Abstract

VPN stands for “VIRTUAL PRIVATE NETWORK”.

“VPN SYSTEM” as the name says is :

1) Network: topology where various hosts are physically connected to
each other.
2) Virtual: it ia virtual because hosts are not physically connected but,
connected virtually using WIRELESS Systems.
3) Private: it is private because all the clients feels as the whole network is
configured privately only for their usage which is actually not true.

Hence VPN system is combination of all the above three aspects of networking.

This VPN application is a complete solution for Clients specially using

distributive system environment where the Client keeps track of details
regarding his / her remote location sites/offices to the Head-office site.

This application can be used in two ways:

1) Point-to-Point: where there is direct link b/w two sites of client the service
provider has no interference in this type of connectivity.
2) Multi-Point: where there is connectivity of many clients from a particular
location all sharing some allotted bandwidth.

Using VPN connectivity Client can access directly to all remote location same
as they would have accessed it while physically present there.
 INTRODUCTION TO VPN

The World has changed a lot in the last couple of decades. Instead of
simply dealing with local or regional concerns, many businesses now have
to think about global markets and logistics. Many companies have
facilities spread out across the country or around the world, and there is
one thing that all of them need: A way to maintain fast, secure and reliable
communication wherever their offices are.

Virtual Private Network

Image courtesy Cisco Systems, Inc.

A typical VPN might have a main LAN at the corporate headquarters of a

company, other LANs at remote offices or facilities and individual users
connecting from out in the field.
Until fairly recently, this has meant the use of leased lines to maintain a Wide
Area Network (WAN). Leased lines, ranging from ISDN (Integrated
Services Digital Network, 128 Kbps) to OC3 (Optical Carrier-3, 155 Mbps)
fiber, provided a company with a way to expand its private network beyond
its immediate geographic area. A WAN had obvious advantages over a public
network like the Internet when it came to reliability, performance and
security. But maintaining a WAN, particularly when using leased lines, can
become quite expensive and often rises in cost as the distance between the
offices increases.

As the popularity of the Internet grew, businesses turned to it as a means of

extending their own networks. First came Intranets, which are password-
protected sites designed for use only by company employees. Now, many
companies are creating their own VPN (virtual private network) to
accommodate the needs of remote employees and distant offices.

Basically, a VPN is a private network that uses a public network (usually the
Internet) to connect remote sites or users together. Instead of using a dedicated,
real-world connection such as leased line, a VPN uses "virtual" connections
routed through the Internet from the company's private network to the remote
site or employee. In this article, you will gain a fundamental understanding of
VPNs, and learn about basic VPN components, technologies, tunneling and
security.
WHAT MAKES A VPN ?

A well-designed VPN can greatly benefit a company. For example, it can:

• Extend geographic connectivity

• Improve security
• Reduce operational costs versus traditional WAN
• Reduce transit time and transportation costs for remote users
• Improve productivity
• Simplify network topology
• Provide global networking opportunities
• Provide telecommuter support
• Provide broadband networking compatibility
• Provide faster ROI (return on investment) than traditional WAN

What features are needed in a well-designed VPN? It should incorporate:

• Security
• Reliability
• Scalability
• Network management
• Policy management
 TYPES OF VPN

Examples of the three types of VPN

There are in general two types of VPN:

1) Remote Access
VPN 2) Site-to-Site
VPN

SITE-TO-SITE VPN is further classified as:

1) INTERNET VPN
2) INTRANET VPN
Remote Acces VPN

Remote-access, also called a virtual private dial-up network (VPDN), is a

userto-LAN connection used by a company that has employees who need to
connect to the private network from various remote locations.

Typically, a corporation that wishes to set up a large remote-access VPN will

outsource to an Enterprise Service Provider (ESP). The ESP sets up a Network
Access Server (NAS) and provides the remote users with desktop client software
for their computers. The telecommuters can then dial a toll-free number to reach the
NAS and use their VPN client software to access the corporate network.

Site-to-Site VPN

Through the use of dedicated equipment and large-scale encryption, a company can
connect multiple fixed sites over a public network such as the Internet. Site-to-site
VPNs can be one of two types:
• Intranet-based - If a company has one or more remote locations that they
wish to join in a single private network, they can create an intranet VPN to
connect LAN to LAN.
• Extranet-based - When a company has a close relationship with another
company (for example, a partner, supplier or customer), they can build an
extranet VPN that connects LAN to LAN, and that allows all of the
various companies to work in a shared environment.
VPN SECURITY

As we know that security is very important for any system in such way VPN system
is also uses many security techniques. A well-designed VPN uses several methods
for keeping your connection and data secure:

• Firewalls
• Encryption
• IPSec
• AAA Server

FIREWALLS

A Firewall provides a strong barrier between your private network and the Internet.
You can set firewalls to restrict the number of open ports, what type of packets are
passed through and which protocols are allowed through. Some VPN products, such
as CISCO 1700 series router, can be upgraded to include firewall capabilities by
running the appropriate Cisco IOS on them. You should already have a good
firewall in place before you implement a VPN, but a firewall can also be used to
terminate the VPN sessions

ENCRYPTION
Encryption is the process of taking all the data that one computer is sending to
another and encoding it into a form that only the other computer will be able to
decode. Most Computer encryption techniques belong to one of two categories:

• Symmetric-key encryption
• Public-key encryption
•

In symmetric-key encryption, each computer has a secret key (code) that it can
use to encrypt a packet of information before it is sent over the network to another
computer. Symmetric-key requires that you know which computers will be talking
to each other so you can install the key on each one. Symmetric-key encryption is
essentially the same as a secret code that each of the two computers must know in
order to decode the information. The code provides the key to decoding the
message. Think of it like this: You create a coded message to send to a friend in
which each letter is substituted with the letter that is two down from it in the
alphabet. So "A" becomes "C," and "B" becomes "D". You have already told a
trusted friend that the code is "Shift by 2". Your friend gets the message and
decodes it. Anyone else who sees the message will see only nonsense.

Public-key encryption uses a combination of a private key and a public key. The
private key is known only to your computer, while the public key is given by your
computer to any computer that wants to communicate securely with it. To decode
an encrypted message, a computer must use the public key, provided by the
originating computer, and its own private key. A very popular public-key
encryption utility is called Pretty Good Privacy (PGP), which allows you to
encrypt almost anything. You can find out more about PGP at thr PGP site.
 IPSec

Internet Protocol Security Protocol (IPSec) provides enhanced security features

such as better encryption algorithms and more comprehensive authentication.
 Photo courtesy Cisco Systems, Inc.
A remote-access VPN utilizing IPSec

IPSec has two encryption modes: tunnel and transport. Tunnel encrypts the header
and the payload of each packet while transport only encrypts the payload. Only
systems that are IPSec compliant can take advantage of this protocol. Also, all
devices must use a common key and the firewalls of each network must have very
similar security policies set up. IPSec can encrypt data between various devices,
such as:

• Router to router
• Firewall to router
• PC to router
• PC to server
AAA Servers

AAA (authentication, authorization and accounting) servers are used for more
secure access in a remote-access VPN environment. When a request to establish a
session comes in from a dial-up client, the request is proxied to the AAA server.
AAA then checks the following:

• Who you are (authentication)

• What you are allowed to do (authorization)

• What you actually do (accounting)

The accounting information is especially useful for tracking client use for security
auditing, billing or reporting purposes.
 CONCEPT OF TUNNELING

Most VPNs rely on tunneling to create a private network that reaches across the
Internet. Essentially, tunneling is the process of placing an entire packet within
another packet and sending it over a network. The protocol of the outer packet is
understood by the network and both points, called tunnel interfaces, where the
packet enters and exits the network.

Tunneling requires three different protocols:

• Carrier protocol - The protocol used by the network that the information
is travelling over

• Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP)

that is wrapped around the original data

• Passenger protocol - The original data (IPX, NetBeui, IP) being carried

Tunneling has amazing implications for VPNs. For example, you can place a packet
that uses a protocol not supported on the Internet (such as NetBeui) inside an IP
packet and send it safely over the Internet. Or you could put a packet that uses a
private (non-routable) IP address inside a packet that uses a globally unique IP
address to extend a private network over the Internet.
 A Tunneling Demonstration

Site-to-Site Tunneling

In a site-to-site VPN, GRE (generic routing encapsulation) is normally the

encapsulating protocol that provides the framework for how to package the
passenger protocol for transport over the carrier protocol, which is typically
IPbased. This includes information on what type of packet you are encapsulating
and information about the connection between the client and server. Instead of
GRE, IPSec in tunnel mode is sometimes used as the encapsulating protocol.
IPSec works well on both remote-access and site-to-site VPNs. IPSec must be
supported at both tunnel interfaces to use

Remote-Access Tunneling
In a remote-access VPN, tunneling normally takes place using PPP. Part of the
TCP/IP stack, PPP is the carrier for other IP protocols when communicating over
the network between the host computer and a remote system. Remote-access VPN
tunneling relies on PPP.

Each of the protocols listed below were built using the basic structure of PPP and
are used by remote-access VPNs.

• L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any

authentication scheme supported by PPP.
• PPTP (Point-to-Point Tunneling Protocol) - PPTP was created by the
PPTP Forum, a consortium which includes US Robotics, Microsoft,
3COM, Ascend and ECI Telematics. PPTP supports 40-bit and 128-bit
encryption and will use any authentication scheme supported by PPP.
• L2TP (Layer 2 Tunneling Protocol) - L2TP is the product of a partnership
between the members of the PPTP Forum, Cisco and the IETF (Internet
Engineering Task Force). Combining features of both PPTP and L2F,
L2TP also fully supports IPSec.
L2TP can be used as a tunneling protocol for site-to-site VPNs as well as
remote-access VPNs. In fact, L2TP can create a tunnel between:
• Client and router
• NAS and router
• Router and router
 The truck is the carrier protocol, the box is the
encapsulating protocol and the computer is the
passenger protocol.

