DTR SHDSL Efm r4112h App M 20100119

Application Manual
LineRunner SHDSL EFM

Router
SHDSL Router
LineRunner
LineRunner
LineRunner SHDSL EFM Router Application Manual
Copyright and Confidentiality
Copyright in this document vests in KEYMILE. This document contains confidential information which is the property of KEYMILE. It must be held in confidence by the recipient and may not be used for any purposes except those
specifically authorised by contract or otherwise in writing by KEYMILE. This
document may not be copied in whole or in part, or any of its contents disclosed by the recipient to any third party, without the prior written agreement
of KEYMILE.
Disclaimer
KEYMILE has taken reasonable care in compiling this document, however

KEYMILE accepts no liability whatsoever for any error or omission in the
information contained herein and gives no other warranty or undertaking as
to its accuracy.
KEYMILE reserves the right to amend this document at any time without
prior notice.
Document PEC
37125516
Document release
RA | January 2010
Published by
KEYMILE AG
Schwarzenburgstrasse 73
3097 Bern-Liebefeld
Switzerland
http://www.keymile.com
Application Manual
LineRunner SHDSL EFM Router
Table of Contents
1
VLAN Bridging
1.1
Theory of operation
1.2
Modem configuration
1.2.1
VLAN interface creation
1.2.2
Bridge creation
1.2.3
Remote management over VLAN
Transparent Bridging
2.1
Theory of operation
2.2
Modem configuration
2.2.1
2.2.1.1
2.2.1.2
2.2.1.3
2.2.1.4
CPE (Master)
DSL Settings
Bridge
Bridge Settings
Security
8
8
9
10
10
2.2.2
2.2.2.1
2.2.2.2
2.2.2.3
CPE (Slave)
DSL Settings
Bridge
Security
11
11
11
11
2.2.3
2.2.3.1
Bridge configuration
VLAN Transparent Bridging
11
11
2.2.4
Switch configuration
12
QoS Application
13
3.1
Theory of Operation
13
3.2
Enabling QoS
13
3.3
Traffic shaping
13
3.4
Traffic priority
14
3.5
DSCP settings
15
3.6
Class statistics
16
Port-based VLAN tagging
17
4.1
Theory of operation
17
KEYMILE January 2010
page 3 of 20
37125516 RA
Application Manual
4.2
Modem configuration
17
4.2.1
Management consideration
17
4.2.2
LAN Switch Initialization
17
4.2.3
Adding VLAN configuration
18
Bridge Management
19
5.1
Theory of operation
19
5.2
Modem configuration
19
5.2.1
Bridge Advanced Configuration
19
5.2.2
Management Configuration
19
5.2.3
Internet Connection Firewall
20
page 4 of 20
37125516 RA
VLAN Bridging
1
1.1
Application Manual
VLAN Bridging
Theory of operation
In this scenario we want to configure the LineRunner SHDSL EFM Router to
act as a VLAN bridge and we will add remote management access over a
dedicated management VLAN (4094).
This section shows the concept of this application as well as the necessary
configuration of the modem:
1.2
Modem configuration
1.2.1
VLAN interface creation

First the VLAN interfaces have to be created:
System -> Network connections -> New Connection -> Advanced Connection -> VLAN Interface
Create the first VLAN interface with WAN as underlying protocol and VLAN
ID 100.
Create the second VLAN interface with WAN as underlying protocol and
VLAN ID 4094.
You can now rename the newly created interface with more user friendly
names.
page 5 of 20
20
37125516 RA
VLAN Bridging
1.2.2
Application Manual
Bridge creation
Creation of the bridge connection:
System -> Network connections -> New Connection -> Advanced Connection -> Network Bridging
Select LAN Switch and VLAN 100 interfaces for building the bridge:
If you are connected from the LAN side, you will loose the connection to the
Web-based management after you configured the bridge. The reason is that
the MAC address of the LAN will be modified and will be the same as the
WAN MAC address. In order to accelerate the reconnection you can clear
the ARP table of your computer. If you use Microsoft Windows you can
use the arp d command in a cmd shell.
After reconnection to the LineRunner SHDSL EFM Router your network connections should look similar to this:
page 6 of 20
20
37125516 RA
VLAN Bridging
1.2.3
Application Manual
Remote management over VLAN

