DSR 1000N Manual 2 02 EN

User Manual
Unified Services Router
D-Link Corporation
Copyright © 2014
http://www.dlink.com
Unified Services Router User Manual
User Manual
DSR-150 / 150N / 250 / 250N
DSR-500 / 500N / 1000 / 1000N
Unified Services Router

Version 2.02
Copyright © 2014
Copyright Notice
This publication, including all photographs, illustrations and software, is protected under
international copyright laws, with all rights reserved. Neither this manual, nor any of the material
contained herein, may be reproduced without written consent of the author.
Disclaimer
The information in this document is subject to change without notice. The manufacturer makes
no representations or warranties with respect to the contents hereof and specifically disclaim any
implied warranties of merchantability or fitness for any particular purpose. The manufacturer
reserves the right to revise this publication and to make changes from time to time i n the content
hereof without obligation of the manufacturer to notify any person of such revision or changes.
Limitations of Liability
UNDER NO CIRCUMSTANCES SHALL D-LINK OR ITS SUPPLIERS BE LIABLE FOR
DAMAGES OF ANY CHARACTER (E.G. DAMAGES FOR LOSS OF PROFIT, SOFTWARE
RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER
COMMERCIAL DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR
IMPROPER USE OF THE D-LINK PRODUCT OR FAILURE OF THE PRODUCT, EVEN IF D -
LINK IS INFORMED OF THE POSSIBILITY OF SUCH D AMAGES. FURTHERMORE, D-
LINK WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST CUSTOMER FOR
LOSSES OR DAMAGES. D-LINK WILL IN NO EVENT BE LIABLE FOR ANY DAMAGES IN
EXCESS OF THE AMOUNT D-LINK RECEIVED FROM THE END-USER FOR THE
PRODUCT.
1
Table of Contents
Chapter 1. Introduction ........................................................................................................................... 11
1.1 About this User Manual .......................................................................................... 12
1.2 Typographical Conventions ................................................................................... 12
Chapter 2. Configuring Your Network: LAN Setup ............................................................................. 13

2.1 LAN Configuration................................................................................................... 13
2.1.1 LAN DHCP Reserved IPs ...................................................................................... 17
2.1.2 LAN DHCP Leased Clients.................................................................................... 19
2.1.3 LAN Configuration in an IPv6 Network ................................................................ 19
2.1.4 Configuring IPv6 Router Advertisements ............................................................ 21
2.2 VLAN Configuration ................................................................................................ 25
2.2.1 Associating VLANs to ports ................................................................................... 27
2.2.2 Multiple VLAN Subnets .......................................................................................... 30
2.2.3 VLAN configuration ................................................................................................. 31
2.3 Configurable Port: DMZ Setup .............................................................................. 32
2.4 Universal Plug and Play (UPnP) ........................................................................... 35
2.5 Captive Portal .......................................................................................................... 36
2.5.1 Captive Portal Setup............................................................................................... 37
2.5.2 Captive Portals on a VLAN .................................................................................... 41
Chapter 3. Connecting to the Internet: WAN Setup ........................................................................... 43

3.1 Internet Setup Wizard ............................................................................................. 43
3.2 WAN Configuration ................................................................................................. 46
3.2.1 WAN Port IP address ............................................................................................. 47
3.2.2 WAN DNS Servers ................................................................................................. 47
3.2.3 DHCP WAN ............................................................................................................. 48
3.2.4 PPPoE ...................................................................................................................... 48
3.2.5 Russia L2TP and PPTP WAN ............................................................................... 51
3.2.6 Russia Dual Access PPPoE .................................................................................. 52
3.2.7 WAN Configuration in an IPv6 Network ............................................................... 56
3.2.8 Checking WAN Status ............................................................................................ 58
3.2.9 VLAN ON WAN ....................................................................................................... 59
3.3 Bandwidth Controls................................................................................................. 60
3.3.1 Bandwidth Controls in Bridge Mode ..................................................................... 63
3.4 Features with Multiple WAN Links ........................................................................ 66
3.4.1 Auto Failover ............................................................................................................ 66
3.4.2 Load Balancing ........................................................................................................ 67
3.4.3 Protocol Bindings .................................................................................................... 68
3.4.4 IP Aliasing ................................................................................................................ 69
3.5 Routing Configuration............................................................................................. 71
3.5.1 Routing Mode .......................................................................................................... 71
3.5.2 Dynamic Routing (RIP) .......................................................................................... 73
3.5.3 Static Routing .......................................................................................................... 73
3.5.4 OSPFv2 .................................................................................................................... 75
3.5.5 OSPFv3 .................................................................................................................... 77
3.5.6 6to4 Tunneling ......................................................................................................... 79
3.5.7 ISATAP Tunnels ...................................................................................................... 80
3.6 Configurable Port - WAN Option .......................................................................... 82
2
3.7 WAN3 (3G) Configuration ...................................................................................... 82

3.8 WAN Port Settings .................................................................................................. 84
Chapter 4. Wireless Access Point Setup ............................................................................................. 86

4.1 Wireless Settings Wizard ....................................................................................... 86
4.1.1 Wireless Network Setup Wizard ........................................................................... 89
4.1.2 Add Wireless Device with WPS ............................................................................ 89
4.1.3 Manual Wireless Network Setup .......................................................................... 90
4.2 Wireless Profiles ..................................................................................................... 90
4.2.1 WEP Security .......................................................................................................... 91
4.2.2 WPA or WPA2 with PSK ........................................................................................ 92
4.3 Creating and Using Access Points ....................................................................... 93
4.3.1 Primary benefits of Virtual APs: ............................................................................ 97
4.4 Tuning Radio Specific Settings ............................................................................. 97
4.5 WMM......................................................................................................................... 98
4.6 Wireless distribution system (WDS) ................................................................... 100
4.7 Advanced Wireless Settings................................................................................ 101
4.8 Wi-Fi Protected Setup (WPS) ............................................................................. 102
Chapter 5. Securing the Private Network .......................................................................................... 105

5.1 Firewall Rules ........................................................................................................ 105
5.2 Defining Rule Schedules ..................................................................................... 106
5.3 Configuring Firewall Rules ................................................................................... 108
5.4 Configuring IPv6 Firewall Rules .......................................................................... 113
5.4.1 Firewall Rule Configuration Examples ............................................................... 115
5.5 Security on Custom Services .............................................................................. 119
5.6 ALG support ........................................................................................................... 121
5.7 VPN Passthrough for Firewall ............................................................................. 122
5.8 Bridge Mode Firewall ............................................................................................ 123
5.9 Application Rules .................................................................................................. 125
5.10 Web Content Filtering........................................................................................... 126
5.10.1 Static Content Filtering ......................................................................................... 127
5.10.2 Approved URLs ..................................................................................................... 127
5.10.3 Blocked Keywords ................................................................................................ 128
5.10.4 Export Web Filter .................................................................................................. 129
5.10.5 Dynamic WCF ....................................................................................................... 130
5.11 IP/MAC Binding ..................................................................................................... 132
5.12 Intrusion Prevention (IPS).................................................................................... 133
5.13 Protecting from Internet Attacks ......................................................................... 134
5.14 IGMP Proxy to manage multicast traffic ............................................................ 136
Chapter 6. IPsec / PPTP / L2TP VPN ................................................................................................ 137

6.1 VPN Wizard ........................................................................................................... 138
6.2 Configuring IPsec Policies ................................................................................... 141
6.2.1 Extended Authentication (XAUTH) ..................................................................... 145
6.2.2 Internet over IPsec tunnel .................................................................................... 145
6.3 Configuring VPN clients ....................................................................................... 146
3
6.4 PPTP / L2TP Tunnels ........................................................................................... 146

6.4.1 PPTP Tunnel Support .......................................................................................... 146
6.4.2 L2TP Tunnel Support ........................................................................................... 148
6.5 GRE Tunnel Support ............................................................................................ 151
6.6 OpenVPN Support ................................................................................................ 153
6.6.1 OpenVPN Remote Network ................................................................................ 154
6.6.2 OpenVPN Authentication ..................................................................................... 155
Chapter 7. SSL VPN ............................................................................................................................. 157

7.1 Groups and Users ................................................................................................. 159
7.1.1 Users and Passwords .......................................................................................... 165
7.1.2 Adding many users to the Local User Database .............................................. 166
7.2 Using SSL VPN Policies ...................................................................................... 168
7.2.1 Using Network Resources ................................................................................... 170
7.3 Application Port Forwarding ................................................................................ 171
7.4 SSL VPN Client Configuration ............................................................................ 174
7.5 User Portal ............................................................................................................. 177
7.5.1 Creating Portal Layouts ....................................................................................... 177
Chapter 8. Advanced Configuration Tools ......................................................................................... 180

8.1 USB Device Setup ................................................................................................ 180
8.2 USB share port ...................................................................................................... 181
8.3 SMS service ........................................................................................................... 183
8.4 External Authentication ........................................................................................ 184
8.4.1 POP3 Server .......................................................................................................... 184
8.4.2 NT Domain Server ................................................................................................ 186
8.4.3 RADIUS Server ..................................................................................................... 187
8.4.4 Active Directory Server ........................................................................................ 189
8.4.5 LDAP Server .......................................................................................................... 190
8.5 Authentication Certificates ................................................................................... 191
8.6 Advanced Switch Configuration .......................................................................... 194
8.7 Package Manager ................................................................................................. 194
Chapter 9. Administration & Management ......................................................................................... 198

9.1 Configuration Access Control .............................................................................. 198
9.1.1 Admin Settings ...................................................................................................... 199
9.1.2 License Updates ................................................................................................... 200
9.1.3 Remote Management ........................................................................................... 201
9.1.4 CLI Access ............................................................................................................. 203
9.2 SNMP Configuration ............................................................................................. 203
9.3 Configuring Time Zone and NTP ........................................................................ 205
9.4 Log Configuration .................................................................................................. 206
9.4.1 Defining What to Log ............................................................................................ 206
9.4.2 Sending Logs to E-mail or Syslog ...................................................................... 209
9.4.3 Event Log Viewer in GUI ..................................................................................... 211
9.5 Backing up and Restoring Configuration Settings ........................................... 212
9.6 Generating DBGLOGs ......................................................................................... 214
9.7 Upgrading Router Firmware ................................................................................ 214
4
9.8 Upgrading Router Firmware via USB................................................................. 215

9.9 Dynamic DNS Setup............................................................................................. 216
9.10 Using Diagnostic Tools ........................................................................................ 217
9.10.1 Ping ......................................................................................................................... 219
9.10.2 Trace Route ........................................................................................................... 219
9.10.3 DNS Lookup .......................................................................................................... 220
9.10.4 Router Options ...................................................................................................... 220
9.11 Localization ............................................................................................................ 221
Chapter 10. Router Status and Statistics ............................................................................................. 222

10.1 System Overview .................................................................................................. 222
10.1.1 Device Status ........................................................................................................ 222
10.1.2 Resource Utilization .............................................................................................. 225
10.2 Traffic Statistics ..................................................................................................... 227
10.2.1 Wired Port Statistics ............................................................................................. 227
10.2.2 Wireless Statistics ................................................................................................. 227
10.3 Active Connections ............................................................................................... 228
10.3.1 Sessions through the Router ............................................................................... 228
10.3.2 Wireless Clients..................................................................................................... 228
10.3.3 LAN Clients ............................................................................................................ 229
10.3.4 Active VPN Tunnels .............................................................................................. 229
Chapter 11. Trouble Shooting ................................................................................................................ 233

11.1 Internet connection ............................................................................................... 233
11.2 Date and time ........................................................................................................ 235
11.3 Pinging to Test LAN Connectivity ....................................................................... 235
11.3.1 Testing the LAN path from your PC to your router .......................................... 235
11.3.2 Testing the LAN path from your PC to a remote device ................................. 236
11.4 Restoring factory-default configuration settings ............................................... 237
Chapter 12. Credits ................................................................................................................................. 239
Appendix A. Glossary .............................................................................................................................. 240
Appendix B. Factory Default Settings ................................................................................................... 243
Appendix C. Standard Services Available for Port Forwarding & Firewall Configuration .............. 244
Appendix D. Log Output Reference ....................................................................................................... 245
Appendix E. RJ-45 Pin-outs.................................................................................................................... 300
Appendix F. New Wi Fi Frequency table ( New appendix section ) ................................................. 301
Appendix G. Product Statement ............................................................................................................. 304
5
List of Figures
Figure 1: Setup page for LAN TCP/IP settings (a) ................................................................................ 16
Figure 2: Setup page for LAN TCP/IP settings (b) ................................................................................ 16
Figure 3: LAN DHCP Reserved IPs ......................................................................................................... 18
Figure 4: LAN DHCP Leased Clients ...................................................................................................... 19
Figure 5: IPv6 LAN and DHCPv6 configuration ..................................................................................... 20
Figure 6: Configuring the Router Advertisement Daemon ................................................................... 23
Figure 7: IPv6 Advertisement Prefix settings ......................................................................................... 25
Figure 8: Adding VLAN memberships to the LAN ................................................................................. 27
Figure 9: Port VLAN list ............................................................................................................................. 29
Figure 10: Configuring VLAN membership for a port ............................................................................ 30
Figure 11: Multiple VLAN Subnets ........................................................................................................... 31
Figure 12: VLAN Configuration ................................................................................................................. 32
Figure 13: DMZ configuration ................................................................................................................... 34
Figure 14: UPnP Configuration ................................................................................................................. 36
Figure 15: Active Runtime sessions ........................................................................................................ 37
Figure 16: Captive Portal Profile List ....................................................................................................... 38
Figure 17: Customized Captive Portal Setup ......................................................................................... 39
Figure 18: Blocking specific clients by their MAC address ................................................................... 41
Figure 19: VLAN based configuration of Captive Portals ..................................................................... 42
Figure 20: Internet Connection Setup Wizard ........................................................................................ 44
Figure 21: Manual WAN configuration..................................................................................................... 48
Figure 22: PPPoE configuration for standard ISPs ............................................................................... 49
Figure 23: WAN configuration for Japanese Multiple PPPoE (part 1) ................................................ 50
Figure 24: WAN configuration for Japanese Multiple PPPoE (part 2)(its in figure 22 itself) ........... 51
Figure 25: Russia L2TP ISP configuration .............................................................................................. 52
Figure 26: Russia Dual access PPPoE configuration ........................................................................... 53
Figure 27: IPv6 WAN Setup page ............................................................................................................ 57
Figure 28: Connection Status information for both WAN ports ............................................................ 59
Figure 29: Enabling VLAN on WAN ......................................................................................................... 60
Figure 30: List of Configured Bandwidth Profiles ................................................................................... 61
Figure 31: Bandwidth Profile Configuration ............................................................................................ 62
Figure 32: Traffic Selector Configuration ................................................................................................ 63
Figure 33: Bridge Bandwidth Profile Configuration................................................................................ 65
Figure 34: Bridge Traffic Selector Configuration .................................................................................... 65
6
Figure 35: Load Balancing is available when multiple WAN ports are configured and Protocol
Bindings have been defined ................................................................................................... 68
Figure 36: Protocol binding setup to associate a service and/or LAN source to a WAN and/or
destination network .................................................................................................................. 69
Figure 37: Configuring the IP Alias .......................................................................................................... 69
Figure 38: IP Alias Configuration.............................................................................................................. 70
Figure 39: Routing Mode to determine traffic routing between WAN and LAN ................................. 72
Figure 40: Static route configuration fields ............................................................................................. 75
Figure 41: OSPFv2 configured parameters ............................................................................................ 76
Figure 42: OSPFv2 configuration ............................................................................................................. 77
Figure 43: OSPFv3 configured parameters ............................................................................................ 78
Figure 44: OSPFv3 configuration ............................................................................................................. 79
Figure 45: 6 to 4 tunneling ......................................................................................................................... 79
Figure 46: ISATAP Tunnels Configuration .............................................................................................. 81
Figure 47: WAN3 configuration for 3G internet ...................................................................................... 83
Figure 48: Physical WAN port settings .................................................................................................... 85
Figure 49: Wireless Network Setup Wizards .......................................................................................... 87
Figure 50: List of Available Profiles shows the options available to secure the wireless link ......... 91
Figure 51: Profile configuration to set network security ........................................................................ 92
Figure 52: Virtual AP configuration .......................................................................................................... 94
Figure 53: List of configured access points (Virtual APs) shows one enabled access point on the
radio, broadcasting its SSID ................................................................................................... 96
Figure 54: Radio card configuration options ........................................................................................... 98
Figure 55: Wi-Fi Multimedia ...................................................................................................................... 99
Figure 56: Wireless Distribution System ............................................................................................... 100
Figure 57: Advanced Wireless communication settings ..................................................................... 102
Figure 58: WPS configuration for an AP with WPA/WPA2 profile ..................................................... 103
Figure 59: List of Available Firewall Rules ............................................................................................ 106
Figure 60: List of Available Schedules to bind to a firewall rule ........................................................ 107
Figure 61: Example where an outbound SNAT rule is used to map an external IP address
(209.156.200.225) to a private DMZ IP address (10.30.30.30) ...................................... 111
Figure 62: The firewall rule configuration page allows you to define the To/From zone, service,
action, schedules, and specify source/destination IP addresses as needed. ............... 112
Figure 63: The IPv6 firewall rule configuration page allows you to define the To/From zone,
service, action, schedules, and specify source/destination IP addresses as needed. 114
Figure 64: List of Available IPv6 Firewall Rules ................................................................................... 115
Figure 65: Schedule configuration for the above example. ................................................................ 118
Figure 66: List of user defined services. ............................................................................................... 120
7
Figure 67: Custom Services configuration ............................................................................................ 120

Figure 68: Available ALG support on the router................................................................................... 122
Figure 69: Passthrough options for VPN tunnels ................................................................................. 123
Figure 70: List of Configured Firewall Rules for the Bridge ................................................................ 124
Figure 71: Bridge Firewall Rule configuration ...................................................................................... 124
Figure 72: List of Available Application Rules showing 4 unique rules ............................................ 126
Figure 73: Content Filtering used to block access to proxy servers and prevent ActiveX controls
from being downloaded ......................................................................................................... 127
Figure 74: Two trusted domains added to the Approved URLs List ................................................. 128
Figure 75: One keyword added to the block list ................................................................................... 129
Figure 76: Export Approved URL list ..................................................................................................... 130
Figure 77: Dynamic WCF ........................................................................................................................ 130
Figure 78: The following example binds a LAN host’s MAC Address to an IP address served by
DSR. If there is an IP/MAC Binding violation, the violating packet will be dropped and
logs will be captured .............................................................................................................. 132
Figure 79: Intrusion Prevention features on the router ....................................................................... 134
Figure 80: Protecting the router and LAN from internet attacks ........................................................ 135
Figure 81: Enabling IGMP Proxy for the LAN ....................................................................................... 136
Figure 82: Example of Gateway-to-Gateway IPsec VPN tunnel using two DSR routers connected
to the Internet .......................................................................................................................... 137
Figure 83: Example of three IPsec client connections to the internal network through the DSR
IPsec gateway ........................................................................................................................ 138
Figure 84: VPN Wizard launch screen .................................................................................................. 139
Figure 85: IPsec policy configuration ..................................................................................................... 142
Figure 86: IPsec policy configuration continued (Auto policy via IKE).............................................. 144
Figure 87: IPsec policy configuration continued (Auto / Manual Phase 2) ...................................... 145
Figure 88: PPTP tunnel configuration – PPTP Client.......................................................................... 147
Figure 89: PPTP VPN connection status .............................................................................................. 147
Figure 90: PPTP tunnel configuration – PPTP Server ........................................................................ 148
Figure 91: L2TP tunnel configuration – L2TP Server .......................................................................... 149
Figure 92: L2TP tunnel configuration – L2TP Client ........................................................................... 151
Figure 93: GRE Tunnel configuration .................................................................................................... 152
Figure 94: OpenVPN configuration ........................................................................................................ 154
Figure 95: OpenVPN Remote Network ................................................................................................. 154
Figure 96: OpenVPN Authentication ...................................................................................................... 155
Figure 97: Example of clientless SSL VPN connections to the DSR ................................................ 158
Figure 98: List of groups .......................................................................................................................... 159
8
Figure 99: User group configuration ...................................................................................................... 160

