANmonitor
LANCOM QuickFinder in WLANmonitor
LANCOM Software Update for LCMS
Manually starting the Software Update
Settings for the automatic search for new updates
Selecting and installing the available updates
Software update via MyLANCOM
Addition(s) to LCOS 8.60
Exporting CSV data sets
Additions to the menu system
File
Export device list
Importing from a data source
Additions to the menu system
File
Devices/configurations from CSV file...
Example application: Importing from a single data source
Content of the CSV file
Content of the configuration template file
Creating the configuration files
Better overview in LANconfig with more columns
Addition(s) to LCOS 8.80
Creating a password in LANconfig
Internal browser in LANconfig
LANconfig menu structure
Device
WEBconfig / console session
Extras
Options
Extras
Setting the SNMP read-only community 'Public'
Quicklinks for managing source tables
Addition(s) to LCOS 8.82
SSH configuration protocol in LANconfig
Enhancements to LANconfig
Device-specific settings for communications protocols
LANconfig menu structure
File
Add device
General
Device
WEBconfig / console session
Extras
Options
Extras
Group configuration with LANconfig
Create a group configuration
Group configuration with a new partial configuration file
Use an existing partial configuration file
Update device configurations
Update group configurations
Using multiple group configurations
Transferring device configurations to similar models
Addition(s) to LCOS 8.60
Flexible group configuration with LANconfig
Creating a group configuration
New group configuration file
Using an existing group configuration file
Additions to the menu system
Group
New group configuration
New folder with group configuration
Add group configuration
Edit group configuration
Refresh all devices
Update recommended devices
Provide as template
Active
Delete
Features
LANmonitor—know what's going on
Extended display options
Enquiry of the CPU and Memory utilization over SNMP
Monitor Internet connection
Display functions in LANmonitor
Connection diagnosis with LANmonitor
Configuring Ping execution
Evaluation
Addition(s) to LCOS 7.70
Setting up point-to-point connections with LANmonitor
Performance monitoring with LANmonitor
Addition(s) to LCOS 7.80
Averaging of CPU-load display
Introduction
Configuration
Addition(s) to LCOS 8.50
Monitoring the input voltage for universal power adapters
Display in LANmonitor
Display in Webconfig
SNMP traps
SYSLOG messages
Show the current protocol for the ADSL interface
Addition(s) to LCOS 8.80
Display local IPv6 addresses
Displaying PBX lines in the SIP ALG
Displaying the active Ethernet ports
Displaying the DHCP assignment
Delete all VPN connection failures
Display of the GPS time
Visualization of larger WLANs with WLANmonitor
Start the LANCOM WLANmonitor
Search for access points
Add access points
Organize access points
Rogue AP and rogue client detection with the WLANmonitor
Rogue AP detection
Rogue client detection
Activating rogue-AP and rogue-client detection
Configuring the alert function in the WLANmonitor
Addition(s) to LCOS 7.80
Deactivating Ethernet interfaces
Addition(s) to LCOS 8.84
Enhancements to LANconfig
Quick Rollback
Advanced meta data for configuration files
Unlock firmware via the context menu
Exporting key fingerprints when commissioning CC devices
TLS/STARTTLS support and additional authentication methods with SMTP servers
Setting up an e-mail address to send messages
Additions to the Setup menu
SMTP port
SMTP-use-TLS
SMTP authentication method
Addition(s) to LCOS 9.00
Enhancements to LANconfig
Automatic authentication for read-only access to LANmonitor
Display of administrator user name
Authenticating against a proxy server
Enhancements to LANmonitor
Internal IPv6 support
Displaying static WAN IPs in the Status tree
Additions to the Status menu
1.4.13.1 IPv4
1.4.13.1.1 Remote site
1.4.13.1.2 Type
1.4.13.1.3 IP address
1.4.13.1.4 IP netmask
1.4.13.1.5 Gateway
1.4.13.1.6 DNS default
1.4.13.1.7 DNS backup
1.4.13.1.8 NBNS default
1.4.13.1.9 NBNS backup
1.4.13.1.10 Domain
1.4.13.2 IPv6
1.4.13.2.1 Remote site
1.4.13.2.2 Type
1.4.13.2.3 IP address
1.4.13.2.4 Prefix length
1.4.13.2.5 Gateway
1.4.13.2.6 DNS default
1.4.13.2.7 DNS backup
1.4.13.2.10 Domain
Addition(s) to LCOS 9.10
Proxy authentication via NTLM
Proxy
Special LANconfig icon for devices in a cluster or using Config Sync
Special LANmonitor icon for devices in a cluster or using Config Sync
LANCOM "Wireless Quality Indicators" (WQI)
Extended number of characters for device names
Different notations for MAC addresses
Different notations for MAC addresses
LANconfig: Text corrections relating to access rights
Diagnosis
Trace information—for advanced users
How to start a trace
Overview of the keys
Overview of the parameters
Combination commands
Trace filters
Examples of traces
Recording traces
Tracing with LANmonitor
Introduction
Configuring the trace dumps with the Trace Wizard.
LCOS menu tree of the trace dumps
Display of trace data
Backing up and restoring the trace configuration
Backing up and restoring the trace data
Backup settings for traces
Saving support file
Addition(s) to LCOS 8.50
LANtracer: Tracing with LANconfig and LANmonitor
Introduction
Expert configuration of the trace dumps
Display of the trace results
Backing up and restoring the trace configuration
Backing up and restoring the trace data
Backup settings for traces
Filtering traces
Saving a support file
SYSLOG
Introduction
Structure of SYSLOG messages
Priority
Header
Contents
Configuring SYSLOG using LANconfig
Creating SYSLOG clients
Assigning internal LANCOM sources to SYSLOG facilities
Configuring SYSLOG using Telnet or WEBconfig
Facility mapping
Table of SYSLOG clients
Addition(s) to LCOS 8.80
Configuring SYSLOG using LANconfig
Creating SYSLOG clients
Assigning internal LANCOM sources to SYSLOG facilities
Addition(s) to LCOS 8.82
SYSLOG: Configuration of the retention period for system events
Additions to the Setup menu
Max-Age-Unit
Enhancements to LANconfig
Configuration of the retention period for system events
SYSLOG: Extension of log entries of the internal SYSLOG server
SYSLOG: Extended status display of the login to the cellular network
Extended status display of the login to the cellular network
Additions to the Status menu
Network registration
The ping command
Monitoring the switch
Cable testing
Addition(s) to LCOS 8.80
Trace output for the XML interface
Packet capturing
Enhancements to WEBconfig
Packet capturing
Addition(s) to LCOS 8.84
Documenting events at the xDSL interfaces
SYSLOG: Extended status display of the login to the cellular network
Extended status display of the login to the cellular network
Addition(s) to LCOS 9.10
Advanced config version information under Status
Additions to the Status menu
1.11.20 Configuration date
1.11.21 Configuration hash
1.11.22 Configuration version
SSH identifier in the event log
Additions to the Status menu
1.11.12 Event log
Addition(s) to LCOS 9.20
Specifying the SYSLOG server address as an IPv6 address or DNS name
IPv6 support for LCOScap
Security
Protection for the configuration
Password protection
Tips for proper use of passwords
Entering the password
Protecting the SNMP access
Login barringLogin barring
Restriction of the access rights on the configuration
Restrictions on the ISDN administrative account
Limit the network configuration access
Restriction of the network configuration access to certain IP addresses
Protecting the ISDN connection
Identification control
Verification of name and password
Checking the number
Callback
Location verification by ISDN or GPS
GPS location verification
ISDN location verification
Configuring location verification
Location verification status request
The security checklist
Addition(s) to LCOS 8.60
Support for TLS 1.1 / 1.2
Additions to the menu system
SSL versions
Routing and WAN -connections
General information
Bridges for standard protocols
Which protocols are used for WAN connections?
Close cooperation with router modules
What happens in the case of a request from the LAN?
IP routing
The IP routing table
Configuration of the routing table
Policy-based routing
Routing tags for VPN and PPTP connections
Local routing
How can you assist the workstation computer now?
Addition(s) to LCOS 7.80
Setting the routing tag for local routes
Dynamic routing with IP RIP
What information is propagated by IP RIP?
Which information does the router take from received IP RIP packets?
What do the entries mean?
The interaction of static and dynamic tables
Scaling with IP RIP
Configuration of IP-RIP function
RIP filter
Set up RIP for separate networks
Timer settings
Triggered update in the LAN
Triggered update in the WAN
Poisoned reverse
Static routes for constant propagation
SYN/ACK speedup
Switching off in case of problems
Advanced Routing and Forwarding
Introduction
The differences between routing tags and interface tags
Defining networks and assigning interfaces
Assigning logical interfaces to bridge groups
Interfaces tags for remote sites
Assignment of interface tags via the tag table
Virtual routers
NetBIOS proxy
Configuration of remote stations
Peer list
Layer list
IP masquerading
Simple masquerading
How does IP masquerading work?
Which protocols can be transmitted using IP masquerading?
Configuration of IP masquerading
Inverse masquerading
Demilitarized Zone (DMZ)
Assigning interfaces to the DMZ
Assigning network zones to the DMZ
Address check with DMZ and intranet interfaces
Unmasked Internet access for server in the DMZ
Two local networks - operating servers in a DMZDMZ
Separation of Intranet and DMZ
Multi-PPPoEMulti-PPPoE
Example application: Home-Office with private Internet access
Configuration
Load balancing
DSL port mapping
Allocation of switch ports to the DSL ports
Allocation of MAC addresses to the DSL ports
DSL-channel bundling (MLPPPoE)
Dynamic load balancing
Connection establishment
Spreading the data load
Static load balancing
Destination-based channel selection
Policy-based Routing
Configuration of load balancing
Direct channel bundling via PPPoE
Dynamic load balancing with multiple DSL connections
N:N mapping
Application examples
Network coupling
Remote monitoring and remote control of networks
Configuration
Setting up address translation
Additional configuration hints
Configuration with different tools
Establishing connection with PPP
The protocol
What is PPP?
What is PPP used for?
The phases of PPP negotiation
PPP negotiation in the LANCOM
Everything o.k.? Checking the line with LCP
Assignment of IP addresses via PPP
Examples
Settings in the PPP list
The meaning of the DEFAULT remote site
RADIUS authentication of PPP connections
WAN RADIUS table
DSL dial-in over PPTP
Configuration of PPTP
Addition(s) to LCOS 7.80
32 additional gateways for PPTP connections
Introduction
Configuration
Extended connection for flat rates—Keep-AliveKeep-alive
Configuration of Keep-alive function
Callback functions
Callback for Microsoft CBCP
No callback
Callback number specified by caller
The calling number is determined in the LANCOM
Fast callback
Callback with RFC 1570 (PPP LCP extensions)
Configuration
Overview of configuration of callback function
ISDN Channel bundling with MLPPP
Two methods of channel bundling
Here's how to configure your system to combine channels
Operating a modem over the serial interface
Introduction
System requirements
Installation
Set the serial interface to modem operation
Configuration of modem parameters
Setting up a GPRS backup connectionGPRS backup connection
Setting up a GPRS backup connectionGPRS backup connection
Entering special characters in the console
Direct entry of AT commands
Statistics
Trace output
Configuration of remote sites for V.24 WAN interfaces
Configuration of a backup connection on the serial interface
Contact assignment of modem adapter kit Kontaktbelegung
Manual definition of the MTU
Configuration
Statistics
WAN RIP
The rapid spanning tree protocol
Classic and rapid spanning tree
Improvements from rapid spanning tree
Configuring the Spanning Tree Protocol
General parameters
Port table
Status reports via the Spanning Tree Protocol
General status information
Information in the port table
Information in the RSTP port statistics
The Action table
Introduction
Actions for Dynamic DNSDNS:Dynamic DNS;Dynamic DNS
Dynamic DNS client on the workstation
Dynamic-DNS client in the LANCOM via HTTP
Dynamic-DNS client in the LANCOM via GnuDIP
Further example actions
Broken connection alert as an SMS to a mobile telephone
Example: Suppress messaging in case of re-connects with a DSL connection
Configuration
Using the serial interface in the LAN
Introduction
Operating modes
Serial interface configuration
Configuring the COM port server
Operational settings
COM-port settings
Network settings
WAN device configuration
Serial connection status information
Network status
COM-port status
Byte counters
Port-Errors
Connections
Delete values
COM-port adapters
Addition(s) to LCOS 7.80
Serial COM-port enhancements
Introduction
Configuration
Addition(s) to LCOS 7.80
Routing of local services/ARP handling switchable
Introduction
Configuration
Addition(s) to LCOS 8.20
VDSL
Introduction
Configuration
Predefined WAN layer for VDSL
2.2.4.6 Layer 1
2.23.8 VDSL
2.23.8.1 Interface
2.23.8.2 Protocol
VDSL traces
VDSL status messages
1.75 VDSL
1.75.12 Connection history
1.75.25 Advanced
1.75.500 Modem
Addition(s) to LCOS 8.80
Default mode in the DSLoL interface
Additions to the Setup menu
Mode
Addition(s) to LCOS 8.84
Volume budget
Data volumes on the WAN interface
Configuring data volume budgets
Additions to the Setup menu
Reset budgets
Activate additional budget
Volume budgets
Peer
Limit-MB
Action
Free networks
Peer
Free networks
Budget control
Peer
Day
Hour
Minute
Charging e-mail
Additions to the Status menu
Delete values
Volume budgets
Archive
Clear archive
Activate additional budget
Enhancements to LANconfig
Budget monitoring
Volume budgets
Free networks
Billing period
Enhancements to LANmonitor
Show volume budget archive
Budget analysis
Script variable for dynamic IPv6 addresses
Assign actions from the action table of a WAN connection
Configuration
Additions to the Setup menu
Routing tag
Selecting frequency bands in LTE cellular networks
Enhancements to LANconfig
Selecting frequency bands in LTE cellular networks
Additions to the Setup menu
LTE bands
Addition(s) to LCOS 9.00
Revised flow control
Additions to the Status menu
1.5.51.6 Flow control
1.51.1.8 Flow control
Additions to the Setup menu
2.23.21.11 Flow control
2.23.30.9 Flow control
AC name configurable for PPPoE server
Additions to the Setup menu
2.31.6 AC name
Dual-SIM support for mobile devices
Configuring WWAN access
Switching between mobile profiles or SIM cards
Additions to the Status menu
1.49.44 Simstatus-Refresh
Additions to the Setup menu
2.23.41.1.12 SIM-Slot
Combined UMTS-GPRS operation for LTE devices
Additions to the Setup menu
2.23.41.1.6 Mode
Addition(s) to LCOS 9.10
Client binding
Client binding
Load balancing with client binding
Enhancements in the menu system
Additions to the Setup menu
2.8.20.3 Client binding
2.8.20.3.1 Protocols
2.8.20.3.1.1 Name
2.8.20.3.1.2 Protocol
2.8.20.3.1.3 Port
2.8.20.3.1.4 Operating
2.8.20.3.2 Binding minutes
2.8.20.3.3 Balance seconds
2.8.20.2.10 Client binding
Additions to the Status menu
1.10.32.3 Client binding
1.10.32.3.1 Source-IP
1.10.32.3.2 Bundle-Peer
1.10.32.3.3 Timeout
1.10.32.3.4 Balance
Interface binding "Any" removed in IPv4
Defining networks and assigning interfaces
Additions to the Setup menu
2.7.30.5 Interface
Generic routing encapsulation (GRE)
Understanding the generic routing encapsulation (GRE) protocol
Configuring a GRE tunnel
Additions to the Setup menu
2.2.51 GRE-Tunnel
2.2.51.1 Remote site
2.2.51.3 IP address
2.2.51.4 Routing-Tag
2.2.51.5 Key present
2.2.51.6 Key value
2.2.51.7 Checksum
2.2.51.8 Sequencing
2.2.51.9 Source address
Additions to the Status menu
1.86 GRE-Tunnel
1.86.1 Remote site
1.86.3 Server address
1.86.4 Routing-Tag
1.86.5 Key present
1.86.6 Key
1.86.7 Checksum
1.86.8 Sequencing
1.86.9 Source address
Ethernet-over-GRE tunnel (EoGRE)
Ethernet-over-GRE (EoGRE)
Configuring an EoGRE tunnel
Connecting a local interface to an EoGRE tunnel
Additions to the Status menu
1.87 EoGRE-Tunnel
Additions to the Setup menu
2.2.50 EoGRE-Tunnel
2.2.50.1 Interface
2.2.50.2 Operating
2.2.50.3 IP address
2.2.50.4 Routing-Tag
2.2.50.5 Key present
2.2.50.6 Key value
2.2.50.7 Checksum
2.2.50.8 Sequencing
Loopback addresses for RIP
Additions to the Setup menu
2.8.8.4.13 Loopback address
PPPoE snooping new
PPPoE snooping
Additions to the Setup menu
2.20.43 PPPoE snooping
2.20.43.1 Port
2.20.43.2 Add agent info
2.20.43.3 Remote ID
2.20.43.4 Circuit ID
2.20.43.5 Discard server packets
Default settings in the access table for WAN connections
Additions to the Setup menu
2.11.15.2 Telnet
2.11.15.3 TFTP
2.11.15.4 HTTP
2.11.15.5 SNMP
2.11.15.6 HTTPS
2.11.15.7 Telnet-SSL
2.11.15.8 SSH
2.11.15.10 Config Sync
Addition(s) to LCOS 9.20
Border Gateway Protocol version 4 (BGPv4)
Border Gateway Protocol version 4 (BGPv4)
Configuring BGPv4 with LANconfig
BGP instance
Neighbors
IPv4 networks
IPv6 networks
IPv4 address family
IPv6 address family
BGP policy
Filters
Matches
AS Path (attribute list)
Communities (attribute list)
Prefix (attribute list)
Action
AS Path (override list)
Communities (override list)
Basic (override list)
Best-path selection algorithm
Influencing the routing algorithm with attributes
Tutorial: Setting up BGPv4 under LANconfig
Tutorial: Setting preferences for prefixes
Tutorial: Setting the Community attribute
Tutorial: Filtering received prefixes
Route monitor
Route monitor
Configuring the route monitor with LANconfig
DiffServ field enabled by default
iPerf-compliant server/client
Bandwidth measurements with iPerf
Setting up iPerf with LANconfig
Temporary iPerf server and client
Analyzing iPerf results with LANmonitor
iPerf commands on the command line
SLA monitor
SLA monitoring
Configuring SLA monitoring with LANconfig
Displaying the SLA monitoring results in LANmonitor
Additional DSL-modem status values
Read out DSL modem status values with LANmonitor
Displaying the mobile/cellular standards
Firewall
Threat analysis
The dangers
The ways of the perpetrators
The methods
The victims
What is a Firewall?