Think of tunneling as having a computer delivered to you by UPS. The vendor

packs the computer (passenger protocol) into a box (encapsulating protocol) which
is then put on a UPS truck (carrier protocol) at the vendor's warehouse (entry
tunnel interface). The truck (carrier protocol) travels over the highways (Internet)
to your home (exit tunnel interface) and delivers the computer. You open the box
(encapsulating protocol) and remove the computer (passenger protocol). Tunneling
is just that simple!
DELHI INTER POP CONNECTIVITY
 LIFE CYCLE OF VPN CONNECTIVITY

1. CUSTOMER REQUIRMENT.

2. SURVEY

3. ANALYSIS BY PROJECT TEAM

 4. LINK INSTALLATION BY ENGG.

5. TUNNEL CREATION BY NOC (NETWORK OPERATION CONTROL)

6. LOAD TESTING & CUSTOMER ACCEPTANCE

Customer Requiremet
Every system has a life cycle so as that VPN too have a life cycle the life cycle of any
VPN begins with customer requirement face. Generally the requirement of the
customer is of two types

a) If a company has one or more remote locations that they wish to join in a
single private network, they can create an intranet VPN to connect LAN to LAN

b) When a company has a close relationship with another company (for example,
a partner, supplier or customer), they can build an extranet VPN that connects LAN
to LAN, and that allows all of the various companies to work in a shared
environment.

Depending on the requirement tulip send its sales person for further queries. Like
that of the bandwidth required, what kind of data transfer will it be voice or simple
file transfer, or he wants to run a application like SAP or other. Sales officer tells the
approximations of the link installation. And he forwards a report to the back office
for the survey report. Then afterwards the project manager decides the team size to
implement the different links .

After this team is decided which includes engineers and riggers .

CASE STUDIES OF WORK PERFORMED IN INDUSTRIAL TRAINING AT

TULIP TELECOM LIMITED.
SUBMITTED BY: PRAVESH
 CASE STUDIES

The following is the CASE STUDIES of the various work performed in the
period of Industrial Training (w.e.f 08 ) at TULIP TELECOM LIMITED.

The followed is the details of all the work performed at both client as well as
Tulip Side.

The work at TULIP is of following types :

1) New Installation.
2) Trouble-Shooting the installed Link at Client Side.
3) Inspection of the CPE (Client Premises Equipments).

4) VOIP PHONES
5) VIDEO CONFRENSING
New Installation :

New installation includes installing all the equipments i.e 1)

Subscriber Premises Radio (SPR) / Modem.

2) Router (CISCO or HUEWII mainly)

3) Power Over Ethernet (PoE)
4) Antenna and Feeder(2.7MHz or 5.3 MHz)
TROUBLE-SHOOTING :

Trouble-shooting includes the checking of the system and diagnosing the

reasons for the fault which causes the malfunctioning the link at client side.

There can be many reasons of malfunctioning of the link at client side. Some of
them is specified below:

1) Wireless connectivity affected due to bad alignment of the antenna because

the Wireless System work on Radio Frequency (RF) which uses LINE -
OF-SIGHT for connectivity.

2) There can be seepage of water in Pictal which causes carbon deposition on

the pin of cable hence disconnecting the link.

3) Frequency Interference.
4) Conflicting IP.
5) Cable Breakage and Hanging of Equipments due to Bad Environmental
Condition.

INSPECTION OF CPE :

Inspection includes checking the Client Side Equipments (CPE) regularly for
their better working of Link.
Following is the work done while performing inspection at client site :

1) The inspection procedure includes checking the earthing voltage at client

premises.

2) Checking the condition of equipments whether the are well maintained or

not.

3) Checking the bandwidth given to the client and IP Schema of the client.

4) Checking whether the physical topology of the equipments is as per the

Network Diagram i.e. First Modem, than Router, than to switch and
finally towards the LAN.
FIREPRO WIRELESS MODEMS

Firepro is an emerging leader of Point-to-Multipoint (PtMP) Fixed

Firepro deliver Point-to-Multipoint and point-to-point solutions for both licensed

and unlicensed spectrums. We also provide breakthrough in self-install, scalability,
Non-Line-Of-Sight (NLOS) coverage, State of the art QoS, Video, VoIP and various
other applications.....

Multiple Configuration Options

Supports Multiple Applications
Modular Design
Dual Band Radio
WINBOX : SOFTWARE REQUIRED FOR CONFIGURATION OF FIREPRO
MODEM
CONFIGURATION:

THIS IMAGE SHOWS ALL THE CONFIGURATION OF THE MODEM

BANDWIDTH

THIS IMAGE REPRESENTS THE BANDWIDTH OF THE MODEM

 Link installation

Based on the survey report recommendation link installation phase begins in

following steps

1. Type of modem to be used.

2. Antenna required

Installation of Airspan Modem

BSR

The BSR, installed at the Base Station, is an encased outdoor radio module providing
a 9 pin D-type port for

RS-232 serial interface and a 15 pin D-type port for data, synchronization, and
power interfaces. The BSR is available in two models: BSR with an integral antenna
(BSR 900 MHz TDD V-pol); BSR with two N-type ports
(displayed below) for attaching up to two external antennas (BSR 900 MHz TDD
Dual Ext).
SPR

The SPR is an encased CPE outdoor radio module providing access to a 15 pin
Dtype port for Ethernet, serial, and power interfaces. The SPR model is available in
two models: SPR with an integral antenna (SPRL

900MHz TDD V-pol) and SPR with an N-type port for attaching an external antenna
(SPR 900MHz TDD Ext).

Site preparation and planning

When preparing and planning the site, ensure the following:

1. Minimum obstructions (e.g. buildings) in the radio path between the Base
Station radio (i.e. BSR) and the subscriber radios (i.e. SPR/IDR).

2. Minimum incursions on Fresnel Zone (recommended minimum of 60%

clearance of first Fresnel Zone).

-Minimum multipath fading: Some of the transmitted signals may be reflected from
a nearby building, by water under the signal path, or from any other reflectors. This
reflected ("bounced") signal can then be received by the radio receiving the signal
and superimposed on the main received signal, thereby, degrading the signal
strength. Airspan recommends installing the outdoor radios at the rear of the
building’s roof instead of the front. When you install at the rear, the front of the
building blocks incoming signals from multipath reflections.

- Clean frequencies selected from Spectrum Analyzer results (see Chapters 9 and 13).

- Maximum received signal strength (RSS) at CPE by antenna alignment: For the
IDR, RSS can be
measured by the IDR's built-in RSS LEDs; for the SPR, RSS can be measured by
Airspan’s WipConfig program or by connecting Airspan's
RSS LED Plug Adapter.
- Radios are mounted as far as possible from sources of interference that could
degrade performance of radio. Ensure a minimum of 1-meter separation between co-
located outdoor units. Radios mounted as high as possible to avoid obstructions and
to increase link quality.

-BSR and SPR/IDR are within maximum range of reception.

-Maximum length of 100 meters CAT-5 cable connecting outdoor radio units to
indoor terminating units.
- Sufficient wiring conduit and cable ties to channel and protect the CAT 5 cable
connecting the outdoor radio to the indoor hub/switch.

- Required power source is available at the site.

External antenna consideration

In some scenarios, where capacity demand is relatively low, external omnidirectional
antenna use at the Base
Station may seem attractive. However, it is recommended to avoid using
omnidirectional antennas (ifpossible), due to the following disadvantages that these
antennas pose compared to directional antennas:

- Higher sensitivity to external interferences.

- Higher sensitivity to multipath, resulting in the following:

- The root mean square (RMS) delay spread at the Base Station is substantially
higher.

-Multipath interference at the CPE side (when using omni-directional antenna at the
Base Station) is substantially higher. In fact, when using an omni-directional
antenna, the existence of clear Fresnel
zone between BSR and SPR/IDR is insufficient to eliminate multipath interference,
since multipath, in this case, can be caused by reflections originating from obstacles
outside the Fresnel zone.

- Higher sensitivity to alignment. Since the omni-directional antenna gain is

achieved by narrowing the vertical beam width, a relatively low deviation in the
antenna alignment will result in severe signal attenuation

Transmit Power and Cable Loss

Airspan’s AS WipLL radios provide transmit power compensation for power
attenuation caused by cable loss(of cable connecting to external antenna). Cable loss
is the loss of radio transmit (Tx) power as heat, and directly proportional to cable
length and quality, and operating frequency. In accordance with FCC regulations,
when operating in unlicensed bands, the external antennas must provide an EIRP of
≤ 36 dBm to prevent

Interference with other radios. EIRP is defined as max. Power

To define BSR transmit power taking into consideration cable loss (using
WipManage):

1.In the BSR Zoom window, from the Configuration menu, point to RF, and then
choose Power Settings.
2. Ensure the Power Management Mode Active check box is cleared. On the Power
Level slide ruler, define the BSR’s maximum power level, e.g. 23 dBm.
3. In the Loss Compensation field, enter the power to compensate for power
attenuation due to cable length (i.e. cable loss compensation), e.g. 4 dB. 4. Click
Apply, and then reset the BSR to apply the new power settings.

Therefore, taking cable loss into consideration, the total power level of 27 dBm (23
plus 4) is achieved.
Mounting of out door Radio units

Pole Mounting

The BSR and SPR can be pole mounted to avoid radio wave obstructions between
BSR and SPR. The supplied pole-mounting bracket is designed to support the
BSR/SPR on a round pole of 45mm diameter.
To pole mount the BSR/SPR

1. Attach the mounting bracket to the BSR/SPR using two stainless steel bolts.

2. Attach the clamping bracket to the mounting bracket using two M8-stainless steel
bolts.

3. Attach the Clamping bracket to the pole by placing the two U-bolts around the
pole, and then inserting the U-bolt through the Clamping bracket and securing it
by screwing the two bolts on the U-bolt.