Figure 100: SSLVPN Settings ................................................................................................................ 161
Figure 101: Group login policies options ............................................................................................... 162
Figure 102: Browser policies options ..................................................................................................... 163
Figure 103: IP policies options................................................................................................................ 164
Figure 104: Available Users with login status and associated Group ............................................... 165
Figure 105: User configuration options ................................................................................................. 166
Figure 106: Import a CSV file with multiple users to the User Database ......................................... 167
Figure 107: List of SSL VPN polices (Global filter) .............................................................................. 168
Figure 108: SSL VPN policy configuration ............................................................................................ 169
Figure 109: List of configured resources, which are available to assign to SSL VPN policies ..... 171
Figure 110: List of Available Applications for SSL Port Forwarding.................................................. 173
Figure 111: SSL VPN client adapter and access configuration ......................................................... 175
Figure 112: Configured client routes only apply in split tunnel mode ............................................... 176
Figure 113: List of configured SSL VPN portals. The configured portal can then be associated
with an authentication domain .............................................................................................. 177
Figure 114: SSL VPN Portal configuration ........................................................................................... 179
Figure 115: USB Device Detection ........................................................................................................ 181
Figure 116: USB SharePort .................................................................................................................... 182
Figure 117: SMS Service – Send SMS ................................................................................................. 183
Figure 118: SMS Service – Receive SMS ............................................................................................ 184
Figure 119: POP3 Authentication Server configuration ...................................................................... 185
Figure 120: POP3 CA file upload ........................................................................................................... 186
Figure 121: NT Domain Authentication Server configuration ............................................................. 187
Figure 122: RADIUS Server configuration ............................................................................................ 188
Figure 123: Active Directory Authentication Server configuration ..................................................... 189
Figure 124: LDAP Authentication Server configuration ...................................................................... 191
Figure 125: Certificate summary for IPsec and HTTPS management ............................................. 193
Figure 126: Advanced Switch Settings .................................................................................................. 194
Figure 127: Device Drivers ...................................................................................................................... 195
Figure 128: Installation of driver/language pack .................................................................................. 196
Figure 129: Selection of Installed Language ........................................................................................ 197
Figure 130: User Login policy configuration ......................................................................................... 199
Figure 131: Admin Settings ..................................................................................................................... 200
Figure 132: License upload field and List of Active Licenses ............................................................ 201
Figure 133: Remote Management from the WAN ............................................................................... 202
9
Figure 134: Web GUI Management from the WAN ............................................................................. 203
Figure 135: SNMP Users, Traps, and Access Control ........................................................................ 204
Figure 136: SNMP system information for this router ......................................................................... 205
Figure 137: Date, Time, and NTP server setup ................................................................................... 206
Figure 138: Facility settings for Logging ............................................................................................... 207
Figure 139: Log configuration options for traffic through router ......................................................... 209
Figure 140: IPv6 Log configuration options for traffic through router ................................................ 209
Figure 141: E-mail configuration as a Remote Logging option .......................................................... 210
Figure 142: Syslog server configuration for Remote Logging (continued) ....................................... 211
Figure 143: VPN logs displayed in GUI event viewer ......................................................................... 212
Figure 144: Restoring configuration from a saved file will result in the current configuration being
overwritten and a reboot ....................................................................................................... 213
Figure 145: Firmware version information and upgrade option ......................................................... 215
Figure 146: Firmware upgrade and configuration restore/backup via USB ..................................... 216
Figure 147: Dynamic DNS configuration ............................................................................................... 217
Figure 148: Router diagnostics tools available in the GUI ................................................................. 218
Figure 149: Sample trace route output .................................................................................................. 220
Figure 150: Localization........................................................................................................................... 221
Figure 151: Device Status display.......................................................................................................... 223
Figure 152: Device Status display (continued) ..................................................................................... 225
Figure 153: Resource Utilization statistics ............................................................................................ 226
Figure 154: Resource Utilization data (continued) .............................................................................. 226
Figure 155: Resource Utilization data (continued) .............................................................................. 226
Figure 156: Physical port statistics ........................................................................................................ 227
Figure 157: AP specific statistics ............................................................................................................ 228
Figure 158: List of current Active Firewall Sessions............................................................................ 228
Figure 159: List of connected 802.11 clients per AP ........................................................................... 229
Figure 160: List of LAN hosts ................................................................................................................. 229
Figure 161: List of current Active VPN Sessions ................................................................................. 231
10
Chapter 1. Introduction
D-Link Services Routers offer a secure, high performance networking solution to address
the growing needs of small and medium businesses. Integrated high-speed IEEE 802.11n
and 3G wireless technologies offer comparable performance to traditional wired
networks, but with fewer limitations. Optimal network security is provided via features
such as virtual private network (VPN) tunnels, IP Security (IPsec), Point-to-Point
Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Secure Sockets
Layer (SSL). Empower your road warriors with clientless remote access anywhere and
anytime using SSL VPN tunnels.
With the D-Link Services Router you are able to experience a diverse set of benefits:
 Comprehensive Management Capabilities
The DSR-500, DSR-500N, DSR-1000 and DSR-1000N include dual-WAN
Gigabit Ethernet which provides policy-based service management ensuring
maximum productivity for your business operations. The failover feature
maintains data traffic without disconnecting when a landline connection is lost.
The Outbound Load Balancing feature adjusts outgoing traffic across two WAN
interfaces and optimizes the system perfor mance resulting in high availability.
The solution supports configuring a port as a dedicated DMZ port allowing you
to isolate servers from your LAN.
 DSR-150/150N/250/250N producst have a single WAN interface, and thus it does not
support Auto Failover and Load Balancing scenarios.
 Superior Wireless Performance

Designed to deliver superior wireless performance, the DSR -500N and DSR-
1000N include 802.11 a/b/g/n support, allowing for operation on either the 2.4
GHz or 5 GHz radio bands. Multiple In Multiple O ut (MIMO) technology allows
the DSR-500N and DSR-1000N to provide high data rates with minimal “dead
spots” throughout the wireless coverage area.
 DSR-150N, DSR-250N and DSR-500N support the 2.4GHz radio band only.
 Flexible Deployment Options

The DSR-1000 / 1000N supports Third Generation (3G) Networks via an
extendable USB 3G dongle. This 3G network capability offers an additional
secure data connection for networks that provide critical services. The DSR -
1000N can be configured to automatically switch to a 3G network whenever a
physical link is lost.
 Robust VPN features
A fully featured virtual private network (VPN) provides your mobile workers and
branch offices with a secure link to your network. The DSR-150/150N/250/250N,
DSR-500/500N and DSR-1000 /1000N are capable of simultaneously managing
5, 5, 10, 20 Secure Sockets Layer (SSL) VPN tunnels respectively, empowering
your mobile users by providing remote access to a central corporate database.
Site-to-site VPN tunnels use IP Security (IPsec) Protocol, Point-to-Point
Tunneling Protocol (PPTP), or Layer 2 Tunneling Protocol (L2TP) to facilitate
11
branch office connectivity through encrypted virtual links. The DSR-150/150N,

DSR-250/250N, DSR-500/500N and DSR-1000/1000N support 10, 25, 35 and 75
simultaneous IPsec VPN tunnels respectively.
 Efficient D-Link Green Technology
As a concerned member of the global community, D -Link is devoted to providing
eco-friendly products. D-Link Green Wi-Fi and D-Link Green Ethernet save
power and prevent waste. The D-Link Green WLAN scheduler reduces wireless
power automatically during off-peak hours. Likewise the D-Link Green Ethernet
program adjusts power usage based on the detected cable length and link status.
In addition, compliance with RoHS (Restriction of Hazardous Substances) and
WEEE (Waste Electrical and Electronic Equipment) directives make D -Link
Green certified devices the environmentally responsible choice.
 Support for the 3G wireless WAN USB dongle is only available for DSR-1000
and DSR-1000N.
1.1 About this User Manual

This document is a high level manual to allow new D-Link Services Router users to
configure connectivity, setup VPN tunnels, establish firewall rules and perform general
administrative tasks. Typical deployment and use case scenarios are described in each
section. For more detailed setup instructions and explanations of each configuration
parameter, refer to the online help that can be accessed from each page in the router
GUI.
1.2 Typographical Conventions

The following is a list of the various terms, followed by an example of how that term
is represented in this document:
 Product Name – D-Link Services Router.
o Model numbers DSR-500/500N/1000/1000N/250/250N/150/150N
 GUI Menu Path/GUI Navigation – Monitoring > Router Status
 Important note – 
12
Chapter 2. Configuring Your Network: LAN Setup
It is assumed that the user has a machine for management connected to the LAN to the router. The LAN
connection may be through the wired Ethernet ports available on the router, or once the initial setup is
complete, the DSR may also be managed through its wireless interface as it is bridged with the LAN.
Access the router’s graphical user interface (GUI) for management by using any web browser, such as
Microsoft Internet Explorer or Mozilla Firefox:
 Go to http://192.168.10.1 (default IP address) to display the router’s management login screen.
 Default login credentials for the management GUI:
 Username: admin
 Password: admin
 If the router’s LAN IP address was changed, use that IP address in the navigation bar of the
browser to access the router’s management UI.
2.1 LAN Configuration

Network > LAN > LAN Settings
By default, the router functions as a Dynamic Host Configuration Protocol (DHCP) server to the hosts
on the WLAN or LAN network. With DHCP, PCs and other LAN devices can be assigned IP addresses
as well as addresses for DNS servers, Windows Internet Name Service (WINS) servers, and the default
gateway. With the DHCP server enabled the router’s IP address serves as the gateway address for LAN
and WLAN clients. The PCs in the LAN are assigned IP addresses from a pool of addresses specified
in this procedure. Each pool address is tested before it is assigned to avoid duplicate addresses on the
LAN.
For most applications the default DHCP and TCP/IP settings are satisfactory. If you want another PC
on your network to be the DHCP server or if you are manually configuring the network settings of all
of your PCs, set the DHCP mode to ‘none’. DHCP relay can be used to forward DHCP lease information
from another LAN device that is the network’s DHCP server; this is particularly useful for wireless
clients.
Instead of using a DNS server, you can use a Windows Internet Naming Service (WINS) server. A
WINS server is the equivalent of a DNS server but uses the NetBIOS protocol to resolve hostnames.
The router includes the WINS server IP address in the DHCP configuration when acknowledging a
DHCP request from a DHCP client.
You can also enable DNS proxy for the LAN. When this is enabled the router then as a proxy for all
DNS requests and communicates with the ISP’s DNS servers. When disabled all DHCP clients receive
the DNS IP addresses of the ISP.
To configure LAN Connectivity, please follow the steps below:

1. In the LAN Setup page, enter the following information for your router:
 IP address (factory default: 192.168.10.1).

 If you change the IP address and click Save Settings, the GUI will not respond. Open a new
connection to the new IP address and log in again. Be sure the LAN host (the machine used to
manage the router) has obtained IP address from newly assigned pool (or has a static IP address
in the router’s LAN subnet) before accessing the router via changed IP address.
 Subnet mask (factory default: 255.255.255.0).
2. In the DHCP section, select the DHCP mode:
 None: the router’s DHCP server is disabled for the LAN
 DHCP Server. With this option the router assigns an IP address within the specified range
plus additional specified information to any LAN device that requests DHCP served
addresses.
 DHCP Relay: With this option enabled, DHCP clients on the LAN can receive IP address
leases and corresponding information from a DHCP server on a different subnet. Specify the
Relay Gateway, and when LAN clients make a DHCP request it will be passed along to the
server accessible via the Relay Gateway IP address .
 If DHCP is being enabled, enter the following DHCP server parameters:
 Starting and Ending IP Addresses: Enter the first and last continuous addresses in the IP
address pool. Any new DHCP client joining the LAN is assigned an IP address in this range.
The default starting address is 192.168.10.2. The default ending address is 192.168.1 0.100.
These addresses should be in the same IP address subnet as the router’s LAN IP address. You
may wish to save part of the subnet range for devices with statically as signed IP addresses in
the LAN.
 Primary and Secondary DNS servers: If configured domain name system (DNS) servers are
available on the LAN enter their IP addresses here.
 Default Gateway: By default this setting has the router’s LAN IP address. It can be
customized to any valid IP within the LAN subnet, in the event that the network’s gateway
is not this router. In this case the DHCP server will give the configured IP address as the
Default Gateway to its DHCP clients.
 Domain Name: This is the network domain name used for identification.
 WINS Server (optional): Enter the IP address for the WINS server or, if present in your
network, the Windows NetBIOS server.
 Lease Time: Enter the time, in hours, for which IP addresses are leased to clients.
 Relay Gateway: Enter the gateway address. This is the only configuration parameter required
in this section when DHCP Relay is selected as its DHCP mode
3. In the DNS Host Name Mapping section:

14
 Host Name: Provide a valid host name
 IP address: Provide the IP address of the host name,
4. In the LAN proxy section:
 Enable DNS Proxy: To enable the router to act as a proxy for all DNS requests and
communicate with the ISP’s DNS servers, click the checkbox.
5. Click Save Settings to apply all changes.
15
Figure 1: Setup page for LAN TCP/IP settings ( a)
Figure 2: Setup page for LAN TCP/IP settings (b)
16
2.1.1 LAN DHCP Reserved IPs

Network > LAN > LAN DHCP Reserved IPs
The router’s DHCP server can assign TCP/IP configurations to computers in the LAN explicitly by
adding client's network interface hardware address and the IP address to be assigned to that client in
DHCP server's database. Whenever DHCP server receives a request from c lient, hardware address of
that client is compared with the hardware address list present in the database, if an IP address is already
assigned to that computer or device in the database , the customized IP address is configured otherwise
an IP address is assigned to the client automatically from the DHCP pool.
Computer Name: The user defined name for the LAN host.
IP Addresses: The LAN IP address of a host that is reserved by the DHCP server.
MAC Addresses: The MAC address that will be assigned the rese rved IP address when it is on the
LAN.
Associate with IP/MAC Binding: When the user enables this option the Computer Name, IP and MAC
addresses are associated with the IP/MAC binding.
The actions that can be taken on list of reserved IP addresses are:
Select: Selects all the reserved IP addresses in the list.
Edit: Opens the LAN DHCP Reserved IP Configuration page to edit the selected binding rule.
Delete: Deletes the selected IP address reservation(s)
Add: Opens the LAN DHCP Reserved IP Configuration page to add a new binding rule.
17
Figure 3: LAN DHCP Reserved IPs
 Note the following limits for the number of DHCP Reserved IP addresses per product:
 DSR-150/150N: 32
 DSR-250/250N: 64
 DSR-500/500N: 96
18
 DSR-1000/1000N: 128
2.1.2 LAN DHCP Leased Clients

Setup > Network Information > DHCP Clients > LAN Leased Clients
This page provides the list of clients connect to LAN DHCP server.
Figure 4: LAN DHCP Leased Clients
IP Addresses: The LAN IP address of a host that matches the reserved IP list.
MAC Addresses: The MAC address of a LAN host that has a configured IP address reservation.
2.1.3 LAN Configuration in an IPv6 Network

Network > IPv6 > LAN Settings > IPv6 LAn Settings
(1) In IPv6 mode, the LAN DHCP server is disabled by default (similar to IPv4 mode). The DHCPv6
server will serve IPv6 addresses from configured address pools with the IPv6 Prefix Length
assigned to the LAN.
 IPv4 / IPv6 mode must be enabled in the Advanced > IPv6 > IP mode to enable IPv6
configuration options.
19
LAN Settings
The default IPv6 LAN address for the router is fec0::1. You can change this 128 bit IPv6 address
based on your network requirements. The other field that defines the LAN settings for the router is
the prefix length. The IPv6 network (subnet) is identified by the initial bits of the address called the
prefix. By default this is 64 bits long. All hosts in the network have common initial bits for their IPv6
address; the number of common initial bits in the network’s addresses is set by the prefix length field.
Figure 5: IPv6 LAN and DHCPv6 configuration
 If you change the IP address and click Save Settings, the GUI will not respond. Open a new
connection to the new IP address and log in again. Be sure the LAN host (the machine used to
manage the router) has obtained IP address from newly assigned pool (or has a static IP address
in the router’s LAN subnet) before accessing the router via changed IP address.
As with an IPv4 LAN network, the router has a DHCPv6 server. If enabled, the router assigns an IP
address within the specified range plus additional specified information to any LAN PC that requests
DHCP served addresses.
20
The following settings are used to configure the DHCPv6 server:

 DHCP Mode: The IPv6 DHCP server is either stateless or stateful. If stateless is selected an
external IPv6 DHCP server is not required as the IPv6 LAN hosts are auto-configured by this
router. In this case the router advertisement daemon (RADVD) must be configured on this device
and ICMPv6 router discovery messages are used by the host for auto -configuration. There are no
managed addresses to serve the LAN nodes. If stateful is selected the IPv6 LAN host will rely on
an external DHCPv6 server to provide required configuration settings
 The domain name of the DHCPv6 server is an optional setting
 Server Preference is used to indicate the preference level of this DHCP server. DHCP advertise
messages with the highest server preference value to a LAN host are preferred over other DHCP
server advertise messages. The default is 255.
 The DNS server details can be manually entered here (primary/secondary options. An alternative
is to allow the LAN DHCP client to receive the DNS server det ails from the ISP directly. By
selecting Use DNS proxy, this router acts as a proxy for all DNS requests and communicates with
the ISP’s DNS servers (a WAN configuration parameter).
 Primary and Secondary DNS servers: If there is configured domain name system (DNS) servers
available on the LAN enter the IP addresses here.
 Lease/Rebind time sets the duration of the DHCPv6 lease from this router to the LAN client.
IPv6 Address Pools

This feature allows you to define the IPv6 delegation prefix for a range of I P addresses to be served
by the gateway’s DHCPv6 server. Using a delegation prefix you can automate the process of informing
other networking equipment on the LAN of DHCP information specific for the assigned prefix.
Prefix Delegation
The following settings are used to configure the Prefix Delegation:
 Prefix Delegation: Select this option to enable prefix delegation in DHCPv6 server. This option
can be selected only in Stateless Address Auto Configuration mode of DHCPv6 server.
 Prefix Address: IPv6 prefix address in the DHCPv6 server prefix pool
 Prefix Length: Length prefix address
2.1.4 Configuring IPv6 Router Advertisements

Router Advertisements are analogous to IPv4 DHCP assignments for LAN clients, in that the router
will assign an IP address and supporting network information to devices that are configured to accept
such details. Router Advertisement is required in an IPv6 network is required for stateless auto
configuration of the IPv6 LAN. By configuring the Router Advertisement Daemon on this router, the
DSR will listen on the LAN for router solicitations and respond to these LAN hosts with router
advisements.
21
RADVD
Network > IPv6 > LAN Settings > Router Advertisement

To support stateless IPv6 auto configuration on the LAN, set the RADVD status to Enable. The
following settings are used to configure RADVD:
 Advertise Mode: Select Unsolicited Multicast to send router advertisements (RA’s) to all
interfaces in the multicast group. To restrict RA’s to well-known IPv6 addresses on the LAN,
and thereby reduce overall network traffic, select Unicast only.
 Advertise Interval: When advertisements are unsolicited multicast packets, this interval sets
the maximum time between advertisements from the interface. The actual duration between
advertisements is a random value between one third of this field and this field. The default is
30 seconds.
 RA Flags: The router advertisements (RA’s) can be sent with one or both of these flags. Chose
Managed to use the administered /stateful protocol for address auto configuration. If the Other
flag is selected the host uses administered/stateful protocol for non-address auto
configuration.
 Router Preference: this low/medium/high parameter determines the preference associated with
the RADVD process of the router. This is useful if there are other RADVD enabled devices
on the LAN as it helps avoid conflicts for IPv6 clients.
 MTU: The router advertisement will set this maximum transmission unit (MTU) value for all
nodes in the LAN that are auto configured by the router. The default is 1500.
 Router Lifetime: This value is present in RA’s and indicates the usefulness of this router as a
default router for the interface. The default is 3600 seconds. Upon expiration of this value, a
new RADVD exchange must take place between t he host and this router.
22
Figure 6: Configuring the Router Advertisement Daemon
Advertisement Prefixes
Network > IPv6 > LAN Settings > Advertisement Prefixes

The router advertisements configured with advertisement prefixes allow this router to inform hosts
how to perform stateless address auto configuration. Router advertisements contain a list of subnet
prefixes that allow the router to determine neighbors and whether the host is on the same link as the
router.
The following prefix options are available for the router advertisements:
 IPv6 Prefix Type: To ensure hosts support IPv6 to IPv4 tunnel select the 6to4 prefix type.
Selecting Global/Local/ISATAP will allow the nodes to support all other IPv6 routing options
 SLA ID: The SLA ID (Site-Level Aggregation Identifier) is available when 6to4 Prefixes are
selected. This should be the interface ID of the router’s LAN interface used for router
advertisements.
 IPv6 Prefix: When using Global/Local/ISATAP prefixes, this field is used to define the IPv6
network advertised by this router.
23
 IPv6 Prefix Length: This value indicates the number contiguous, higher order bits of the IPv6
address that define up the network portion of the address. Typically this is 64.
 Prefix Lifetime: This defines the duration (in seconds) that the requesting node is allowed to
use the advertised prefix. It is analogous to DHCP lease time in an IPv4 network.
24
Figure 7: IPv6 Advertisement Prefix settings
2.2 VLAN Configuration

The router supports virtual network isolation on the LAN with the use of VLANs. LAN devices can be
configured to communicate in a sub network defined by VLAN identifiers. LAN ports can be assigned
25
unique VLAN IDs so that traffic to and from that physical p ort can be isolated from the general LAN.
VLAN filtering is particularly useful to limit broadcast packets of a device in a large network
VLAN support is enabled by default in the router. In the VLAN Configuration page, enable VLAN
support on the router and then proceed to the next section to define the virtual network.
Network > VLAN > VLAN Settings

The Available VLAN page shows a list of configured VLANs by name and VLAN ID. A VLAN
membership can be created by clicking the Add button below the List of Available VLANs.
A VLAN membership entry consists of a VLAN identifier and the numerical VLAN ID which is
assigned to the VLAN membership. The VLAN ID value can be any number from 2 to 4091. VLAN ID
1 is reserved for the default VLAN, which is used for unt agged frames received on the interface. By
enabling Inter VLAN Routing, you will allow traffic from LAN hosts belonging to this VLAN ID to
pass through to other configured VLAN IDs that have Inter VLAN Routing enabled.
26
Figure 8: Adding VLAN memberships to the LAN
2.2.1 Associating VLANs to ports
27
In order to tag all traffic through a specific LAN port with a VLAN ID, you can associate a VLAN to
a physical port.
Network > VLAN > Port VLAN