Tasks of a Firewall
Checking data packets
Logging and alerting
Different types of Firewalls
Packet filters
Stateful Packet Inspection
Stateful Inspection: direction-dependent checking
Application Gateway
The LANCOM Firewall
How the LANCOM Firewall inspects data packets
Special protocols
UDP connections
TCP connections
ICMP connections
Connections of other protocols
General settings of the Firewall
Firewall/QoS enabled
Administrator email
Fragments
Session recovery
Ping blocking
TCP Stealth mode
Mask authentication port
Parameters of Firewall rules
Components of a Firewall rule
Priority
Observe further rules
VPN rules
Application of the firewall rules
Connection
Condition
Limit / Trigger
Packet action
Further measures
Quality of Service (QoS)
Alerting functions of the Firewall
SYSLOG notifications
Notification by email
Notification by SNMP trap
Strategies for Firewall settings
Allow All
Deny All
Firewall with DMZ
Hints for setting the Firewall
The default settings of the Firewall
Security by NAT and Stateful Inspection
Transmitting firewall rules with scripts
Set-up of an explicit "Deny All" strategy
Deny All: The most important Firewall rule!
Configuring the firewall with LANconfig
Firewall wizard
Definition of firewall objects
Action objects
QoS objects
Station objects
Service objects
Defining firewall rules
Adding a new firewall rule
Editing firewall rules
Configuring firewall rules with WEBconfig or Telnet
Rule table
Object table
Action table
Firewall diagnosis
The Firewall table
The filter list
The connection list
Port block list
Host block list
Firewall limitations
Protection against break-in attempts: Intrusion Detection
Examples for break-in attempts
IP Spoofing
Portscan Detection
Configuration of the IDS
Protection against “Denial of Service” attacks
Examples of Denial of Service Attacks
SYN Flooding
Smurf
LAND
Ping of Death
Teardrop
Bonk/Fragrouter
Configuration of DoS blocking
Configuration of ping blocking and Stealth mode
Addition(s) to LCOS 7.80
Increased DoS threshold value for central devices
Addition(s) to LCOS 8.82
Source tags for firewall rules
Additions to the Setup menu
Source tag
IPv6
IPv6 basics
Why use IPv6-standard IP addresses?
IP address structure according to the IPv6 standard
Stages of migration
IPv6 tunneling technologies
6in4 tunneling
6rd tunneling
6to4 tunneling
DHCPv6
DHCPv6 server
DHCPv6 client
IPv4 VPN tunnel via IPv6
Setup Wizard – Setting up an IPv4 VPN connection via IPv6
IPv6 firewall
Function
Configuration
Default entries for the IPv6 firewall rules
Default entries for the inbound rules
Default entries for the forwarding rules
IPv6 firewall log table
Analyzing the IPv6 firewall log table with WEBconfig
Analyzing the IPv6 firewall log table with LANmonitor
Additions to the Setup menu
Tunnel
6in4
Peer name
Routing tag
Gateway address
IPv4 routing tag
Gateway IPv6 address
Local-IPv6-Address
Routed IPv6 prefix
Firewall
6rd border relay
Peer name
Routing tag
IPv4 loopback address
6rd prefix
IPv4 mask length
DHCPv4 propagate
Firewall
6rd
Peer name
Routing tag
Border relay address
IPv4 routing tag
6rd prefix
IPv4 mask length
Firewall
6to4
Peer name
Routing tag
Gateway address
IPv4 routing tag
Firewall
Router advertisement
Prefix options
Interface name
Prefix
Subnet ID
Adv.-OnLink
Adv.-Autonomous
PD source
Advertise preferred lifetime
Adv.-Valid-Lifetime
Decrement lifetimes
Interface options
Interface name
Send adverts
Min. RTR interval
Max. RTR interval
Managed flag
Other config flag
Link MTU
Reachable time
Hop limit
Default lifetime
Default router mode
Router preference
Route options
Interface name
Prefix
Route lifetime
Route preference
RDNSS options
Interface name
Primary DNS
Secondary DNS
DNS search list
Lifetime
DHCPv6
Server
Address pools
Address pool name
Start address pool
End address pool
Preferred lifetime
Valid lifetime
PD source
PD pools
PD pool name
Start PD pool
End PD pool
Prefix length
Preferred lifetime
Valid lifetime
PD source
Interface list
Interface name or relay
Active
Primary DNS
Secondary DNS
Address pool name
PD pool name
Rapid commit
Preference
Renew time
Rebind time
Unicast address
DNS search list
Reservations
Interface name or relay
Address or PD prefix
Client ID
Preferred lifetime
Valid lifetime
PD source
Client
Interface list
Interface name
Operating
Request DNS
Request address
Request PD
Rapid commit
User class identifier
Vendor class identifier
Vendor class number
Relay agent
Interface list
Interface name
Relay agent operating
Interface address
Destination address
Destination interface
Network
Addresses
Interface name
IPv6 address prefix length
Address type
Name
Comment
Parameter
Interface name
IPv6 gateway
Primary DNS
Secondary DNS
Firewall
Operating
Forwarding rules
Name
Flags
Priority
Routing tag
Action
Services
Source stations
Destination stations
Comment
Actions list
Name
Description
Station list
Name
Description
Service list
Name
Description
Actions
Name
Limit
Unit
Time
Context
Flags
Action
DiffServ
DSCP value
Conditions
Trigger actions
Stations
Name
Type
Local network
Remote peer/local host
Address/Prefix
Services
Name
Protocol
Ports
Source ports
Protocol
Name
Protocol
Conditions
Name
Conditions
Transport direction
DiffServ
DSCP value
Trigger actions
Name
Notifications
Disconnect
Block source
Lockout period
Close destination
Closing time
ICMP service
Name
Type
Code
Inbound rules
Name
Active
Priority
Action
Services
Source stations
Comment
LAN interfaces
Interface name
Interface ID
VLAN ID
Routing tag
Autoconf
Accept RA
Interface status
Forwarding
MTU
Firewall
Comment
WAN interfaces
Interface name
Routing tag
Autoconf
Accept RA
Interface status
Forwarding
Firewall
Comment
DaD attempts
Operating
Forwarding
Router
Routing table
Prefix
Routing tag
Peer or IPv6
Comment
Destination cache timeout
IPv6 address
Additions to the Status menu
Log table
Additional command-line commands
IPv6 addresses
IPv6 prefixes
IPv6 interfaces
IPv6 neighbor cache
IPv6 DHCP server
IPv6 DHCP client
IPv6 route
Release IPv6 address
Ping command for IPv6
Overview of parameters
Enhancements to LANconfig
IPv6 configuration menu
General
Router advertisement
DHCPv6
Tunnel
Settings in the PPP list
IP routing tables
Separate views for the IPv4 and IPv6 firewalls
IPv6 DNS hosts in the DNS list
Configuring the IPv6 firewall rules
IPv6 inbound rules
IPv6 forwarding rules
Action list
Action objects
Conditions
Further measures
Service list
TCP/UDP service objects
ICMP service objects
IP protocol objects
Station list
Station objects
Tutorials
Setting up IPv6 Internet access
IPv6 access using the Setup Wizard in LANconfig
Setup Wizard – setting up IPv6 in a new device
Setup Wizard – Setting up IPv6 on an existing device
Setting up a 6to4 tunnel
Working with LANconfig
Working with WEBconfig
Addition(s) to LCOS 8.82
Reconfigure function of the DHCPv6 server
Enhancements to LANconfig
IPv6 configuration menu
DHCPv6
DHCPv6 server
Additions to the Setup menu
Reconfigure
Additions to the Status menu
Reconfigure
Addition(s) to LCOS 8.84
IPv6 prefix delegation from the WWAN to the LAN
Enhancements to LANconfig
IPv6 prefix delegation from the WWAN to the LAN
Additions to the Setup menu
PD mode
Addition(s) to LCOS 9.00
Dual-Stack Lite (DS-Lite)
Additions to the Status menu
1.81 DS-Lite
1.81.1 Rx-Packets
1.81.2 Tx-Packets
1.81.3 Queue error
1.81.4 Connections
1.81.4.1 Remote site
1.81.4.2 State
1.81.4.3 Last error
1.81.4.4 IPv4 address
1.81.4.5 phys. conn.
1.81.4.6 AFTR-Name
1.81.4.7 AFTR-IPv6-Address
1.81.4.8 Conn. time:
1.81.5 Tunnel
1.81.6 Tunnel
Additions to the Setup menu
2.2.40 DS-Lite-Tunnel
2.2.40.1 Name
2.2.40.2 Gateway address
2.2.40.3 Rtg tag
IPv6 support for RAS services
RAS interfaces
Prefix pools
Additions to the Setup menu
2.70.14 RAS-Interface
2.70.14.1 Interface name
2.70.14.2 Rtg tag
2.70.14.3 Interface status
2.70.14.4 Forwarding
2.70.14.5 Firewall
2.70.14.6 DaD attempts
2.70.14.7 Remote site
2.70.14.8 Comment
2.70.2.6 Prefix pools
2.70.2.6.1 Interface name
2.70.2.6.2 Start-Prefix-Pool
2.70.2.6.3 End-Prefix-Pool
2.70.2.6.4 Prefix length
2.70.2.6.5 Adv.-OnLink
2.70.2.6.6 Adv.-Autonomous
2.70.2.6.7 Adv.-Pref.-Lifetime
2.70.2.6.8 Adv.-Valid-Lifetime
RADIUS attribute extensions for IPv6 RAS services
Loopback addresses for IPv6
Loopback addresses
Additions to the Setup menu
2.70.4.3 Loopback
2.70.4.3.1 Name
2.70.4.3.2 IPv6-Loopback-Addr.
2.70.4.3.3 Rtg tag
2.70.4.3.4 Comment
Lightweight DHCPv6 relay agent (LDRA)
Additions to the Setup menu
2.20.41 DHCPv6-Snooping
2.20.41.1 Port
2.20.41.2 Orientation
2.20.41.3 Type
2.20.41.4 Remote ID
2.20.41.5 Interface-ID
2.20.41.6 Server address
Router advertisement snooping
Additions to the Setup menu
2.20.42 RA-Snooping
2.20.42.1 Port
2.20.42.3 Orientation
2.20.42.4 Router-Address
Addition(s) to LCOS 9.10
Prefix-exclude option for DHCPv6 prefix delegation
Prefix-exclude option for DHCPv6 prefix delegation
Addition(s) to LCOS 9.20
IPv6 support for (S)NTP client and server
Configuring the time server under LANconfig
Quality of Service
Why QoS?
Which data packets to prefer?
What is DiffServDiffServ?
Guaranteed minimum bandwidths
Full dynamic bandwidth management Minimum bandwidth:Sendingfor sending
Dynamic bandwidth management also for Minimum bandwidth:Receptionreception
Limited maximum bandwidths
Combination possible
The queue concept
Queues in transmission direction
Queues for receiving direction
Reducing the packet length
QoS parameters for Voice over IP applications
QoS in sending or receiving direction
QoS configuration
Evaluating ToS and DiffServ fields
ToS or DiffServ?
DiffServ in Firewall rules
Defining minimum and maximum bandwidths
Adjusting transfer rates for interfaces
Sending and receiving direction
Reducing the packet length
QoS for WLANs according to IEEE 802.11e (WMMWMM/WMEWME)
Virtual Private Networks (VPN)
What does VPN offer?
Conventional network infrastructure
Networking via the Internet
Private IP addresses on the Internet?
Routing at the IP level with VPN
Secure communications via the Internet?
VPN – Security through Encryptionencryption
Send your data through the tunnel – for security’s sake
LANCOM VPN: an overview
VPN example application
LANCOM VPN functions
VPN connections in detail
LAN-LAN coupling
Internet access in parallel
Dial-in connections (Remote Access Service)
What is LANCOM Dynamic VPN ?