In order to manage the modem over the newly created VLAN interface do
the following:
Select the Management VLAN 4094 interface. Under Settings -> Internet Protocol, you can configure the IP address for this interface.
page 7 of 20
20
37125516 RA
2
2.1
Application Manual
Theory of operation
With the LineRunner SHDSL EFM Router it is possible to build an application that enables clients to extend the existing VLAN over one to four DSL
lines.
In this example, management access is only possible form the master side.
This section shows the concept of this application as well as the necessary
configuration of the modems:
The management access from the left LAN side is blocked by the appropriate filter settings on both CPEs.
2.2
Modem configuration
2.2.1
CPE (Master)
2.2.1.1
DSL Settings
First of all the DSL parameters must be set:
page 8 of 20
20
37125516 RA
Application Manual
Please note:
EFM encapsulation has to be selected for CPE to CPE connections and connections to the MileGate unit SUSE1.
2.2.1.2
Bridge
A bridge must be set between the LAN and WAN interface of the CPE
Router.
For this the following command must be set:
System -> Network Connections -> New Connection -> Advanced Connection -> Network Bridging
Please note:
After clicking Next the router will be reconfigured as a bridge. The MAC
address of the LAN interface will be replaced with the Bridge MAC address,
which is the current WAN interface MAC address. Therefore your webbrowser will temporarily loose connection to the Web-based management.
In order to accelerate the reconnection you can delete the ARP table entries
of your PC. For Microsoft Windows users you can use the arp d command from a cmd shell.
page 9 of 20
20
37125516 RA
2.2.1.3
Application Manual
Bridge Settings
You can use the Bridge properties settings if you want to modify the local
Management Address (ex. 192.168.1.20).
2.2.1.4
Security
For security reasons the HTTP Web-based management access from the
slave side (WAN) can be filtered:
Service -> Firewall -> Advanced Filtering -> Input Rules Set -> (WAN
Ethernet Rules) New Entry
page 10 of 20
20
37125516 RA
2.2.2
CPE (Slave)
2.2.2.1
DSL Settings
Application Manual
First of all the DSL parameters must be set:
Please note:
EFM encapsulation has to be selected for CPE to CPE connections and connections to the MileGate unit SUSE1.
2.2.2.2
Bridge
Also create a bridge between the LAN and the WAN interface of the LineRunner SHDSL EFM Router.
See previous description.
2.2.2.3
Security
For security reason the HTTP Web-based management access form the
slave side (LAN) can be disabled:
Service -> Firewall -> Advanced Filtering -> Input Rules Set -> (LAN
Switch Rules) New Entry
Choose IP 192.168.1.40 as destination IP address and HTTP as protocol.
2.2.3
Bridge configuration
2.2.3.1
VLAN Transparent Bridging

For VLAN transparency the bridge can be configured the following way:
System -> Network Connections -> Edit Bridge Connection
Select the edit VLANS buttons for the WAN Ethernet and the LAN Switch
in the Bridging tabs of the Bridge Properties screen.
page 11 of 20
20
37125516 RA
Application Manual
A new screen will appear. Select Enable VLAN and All VLAN IDs. Click
OK to accept the configuration. The bridge is now transparent to all VLANs.
2.2.4
Switch configuration
If you want the switch to be VLAN transparent select transparent in the
VLAN tab of the LAN Switch Properties screen:
page 12 of 20
20
37125516 RA
QoS Application
3
3.1
Application Manual
QoS Application
Theory of Operation
The LineRunner SHDSL EFM Router is able to process higher priority traffic
before lower priority traffic.
The most significant bottleneck is where the high speed LAN meets limited
broadband bandwidth. Special QoS mechanisms are built into the LineRunner SHDSL EFM Router to ensure that this sudden drop in connectivity
speed is taken into account when prioritizing and transmitting real-time-service related data packets.
This example shows how to configure the SHDSL router to prioritize traffic
that is tagged with DSCP priority marking.
3.2
Enabling QoS
In order to enable QoS processing do the following:
Select Services -> QoS.
The Quality of Service screen will appear, displaying the General tab.
Select User Defined from the combo-box.
Enter the Rx and Tx bandwidth of your DSL interface in kbit/s.
Select the Default QoS profile.
This turns QoS on without special preferences. We will configure our
preferences later.
3.3
Traffic shaping
The traffic shaping configuration is needed to have several classes of services each having different priority and different rate limiting.
In this example we will create two classes (class 1 and class 2).
Select the Traffic Shaping tab.
Click the edit button of the Default WAN device.
page 13 of 20
20
37125516 RA
QoS Application
Application Manual
The Tx bandwidth of the WAN is 22784 kbit/s as defined above.

Lets create two service classes (class 1 and class2):
Class 1 has the priority 0 and a reserved bandwidth of 20%.
Class 2 has the priority 1 and a reserved bandwidth of 3000 kbit/s.
Note that the reserved bandwidth cannot be used by another class. Traffic
exceeding the maximum bandwidth (ex.: Class 2, 6000 kbit/s) will be discarded.
3.4
Traffic priority
We have to set rules determining the priority that packets, travelling through
the device, will receive. This can be done here:
Select the Traffic Priority tab.
We can now create the following two QoS output rules for the WAN interface:
Rule #0 detects packets with DSCP 0x2E and puts them in Class 1.
Rule #1 detects packets with DSCP 0x1A and puts them in Class 2.
page 14 of 20
20
37125516 RA
QoS Application
3.5
Application Manual
DSCP settings
Select the DSCP Settings tab. In this table you can add or modify the mapping of the DSCP value to a priority. Note that in our example DSCP 0x2E is
set to high priority and DSCP 0x1A is set to medium priority.
page 15 of 20
20
37125516 RA
QoS Application
3.6
Application Manual
Class statistics
The Class Statistics tab shows the two classes and the default class statistics. Check the statistics to see if the QoS is correctly configured.
page 16 of 20
20
37125516 RA
4
4.1
Application Manual