VLAN membership properties for the LAN and wireless LAN are listed on this page. The VLAN Port
table displays the port identifier, the mode setting for that port and VLAN membership information.
The configuration page is accessed by selecting one of the four physical ports or a configured access
point and clicking Edit.
The edit page offers the following configuration options:
 Mode: The mode of this VLAN can be General, Access, or Trunk. The default is access.
 In General mode the port is a member of a user selectable set of VLANs. The port sends and
receives data that is tagged or untagged with a VLAN ID. If the data into the port is untagged,
it is assigned the defined PVID. In the configuration from Figure 4, Port 3 is a General port
with PVID 3, so untagged data into Port 3 will be assigned PVID 3. All tagged data sent out
of the port with the same PVID will be untagged. This is mode is typically used with IP
Phones that have dual Ethernet ports. Data coming from phone to the switch port on the router
will be tagged. Data passing through the phone from a connected device will be untagged.
28
Figure 9: Port VLAN list
 In Access mode the port is a member of a single VLAN (and only one). All data going into
and out of the port is untagged. Traffic through a port in access mode looks like any other
Ethernet frame.
 In Trunk mode the port is a member of a user selectable set of VLANs. All data going into
and out of the port is tagged. Untagged coming into the port is not forwarded, except for the
default VLAN with PVID=1, which is untagged. Trunk ports multiplex traffic for multiple
VLANs over the same physical link.
 Select PVID for the port when the General mode is selected.
 Configured VLAN memberships will be displayed on the VLAN Membership Configuration

for the port. By selecting one more VLAN membership options for a General or Trunk port,
traffic can be routed between the selected VLAN membership IDs
29
 The DSR-150 / 150N does not support General mode for port VLANs due to hardware limitations.
Figure 10: Configuring VLAN membership for a port
2.2.2 Multiple VLAN Subnets

This page shows a list of available multi -VLAN subnets. Each configured VLAN ID can map directly
to a subnet within the LAN. Each LAN port can be assigned a unique IP address and a VLAN specific
DHCP server can be configured to assign IP address leases to devices on this VLAN.
VLAN ID: The PVID of the VLAN that will have all member devices be part of the same subne t
range.
IP Address: The IP address associated with a port assigned this VLAN ID.
Subnet Mask: Subnet Mask for the above IP Address
30
Figure 11: Multiple VLAN Subnets
2.2.3 VLAN configuration

This page allows enabling or disabling the VLAN function on the router. Virtual LANs can be created
in this router to provide segmentation capabilities for firewall rules and VPN policies. The LAN
network is considered the default VLAN. Check the Enable VLAN box to add VLAN functionality to
the LAN.
31
Figure 12: VLAN Configuration
2.3 Configurable Port: DMZ Setup

This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a
dedicated DMZ port. A DMZ is a sub network that is open to the public but behind the firewall. The
DMZ adds an additional layer of security to the L AN, as specific services/ports that are exposed to the
internet on the DMZ do not have to be exposed on the LAN. It is recommended that hosts that must be
32
exposed to the internet (such as web or email servers) be placed in the DMZ network. Firewall rules
can be allowed to permit access specific services/ports to the DMZ from both the LAN or WAN. In the
event of an attack to any of the DMZ nodes, the LAN is not necessarily vulnerable as well.
Network > Internet > DMZ DHCP Reserved IPs

DMZ configuration is identical to the LAN configuration. There are no restrictions on the IP address or
subnet assigned to the DMZ port, other than the fact that it cannot be identical to the IP address given
to the LAN interface of this gateway.
33
Figure 13: DMZ configuration
34
 For DSR-500N and DSR-1000N, in order to configure a DMZ port, the router’s configurable port
must be set to DMZ in the Setup > Internet Settings > Configurable Port page.
 For DSR-150N and DSR-250N, enabling DMZ will result in port 8 of the LAN switch being used
for a dedicated DMZ port. The other 7 LAN ports remain unchanged.
2.4 Universal Plug and Play (UPnP)

Network > LAN > UPnP
Universal Plug and Play (UPnP) is a feature that allows the router to discovery devices on the network
that can communicate with the router and allow for auto configuration. If a network device is detected
by UPnP, the router can open internal or external ports for the traffic protocol required by that network
device.
Once UPnP is enabled, you can configure the router to detect UPnP -supporting devices on the LAN (or
a configured VLAN). If disabled, the router will not allow for automatic device configuration.
Configure the following settings to use UPnP:
 Advertisement Period: This is the frequency that the router broadcasts UPnP information over the
network. A large value will minimize network traffic but cause delays in identifying new UPnP
devices to the network.
 Advertisement Time to Live: This is expressed in hops for each UPnP packet. This is the number of
steps a packet is allowed to propagate before being discarded. Small values will limit the UPnP
broadcast range. A default of 4 is typical for networks with few switches.
35
Figure 14: UPnP Configuration
UPnP Port map Table

The UPnP Port map Table has the details of UPnP devices that respond to the router’s advertisements.
The following information is displayed for each detected device:
 Active: A yes/no indicating whether the port of the UPnP device that established a connection is
currently active
 Protocol: The network protocol (i.e. HTTP, FTP, etc.) used by the DSR
 Int. Port (Internal Port): The internal ports opened by UPnP (if any)
 Ext. Port (External Port): The external ports opened by UPnP (if any)
 IP Address: The IP address of the UPnP device detected by this router
Click Refresh to refresh the portmap table and search for any new UPnP devices.
2.5 Captive Portal

LAN users can gain internet access via web portal authentication with the DSR. Also referred to as
Run-Time Authentication, a Captive Portal is ideal for a web café scenario where users initiate HTTP
connection requests for web access but are not interested in accessing any LAN services. Firewall
policies underneath will define which users require authentication for HTTP access, and when a
matching user request is made the DSR will intercept the request and promp t for a username /
36
password. The login credentials are compared against the Runtime Authentication users in user
database prior to granting HTTP access.
 DSR-150/150N/250/250N does not have support for the Captive Portal feature.
 Captive Portal is available for LAN users only and not for DMZ hosts.
Status > Network Information > CaptivePortal Sessions

The active run time internet sessions through the router’s firewall are listed in the below table. These
users are present in the local or external user database and have had their login credentials approved
for internet access. A ‘Disconnect’ button allows the DSR admin to selective ly drop an authenticated
user. The “Block MAC” button will result in the selected client being added to the blocked list, and
the current and future sessions from this client will be prevented.
Figure 15: Active Runtime sessions
2.5.1 Captive Portal Setup
Security > Authentication > Login Profiles

Captive Portal is a security mechanism to selectively provide authentication on certain interfaces.
This page displays configured custom Captive Portal profiles and indicates which are in use.
37
Figure 16: Captive Portal Profile List
List of Available Profiles: Any one of these profiles can be used for Captive Portal Login page while
enabling Captive Portal.
Click “Add” in the Captive Portal setup page to allow defining custo mized captive portal login page
information (Page Background Color, Header Details, Header Caption, Login Section Details,
Advertisement Details, Footer Details and Captive Portal Header Image).
Security > Authentication > Login Profiles

To create a new Captive Portal, a profile with a unique policy name is to be created. The profile
governs the entry screen shown to new sessions, and the browser message and background color /
header can be customized to identify the service provi der for internet access.
38
Figure 17: Customized Captive Portal Setup
39
Security > Firewall > Blocked Clients

Access for specific clients can be regulated by the Captive Portal as well. The Block Client page
allows one to define a MAC address that will always be denied access through all configured Captive
Portals.
40
Figure 18: Blocking specific clients by their MAC address
2.5.2 Captive Portals on a VLAN

Captive Portals can be enabled on a per-VLAN basis. Hosts of a particular VLAN can be directed to
authenticate via the Captive Portal, which may be a customized portal with unique instructions and
branding as compared to another VLAN. The most critical asp ect of this configuration page is
choosing the authentication server. All users (VLAN hosts) that want to gain internet access via the
selected Captive Portal will be authenticated through the selected server.
41
Figure 19: VLAN based configuration of Captive Portals
42
Chapter 3. Connecting to the Internet: WAN Setup

This router has two WAN ports that can be used to establish a connection to the internet. The following
ISP connection types are supported: DHCP, Static, PPPoE, PPTP, L2TP, 3G Internet (via USB modem).
It is assumed that you have arranged for internet service with your Internet Service Provider (ISP). Please
contact your ISP or network administrator for the configuration information that will be required to setup
the router.
3.1 Internet Setup Wizard

Setup > Wizard > Internet
The Internet Connection Setup Wizard is available for users new to networking. By going through a
few straightforward configuration pages you can take the information provided by your ISP to get your
WAN connection up and enable internet access for your network.
43
Figure 20: Internet Connection Setup Wizard
44
45
You can start using the Wizard by logging in with the administrator password for the router. Once
authenticated set the time zone that you are located in, and then choose the type of ISP connection type:
DHCP, Static, PPPoE, PPTP, L2TP. Depending on the connection type a username/password may be
required to register this router with the ISP. In most cases the default settings can be used if the ISP
did not specify that parameter. The last step in the Wizard is to click the Connect button, which confi rms
the settings by establishing a link with the ISP. Once connected, you can move on and configure other
features in this router.
 3G Internet access with a USB modem is supported on WAN 3. The Internet Connection Setup
Wizard assists with the primary WAN port (WAN1) configuration only.
3.2 WAN Configuration

Network > Internet > WAN1Settings
You must either allow the router to detect WAN connection type automatically or configure manually
the following basic settings to enable Internet connectivity:
 ISP Connection type: Based on the ISP you have selected for the primary WAN link for this router,
choose Static IP address, DHCP client, Point-to-Point Tunneling Protocol (PPTP), Point -to-Point
Protocol over Ethernet (PPPoE), Layer 2 Tunneling Protocol (L2TP). Required fields for the
selected ISP type become highlighted. Enter the following information as needed and as provided
by your ISP:
46
 PPPoE Profile Name. This menu lists configured PPPoE profiles, particularly useful when
configuring multiple PPPoE connections (i.e. for Japan ISPs that have multiple PPPoE support).
 ISP login information. This is required for PPTP and L2TP ISPs.
 User Name
 Password
 Secret (required for L2TP only)
 MPPE Encryption: For PPTP links, your ISP may require you to enable Microsoft Point -to-Point
Encryption (MPPE).
 Split Tunnel (supported for PPTP and L2TP connection). This setting allows your LAN hosts to
access internet sites over this WAN link while still permitting VPN traffic to be directed to a VPN
configured on this WAN port.
 If split tunnel is enabled, DSR won’t expect a default route from the ISP server. In such case,
user has to take care of routing manually by configuring the routing from Static Routing page.
 Connectivity Type: To keep the connection always on, click Keep Connected. To log out after the
connection is idle for a period of time (useful if your ISP costs are based on logon times), click Idle
Timeout and enter the time, in minutes, to wait before dis connecting in the Idle Time field.
 My IP Address: Enter the IP address assigned to you by the ISP.
 Server IP Address: Enter the IP address of the PPTP or L2TP server.
 DSR-150/150N/250/250N doesn’t have a dual WAN support.
3.2.1 WAN Port IP address

Your ISP assigns you an IP address that is either dynamic (newly generated each time you log in) or
static (permanent). The IP Address Source option allows you to define whether the address is statically
provided by the ISP or should be received dynamicall y at each login. If static, enter your IP address,
IPv4 subnet mask, and the ISP gateway’s IP address. PPTP and L2TP ISPs also can provide a static
IP address and subnet to configure, however the default is to receive that information dynamically
from the ISP.
3.2.2 WAN DNS Servers

The IP Addresses of WAN Domain Name Servers (DNS) are typically provided dynamically from the
ISP but in some cases you can define the static IP addresses of the DNS servers. DNS servers map
Internet domain names (example: www.google. com) to IP addresses. Click to indicate whether to get
DNS server addresses automatically from your ISP or to use ISP -specified addresses. If it’s latter,
enter addresses for the primary and secondary DNS servers. To avoid connectivity problems, ensure
that you enter the addresses correctly.
47
3.2.3 DHCP WAN

For DHCP client connections, you can choose the MAC address of the router to register with the ISP.
In some cases you may need to clone the LAN host’s MAC address if the ISP is registered with that
LAN host.
Figure 21: Manual WAN configuration
3.2.4 PPPoE
Network > Internet > WAN1Settings
The PPPoE ISP settings are defined on the WAN Configuration page. There are two types of PPPoE
ISP’s supported by the DSR: the standard username/password PPPoE and J apan Multiple PPPoE.
48
Figure 22: PPPoE configuration for standard ISPs
Most PPPoE ISP’s use a single control and data connection, and require username / password
credentials to login and authenticate the DSR with the ISP. The ISP connection type for this case is
“PPPoE (Username/Password)”. The GUI will prompt you for authentication, service, and connection
settings in order to establish the PPPoE link.
For some ISP’s, most popular in Japan, the use of “Japanese Multiple PPPoE” is required in order to
establish concurrent primary and secondary PPPoE connections between the DSR and the ISP. The
Primary connection is used for the bulk of data and internet traffi c and the Secondary PPPoE
connection carries ISP specific (i.e. control) traffic between the DSR and the ISP.
49
Figure 23: WAN configuration for Japanese Multiple PPPoE (part 1)
There are a few key elements of a multiple PPPoE connection:

 Primary and secondary connections are concurrent
 Each session has a DNS server source for domain name lookup, this can be assigned by the ISP or
configured through the GUI
50
 The DSR acts as a DNS proxy for LAN users
 Only HTTP requests that specifically identify the secondary connection’s domain name (for example
*.flets) will use the secondary profile to access the content available through this secondary PPPoE
terminal. All other HTTP / HTTPS requests go through the primary PPPoE connection.
When Japanese multiple PPPoE is configured and secondary connection is up, some predefined routes are added
on that interface. These routes are needed to access the internal domain of the ISP where he hosts various services.
These routes can even be configured through the static routing page as well.
Figure 24: WAN configuration for Japanese Multiple PPPoE (part 2) (its in figure 22
itself)
3.2.5 Russia L2TP and PPTP WAN

For Russia L2TP WAN connections, you can choose the address mode of the connection to get an IP
address from the ISP or configure a static IP address provided by the ISP. For DHCP client
connections, you can choose the MAC address of the router to register with the ISP. In some cases
you may need to clone the LAN host’s MAC address if the ISP is registered with that LAN host.
51
Figure 25: Russia L2TP ISP configuration
3.2.6 Russia Dual Access PPPoE

For Russia dual access PPPoE connections, you can choose the address mode of the connection to get
an IP address from the ISP or configure a static IP address provided by the ISP.
52
Figure 26: Russia Dual access PPPoE configuration
53
54
55
3.2.7 WAN Configuration in an IPv6 Network
Network > IPv6 > WAN1Settings

For IPv6 WAN connections, this router can have a static IPv6 address or receive connection
information when configured as a DHCPv6 client. In the case where the ISP assigns you a fixed
address to access the internet, the static configuration settings must be completed. In addition to the
IPv6 address assigned to your router, the IPv6 prefix length defined by the ISP is needed. The default
IPv6 Gateway address is the server at the ISP that this router will con nect to for accessing the internet.
The primary and secondary DNS servers on the ISP’s IPv6 network are used for resolving internet
addresses, and these are provided along with the static IP address and prefix length from the ISP.
56
When the ISP allows you to obtain the WAN IP settings via DHCP, you need to provide details for
the DHCPv6 client configuration. The DHCPv6 client on the gateway can be either stateless or
stateful. If a stateful client is selected the gateway will connect to the ISP’s DHCPv6 ser ver for a
leased address. For stateless DHCP there need not be a DHCPv6 server available at the ISP, rather
ICMPv6 discover messages will originate from this gateway and will be used for auto configuration.
A third option to specify the IP address and prefix length of a preferred DHCPv6 server is available
as well.
Figure 27: IPv6 WAN Setup page
Prefix Delegation: Select this option to request router advertisement prefix from any available
DHCPv6 servers available on the ISP, the obtained prefix is updated to the advertised prefixes on the
LAN side. This option can be selected only in Stateless Address Auto Configuration mode of DHCPv6
Client.
When IPv6 is PPPoE type, the following PPPoE fields are enabled.
 Username: Enter the username required to log in to the ISP.
 Password: Enter the password required to login to the ISP.
 Authentication Type: The type of Authentication in use by the profile: Auto -

Negotiate/PAP/CHAP/MS-CHAP/MS-CHAPv2.
 Dhcpv6 Options: The mode of Dhcpv6 client that will start in this mode: disable
dhcpv6/stateless dhcpv6/stateful dhcpv6/stateless dhcpv6 with prefix delegation.
 Primary DNS Server: Enter a valid primary DNS Server IP Address.
57
 Secondary DNS Server: Enter a valid secondary DNS Server IP Address.
Click Save Settings to save your changes.
3.2.8 Checking WAN Status
Status > System Information > Device > WANx

The connection status and a summary of configured settings for all WAN interfaces are available on
the WAN Status page. You can view the following key connection status information for each WAN
port:
 Connection time: The connection uptime
 Connection type: Dynamic or Static IP address
 Connection state: This is whether the WAN is connected or disconnected to an ISP. The Link
State is whether the physical WAN connection in place; the Link State can be up (i.e. cable
inserted) while the WAN connection state is down.
 IP address / subnet mask: IP Address assigned
 Gateway IP address: WAN Gateway Address
58
Figure 28: Connection Status information for both WAN ports
The WAN status page allows you to Enable or Disable static WAN links. For WAN settings that are
dynamically received from the ISP, you can Renew or Release the link parameters if required.
3.2.9 VLAN ON WAN

This page allows you to set up your internet connection if it uses tagged VLAN headers for interacting
with the ISP. Ensure that you have the Internet connection information such as the IP Addresses,
Account Information etc. This information is usually provided by your ISP or network administrator.
With VLAN on WAN support the router is able to get addresses to access the tagged interface.
Network>Internet>WAN1 Settings
59
Figure 29: Enabling VLAN on WAN
3.3 Bandwidth Controls

Network > Internet > Traffic Management > Bandwidth Profilers
Bandwidth profiles allow you to regulate the traffic flow from the LAN to WAN 1 or WAN 2. This is
useful to ensure that low priority LAN users (l ike guests or HTTP service) do not monopolize the
available WAN’s bandwidth for cost-savings or bandwidth-priority-allocation purposes.
Bandwidth profiles configuration consists of enabling the bandwidth control feature from the GUI and
adding a profile which defines the co ntrol parameters. The profile can then be associated with a traffic
selector, so that bandwidth profile can be applied to the traffic matching the selectors. Selectors are
elements like IP addresses or services that would trigger the configured bandwidth r egulation.
60
Figure 30: List of Configured Bandwidth Profiles
To create a new bandwidth profile, click Add in the List of Bandwidth Profiles. The following
configuration parameters are used to define a bandwidth profile:
 Profile Name: This identifier is used to associate the configured profile to the traffic selector
 You can choose to limit the bandwidth either using priority or rate.
 If using priority “Low”, “High”, and “Medium” can be selected. If there is a low priority
profile associated with traffic selector A and a high priority profile associated with traffic
selector B, then the WAN bandwidth allocation preference will be to traffic selector B
packets.
 For finer control, the Rate profile type can be used. With this option the minimum and
maximum bandwidth allowed by this profile can be limited.
 Choose the WAN interface that the profile should be associated with.
61
Figure 31: Bandwidth Profile Configuration
Network > Internet > Traffic Management > Bridge Traffic Selectors
Once a profile has been created it can then be associated with a traffic flow from the LAN to WAN. To
create a traffic selector, click Add on the Traffic Selectors page. Traffic selector configuration binds a
bandwidth profile to a type or source of LAN traffic with the following settings:
 Available profiles: Assign one of the defined bandwidth profiles
 Service: You can have the selected bandwidth regulation apply to a specific service (i.e. FTP)
from the LAN. If you do not see a service that you want, you can configure a custom service
through the Advanced > Firewall Settings > Custom Services page. To have the profile apply
to all services, select ANY.
 Traffic Selector Match Type: this defines the parameter t o filter against when applying the
bandwidth profile. A specific machine on the LAN can be identified via IP address or MAC
address, or the profile can apply to a LAN port or VLAN group. As well a wireless network can
be selected by its BSSID for bandwidth shaping. In order to restrict services from all IP addresses
or specific subnets, the subnet mask field can be configured in conjunction with the IP address
to regulate inbound traffic.
62
Figure 32: Traffic Selector Configuration
3.3.1 Bandwidth Controls in Bridge Mode
Network > Internet > Traffic Management > Bridge Bandwidth Profile Configuration
Network > Internet > Traffic Management > Bridge Traffic Selectors
63
The above traffic management applies to classical or NAT routing modes . When the system is in
bridge mode (where the LAN1 and WAN2/DMZ ports are in the same network), traffic management
factors in traffic type and bandwidth available on the ports part of the bridge.
For Bandwidth Profiles, the major difference between the o ptions available in bridge mode compared
to standard classical / NAT routing mode is the interface options are not applicable. There is no
association of the bandwidth profile with a particular outbound or inbound interface as this profile
can only apply to the bridge network. Similarly, Traffic Selectors for bridge mode do not factor in
port / SSID / VLAN as these concepts to not apply to the bridge network.
64
Figure 33: Bridge Bandwidth Profile Configuration
Figure 34: Bridge Traffic Selector Configuration
65
3.4 Features with Multiple WAN Links

This router supports multiple WAN links. This allows you to take advantage of failover and load
balancing features to ensure certain internet dependent services are prioritized in the event of unstable
WAN connectivity on one of the ports.
Network > Internet > WAN Mode

To use Auto Failover or Load Balancing, WAN link failure detection must be configured. This involves
accessing DNS servers on the internet or ping to an internet address (user defined) . If required, you can
configure the number of retry attempts when the link seems to be disconne cted or the threshold of
failures that determines if a WAN port is down.
3.4.1 Auto Failover