A look at IP addressing
Static and dynamic IP addresses:staticIP addresses:DynamicIP addresses
Advantages and disadvantages of dynamic IP addresses:dynamicIP addresses
This is how LANCOM Dynamic VPN works
Dynamic VPN:dynamic – staticDynamic – static
Dynamic VPN:static – dynamicStatic – dynamic
Dynamic VPN:dynamic – dynamicDynamic – dynamic
Dynamic IP addresses and DynDNS
Information to the Dynamic VPN registration
Configuration of VPN connections
VPN tunnel: Connections between VPN gateways
Set up VPN connections with the Setup Wizard
1-Click-VPN for networks (site-to-site)
1-Click-VPN for LANCOM Advanced VPN Client
Inspect VPN rules
Manually setting up VPN connections
IKE config mode
Prepare VPN network relationships
Configuration with LANconfig
Configuration with WEBconfig
Establishing Security Associations collectively
Diagnosis of VPN connections
Working with digital certificates
Basics
Symmetrical encryptionSymmetricalEncryption:symmetricencryption
Asymmetric encryptionAsymmetricEncryption:asymmetricencryption
Encryption:Combination symmetrical/asymmetricalCombination of symmetrical and asymmetrical encryption
Public key infrastructurePKIPublic key infrastructure
Advantages of certificates
Structure of certificates
Contents
Target application
Formats
Certificates:File typesFile types
Certificates:ValidityValidity
Security
Certificates for establishing VPN connections
Certificates from certificate service providers
Establishing a proprietary CA
Requesting a certificate with Stand-alone Windows CA
Export the certificate to a PKCS#12 file
Export via the Windows console root
Certificates:ExportExport via the Control Panel
Create certificates OpenSSLwith OpenSSL
Installing OpenSSL
Issue a certificate for Root CA
Issue certificates for users or devices
Upload certificates to the LANCOM
Storing and uploading certificates
Addition(s) to LCOS 7.80
Enhanced certificate support
Set up VPN connections to support certificates
Addition(s) to LCOS 7.80
Wildcard matching of certificates
Introduction
Configuration
Set up certificate-based VPN connections with the Setup Wizard
LAN coupling
RAS connections
Set up LANCOM Advanced VPN Client for certificate connections
Simplified RAS with certificates
Simplified network connection with certificates – Proadaptive VPN;VPN:Proadaptive VPNproadaptive VPN
Request certificates using CERTREQ
Certificate revocation list - CRLCRL
Configuring the CRL function
CRL status display in LANmonitor
Diagnosis of VPN certificate connections
Addition(s) to LCOS 8.00
Alternative URLs for CRLs
Introduction
Configuration
Addition(s) to LCOS 8.50
OCSP client for certificate validation
Introduction
Additions to the menu system
Responder profile table
Profile name
URL
CA profile table
Profile name
CA distinguished name
Prefer AIA
Responder profile name
Source interface
Certificate evaluation
Syslog events
Multi-level certificates for SSL/TLS
Introduction
SSL/TLS with multi-level certificates
VPN with multi-level certificates
Certificate enrollment via SCEP
SCEP server and SCEP client
Distributing certificates
Configuring SCEP
Global SCEP parameters
Actions
Configuring the CAs
Configuring the system certificates
NAT Traversal (NAT-T)
Extended Authentication Protocol (XAUTH)
Introduction
XAUTH in LCOS
Configuring XAUTH
Backup via alternative VPN connection
Introduction
Backup-capable network infrastructure
Basic prerequisites
Hierarchy for establishing VPN connections
Network definitions
Routing information
Establishing a backup connection
Re-establishing the primary connection
Configuring the VPN backup
Specific examples of connections
Static/static
Dynamic VPN:ExamplesDynamic VPN:dynamic – staticDynamic/static
Static/dynamic (with LANCOM Dynamic VPN)
Dynamic/dynamic (with LANCOM Dynamic VPN)
VPN connections: High availability with VPN Load balancingload balancing
Multiple VPN gateway addresses
Configuration
How does VPN work?
IPSec—The basis for LANCOM VPN
Security in an IP environment
Alternatives to IPSec
Security at the connection level – PPTPPPTP, L2FL2F,L2TPL2TP
Security at higher levels – SSL, S/MIME, PGP
Combinations are possible
The standards behind IPSec
IPSec modules and their tasks
Security Associations – numbered tunnels
Encryption of the packets – the ESPESP protocol
How ESP works
Transport modeTransport and Tunnel modetunnel mode
EncryptionEncryption algorithms
Authentication – the AHAH protocol
The AH process in the sender
Checking of integrity and authenticity by the recipient
Determining the checksum for the integrity check
Generation of the authentication data
Replay protection – protection against replayed packets
Key management – IKEIKE
Setting up the SAs with ISAKMP/Oakley
The regular exchange of new keys
Addition(s) to LCOS 8.00
VPN Pathfinder
Introduction
Configuring VPN Pathfinder technology
Status displays for VPN Pathfinder technology
Addition(s) to LCOS 8.60
Improved phase 1 rekeying
MPPE encryption for PPTP tunnels
Additions to the menu system
Encryption
Addition(s) to LCOS 8.62
Default proposals for IKE and IPSec
myVPN
Using the Setup Wizard in LANconfig to set up a VPN profile for the LANCOM myVPN app
Retrieve the VPN profile with the LANCOM myVPN app
Establishing and closing the VPN connection on the iOS device
Deleting a VPN profile from the iOS device
Additions to LANconfig
Configuring the LANCOM myVPN app
Additions to the menu system
myVPN
Operating
PIN length
Device hostname
Mapping
PIN
VPN profile
Operating
Re-enable login
E-mail notification
E-mail address
Syslog
Remote gateway
Addition(s) to LCOS 8.80
Deleting all VPN errors with one command
Additions to the menu system
Additions to the Status menu
Delete conn errors
Default proposals for IKE and IPSec
Selecting DH group 14 for VPN connections
Additions to the Setup menu
VPN
Aggressive mode IKE group default
Main mode IKE group default
Quick mode PFS group default
Layer
PFS group
IKE group
Replay detection
Additions to the menu system
Anti-replay window size
myVPN
Using the Setup Wizard in LANconfig to set up a VPN profile for the LANCOM myVPN app
Retrieve the VPN profile with the LANCOM myVPN app
Opening and closing the VPN connection on the iOS device
Deleting a VPN profile from the iOS device
Enhancements to LANconfig
Configuring the LANCOM myVPN app
Additions to the menu system
myVPN
Operating
PIN length
Device hostname
Mapping
PIN
VPN profile
Active
Re-enable login
E-mail notification
E-mail address
SYSLOG
Remote gateway
Error count for login block
Allow access from WAN
Intelligent precalculation of DH keys
Additions to the Setup menu
VPN
Isakmp
DH groups
Precalculation
Group config
DH group
Precalculation target
Additions to the Setup menu
VPN
Aggressive mode IKE group default
Main mode IKE group default
Quick mode PFS group default
Layer
PFS group
IKE group
Enhancements to LANconfig
Selecting the IKE group in LANconfig
Addition(s) to LCOS 8.82
Hash function SHA2-256 selectable via LANconfig
An overview of LANCOM VPN
Functions of the VPN module
Additions to the Setup menu
2.19.4.11.4 IKE-Auth-Alg
ESP-Auth-Alg
AH-Auth-Alg
Addition(s) to LCOS 9.00
VPN remote access wizard in WEBconfig:
L2TPv2 (Layer-2 Tunneling Protocol version 2)
Configuring the L2TP tunnel
Authentication via RADIUS
Operation as an L2TP access concentrator (LAC)
Operation as the L2TP network server (LNS) for RAS clients
Operation as an L2TP network server (LNS) with authentication via RADIUS
Additions to the Status menu
1.84 L2TP
1.84.1 Rx-Packets
1.84.2 Tx-Packets
1.84.3 TX retries
1.84.4 Call errors
1.84.5 Endpoints
1.84.5.1 L2TP endpoint
1.84.5.2 State
1.84.5.3 Last error
1.84.5.4 Mode
1.84.5.5 Phys. connection
1.84.5.6 Gateway
1.84.5.7 Sessions
1.84.5.8 Conn. time:
1.84.5.9 Embedded error message
1.84.6 Number of endpoints
1.84.7 Sessions
1.84.7.1 Remote site
1.84.7.2 State
1.84.7.3 Last error
1.84.7.4 Mode
1.84.7.5 SH-Time
1.84.7.6 L2TP endpoint
1.84.7.7 Peer address
1.84.7.8 IP address
1.84.7.9 DNS default
1.84.7.10 DNS backup
1.84.7.11 NBNS default
1.84.7.12 NBNS backup
1.84.7.13 Conn. time:
1.84.8 Number of connections
1.84.9 Delete values
Additions to the Setup menu
2.2.22.20 L2TP-operating
2.2.22.21 L2TP server host name
2.2.22.22 L2TP-Auth.-Port
2.2.22.23 L2TP-loopback address
2.2.22.24 L2TP protocol
2.2.22.25 L2TP secret
2.2.22.26 L2TP-Password
2.2.35 L2TP endpoints
2.2.35.1 Identifier
2.2.35.2 IP address
2.2.35.3 Rtg tag
2.2.35.4 Port
2.2.35.5 Poll
2.2.35.6 Host name
2.2.35.7 Password
2.2.35.8 Auth-Peer
2.2.35.9 Hide
2.2.36 L2TP additional gateways
2.2.36.1 Identifier
2.2.36.2 Begin with
2.2.36.3 Gateway-1
2.2.36.4 Rtg-Tag-1
2.2.36.5 Gateway-2
2.2.36.6 Rtg-Tag-2
2.2.36.7 Gateway-3
2.2.36.8 Rtg-Tag-3
2.2.36.9 Gateway-4
2.2.36.10 Rtg-Tag-4
2.2.36.11 Gateway-5
2.2.36.12 Rtg-Tag-5
2.2.36.13 Gateway-6
2.2.36.14 Rtg-Tag-6
2.2.36.15 Gateway-7
2.2.36.16 Rtg-Tag-7
2.2.36.17 Gateway-8
2.2.36.18 Rtg-Tag-8
2.2.36.19 Gateway-9
2.2.36.20 Rtg-Tag-9
2.2.36.21 Gateway-10
2.2.36.22 Rtg-Tag-10
2.2.36.23 Gateway-11
2.2.36.24 Rtg-Tag-11
2.2.36.25 Gateway-12
2.2.36.26 Rtg-Tag-12
2.2.36.27 Gateway-13
2.2.36.28 Rtg-Tag-13
2.2.36.29 Gateway-14
2.2.36.30 Rtg-Tag-14
2.2.36.31 Gateway-15
2.2.36.32 Rtg-Tag-15
2.2.36.33 Gateway-16
2.2.36.34 Rtg-Tag-16
2.2.36.35 Gateway-17
2.2.36.36 Rtg-Tag-17
2.2.36.37 Gateway-18
2.2.36.38 Rtg-Tag-18
2.2.36.39 Gateway-19
2.2.36.40 Rtg-Tag-19
2.2.36.41 Gateway-20
2.2.36.42 Rtg-Tag-20
2.2.36.43 Gateway-21
2.2.36.44 Rtg-Tag-21
2.2.36.45 Gateway-22
2.2.36.46 Rtg-Tag-22
2.2.36.47 Gateway-23
2.2.36.48 Rtg-Tag-23
2.2.36.49 Gateway-24
2.2.36.50 Rtg-Tag-24
2.2.36.51 Gateway-25
2.2.36.52 Rtg-Tag-25
2.2.36.53 Gateway-26
2.2.36.54 Rtg-Tag-26
2.2.36.55 Gateway-27
2.2.36.56 Rtg-Tag-27
2.2.36.57 Gateway-28
2.2.36.58 Rtg-Tag-28
2.2.36.59 Gateway-29
2.2.36.60 Rtg-Tag-29
2.2.36.61 Gateway-30
2.2.36.62 Rtg-Tag-30
2.2.36.63 Gateway-31
2.2.36.64 Rtg-Tag-31
2.2.36.65 Gateway-32
2.2.36.66 Rtg-Tag-32
2.2.37 L2TP-Peers
2.2.37.1 Remote site
2.2.37.2 L2TP endpoint
2.2.37.3 SH-Time
2.2.38 L2TP-Source-Check
Support of the DH groups 15 and 16
Additions to the Setup menu
2.19.4.11.4 IKE-Auth-Alg
2.19.3.29.2.1 DH group
2.19.7.3 PFS-Grp
2.19.7.4 IKE-Grp
2.19.11 AggrMode-IKE-Group-Default
2.19.14 MainMode-IKE-Group-Default
2.19.20 QuickMode-PFS-Group-Default
Addition(s) to LCOS 9.10
SCEP-CA function in VPN environments
SCEP algorithms updated
Configuring the CAs
Additions to the Setup menu
2.39.1.14.4 Enc-Alg
2.39.1.14.6 CA signature algorithm
2.39.1.14.8 CA fingerprint algorithm
2.39.2.3 Encryption algorithm
2.39.2.6 Signature algorithm
2.39.2.7 Fingerprint algorithm
Loopback address for L2TP connections
Additions to the Setup menu
2.2.35.10 Source address
Download link for the public portion of the CA certificate
Download link for the public portion of the CA certificate
Configurable one-time password (OTP) for SCEP-CA
Configuring challenge passwords
Additions to the Setup menu
2.39.2.5.3.5 Challenge
Deleting VPN error messages in the status table
Additions to the Setup menu
2.11.65 Error aging minutes
IPv4 addresses for VPN tunnels in the IP parameter list
Additions to the Setup menu
2.2.20 IP-List
2.2.20.1 Remote site
2.2.20.9 Masq.-IP-Addr.
2.8.2.5 Masquerading
2.19.9.2 Extranet address
Addition(s) to LCOS 9.20
IKEv2 support
Functions of the VPN module
IKEv2
Configuring IKEv2 with LANconfig
Connection list
Connection parameters
Authentication
Digital signature profile
Encryption
IPv4 addresses
IPv6 addresses
Extended settings
Lifetimes
IPv4 routing
IPv6 routing
Tutorial: Setting up IKEv2 under LANconfig
IKEv2 fragmentation support
IKEv2 fragmentation
RADIUS support for IKEv2
RADIUS support for IKEv2
RADIUS authentication
RADIUS accounting
IKEv2 routing support
IPv4 routing
IPv6 routing
"Match Remote Identity" for IKEv2
Identity list
Identities
Redirect mechanism for IKEv2
VPN via IPv6 connections with IKEv1
VPN network rules for IPv4 and IPv6
Virtual LANs (VLANs)
What is a Virtual LAN?