4. Adjust the vertical position of the BSR/SPR. Lock the BSR/SPR at the desired
position by inserting the locking bolt in the desired position. Once the correct
angle has been set both bolts must be tightened to lock the BSR/SPR bracket in
place.
5. Adjust the BSR/SPR horizontal position by rotating the BSR/SPR about the pole,
and then tightens the Ubolt.BSR/SPR positioning is obtained in two planes by
adjustment of the mounting bracket assembly as shown in the figure below.

Cabling
5
BSR-to-BSDU Cabling

The BSR interfaces with the provider’s backbone through the BSDU (or
SDA). The BSR connects to the BSDU using a CAT 5 cable. (The BSR-toSDA
cabling is the same as SPR-to-SDA cabling.

Cable connection

1. Connect the 15-pin D-type male connector to the BSR’s 15-pin port.

2. Connect the 15-pin D-type male connector, at the other end of the CAT 5 cable,
to one of the BSDU’s 15-pin D-type ports labeled BSR, located on the BSDU’s
rear panel.
SPR-to-SDA Cabling

The SPR interfaces with the subscriber’s Ethernet network (LAN) through the SDA.
The SPR connects to the SDA using a CAT 5 cable.

6
Cable connection

1. Connect the 15-pin D-type male connector, at one end of the CAT 5 cable, to the
SPR’s 15-pin port.
2. Connect the 15-pin D-type male connector, at the other end of the CAT 5 cable, to
the SDA’s 15-pinD-type
Software Installation

AS WipLL provides two main configuration and management tools: WipManage

and WipConfig. Before installing these tools, ensure that the following system
requirements are fulfill.

Hardware requirements:

1.CPU 400 MHz minimum (recommended 1,000 MHz or more)

2. RAM 256 MB (recommended 512 MB or more)
3.Display adapter memory 8 MB
4.Graphics 1024 x 768 (recommended 1024 x 768 or more)
5.Minimum free hard disk space 500 MB (recommended 2 GB or more)
6.Network adapter 10/100 Mbps

Software requirements – operating systems:

1.Microsoft™ Windows™ NT 4 work station (English only) SP 3.0 or higher

2.Microsoft™ Windows™ 2000 Professional
3.Microsoft™ Windows™ XP Professional

Initial Configuration

To successfully establish an air and network link between the BSR and SPRs/IDRs,
the following initial configuration settings (using WipConfig) must exist:
 1. Correct IP and subnet addresses configured (according to your network
addressing scheme)
2. Correct BSR's Air MAC address configured for BSR
3. Correct BSR's Air MAC address assigned to SPRs/IDRs
4. Identical frequency table configured for BSR and SPRs/IDRs
5. Identical maximum transmission rate configured for BSR and SPRs/IDRs
6. dentical mode (i.e. router or bridge) configured for BSR and SPRs/IDRs

Default settings:-
Airspan’s factory default settings for the AS WipLL devices are listed in the
following table:

BSR Initialization

To perform BSR initial configuration:

1. Connect the PC running WipConfig to the BSR using serial cabling.

2. Start WipConfig.
3. On the toolbar, in the Communication group, select the Serial option, and then click
the Connect button,WipConfig connects to the BSR.
4. Apply factory defaults to the BSR, by performing the following:
a. On the toolbar, click the Set Factory Default button; A Warning message box
appears.
b. Click Yes to confirm applying factory defaults to the BSR; A Warning message
box appears.
c. Click Yes to confirm BSR reset; WipConfig applies the default settings to the
SPR/IDR.
5. From the Mode drop-down list, select Bridge (i.e. for transparent bridge mode).
6. In the Network Configuration group, enter the following fields:
--Eth IP Address: enter the BSR’s IP address (e.g. 10.0.0.10)
--Eth Subnet Mask: enter the BSR’s subnet address (e.g. 255.255.255.0)
--Default Gateway: enter the BSR’s default gateway’s IP address if relevant

7. In the RF Configuration group, enter the following fields:

--Air MAC Address: enter the BSR’s Air MAC address (0x0000 through
0xFFFF), e.g. 0x1200
--Frequency Table ID: enter frequency table number used by BSR (0
through 63)
8. On the toolbar, click the Write button.
9. On the toolbar, click the Reset button to reset the BSR; A Warning message box
appears.
10. Click Yes to confirm BSR reset.

The figure below displays the BSR configured in the bridge mode.
SPR Initialization

To perform SPR/IDR initial configuration:

1. Connect the PC running WipConfig to the SPR/IDR using serial cabling.
2. Start WipConfig.
3. On the toolbar, in the Communication group, select the Serial option, and then
click the Connect button,WipConfig connects to the SPR/IDR.
4. Apply factory defaults to the SPR/IDR, by performing the following:
a. On the toolbar, click the Set Factory Default button; A Warning message box
appears.
b. Click Yes to confirm; A Warning message box appears.
c. Click Yes to confirm SPR/IDR reset; WipConfig applies the default settings
to the SPR/IDR.
5. From the Bridge Mode drop-down list, select Bridge (i.e. transparent bridge
mode).
6. In the Network Configuration group, enter the following fields:--Eth IP Address:
enter the SPR’s/IDR's IP address (e.g. 10.0.0.20)
--Eth Subnet Mask: enter the SPR’s/IDR's subnet address (e.g. 255.255.255.0)
--Default Gateway: enter the SPR’s/IDR's default gateway’s IP address, if
relevant

7. In the RF Configuration group, enter the following fields:

--Index in BSR: enter the SPR’s/IDR's index number to be indexed in the BSR,
e.g. 2
--BSR Air MAC Address: enter the BSR’s Air MAC address to which the
SPR/IDR is associated, e.g.
0x1200
8. On the toolbar, click the Write button to apply the new settings to the SPR/IDR.
9. On the toolbar, click the Reset button to reset the SPR/IDR. A Warning message
box appears.
10. Click Yes to confirm resetting the SPR/IDR.

The figure below displays the SPR/IDR configured in the bridge mode.
Analyzing the RF Spectrum

Before setting up your wireless link between Base Station and subscribers, Airspan
recommends analyzing the RF spectrum at the
Base Station to select only clear frequency channels (i.e. without interferences) for
building a frequency table for the wireless transmission.

Airspan recommends using frequencies that are approximately 28, 20, and 12 dB
above interference levels to effectively operate in 8- (4 Mbps/3 Mbps), 4-(2 Mbps),
and 2-level FSK (1.33 Mbps/1 Mbps), respectively.

Accessing the spectrum analyzer:-

You can access the Spectrum Analyzer through either a serial or an IP network
communication mode.

To access the Spectrum Analyzer:

1. Start WipConfig and then connect WipConfig to the BSR by performing one of the
following:
--Serial mode: on the toolbar, select the Serial option, and then click Connect.
--IP mode: on the toolbar, select the Network option, and then in the Remote
Agent field, enter the ASWipLL device's IP address, and then click Connect.

2. In the Outlook bar, click the Spectrum Analyzer button; A message box appears
informing you that the device will lose connection with all other devices.
3. Click OK.

Setting up the spectrum analyzer:-

Before you can start analyzing the spectrum, you need to define various parameters in
the Spectrum Analyzer.

To set up the Spectrum Analyzer:

1. Ensure the Setup tab (located in the top-right pane) is selected.

2. In the Refresh Rate field, enter the rate (in seconds) for polling the BSR/PPR. (The
default is 3 sec aximum is 3600 sec.)
3. In the Number of Sweeps group, select the option for scanning the frequency range:
--ngle: scans the spectrum only once
 --continuous: cyclically scans the spectrum (i.e. repetitively)
--Custom: you can define the number of sweeps (range is 0 through 1,000
sweeps)
4. To change the antenna gain, in the Antenna Gain field, enter the antenna gain. If
you want to restore the BSR’s default antenna gain, click the True Antenna Gain
Value button.

5. To define the frequency range for which you want to analyze, define the following
fields:
--Start Freq: frequency from where you want to scan (i.e. lower frequency)
--Stop Freq: frequency to where you want to scan (i.e. upper frequency)
Viewing Results:-

The Spectrum Analyzer results are plotted on the graph as well as displayed in the
Results table (to access the Results table simply click the Results tab).

The following measurements are displayed:

--Average received signal strength (RSS) per frequency (plotted white line on
the graph)
--Maximum hold received signal strength (RSS) per frequency (plotted yellow
line on the graph)
--Distance (in spectrum RF) that the BSR/PPR can establish a viable
communication link with another transmitter. This is displayed in the
TxRxOffset field.
 9

Configuring PC’s IP Address

To establish IP network connectivity between your PC running the NMS

(WipConfig or WipManage) and the AS WipLL devices, you need to configure your
PC's TCP/IP address settings in accordance with your AS

WipLL network's IP addressing scheme:

1.Define PC’s (i.e. Ethernet card) IP address so that it’s in same subnet as the
BSR/BSDU.

2.Configure PC’s default gateway with the IP address of the BSR, or with the IP
address of a router if oneexists between the PC and BSR.

To configure your PC’s IP address settings

1. On the Windows desktop, right-click My Network Places, and then from the
shortcut menu, choose
Properties; The Network and Dial-up Connections folder appears.
2. Right-click the desired connection, and then from the shortcut menu, choose
Properties; The Local Area
Connection Properties dialog box appears.
3. In the Components list, select Internet Protocol (TCP/IP), and then click
Properties; The Internet
Protocol (TCP/IP)

Properties dialog box appears:

4. Select the Use the Following IP Address option, and then enter the following
fields:
--IP Address: PC’s IP address, e.g. 10.0.0.2
--Subnet Mask: PC’s subnet mask address, which must be the same as the
BSR/BSDU (e.g.
255.255.255.0) so that the PC is in the same subnet as the BSR/BSDU
--Default Gateway: PC’s default gateway, which can be the BSR’s IP
address (e.g. 10.0.0.10), or if a
router exists behind the BSR, then the router’s IP address
5. Click OK.
10

Establishing Link Using WIP manage

Once you have initialized the BSR and SPR/IDR using WipConfig, you need to add
various WipManage elements to establish a viable air and network link between the
BSR and SPR/IDR.