In this case one of your WAN ports is assigned as the primary internet link for all internet traffic. The
secondary WAN port is used for redundancy in case the primary l ink goes down for any reason. Both
WAN ports (primary and secondary) must be configured to connect to the respective ISP’s before
enabling this feature. The secondary WAN port will remain unconnected until a failure is detected on
the primary link (either port can be assigned as the primary). In the event of a failure on the primary
port, all internet traffic will be rolled over to the backup port. When configured in Auto Failover
mode, the link status of the primary WAN port is checked at regular intervals as defined by the failure
detection settings.
Note that bothWAN1, WAN2 and WAN3 can be configured as the primary internet link.
 Auto-Rollover using WAN port
 Primary WAN: Selected WAN is the primary link ( WAN1/WAN2/WAN3)
 Secondary WAN: Selected WAN is the secondary link.
66
Failover Detection Settings: To check connectivity of the primary internet link, one of the following
failure detection methods can be selected:
 DNS lookup using WAN DNS Servers: DNS Lookup of the DNS Servers of the primary link
is used to detect primary WAN connectivity.
 DNS lookup using DNS Servers: DNS Lookup of the custom DNS Servers can be specified to
check the connectivity of the primary link.
 Ping these IP addresses: These IP's will be pinged at regular intervals to check the connec tivity
of the primary link.
 Retry Interval is: The number tells the router how often it should run the above configured
failure detection method.
 Failover after: This sets the number of retries after which failover is initiated.
 DSR-1000, DSR-1000N, DSR-500, DSR-500N, DSR-250, DSR-250N, DSR-150, and DSR-150N

support 3G USB Modem as a failover link when the internet access is lost.
3.4.2 Load Balancing

This feature allows you to use multiple WAN links (and presumably multiple ISP’s) simultaneously.
After configuring more than one WAN port, the load balancing option is available to carry traffic over
more than one link. Protocol bindings are used to segregate and assign services over one WAN port
in order to manage internet flow. The configured failure detection method is used at regular intervals
on all configured WAN ports when in Load Balancing mode.
DSR currently support three algorithms for Load Balancing:
Round Robin: This algorithm is particularly useful when the connection speed of one WAN port
greatly differs from another. In this case you can define protocol bindings to route low -latency
services (such as VOIP) over the higher -speed link and let low-volume background traffic (such as
SMTP) go over the lower speed link. Protocol binding is explained in next section.
Spillover: If Spillover method is selected, the primary WAN acts as a dedicated link until a defined
bandwidth threshold are reached. After this, the secondary WAN will be used for new connections.
Inbound connections on the secondary WAN are permitted with this mode, as the spillover logic
governs outbound connections moving from the primary to secondary WAN. You can configure
spillover mode by using following options:
 Load Tolerance: It is the percentage of bandwidth after which the router s witches to secondary
WAN.
 Max Bandwidth: This sets the maximum bandwidth tolerable by the primary WAN for outbound
traffic.
If the link bandwidth of outbound traffic goes above the load tolerance value of max b andwidth, the
router will spillover the next connections to secondary WAN.
For example, if the maximum bandwidth of primary WAN is 1 Kbps and the load tolerance is set to
70. Now every time a new connection is established the bandwidth increases. After a certain number
of connections say bandwidth reached 70% of 1Kbps, the new outbound connections will be spilled-
over to secondary WAN. The maximum value of load tolerance is 80 % and the minimum is 20%.
67
 DSR-1000, DSR-1000N, DSR-500 and DSR-500N support the traffic load balancing between
physical WAN port and the 3G USB Modem.
Load balancing is particularly useful when the connection speed of one WAN port greatly differs from
another. In this case you can define protocol bindings to route low -latency services (such as VOIP)
over the higher-speed link and let low-volume background traffic (such as SMTP) go over the lower
speed link.
Figure 35: Load Balancing is available when multiple WAN ports are configured and
Protocol Bindings have been defined
3.4.3 Protocol Bindings
Network > Routing > Protocol Binding

Protocol bindings are useful when the Load Balancing feature is in use. Choosing from a list of
configured services or any of the user -defined services, the type of traffic can be assigned to go over
only one of the available WAN ports. For increased flexibility the source network or machines can be
specified as well as the destination network or machines. For example the VOIP traffic for a set of
LAN IP addresses can be assigned to one WAN and any VOIP traffic from the remaining IP addresses
68
can be assigned to the other WAN link. Protocol bindings are only applicable when load balancing
mode is enabled and more than one WAN is configured.
Figure 36: Protocol binding setup to associate a service and/or LAN source to a WAN
and/or destination network
3.4.4 IP Aliasing
Network > Internet > IP Aliasing

A single WAN ethernet port can be accessed via multiple IP addresses by adding an alias to the port.
This is done by configuring an IP Alias address.
Figure 37: Configuring the IP Alias

-
69
Interface: Sets the interface on which IP Alias is being configured.

IP Address: Sets the IP address of the IP Alias.
Subnet Mask: Sets the Subnet Mask of the IP Alias.
Click Don't Save Settings to revert to the previous settings.
Figure 38: IP Alias Configuration
List of IP Aliases
The List of IP Aliases displays the configured IP Aliases on the router.
Interface Name: The interface on which the Alias was configured.
IP Address: The IP Address of the configured IP Alias.
Subnet Mask: The Subnet Mask of the configured IP Alias.
Edit: Opens the IP Alias configuration page to edit the selected IP Alias.
Add: Opens the IP Alias configuration page to add a new IP Alias.
Delete: Deletes the selected IP Aliases.
70
3.5 Routing Configuration

Routing between the LAN and WAN will impact the way this router handles traffic that is received on
any of its physical interfaces. The routing mode of the gateway is core to the behavior of the traffic
flow between the secure LAN and the internet.
3.5.1 Routing Mode
Network > Internet > Routing

This device supports classical routing, network address translation (NAT), and transport mode routing.
 With classical routing, devices on the LAN can be directly accessed from the internet by their
public IP addresses (assuming appropriate firewall settings). If your ISP has assigned an IP
address for each of the computers that you use, select Classic Routing.
 NAT is a technique which allows several computers on a LAN to share an Internet connection.
The computers on the LAN use a "private" IP address range while the WAN port on the router is
configured with a single "public" IP address. Along with connection sharing, NAT also hides
internal IP addresses from the computers on the Internet. NAT is required if your ISP has assigned
only one IP address to you. The computers that connect through the router will need to be assigned
IP addresses from a private subnet.
 When Transparent Routing Mode is enabled, NAT is not performed on traffic between LAN and
WAN. Broadcast and multicast packets that arrive on the LAN interface are switched to the WAN
and vice versa, if they do not get filtered by firewall or VPN policies. To maintain the LAN and
WAN in the same broadcast domain select Transparent mode , which allows bridging of traffic
from LAN to WAN and vice versa, except for router-terminated traffic and other management
traffic. All DSR features (such as 3G modem support) ar e supported in transparent mode
assuming the LAN and WAN are configured to be in the same broadcast domain.
 NAT routing has a feature called “NAT Hair -pinning” that allows internal network users on the
LAN and DMZ to access internal servers (e.g. an internal FTP server) using their externally-
known domain name. This is also referred to as “NAT loopback” since LAN generated traffic is
redirected through the firewall to reach LAN servers by their external name.
 When Bridge Mode routing is enabled, the first physical LAN port and secondary WAN/DMZ
(port 2) interfaces are bridged together at Layer 2, creating an aggregate network. The other LAN
ports and the primary WAN (WAN1) are not part of this bridge, and the router asks as a NAT
device for these other ports. With Bridge mode for the LAN port 1 and WAN2/DMZ interfaces,
L2 and L3 broadcast traffic as well as ARP / RARP packets are passed through. When WAN2
71
receives tagged traffic the tag information will be removed before the packet is forwarded to the
LAN port 1 interface.
 Bridge mode option is available on DSR -500 / 500N / 1000 / 1000N products only.
Figure 39: Routing Mode to determine traffic routing between WAN and LAN
72
3.5.2 Dynamic Routing (RIP)
 DSR- 150/150N/250/250N does not support RIP.
Setup > Internet Settings > Routing Mode

Dynamic routing using the Routing Information Protocol (RIP) is an Interior Gateway Protocol (IGP)
that is common in LANs. With RIP this router can exchange routing information with other supported
routers in the LAN and allow for dynamic adjustment of routing tables in order to adapt to
modifications in the LAN without interrupting traffic flow.
The RIP direction will define how this router sends and receives RIP packets. Choose between:
 Both: The router both broadcasts its routing table and also processes RIP information received
from other routers. This is the recommended setting in order to fully utilize RIP capabilities.
 Out Only: The router broadcasts its routing table periodically but does not accept RIP
information from other routers.
 In Only: The router accepts RIP information from other routers, but does not broadcast its
routing table.
 None: The router neither broadcasts its route table nor does it accept any RIP packets f rom
other routers. This effectively disables RIP.
 The RIP version is dependent on the RIP support of other routing devices in the LAN.
 Disabled: This is the setting when RIP is disabled.
 RIP-1 is a class-based routing version that does not include subnet information. This is the
most commonly supported version.
 RIP-2 includes all the functionality of RIPv1 plus it supports subnet information. Though the
data is sent in RIP-2 format for both RIP-2B and RIP-2M, the mode in which packets are sent
is different. RIP-2B broadcasts data in the entire subnet while RIP-2M sends data to multicast
addresses.
If RIP-2B or RIP-2M is the selected version, authentication between this router and other routers
(configured with the same RIP version) is required. MD5 authentication is used in a first/second key
exchange process. The authentication key validity lifetimes are configurable to ensure that the routing
information exchange is with current and supported routers detected on the LAN.
3.5.3 Static Routing
Network > Routing >Static Routes
Advanced > IPv6 > IPv6 Static Routing

Manually adding static routes to this device allows you to define the path selection of traffic from one
interface to another. There is no communication between this router and other devices to account for
73
changes in the path; once configured the static route will be active and effective until the network
changes.
The List of Static Routes displays all routes that have been added manually by an administrator and
allows several operations on the static routes. The List of IPv4 Static Routes and List of IPv6 Static
Routes share the same fields (with one exception):
 Name: Name of the route, for identification and management .
 Active: Determines whether the route is active or inactive. A route can be added to the table
and made inactive, if not needed. This allows routes to be used as needed without deleting
and re-adding the entry. An inactive route is not broadcast if RIP is enabled.
 Private: Determines whether the route can be shared with other routers when RIP is enable d.
If the route is made private, then the route will not be shared in a RIP broadcast or multicast.
This is only applicable for IPv4 static routes.
 Destination: the route will lead to this destination host or IP address.
 IP Subnet Mask: This is valid for IPv4 networks only, and identifies the subnet that is affected
by this static route
 Interface: The physical network interface (WAN1, WAN2, WAN3, DMZ or LAN), through
which this route is accessible.
 Gateway: IP address of the gateway through which the dest ination host or network can be
reached.
 Metric: Determines the priority of the route. If multiple routes to the same destination exist,
the route with the lowest metric is chosen.
74
Figure 40: Static route configuration fields
3.5.4 OSPFv2
Network > Routing > OSPF

OSPF is an interior gateway protocol that routes Internet Protocol (IP) packets solely within a single
routing domain. It gathers link state information from available routers and constructs a topology map
of the network.
OSPF version 2 is a routing protocol which described in RFC2328 - OSPF Version 2. OSPF is IGP
(Interior Gateway Protocols).OSPF is widely used in large networks such as ISP backbone and
enterprise networks.
75
 DSR-150, DSR-150N, DSR-250 and DSR-250 don't support OSPFv2.
Figure 41: OSPFv2 configured parameters
Interface: The physical network interface on which OSPFv2 is Enabled/Disabled.

Status: This column displays the Enable/Disable state of OSPFv2 for a particular interface.
Area: The area to which the interface belongs. Two routers having a common segment; their interfaces
have to belong to the same area on that segment. The interfaces should belong to the same subnet and
have similar mask.
Priority: Helps to determine the OSPFv2 designated router for a network. The router with the highest
priority will be more eligible to become Designated Router. Setting the value to 0, makes the router
ineligible to become Designated Router. The default value is 1.Lower value means higher pr iority.
HelloInterval: The number of seconds for HelloInterval timer value. Setting this value, Hello packet
will be sent every timer value seconds on the specified interface. This value must be the same for all
routers attached to a common network. The de fault value is 10 seconds.
DeadInterval: The number of seconds that a device’s hello packets must not have been seen before its
neighbors declare the OSPF router down. This value must be the same for all routers attached to a
common network. The default value is 40 seconds.
OSPF requires these intervals to be exactly the same between two neighbors. If any of these intervals
are different, these routers will not become neighbors on a particular segment
Cost: The cost of sending a packet on an OSPFv2 interfac e.
Authentication Type:. This column displays the type of authentication to be used for OSPFv2.If
Authentication type is none the interface does not authenticate OSPF packets. If Authentication Type
is Simple then OSPF packets are authenticated using simple text key. If Authentication Type is MD5
then the interface authenticates OSPF packets with MD5 authentication.
76
Figure 42: OSPFv2 configuration
3.5.5 OSPFv3
Network > IPv6 > OSPFv3

Open Shortest Path First version 3 (OSPFv3) supports IPv6 . To enable an OSPFv3 process on a router,
you need to enable the OSPFv3 process globally, assign the OSPFv3 process a router ID, and enable
the OSPFv3 process on related interfaces.
 DSR-150, DSR-150N, DSR-250 and DSR-250 don't support OSPFv3.
77
Figure 43: OSPFv3 configured parameters
Interface: The physical network interface on which OSPFv3 is Enabled/Disabled.

Status: This column displays the Enable/Disable state of OSPFv3 for a particular interface.
Priority: Helps to determine the OSPFv3 designated router for a network. The router with the highest
priority will be more eligible to become Designated Router. Setting the value to 0, makes the router
ineligible to become Designated Router. The default value is 1.Lower Value means higher priority.
HelloInterval: The number of seconds for HelloInterval timer value. Setting this value, Hello packet
will be sent every timer value seconds on the specified interface. This value must be the same for all
routers attached to a common network. The default value is 10 seconds.
DeadInterval: The number of seconds that a device’s hello packets must not have been seen before its
neighbors declare the OSPF router down. This value must be the same for all routers attached to a
common network. The default value is 40 seconds.
OSPF requires these intervals to be exactly the same between two neighbors. If any of these intervals
are different, these routers will not become neighbors on a particular segment
Cost: The cost of sending a packet on an OSPFv3 interface.
78
Figure 44: OSPFv3 configuration
3.5.6 6to4 Tunneling
Network > IPv6 > 6 to 4 Tunneling

6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6
packets to be transmitted over an IPv4 network. Select the check box to Enable Automatic Tunneling
and allow traffic from an IPv6 LAN to be sent over an IPv4 Option to reach a remote IPv6 network.
Figure 45: 6 to 4 tun neling
79
3.5.7 ISATAP Tunnels
Network > IPv6 > ISATAP Tunnels

ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is an IPv6 transition mechanism meant to
transmit IPv6 packets between dual-stack nodes on top of an IPv4 network. ISATAP specifies an IPv6-
IPv4 compatibility address format as well as a means for site border router discovery. ISATAP also
specifies the operation of IPv6 over a specific link layer - that being IPv4 used as a link layer for IPv6.
80
Figure 46: IS A TAP T un ne l s Co nf ig u ra tio n
ISATAP Subnet Prefix: This is the 64-bit subnet prefix that is assigned to the logical ISATAP subnet
for this intranet. This can be obtained from your ISP or internet registry, or derived from RFC 4193.
End Point Address: This is the endpoint address for the tunnel that starts with this router. The endpoint
can be the LAN interface (assuming the LAN is an IPv4 network), or a specific LAN IPv4 address.
IPv4 Address: The end point address if not the entire LAN.
81
3.6 Configurable Port - WAN Option

This router supports one of the physical ports to be configured as a secondary WAN Ethernet port or a
dedicated DMZ port. If the port is selected to be a secondary WAN interface, all configuration pages
relating to WAN2 are enabled.
3.7 WAN3 (3G) Configuration

This router supports one of the physical ports WAN3 to be configured for 3G internet access.
Network > Internet > WAN3 Settings

WAN3 configuration for the 3G USB modem is available only on WAN 3 interface.
There are a few key elements of WAN 3 configuration.
 Reconnect Mode: Select one of the following options
o Always On: The connection is always on.
o Username: Enter the username required to log in to the ISP.
o On Demand: The connection is automatically ended if it is idle for a specified number of

minutes. Enter the number of minutes in the Maximum Idle Time field. This feature is useful
if your ISP charges you based on the amount of time that you are connected.
 Password: Enter the password required to login to the ISP.
 Dial Number: Enter the number to dial to the ISP.
 Authentication Protocol: Select one of None, PAP or CHAP Authentication Protocols to connect to
the ISP.
 APN: Enter the APN (Access Point Name) provided by the ISP.
Domain Name System (DNS) Servers
 Domain name servers (DNS) convert Internet names such as www.dlink.com, to IP addresses to
route traffic to the correct resources on the Internet. If you configure your router to get an IP address
dynamically from the ISP, then you need to specify the DNS server source in this section.
 DNS Server Source: Choose one of the following options:
o Get Dynamically from ISP: Choose this option if your ISP did not assign a static DNS IP
address.
o Use These DNS Servers: Choose this option if your ISP assigned a static DNS IP address
for you to use. Also complete the fields that are highlighted white in this section.
o Primary DNS Server: Enter a valid primary DNS Server IP Address.
o Secondary DNS Server: Enter a valid secondary DNS Server IP Address.
82
 Configurable Port: This page allows you to assign the functionality intended for the Configurable
Port. Choose from the following options:
o WAN: If this option is selected, configure the WAN 3. The WAN Mode options are now
available as there are two WAN ports for the gateway.
o DMZ: If this option is selected, you are able to configure the DMZ port on the DMZ
Configuration menu.
Click Don't Save Settings to revert to the previous settings .
Figure 47: WAN3 configuration for 3G internet
Cellular 3G internet access is available on WAN 3 via a 3G USB modem for DSR-1000 and DSR-1000N.
The cellular ISP that provides the 3G data plan will provide the authentication requirements to establish
a connection. The dial Number and APN are specific to the cellular carriers. Once the connection type
settings are configured and saved, navigate to the WAN status page (Network > Internet > WAN#
Settings) and Enable the WAN3 link to establish the 3G connection.
 The 3G USB modem can be configured as the third WAN in DSR-1000 and DSR- 1000N.
83
3.8 WAN Port Settings

Network > Internet > WAN1 Settings
The physical port settings for each WAN link can be defined here. If your ISP account defines the WAN
port speed or is associated with a MAC address, this in formation is required by the router to ensure a
smooth connection with the network.
The default MTU size supported by all ports is 1500. This is the largest packet size that can pass through
the interface without fragmentation. This size can be increased, however large packets can introduce
network lag and bring down the interface speed. Note that a 1500 byte size packet is the largest allowed
by the Ethernet protocol at the network layer.
The port speed can be sensed by the router when Auto is selected. With this option the optimal port
settings are determined by the router and network. The duplex (half or full) can be defined based on the
port support, as well as one of three port speeds: 10 Mbps, 100 Mbps and 1000 Mbps (i.e. 1 Gbps). The
default setting is 100 Mbps for all ports.
The default MAC address is defined during the manufacturing process for the interfaces, and can
uniquely identify this router. You can customize each WAN port’s MAC address as needed, either by
letting the WAN port assume the current LAN host’s MAC address or by entering a MAC address
manually.
84
Figure 48: Physical WAN port settings
 The 3G USB Modem can be configured as dedicated WAN2 for DSR -500 and DSR-500N as well
as dedicated WAN3 for DSR-1000 and DSR-1000N.
85
Chapter 4. Wireless Access Point Setup
This router has an integrated 802.11n radio that allows you to create an access point for wireless LAN
clients. The security/encryption/authentication options are grouped in a wireless Profile, and each
configured profile will be available for selection in the AP configuration menu. The profile defines
various parameters for the AP, including the security between the wireless client and the AP, and can be
shared between multiple APs instances on the same device when needed.
Up to four unique wireless networks can be created by configuring multiple “virtual” APs. Each such
virtual AP appears as an independent AP (unique SSID) to supported clients in the environment, but is
actually running on the same physical radio integrated with this router.
You will need the following information to configure your wireless network:
 Types of devices expected to access the wireless network and their supported Wi -Fi™ modes
 The router’s geographical region
 The security settings to use for securing the wireless network.
 Profiles may be thought of as a grouping of AP parameters that can then be applied to not just
one but multiple AP instances (SSIDs), thus avoiding duplication if the same parameters are to
be used on multiple AP instances or SSIDs.
4.1 Wireless Settings Wizard

Setup > Wizard > Wireless Settings
The Wireless Network Setup Wizard is available for users new to networking. By going through a few
straightforward configuration pages you can enable a Wi -Fi™ network on your LAN and allow
supported 802.11 clients to connect to the configured Access Point.
86
Figure 49: Wireless Network Setup Wizards
87
88
4.1.1 Wireless Network Setup Wizard

This wizard provides a step-by-step guide to create and secure a new access point on the router. The
network name (SSID) is the AP identifier that will be detected by supported clients. The Wizard uses
a TKIP+AES cipher for WPA / WPA2 security; depending on support on the client side, devices
associate with this AP using either WPA or WPA2 security with the same pre -shared key.
The wizard has the option to automatically generate a network key for the AP. This key is the pre-
shared key for WPA or WPA2 type security. Supported clients that have been given this PSK can
associate with this AP. The default (auto-assigned) PSK is “passphrase”.
The last step in the Wizard is to click the Connect button, which confirms the settings and enables
this AP to broadcast its availability in the LAN.
4.1.2 Add Wireless Device with WPS