This is how a VLAN works
Frame tagging
Conversion within the LAN interconnection
VLAN Q-in-Q tagging
Application examples
VLAN:Management of LAN trafficManagement and user traffic on a LAN
LAN:Different organisations on one LANDifferent organizations on one LAN
Configuration of VLANs
VLAN and ARF
VLAN and WLAN Controllers
General settings
To activate the VLAN module
VLAN tagging mode
The networktable
The port table
Configurable VLAN IDs
Different VLAN IDs per WLAN client
VLAN tags for DSL interfaces
Special VLAN ID for DSLoL interfaces
VLAN tags on layer 2/3 in the Ethernet
Introduction
Configuring VLAN tagging on layer 2/3
Addition(s) to LCOS 8.60
Group key per VLAN
Introduction
Managing VLAN group keys
Additions to the menu system
VLAN group key mapping
Network
VLAN ID
Group key index
Addition(s) to LCOS 9.20
VLAN-tagging mode "ingress mixed" removed
Wireless LAN (WLAN)
Introduction
Application scenarios
Infrastructure mode
Hotspot or guest access
Managed mode
WLAN bridge (point-to-point)
WLAN bridge in relay mode
WLAN bridge to an access point – managed and unmanaged mixed
Wireless Distribution System (point-to-multipoint)
Client mode
Client mode with mobile objects in industry
WLAN standards
Data rates in compatibility mode
IEEE 802.11n
Advantages of 802.11n
Compatibility with other standards
The physical layer
Technical aspects of 802.11n
Optimizing net data throughput
The MAC layer
Resulting data throughput
Addition(s) to LCOS 8.60
How the 40-MHz mode works
Additions to the menu system
Allow 40MHz
IEEE 802.11a: 54 Mbps
IEEE 802.11h – ETSI 301 893
ETSI standards
European harmonization
Special regulations for the 5 GHz band
Differences from USA and Asia
Available channels in the 5 GHz band
Frequency ranges for indoor/outdoor use in the 5 GHz band
IEEE 802.11g: 54 Mbps
IEEE 802.11b: 11 Mbps
WLAN security
Basics
Authentication
Authenticity
Integrity
Confidentiality
IEEE 802.11i /WPA2
EAP and IEEE 802.1x
WPA with passphrase
TKIP
AES
Pre-authentication and PMK caching
TKIP and WPA
Negotiating the encryption-method
WEP
LEPS – LANCOM Enhanced Passphrase Security
LEPS remedies the security issues presented by global passphrases.
Configuration
Standard WEP encryption
Addition(s) to LCOS 7.70
Standard encryption with WPA2
Background WLAN scanning
Rogue AP detection
Fast roaming in client mode
Evaluating the background scan
Configuration of WLAN parameters
General WLAN settings
Addition(s) to LCOS 8.00
Broken link detection
WLAN security
General settings
Protocol filters
Selecting approved stations for the WLAN
Access-control list
Encryption settings
WPA and private WEP settings
WEP group keys
Rules for entering WEP keys
The physical WLAN interfaces
Operating settings
Radio settings
Performance
Point-to-point connections
Client mode
Point-to-point peers
The logical WLAN interfaces
Network settings
Transmission settings
Addition(s) to LCOS 8.62
New parameter for WLAN client signal strength
Additions to LANconfig
Network settings
Additions to the menu system
2.23.20.1.16 Min-Client-Strength
Closed-network function: Suppress SSID broadcast
Additions to the menu system
Closed network
SSID broadcast
IEEE 802.1x/EAP
Expert WLAN settings
The beaconing table
The roaming table
WLAN routing (isolated mode)
Addition(s) to LCOS 8.80
Closed-network function: Suppress SSID broadcast
Additions to the menu system
Closed network
SSID broadcast
Enhancements to LANconfig
Network settings
New parameter for WLAN client signal strength
Additions to the menu system
Minimum client strength
Configuring the client mode
Client settings
Set the SSID of the available networks
Encryption settings
Roaming
Addition(s) to LCOS 7.80
Multiple WLAN profiles in client mode
Introduction
Configuration
Configuring point-to-point connections
Geometric dimensioning of outdoor wireless network links
Selection of antennas using the LANCOM Antenna Calculator
Positioning the antennas
Antenna power
Antenna alignment for P2P operations
Measuring wireless bridges
Activating point-to-point operation mode
Configuration of P2P connections
Connecting point-to-point remote stations by station name
Access points in relay mode
Security for point-to-point connections
Encryption with 802.11i/WPA
LEPS for P2P connections
Addition(s) to LCOS 8.50
Auto-configuration of WLAN P2P links over serial connections
Additions to the menu system
Serial configuration
Bit rate
Addition(s) to LCOS 8.60
Point-to-point partners
Additions to the menu system
Interpoint peers
Central firmware and script management
General settings for firmware management
Firmware management table
General settings for script management
Script management table
Internal script storage (script management without an HTTP server)
DFS 2: Non-use of channels for weather radar
Bandwidth limits in the WLAN
Operating as an access point
Operating as a Client
Addition(s) to LCOS 7.70
APSD – Automatic Power Save Delivery
Introduction
Configuration
Statistics
BFWA – higher transmission power for longer ranges
Addition(s) to LCOS 7.80
ARF network for IAPP
Addition(s) to LCOS 8.50
Alarm limits for WLAN devices
Additions to the menu system
Network alarm limits
Interface
Phy signal
Total retries
TX errors
Interpoint alarm limits
Additions to the menu system
Interpoint alarm limits
Interface
Phy signal
Total retries
TX errors
IEEE 802.11e user priority converted into VLAN tags
Addition(s) to LCOS 8.60
Adjustable rate adaption algorithm
Additions to the menu system
Method
Initial rate
Minstrel averaging factor
Standard averaging factor
Addition(s) to LCOS 8.80
Spectral scan
Functions of the software module
Spectral scan analysis window
Enhancements to LANmonitor
LANmonitor application concepts
Spectral scan
Additions to the Setup menu
Operation mode
Probe settings
Ifc
Radio bands
Subbands 2.4GHz
Channel list 2.4GHz
Subbands 5GHz
Channel list 5GHz
Channel dwell time
WLAN band steering
Enhancements to LANconfig
Band steering
Additions to the Setup menu
Client steering
Operating
Criterion
Preferred band
Probe request ageout seconds
Additions to the Status menu
Seen clients
STBC / LDPC
Basics
Low Density Parity Check (LDPC)
Space Time Block Coding (STBC)
Additions to the Setup menu
Use STBC
Use LDPC
Additions to the Status menu
Rx-STBC
LDPC
Tx-STBC
Rx-STBC
LDPC
Rx-STBC
LDPC
Rx-STBC
LDPC
Tx-STBC
Rx-STBC
LDPC
Rx-STBC
LDPC
LANCOM-specific UUID information element for access points
UUID info element for LANCOM WLAN access points
Additions to the Setup menu
Include UUID
DFS
DFS4
Function and the history of development
Additions to the Setup menu
Preferred DFS scheme
PMK caching in the WLAN client mode
Additions to the Setup menu
PMK caching
PMK-Caching
Default lifetime
Additions to the Status menu
PMK caching
Contents
Authenticator
Supplicant
User name
VLAN-ID
Lifetime
Lifetime
Source
Pre-authentication in WLAN-client mode
Additions to the Setup menu
Pre-authentication
Greenfield mode for access points with IEEE 802.11n
Separate RADIUS server for each SSID
Additions to the menu system
RADIUS server profiles
Name
Access IP
Access port
Access secret
Access loopback
Access protocol
Account IP
Account port
Account secret
Account loopback
Account protocol
Backup
Network profiles
RADIUS profile
Enhancements to LANconfig
Setting up the RADIUS profiles
Selecting a RADIUS profile for a logical WLAN
Addition(s) to LCOS 8.82
Advanced ARP handling
Additions to the Status menu
ARP handling
ARP Table
ND table
ARP requests answered
ARP requests not answered
ARP requests rejected
ND searches answered
ND searches not answered
ND searches rejected
Delete values
Multicast and broadcasts in cells can be switched off
Additions to the Setup menu
Transmit-only-Unicasts
Enhancements to LANconfig
Configuration of WLAN parameters
The logical WLAN interfaces
Network settings
Addition(s) to LCOS 8.84
LANCOM Active Radio Control (ARC)
Maximum EIRP value depends on the transmission standard
Adjusting the maximum transmit rate for multicasts and broadcasts
Automatic adjustment of multicast and broadcast transmission rates
Additions to the Setup menu
Basic rate
Additions to the Status menu
Networks
IGMP snooping in auto mode
General settings
Port settings
Static members
Simulated queriers
Additions to the Setup menu
Operating
Converting DHCP responses from broadcast to unicast
Additions to the Setup menu
Convert to unicast
Adaptive noise immunity to reduce interference on the WLAN
Enhancements to LANconfig
Adaptive noise immunity for reducing interference on the WLAN
Additions to the Setup menu
Adaptive noise immunity
Additions to the Status menu
Noise immunity
Current parameters
Log table
Opportunistic key caching
Opportunistic key caching (OKC)
Enhancements to LANconfig
Logical WLAN networks
Additions to the Setup menu
OKC
Additions to the Status menu
Contents
Encryption
Feature enhancement of the WLC tunnel interface
Support for 802.11u/HotSpot 2.0 on WLAN controllers
Additions to the Status menu
IEEE802.11u
Network profiles
ANQP profiles
Hotspot2.0 profiles
Network authentication type
Cellular network information list
Venue name
NAI realms
Operator list
General
IEEE802.11u
Network profiles
ANQP profiles
Hotspot2.0 profiles
Network authentication type
Cellular network information list
Venue-Name
NAI-Realms
Operator-List
General
Additions to the Setup menu
IEEE802.11u
ANQP profiles
Name
Include-in-Beacon-OUI
Additional-OUI
Domain-List
NAI-Realm-List
Cellular-List
Network-Auth-Type-List
Auth-Parameter
Name
Cellular network information list
Name
Country-Code
Network-Code
Connection capability
Name
General
Name
Link-Status
Downlink-Speed
Uplink-Speed
IPv4-Addr-Type
IPv6-Addr-Type
Venue-Group
Venue-Type
Venue-Name
Hotspot2.0 profiles
Name
Operator name
Connection capabilities
Operating class
NAI-Realms
Name
NAI-Realm
EAP-Method
Auth-Parameter-List
Network authentication type
Name
Network-Auth-Type
Redirect-URL
Network profiles
Name
Operating
Hotspot2.0
Internet
Network type
Asra
HESSID type
HESSID MAC
ANQP profile
HS20 profile
Operator-List
Name
Language
Operator name
Venue-Name
Name
Language
Venue-Name
IEEE802.11u network profile
IEEE802.11u-General
Addition(s) to LCOS 9.00
Support of 802.11ac WLAN interfaces
Additions to the Status menu
1.3.32.68 Rx-STBC-HT
1.3.32.69 Rx-STBC-VHT
1.3.32.70 LDPC
1.3.34.49 Tx-STBC
1.3.34.50 Rx-STBC-HT
1.3.34.51 Rx-STBC-VHT
1.3.34.52 LDPC
1.3.36.1.48 Rx-STBC-HT
1.3.36.1.49 Rx-STBC-VHT
1.3.36.1.50 LDPC
1.3.43.51.42 Rx-STBC-HT
1.3.43.51.43 Rx-STBC-VHT
1.3.43.51.44 LDPC
1.3.44.44 Channel bandwidths
1.3.44.45 Channel bandwidth
1.3.44.49 Tx-STBC
1.3.44.50 TX STBC HT
1.3.44.51 TX STBC VHT
1.3.44.52 LDPC
1.3.55.39 Channel bandwidths
1.3.55.40 Channel bandwidth
1.3.55.42 Rx-STBC-HT
1.3.55.43 Rx-STBC-VHT
1.3.55.44 LDPC
1.3.57.19 Channel bandwidth
1.3.63.1.18 Channel bandwidth
Specifying client-bridge mode and bandwidth limit for each SSID
Additions to the Setup menu
2.23.20.1.11 Cl.-Brg.-Support
2.23.20.1.20 Tx limit
2.23.20.1.21 Rx limit
2.37.1.1.44 Tx limit
2.37.1.1.45 Rx limit
Separation of P2P and WLAN/SSID configuration
Configuration of P2P connections
Additions to the Setup menu
2.23.20.19 Interpoint transmission
2.23.20.19.1 Ifc
2.23.20.19.2 Packet size
2.23.20.19.3 Min-Tx-Rate
2.23.20.19.9 Max-Tx-Rate
2.23.20.19.19 EAPOL-Rate
2.23.20.19.11 Soft retries
2.23.20.19.12 Hard retries
2.23.20.19.7 11b-Preamble
2.23.20.19.16 Min. HT MCS
2.23.20.19.17 Max. HT MCS
2.23.20.19.23 Use STBC
2.23.20.19.24 Use LDPC
2.23.20.19.13 Short guard interval
2.23.20.19.18 Min.-Spatial-Streams
2.23.20.19.14 Max. spatial streams
2.23.20.19.15 Send aggregates
2.23.20.19.22 Receive-Aggregates
2.23.20.19.20 Max.-Aggr.-Packet-Count
2.23.20.19.6 RTS threshold
2.23.20.19.10 Min.-Frag.-Length
2.23.20.20 Interpoint-Encryption
2.23.20.20.1 Ifc
2.23.20.20.2 Encryption
2.23.20.20.3 Default-Key
2.23.20.20.4 Method
2.23.20.20.9 WPA version
2.23.20.20.12 WPA1 session key types
2.23.20.20.13 WPA2-Session-Key
2.23.20.20.11 WPA-Rekeying-Cycle
2.23.20.20.19 WPA2-Key-Management
Flexible WLAN capture format
Additions to the Setup menu
2.12.86 Packet-Capture
2.12.86.1 WLAN-Capture-Format
Band steering with delayed scan at 2.4 GHz
Additions to the Setup menu
2.12.87.5 Initial block time
Advanced wireless LAN traces
Additions to the Setup menu
2.12.124 Trace-Mgmt-Packets
2.12.125 Trace-Data-Packets
Fast roaming as per IEEE 802.11r
Additions to the Status menu
1.3.32.63 Fast roaming
1.3.32.64 WPA2-Key-Management
1.3.36.1.44 WPA2-Key-Management
1.3.43.51.40 WPA2-Key-Management
Additions to the Setup menu
2.23.20.3.19 WPA2-Key-Management
2.23.20.20.19 WPA2-Key-Management
2.37.1.1.41 WPA2-Key-Management
WPA2 with AES as factory setting
WLAN protected management frames (PMF)
Additions to the Status menu
1.3.32.67 Prot.-Mgmt-Frames
1.3.34.47 Prot.-Mgmt-Frames
1.3.36.1.47 Prot.-Mgmt-Frames
1.3.36.3.3 Key type
1.3.36.3.24 RSC-MGMT
1.3.41.3 Key type
1.3.41.24 RSC-MGMT
1.3.42.23 RSC-MGMT
1.3.43.51.41 Prot.-Mgmt-Frames
1.3.44.47 Prot.-Mgmt-Frames
1.3.47.3 Key type
1.3.47.24 RSC-MGMT
1.3.55.41 Prot.-Mgmt-Frames
Additions to the Setup menu
2.23.20.3.14 Prot.-Mgmt-Frames
2.23.20.20.14 Prot.-Mgmt-Frames
2.37.1.1.43 Prot.-Mgmt-Frames
Redundant connections using PRP
Basic function
Advantages of WLAN PRP
Implementation of PRP in the access points
Dual roaming
Diagnostic options
Tutorial: Setting up a PRP connection over a point-to-point network (P2P)
Tutorial: Roaming with a dual-radio client and PRP
Additions to the Setup menu
2.4.13.11.1 Interface bundling
2.4.13.1 Interfaces
2.4.13.1.1 Interface
2.4.13.1.2 Operating
2.4.13.1.3 Protocol
2.4.13.1.4 MAC address
2.4.13.1.5 Interface-A
2.4.13.1.6 Interface-B
2.4.13.11 Interfaces
2.4.13.11.1 Interfaces
2.4.13.11.1.1 Interface
2.4.13.11.1.2 Duplicate-accept
2.4.13.11.1.3 Transparent-mode
2.4.13.11.1.4 Life-Check-Interval
2.4.13.11.1.5 Node-forget-time
2.4.13.11.1.6 Entry-forget-time
2.4.13.11.1.7 Node-Reboot-Interval
2.4.11.1.8 Dup-Elimination-Buffer-Size
2.4.13.11.1.9 Send supervision packets
2.4.13.11.1.10 Node-Name
2.4.13.11.1.11 Evaluate-Sup.-Frames
Addition(s) to LCOS 9.10
Upgrade to 16 SSIDs per WLAN module
WLAN disabled by default
Wildcards for MAC address and SSID filters
Access-control list
Additions to the Setup menu
2.12.89 Access rules
2.12.89.1 MAC address pattern
2.12.89.2 Name
2.12.89.3 Comment
2.12.89.4 WPA passphrase
2.12.89.5 Tx-Limit
2.12.89.6 Rx-Limit
2.12.89.7 VLAN-ID
2.12.89.9 SSID pattern
2.37.21 Access rules
2.37.21.1 MAC address pattern
2.37.21.2 Name
2.37.21.3 Comment
2.37.21.4 WPA passphrase
2.37.21.5 Tx-Limit
2.37.21.6 Rx-Limit
2.37.21.7 VLAN-ID
2.37.21.9 SSID pattern
Conformity with current ETSI radio standards in the 2.4GHz/5GHz bands
DFS configuration
Additions to the Setup menu
2.23.20.8.20 Preferred DFS scheme
2.23.20.8.28 Preferred 2.4 scheme
Time of the DFS rescan configurable via LANconfig
P2P support for 802.11ac
Client mode for 802.11ac
Bandwidth limit for each WLAN client per SSID
Additions to the Setup menu
2.23.20.1.23 Per-Client-Tx-Limit
2.23.20.1.24 Per-Client-Rx-Limit
Opportunistic key caching (OKC) adjustable on the client side
Additions to the Setup menu
2.23.20.3.17 OKC
Counter for WPA login attempts
Additions to the Status menu
1.46.3 Ports
1.46.3.1 Port
1.46.3.2 Num-accept
1.46.3.3 Num-reject
1.3.64.20 WPA-PSK-Num-Wrong-Passphrase
1.3.64.21 WPA-PSK-Num-Success
1.3.64.22 WPA-PSK-Num-Failures
Point-to-point links via 802.11ac
Additions to the Setup menu
2.12.130.9 Channel change delay
Additions to the Status menu
1.46.99 Delete values
Addition(s) to LCOS 9.20
Adaptive RF Optimization
Setting up Adaptive RF Optimization with LANconfig
Managed RF Optimization
Managed RF Optimization
Enabling channel selection via the status menu
Setting up Managed RF Optimization with LANconfig
Manual channel change in LANmonitor
Airtime Fairness
Setting up Airtime Fairness with LANconfig
Encrypted OKC via IAPP
Encrypted OKC via IAPP
Fast roaming
Fast roaming with IAPP
Wireless Intrusion Detection System (WIDS)
Configuring WIDS on the AP with LANconfig
Configuring WIDS profiles on the WLC with LANconfig
Status counters for failed WPA-PSK/IEEE 802.1X login attempts
Status counters for WPA-PSK login attempts
Status counters for IEEE 802.1X login attempts
Adaptive transmission power
Adaptive transmission power
Setting up Adaptive Transmission Power with LANconfig
Improved start-up conditions for WLAN RADIUS accounting
Selecting a RADIUS server profile for 802.1X authentication
Configurable data rates per WLAN module
Configurable data rates per WLAN module
Configuring the data rates with LANconfig
Maximum length of the AP device name in the WLC config increased to 64 characters
LANconfig: Modified WLAN encryption dialog
WLAN Management
Starting position
Technical concepts
The CAPWAP standard
Smart controller technology
Communication between access point and WLAN controller
Zero-touch management
Split management
Basic configuration of the WLAN controller function
Setting the time information for the WLAN controller
Example: Default configuration
Assigning the default configuration to the new access points
Configuring the access points
Configuration
General settings
Profiles
WLAN profiles
General LBS profile and device location profile
Device LED profiles
ESL- and iBeacon profiles
Inheritance of parameters
Logical WLAN networks
Physical WLAN parameters
Access point configuration
IP parameter profiles
List of access points
Stations
Options for the WLAN controller
Event notification
Default parameters
Tutorial: Virtualization and guest access accounts via the WLAN controller
Wireless LAN configuration of the WLAN controllers
Configuring the switch
Configuring the IP networks in the WLAN controller
Configuring Public Spot access accounts
Configuring the RADIUS server for Public Spot use
Configuring Internet access for the guest network
WLAN layer-3 tunneling
Introduction
Tutorials
Overlay network: Separating networks for access points without using VLAN
"Layer 3 roaming"
WLAN controller with Public Spot
IP-dependent auto configuration and tagging of APs
Setting up assignment groups for IP-dependent auto configuration
Setting up tag groups for the detailed selection of APs
Tutorial: Virtualization and guest access accounts via the LANCOM WLAN controller
Wireless LAN configuration of the WLAN controllers
Configuring the switch
Configuring the IP networks in the WLAN controller
Configuring Public Spot access
Configuring the RADIUS server to operate a Public Spot
Configuring Internet access for the guest network
Access point administration
Accepting new access points into the WLAN infrastructure manually
Using LANmonitor to accept access points
Accepting access points via WEBconfig with provision of a certificate
Accepting access points via WEBconfig with provision of a certificate and configuration
Manually removing access points from the WLAN infrastructure
Deactivating access points or permanently removing them from the WLAN infrastructure
Deactivating an access point
Permanently removing an access point from the WLAN infrastructure
Central firmware and script management
General settings for firmware management
Firmware management table
General settings for script management
Script management table
Internal script storage (script management without an HTTP server)
WLAN layer-3 tunneling
Introduction
Tutorials
Overlay network: Separating networks for access points without using VLAN
Layer-3 roaming
WLAN controller with Public Spot
RADIUS
Checking WLAN clients with RADIUS (MAC filter)