Adding a BS group:- To
add a BS Group:

1. In the Database Tree, right-click , and then from the shortcut menu, choose
Add BS Group.

BS Group Add dialog box appears.

 2. In the Group Name field, enter a name for the BS Group, e.g. “Manhattan_1”,
and then click OK.

Adding a BS:-
You can now add a Base Station (BS) to the BS Group you added in the previous
subsection.

To add a BS:
1. In the Database Tree, click the (e.g. “Manahattan_1”) branch to which you want
to add the BS.
2. In the BSs Map view (in the right pane), right-click an empty area, and then
from the shortcut menu choose Add BS; The BS Add dialog box appears.
3. In the BS Name field, enter a name for the BS, e.g. “Times Square”, and then
click OK.
Adding a BSR

You can add up to six BSRs to each BSDU, allowing a maximum of 24 BSRs (6
BSRs x 4 BSDUs) per BS.
In our example, we need to add a BSR with IP address 10.0.0.10.

To add a BSR:
1. In the Database Tree, double-click the (e.g. “Times Square”) branch.

2. Right-click one of the six blue rectangles in the same row as the BSDU to which
you want to add the BSR, and then from the shortcut menu, choose Add BSR; The
BSR-Add dialog box appears.
3. In the Manage IP field, enter the BSR’s IP address, e.g. 10.0.0.10.
4. In the Get Community and Set Community fields, enter the SNMP community
rights.
5. Click OK.

The Permitted SPRs-Add dialog box appears.

2. In the IP Address field, enter the SPR’s/IDR's IP address (e.g. 10.0.0.20).

3. Click OK; The SPR index #2 icon appears green, as shown below, indicating that
a viable air and network link exists with the SPR/IDR. You can now manage the
SPR/IDR.
Testing BSR/SPR Network Link:-

You can test the BSR-SPR/IDR link by pinging the SPR/IDR from a PC located
behind the BSR.

To test the link by pinging:

1.From the PC (IP address 10.0.0.2) behind the BSR, open an MS-DOS prompt and
use the ping – t command to ping the SPR/IDR (IP address 10.0.0.20), e.g. ping
10.0.0.20 – t.

Installation of Radwin Modem

WinLink-1000 is a carrier-class, high capacity, Point-to-Point broadband wireless

transmission system. WinLink-1000 combines legacy TDM and Ethernet services
over 2.4GHz and 5.xGHz license-exempt bands and is suitable for deployment in
FCC, ESTI, or CSA regulated countries. The system provides up to 48 Mbps
wireless link and supports ranges of up to 80 km (50 miles).
Application

Figure 1-1 illustrates a typical point-to-point application of

two WinLink-1000 units.

Site A Si t e B
P Up to 80 km P BX
B (50 miles)
X

E 1 / T1 E 1/ T1
E1/ E 1 / T1
T1

1B0a/s1eT00 10/100 BaseT

WinLin k- WinLin k-
1000 1000

LAN LAN
Figure 1-1. Typical
Application
Features

Wireless Link

WinLink-1000 delivers up to 48 Mbps data rate for Ethernet and E1/T1 traffic. The
system supports a variety of spectrum bands and can be configured to operate in any
channel on the band with a carrier step resolution of 5 MHz.

WinLink-1000 operation complies with ETSI, CSA and the FCC 47CFR Part 15 and
subpart C and E requirements.

WinLink-1000 employs Time Division Duplex (TDD) transmission. This

technology simplifies the installation and configuration procedure. There is no
need to plan and to allocate separate channels for the uplink and downlink data
streams. Operation over 2.4GHz and 5.x GHz bands is not affected by harsh
weather conditions, such as fog, heavy rain etc.

LAN Interface
The WinLink-1000 LAN port provides 10/100BaseT interfaces with autonegotiation
and transparent VLAN support. Traffic handling is provided by a MAC-level self-
learning bridge.
TDM Interface

The WinLink-1000 TDM interface accepts E1 or T1 traffic, supporting the following:

• Unframed operation (E1 and T1)
• AMI and B8ZS zero suppression (T1).

Figure 1-2. WinLink-1000 Units

Installation and Setup

WinLink-1000 System

WinLink-1000 system comprises the following units:

Outdoor Unit (ODU): The ODU has 2 configurations: ODU with integrated
antenna and ODU with N-Type connector for connection to an external antenna.
Both ODU types have the same interface to the IDU. The ODU with integrated
antenna has an enclosed aluminum frame with a front sealed plastic cover,
containing an integrated transceiver with an antenna, RF module, modem and
standard interfaces.

ODU includes a power connector, which receives -48 VDC, and RJ-45 for Ethernet
traffic from the indoor unit (IDU).
The ODU is attached to a mast using a special mounting kit, which is supplied with the
unit.
Indoor Unit (IDU): There are two types of IDU cages. IDU-E that is a plastic
box of ½ x 19 in. and IDU-C that is based on a metal 19in. box address the
carrier-class applications. IDU is the interface unit between the ODU and the
user. It converts 100–
240 VAC to -48VDC, and feeds the ODU by it. The IDU does not store
any configuration data. Therefore, there is no need for additional
configuration of the WinLink-1000 system when replacing an IDU.

Site Requirements and Prerequisites

For the IDU, allow at least 90 cm (36 in) of frontal clearance for operating and
maintenance accessibility. Allow at least 10 cm (4 in) clearance at the rear of the unit
for signal lines and interface cables.
The ambient operating temperature should be –45 C to 60 C/-49 F to 140
F (ODU), or -5 C to 45 C/23 F to 113 F (IDU) at a relative
humidity of up to 90%, non-condensing.

Before starting the installation, use the Link Budget Calculator utility to calculate
expected performance of the link. You can vary parameter inputs to the calculator to
determine the optimum system configuration. The utility is described in

Package Contents

The WinLink-1000 packages include the following items:

ODU Package Containing:

• ODU

• Mast/Wall mounting kit plus mounting instructions

• Winlink-1000 Manager installation CD

IDU-E Package Contents:

• IDU-E
• 110V/240V adaptor

• IDU wall-mounting drilling template

• Spare RJ-45 connector

(Optional) IDU-C Package Contents:

• IDU-C

• For AC model, 110v/240 VAC with 3-prong connector cable

• For DC model, -48 VDC with 3-pin terminal block connector (green)

• IDU standard 1-U, 19” carrier rack

• Spare RJ-45 connector

External antenna (if ordered)

ODU/IDU Cable at length ordered (optional)

Installation and Setup

Physical installation of the WinLink-1000 system installation includes the following

steps:

1. Installing ODU at both sites of the link.

2. Installing ODU cable and connecting ODU to IDU at both sites.

3. Connecting power.

4. Installing the management program on the network management station.

5. Running the Installation wizard from the management program.

6. Aligning the ODUs.

WinLink-1000 with an external antenna
5.2 Mounting the ODU

The ODU is the transmitting and receiving element of the WinLink-1000 system. The
ODU can be mounted on a mast or a wall. In both installations, the supplied mounting
kit is used to secure the ODU.

An WinLink-1000 link operates in pairs of two WinLink-1000 systems with the

same configuration. Both systems must be installed, and the antennas of the
outdoor units must be aligned for maximum throughput.

TO MOUNT THE ODU

1. Verify that the ODU mounting brackets are properly grounded.

2. Attach the ODU unit to the mast. Refer to for the ODU mounting instructions.

3. Connect the ground cable to the chassis point on the ODU.

4. Attach the ODU cable to the RJ-45 connector. Refer to for the connector pinout.

5. Secure the cables to the mast or brackets using provided UV-rated cable ties.

6. Repeat the procedure at the remote site.

Connecting the ODU to the IDU

The ODU cable conducts all the user traffic between the IDU and the ODU. The
ODU cable also provides -48 VDC supply to the ODU. The maximum length for one
leg of the ODU cable is 100m (328 ft) in accordance with10/100BaseT standards.

ODU cable is supplied pre-assembled with RJ-45 connectors, at the length specified
when ordering. If the ODU cable was not ordered, use Cat. 5e shielded cable, the
wiring specifications are given in

1. Route the cable from the ODU location into the building, leaving some spare.
Secure the cable along its path.

2. Connect the ODU cable to the RJ-45 connector on the IDU panel designated
WAN. illustrates a typical panel of the IDU-E and IDU-C.

. IDUs connector panels

Connecting the Power

Power is supplied to WinLink-1000 via an external AC/DC converter,

which receives power from 110–240 VAC source and converts it to -
48

To connect the power IDU-E:

1. Connect the 2-pin plug of the AC/DC converter to the 2-pin DC power
connector on the IDU-E rear panel.
2. Connect the AC/DC converter 3-prong plug to mains outlet.

To connect the power for IDU-C:

For AC power model, connect the AC cable 3-prong plug to mains outlet.
For DC power model, connect to DC supply on the rack (male connector
for the terminal block is included).

Installing WinLink-1000 Management Software

WinLink-1000 management application is distributed on CD-ROM as an executable
file. The application has the following PC requirements:

WinLink-1000 Installation and Operation Manual

• Memory: 128 MB RAM

• Disk: 1 GB free hard disk space

• Processor: Pentium 3 or higher

• Network: 10/100BaseT NIC

• Graphics: Card and Monitor that supports 1024 768 screen resolution with
16
• bit color

• Operating system: Windows 2000/XP

 • Microsoft Explorer 5.01 or later.

To install the WinLink-1000 management program:

1. Insert the CD-ROM into your CD-ROM drive.

2. If the installation does not start automatically, run WinLink.exe from the CD-
ROM
drive.

3. Follow the on screen instructions of the installation wizard to complete setup of the
WinLink-1000 Management program in the desired location.

To perform initial setup:

1. Power up the site A IDU Wait about 1 minute.

2. Power up the site B IDU

3. Connect the management station to the LAN.

Any PC running the WinLink-1000 Management application can be used to

configure WinLink-1000 units.