With WPS enabled on your router, the selected access point allows supported WPS clients to join the
network very easily. When the Auto option for connecting a wireless device is chose, you will be
presented with two common WPS setup options:
 Personal Identification Number (PIN): The wireless device that supports WPS may have an
alphanumeric PIN, and if entered in this field the AP will establish a link to the client. Click
Connect to complete setup and connect to the client.
89
 Push Button Configuration (PBC): for wireless devices that support PBC, press and hold
down on this button and within 2 minutes, click the PBC connect button. The AP will detect
the wireless device and establish a link to the client.
 You need to enable at least one AP with WPA/WPA2 security and also enable WPS in the
Advanced > Wireless Settings > WPS page to use the WPS wizard.
4.1.3 Manual Wireless Network Setup

This button on the Wizard page will link to the Setup> Wireless Settings> Access Points page.
The manual options allow you to create new APs or modify the parameters of APs created by the
Wizard.
4.2 Wireless Profiles

Wireless > General > Profiles
The profile allows you to assign the security type, encryption and authentication to use when connecting
the AP to a wireless client. The default mode is “open”, i.e. no security. This mode is insecure as it
allows any compatible wireless clients to connec t to an AP configured with this security profile.
To create a new profile, use a unique profile name to identify the combination of settings. Configure a
unique SSID that will be the identifier used by the clients to communicate to the AP using this profi le.
By choosing to broadcast the SSID, compatible wireless clients within range of the AP can detect this
profile’s availability.
The AP offers all advanced 802.11 security modes, including WEP, WPA, WPA2 and WPA+WPA2
options. The security of the Access point is configured by the Wireless Security Type section:
 Open: select this option to create a public “open” network to allow unauthenticated devices to access
this wireless gateway.
 WEP (Wired Equivalent Privacy): this option requires a static (pre -shared) key to be shared between
the AP and wireless client. Note that WEP does not support 802.11n data rates; is it appropriate for
legacy 802.11 connections.
 WPA (Wi-Fi Protected Access): For stronger wireless security than WEP, choose this option. The
encryption for WPA will use TKIP and also CCMP if required. The authentication can be a pre-shared
key (PSK), Enterprise mode with RADIUS server, or both. Note that WPA does not support 802.11n
data rates; is it appropriate for legacy 802.11 connections.
 WPA2: this security type uses CCMP encryption (and the option to add TKIP encryption) on either
PSK (pre-shared key) or Enterprise (RADIUS Server) authentication.
 WPA + WPA2: this uses both encryption algorithms, TKIP and CCMP. WPA clients will use TKIP
and WPA2 clients will use CCMP encryption algorithms.
90
 “WPA+WPA2” is a security option that allows devices to connect to an AP using the strongest
security that it supports. This mode allows legacy devices that only support WPA2 keys (such as
an older wireless printer) to connect to a secure AP where all the other wireless clients are using
WPA2.
Figure 50: List of Available Profiles shows th e options available to secure the
wireless link
4.2.1 WEP Security

If WEP is the chosen security option, you must set a unique static key to be shared with clients that
wish to access this secured wireless network. This static key can be generate d from an easy-to-
remember passphrase and the selected encryption length.
 Authentication: select between Open System, or Shared Key schemes
 Encryption: select the encryption key size -- 64 bit WEP or 128 bit WEP. The larger size keys
provide stronger encryption, thus making the key more difficult to crack
 WEP Passphrase: enter an alphanumeric phrase and click Generate Key to generate 4 unique
WEP keys with length determined by the encryption key size. Next choose one of the keys to
be used for authentication. The selected key must be shared with wireless clients to connect
to this device.
91
Figure 51: Profile configuration to set network security
4.2.2 WPA or WPA2 with PSK

A pre-shared key (PSK) is a known passphrase configured on the AP and client both and is used to
authenticate the wireless client. An acceptable passphrase is between 8 to 63 characters in length.
92
4.3 Creating and Using Access Points

Wireless > General > Access Points
Once a profile (a group of security settings) is created, it can be assigned to an AP on the router. The
AP SSID can be configured to broadcast its availability to the 802.11 environment can be used to
establish a WLAN network.
The AP configuration page allows you to create a new AP and link to it one of the available
profiles. This router supports multiple AP’s referred to as virtual access point s (VAPs). Each
virtual AP that has a unique SSIDs appears as an independent access point to clients. This
valuable feature allows the router’s radio to be configured in a way to optimize security and
throughput for a group of clients as required by the use r. To create a VAP, click the “add” button
on the Wireless > General > Access Points page. After setting the AP name, the profile
dropdown menu is used to select one of the configured profiles.
 The AP Name is a unique identifier used to manage the AP from the GUI, and is not the SSID
that is detected by clients when the AP has broadcast enabled.
93
Figure 52: Virtual AP configuration
94
A valuable power saving feature is the start and stop time control for this AP. You can conserve on the
radio power by disabling the AP when it is not in use. For example on evenings and weekends if you
know there are no wireless clients, the start and stop time will enable/disable the ac cess point
automatically.
Once the AP settings are configured, you must enable the AP on the radio on the Wireless > General
> Access Points page. The status field changes to “Enabled” if the AP is available to accept wireless
clients. If the AP is configured to broadcast its SSID (a profile parameter), a green check mark
indicating it is broadcasting will be shown in the List of Available Access points.
95
Figure 53: List of configured access points (Virtual APs) shows one enabled ac cess
point on the radio, broadcasting its SSID
The clients connected to a particular AP can be viewed by using the Status Button on the List of
Available Access Points. Traffic statistics are shown for that individual AP, as compared to the
summary stats for each AP on the Statistics table. Connected clients are sorted by the MAC address and
indicate the security parameters used by the wireless link, as well as the time connected to this particular
AP. Clicking the Details button next to the connecte d client will give the detailed send and receive
traffic statistics for the wireless link between this AP and the client.
96
4.3.1 Primary benefits of Virtual APs:

 Optimize throughput: if 802.11b, 802.11 g, and 802.11n clients are expected to access the
LAN via this router, creating 3 VAPs will allow you to manage or shape traffic for each group
of clients. A unique SSID can be created for the network of 802.11b clients and another SSID
can be assigned for the 802.11n clients. Each can have different security parameters –
remember, the SSID and security of the link is determined by the profile. In this way legacy
clients can access the network without bringing down the overall throughput of more capable
802.11n clients.
 Optimize security: you may wish to suppo rt select legacy clients that only offer WEP security
while using WPA2 security for the majority of clients for the radio. By creating two VAPs
configured with different SSIDs and different security parameters, both types of clients can
connect to the LAN. Since WPA2 is more secure, you may want to broadcast this SSID and
not broadcast the SSID for the VAP with WEP since it is meant to be used for a few legacy
devices in this scenario.
4.4 Tuning Radio Specific Settings

Wireless > General > Radio Settings
The Radio Settings page lets you configure the channels and power levels available for the AP’s enabled
on the DSR. The router has a dual band 802.11n radio, meaning either 2.4 GHz or 5 GHz frequency of
operation can be selected (not concurrently though). Based on the selected operating frequency, the
mode selection will let you define whether legacy connections or only 802.11n connections (or both)
are accepted on configured APs.
97
Figure 54: Radio card configuration options
The ratified 802.11n support on this radio requires selecting the appropriate broadcast (NA or NG etc.)
mode, and then defining the channel spacing and control side band for 802.11n traffic. The default
settings are appropriate for most networks. For example, changing the channel spacing to 40 MHz can
improve bandwidth at the expense of supporting earlier 802.11n clients.
The available transmission channels are governed by regulatory constraints based on the region setting
of the router. The maximum transmission power is similarly governed by regulatory limits; you have
the option to decrease from the default maximum to reduce the signal strength of traffic out of the radio.
4.5 WMM
Wireless > Advanced > WMM
Wi-Fi Multimedia (WMM) provides basic Quality of service (Q oS) features to IEEE 802.11 networks.
WMM prioritizes traffic according to four Access Categories (AC) - voice, video, best effort, and
background.
98
Figure 55: Wi-Fi Multimedia
Profile Name:
This field allows you to select the available profiles in wireless settings.
Enable WMM:
This field allows you to enable WMM to improve multimedia transmission.
Default Class of Service:
This field allows you to select the available Access Categories (voice, video, best effort, and
background).
99
4.6 Wireless distribution system (WDS)

Wireless > Advanced > WDS
Wireless distribution system is a system enabling the wireless interconnection of access points in a
network. This feature is only guaranteed to work only between devices of the same type .
Figure 56: Wireless Distribution System
 This feature is only guaranteed to work only between devices of the same type (i.e. using the
same chipset/driver). For example between two DSR250N boxes, or betwee n two DSR1000N. It
should also interoperate between a DSR 1000N and DSR 500 N boxes since they are based on
the same chipset/driver.
When the user enables the WDS links use the same security configuration as the default access point.
The WDS links do not have true WPA/WPA2 s upport, as in there is no WPA key handshake performed.
Instead the Session Key to be used with a WDS Peer is computed using a hashing function (similar to
the one used for computing a WPA PMK). The inputs to this function are a PSK (configurable by an
administrator from the WDS page) and an internal "magic" string (non -configurable).
In effect the WDS links use TKIP/AES encryption, depending on the encryption configured for the
default AP. In case the default AP uses mixed encryption (TKIP + AES).The WDS link will use the
AES encryption scheme.
100
 For a WDS link to function properly the Radio settings on the WDS peers have to be the same.
The WDS page would consist of two sections. The first section provides general WDS settings shared
by all its WDS peers.
WDS Enable - This would be a check box
WDS Encryption - Displays the type of encryption used. It could be one of OPEN/64 bit WEP/128 bit
WEP/TKIP/AES (Use the term being used throughout the box i.e. either CCMP or AES).
WDS Passphrase - This is required if the encryption selected is TKIP/CCMP. We would expect it to
be within 8~63 ASCII characters. In the WDS configuration page this field is mandatory and has to be
same on the two WDS peers, when the security is configured in TKIP/AES mode. The WDS links use
this as the PSK for the connection.
DUT's Mac Address - This would be the mac address of this box. This should be configured in the
peer's WDS configuration page to be able to establish a WDS link with this box . This field in the WDS
Configuration section displays the device's mac address, which needs to be specified on the WDS peer
for making a connection to this device (Similarly the WDS peers MAC address will have to be specified
on this device for the WDS link to be established between the two devices).
The second section will have the list of configured WDS peers with buttons to Add/Delete Peer entries.
We support up to a maximum of 4 WDS links per box.
 The both devices need to have same wireless settings (wireless mode, encryption, authentication
method, WDS passphrase, WDS MAC address and wireless SSID) when we confi gure WDS
features in DSR router.
The "Add WDS Peer" section allows the user to specify a WDS peer. The "WDS Peers" table displays
the list of WDS peers currently configured on the device. A maximum of 4 WDS peers can be specified
in any given mode.
4.7 Advanced Wireless Settings

Wireless > Advanced > Advanced Sttings
Sophisticated wireless administrators can modify the 802.11 communication parameters in this page.
Generally, the default settings are appropriate for most networks. Please refer to the GUI integrated
help text for further details on the use of each configuration parameter.
101
Figure 57: Advanced Wireless communication settings
4.8 Wi-Fi Protected Setup (WPS)

Wireless > Advanced > WPS
WPS is a simplified method to add supporting wireless clients to the network. WPS is only applicable
for APs that employ WPA or WPA2 security. To use WPS, select the eligible VAPs from the dropdown
list of APs that have been configured with this security and enable WPS status for this AP.
The WPS Current Status section outlines the security, authentication, and encryption settings of the
selected AP. These are consistent with the AP’s profile. There are two setup options available for
:
 Personal Identification Number (PIN): The wireless device that supports WPS may have an
alphanumeric PIN, if so add the PIN in this field. The router will connect within 60 seconds of
clicking the “Configure via PIN” button immediately below t he PIN field. There is no LED indication
that a client has connected.
 Push Button Configuration (PBC): for wireless devices that support PBC, press and hold down on
this button and within 2 minutes click the PBC connect button. The AP will detect the wireless device
and establish a link to the client.
 More than one AP can use WPS, but only one AP can be used to establish WPS links to client at
any given time.
102
Figure 58: WPS configuration for an AP with WPA/WPA2 profile
103
Chapter 5. Securing the Private Network
You can secure your network by creating and applying rules that your router uses to selectively
block and allow inbound and outbound Internet traffic. You then specify how and to whom the
rules apply. To do so, you must define the following:
 Services or traffic types (examples: web browsing, VoIP, other standard services and also
custom services that you define)
 Direction for the traffic by specifying the source and destination of traffic ; this is done by
specifying the “From Zone” (LAN/WAN/DMZ) and “To Zone” ( LAN/WAN/DMZ)
 Schedules as to when the router should apply rules
 Any Keywords (in a domain name or on a URL of a web page) that the router should allow
or block
 Rules for allowing or blocking inbound and outbound Internet traffic for specified services
on specified schedules
 MAC addresses of devices that should not access the internet
 Port triggers that signal the router to allow or block access to specified services as defined
by port number
 Reports and alerts that you want the router to send to you
You can, for example, establish restricted -access policies based on time-of-day, web addresses,
and web address keywords. You can block Internet access by applications and services on the
LAN, such as chat rooms or games. You can block just certain groups of PCs on your network
from being accessed by the WAN or public DMZ network .
5.1 Firewall Rules

Security > Firewall > Firewall Rules > IPv4 Firewall Rules
Inbound (WAN to LAN/DMZ) rules restrict access to traffic entering your network,
selectively allowing only specific outside users to access specific local resources. By
default all access from the insecure WAN side are blocked from accessing the secure
LAN, except in response to requests from the LAN or DMZ. To allow outside devices
to access services on the secure LAN, you must create an inbound firewall rule for each
service.
If you want to allow incoming traffic, you must make the router’s WAN port IP address
known to the public. This is called “exposing yo ur host.” How you make your address
known depends on how the WAN ports are configured; for this router you may use the
IP address if a static address is assigned to the WAN port, or if your WAN address is
dynamic a DDNS (Dynamic DNS) name can be used.
Outbound (LAN/DMZ to WAN) rules restrict access to traffic leaving your network,
selectively allowing only specific local users to access specific outside resources . The
default outbound rule is to allow access from the secure zone (LAN) to either the public
DMZ or insecure WAN. On other hand the default outbound rule is to deny access from
DMZ to insecure WAN. You can change this default behavior in the Firewall Settings
> Default Outbound Policy page. When the default outbound policy is allow always,
you can to block hosts on the LAN from accessing internet services by creating an
outbound firewall rule for each service.
Figure 59: List of Available Firewall Rules
5.2 Defining Rule Schedules

Security > Firewall > Schedules
Firewall rules can be enabled or disabled automatically if they are associated with a
configured schedule. The schedule configuration page allows you to define days of the
week and the time of day for a new schedule, and then this schedule can be selected in
the firewall rule configuration page.
 All schedules will follow the time in the routers configured time zone. Refer to
the section on choosing your Time Zone and configuring NTP servers for more
information.
106
Figure 60: List of Available Schedules to bind to a firewall rule
107
5.3 Configuring Firewall Rules

All configured firewall rules on the router are displayed in the Firewall Rules list. This
list also indicates whether the rule is enabled (active) or not, and gives a summary of
the From/To zone as well as the services or users that the rule affects.
To create a new firewall rules, follow the steps below:
1. View the existing rules in the List of Available Firewall Rules table.
2. To edit or add an outbound or inbound services rule, do the following:
 To edit a rule, click the checkbox next to the rule and click E dit to reach that rule’s
configuration page.
 To add a new rule, click Add to be taken to a new rule’s configuration page. Once
created, the new rule is automatically added to the original table.
3. Chose the From Zone to be the source of originating traffic: either the secure LAN, public
DMZ, or insecure WAN. For an inbound rule WAN should be selected as the From Zone.
4. Choose the To Zone to be the destination of traffic covered by this rule. If the From Zone
is the WAN, the To Zone can be the public DMZ or secure LAN. Similarly if the From
Zone is the LAN, then the To Zone can be the public DMZ or insecure WAN.
5. Parameters that define the firewall rule include the following:
 Service: ANY means all traffic is affected by this rule. For a specific
service the drop down list has common services, or you can select a
custom defined service.
 Action & Schedule: Select one of the 4 actions that this rule defines:
BLOCK always, ALLOW always, BLOCK b y schedule otherwise
ALLOW, or ALLOW by schedule otherwise BLOCK. A schedule must be
preconfigured in order for it to be available in the dropdown list to assign
to this rule.
 Source & Destination users: For each relevant category, select the users
to which the rule applies:
 Any (all users)
 Single Address (enter an IP address)
 Address Range (enter the appropriate IP address range)
108
 Log: traffic that is filtered by this rule can be logged; this requires
configuring the router’s logging feature separately.
 QoS Priority: Outbound rules (where To Zone = insecure WAN only) can
have the traffic marked with a QoS priority tag. Select a priority level:
 Normal-Service: ToS=0 (lowest QoS)
 Minimize-Cost: ToS=1
 Maximize-Reliability: ToS=2
 Maximize-Throughput: ToS=4
 Minimize-Delay: ToS=8 (highest QoS)
6. Inbound rules can use Destination NAT (DNAT) for managing traffic from the WAN.
Destination NAT is available when the To Zone = DMZ or secure LAN.
 With an inbound allow rule you can enter the internal server address that
is hosting the selected service.
 You can enable port forwarding for an incoming service specific rule
(From Zone = WAN) by selecting the appropriate checkbox. This will
allow the selected service traffic from the internet to reach the
appropriate LAN port via a port forwarding rule.
 Translate Port Number: With port forwarding, the incoming traffic to be

forwarded to the port number entered here.
 External IP address: The rule can be bound to a specific WAN interface

by selecting either the primary WAN or configurable port WAN as the
source IP address for incoming traffic.
 This router supports multi-NAT and so the External IP address does not
necessarily have to be the WAN address. On a single WAN interface, multiple
public IP addresses are supported. If your ISP assigns you more than one public
IP address, one of these can be used as your primary IP address on the WAN port ,
and the others can be assigned to servers on the LAN or DMZ. In this way the
LAN/DMZ server can be accessed from the internet by its aliased public IP
address.
7. Outbound rules can use Source NAT (SNAT) in order to map (bind) all LAN/DMZ traffic
matching the rule parameters to a specific WAN interface or external IP address (usually
provided by your ISP).
109
Once the new or modified rule parameters are saved, it appears in the master list of
firewall rules. To enable or disable a rule, click the checkbox ne xt to the rule in the list
of firewall rules and choose Enable or Disable.
 The router applies firewall rules in the order listed. As a general rule, you should
move the strictest rules (those with the most specific services or addresses) to
the top of the list. To reorder rules, click the checkbox next to a rule and click
up or down.
110
Figure 61: Example where an outbound SNAT rule is used to map an

external IP address (209.156.200.225) to a private DMZ IP
address (10.30.30.30)
111
Figure 62: The firewall rule configuration page allows you to define the
To/From zone, service, action, schedules, and specify
source/destination IP addresses as needed.
112
5.4 Configuring IPv6 Firewall Rules

All configured IPv6 firewall rules on the router are displayed in the Firewall Rules list.
This list also indicates whether the rule is enabled (active) or not, and gives a summary
of the From/To zone as well as the services or users that the rule affects.
113
Figure 63: The IPv6 firewall rule configuration page allows you to define
the To/From zone, service, action, schedules, and specify
source/destination IP addresses as needed.
114
Figure 64: List of Available IPv6 Firewall Rules
5.4.1 Firewall Rule Configuration Examples
Example 1: Allow inbound HTTP traffic to the DMZ

Situation: You host a public web server on your local DMZ network. You want to
allow inbound HTTP requests from any outside IP address to the IP address of your
web server at any time of day.
Solution: Create an inbound rule as follows.
Parameter Value
From Zone Insecure (WAN1/WAN2/WAN3)
To Zone Public (DMZ)
Service HTTP
Action ALLOW always
Send to Local Server (DNAT IP) 192.168.5.2 (web server IP address)
Destination Users Any
Log Never
Example 2: Allow videoconferencing from range of outside IP addresses
115
Situation: You want to allow incoming videoconferencing to be initiated from a

restricted range of outside IP addresses (132.177.88.2 - 132.177.88.254), from a
branch office.
Solution: Create an inbound rule as follows. In the example, CUSeeMe (the video
conference service used) connections are allowed only from a specified range of
external IP addresses.
Parameter Value
To Zone Secure (LAN)
Service CU-SEEME:UDP
Action ALLOW always
Send to Local Server (DNAT IP) 192.168.10.11
Destination Users Address Range
From 132.177.88.2
To 134.177.88.254
Enable Port Forwarding Yes (enabled)
Example 3: Multi-NAT configuration

Situation: You want to configure multi-NAT to support multiple public IP addresses
on one WAN port interface.
Solution: Create an inbound rule that configures the firewall to host an additional
public IP address. Associate this address with a web server on the DMZ. If you arrange
with your ISP to have more than one public IP address for your use, you can use the
additional public IP addresses to map to servers on your LAN. One of these public IP
addresses is used as the primary IP address of the router. This address is used to
provide Internet access to your LAN PCs through NAT. The other addresses are
available to map to your DMZ servers.
The following addressing scheme is used to illustrate this procedure:
 WAN IP address: 10.1.0.118
 LAN IP address: 192.168.10.1; subnet 255.255.255.0
 Web server host in the DMZ, IP address: 192.168.12.222
 Access to Web server: (simulated) public IP address 10.1.0.52
Parameter Value
To Zone Public (DMZ)
Service HTTP
Action ALLOW always
116
Send to Local Server (DNAT IP) 192.168.12.222 ( web server local IP address)
Destination Users Single Address
From 10.1.0.52
WAN Users Any
Log Never
Example 4: Bloc
Example 4: Block traffic by schedule if generated from specific range of machines

Use Case: Block all HTTP traffic on the weekends if the request originates from a
specific group of machines in the LAN having a known range of IP addresses, and
anyone coming in through the Network from the WAN (i.e. all remote users).
Configuration:
1. Setup a schedule:
 To setup a schedule that affects traffic on weekends only, navigate to Security:

Schedule, and name the schedule “Weekend”
 Define “weekend” to mean 12 am Saturday morning to 12 am Monday morning

– all day Saturday & Sunday
 In the Scheduled days box, check that you want the schedule to be active for
“specific days”. Select “Saturday” and “Sunday”
 In the scheduled time of day, select “all day” – this will apply the schedule
between 12 am to 11:59 pm of the selected day.
 Click apply – now schedule “Weekend” isolates all day Saturday and Sunday
from the rest of the week.
117
Figure 65: Schedule configuration for the above example.
2. Since we are trying to block HTTP requests, it is a service with To Zone: Insecure
(WAN1/WAN2/WAN3) that is to be blocked according to schedule “Weekend”.
3. Select the Action to “Block by Schedule, otherwise allow”. This will take a predefined
schedule and make sure the rule is a blocking rule during the defined dates/times. All
other times outside the schedule will not be affected by this firewall blocking rule
118
4. As we defined our schedule in schedule “Weekend”, this is available in the dropdown

menu
5. We want to block the IP range assigned to the marketing group. Let’s say they have IP
192.168.10.20 to 192.168.10.30. On the Source Users dropdown, select Address Range
and add this IP range as the From and To IP addresses.
6. We want to block all HTTP traffic to any services going to the insecure zone. The
Destination Users dropdown should be “any”.
7. We don’t need to change default QoS priority or Logging (unless desired) – clicking apply
will add this firewall rule to the list of firewall rules.
8. The last step is to enable this firewall rule. Select the rule, and click “enable” below the
list to make sure the firewall rule is active
5.5 Security on Custom Services

Security > Firewall > Custom Services
Custom services can be defined to add to the list of services available during firewall
rule configuration. While common services have known TCP/UDP/ICMP ports for
traffic, many custom or uncommon applications exist in the LAN or WAN. In the
custom service configuration menu you can define a range of ports and identify the
traffic type (TCP/UDP/ICMP) for this service. Once defined, the new service will
appear in the services list of the firewall rules configuration menu.
119
Figure 66: List of user defined services .
Figure 67: Custom Services configuration
Created services are available as options for firewall rule configuration.