External RADIUS server
Dynamic VLAN assignment
Activating 802.1x accounting for logical WLANs in WLAN controllers
Displays and commands in LANmonitor
Automatic RF optimization
Channel-load display in WLC mode
Backing up the certificates
Create backups of the certificates
Uploading a certificate backup into the device
Backing up and restoring further files from the SCEP-CA
Backup solutions
Backup with redundant WLAN controllers
Backup with primary and secondary WLAN controllers
Primary and secondary controllers
Addition(s) to LCOS 9.10
Backup connections for dual-SIM devices
Configuration of the backup connection
Additions to the Setup menu
2.2.24.4 Fallback minutes
Addition(s) to LCOS 8.82
Band steering via WLAN controller
Enhancements to LANconfig
Configuration
Profiles
Logical WLAN networks
Physical WLAN parameters
Additions to the Setup menu
Report-seen-clients
Client-Steering
Preferred-Band
Proberequest-Ageout-Seconds
Min-Client-Strength
Addition(s) to LCOS 9.00
AutoWDS – wireless integration of APs via P2P connections
Notes on operating AutoWDS
How it works
Deploying the AutoWDS base network
Differences between the integration modes
Designing the topology
Updating the AP configuration and establishing the P2P link
Connectivity loss and reconfiguration
Configuration timeouts
Example: Failure of an AP
Setup by means of preconfigured integration
Configuring the WLC
Configuring the APs
Accelerating preconfigured integration by pairing
Express integration
Configuring the WLC
Configuring the APs
Switching from express to preconfigured integration
Manual topology management
Configuring the WLC
Redundant paths by means of RSTP
Additions to the Status menu
1.3.32.62 AutoWDS
1.3.34.42 AutoWDS
1.3.44.42 AutoWDS
1.59.106 AutoWDS profile
1.59.106.1 Name
1.59.106.3 SSID
1.59.106.4 Key
1.59.106.5 Net-Number
1.59.106.6 Active
1.59.106.7 Allow-Express-Integration
1.59.106.15 Time-till-Preconf-Scan
1.59.106.16 Time-till-Express-Scan
1.59.106.17 Interface-Pairing
1.59.107 AutoWDS-Topology
1.59.107.1 AutoWDS profile
1.59.107.2 Priority
1.59.107.3 Slave-AP-Name
1.59.107.4 Slave-AP-WLAN-Ifc.
1.59.107.5 Slave-AP-WLAN-MAC
1.59.107.6 Master-AP-Name
1.59.107.7 Master-AP-WLAN-Ifc.
1.59.107.8 Master-AP-WLAN-MAC
1.59.107.9 Key
1.59.107.10 Active
1.59.107.12 Slave-Tx-Limit
1.59.107.13 Master-Tx-Limit
1.59.107.14 Link-Loss-Timeout
1.59.107.16 Continuation
1.59.107.17 Generated
1.59.107.19 P2P index
1.59.107.20 P2P-Role
1.59.109 AutoWDS operation
1.59.109.1 Active scan mode
1.73.2.11 AutoWDS-Profile
1.73.2.11.1 Name
1.73.2.11.2 Commonprofile
1.73.2.11.3 SSID
1.73.2.11.4 Key
1.73.2.11.6 Active
1.73.2.11.7 Allow-Express-Integration
1.73.2.11.8 Topology-Management
1.73.2.11.10 Slave-Tx-Limit
1.73.2.11.11 Master-Tx-Limit
1.73.2.11.12 Link-Loss-Timeout
1.73.2.11.14 Continuation
1.73.2.11.15 Time-till-Preconf-Scan
1.73.2.11.16 Time-till-Express-Scan
1.73.2.11.17 Interface-Pairing
1.73.2.12 AutoWDS-Topology
1.73.2.12.1 AutoWDS profile
1.73.2.12.2 Priority
1.73.2.12.3 Slave-AP-Name
1.73.2.12.4 Slave-AP-WLAN-Ifc.
1.73.2.12.5 Slave-AP-WLAN-MAC
1.73.2.12.6 Master-AP-Name
1.73.2.12.7 Master-AP-WLAN-Ifc.
1.73.2.12.8 Master-AP-WLAN-MAC
1.73.2.12.9 Key
1.73.2.12.10 Active
1.73.2.12.12 Slave-Tx-Limit
1.73.2.12.13 Master-Tx-Limit
1.73.2.12.14 Link-Loss-Timeout
1.73.2.12.16 Continuation
1.73.2.12.17 Generated
1.73.2.12.18 State
1.73.2.13 AutoWDS-Auto-Topology
1.73.2.13.1 AutoWDS profile
1.73.2.13.2 Priority
1.73.2.13.3 Slave-AP-Name
1.73.2.13.4 Slave-AP-WLAN-Ifc.
1.73.2.13.5 Slave-AP-WLAN-MAC
1.73.2.13.6 Master-AP-Name
1.73.2.13.7 Master-AP-WLAN-Ifc.
1.73.2.13.8 Master-AP-WLAN-MAC
1.73.2.13.9 Key
1.73.2.13.10 Active
1.73.2.13.12 Slave-Tx-Limit
1.73.2.13.13 Master-Tx-Limit
1.73.2.13.14 Link-Loss-Timeout
1.73.2.13.16 Continuation
1.73.2.13.17 Generated
1.73.2.13.18 State
1.73.2.14 AutoWDS-Prof.-Errors
1.73.2.14.1 Index
1.73.2.14.2 Name
1.73.2.14.3 Error
1.73.2.14.4 Network/AP-Parameters
1.73.2.15 AutoWDS-Topo.-Errors
1.73.2.15.1 Index
1.73.2.15.2 AutoWDS profile
1.73.2.15.3 Priority
1.73.2.15.4 Slave-AP-Name
1.73.2.15.5 Slave-AP-WLAN-Ifc.
1.73.2.15.6 Slave-AP-WLAN-MAC
1.73.2.15.7 Master-AP-Name
1.73.2.15.8 Master-AP-WLAN-Ifc.
1.73.2.15. Master-AP-WLAN-MAC
1.73.2.15. Error
1.73.9.3.7 AutoWDS-Integration
Additions to the Setup menu
2.59.4 AutoWDS
2.59.4.1 Active
2.59.4.2 Preconf-SSID
2.59.4.3 Preconf-Key
2.59.4.4 Time-till-Preconf-Scan
2.59.4.5 Time-till-Express-Scan
2.37.1.3.7 Configuration delay
2.37.1.15 AutoWDS-Profile
2.37.1.15.1 Name
2.37.1.15.2 Commonprofile
2.37.1.15.3 SSID
2.37.1.15.4 Key
2.37.1.15.6 Enabled
2.37.1.15.7 Allow-Express-Integration
2.37.1.15.8 Topology-Management
2.37.1.15.10 Slave-Tx-Limit
2.37.1.15.11 Master-Tx-Limit
2.37.1.15.12 Link-Loss-Timeout
2.37.1.15.14 Continuation
2.37.1.15.15 Time-till-Preconf-Scan
2.37.1.15.16 Time-till-Express-Scan
2.37.1.15.17 Interface-Pairing
2.37.1.15.18 Slave-Radio-Multi-Hop
2.37.1.15.19 Band
2.37.1.15.20 Band
2.37.1.16 AutoWDS-Topology
2.37.1.16.1 AutoWDS-Topology
2.37.1.16.2 Priority
2.37.1.16.3 Slave-AP-Name
2.37.1.16.4 Slave-AP-WLAN-Ifc.
2.37.1.16.6 Master-AP-Name
2.37.1.16.7 Master-AP-WLAN-Ifc.
2.37.1.16.9 Key
2.37.1.16.10 Active
2.37.1.16.12 Slave-Tx-Limit
2.37.1.16.13 Master-Tx-Limit
2.37.1.16.14 Link-Loss-Timeout
2.37.1.16.16 Continuation
IP-dependent auto configuration and tagging of APs
Setting up assignment groups for IP-dependent auto configuration
Setting up tag groups for the detailed selection of APs
Additions to the Status menu
1.73.2.5 Netw.-Prof.-Errors
1.73.2.5.1 Index
1.73.2.5.2 Name
1.73.2.20.3 Error
1.73.2.8 AP-Conf.-Errors
1.73.2.8.1 Index
1.73.2.8.2 Name
1.73.2.8.3 Error
1.73.2.8.4 Profile
1.73.2.8.5 MAC address
1.73.2.8.6 Group
1.73.2.10 AP-Intranet-Errors
1.73.2.10 Index
1.73.2.10.2 Name
1.73.2.10.3 Error
1.73.2.19 Config-Assignment-Groups
1.73.2.19.1 Name
1.73.2.19.2 Profile
1.73.2.19.3 AP-Intranet
1.73.2.19.4 IPv4-Reference-Pool-Start
1.73.2.19.5 IPv4-Reference-Pool-End
1.73.2.20 Groups-Config-Errors
1.73.2.20.1 Index
1.73.2.20.2 Group
1.73.2.20.3 Error
1.73.2.21 Tag groups
1.73.2.21.1 Name
Additions to the Setup menu
2.37.1.4.24 Groups
2.37.1.9.9 IPv4-Config-Pool-Start
2.37.1.9.10 IPv4-Config-Pool-End
2.37.1.18 Config-Assignment-Groups
2.37.1.18.1 Name
2.37.1.18.2 Profile
2.37.1.18.3 AP-Intranet
2.37.1.18.4 IPv4-Reference-Pool-Start
2.37.1.18.5 IPv4-Reference-Pool-End
2.37.1.18.6 Client-Steering-Profile
2.37.1.20 Tag groups
2.37.1.20.1 Name
Enhancements to command-line commands
Overview of CAPWAP parameters with the show command
Automatic selection of the 2.4-/5-GHz mode
Additions to the Status menu
1.73.2.2.6 2.4-GHz mode
1.73.2.2.7 5GHz mode
Additions to the Setup menu
2.37.1.2.6 2.4-GHz mode
2.37.1.2.7 5GHz mode
WLC cluster
WLC tunnel for internal communication
Additions to the Setup menu
2.37.34 WLC cluster
2.37.34.6 WLC-Tunnel-active
2.37.34.4 WLC-Discovery
2.37.34.4.1 Network
2.37.34.4.2 Enabled
2.37.34.4.3 Port
2.37.34.2 WLC-Data-Tunnel-active
2.37.34.3 Static WLC list
2.37.34.3.1 IP address
2.37.34.3.2 Loopback-Addr.
2.37.34.3.3 Port
Setting up a CA hierarchy
Configuring the root-CA
Configuring the sub-CA
Additions to the Setup menu
2.39.2.11 Root CA
2.39.2.12 CA-Path-Length
2.39.2.13 Sub-CA
2.39.2.13.1 Auto-generated-request
2.39.2.13.2 CADN
2.39.2.13.3 Challenge-Pwd
2.39.2.13.4 Ext-Key-Usage
2.39.2.13.5 Cert-Key-Usage
2.39.2.13.8 CA-Url-Address
2.39.2.13.9 Restart
Enabling/disabling CAPWAP in the WLC
Additions to the Setup menu
2.37.36 CAPWAP-enabled
Finding the ideal WLC
Additions to the Setup menu
2.37.37 Preference
Determining the ideal AP distribution
Manually initiate ideal AP distribution
Additions to the Setup menu
2.37.34.5 Trigger-WLC-rediscovery-on-WTPs
One-click backup of the SCEP-CA
Automatic restart of managed APs after firmware update
Load firmware in managed AP
Automatic search for alternative WLCs
U-APSD configurable by WLC
Additions to the Status menu
1.73.2.1.42 APSD
1.53.103.42 APSD
Additions to the Setup menu
2.37.1.1.42 APSD
Group-related radio field optimization
Adding new APs with the WEBconfig Setup Wizard
Additions to the Status menu
2.37.7 Accept-AP
Maximum bandwidth can be adjusted for each WLAN module
Additions to the Status menu
1.3.32.66 Channel bandwidths
1.3.34.44 Channel bandwidths
1.3.34.45 Channel bandwidth
1.3.36.1.46 Channel bandwidths
Additions to the Setup menu
2.23.20.8.24 Max. channel bandwidth
2.37.1.4.25 Module-2-Max.-Channel-Bandwidth
2.37.1.4.26 Module-1-Max.-Channel-Bandwidth
Client steering by WLC
Configuration
Additions to the Status menu
1.73.123 Client steering
1.73.123.1 Active
1.73.123.3 Client-steering-success-rate
1.73.123.4 Client info
1.73.123.4.1 Client-MAC
1.73.123.4.2 APs-got-OK
1.73.123.4.3 State
Additions to the Setup menu
2.37.1.4.27 Client-Steering-Profile
2.37.1.18.6 Client-Steering-Profile
2.37.40 Client steering
2.37.40.11 Trace-Mac
2.37.40.17 Show statistics
2.37.40.19 Profiles
2.37.40.19.1 Name
2.37.40.19.2 Tolerance level
2.37.40.19.4 Signal weighting
2.37.40.19.5 Associated-Clients-Weighting
2.37.40.19.6 Radio weighting
2.37.40.19.9 Preferred band
2.37.40.19.10 Disassociation-Threshold
2.37.40.19.11 Time-to-Disassociation
2.37.40.20 Client-MAC-Statistic-Filter
Automatic frequency-band selection
Additions to the Setup menu
2.37.1.5 WLAN module 1 default
2.37.1.6 WLAN module 2 default
Addition(s) to LCOS 9.10
AutoWDS operation
Additions to the Status menu
1.59.109.2 CAPWAP up
1.59.109.3 CAPWAP up again after config
1.59.109.4 AutoWDS fallback timer
1.59.109.5 AutoWDS fallback force deassoc timer
1.59.109.6 CAPWAP continuation timer
1.59.109.7 CAPWAP silent timer
Disable responses to CAPWAP requests from a WAN connection
Protection against unauthorized CAPWAP access from the WAN
Additions to the Setup menu
2.37.29 Allow WAN connections
Additional date information for central firmware management
Firmware management table
Additions to the Setup menu
2.37.27.15.5 Date
Display of channel and frequency of clients logged on to the AP
Additions to the Status menu
1.73.100.27 Radio band
1.73.100.28 Radio channel
Using LANconfig to backup certificates
Using LANconfig to backup and restore certificates
Displaying the certificate status of an AP
Additions to the Status menu
1.73.9.3.9 Certificate status
On/off switch for AP LEDs per WLC
Device LED profiles
Additions to the Setup menu
2.37.1.21 LED profiles
2.37.1.21.1 Name
2.37.1.21.4 LED mode
2.37.1.21.5 LED off seconds
2.37.1.3.8 LED profiles
Additions to the Status menu
1.59.110 LED profiles
1.73.2.23 LED profiles
1.73.2.23.1 Name
1.73.2.23.4 LED mode
1.73.2.23.5 LED off seconds
1.73.2.3.8 LED profiles
1.73.2.22 LED prof. errors
1.73.2.22.1 Index
1.73.2.22.2 Index
1.73.2.22.3 Error
Managing Wireless-ePaper and iBeacon profiles with WLCs
ESL- and iBeacon profiles
Additions to the Setup menu
2.23.90.1 iBeacon
2.23.90.1.2 UUID
2.23.90.1.3 Major
2.23.90.1.4 Minor
2.23.90.1.5 Reception power shift
2.23.90.1.6 Transmission power
2.23.90.1.7 Channel/channels
2.23.90.1.8 Coexistence
2.88 Wireless ePaper
2.88.2 Port
2.88.3 Channel
The modules iBeacon and Wireless ePaper have an additional "Managed" mode
Additions to the Setup menu
2.23.90.1 iBeacon
2.23.90.1.1 Operating
2.88 Wireless ePaper
2.88.1 Operating
WLAN profiles divided into basic and advanced profiles
General LBS profile and device location profile
General LBS profile and device location profile
Additions to the Status menu
1.73.2.3 Common profiles
Additions to the Setup menu
2.37.1.3.9 LBS general profile
Additions to the Status menu
1.73.123.9 Acquire statistical data
WLC Clustering Wizard
Addition(s) to LCOS 9.20
WIDS integration in WLCs
Managing the Wireless Intrusion Detection System with WLC profiles
Using LANconfig to manage WIDS profiles
Viewing WIDS statistics with LANmonitor
Automatically switch off IAPP if a CAPWAP tunnel exists
Multiple configurable AutoWDS profiles
Public Spot
Introduction
What is a Public Spot?
The solution: (W)LAN technology
User authorization and authentication
Accounting
Logging
Possible application scenarios
Guest access accounts in hotels
Guest access in sport arenas
Guest access at camping grounds
Guest access in schools and universities
Guest access in companies
Guest access for providers
Guest access in gastronomy
Overview of the Public Spot module
Open User Authentication (OUA)
Typical procedure for an online session with OUA
OUA can be employed universally
Security in the (W)LAN
Security for the operator
Security for the user
Setup wizard for Public Spots
Wizard for creating and managing users
Setup and operation
Basic configuration
Basic installation of a Public Spot for simple scenarios
Installation using the setup wizards
Manual installation
Setting default values for the Public Spot wizard