Theory of operation
In this scenario we want to configure the LineRunner SHDSL EFM Router to
add VLAN tags based on the Ethernet switch port number.
We will configure Ethernet port 8 to have local access to the management of
the router.
4.2
Modem configuration
4.2.1
Management consideration
Before to start with the VLAN configuration, you have to ask yourself how
you will access the management of the LineRunner SHDSL EFM Router
once that the 802.1q VLAN mode is turned on in the switch.
One way to access the management is to create a new VLAN interface (for
example 4094). This is described in chapter "VLAN interface creation"
(page 5).
In this scenario we will reserve one Ethernet port (port 8 in this example) for
the local access to the management of the router. We will configure the
switch to send all traffic coming from port 8 as untagged packets. Therefore
we do not need to create a special VLAN interface for the management.
4.2.2
LAN Switch Initialization

Open the LAN switch configuration page:
System -> Network Connections -> LAN Switch
Select the VLAN tab.
Turn on the VLAN mode:
Select 802.1q as VLAN Mode
Do not click apply until the configuration is complete, otherwise you
might loose access to the management.
Configure the Default VLAN ID:
Port 8 and Trunk must have the same VLAN ID (4094 in this example)
Create a new entry in the VLAN table:
Enter the same VLAN ID as the default VLAN ID (4094 in this example) and select U (Untagged) for the port 8 and the Trunk port.
Click OK.
Now the VLAN table should look like this.
page 17 of 20
20
37125516 RA
Application Manual
If the table looks identical you can click Apply. Otherwise correct the table
before to proceed. Do not forget that you might completely loose access to
the management if your configuration is not correct.
You probably have to refresh your browser to access the management.
Also check that you PC is connected to port 8 of the Ethernet switch.
4.2.3
Adding VLAN configuration

The switch has been set to VLAN mode and port 8 is configured as
untagged in order to access the management of the LineRunner SHDSL
EFM Router.
You can add your application related VLAN configuration.
For example:
Port 1 and 2 build VLAN 10.
Port 3 and 4 build VLAN 20.
page 18 of 20
20
37125516 RA
Bridge Management
5
5.1
Application Manual
Bridge Management
Theory of operation
This chapter describes a secured way to configure local and/or remote management of the LineRunner SHDSL EFM Router when it is used as a bridge.
It is recommended to follow this procedure to minimize the risk of unauthorized access to the LineRunner SHDSL EFM Router.
5.2
Modem configuration
5.2.1
Bridge Advanced Configuration

Configure the router to bridge mode. The procedure is described in a previous chapter.
Then take a look at the Bridge Advanced Properties:
System -> Network Connections -> Bridge -> Advanced
Here you see that the Internet Connection Firewall is disabled by default.
When Internet Connection Firewall is turned off web-based management,
telnet and SSH access to the management is possible from the LAN and
from the WAN sides. This is very unsecured and therefore it is recommended to enable the Internet Connection Firewall. But before to enable
this setting you have to prepare remote management access, otherwise you
will loose access to the management.
5.2.2
Management Configuration
Before to enable Internet Connection Firewall you need to allow remote
management. If you do not enable remote management you will loose connection to the device when you enable the Internet Connection Firewall.
page 19 of 20
20
37125516 RA
Bridge Management
Application Manual
In the example below the HTTPS and the SSH connection are enabled.
5.2.3
Internet Connection Firewall

Once the remote administration is configured. You can go back to the Bridge
properties and enable Internet Connection Firewall.
page 20 of 20
20
37125516 RA

DTR SHDSL Efm r4112h App M 20100119

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DTR SHDSL Efm r4112h App M 20100119

Uploaded by

Copyright:

Available Formats

Application Manual

LineRunner SHDSL EFM

Copyright and Confidentiality

KEYMILE has taken reasonable care in compiling this document, however

VLAN interface creation

Remote management over VLAN

Port-based VLAN tagging

KEYMILE January 2010

LAN Switch Initialization

Adding VLAN configuration

Bridge Advanced Configuration

Internet Connection Firewall

KEYMILE January 2010

VLAN interface creation

KEYMILE January 2010

KEYMILE January 2010

Remote management over VLAN

KEYMILE January 2010

KEYMILE January 2010

KEYMILE January 2010

KEYMILE January 2010

First of all the DSL parameters must be set:

VLAN Transparent Bridging

KEYMILE January 2010

KEYMILE January 2010

KEYMILE January 2010

The Tx bandwidth of the WAN is 22784 kbit/s as defined above.

KEYMILE January 2010

KEYMILE January 2010

KEYMILE January 2010

Port-based VLAN tagging

Port-based VLAN tagging

LAN Switch Initialization

KEYMILE January 2010

Port-based VLAN tagging

Adding VLAN configuration

KEYMILE January 2010

Bridge Advanced Configuration

KEYMILE January 2010

Internet Connection Firewall

KEYMILE January 2010

You might also like