To start WinLink manager

1. From the Start menu, point to Programs, point to WinLInk

Manager, and then click WinLink Manager.
The password/IP request dialog appears.
 Figure 2-3. Login Screen

2. Select the suitable option for the IP Address field:

Enter the IP address of the ODU — default value 10.0.0.120.
 Figure2-5. Main

Menu
Aligning the WinLink-1000 ODUs
Perform the WinLink-1000 ODU alignment using the Buzzers located inside the
ODUs. Alignment of a WinLink-1000 link must be performed by two people
simultaneously, at site A and at site B.

To align the ODUs via ODU Buzzer:

 1. Verify that power is connected to the IDUs at both sites.

Do not standin front of a live radio terminal.

Warning 2 . Align the site A ODU in the direction of the site B ODU.
3. Align the site B ODU in the direction of the site A ODU

4. Alternating between each site, turn each ODU slowly while

listening to the buzzer beep sequence for the Best Signal sound,
until optimal alignment is achieved.

5. Secure the site A and site B ODUs to the mast/wall.

6. Monitor the link quality for about 15 minutes to verify stability.

Installing the Link

Installation and definition of all parameters are applied to both sides of the link.

To install the link:

1. Verify that the management station is properly connected to the same LAN as the
IDU, and the WinLink Manager application is running.
2. In the toolbar, click the Link Installation button. The
Installation wizard open
 Figure . Link Installation Wizard

3. Click next to proceed with the Installation procedure.

Figure. Installation Wizard, System dialog box
 Notes 4. Enter a SSID (System ID) minimum of eight characters. The
ID is initially factory set.

Both sites of a link must always have the same number

5. Enter Link name for the link identification.

6. Enter a name for site 1.

7. Enter a name for site 2.

8. Click Next.
The Channel Select dialog box appears

Figure . Installation Wizard, Channel Select dialog box

9. Select the required operating channel.

The pull down list shows the ISM frequencies available.

The Manual option allows you a User defined channel, within the system
frequency band.
Selecting a new channel causes the system quality to change. The quality
bar shows the adjustment until the system finds the best quality link.
10. Click Next.

The Rate Select dialog box appears lists throughput rates and capacities.
.
 Figure 2-10. Installation Wizard, Rates dialog box

11. Select a suitable air interface rate according to the services required.

12. Click Evaluate.

13. A question box pops up, asking if you want to re-evaluate the link. Click Yes to
change the rate No to keep the existing rate.
Selecting a new rate causes the system quality to change. The quality bar
shows the adjustment until the system finds the best quality link.

14. Click Next.

The Service Parameters dialog box appears.

 Figure 2-11. Installation Wizard, Services dialog box
15. In the Service dialog box, select one of the following:

E1/T1 – Select the E1/T1 field, if you intend to transmit E1/T1 data andEthernet
data.The Ethernet BW field shows the remaining bandwidth in Mbpsavailable for
Ethernet. The available bandwidth depends on the number of E1/T1 ports selected.

Select the Ethernet field, if you intend to transmit Ethernet data only
16. Click Next
The Finish screen appears
 Figure 2-12. Installation Wizard, Finish Screen
17. Click Finish to complete the installation wizard.

When the wireless link is established between the site A and site B units, the
Link Status indication bar of the Main menu is within the green area.

18. Verify that the radio signal strength (RSS) in the Main menu is according to
expected results.

Connecting the User Equipment.

 The IDU-E is a standalone desktop, wall-mounted unit. This unit has both
front and rear panel connections.

The optional IDU-C is a standalone rackmounted unit. This unit has only
front panel connections.illustrates the typical panels of the IDUs.

Cisco Router Configuration

ROUTER AND ITS COMMANDS

There are various types of routers, but the best is delivered by the CISCO
Company. It has various types of series in itself, which is shown below :
1) THE 800
2) THE 1800

3) THE 2800
4) THE 3800

COMMANDS:
* Router# (type in config t)

Router(config)# (type in line vty 0 4)

Router(config-line)# (type in login)

Router(config-line)# (type in password VTY-Password-here)

This concludes setting your VTY Passwords!

(you can type in Ctrl-Z to go back to plain Enable Mode)
Router(config-line)# Ctrl-Z
Router#

Router>enable
Router#config
Router(config)#hostname N115-7206
N115-7206(config)#interface serial 1/1
N115-7206(config-if)ip address 192.168.155.2 255.255.255.0
N115-7206(config-if)no shutdown
N115-7206(config-if)ctrl-z
N115-7206#show interface serial 1/1
N115-7206#config
N115-7206(config)#interface ethernet 2/3
N115-7206(config-if)#ip address 192.168.150.90 255.255.255.0
N115-7206(config-if)#no shutdown
N115-7206(config-if)#ctrl-z
N115-7206#show interface ethernet 2/3
N115-7206#config
N115-7206(config)#router rip
 N115-7206(config-router)#network 192.168.155.0
N115-7206(config-router)#network 192.168.150.0
N115-7206(config-router)#ctrl-z
N115-7206#show ip protocols
N115-7206#ping 192.168.150.1
N115-7206#config
N115-7206(config)#ip name-server 172.16.0.10
N115-7206(config)#ctrl-z
N115-7206#ping archie.au
N115-7206#config
N115-7206(config)#enable secret password
N115-7206(config)#ctrl-z
N115-7206#copy running-config startup-config N115-
7206#exit

Cisco IOS Modes of Operation

The Cisco IOS software provides access to several different command

modes. Each command mode provides a different group of related
commands.
For security purposes, the Cisco IOS software provides two levels of access to
commands: user and privileged. The unprivileged user mode is called user
EXEC mode. The privileged mode is called privileged EXEC mode and
requires a password. The commands available in user EXEC mode are a
subset of the commands available in privileged EXEC mode.
The following table describes some of the most commonly used modes, how
to enter the modes, and the resulting prompts. The prompt helps you identify
which mode you are in and, therefore, which commands are available to you
Mode of Operation Usage How to Enter the Mode Prompt User EXEC
Change terminal settings on a temporary basis, perform basic tests, and list
system information. First level accessed. Router> Privileged EXEC System
administration, set operating parameters. From user EXEC mode, enter
enable password command Router# Global Config Modify configuration
that affect the system as a whole. From privileged EXEC, enter configure
terminal. Router(config)# Interface Config Modify the operation of an
interface. From global mode, enter interface type number. Router(config-if)#
Setup Create the initial configuration. From privileged EXEC mode, enter
command setup. Prompted dialog

User EXEC Mode:

When you are connected to the router, you are started in user EXEC mode.
The user EXEC commands are a subset of the privileged EXEC commands.
Privileged EXEC Mode:
Privileged commands include the following:
• Configure – Changes the software configuration.
• Debug – Display process and hardware event messages.
• Setup – Enter configuration information at the prompts.
Enter the command disable to exit from the privileged EXEC mode and
return to user EXEC mode.

Configuration Mode
Configuration mode has a set of submodes that you use for modifying
interface settings, routing protocol settings, line settings, and so forth. Use
caution with configuration mode because all changes you enter take effect
immediately.
To enter configuration mode, enter the command configure terminal and exit
by pressing Ctrl-Z.
Note:
Almost every configuration command also has a no form. In general, use the
no form to disable a feature or function. Use the command without the
keyword no to re-enable a disabled feature or to enable a feature that is
disabled by default. For example, IP routing is enabled by default. To
disable IP routing, enter the no ip routing command and enter ip routing to
re-enable it.

Getting Help
In any command mode, you can get a list of available commands by entering
a question mark (?).
Router>?
To obtain a list of commands that begin with a particular character sequence, type
in those characters followed immediately by the question mark (?).
Router#co?
configure connect copy
To list keywords or arguments, enter a question mark in place of a keyword
or argument. Include a space before the question mark.
Router#configure ?
memory Configure from NV memory network
Configure from a TFTP network host terminal
Configure from the terminal
You can also abbreviate commands and keywords by entering just enough
characters to make the command unique from other commands. For
example, you can abbreviate the show command to sh.
Configuration Files
Any time you make changes to the router configuration, you must save the
changes to memory because if you do not they will be lost if there is a system
reload or power outage. There are two types of configuration files: the
running (current operating) configuration and the startup configuration. Use
the following privileged mode commands to work with configuration files.

• configure terminal – modify the running configuration manually from the

terminal.
• show running-config – display the running configuration.
• show startup-config – display the startup configuration.
• copy running-config startup-config – copy the running configuration to the startup
configuration.
• copy startup-config running-config – copy the startup configuration to the running
configuration.
• erase startup-config – erase the startup-configuration in NVRAM.
• copy tftp running-config – load a configuration file stored on a Trivial File
Transfer Protocol (TFTP) server into the running configuration.
• copy running-config tftp – store the running configuration on a TFTP server.

IP Address Configuration

Take the following steps to configure the IP address of an interface.

Step 1: Enter privileged EXEC mode:
Router>enable password
Step 2: Enter the configure terminal command to enter global configuration mode.
Router#config terminal
Step 3: Enter the interface type slot/port (for Cisco 7000 series) or interface type
port (for Cisco 2500 series) to enter the interface configuration mode.
Example:
Router (config)#interface ethernet 0/1
Step 4: Enter the IP address and subnet mask of the interface using the
ip address ipaddress subnetmask command.
Example,
Router (config-if)#ip address 192.168.10.1 255.255.255.0
Step 5: Exit the configuration mode by pressing Ctrl-Z
Router(config-if)#[Ctrl-Z]

Routing Protocol Configuration

Routing Information Protocol (RIP)

Step 1: Enter privileged EXEC mode:

Router>enable password
Step 2: Enter the configure terminal command to enter global configuration
mode.
Router#config terminal
Step 3: Enter the router rip command
Router(config)#router rip
Step 4: Add the network number to use RIP and repeat this step for all the numbers.
Router(config-router)#network network-number
Example: Router(config-router)#network 192.168.10.0 Note:
To turn off RIP, use the no router rip command.
Router(config)#no router rip Other
useful commands
• Specify a RIP Version
By default, the software receives RIP version 1 and version 2 packets, but
sends only version 1 packets. To control which RIP version an interface
sends, use one of the following commands in interface configuration mode:
Command Purpose ip rip send version 1 Configure an interface to send only
RIP version 1 packets. ip rip send version 2 Configure an interface to send
only RIP version 2 packets. ip rip send version 1 2 Configure an interface to
send only RIP version 1 and version 2 packets.