Setting up limited administrator rights for Public Spot managers
Setting up and managing Public Spot users for simple scenarios
Setup and management using the Setup Wizard (WEBconfig)
Adding Public Spot users with a single click and voucher printing
Wizard for Public Spot user management
Manual set up and management
Security settings
Traffic limit option
Restricting access to the configuration
Extended functions and settings
Multiple logins
Setting default values
Enabling multiple logins in the new user wizard
Open access networks (no login)
DNS snooping
Managing Public Spot users via the web API
URL structure
Adding a Public Spot user
Modifying a Public Spot user
Deleting a Public Spot user
Bandwidth profile
Manage bandwidth profiles
Assigning bandwidth profiles
Clear user list automatically
Station monitoring
WLAN handover of sessions between devices
IAPP (inter access point protocol)
Authentication via RADIUS
Multiple authentication servers
Chaining of backup servers
Billing without a RADIUS accounting server
Billing via RADIUS accounting server
Request types
Accounting backup
Multi-level certificates for PublicSpots
Assigning users to individual VLANs
Alternative login methods
Overview of authentication modes
Independent user authentication (Smart Ticket)
Configuring e-mail/SMS authentication
Standard texts for e-mail sender, subject line and body
Automatic re-login
Automatic authentication with the MAC address
The MAC-address check procedure
Authentication of the MAC address by RADIUS
Configuration in LANconfig
Automatic authentication via WISPr
Configuring WISPr
IEEE 802.11u and Hotspot 2.0
Hotspot operators and service providers
Functional description
Login by an 802.11u-enabled client at a Hotspot 2.0
Recommended general settings
Configuration menu for IEEE 802.11u / Hotspot 2.0
Activating interfaces
Configuring ANQP data packets
Venue information and group
ANQP profiles
NAI realms
Cellular network information list
Network authentication types
Configuring Hotspot 2.0
Hotspot 2.0 profiles
Operator list
LANCOM Public Spot XML interface
Functionality
Setting up the XML interface
Analyzing the XML interface using cURL
Commands
Login
Logout
Status
Interface for property management systems
Functional description
Configuring the PMS interface
Advanced settings
Default and customized authentication pages
Possible pages
Pre-installed default pages
Customizing the standard pages
Customized text on the login page
Custom header images for variable screen widths
Configuration of user-defined pages
URL placeholder (template variables)
User-defined pages via HTTP redirect
User-defined pages via page templates
Auto-fallback
Passed HTTP attributes
Page template syntax
Page template identifiers
Graphics in user-defined pages
Access to the Public Spot
Requirements for logging in
Logging in to the Public Spot
Session information
Logging out of the Public Spot
Advice and help
The Public Spot login page is not displayed
Login not working
It is no longer possible to login
The session information window is not being displayed
The Public Spot requests a new login for no reason (WLAN)
Tutorials for setting up and using Public Spots
Virtualization and guest access via WLAN controller with VLAN
Objectives
Establish
Wireless LAN configuration of the WLAN controllers
Configuring the switch (LANCOM ES-2126+)
Configuring the switch (LANCOM GS-2326P)
Configuring the IP networks in the WLAN controller
Configuring Public Spot access accounts
Configuring the internal RADIUS server for Public Spot operation
Configuring Internet access for the guest network
Virtualization and guest access via WLAN controller without VLAN
Overlay network: Separating networks for access points without using VLAN
WLAN controller with Public Spot
Setting up an external RADIUS server for user administration
Internal and external RADIUS servers combined
Realm tagging for RADIUS forwarding
Configuring RADIUS forwarding
Checking WLAN clients with RADIUS (MAC filter)
Setting up an external SYSLOG server
Configuring an external SYSLOG server
Appendix
Commonly transmitted RADIUS attributes
Messages to and from the authentication server
Transferred attributes
Processed attributes
Messages to/from the accounting server
Transferred attributes
Processed attributes
RADIUS attributes transmitted via WISPr
Expert settings for the PMS interface
Accounting
Cleanup-Accounting-Table-Period
Save-to-Flashrom-Period
Update-Accounting-Table-Period
Login-Form
Free-VIP-Status
Status
Fidelio-Free-Additional-check
Fidelio-Free-VIP-Additional-check
Fidelio-Charge-Additional-check
PMS-Login-Form
PublicSpot-Login-Form
Guest-name-case-sensitive
Separator
Character set
Addition(s) to LCOS 8.84
Any phone number format for Smart Ticket
Sending login data via a GSM-capable device (Smart Ticket)
Configuring SMS authentication
Operating devices with the 3G/4G WWAN module as an SMS gateway
Additions to the Setup menu
Send SMS
HTTP user name
HTTP password
HTTP gateway address
Terms of use when authenticating with name, password (and MAC address)
Additions to the Setup menu
User must accept GTC
Advanced configuration of user templates with LANconfig
Setting default values for the Public Spot wizard
Setting default values for the user templates
Multi-lingual login and text messaging
Customizing text message content
Variables and control characters
Standard texts for e-mail sender, subject and body
Additions to the Setup menu
Name
Language
Content
Body
Language
Content
Subject
Language
Content
Name
Language
Content
Body
Language
Content
Subject
Language
Content
Login text
Language
Content
New URL placeholders (template variables)
User-dependent HTML output on the voucher
Show/hide the LANCOM logo and header image in the voucher
Additions to the Setup menu
Print logo and headerboard
Additional languages for the authentication pages
Special template pages for Smart Ticket
Login pages depending on the login mode
Setting up an error page in case of WAN connection failure
Additions to the Setup menu
WAN connection
Template caching
Additions to the Status menu
Flush template cache
Additions to the Setup menu
Template cache
Quick link to the session information window
Additions to the Setup menu
Print logout link
Addition(s) to LCOS 9.00
Number format for Smart Ticket
Viewing Public Spot clients
Displaying advertising to Public Spot users
Additions to the Setup menu
2.24.43 Advertisement
2.24.43.1 Active
2.24.43.2 Interval
2.24.43.3 URL
2.24.43.3.1 Contents
2.24.43.4 User-Agent-White-List
2.24.43.4.1 User-Agent
2.24.43.5 Process-WISPr-Redirect-URL
2.24.43.6 Free networks
2.24.43.6.1 Host name
2.24.43.6.2 Mask
Extensions to the RADIUS attributes
Additional attributes for the XML interface
Dynamic change of a user session via the XML interface
Addition(s) to LCOS 9.10
Restricting administrators to voucher output only
Wizard for creating and managing users
Setting up limited administrator rights for Public Spot managers
Specify volume budget on vouchers
XML interface: Enhanced VLAN handling
Additions to the Setup menu
2.24.47 Check origin VLAN
2.24.31.3 VLANs
Messages to and from the authentication server
Transferred attributes
Processed attributes
"Small header image": Optimized display for 19" devices
New button "Manage user wizard"
Additions to the Setup menu
2.24.19.20 Hide-User-Management-Button
Only show user accounts generated by the currently logged-on administrator
Additions to the Setup menu
2.24.44.11 show-all-users-admin-independent
Evaluation of DHCP option 82 in RADIUS and Public Spot
AP-specific login to a central Public Spot
Additions to the Setup menu
2.24.48 Circuit-IDs
2.24.48.1 Administrator
2.24.48.2 Circuit ID
Additions to the Status menu
1.44.11 Max. no. users
1.44.12 PbSpot authenticated users
1.44.13 PMS authenticated users
1.44.14 Local configured users
Additions to the Setup menu
2.24.19.18 Password input set
2.24.19.19 Hide CSV export
Addition(s) to LCOS 9.20
Shorter units for absolute expiry
Circuit ID as a Public Spot URL-redirect variable
Creating Public Spot users on a remote Public Spot gateway
Creating Public Spot users on a remote Public Spot gateway
PMS template: Accept GTC
Hiding fields in the setup wizard "Manage Public Spot Account"
Hiding fields in WEBconfig
Redirect for HTTPS connections switchable
Redirect for HTTPS connections
Printout of bandwidth profile on the voucher
Template preview
Template preview in WEBconfig
Logging DNS requests and responses to external SYSLOG servers
Logging DNS requests and responses to external SYSLOG servers
Protection against brute force attacks
Protection against brute force attacks
LANCOM Location Based Services (LBS)
Addition(s) to LCOS 9.20
Dynamic and persistent tracking lists for WLAN clients
Using the LBS tracking lists of Public Spot users
Voice over IP (VoIP)
Introduction
PC-to-PC communication
PC-to-phone and phone-to-PC communication
VoIP implementation in the LANCOM VoIP Router
Example Applications
Supplementing existing ISDN PBXs
Connecting subsidiaries or home offices to the headquartersVoIP:Connecting subsidiaries or home offices
VoIP for companies through SIP trunking
Connecting local ISDN lines with a remote SIP gateway
Connecting sites without a SIP PBXSIP PBX
The central position of the LANCOM VoIP Router
Users and lines
Call switching: Call routingCall routing
SIP proxy and SIP gateway
User registration at the SIP proxy;VoIP:SIP proxySIP proxy
Registration at the LANCOM VoIP Router (local registration)
Registration at an upstream SIP PBX (upstream registration)
Particular aspects for ISDN users
Dynamic ISDN users at point-to-point connections
Number translation at network transitions
The Call Manager
Making telephone calls with the LANCOM VoIP Router
Automatic outside line access
Dialing various numbering areas
Special numbers
Dialing using specific lines
Flash/Call hold;VoIP:Flash/Call holdCall hold, Swap;VoIP:Swaptransfer call, Transfer;VoIP:Transferconnect call
Transfer of DTMF tones
DTMF signaling configuration
Transfer toll information to the internal ISDN buses
Supporting digital calls
Configuration of VoIP parameters
General settings
Configuration of users
General settings for all SIP users
SIP users
General settings for all ISDN users
ISDN interfaces
ISDN users
General settings for all analog users
Analog interfaces
General settings for all SIP, ISDN and analog users
User settings
Line configuration
SIP provider line
SIP mapping
SIP PBX line
ISDN lines
ISDN mapping
Analog line
Call Manager Configuration
Process of call routing
Handling the calling party ID
Handling outgoing calls
Handling incoming calls
Call-routing table parameters
Hunt-group functions
Codecs
Extended settings
PBX functions for LANCOM VoIP Router
Connect and forward call
Active and passive transfer
Call transfer with and without consulting
Charges for calls when transferring to external users
The LANCOM VoIP Router's job during call transfer
Active forwarding to local users
Spontaneous call management by the user
Functions for spontaneous call management
Using spontaneous call management with various telephones
Configure permanent call forwarding
Triggering call forwarding
Configuring user settings in the LANconfig see
Configuring user settings with the telephone with character strings
Fax via T.38 – Fax over IP (FoIP)
Hunt groups with call distribution
Introduction
Call distribution
Cascading of hunt groups
Configuring hunt-group functions , see
Multi-login
VoIP media proxy – Optimized management for SIP connections
Multiple media streams in one SIP connection
Management of media streams in case of an upstream SIP PBX
Managing the media streams in the firewall
Automatic QoS rules for media streams
Handling subscribers using different codecs
SIP-ID as switchboard number with trunk lines
Switching at the SIP provider
Handling canonical telephone numbers
Processing Destination Domains
Registration at upstream exchanges
Switching internal calls
ISDN interface configuration
Point-to-multipoint and point-to-point connections
Bus termination, life-line support and power relay
Protocol setting
ISDN connection timing
Configuration examples
VoIP telephony for stand-alone use
Destination
Requirements
Using the information during configuration
Configuring the LANCOM
Configuring the VoIP terminal equipment
Defining the SIP account in the LANCOM Advanced VPN Client to register at the LANCOM VoIP Router or at a PBX
Call routing procedure on outgoing calls
Call routing procedure on incoming calls
Using VoIP telephony to extend the upstream ISDN PBX
Destination
Requirements
Using the information during configuration
Dialing plans with ISDN PBX systems.