Name: Name of the service for identification and management purposes.
Type: The layer 3 Protocol that the service uses. (TCP, UDP, BOTH, ICMP or ICMPv6)
Port Type: This fields allows to select Port Range or Multiple Ports
ICMP Type: This field is enabled when the layer 3 protocol (in the Type field) is
selected as ICMP or ICMPv6. The ICMP type is a numeric value that can range between
0 and 40, while for ICMPv6 the type ranges from 1 to 255. For a list of ICMP types,
visit the following URL: http://www.iana.org/assignments/icmp-parameters.
Start Port: The first TCP, UDP or BOTH port of a range that the service uses. If the
service uses only one port, then the Start Port will be the same as the Finish Port.
120
Finish Port: The last port in the range that the service uses. If the service uses only one
port, then the Finish Port will be the same as the Start Port.
Port: The port that the service uses.
5.6 ALG support

Security > Firewall > ALGs > SMTP ALGs
Application Level Gateways (ALGs) are security component that enhance the firewall
and NAT support of this router to seamlessly support application layer protocols. In
some cases enabling the ALG will allow the firewall to use dynamic ephemeral TCP/
UDP ports to communicate with the known ports a particular client application (such
as H.323 or RTSP) requires, without which the admin would have to open large number
of ports to accomplish the same support. Because the ALG understands the protocol
used by the specific application that it supports, it is a very secure and efficient way of
introducing support for client applications through the router’s firewall.
121
Figure 68: Available ALG support on the router .
5.7 VPN Passthrough for Firewall

Security > Firewall > VPN Passthrough
This router’s firewall settings can be configured to allow encrypted VPN traffic for
IPsec, PPTP, and L2TP VPN tunnel connections between the LAN and internet. A
specific firewall rule or service is not appropriate to introduce this passthrough support;
instead the appropriate check boxes in the VPN Passthrough page must be enabled.
122
Figure 69: Passthrough options for VPN tunnels
5.8 Bridge Mode Firewall

Security > Firewall > Firewall Rules > Bridge Firewall rules
When Bridge is the selected system routing mode, Layer 2 level firewall rules are
available to manage network traffic. These firewall rules will be applied between the
two ports that are part of the bridge: LAN1 and the WAN2/DMZ physical ports.
 Bridge mode option is available on DSR -500 / 500N / 1000 / 1000N products
only.
123
Figure 70: List of Configured Firewall Rules for the Bridge
Firewall rules configured for the bridge will filter traffic based on protocol, outgoing
range of ports and/or the incoming range of ports. The processing is at L2 and can
apply either to the LAN1 port or the WAN2/DMZ port (not both).
Figure 71: Bridge Firewall Rule configuration
124
5.9 Application Rules

Security > Firewall > Dynamic Port Forwarding
Application rules are also referred to as p ort triggering. This feature allows devices on
the LAN or DMZ to request one or more ports to be forwarded to them. Port triggering
waits for an outbound request from the LAN/DMZ on one of the defined outgoing ports,
and then opens an incoming port for that specified type of traffic. This can be thought
of as a form of dynamic port forwarding while an application is transmitting data over
the opened outgoing or incoming port(s).
Port triggering application rules are more flexible than static port forwarding that is an
available option when configuring firewall rules. This is because a port triggering rule
does not have to reference a specific LAN IP or IP range. As well ports are not left
open when not in use, thereby providing a level of security that port forwarding does
not offer.
 Port triggering is not appropriate for servers on the LAN, since there is a
dependency on the LAN device making an outgoing connection before incoming
ports are opened.
Some applications require that when external devices connect to them, they recei ve data
on a specific port or range of ports in order to function properly. The router must send
all incoming data for that application only on the required port or range of ports. The
router has a list of common applications and games with corresponding o utbound and
inbound ports to open. You can also specify a port triggering rule by defining the type
of traffic (TCP or UDP) and the range of incoming and outgoing ports to open when
enabled.
125
Figure 72: List of Available Applicatio n Rules showing 4 unique rules
The application rule status page will list any active rules, i.e. incoming ports that are
being triggered based on outbound requests from a defined outgoing port.
5.10 Web Content Filtering

The gateway offers some standard web filtering options to allow the admin to easily
create internet access policies between the secure LAN and insecure WAN. Instead of
creating policies based on the type of traffic (as is the case when using firewall rules ),
web based content itself can be used to determine if traffic is allowed or dropped.
126
5.10.1 Static Content Filtering
Security > Web Content Filter > Static Filtering

Content filtering must be enabled to configure and use the subsequent features (list of
Trusted Domains, filtering on Blocked Keywords, etc.). Proxy servers, which can be
used to circumvent certain firewall rules and thus a potential security gap, can be
blocked for all LAN devices. Java applets can be prevented from being downloaded
from internet sites, and similarly the gateway can prevent ActiveX controls from being
downloaded via Internet Explorer. For added security cookies, which typically contain
session information, can be blocked as well for all devices on the private network.
Figure 73: Content Filtering used to block access to proxy servers and
prevent ActiveX controls from being downloaded
5.10.2 Approved URLs
Security > Web Content Filter > Static Filtering > Approved URl
The Approved URLs is an acceptance list for all URL domain names. Domains added
to this list are allowed in any form. For example, if the domain “yahoo” is added to this
list then all of the following URL’s are permitted access from the LAN:
www.yahoo.com, yahoo.co.uk, etc. Import/export from a text or CSV file for Approved
URLs is also supported
127
Figure 74: Two trusted domains added to the Approved URLs List
5.10.3 Blocked Keywords
Security > Web Content Filter > Static Filtering > Blocked Keywords
Keyword blocking allows you to block all website URL’s or site content that contains
the keywords in the configured list. This is lower priority than the Approved URL List;
i.e. if the blocked keyword is present in a site allowed by a Trusted Domain in the
Approved URL List, then access to that site will be allowed. Import/export from a text
or CSV file for keyword blocking is also supported.
128
Figure 75: One keyword added to the block list
5.10.4 Export Web Filter
Security > Web Content Filter > Static Filtering > Approved URL
Export Approved URLs: Feature enables the user to export the URLs to be allowed to
a .csv (comma-separated value) file which can then be downloaded to the local host.
The user has to click the export button to get the csv file.
Export Blocked Keywords: This feature enables the user to export the keywords to be
blocked to a csv file which can then be downloaded to the local host. The user has to
click the export button to get the csv file .
129
Figure 76: Export Approved URL list
5.10.5 Dynamic WCF
Security > Web Content Filter > Dynamic Filtering
Figure 77: Dynamic WCF
130
This feature allows the administrator to block access from a range of web content
categories. The router must be upgraded with the the WCF license and then the Content
Filtering option, which allows the user to filter out internet sites, needs to be enabled.
The Dynamic Content Filtering configuration page will let the administrator choose
from a range of pre-defined categories to be blocked. When enabled, access to a website
belonging to one of these configured categories will be blocked with an error page.
 Adult Content: Sites that host explicit sex content, nudity and sites that use
profanity.
 News: Sites that offer news and information on current events, incl uding
newspapers, broadcasters and other publishers.
 Job Search: Sites that offer job listings, interview coaching and other
employment-related services.
 Gambling: Sites that offer online gambling or information about gambling.
 Travel/Tourism: Sites with travel and tourism information like city maps and
services including planning trips, reservations for bus/train/airlines, hotel
booking etc.
 Shopping: Online shops, catalogs, auction sites and classified ads etc.
 Entertainment: Websites for TV, movies, entertainment news etc. and sites
hosting video content of movies, TV streaming etc.
 Chatrooms/IM: Social networking sites, chartrooms and instant messaging sites.
 Dating Sites: Online dating, matchmaking, relationship advice, personal ads and
web pages related to marriage.
 Game Sites: Sites that offer online games, MORPG and information about
computer games, cheat codes etc.
 Investment Sites: Sites for brokerages, trusts, insurance and other investments
related organizations.
 E-banking: Sites providing online banking services offered by financial

institutions
 Crime/Terrorism: Sites providing information on anti -social activities like

murder, sabotage, bombing etc.
 Personal Beliefs/Cults: Sites about religion, places of worship, religious groups,

and occultism.
131
 Politics: Sites about politics, elections and legislation and sites that promote a
politician or political party.
 Sports: Sites about sports teams, fan clubs, and generally about all kinds of
sports.
 www Email Sites: Websites that allow users to send and/ or receive email through
a web accessible email account.
5.11 IP/MAC Binding

Network > LAN > LAN DHCP Reserved IPs
Another available security measure is to only allow outbound traffic (from the LAN to
WAN) when the LAN node has an IP address matching the MAC a ddress bound to it.
This is IP/MAC Binding, and by enforcing the gateway to validate the source traffic’s
IP address with the unique MAC Address of the configured LAN node, the administrator
can ensure traffic from that IP address is not spoofed. In the event of a violation (i.e.
the traffic’s source IP address doesn’t match up with the expected MAC address having
the same IP address) the packets will be dropped and can be logged for diagnosis.
Figure 78: The following example bind s a LAN host’s MAC Address to an
IP address served by DSR. If there is an IP/MAC Binding
132
violation, the violating packet will be dropped and logs will be

captured
5.12 Intrusion Prevention (IPS)

Security > Firewall > IPs
The gateway’s Intrusion Prevention System (IPS) prevents malicious attacks from the
internet from accessing the private network. Static attack signatures loaded to the DSR
allow common attacks to be detected and prevented. The checks can be enabled between
the WAN and DMZ or LAN, and a running counter will allow the administrator to see
how many malicious intrusion attempts from the WAN have been detected and
prevented.
 DSR-150/150N does not support Intrusion Prevention S ystem.
133
Figure 79: Intrusion Prevention features on the router
5.13 Protecting from Internet Attacks

Security > Firewall >Attack Checks
Attacks can be malicious security breaches or unintentional network issues that render
the router unusable. Attack checks allow you to manage WAN security threats such
as continual ping requests and discovery via ARP scans. TCP and UDP flood attack
checks can be enabled to manage extreme usage of WAN resources.
Additionally certain Denial-of-Service (DoS) attacks can be blocked. These at tacks,
if uninhibited, can use up processing power and bandwidth and prevent regular
network services from running normally. ICMP packet flooding, SYN traffic flooding,
and Echo storm thresholds can be configured to temporarily suspect traffic from the
offending source.
134
Figure 80: Protecting the router and LAN from internet attacks
WAN Security Checks:

Enable Stealth Mode: If Stealth Mode is enabled, the router will not respond to port
scans from the WAN. This makes it less susceptible to discovery and attacks.
Block TCP Flood: If this option is enabled, the router will drop all invalid TCP packets
and be protected from a SYN flood attack.
LAN Security Checks:
Block UDP Flood: If this option is enabled, the router will not ac cept more than 20
simultaneous, active UDP connections from a single computer on the LAN.
UDP Connection Limit: You can set the number of simultaneous active UDP
connections to be accepted from a single computer on the LAN; the default is 25
ICSA Settings:
Block ICMP Notification: selecting this prevents ICMP packets from being identified
as such. ICMP packets, if identified, can be captured and used in a Ping (ICMP) flood
DoS attack.
Block Fragmented Packets: selecting this option drops any fragmented pac kets
through or to the gateway
Block Multicast Packets: selecting this option drops multicast packets, which could
indicate a spoof attack, through or to the gateway.
DoS Attacks:
SYN Flood Detect Rate (max/sec): The rate at which the SYN Flood can be dete cted.
135
Echo Storm (ping pkts/sec): The number of ping packets per second at which the
router detects an Echo storm attack from the WAN and prevents further ping traffic
from that external address.
ICMP Flood (ICMP pkts/sec): The number of ICMP packets per s econd at which the
router detects an ICMP flood attack from the WAN and prevents further ICMP traffic
from that external address.
 The ping on LAN interfaces is enabled in default. To disable the ping response
from LAN hosts to the LAN/WAN port of the device uncheck the "Allow Ping
from LAN" option.
5.14 IGMP Proxy to manage multicast traffic

Network > LAN > IGMP Setup
IGMP snooping allows the router to ‘listen’ in on IGMP network traffic through the
router. This then allows the router to filter multicast traffic and direct this only to
hosts that need this stream. This is helpful when there is a lot of multicast traffic on
the network (say from an IPTV application) where all LAN hosts do not need to
receive this multicast traffic. Enabling IGMP snooping allows the router to regulate
the amount of multicast traffic on the network, to prevent flooding all LAN hosts.
Active IGMP snooping is referred to IGMP Proxy, and this is available on your router.
Figure 81: Enabling IGMP Proxy for the LAN
Enable IGMP Proxy: selecting this allows the router to listen in on IGMP traffic
through the network, and manage multicast streams bound for the LAN
In the event that aWAN uses Russia Dual Access PPTP / L2TP connection, the
outbound interface for IGMP traffic can be selected. Either the physical link (DHCP)
or the PPP link (PPTP / L2TP) can be designated t o carry IGMP outbound traffic. This
applies to any WAN that uses Russia Dual Access PPTP, which is set at based on the
WAN configuration. This setting is specific for Russia Dual Access ISPs where
streaming services are run on the physical links only.
136
Chapter 6. IPsec / PPTP / L2TP VPN

A VPN provides a secure communication channel (“tunnel”) between two gateway
routers or a remote PC client. The following types of tunnels can be created:
 Gateway-to-gateway VPN: to connect two or more routers to secure traffic between
remote sites.
 Remote Client (client-to-gateway VPN tunnel): A remote client initiat es a VPN

tunnel as the IP address of the remote PC client is not known in advance. The g ateway
in this case acts as a responder.
 Remote client behind a NAT router: The client has a dynamic IP address and is behind
a NAT Router. The remote PC client at the NAT router initia tes a VPN tunnel as the
IP address of the remote NAT router is not known in advance. T he gateway WAN
port acts as responder.
 PPTP server for LAN / WAN PPTP client connections.
 L2TP server for LAN / WAN L2TP client connections.
Figure 82: Example of Gateway -to-Gateway IPsec VPN tunnel using two
DSR routers connected to the Internet
137
Figure 83: Example of three IPsec client connections to the internal

network through the DSR IPsec gateway
6.1 VPN Wizard

Setup > Wizard > VPN Wizard
You can use the VPN wizard to quickly create both IKE and VPN policies. Once the
IKE or VPN policy is created, you ca n modify it as required.
138
Figure 84: VPN Wizard launch screen
To easily establish a VPN tunnel using VPN Wizard, follow the steps below:
1. Select the VPN tunnel type to create
 The tunnel can either be a gateway to gateway connection (site-to-site) or a tunnel to

a host on the internet (remote access).
 Set the Connection Name and pre-shared key: the connection name is used for
management, and the pre-shared key will be required on the VPN client or gateway
to establish the tunnel. The pre-shared key has a maximum length of 64 digits.
 Determine the local gateway for this tunnel; if there is more than one WAN
configured the tunnel can be configured for either of the gateways.
2. Configure Remote and Local WAN address for the tunnel endpoints
 Remote Gateway Type: identify the remote endpoint of the tunnel by FQDN or static
IP address
 Remote WAN IP address / FQDN: This field is enabled only if the peer you are trying
to connect to is a Gateway. For VPN Clients, this IP address or Internet Name is
determined when a connection request is received from a client.
 Local Gateway Type: identify this router’s endpoint of the tunnel by FQDN or static
IP address
 Local WAN IP address / FQDN: This field can be left blank if you are not using a
different FQDN or IP address than the one specified in the WAN port’s configuration.
139
3. Configure the Secure Connection Remote Accessibility fields to identify the remote
network:
 Remote LAN IP address: address of the LAN behind the peer gateway
 Remote LAN Subnet Mask: the subnet mask of the LAN behind the peer
 Note: The IP address range used on the remote LAN must be different from the
IP address range used on the local LAN.
4. Review the settings and click Connect to establish the tunnel.
The Wizard will create an Auto IPsec policy with the following default values for a
VPN Client or Gateway policy (these can be accessed from a link on the Wizard page):
Parameter Default value from Wizard
Exchange Mode Aggressive (Client policy ) or Main (Gateway policy)
ID Type FQDN
Local WAN ID wan_local.com (only applies to Client policies)
Remote WAN ID wan_remote.com (only applies to Client policies)
Encryption Algorithm 3DES
Authentication Algorithm SHA-1
Authentication Method Pre-shared Key (max 64 digits)
PFS Key-Group DH-Group 2(1024 bit)
Life Time (Phase 1) 24 hours
Life Time (Phase 2) 8 hours
NETBIOS Enabled (only applies to Gateway policies)
 The VPN Wizard is the recommended method to set up an Auto IPsec policy.
Once the Wizard creates the matching IKE and VPN policies required by the
Auto policy, one can modify the required fields through the edit link. Refer to
the online help for details.
Easy Setup Site to Site VPN Tunnel:

If you find it difficult to configure VPN policies through VPN wizard use easy setup
site to site VPN tunnel. This will add VPN policies by importing a file containing
VPN policies.
140
6.2 Configuring IPsec Policies

VPN > IPSec VPN > Policies
An IPsec policy is between this router and another gateway or this router and an IPsec
client on a remote host. The IPsec mode can be either tunnel or transport depending on
the network being traversed between the two policy endpoints.
 Transport: This is used for end-to-end communication between this router and the
tunnel endpoint, either another IPsec gateway or an IPsec VPN client on a host. Only
the data payload is encrypted and the IP header is not modified or encrypted.
 Tunnel: This mode is used for network-to-network IPsec tunnels where this gateway
is one endpoint of the tunnel. In this mode the entire IP packet including the header
is encrypted and/or authenticated.
When tunnel mode is selected, you can enable NetBIOS and DHCP over IPsec. DHCP
over IPsec allows this router to serve IP leases to hosts on the remote LAN. As well in
this mode you can define the single IP address, range of IPs, or subnet on both the loca l
and remote private networks that can communicate over the tunnel.
141
Figure 85: IPsec policy configuration
142
Once the tunnel type and endpoints of the tunnel are defined you can determine the
Phase 1 / Phase 2 negotiation to use for the tunnel. This is covered in the IPsec mode
setting, as the policy can be Manual or Auto. For Auto policies, the Internet Key
Exchange (IKE) protocol dynamically exchanges keys between two IPsec hosts. The
Phase 1 IKE parameters are used to define the tunnel’s security association details. The
Phase 2 Auto policy parameters cover the security association lifetime and
encryption/authentication details of the phase 2 key negotiation.
The VPN policy is one half of the IKE/VPN policy pair requir ed to establish an Auto
IPsec VPN tunnel. The IP addresses of the machine or machines on the two VPN
endpoints are configured here, along with the policy parameters required to secure the
tunnel
143
Figure 86: IPsec policy configuration continued (Auto policy via IKE)
A Manual policy does not use IKE and instead relies on manual keying to exchange
authentication parameters between the two IPsec hosts. The incoming and outgoing
security parameter index (SPI) values must be mirrored on the remote tunnel endpoint.
As well the encryption and integrity algorithms and keys must match on the remote
IPsec host exactly in order for the tunnel to establi sh successfully. Note that using Auto
policies with IKE are preferred as in some IPsec implementations the SPI (security
parameter index) values require conversion at each endpoint.
DSR supports VPN roll-over feature. This means that policies configured o n primary
WAN will rollover to the secondary WAN in case of a link failure on a primary WAN.
This feature can be used only if your WAN is configured in Auto-Rollover mode.
144
Figure 87: IPsec policy configuration continued (Auto / M anual Phase 2)
6.2.1 Extended Authentication (XAUTH)