To control how packets received from an interface are processed, use one of the
following commands:
Command Purpose ip rip receive version 1 Configure an interface to accept
only RIP version 1 packets. ip rip receive version 2 Configure an interface to
accept only RIP version 2 packets ip rip receive version 1 2 Configure an
interface to accept only RIP version 1 or 2 packets.

• Enable or Disable Split Horizon

Use one of the following commands in interface configuration mode:

no ip split-horizon Disable split horizon.

Command Purpose ip split-horizon Enable split horizon.

Open Shortest Path First (OSPF)

Step 1: Enter privileged EXEC mode:
Router>enable password
Step 2: Enter the configure terminal command to enter global configuration mode.
Router#config terminal
Step 3: Enter the router ospf command and follow by the process-id.
Router(config)#router ospf process-id
Pick the process-id which is not being used. To determine what ids
are being used, issue the show process command.
Router(config)#show process
Step 4: Add the network number, mask and area-id
Router(config-router)#network network-number mask area area-id
The network-number identifies the network using OSPF. The mask tells
which bits to use from the network-number, and the area-id is used for
determining areas in an OSPF configuration.

Example:
Router(config-router)#network 192.168.10.0 255.255.255.0 area
0.0.0.0
 Repeat this step for all the network numbers.
To turn off OSPF, use the following command.
Router(config)#no router ospf process-id

Other useful commands

• Configure OSPF Interface Parameters
You are not required to alter any of these parameters, but some interface parameters
must be consistent across all routers in an attached network.
In interface configuration mode, specify any of the following:

Command Purpose ip ospf cost cost Explicitly specify the cost of sending a
packet on an OSPF interface. ip ospf retransmit-interval seconds Specify the
number of seconds between link state advertisement retransmissions for
adjacencies belonging to an OSPF interface. ip ospf transmit-delay seconds
Set the estimated number of seconds it takes to transmit a link state update
packet on an OSPF interface. ip ospf priority number Set router priority to
help determine the OSPF designated router for a network. ip ospf
hellointerval seconds Specify the length of time, in seconds, between the
hello packets that a router sends on an OSPF interface. ip ospf dead-interval
seconds Set the number of seconds that a router’s hello packets must not
have been seen before its neighbors declare the OSPF router down. ip ospf
authentication-key password Assign a specific password to be used by
neighboring OSPF routers on a network segment that is using OSPF’s simple
password authentication.
Interior Gateway Routing Protocol (IGRP)

• Create the IGRP Routing Process

To create the IGRP routing process, use the following required commands starting
in global configuration mode.

Step Command Purpose 1 router igrp autonomous-system Enable an IGRP

routing process, which place you in router configuration mode. 2 network
network-number Associate networks with an IGRP routing process.
• Disable Holddown
The holddown mechanism is used to help avoid routing loop in the network, but
has the effect of increasing the topology convergence time.
To disable holddowns with IGRP, use the following command in router
configuration mode. All devices in an IGRP autonomous system must be
consistent in their use of holddowns.

Command Purpose No metric holddown Disable the IGRP holddown period.

• Enforce a Maximum Network Diameter
Define a maximum diameter to the IGRP network. Routes whose hop counts
exceed this diameter are not advertised. The default maximum diameter is
100 hops. The maximum diameter is 255 hops.

Use the following command in router configuration mode.

Command Purpose metric maximum-hops hops Configure the maximum network
diameter.
• To turn off IGRP, use the following command.
Router(config)#no router igrp autonomous-system

Tunneling

Most VPNs rely on tunneling to create a private network that reaches across
the Internet. Essentially, tunneling is the process of placing an entire packet
within another packet and sending it over a network. The protocol of the
outer packet is understood by the network and both points, called tunnel
interfaces, where the packet enters and exits the network.

Tunneling requires three different protocols:

A) Carrier protocol - The protocol used by the network that the information is
traveling over
B)Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP, L2TP) that is
wrapped around the original data

C)Passenger protocol - The original data (IPX, NetBeui, IP) being carried

Tunneling has amazing implications for VPNs. For example, you can place a
packet that uses a protocol not supported on the Internet (such as NetBeui)
inside an IP packet and send it safely over the Internet. Or you could put a
packet that uses a private (non-routable) IP address inside a packet that uses a
globally unique IP address to extend a private network over the Internet.

Tunneling: Site-to-Site

In a site-to-site VPN, GRE (generic routing encapsulation) is normally the

encapsulating protocol that provides the framework for how to package the
passenger protocol for transport over the carrier protocol, which is typically
IP-based. This includes information on what type of packet you are
encapsulating and information about the connection between the client and
server. Instead of GRE, IPSec in tunnel mode is sometimes used as the
encapsulating protocol. IPSec works well on both remote-access and site-
tosite VPNs. IPSec must be supported at both tunnel interfaces to use.

Tunneling: Remote-Access
In a remote-access VPN, tunneling normally takes place using PPP. Part of
the TCP/IP stack, PPP is the carrier for other IP protocols when
communicating over the network between the host computer and a remote
system. Remote-access VPN tunneling relies on PPP. Each of the protocols
listed below were built using the basic structure of PPP and are used by
remote-access VPNs.

A ) L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any

authentication scheme supported by PPP.

B) PPTP (Point-to-Point Tunneling Protocol) - PPTP was created by the

PPTP Forum, a consortium which includes US Robotics, Microsoft, 3COM,
Ascend and ECI Telematics. PPTP supports 40-bit and 128-bit encryption
and will use any authentication scheme supported by PPP.

C) L2TP (Layer 2 Tunneling Protocol) - L2TP is the product of a

partnership between the members of the PPTP Forum, Cisco and the IETF
(Internet Engineering Task Force). Combining features of both PPTP and
L2F, L2TP also fully supports IPSec.

L2TP can be used as a tunneling protocol for site-to-site VPNs as well as remote-
access VPNs. In fact, L2TP can create a tunnel between:
 Client and router
 NAS and router
  Router and router
Think of tunneling as having a computer delivered to you by UPS. The
vendor packs the computer (passenger protocol) into a box (encapsulating
protocol) which is then put on a UPS truck (carrier protocol) at the vendor's
warehouse (entry tunnel interface). The truck (carrier protocol) travels over
the highways (Internet) to your home (exit tunnel interface) and delivers the
computer. You open the box (encapsulating protocol) and remove the
computer (passenger protocol). Tunneling is just that simple!

As you can see, VPNs are a great way for a company to keep its employees and
partners connected no matter where they are.

As the link is installed its now the time to test the link as every instrument
has a testing cycle in VPN connectivity we too have a testing cycle. We use
Netpersec for testing the load. If the link is taking adequate amount of load
link is handed over to the customer other wise we move back for further
quality improvement of the link.

FIREWALL

Introduction

This document describe how to configure netear FXS538 firewall.

Requirements
 Customer wants to allow some websites and rest will be blocked.

Connectivity

Lan Port-----------> Netgear ----------> Wan Port-------------------------

--> Internet

Steps Required For Basic Configuration

a) Open the webpage with 192.168.1.1 and login with username as
admin and password as
password.
b) Configure ISP1 Settings. This is the port where we need to
terminate internet bandwidth & configure the port with
logical configurations given.
d) Click on rouitng and add the default route towards ISP end.
c) Go to lan setup tab and diable dhcp.
e) Now go to wan mode and select use only nat under Network
translation and Under port mode
select use only single wan port1 (wan1)
The services will work from top to down.
g) Click On Security->Firewall->Attack check and check the box of Respond
the ping to internet ports.
If you are not selectign this then the you were not able to ping the ports. h)
Click on Security->Block Sites-> click yes for content filtering. If you are
using no then you cannot block the websites. Enable the
proxy/java/activex/cookies if you want else you can leave that part. Under
Apply keywords blocking
select all the clicks and enable them.
For blocking websites you can use the dot(.) operator which means you are
denying any type of website. Under trusted domain you can enter the
domain which you want user can access.

In the test setup I am only permitting www.cisco.com domain rest will be denied.
Monitoring Firewall
a) Click on Monitoring->Diagnostic tab and you will access basic
troubleshooting tools.
b) Under Monitoring->Firewall Logs and Email , we can add the
syslog server ip address and fetch the logs.

Remote Management
Click Administarion-> Remote Management -> Allow remote management
and you canprovide access as per your ease

Note:- By default all the lan ports are of group 1 part. You can change the geoups
as per users.
If you want to restrict internal LAN users from access to certain sites on the
Internet, you can use the VPN firewall’s Content Filtering and Web
Components filtering. By default, these features are disabled; all requested
traffic from any Web site is allowed. If you enable one or more of these
features and users try to access a blocked site, they will see a “Blocked by
NETGEAR” message.
Several types of blocking are available:

VIDEO CONFRENSING

Introducing the VSX Series

Your Polycom video conferencing system is a state-of-the-art visual
collaboration tool. With crisp, clean video and crystal-clear sound, VSX
systems provide natural video conferencing interaction through the most
advanced video communications technology.
VSX Models
This section describes the standard components that come with the VSX
Series systems. For technical specifications and detailed descriptions of
features available for VSX models, please refer to the product literature
available at www.polycom.com. Models with additional options are also
available. For more information, please contact your Polycom distributor.
This guide covers instructions for the following models.
VSX 3000A Desktop Systems
The VSX 3000A systems deliver high-quality, video communication in an
all-in-one appliance that includes the camera, LCD screen, speakers, and
microphone. Save space in your office by using the VGA cable to connect
your computer to the system’s 17” high-resolution XGA display.
VSX set-top systems VSX component systems VSX desktop systems
Administrator’s Guide for the VSX Series

1-2
VSX 5000 Set-top System

The VSX 5000 is a compact, entry-level system with an all-electronic,

builtin camera.