Configuring the LANCOM
Configuring the VoIP terminal equipment
Configuring ISDN PBX
External and internal calls from ISDN terminal devices into VoIP telephony
Configuring the ISDN terminal equipment
Call routing procedure on outgoing calls
Call routing procedure on incoming calls
Using VoIP telephony to extend the downstream ISDN PBX
Destination
Requirements
Using the information during configuration
Dialing plans with ISDN PBX systems.
Configuring the LANCOM
Routes for spontaneous outside line access
Configuring the VoIP terminal equipment
Configuring ISDN PBX
Configuring the ISDN terminal equipment
Call routing procedure on outgoing calls
Call routing procedure on incoming calls
Using VoIP telephony to supplement existing ISDN telephones
Destination
Requirements
Configuring the LANCOM
Assigning external MSNs to internal telephone numbers
Configuring the VoIP terminal equipment
Configuring the ISDN telephones
Connecting to an upstream SIP PBX
Destination
Requirements
Configuring the LANCOM
Shared or user-dependent SIP PBX password
Configuring the VoIP terminal equipment
Automatic SIP user registration with the LANCOM and the SIP PBX.
Call routing procedure on outgoing calls
VoIP connectivity for locations without a SIP PBX
Destination
Requirements
Configuring the LANCOM
Configuring the VoIP terminal equipment
Call routing procedure on outgoing calls
The LANCOM VoIP Router at a P2P (point-to-point) connection
Objectives in implementing the LANCOM VoIP Router
Requirements
Configuring the LANCOM
VoIP:SIP trunkingSIP trunking
Objectives in implementing the LANCOM VoIP Router
Requirements
Configuring the LANCOM
Process of call routing
VoIP:Remote GatewayRemote gateway
Objectives in implementing the LANCOM VoIP Router
Requirements
Configuring the LANCOM
Call routing procedure on outgoing calls
Diagnosis of VoiP connections
SIP traces
Connection diagnosis with LANmonitor
Addition(s) to LCOS 7.80
Global settings, DiffServ for SIP & RTP
Addition(s) to LCOS 8.60
SIP ALG: Proxy for bypassing NAT in the router
SIP ALG: Basics
SIP ALG: Features
SIP ALG: Configuration
SIP ALG: Configuration by LANconfig
Additions to the Setup menu
SIP ALG
Operating
Additions to the Status menu
SIP ALG
Calls
Call ID
SIP destination address
SIP source address
SIP source port
WAN address
SIP WAN port
RTP destination address
RTP source port
RTP source address
RTP source port
RTP WAN port
Registrations
SIP-ID
Registrar domain
Registrar address
Client address
Client port
WAN address
WAN port
Register method
Expiration time
Operating
Restricting or preventing SIP registration over WAN connections
Additions to the Setup menu
Access from WAN
Lock minutes
Login errors
Additions to the Status menu
Local register
Addition(s) to LCOS 8.62
Default setting for WAN registration of a SIP user
Additions to the menu system
Access from WAN
Addition(s) to LCOS 8.80
Default setting for WAN registration of a SIP user
Additions to the menu system
Access from WAN
Addition(s) to LCOS 9.20
Signaling parallel calls in the ISDN
Signaling parallel calls in the ISDN
VoSIP support in the Voice Call Manager
SIP over TCP in the Voice Call Manager
DTMF signaling on All-IP connections
Configurable RTP port range in the Voice Call Manager
Allow SIP messages only from registrar
RADIUS
Addition(s) to LCOS 9.20
User-definable attributes in the RADIUS client
Automatic clean-up of access information on the RADIUS server
Vendor-specific RADIUS attribute "LCS-Routing-Tag"
High availability – backup solutions
High availability for networks
How is a network-connection disturbance detected?
PPP LCP echo monitoring
ICMP polling
Dead peer detection (DPD)
High-availability of lines – backup connections
Configuration of the backup connection
Triggering the backup connection
Return to the standard connection
Only keep-alive connections return automatically!
High-availability of gateways – redundant gateways with VPN load balancing
High-availability of the Internet access – Multi-PPPoE
Example applications
Backup DSL Internet access with ISDN internet access
Backup dynamic VPN network coupling with an ISDN direct dial up connection
Redundant VPN gateways
Backup a VPN gateway with an ISDN gateway and RIP
Backup Solutions and Load Balancing with VRRP
Introduction
Virtual Router Redundancy Protocol
Virtual and physical routers
Address assignment via DHCP with more than one DHCP server in the LAN
Device, connection or remote station backup
Router ID defines "standby groups“
The Priority System
Backup chains
Set the hold time to "9999" for connections to the Internet provider (in the corresponding name list) and backed-up VPN connections (in the VPN connection list) to ensure that the connection is automatically reestablished and resumes data transfer after interruption.
Connection establishment
Application scenarios
Backup solution with VRRP
Load Balancing
Example application: Secure Internet access via two DSL/ISDN combination routers
Interaction with internal services
ARP
ICMP
DHCP
DNS server
NBNS/NetBIOS proxy
RIP
NTP
Other services
VRRP in the WAN
Same IP and MAC addresses
Routing protocols
Configuration
Status Information
Addition(s) to LCOS 9.10
High availability clustering
Automatic configuration synchronization (Config Sync) with the LANCOM WLC High Availability Clustering XL option
Automatic configuration synchronization (Config Sync) with the LANCOM VPN High Availability Clustering XL option
Setting up configuration synchronization
1-Click WLC High Availability Clustering Wizard
Additions to the Status menu
1.11.51 Sync
1.11.51.1 State
1.11.51.2 New cluster
1.11.51.2.1 Name
1.11.51.2.2 Cluster members
1.11.51.2.2.2 ID
1.11.51.2.2.3 Address
1.11.51.2.2.4 This device
1.11.51.2.3 Menu nodes
1.11.51.2.3.2 ID
1.11.51.2.3.3 Path
1.11.51.2.3.4 SNMP OID
1.11.51.2.3.5 Index columns
1.11.51.2.4 Ignored rows
1.11.51.2.4.2 ID
1.11.51.2.4.3 Path
1.11.51.2.4.4 SNMP OID
1.11.51.2.4.5 Index columns
1.11.51.2.5 State
1.11.51.2.6 Info
1.11.51.2.7 Home
1.11.51.3 Cluster time
1.11.51.4 Local configuration
1.11.51.4.1 Detected modifications
1.11.51.4.1.2 Detected at
1.11.51.4.1.4 Path
1.11.51.4.1.5 Type
1.11.51.4.1.6 Value
1.11.51.4.2 Applied modifications
1.11.51.4.2.2 Applied at
1.11.51.4.2.4 Path
1.11.51.4.2.5 Type
1.11.51.4.2.6 Value
1.11.51.4.2.7 Result
1.11.51.5 Running cluster
1.11.51.5.1 ID
1.11.51.5.2 Name
1.11.51.5.3 Cluster members
1.11.51.5.3.2 ID
1.11.51.5.3.3 Address
1.11.51.5.3.4 This device
1.11.51.5.4 Menu nodes
1.11.51.5.4.2 ID
1.11.51.5.4.3 Path
1.11.51.5.4.4 SNMP OID
1.11.51.5.4.5 Index columns
1.11.51.5.5 Ignored rows
1.11.51.5.5.2 ID
1.11.51.5.5.3 Path
1.11.51.5.5.4 SNMP OID
1.11.51.5.5.5 Row index
1.11.51.6 Config history
1.11.51.6.1 Snapshot received at
1.11.51.6.2 Snapshot timestamp
1.11.51.6.3 Snapshot
1.11.51.6.3.2 Path
1.11.51.6.3.3 Value
1.11.51.6.4 Modifications
1.11.51.6.5 Renew snapshot
1.11.51.7 Replicas
1.11.51.7.2 ID
1.11.51.7.3 Address
1.11.51.7.4 Resolved address
1.11.51.7.5 Connection state
1.11.51.7.6 State
1.11.51.7.7 Cluster time
1.11.51.7.8 Last message received at
1.11.51.7.10 Last update received at
1.11.51.7.12 Last message sent at
Additions to the Setup menu
2.11.15.10 Config Sync
2.11.51 Sync
2.11.51.1 Operating
2.11.51.2 New cluster
2.11.51.2.1 Name
2.11.51.2.2 Cluster members
2.11.51.2.2.1 Idx.
2.11.51.2.2.2 Address
2.11.51.2.3 Menu nodes
2.11.51.2.3.1 Idx.
2.11.51.2.3.2 Include
2.11.51.2.3.3 Path
2.11.51.2.3.4 SNMP OID
2.11.51.2.4 Ignored rows
2.11.51.2.4.1 Idx.
2.11.51.2.4.2 Row index
2.11.51.2.4.3 Path
2.11.51.2.4.4 SNMP OID
2.11.51.2.5 Home
2.11.51.3 TLS connections
2.11.51.3.1 Port
2.11.51.3.2 Loopback address
2.11.51.4 Renew snapshot
2.11.51.4.1 Modification limit
2.11.51.4.2 Kept modifications
2.11.51.4.3 Renew snapshot
2.11.51.5 Local configuration
2.11.51.5.1 Detected modifications
2.11.51.5.2 Applied modifications
Office communication with LANCAPI
What are the advantages of LANCAPI?
The client and server principle
Configuring the LANCAPI server
Configuration with LANconfig
Configuration of WEBconfig
Installing the LANCAPI client
Configuration of the LANCAPI clients
How to use the LANCAPI
The LANCOM Systems CAPI FaxmodemCAPI Faxmodem
Installation
Faxing with the CAPI Faxmodem
Faxing under Windows XP and Windows 2000
LANCOM Faxmodem option
Provided B channel protocols
More services
Automatic IP address administration with DHCP
Introduction
DHCP server
DHCP relay
BOOTP
Configuring DHCP parametersLANconfig
Activating/deactivating a DHCP server for specific logical interfaces
Configuring DHCP networks
Configuring the assignment of fixed IP addresses to specific clients
Configuring DHCP parameters with telnet or WEBconfig
General DHCP settings
Alias list
DHCP table
Hosts table
Network list
Port table
Additional options
DHCP relay server
DNS resolution of names learned via DHCP
Configuring clients
Checking IP addresses in the LAN
Addition(s) to LCOS 7.80
DHCP cluster
Introduction
Configuration
DHCP options with LANconfig
Addition(s) to LCOS 8.00
Alternative DHCP server for forwarding
Introduction
Configuration
Addition(s) to LCOS 8.80
Displaying status information from the DHCP server
Vendor Class and User Class Identifier
DNS
What does a DNS server do?
How does the DNS server react to the request?
DNS forwarding
Special DNS forwarding
General DNS forwarding
Setting up the DNS server
URL blocking
Dynamic DNS
How to deposit the current IP address at the Dynamic DNS server?
Addition(s) to LCOS 8.82
DNS forwarding configurable per ARF context
Advanced Routing and Forwarding (ARF)
Routing tags for DNS forwarding
Additions to the Setup menu
Rtg-Tag
Rtg-Tag
Rtg-Tag
Rtg-Tag
Accounting
Configuring accounting
Snapshot configuration
Call charge managementCall charge:limit
Connection limits for DSL and cable modem
Charge-basedCharge limiting ISDN connection limits
Time dependent ISDN connection limit
Settings in the charge module
Time server for the local net
Configuration of the time server under LANconfig
Configuration of the time server with WEBconfig or Telnet
Configuring the NTP clients
User-defined daylight-saving time change
Scheduled Events
Regular Execution of Commands
CRON jobs with time delay
Configuring the CRON job
PPPoE Servers
Introduction
PPPoE can only be used on a network segment.