You can also configure extended authentication (XAUTH). Rather than configure a
unique VPN policy for each user, you can configure the VPN gateway router to
authenticate users from a stored list of user accounts or with an external authentication
server such as a RADIUS server. With a user database, user accounts created in the
router are used to authenticate users.
With a configured RADIUS server, the router connects to a RADIUS server and passes
to it the credentials that it receives from the VPN client. You can secure the
connection between the router and the RADIUS server with the authentication
protocol supported by the server (PAP or CHAP). For RADIUS – PAP, the router first
checks in the user database to see if the user credentials are available; if they are not,
the router connects to the RADIUS server.
6.2.2 Internet over IPsec tunnel

In this feature all the traffic will pass through the VPN Tunnel and from the Remote
Gateway the packet will be routed to Internet. On the remote gateway side, the
outgoing packet will be SNAT'ed.
145
6.3 Configuring VPN clients

Remote VPN clients must be configured with the same VPN policy parameters used in
the VPN tunnel that the client wishes to use: encryption, authentication, life time, and
PFS key-group. Upon establishing these authentication parameters, the VPN Client user
database must also be populated with an account to give a user access to the tunnel.
 VPN client software is required to establish a VPN tunnel between the router and
remote endpoint. Open source software (such as OpenVPN or Openswan) as well
as Microsoft IPsec VPN software can be configured with the required IKE policy
parameters to establish an IPsec VPN tunnel. Refer to the client software guide
for detailed instructions on setup as well as the router’s o nline help.
The user database contains the list of VPN user accounts that are authorized to use a
given VPN tunnel. Alternatively VPN tunnel users can be authenticated using a
configured RADIUS database. Refer to the online help to determine how to popula te
the user database and/or configure RADIUS authentication.
6.4 PPTP / L2TP Tunnels

This router supports VPN tunnels from either PPTP or L2TP ISP servers. The router
acts as a broker device to allow the ISP's server to create a TCP control connection
between the LAN VPN client and the VPN server.
6.4.1 PPTP Tunnel Support

VPN > PPTP VPN > Client
PPTP VPN Client can be configured on this router. Using this client we can access
remote network which is local to PPTP server. Once client is enabled, the user can
access VPN > PPTP VPN > Active Users page and establish PPTP VPN tunnel
clicking Connect. To disconnect the tunnel, click Drop.
146
Figure 88: PPTP tunnel configuration – PPTP Client
Figure 89: PPTP VPN connection status
VPN > PPTP VPN > Server

A PPTP VPN can be established through this router. Once enabled a PPTP server is
available on the router for LAN and WAN PPTP client users to access. Once the PPTP
server is enabled, PPTP clients that are within the range of configured IP addresses
of allowed clients can reach the router’s PPTP server. Once authenticated by the PPTP
server (the tunnel endpoint), PPTP clients have access to the network managed by the
router.
The range of IP addresses allocated to PPTP clients can coincide with the LAN subnet.
As well the PPTP server will default to local PPTP user authentication, but can be
configured to employ an external authentication server should one be configured.
147
Figure 90: PPTP tunnel configuration – PPTP Server
6.4.2 L2TP Tunnel Support
VPN > L2TP VPN > Server

A L2TP VPN can be established through this router. Once enabled a L2TP server is
available on the router for LAN and WAN L2TP client users to access. Once the L2TP
server is enabled, L2TP clients that are within the range of configured IP addresses
of allowed clients can reach the router’s L2TP server. Once authenticated by the L2TP
server (the tunnel endpoint), L2TP clients have access to the network managed by the
router.
148
Figure 91: L2TP tunnel configuration – L2TP Server
149
VPN > L2TP VPN > Client

A L2TP VPN Client can be configured on this router. Using this client we can
access remote network which are local to the L2TP server. Once the client is
enabled, the user can access Status > Active VPN page and establish L2TP VPN
tunnel clicking Connect. To disconnect the tunnel, click Drop .
A L2TP VPN can be established through this router. Once enabled a L2TP server is
available on the router for LAN and WAN L2TP client users to access. Once the
L2TP server is enabled, L2TP clients that are configured with the remote L2TP
network server range (IP address and Netmask) can reach an endpoint router’s L2TP
150
server. Once authenticated by the L2TP server (the tunnel endpoint), L2TP clients
have access to the local network managed by the router.
Figure 92: L2TP tunnel configuration – L2TP Client
6.5 GRE Tunnel Support

VPN > GRE > GRE Tunnels
GRE tunnels allow for broadcast traffic on the LAN of the router to be passed over
the internet and received by remote LAN hosts. This is primarily useful in the D-
Link Discovery Protocol (DDP) application where broadcast traffic from one LAN
host is to be received by all LAN hosts in the local subnets of the GRE endpoints.
 Note the following limits for the number of supported GRE tunnels per product:
 DSR-150/150N: 5
 DSR-250/250N: 10
 DSR-500/500N: 15
151
 DSR-1000/1000N: 20
There are two simple steps involved in establishing a GRE tunnel on the router:
1. Create a GRE tunnel from the GUI
2. Setup a static route for the remote local networks using the GRE tunnel
Figure 93: GRE Tunnel configuration
When creating the GRE tunnel, the IP Address should be a unique address that
identifies that GRE tunnel endpoint. It will be referenced in the other router’s static
route as the Gateway IP address. The Remote End Address in the GRE tunnel
configuration page is the WAN IP address of the other endpoint router.
Once the tunnel is established, a static route on the router can be made using the
interface set to the configured GRE tunnel name. The destination IP address of the
static route is the remote LAN subnet, and the route’s gateway IP address will be the
152
GRE tunnel IP of the terminating router (the same router that manages the remote
LAN subnet). Once these two steps are completed, all DDP broadcast traffic can
flow between remote LAN subnets via the GRE Tunne l.
6.6 OpenVPN Support

VPN > Open VPN > Settings
OpenVPN allows peers to authenticate each other using a pre -shared secret key,
certificates, or username/password. When used in a multiclie nt-server configuration,
it allows the server to release an authentication certificate for every client, using
signature and Certificate authority. An Open VPN can be established through this
router. Check/Uncheck this and click save settings to start/stop the OpenVPN server.
 Mode: OpenVPN daemon mode. It can run in server mode, client mode or
access server client mode. In access server client mode, the user has to
download the auto login profile from the OpenVPN Access Server and upload
the same to connect.
 Server IP: OpenVPN server IP address to which the client connects
(applicable in client mode).
 VPN Network: Address of the Virtual Network.
 VPN Netmask: Netmask of the Virtual Network.
 Port: The port number on which OpenVPN server (or Access Server) runs.
 Tunnel Protocol: The protocol used to communicate with the remote host. Ex:
TCP, UDP. UDP is the default.
 Encryption Algorithm: The cipher with which the packets are encrypted. Ex:
BF-CBC, AES-128, AES-192 and AES-256. BF-CBC is the default
 Hash algorithm: Message digest algorithm used to authenticate packets. Ex:
SHA1, SHA256 and SHA512. SHA1 is the default.
 Tunnel Type: Select Full Tunnel to redirect all the traffic through the tunnel.
Select Split Tunnel to redirect traffic to specified resources ( added via
OpenVPN client routes) through the tunnel. Full Tunnel is the default.
 Enable Client to Client communication: Enable this to allow OpenVPN clients
to communicate with each other in split tunnel case. Disabled by default.
 Upload Access Server Client Configuration: The user has to download the
auto login profile and upload here to connect this router to the OpenVPN
Access Server.
 Certificates: Select the set of certificates OpenVPN server uses. First Row:
Set of certificates and keys the server uses. Second Row: Set of certificates
and keys newly uploaded.
 Enable TLS Authentication Key: Enabling this adds TLS authentication which
adds an additional layer of authentication. Can be checked only when the TLS
key is uploaded. Disabled by default.
Click Save Settings to save the settings.
153
Figure 94: OpenVPN configuration
6.6.1 OpenVPN Remote Network
VPN > Open VPN > Remote Networks

This page allows the user to add/edit a remote network and netmask which allows the
other OpenVPN clients to reach this network.
Figure 95: OpenVPN Remote Network
Common Name: Common Name of the OpenVPN client certificate.
154
Remote Network: Network address of the remote resource.

Subnet Mask: Netmask of the remote resource.
6.6.2 OpenVPN Authentication
VPN > Open VPN > Authentication

This page allows the user to upload required certificates and keys.
Figure 96: OpenVPN Authentication
Trusted Certificate (CA Certificate): Browse and upload the pem formatted CA
Certificate.
Server/Client Certificate: Browse and upload the pem formatted Server/Client
Certificate.
155
Server/Client Key: Browse and upload the pem formatted Server/Client Key.
DH Key: Browse and upload the pem formatted Diffie Hellman Key.
TLS Authentication Key: Browse and upload the pem formatted TLS Authentication
Key.
156
Chapter 7. SSL VPN
The router provides an intrinsic SSL VPN feature as an alternate to the standard IPsec
VPN. SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre-
installed VPN client on the remote host. Instead, users can securely login through the
SSL User Portal using a standard web browser and receive access to configured network
resources within the corporate LAN. The router supports multiple concurrent sessions to
allow remote users to access the LAN over an encrypted link through a customizable user
portal interface, and each SSL VPN user can be assigned unique privileges and network
resource access levels.
The remote user can be provided different options for SSL service through this router:
 VPN Tunnel: The remote user’s SSL enabled browser is used in place of a VPN
client on the remote host to establish a secure VPN tunnel. A SSL VPN client (Active-
X or Java based) is installed in the remote host to allow the client to join the corporate
LAN with pre-configured access/policy privileges. At this point a virtual network
interface is created on the user’s host and this will be assigned an IP address and
DNS server address from the router. Once established, the host machine can access
allocated network resources.
 Port Forwarding: A web-based (ActiveX or Java) client is installed on the client

machine again. Note that Port Forwarding service only supports TCP connections
between the remote user and the router. The router administrator can define specific
services or applications that are available to remote port forwarding users instead of
access to the full LAN like the VPN tunnel.
 ActiveX clients are used when the remote user acces ses the portal using the
Internet Explorer browser. The Java client is used for other browsers like Mozilla
Firefox, Netscape Navigator, Google Chrome, and Apple Safari.
Figure 97: Example of clientless SSL VPN connections to the DSR
158
7.1 Groups and Users

Security > Authentication > User Database > Groups
The group page allows creating, editing and deleting groups. The groups are associated
to set of user types. The lists of available groups are displayed in the “List of Group”
page with Group name and description of group.
 Click Add to create a group.
 Click Edit to update an existing group.
 Click Delete to clear an existing group.
Figure 98: List of groups
Group configuration page allows creating a group with a different type of users. The
user types are as follows:
 PPTP User: These are PPTP VPN tunnel LAN users that can establish a tunnel
with the PPTP server on the WAN.
 L2TP User: These are L2TP VPN tunnel LAN users that can establish a tunnel
with the L2TP server on the WAN.
 Xauth User: This user’s authentication is performed by an externally configured
RADIUS or other Enterprise server. It is not part of the local user database.
 SSLVPN User: This user has access to the SSL VPN services as determined by
the group policies and authentication domain of which it is a member. The
domain-determined SSL VPN portal will be displayed when logging in with
this user type.
 Admin: This is the router’s super-user, and can manage the router, use SSL
VPN to access network resources, and login to L2TP/PPTP servers on the
WAN. There will always be one default administrator user for the GUI
159
 Guest User (read-only): The guest user gains read only access to the GUI to
observe and review configuration settings. The guest does n ot have SSL VPN
access.
 Captive Portal User: Captive portal users obtain internet access via approval
from the router. The access is determined based on captive portal policies.
Idle Timeout: This is the login timeout period for users of this group.
Figure 99: User group configuration
When SSLVPN users are selected, the SSLVPN settings are displayed with the
following parameters as captured in SSLVPN Settings. As per the Authentication Type
SSL VPN details are configured.
 Authentication Type: The authentication Type can be one of the following:
Local User Database (default), RADIUS-PAP, RADIUS-CHAP, RADIUS-
MSCHAP, RADIUS-MSCHAPv2, NT Domain, Active Directory and LDAP.
 Authentication Secret: If the domain uses RADIUS authentication then the
authentication secret is required (and this has to match the secret configured on
the RADIUS server).
 Workgroup: This is required is for NT domain authentication. If there are
multiple workgroups, user can enter the details for up to two workgroups.
 LDAP Base DN: This is the base domain name for the LDAP authentication
server. If there are multiple LDAP authentication servers, user s can enter the
details for up to two unique LDAP Base DN.
 Active Directory Domain: If the domain uses the Active Directory
authentication, the Active Directory domain name is required. Users configured
in the Active Directory database are given access to the SSL VPN portal with
their Active Directory username and password. If there are multiple Active
Directory domains, user can enter the details for up to two authentication
domains.
160
 Timeout: The timeout period for reaching the authentication server.

 Retries: The number of retries to authenticate with the authenti cation server
after which the DSR stops trying to reach the server.
Figure 100: SSLVPN Settings
161
Login Policies
To set login policies for the group, select the corresponding group click “Login
policies”. The following parameters are configured:
 Group Name: This is the name of the group that can have its login policy edited
 Disable Login: Enable to prevent the users of this group from logging into the
devices management interface(s)
 Deny Login from WAN interface: Enable to prevent the users of this group
from logging in from a WAN (wide area network) interface. In this case only
login through LAN is allowed.
Figure 101: Group login policies options
Policy by Browsers
To set browser policies for the group, select the corresponding group click “ Policy by
Browsers”. The following parameters are configured:
 Deny Login from Defined Browsers: The list of defi ned browsers below will be
used to prevent the users of this group from logging in to the routers GUI. All
non-defined browsers will be allowed for login for this group.
162
 Allow Login from Defined Browsers: The list of defined browsers below will
be used to allow the users of this group from logging in to the routers GUI. All
non-defined browsers will be denied for login for this group.
 Defined Browsers: This list displays the web browsers that have been added to
the Defined Browsers allotment, upon which group login policies can be
defined. (Check Box at First Column Header): Selects all the defined browsers
in the table.
 Delete: Deletes the selected browser(s).
You can add to the list of Defined Browsers by selecting a client browser from the
drop down menu and clicking Add. This browser will then appear in the above list
of Defined Browsers.
 Click Save Settings to save your changes.
Figure 102: Browser policies options
Policy by IP
To set policies bye IP for the group, select the corresponding group click “Policy by
IP”. The following parameters are configured:
163
 Deny Login from Defined Browsers: The list of defined browsers below will be
used to prevent the users of this group from logging in to the routers GUI. All
non-defined browsers will be allowed for login for this group.
 Allow Login from Defined Browsers: The list of defined browsers below will
be used to allow the users of this group from logging in to the routers GUI. All
non-defined browsers will be denied for login for this group.
 Defined Browsers: Displays the web browsers that have been added to the
Defined Browsers list, upon which group login policies can be defined.
 Check Box At First Column Header: Selects all defined browsers in the table.
 Delete: Deletes the selected browser(s).
You can add to the list of Defined Browsers by selecting a client browser from the
drop down menu and clicking Add. This browser will then appear in the above list
of Defined Browsers.
 Click Save Settings to save your changes.
Figure 103: IP policies options
164
 Login Policies, Policy by Browsers, Policy by IP are applicable SSL VPN user
only.
Security > Authentication > User Database > Users

The Users page allows the administrator to add, edit or delete existing groups. Each
user is associated to configured groups. The Lists of Available Users is displayed in
the “List of Users” page with User name, associated group and Login status.
 Click Add to create a user.
 Click Edit to update an existing user.
 Click Delete to clear an existing user
Figure 104: Available Users with login status and associated Group
7.1.1 Users and Passwords
Security > Authentication > User Database > Users > Add New Users
The user configurations allow creating users associated to group. The user settings
contain the following key components:
 User Name: This is unique identifier of the user.
 First Name: This is the user’s first name
 Last Name: This is the user’s last name
 Select Group: A group is chosen from a list of configured groups.
 Password: The password associated with the user name.
165
 Confirm Password: The same password as above is to be re-entered to prevent

against typing errors.
 Idle Timeout: The session timeout for the user.
It is recommended that passwords contains no dictionary words from any language, and
is a mixture of letters (both uppercase and lowercase), numbers, and symbols. The
password can be up to 30 characters.
Figure 105: User configuration options
7.1.2 Adding many users to the Local User Database
Security > Authentication > User Database > Get User DB

The DSR administrator can add users to the local built -in database directly via an
appropriately-formatted comma separated value (CSV) file. The advantage of this
feature is to allow for a large number of users to be added to the system with one
operation, and the same file can be uploaded to multiple DSR devices as needed. Once
uploaded the specific users in the local user database can be modified via the GUI as
needed.
166
Figure 106: Import a CSV file with multiple users to the User Database
The following parameters must be used to define the User database CSV file.
1. Create an empty text file with a .csv extension
2. Each line in the file corresponds to a single user entry. Every line should end
with carriage return equivalent of CRLF. Do not add comments or other text in
this file.
3. Formatting rules:
a) All the fields must be enclosed within double quotes.
b) Consecutive fields are seperated by commas.
c) There should be no leading or trailing spaces in a line.
d) There should be no spaces between fields.
Each line in the CSV user database file should follow the following format:
"UserName","FirstName","LastName","GroupName","MultiLogin","Password"
The above sample has fields that can assume the following valu es:
 Username (text field): Name of the user and identifier in the DSR’s database,
and so it must be unique in the local user database.
 FirstName (text field): This is a user detail and need not be unique.
 LastName (text field): This is a user detail and need not be unique.
 GroupName (text field): The group that is associated with this user.
 MultiLogSup (Boolean value): With this enabled (“1”), then multiple users can
share a single username and password.
 Password (text field): password to assign for th is username
 The Group for a corresponding user (“GroupName” in the CSV) must be created
via the GUI in advance of the User Database CSV upload action.
 None of the above fields can be left empty or NULL in the User Database CSV.
167
7.2 Using SSL VPN Policies

VPN > SSL VPN > SSL VPN Server Policy
SSL VPN Policies can be created on a Global, Group, or User level. User level policies
take precedence over Group level policies and Group level policies take precedence
over Global policies. These policies can be applied to a specific network resource, IP
address or ranges on the LAN, or to different SSL VPN services supported by the router.
The List of Available Policies can be filtered based on whether it applies to a user,
group, or all users (global).
 A more specific policy takes precedence over a generic policy when both are
applied to the same user/group/global domain. I.e. a policy for a specific IP
address takes precedence over a policy for a range of addresses containing the IP
address already referenced.
Figure 107: List of SSL VPN polices (Global filter)
To add a SSL VPN policy, you must first assign it to a user, group, or make it global
(i.e. applicable to all SSL VPN users). If the policy is for a group, the available
configured groups are shown in a drop down menu and one must be selected. Similarly,
for a user defined policy a SSL VPN user must be chosen from the available list of
configured users.
The next step is to define the policy details. The policy name is a unique identifier for
this rule. The policy can be assigned to a specific Network Resource (details follow in
the subsequent section), IP address, IP network, or all devices on the LAN of the router.
Based on the selection of one of these four options, the approp riate configuration fields
are required (i.e. choosing the network resources from a list of defined resources, or
defining the IP addresses). For applying the policy to addresses the port range/port
number can be defined.
The final steps require the policy permission to be set to either permit or deny access
to the selected addresses or network resources. As well the policy can be specified for
one or all of the supported SSL VPN services (i.e. VPN tunnel)
168
Once defined, the policy goes into effect immediat ely. The policy name, SSL service it
applies to, destination (network resource or IP addresses) and permission (deny/permit)
is outlined in a list of configured policies for the router.
Figure 108: SSL VPN policy configuration
To configure a policy for a single user or group of users, enter the following information:
 Policy for: The policy can be assigned to a group of users, a single user, or all
users (making it a global policy). To customize the policy for specific users or
groups, the user can select from the Available Groups and Available Users drop
down.
 Apply policy to: This refers to the LAN resources managed by the DSR, and
the policy can provide (or prevent) access to network resources, IP address, IP
network, etc.
 Policy name: This field is a unique name for identifying the policy. IP address:
Required when the governed resource is identified by its IP address or range of
addresses.
 Mask Length: Required when the governed resource is identified by a range of
addresses within a subnet.
 ICMP: Select this option to include ICMP traffic
 Port range: If the policy governs a type of traffic, this field is used for defining
TCP or UDP port number(s) corresponding to the governed traffic. Leaving the
starting and ending port range blank corresponds to all UDP and TCP traffic.
 Service: This is the SSL VPN service made available by this policy. The
services offered are VPN tunnel, port forwarding or both.
 Defined resources: This policy can provide access to specific network
resources. Network resources must be configured in advance of creating the
policy to make them available for selection as a defined resource. Network
resources are created with the following information
169
 Permission: The assigned resources defined by this poli cy can be explicitly

permitted or denied.
7.2.1 Using Network Resources
VPN > SSL VPN > Resources

Network resources are services or groups of LAN IP addresses that are used to easily
create and configure SSL VPN policies. This shortcut saves time when creating
similar policies for multiple remote SSL VPN users.
Adding a Network Resource involves creating a unique name to identify the resource
and assigning it to one or all of the supported SSL services. Once this is done, editing
one of the created network resources allows you to configure the object type (either
IP address or IP range) associated with the service. The Network Address, Mask
Length, and Port Range/Port Number can all be defined for this resource as required .
A network resource can be defined by configuring the following in the GUI:
 Resource name: A unique identifier name for the resource.
 Service: The SSL VPN service corresponding to the resource (VPN tunnel, Port
Forwarding or All).
170
Figure 109: List of conf igured resources, which are available to assign to
SSL VPN policies
7.3 Application Port Forwarding