VSX 6000A Set-top Systems

The VSX 6000A systems are entry-level video conferencing systems for IP
and
SIP networks only.
VSX 7000s Set-top Systems
The VSX 7000s systems provide cutting-edge video conferencing
technology for IP and other networks. The subwoofer provides additional
depth to the sound, creating a high-quality sonic space comparable to a
home theater system.

VSX 7000e Component System

The VSX 7000e is a video component system for medium-sized
conferencing rooms.
VSX 8000 Component System
The VSX 8000 system is a compact component system for custom
integration.
Setting Up Your System Hardware
This manual provides information to supplement the setup sheets provided with
your system and its optional components. A printed copy of the system setup
sheet is provided with each VSX system. PDF versions of the system setup
sheets are available at www.polycom.com/videodocumentation.
Positioning the System
Position the system so that the camera does not face toward a window or
other source of bright light.
Introducing the VSX Series
1-3
Place the camera and display together so that people at your site face the
camera when they face the far site display.

Positioning Desktop Systems

The VSX 3000A systems are personal video conferencing systems for the desktop.
To position the system:
Place the VSX 3000A system on your desktop or on a table in a small
conference room, leaving enough space so that you can connect the cables
easily.
If you need to place the system face-down to connect the cables, make sure
that the camera does not touch the work surface. The weight of the system
can damage the camera mount.
Administrator’s Guide for the VSX Series
1-4
Positioning Set-top Systems
The VSX 5000, VSX 6000A, and VSX 7000s systems are designed to be
placed on top of a monitor. You can order a shelf that can be mounted on a
wall or placed on top of a flat-panel monitor.
To position the system:
1. The hardware kit you received with the system includes a pair of self-
adhesive feet. If the monitor’s chassis slopes back sharply, install the feet
on the bottom of the system to stabilize it.

2. Place the system in the desired location, with the rounded front portion
hanging over the front of the monitor or shelf. Leave enough space to
work, so that you can connect the cables easily.

3. Remove the packaging collar from around the VSX system camera.
Positioning Component Systems
The VSX 7000e and VSX 8000 systems are designed to be placed on a
tabletop or in an equipment rack.
If you received a network interface module with your system, you may find
it
convenient to install it before positioning the system. Refer to the
installation sheet that you received with the network interface
module.
Feet
Introducing the VSX Series

To position the system:

1. Install the mounting brackets on the system if you need to mount it in an
equipment rack, or install the self-adhesive feet if you will place the system on
a table or shelf.
2. Place the system in the desired location. Leave enough space to work, so
that you can connect the cables easily.
3. Place the camera on or near the monitor displaying the far site so that
people look towards the camera during calls.
Powering On
Connect power and power on the system after you have connected the rest of the
equipment that you will use with it.
VSX 3000A Desktop System
The VSX 3000A systems have three power switches.
To power on the VSX 3000A:
1. Press the power switch near the connectors on the back of the system.
2. Press the power switch on the lower back corner of the monitor.
3. Press the power button on the front of the monitor.
Powering On Set-top and Component Systems
For set-top systems, the power switch is on the back panel.
Do not use any power supply other than the one supplied with your VSX
system.
Using the wrong power supply will void the warranty and may damage your
system.
Administrator’s Guide for the VSX Series
1-6
For component systems, the power switch is on the front. The indicator light in
the switch provides this information:
• Light is green — system is powered on
• Light changes to from green to red, then to blue — system is powering off
• Light is blue — system is powered off
• Light is off — system is not connected to power
Configuring with the Setup Wizard
When you power on your system for the first time, the setup wizard detects the
system’s SCCP connections and leads you through the minimum
configuration steps required to place a call. This guide covers only the SCCP
setup. Although the VSX SCCP system can be connected only to SCCP
networks, you can use the system to call users on other types of networks if
the
CallManager is configured to allow this. Please note that not all network
types are available in all countries.
The setup wizard allows you to set a room password, which allows you to
limit access to the Admin Settings. The default room password is the
14digit system serial number.
You can run the setup wizard or view the configuration screens in either of these
two ways.
• In the room with the system — Use the remote control to navigate the
screens and enter information. You can use the number pad on the remote
control to enter text just like you can with a cell phone.
• From a remote location — Use a web browser to access VSXWeb. For
more information about using VSX Web, refer to Accessing VSX Web Make
sure you can recall the room password if you set one. If you forget the password,
you will have to reset the system, delete the system files, and run the setup
wizard again in order to access the Admin Settings and reset the password.
If Security Mode is enabled, the room password is required to access the
Reset
System screen. If you forget the room password while the system is in
Security
Mode, contact your Polycom distributor or Polycom Technical Support.

Networks
This guide covers network types used worldwide. Please note that not all network
types are available in all countries.
Getting the Network Ready
Before you begin configuring the network options, you must make sure your
network is ready for video conferencing.
To begin, refer to the Preparing Your Network for Video Conferencing
document, available at www.polycom.com/videodocumentation. This
document contains information you need to prepare your network, such as
worksheets that will help you order ISDN.
Network Connectivity Checklist
You will need this information to make and receive video calls at your site:
Connecting to the LAN
You must connect the system to a LAN to:
• Make IP calls
• Access VSX Web
If... This information:
Should be provided by your:

Your system is using a static

IP address
IP address IP Network Service Provider or
system administrator
System name System administrator
Administrator’s Guide for the VSX Series
2-2
• Use People+Content IP
• Update system software using the Polycom Softupdate program
Configuring LAN Properties
To configure LAN properties:
1. Go to System > Admin Settings > LAN Properties.
2. Configure these settings:
Setting Description
Connect to my
LAN
Specifies whether the system is part of the LAN.
Changing this setting causes the system to restart.
Host Name Indicates the system’s DNS name.
Changing this setting causes the system to restart.
IP Address Specifies how the system obtains an IP address.
• Obtain IP address automatically — Select if the
system gets an IP address from the DHCP server on the
LAN.
• Enter IP address manually — Select if the IP
address will not be assigned automatically.
Changing this setting causes the system to restart. Your
IP Address
is or
Use the Following
IP Address
If the system obtains its IP address automatically, this area displays
the IP address currently assigned to the system.
If you selected Enter IP Address Manually, enter the IP
address here. Changing the IP address causes the system
to restart.
Domain Name Displays the domain name currently assigned to the system.
If the system does not automatically obtain a domain name, enter one here.
Networks
2-3
3. Select and configure these settings:
Setting Description
DNS Servers Displays the DNS servers currently assigned to the system.
If the system does not automatically obtain a DNS server address, enter
up to four DNS servers here.
Changing this setting causes the system to restart.
Default
Gateway
Displays the gateway currently assigned to the system.
If the system does not automatically obtain a gateway IP address, enter
one here.
Changing this setting causes the system to restart.
Subnet Mask Displays the subnet mask currently assigned to the system.
If the system does not automatically obtain a subnet mask, enter one here.
Changing this setting causes the system to restart.
WINS Server Displays the WINS server currently assigned to the system.
If the system does not automatically obtain a WINS server IP address,
enter one here.
Changing this setting causes the system to restart.
WINS
Resolution
Sends a request to the WINS server for WINS name resolution.
LAN Speed Specify the LAN speed to use. Note that the speed you choose must
be supported by the switch.
Choose Auto to have the network switch negotiate the speed
automatically. If you choose 10 Mbps or 100 Mbps, you must also
select a duplex mode.
Note: Be sure that the device and the switch settings match.
Typically, selecting Auto for both is sufficient. The LAN Speed
setting for the VSX system and the switch must match. Polycom
strongly recommends that you do not select Auto for either just
the VSX system or just the switch; the settings for both must be
the same.
Changing this setting causes the system to restart.
Duplex Mode Specify the Duplex mode to use. Note that the Duplex mode
you choose must be supported by the switch.
Choose Auto to have the network switch negotiate the Duplex mode
automatically.
Changing this setting causes the system to restart.
Administrator’s Guide for the VSX Series
2-4
Configuring the VSX System to Use SCCP
When the VSX system is configured to use SCCP for calls, you can call another
SCCP-enabled system by entering the system’s extension on the Place a Call
screen.
To configure the VSX system to use SCCP:
1. On the Cisco CallManager, provision a SCCP extension for each VSX system.
2. On the VSX System, go to System > Admin Settings > Network > Call
Preference, and enable Enable SCCP.

3. On the VSX System, go to System > Admin Settings > General

Settings>
System Settings > Call Settings, and set Auto-Answer Point-to-Point to Yes.
4. On the VSX System, go to System > Admin Settings > Network >
SCCP
Settings, and configure these settings on the Cisco CallManager screen:
Polycom VSX software release 8.6.2 supporting the Cisco SCCP protocol
has been certified with Cisco CallManager 4.2(3) and 5.1(1). Additionally,
Polycom has
successfully deployed VSX software version 8.6.2 with other versions of the
Cisco
CallManager, including versions 4.1(x) and 5.0(x).
Polycom will work with joint customers in deploying the Polycom/Cisco
solution on
Cisco CallManager 4.1(3) and higher. For pre-sales support, please contact your
Polycom sales representative. For post-sales support, please refer to
Polycom
Global Services at www.polycom.com.
Setting Description
CallManager
Address
Specifies the IP address of the Cisco CallManager.
Auto Discover
TFTP Address
Allows the system to discover the Primary, Secondary, and
Tertiary TFTP server addresses. When you choose this
setting, the system restarts and the fields are populated.
TFTP Server
Address
Allows you to specify the Primary, Secondary, and Tertiary TFPT
server addresses manually.
Local Extension Displays the extension assigned to this system by the
Cisco
CallManager.
Networks
Configuring the Cisco CallManager for Use with the VSX
System
To support SCCP video calls, you must install a video plug-in on the Cisco
CallManager server. Signed and unsigned plug-ins are available for Cisco
CallManager at http://www.polycom.com/resource_center/1,,pw-
17246,FF.html.
You must also configure the Video Extensions in the Cisco CallManager. To
place multipoint video calls using the Conference feature, the Cisco
CallManager needs to be provisioned with video bridge resources.
To install the video plug-in:
1. On the Cisco CallManager server, double-click the plug-in file to start the
installation.
2. Follow the instructions on the wizard screens to complete the installation.
3. Restart the system to activate the plug-in you just installed.
To configure the Cisco CallManager:
1. In the Cisco CallManager, go to the Phone Configuration > Directory Number
Configuration screen.
2. Provision these settings for each Polycom Video Extension:
— Maximum Number of Calls: 1
— Busy Trigger: 1
After you have configured the VSX system and installed the plug-in, you
can place SCCP calls.