Example application
Configuration
Remote bridge
RADIUS
How RADIUS works
Configuration of RADIUS as authenticator or NAS
General settings
RADIUS accounting
Dial-in using PPP and RADIUS
Dial-in using WLAN and RADIUS
Dial-in using a public spot and RADIUS
Dial-in using 802.1x and RADIUS
Configuring RADIUS as server
RADIUS server parameters
WLAN access list as a basis for RADIUS information
Addition(s) to LCOS 7.70
Restarting RADIUS accounting
Addition(s) to LCOS 8.84
Targeted (de)activation of RADIUS user accounts
Additions to the Setup menu
Active
Login to the LCOS administration interface via RADIUS
Login to the LCOS administration interface via RADIUS
Additions to the Setup menu
Authentication
Authentication
Radius
Server
Name
Server
Port
Protocol
Loopback address
Secret
Backup
Category
Access rights transfer
Accounting
Enhancements to LANconfig
Login to the LCOS administration interface via RADIUS
Separate RADIUS accounting server for each SSID
Additions to the Setup menu
Servers
Name
Server address
Port
Key
Loopback addr.
Protocol
Backup
Accounting server
Addition(s) to LCOS 9.00
Dual-Stack Lite (DS-Lite)
Additions to the Status menu
1.81 DS-Lite
1.81.1 Rx-Packets
1.81.2 Tx-Packets
1.81.3 Queue error
1.81.4 Connections
1.81.4.1 Remote site
1.81.4.2 State
1.81.4.3 Last error
1.81.4.4 IPv4 address
1.81.4.5 phys. conn.
1.81.4.6 AFTR-Name
1.81.4.7 AFTR-IPv6-Address
1.81.4.8 Conn. time:
1.81.5 Tunnel
1.81.6 Tunnel
Additions to the Setup menu
2.2.40 DS-Lite-Tunnel
2.2.40.1 Name
2.2.40.2 Gateway address
2.2.40.3 Rtg tag
IPv6 support for RAS services
RAS interfaces
Prefix pools
Additions to the Setup menu
2.70.14 RAS-Interface
2.70.14.1 Interface name
2.70.14.2 Rtg tag
2.70.14.3 Interface status
2.70.14.4 Forwarding
2.70.14.5 Firewall
2.70.14.6 DaD attempts
2.70.14.7 Remote site
2.70.14.8 Comment
2.70.2.6 Prefix pools
2.70.2.6.1 Interface name
2.70.2.6.2 Start-Prefix-Pool
2.70.2.6.3 End-Prefix-Pool
2.70.2.6.4 Prefix length
2.70.2.6.5 Adv.-OnLink
2.70.2.6.6 Adv.-Autonomous
2.70.2.6.7 Adv.-Pref.-Lifetime
2.70.2.6.8 Adv.-Valid-Lifetime
RADIUS attribute extensions for IPv6 RAS services
Loopback addresses for IPv6
Loopback addresses
Additions to the Setup menu
2.70.4.3 Loopback
2.70.4.3.1 Name
2.70.4.3.2 IPv6-Loopback-Addr.
2.70.4.3.3 Rtg tag
2.70.4.3.4 Comment
Lightweight DHCPv6 relay agent (LDRA)
Additions to the Setup menu
2.20.41 DHCPv6-Snooping
2.20.41.1 Port
2.20.41.2 Orientation
2.20.41.3 Type
2.20.41.4 Remote ID
2.20.41.5 Interface-ID
2.20.41.6 Server address
Router advertisement snooping
Additions to the Setup menu
2.20.42 RA-Snooping
2.20.42.1 Port
2.20.42.3 Orientation
2.20.42.4 Router-Address
Addition(s) to LCOS 9.10
Comment field for RADIUS clients
Additions to the Setup menu
2.25.10.2 Clients
2.25.10.2.5 Comment
2.25.10.16 IPv6 clients
2.25.10.16.5 Comment
More attributes for RADIUS requests
Accounting status types "Accounting On" and "Accounting Off"
Accounting status types "Accounting On" and "Accounting Off"
Larger volume budgets in the RADIUS server and Public Spot
Additions to the Setup menu
2.25.10.7.12 Volume budget
2.25.10.7.22 Volume budget MByte
2.24.41.3.3 Volume budget
RADIUS server: Realm discovery for computer authentication
Additions to the Setup menu
2.25.10.17 Realm types
RADIUS client: Additional source ports for requests when necessary
Additional source ports for access requests
User-defined RADIUS attributes
RADIUS attributes configurable
Additions to the Setup menu
2.2.22.12 Attribute-Values
2.2.22.27 L2TP attribute values
2.11.81.1.9 Attribute-Values
2.12.29.18 Attribute-Values
2.12.29.19 Backup attribute values
2.12.45.17.9 Attribute-Values
2.24.3.15 Auth.-Attribute-Values
2.24.3.16 Acc.-Attribute-Values
2.25.10.3.15 Attribute-Values
2.25.10.3.16 Accnt.-Attribute-Values
2.30.3.9 Attribute-Values
Extensions to the RADIUS server
New authentication method
EAP authentication
RADIUS forwarding
RADIUS server parameters
Global settings for the RADIUS server
RADIUS clients
RADIUS user
Forwarding server
EAP options for the RADIUS server
Addition(s) to LCOS 7.80
XAUTH with external RADIUS servers
Addition(s) to LCOS 8.80
LCS WPA passphrase in the RADIUS server's user table
Configuration
Additions to the menu system
WPA passphrase
Addition(s) to LCOS 8.82
Input length for RADIUS forwarding destinations
Additions to the Setup menu
Realm
Backup
Default-Realm
Empty-Realm
Bandwidth allocation by RADIUS
Extensions to the RADIUS server
RADIUS user
Additions to the Status menu
Station table
RADSEC
Configuring RADSEC for the client
LANCOM as a RADIUS client
LANCOM as a RADIUS server
Certificates for RADSEC
Operating printers at the USBUSB connector of the LANCOM
Configuring the printer server in the LANCOM
Printer table
Access list:
Printer configuration at the computer
Addition(s) to LCOS 7.70
IGMP snooping
Introduction
IGMP snooping operation
IGMP snooping through multiple bridges
Configuration
General settings
Port settings
Static members
Simulated queriers
IGMP status
General statistics
Port status
Groups
Simulated queriers
TACACS+
Introduction
Configuring the TACACS+ parameters
Configuring the TACACS+ server
Login to the TACACS+ server
TACACS+ login via LANconfig
TACACS+ login via WEBconfig
TACACS+ login with telnet or SSH
Assigning rights under TACACS+
Authorizing functions
LANconfig
WEBconfig
Telnet/SSH
SNMP
Addition(s) to LCOS 7.80
Bypassing TACACS+
Introduction
Configuration
Addition(s) to LCOS 9.10
TACACS+ extension for the passwd command
Addition(s) to LCOS 8.00
Basic HTTP file server for LCOS 8.0
Introduction
Praparing the USB storage medium
Determine the mount point of the USB medium in the LCOS
Accessing the files on a USB medium
Supported content type
Directory structure
SSH client
Introduction
CLI arguments for the SSH client
Public keys for authentication
Creating SSH keys
Editing the files
The list of known SSH servers
The files ssh_id_rsa and ssh_id_dsa
Priorities for SSH authentication
Rights for operating the SSH client
LANCOM Content Filter
Introduction
Requirements for using the LANCOM Content Filter
Quick start
Standard settings in the LANCOM Content Filter
Firewall rule
Firewall action objects
Content filter profiles
Timeframe
Blacklist
Whitelist
Category profiles
General settings
Settings for blocking
Block-Text
Error-Text
Override settings
Override text
Profiles in the LANCOM Content Filter
Profiles
Blacklist addresses (URL)
Whitelist addresses (URL)
Category-Profiles
Options with the LANCOM Content Filter
Additional settings for the LANCOM Content Filter
Firewall settings for the content filter
Timeframe
Addition(s) to LCOS 8.50
Content filter for HTTPS pages
One-click override
URL to show on error
Loopback to use on error
Text
Text
Text
Addition(s) to LCOS 8.80
Concurrent user model in the content filter
General settings
New content filter category, Command/Control Server
Introduction
Additions to the menu system
Command/Control server
Addition(s) to LCOS 9.10
E-mail notification from the Content Filter
Additions to the Setup menu
2.41.2.2.9.2 E-mail
Addition(s) to LCOS 8.50
Bandwidth restriction of the LAN interfaces
Introduction
Additions to the menu system
LAN interfaces
Tx limit
Rx limit
Addition(s) to LCOS 8.80
LLDP
How it works
Structure of LLDP messages
Supported operating systems
Additions to the menu system
Additions to the Setup menu
LLDP
Management addresses
Network name
Port list
Ports
Name
Admin status
Notification
Admin status
TLVs-802.3
Maximum neighbors
Update source
TLVs-LCS
Protocol
Protocol
Port list
Notification interval
Operating
Message TX hold multiplier
Message TX interval
Reinit delay
Immediate delete
Tx delay
Addition(s) to LCOS 8.84
Sending and receiving SMS text messages
Receiving SMS text messages
Basic configuration of the SMS module
Managing SMS text messages with LANmonitor
Sending SMS text messages with LANmonitor
URL placeholder for sending SMS text messages
Character set for sending SMS
Additions to the Status menu
SMS
Inbox
Outbox
Inbox messages
Unread messages
Outbox messages
SMSC address
Clear inbox
Clear outbox
Mark read inbox
Additions to the Setup menu
SMS
SMSC address
Inbox size
Outbox size
Outbox preservation
Mail-Forward-Addr.
Syslog
Enhancements to command-line commands
SMS send command
Addition(s) to LCOS 9.00
Deactivating device LEDs – boot-persistent
Additions to the Setup menu
2.11.90 LED mode
2.11.91 LED-Off-Seconds
Comment box for CRON jobs
Configuring the scheduler
Additions to the Setup menu
2.11.20.12 Comment
LANCAPI disabled by default
Additions to the Setup menu
2.13.6.2 Active
DHCP snooping and DHCP option 82
Additions to the Setup menu
2.20.40 DHCP snooping
2.20.40.1 Port
2.20.40.2 Add-Agent-Info
2.20.40.3 Treat-Existing-Agent-Info
2.20.40.4 Remote ID
2.20.40.5 Circuit ID
Enabling LLDP with LANconfig
Wildcard certificates in the LANCOM Content Filter
Additions to the Setup menu
2.41.2.2.29 Wildcard
Addition(s) to LCOS 9.10
Smart certificates
Using smart certificates
Creating templates for certificate profiles
Creating a profile in LANconfig
Certificate creation with WEBconfig
Certificate management with WEBconfig
Managing certificates in LANmonitor
Creating certificates via URL-API
Tutorials
Setting up a CA and creating and using certificates for a VPN connection
Setting up a CA and creating and using certificates for a VPN connection with certificate rollout via SCEP
Additions to the Status menu
1.61.2 SCEP-CA
1.61.2.1 Certificates
1.61.2.1.1 Certificate status table
1.61.2.1.1.1 Index
1.61.2.1.1.2 Serial number
1.61.2.1.1.3 Status
1.61.2.1.1.4 Creation date
1.61.2.1.1.5 Ending time
1.61.2.1.1.6 Revocation time
1.61.2.1.1.7 Revoke reason
1.61.2.1.1.8 MAC address
1.61.2.1.1.9 Name
1.61.2.1.1.10 Profile name
1.61.2.1.2 Revoke certificate
1.61.2.1.3 Set certificate on hold
1.61.2.1.4 Declare certificate as valid again
1.61.2.2 Requests
1.61.2.2.1 Pending-Requests
1.61.2.2.1.1 Index
1.61.2.2.1.2 Transaction ID
1.61.2.2.1.3 MAC address
1.61.2.2.1.4 Name
1.61.2.2.1.5 IP address
1.61.2.2.1.6 PKI-Status
1.61.2.2.1.7 Reason
1.61.2.2.1.8 DN
1.61.2.2.1.9 Receive date
1.61.2.2.2 Issue certificate
1.61.2.2.3 Grant all certificates
1.61.2.2.4 Decline request
1.61.2.2.5 Deny all requests
1.61.2.2.6 Delete-pending-request
1.61.2.2.7 Delete-all-pending-requests
1.61.2.3 CA-Status
1.61.2.3.7 Log table
1.61.2.4 Web interface
1.61.2.4.1 Profiles
1.61.2.4.2 Template
Additions to the Setup menu
2.39.2.14 Web interface
2.39.2.14.1 Profiles
2.39.2.14.1.1 Profile name
2.39.2.14.1.2 Key usage
2.39.2.14.1.3 Extended key usage
2.39.2.14.1.4 RSA key length
2.39.2.14.1.5 Validity period
2.39.2.14.1.6 CA
2.39.2.14.1.7 Password
2.39.2.14.1.8 Country
2.39.2.14.1.9 Locality name
2.39.2.14.1.10 Organization
2.39.2.14.1.11 Organization unit name
2.39.2.14.1.12 State or province
2.39.2.14.1.13 E-mail
2.39.2.14.1.14 Surname
2.39.2.14.1.15 Serial number
2.39.2.14.1.16 Postal code
2.39.2.14.1.17 Template
2.39.2.14.1.18 Subject-Alternative-Name
2.39.2.14.2 Template
2.39.2.14.2.1 Name
2.39.2.14.2.2 Key usage
2.39.2.14.2.3 Extended key usage
2.39.2.14.2.4 RSA key length
2.39.2.14.2.5 Validity period
2.39.2.14.2.6 CA
2.39.2.14.2.7 Password
2.39.2.14.2.8 Country
2.39.2.14.2.9 Locality name
2.39.2.14.2.10 Organization
2.39.2.14.2.11 Organization unit name
2.39.2.14.2.12 State or province
2.39.2.14.2.13 E-mail
2.39.2.14.2.14 Surname
2.39.2.14.2.15 Serial number
2.39.2.14.2.16 Postal code
2.39.2.14.2.17 Subject-Alternative-Name
ISDN
Additions to the Status menu
1.33.2.2 PCM-SYNC-SOURCE
1.33.20 PCM-Switch
1.33.20.1 PCM connection
Prefer perfect forward secrecy (PFS) for connections
Additions to the Setup menu
2.11.29.6 Prefer PFS
2.21.40.7 Prefer PFS
2.25.10.10.19.6 Prefer PFS
2.25.20.5 Prefer PFS
Input field for DHCP options extended to 251 characters
Additions to the Setup menu
2.10.21.3 Option value
Addition(s) to LCOS 9.20
DHCP snooping: New variable for LAN MAC address
DHCP lease time per network
DHCP lease RADIUS accounting
DHCP lease RADIUS accounting
SNMPv3 support
Simple Network Management Protocol (SNMP)
SNMPv3 basics
Setting up SNMP with LANconfig
Configuring SNMP read-only access
Logging DNS queries with SYSLOG
Logging DNS queries with SYSLOG
Appendix
Error messages in LANmonitor
General error messages
VPN error messages
SNMP TrapSNMP Traps
Radio channels
Radio channels in the 2,4 GHz frequency band
Radio channels in the 5 GHz frequency band
Radio channels and frequency ranges for Indoor and Outdoor operating
RFCsRFCs supported
Glossary
Your browser does not support iframes.