Video Source Output Examples for

Multiple Monitors
The following tables show how the monitor settings on your VSX system
can affect what you see on your displays. You can configure the video
sources for your displays in many ways; these tables show only a few
typical configurations that are available on certain systems for point-to-
point calls. Keep in mind that what you see on your displays can also be
affected by multipoint display modes, dual monitor emulation, PIP
settings, and so on.
VOIP PHONES
Introduction
This document provides you with the information on installation,
configuration and operation of
the MP-124 24-port, MP-108 8-port, MP-104 4-port and MP-102 2-port
VoIP media gateways. As these units have similar functionality, except for
the number of channels and some minor features, they are referred to
collectively as the MP-1xx. Prior knowledge of regular telephony and data
networking concepts is required.
Gateway Description
The MediaPack MP-1xx Series Analog VoIP gateways are cost-effective,
cutting edge technology solutions, providing superior voice quality and
optimized packet voice streaming (voice, fax and data traffic) over the
same IP network. These gateways use the awardwinning, field-proven
Digital Signal Processing (DSP) voice compression technology used in other
MediaPack and
TrunkPackTM series products.
The MP-1xx gateways incorporate up to 24 analog ports for connection,
either directly to an enterprise PBX (MP-10x/FXO), to phones, or to fax
(MP-1xx/FXS), supporting up to 24 simultaneous VoIP calls.
Additionally, the MP-1xx units are equipped with a 10/100 Base-TX
Ethernet port for connection
to the network.
The MP-1xx gateways are best suited for small to medium size enterprises,
branch offices or for residential media gateway solutions.
The MP-1xx gateways enable Users to make free local or international
telephone/fax calls between the distributed company offices, using their
existing telephones/fax. These calls are routed over the existing network
ensuring that voice traffic uses minimum bandwidth.
The MP-1xx gateways are very compact devices that can be installed as a desk-
top unit (refer to
Section or on the wall or in a 19-inch rack
The MP-1xx gateways support H.323 ITU or SIP protocols, enabling the
deployment of "voice over IP" solutions in environments where each
enterprise or residential location is provided with a simple media
gateway.
This provides the enterprise with a telephone connection (e.g., RJ-11), and
the capability to transmit the voice and telephony signals over a packet
network.
The MP-124 supports up to 24 analog telephone loop start FXS ports, shown
in Figure

Figure 1-1: MP-124 Gateway Front View

The MP-108 supports up to 8 analog telephone loop start FXS or FXO ports, shown
in Figure

Figure 1-2: MP-108 Gateway Front View

The MP-104 supports up to 4 analog telephone loop start FXS or FXO ports, shown
in Figure
Figure 1-3: MP-104 Gateway Front View

The MP-102 supports up to 2 analog telephone loop start FXS ports, shown in
Figure .
Figure 1-4: MP-102 Gateway Front View
The layout diagram illustrates a typical MP-108 and MP-104 or MP-102 VoIP
application.
Figure 1-5: Typical MP-1xx VoIP Application
BACK VIEW
CONNECTIVITY WITH PHONES
Configuring the MP-1xx Basic Parameters
To configure the MP-1xx basic parameters use the Embedded Web Server’s
‘Quick Setup’

Figure 4-1: Quick Setup Screen

 To configure basic H.323 parameters, take these 7 steps:
1. If the MP-1xx is behind a router with Network Address Translation (NAT)
enabled, perform the following procedure. If it isn’t, leave the ‘NAT IP
Address’ field undefined.
Determine the “public” IP address assigned to the router (by using, for
instance, router
Web management). Enter this public IP address in the ‘NAT IP Address’
field.
Enable the DMZ (Demilitarized Zone) configuration on the residential
router for the LAN port where the MP-1xx gateway is connected. This
enables unknown packets to be routed to the DMZ port.
2. When working with a Gatekeeper, set ‘Working with Gatekeeper’ field,
under ‘H.323
Parameters’, to ‘Yes’ and enter the IP address of the primary Gatekeeper in the
field
‘Gatekeeper IP Address’. When no Gatekeeper is used, the internal routing
table is used to route the calls.
3. Leave parameter ‘Enable Annex D/T.38 FAX Relay’ at its default unless
your technical requirements differ.

4. Select the coder (i.e., vocoder) that best suits your VoIP system
requirements. The default
coder is: G.7231 30 msec. To program the entire list of coders you want the MP-
1xx to use,
click the button on the left side of the ‘1st Coder’ field; the drop-down list
for the 2nd to 5th coders appear. Select coders according to your system
requirements. Note that coders higher on the list are preferred and take
precedence over coders lower on the list.
5. To program the Tel to IP Routing table, press the arrow button next to
‘Tel to IP Routing
Table’. For information on how to configure the Tel to IP Routing table, 6.
To program the Endpoint Phone Number table, press the arrow button next
to ‘Endpoint
Phone Numbers’. For information on how to configure the Endpoint Phone
Number table,

7. Click the Reset button and click OK in the prompt; The MP-1xx applies
the changes and restarts. This takes approximately 1 minute to complete.
When the MP-1xx has finished restarting, the Ready and LAN LEDs on the
front panel are lit green.
You are now ready to start using the VoIP gateway. To prevent unauthorized access
to the MP-
1xx, it is recommended that you change the username and password that are used
to access the
.
MP-1xx H.323 to IP
Routing Table

The Tel to IP Routing Table is used to route incoming Tel calls to IP addresses.
This routing table
associates a called / calling telephone number’s prefixes with a destination
IP address or with an
FQDN (Fully Qualified Domain Name). When a call is routed through the
VoIP gateway
(Gatekeeper isn’t used), the called and calling numbers are compared to the
list of prefixes on the
IP Routing Table (up to 50 prefixes can be configured); Calls that match these
prefixes are sent
to the corresponding IP address. If the number dialed does not match these
prefixes, the call is not made.
When using a Gatekeeper, you do not need to configure the Tel to IP
Routing Table. However, if you want to use fallback routing when
communication with Gatekeepers is lost, or to use the
‘Filter Calls to IP’ and ‘IP Security’ features or to assign IP profiles, you
need to configure the IP Routing Table.
Note that for the Tel to IP Routing table to take precedence over a
Gatekeeper for routing calls, set the parameter ‘PreferRouteTable’
to 1. The gateway checks the
'Destination IP Address' field in the 'Tel to IP Routing' table for a match
with the outgoing call. Only if a match is not found, a Gatekeeper is used.
Possible uses for Tel to IP Routing can be as follows:
• Can fallback to internal routing table if there is no communication with the
Gatekeepers.
• Call Restriction – (when Gatekeeper isn’t used), reject all outgoing Tel IP
calls that are associated with the destination IP address: 0.0.0.0.
• IP Security – When the IP Security feature is enabled (SecureCallFromIP
= 1), the VoIP gateway accepts only those IP Tel calls with a source IP
address identical to one of the IP addresses entered in the Tel to IP Routing
Table.
• Filter Calls to IP – When a Gatekeeper is used, the gateway checks the Tel
IP routing table before a telephone number is routed to the Gatekeeper. If
the number is not allowed (number
isn’t listed or a Call Restriction routing rule was applied), the call is released.
• Assign Profiles to destination address (also when a Gatekeeper is used).
• Alternative Routing – (When Gatekeeper isn’t used) an alternative IP
destination for telephone number prefixes is available. To associate an
alternative IP address to called
telephone number prefix, assign it with an additional entry (with a different
IP address), or use an FQDN that resolves to two IP addresses. Call is sent to
the alternative destination when one of the following occurs:
No ping to the initial destination is available, or when poor QoS (delay or
packet loss,
calculated according to previous calls) is detected, or when a DNS host
name is not resolved. For detailed information on Alternative Routing,
refer to Section
8.4 on page
When a release reason that is defined in the ‘Reasons for Alternative Tel to
IP Routing’ table is received. For detailed information on the ‘Reasons for
Alternative Routing
Tables’
Tip: Tel to IP routing can be performed either before or after applying the
number manipulation rules. To control when number manipulation is
done, set the
‘Tel to IP Routing Mode’ parameter
To configure the Tel to IP Routing table, take these 6 steps:
1. Open the ‘Tel to IP Routing’ screen (Protocol Management menu >
Routing Tables
submenu > Tel to IP Routing option); the ‘Tel to IP Routing’ screen is displayed
.
2. In the ‘Tel to IP Routing Mode’ field, select the Tel to IP routing
mode 3. In the ‘Routing Index' drop-down list, select the range of entries
that you want to edit.
4. Configure the Tel to IP Routing table according to
5. Click the Submit button to save your changes.
6. To save the changes so they are available after a power fail refer to
Section
 BIBLIOGRAPHY

This project is prepared by me with help of following :

• Team members
• Company magazine
• Manuals of the equipments  Some websites etc.
 CONTENTS

1. Introduction to the company

2. Introduction to VPN

3. Link installation

4. Firepro wireless modems

5. Airspan modems

6. Radwin modems

7. Routers

8. Video confrensing

9. Voip phones

10.Firewall