Setup > VPN Settings > SSL VPN Server > Port Forwarding
Port forwarding allows remote SSL users to access specified network applications or
services after they login to the User Portal and launch the Port Forwarding service.
Traffic from the remote user to the router is detected and re-routed based on configured
port forwarding rules.
Internal host servers or TCP applications must be specified as being made acces sible to
remote users. Allowing access to a LAN server requires entering the local server IP
171
address and TCP port number of the application to be tunneled. The table below lists
some common applications and corresponding TCP port numbers:
TCP Application Port Number
FTP Data (usually not needed) 20
FTP Control Protocol 21
SSH 22
Telnet 23
SMTP (send mail) 25
HTTP (web) 80
POP3 (receive mail) 110
NTP (network time protocol) 123
Citrix 1494
Terminal Services 3389
VNC (virtual network computing) 5900 or 5800
As a convenience for remote users, the hostname (FQDN) of the network server can be
configured to allow for IP address resolution. This host name resolution provides users
with easy-to-remember FQDN’s to access TCP applications instead of error-prone IP
addresses when using the Port Forwarding service through the SSL User Portal.
To configure port forwarding, following are required:
 Local Server IP address: The IP address of the local server which is hosting the
application.
 TCP port: The TCP port of the application
Once the new application is defined it is displayed in a list of configured applications
for port forwarding.
allow users to access the private network servers by using a hostname instead of an IP
address, the FQDN corresponding to the IP address is defined in the port forwarding
host configuration section.
 Local server IP address: The IP address of the local server hosting the
application. The application should be configured in advance.
 Fully qualified domain name: The domain na me of the internal server is to be
specified
Once the new FQDN is configured, it is displayed in a list of configured hosts for port
forwarding.
 Defining the hostname is optional as minimum requirement for port forw arding
is identifying the TCP application and local server IP address. The local server
IP address of the configured hostname must match the IP address of the
configured application for port forwarding.
172
Figure 110: List of Available Applications for SSL Port Forwarding
173
7.4 SSL VPN Client Configuration

VPN > SSL VPN > SSL VPN Clients
An SSL VPN tunnel client provides a point -to-point connection between the browser -
side machine and this router. When a SSL VPN client is launched from the user portal,
a "network adapter" with an IP address from the corporate subnet, DNS and WINS
settings is automatically created. This allows local applications to access services on
the private network without any special network configuration on t he remote SSL VPN
client machine.
It is important to ensure that the virtual (PPP) interface address of the VPN tunnel client
does not conflict with physical devices on the LAN. The IP address range for the SSL
VPN virtual network adapter should be either in a different subnet or non-overlapping
range as the corporate LAN.
 The IP addresses of the client’s network interfaces (Ethernet, Wireless, etc.)

cannot be identical to the router’s IP address or a server on the corporate LAN
that is being accessed through the SSL VPN tunnel.
174
Figure 111: SSL VPN client adapter and access configuration
The router allows full tunnel and split tunnel support. Full tunnel mode just sends all
traffic from the client across the VPN tunnel to the rou ter. Split tunnel mode only sends
traffic to the private LAN based on pre -specified client routes. These client routes give
the SSL client access to specific private networks, thereby allowing access control over
specific LAN services.
Client level configuration supports the following:
 Enable Split Tunnel Support: With a split tunnel, only resources which are
referenced by client routes can be accessed over the VPN tunnel. With full
tunnel support (if the split tunnel option is disabled the DSR acts in full tunnel
mode) all addresses on the private network are accessible over the VPN tunnel.
Client routes are not required.
 DNS Suffix: The DNS suffix name which will be given to the SSL VPN client.
This configuration is optional.
 Primary DNS Server: DNS server IP address to set on the network adaptor
created on the client host. This configuration is optional.
 Secondary DNS Server: Secondary DNS server IP address to set on the network
adaptor created on the client host. This configuration is optional.
 Client Address Range Begin: Clients who connect to the tunnel get a DHCP
served IP address assigned to the network adaptor from the range of addresses
beginning with this IP address
Client Address Range End: The ending IP address of the DHCP range of
addresses served to the client network adaptor.
VPN > SSL VPN > Client Routes

If the SSL VPN client is assigned an IP address in a different subnet than the corporate
network, a client route must be added to allow access to the private LAN through the
VPN tunnel. As well a static route on the private LAN’s firewall (typically this router)
is needed to forward private traffic through the VPN Firewall to the remote SSL VPN
175
client. When split tunnel mode is enabled, the user is required to configure routes for
VPN tunnel clients:
 Destination network: The network address of the LAN or the subnet information
of the destination network from the VPN tunnel clients’ perspective is set here.
 Subnet mask: The subnet information of the destination network is set here.
Figure 112: Configured client routes only apply in split tunnel mode
 Steps to Install/Uninstall SSLVPN tunnel in MAC OS
 1.Open terminal and run "visudo" as root and it will open sudoers file
176
 2. Add "username ALL=NOPASSWD: /usr/sbin/chown,/bin/chmod,/bin/rm" at

the bottom of the sudoers file, save and close the file. (Username is the user name
of the MAC account but not SSLVPN user name).
 While uninstalling SSLVPN tunnel, when it asks for password, enter th e MAC
user account password but not the root password or SSL VPN user password
7.5 User Portal

VPN > SSL VPN > Portal Layouts
When remote users want to access the private network through an SSL tunnel (either
using the Port Forwarding or VPN tunnel service), they login through a user portal.
This portal provides the authentication fields to provide the appropriate access levels
and privileges as determined by the router administrator. The domain where the user
account is stored must be specified, and the domai n determines the authentication
method and portal layout screen presented to the remote user.
Figure 113: List of configured SSL VPN portal s. The configured portal
can then be associated with an authentication domain
7.5.1 Creating Portal Layouts
Setup > VPN Settings > SSL VPN Server > Portal Layouts
The router allows you to create a custom page for remote SSL VPN users that is
presented upon authentication. There are various fields in the portal that are
customizable for the domain, and this allows the router administrator to communicate
details such as login instructions, available services, and other usage details in the
portal visible to remote users. During domain setup, configured portal layouts are
available to select for all users authenticated by the domain.
177
 The default portal LAN IP address is https://192.168.10.1/scgi-

bin/userPortal/portal. This is the same page that opens when the “User
Portal” link is clicked on the SSL VPN menu of the router GUI.
The router administrator creates and edits portal layouts from the configuration pages
in the SSL VPN menu. The portal name, title, banner name, and banner contents are all
customizable to the intended users for this portal. The portal name is appended to the
SSL VPN portal URL. As well, the users assigned to this portal (through their
authentication domain) can be presented with one or more of the router’s supported
SSL services such as the VPN Tunnel page or Port Forwarding page.
To configure a portal layout and theme, following information is needed:
 Portal layout name: A descriptive name for the custom portal that is being
configured. It is used as part of the SSL portal URL.
 Portal site title: The portal web browser window title that appears when the
client accesses this portal. This field is optional.
 Banner title: The banner title that is displayed to SSL VPN clients prior t o
login. This field is optional.
 Banner message: The banner message that is displayed to SSL VPN clients prior
to login. This field is optional.
 Display banner message on the login page: The user has the option to either
display or hide the banner message in the login page.
 HTTP meta tags for cache control: This security feature prevents expired web
pages and data from being stored in the client’s web browser cache. It is
recommended that the user selects this option.
 ActiveX web cache cleaner: An ActiveX cache control web cleaner can be
pushed from the gateway to the client browser whenever users login to this SSL
VPN portal.
 SSL VPN portal page to display: The User can either enable VPN tunnel page
or Port Forwarding, or both depending on the SSL services to display on this
portal.
Once the portal settings are configured, the newly configured portal is added to the list
of portal layouts.
VPN>SSL VPN>Portal Layout>Add New SSl VPN Portal Layout
This pages allows the admin to create a custom SSL VPN portal layout. This new portal is for local DB
authentication using the SSL VPN group user, and then the port forward connection for this local database
portal is available.
178
Figure 114: SSL VPN Portal configuration
179
Chapter 8. Advanced Configuration Tools

8.1 USB Device Setup
Status > System Information > USB Status
The D-Link Services Router has a USB interface for printer access, file sharing and on
the DSR-1000 / DSR-1000N models, 3G modem support. There is no configuration on
the GUI to enable USB device support. Upon inserting your USB storage device, printer
cable or 3G modem the DSR router will automatically detect the type of connected
peripheral.
 USB Mass Storage: also referred to as a “share port”, files on a USB disk connected
to the DSR can be accessed by LAN users as a network drive.
 USB Printer: The DSR can provide the LAN with access to printers connected
through the USB. The printer driver will have to be installed on the LAN host and
traffic will be routed through the DS R between the LAN and printer.
 USB 3G modem: A 3G modem dongle can be plugged in and used as a secondary
WAN. Load balancing, auto-failover, or primary WAN access can be configured
through the 3G interface.
To configure printer on a Windows machine, follow below given steps:
 Click 'Start' on the desktop.
 Select ‘Printers and faxes’ option.
 Right click and select 'add printer' or click on 'Add printer' present at the left menu.
 Select the 'Network Printer' radio button and click next (select "device isn 't listed
in case of Windows7").
 Select the 'Connect to printer using URL' radio button ('Select a shared printer by
name ‘in case of Windows 7) and give the following URL http://<Router's LAN IP
address>:631/printers/<Model Name> (Model Name can be found in the USB status
page of router's GUI).
 Click 'next' and select the appropriate driver from the displayed list.
 Click on 'next' and 'finish' to complete adding the printer.
180
Figure 115: USB Device Detection
8.2 USB share port

Maintenance > Administration > USB SharePort
This page allows configure the SharePort feature available in this router.
181
Figure 116: USB SharePort
USB-1:
Enable USB Printer: Select this option to allow the USB printer connected to the router
to be shared across the network.
The USB printer can be accessed on any LAN host (with appropriate printer driver
installed) connected to the router by using the following command in the host's add
printers window
http://<Router's IP:631>/printers/<Device Model> (Device Model can be found in the
USB settings page).
Enable Sharing: Select this option to allow the USB storage device connected to the
router to be shared across the network.
USB-2:
Enable USB Printer: Select this option to allow the USB printer connected to the router
to be shared across the network.
The USB printer can be accessed on any LAN host (with appropriate printer driver
installed) connected to the router by using the following command in the host's add
printers window
http://<Router's IP:631>/printers/<Device Model> (Device Model can be found in the
USB settings page).
Enable Sharing: Select this option to allow the USB storage device connected to the
router to be shared across the network.
Sharing Enabled interfaces:
The LAN interfaces on which USB sharing is enabled, at least one interface must be
selected to begin sharing.
Enable Printer: Enables printer sharing on the selected interface.
Enable Storage: Enables storage device sharing on the selected interface.
182
8.3 SMS service

Maintenance > Administration > SMS Service > Inbox
The D-Link Services Router has a USB interface to connect 3G modem support to send
and receive Short Messaging Service. The received messages can be seen in the Inbox
and allows the user to create a new SMS. If WAN3 is used in dedicated wan mode, load
balancing mode or if 3G USB Device is not connected to router then the controls on
this page will be greyed out.
Figure 117: SMS Service – Send SMS
The following details are displayed in SMS INBOX page:

 Sno: Displays the serial number of message in the inbox.
 Sender: Displays the sender of the particular message.
 TimeStamp: Displays the time when the message was sent
 Text: Displays the content of the particular Message.
The following actions are performed:
 Delete: Deletes the SMS having that particular Sno. Only one message can be
deleted at a time.
 Refresh: Updates the inbox with new SMS (if any).
 Reply: Lets the user create a new SMS in reply to a particular message by the
selected sender. “Receiver" field in the createSms.htm page is filled with the
sender's number.
 Forward: Lets the user forward a selected SMS. "Text Message" field in the
createSms.htm page is filled with the "Text" of the se lected message.
183
Figure 118: SMS Service – Receive SMS
The following details to be provided in Create Message page:

 Receiver: Enter the phone number of the intended receiver of the message.
 Text Message: Enter the body of the message here
Click Send Message to send the message.
Click Don't Save Settings to reset Receiver and Text Message fields.
8.4 External Authentication

The local user database present in the router itself is typically used for granting
management access for the GUI or CLI. External authentication servers are typically
more secure, and can be used for allowing wireless AP connections, authenticating
IPsec endpoints, and even allowing access via a Captive Portal on the VLAN. This
section describes the available authentication servers on the router, and also the
configuration requirements.
In all cases, the “Server Checking” button is used to verify connectivity to the
configured server(s).
8.4.1 POP3 Server
Security > Authentication >External Auth Server > POP3 Server

POP3 is an application layer protocol most commonly used for e -mail over a TCP/IP
connection. The authentication server can be used with SSL encrypti on over port
995to send encrypted traffic to the POP3 server. The POP3 server’s certificate is
verified by a user-uploaded CA certificate. If SSL encryption is not used, port 110
will be used for the POP3 authentication traffic.
The DSR router acts only as a POP3 client to authenticate a user by contacting an
external POP3 server. This authentication option is available for IPsec, PPTP/L2TP
184
Server and Captive Portal users. Note that POP3 for PPTP / L2TP servers is
supported only with PAP and not with CHAP / MSCHAP / MSCHAPv2 encryption.
Figure 119: POP3 Authentication Server configuration
The “Server Checking” button is used to verify connectivity to the configured

server(s). A CA file is used as part of the POP3 negotiation to verify the conf igured
authentication server identity. Each of the 3 configured servers can have a unique CA
used for authentication.
185
Figure 120: POP3 CA file upload
8.4.2 NT Domain Server
Security > Authentication >External Auth Server > NT Domain

The NT Domain server allows users and hosts to authenticate themselves via a pre -
configured Workgroup field. Typically Windows or Samba servers are used to
manage the domain of authentication for the centralized directory of authorized users.
186
Figure 121: NT Domain Authentication Server configuration
8.4.3 RADIUS Server
Security > Authentication > External Auth Server > RADIUS Server
Enterprise Mode for wireless security uses a RADIUS Server for WPA and/or WPA2
security. A RADIUS server must be configured and accessible by the router to
authenticate wireless client connections to an AP enabled with a profile that uses
RADIUS authentication.
 The Authentication IP Address is required to identify the server. A secondary
RADIUS server provides redundancy in the event that the primary server cannot be
reached by the router when needed.
187
 Authentication Port: the port for the RADIUS server connection

 Secret: enter the shared secret that allows this router to log into the specified
RADIUS server(s). This key must match the shared secret on the RADIUS Server.
 The Timeout and Retries fields are used to either move to a secondary server if the
primary cannot be reached, or to give up the RADIUS authentication attempt if
communication with the server is not possible.
Figure 122: RADIUS Server configuration
188
8.4.4 Active Directory Server
Security > Authentication >External Auth Server > AD Server

Active Directory authentication is an enhanced version of NT Domain authentication.
The Kerberos protocol is leveraged for authentication of users, who are grouped in
Organizational Units (OUs). In particular the Active Directory server can support
more than a million users given is structure while the NT Domain server is limited to
thousands.
The configured Authentication Servers and Active Directory domain(s) are used to
validate the user with the directory of users on the external Windows based server.
This authentication option is common for SSL VPN client users and is also useful for
IPsec / PPTP / L2TP client authentication.
Figure 123: Active Directory Authentication Server configuration
189
8.4.5 LDAP Server
Security > Authentication >External Auth Server > LDAP Server

The LDAP authentication method uses LDAP to exchange authentication credentials
between the router and external server. The LDAP server maintains a large database
of users in a directory structure, so users with t he same username but belonging to
different groups can be authenticated since the user information is stored in a
hierarchal manner. Also of note is that configuring a LDAP server on Windows or
Linux servers is considerably less complex than setting up NT Domain or Active
Directory servers for user authentication.
The details configured on the router will be passed for authenticating the router and
its hosts. The LDAP attributes, domain name (DN), and in some cases the
administrator account & password are key fields in allowing the LDAP server to
authenticate the router.
190
Figure 124: LDAP Authentication Server configuration
8.5 Authentication Certificates

VPN > IPSec VPN > Certificates > Trusted Certificates
This gateway uses digital certificates for IPsec VPN authentication as well as SSL
validation (for HTTPS and SSL VPN authentication). You can obtain a digital
certificate from a well-known Certificate Authority (CA) such as VeriSign, or generate
and sign your own certificate using functionality available on this gateway. The
gateway comes with a self-signed certificate, and this can be replaced by one signed by
a CA as per your networking requirements. A CA certificate provides strong assurance
of the server’s identity and is a requirement for most corporate network VPN solutions.
191
The certificates menu allows you to view a list of certificates (both from a CA and self -
signed) currently loaded on the gateway. The following certificate data is displayed in
the list of Trusted (CA) certificates:
CA Identity (Subject Name): The certificate is issued to this person or organization
Issuer Name: This is the CA name that issued this certificate
Expiry Time: The date after which this Trusted certificate becomes inv alid
A self certificate is a certificate issued by a CA identifying your device (or self -signed
if you don’t want the identity protection of a CA). The Active Self Certificate table
lists the self certificates currently loaded on the gateway. The following information is
displayed for each uploaded self certificate:
 Name: The name you use to identify this certificate, it is not displayed to IPsec
VPN peers or SSL users.
 Subject Name: This is the name that will be displayed as the owner of this
certificate. This should be your official registered or company name, as IPsec or
SSL VPN peers are shown this field.
 Serial Number: The serial number is maintained by the CA and used to identify this
signed certificate.
 Issuer Name: This is the CA name that issued (signed) this certificate
 Expiry Time: The date after which this signed certificate becomes invalid – you
should renew the certificate before it expires.
To request a self certificate to be signed by a CA, you can generate a Certificate Signing
Request from the gateway by entering identification parameters and pass ing it along to
the CA for signing. Once signed, the CA’s Trusted Certificate and signed certificate
from the CA are uploaded to activate the self -certificate validating the identity of this
gateway. The self certificate is then used in IPsec and SSL connections with peers to
validate the gateway’s authenticity.
192
Figure 125: Certificate summary for IPsec and HTTPS management
193
8.6 Advanced Switch Configuration

Maintenance > Management > Power Saving
The DSR allows you to adjust the power consumption of the hardware based on your
actual usage. The two “green” options available for your LAN switch are Power Saving
by Link Status and Length Detection State. With “Power Saving by Link Status” option
enabled, the total power consumption by the LAN switch is dependent function of on
the number of connected ports. The overall current draw when a single port is connected
is less than when all the ports are connected. With “Length De tection State” option
enabled, the overall current supplied to a LAN port is reduced when a smaller cable
length is connected on a LAN port.
Jumbo Frames support can be configured as an advanced switch configuration. Jumbo
frames are Ethernet frames with more than 1500 bytes of payload. When this option is
enabled, the LAN devices can exchange information at Jumbo frames rate.
Figure 126: Advanced Switch Settings
8.7 Package Manager

Maintenance > Administration > Package Manager
A package is a set of files which are installed by the router from D -Link’s repositories.
This feature allows users to download new drivers for supported USB devices and
language packs to enable multi-lingual support for the router’s management interface.
Multi-lingual support via the package manager allows the user to choose a language of
choice so that the entire textual content in the router’s user interface is presented in the
selected language.
 DSR-1000, DSR-1000N, DSR-500, and DSR-500N support the Package Manager

feature.
This feature supports a single driver and single language pack to be stored in the router
(i.e. these files are available for use after device reboot) . There are 2 types of
installations supported by this feature:
194
1. Manual Installation: Upon selecting manual installation, the user has to

download the package which will then display the available languages that the
router GUI now supports.
 Only drivers provided by D-Link can be used for manual installation. A

validation process will be performed during installation.
2. Auto Installation: By selecting the link “click here” the Auto installation of the
package is exercised. A page showing the list of available drivers / language
packs is displayed from which the user can select and instal l one of the options.
For this type of installation the router must be able to access the internet, as
this will allow the user to download the package from a repository server which
consists of all the available languages.
Figure 127: Device Drivers
Device Drivers: Users can install drivers manually or can install from the listed drivers.
List of Device Drivers: It allows the user to install or uninstall the available drivers.
Manual Install: User can upload the provided driver package for installation.
195
Browse: The user can choose the package to upload. Click on “Install” to save your
changes.
Figure 128: Installation of driver/language pack
196
Upon clicking on the link “click here”, a page showing the list of device drivers is
displayed.
Driver: Description of the driver name.
Description: This describes the type of language installation pack supported.
Installed: All the language installation packs or option 3G Driver for ThreeG V -1.0
displayed in the list of device drivers are shown in Red color by default since none of
them have been selected. When a particular language installation pack or if Option
Driver for ThreeG V-1.0 is selected then the button turns green in color.
Action: It consists of 2 options:
 Install 1.0: Click on “Install 1.0” to install a particular Language pack.
Remove: To remove the installed language pack, click on “Remove”.
Manual Install: User can upload the provided driver package for installation.
Install History: This displays the history of the language packs installed/uninstalled
previously along with the respective date and time to show when they were
installed/uninstalled.
Figure 129: Selection of Installed Language
Once the language has been selected by the user from the list of Device Drivers, the
“Set Language” option under “Tools” menu will display the selected language. The user
must select the language from the drop down l ist of “Set Language” and save the
settings so that this configuration is applied in its entirety.
197
Chapter 9. Administration & Management

9.1 Configuration Access Control
The primary means to configure this gateway via the browser -independent GUI. The
GUI can be accessed from LAN node by using the gateway’s LAN IP address and HTTP,
or from the WAN by using the gateway’s WAN IP address and HTTPS (HTTP over
SSL).
Administrator and Guest users are permitted to login to the router’s management
interface. The user type is set in the Advanced > Users > Users page. The Admin or
Guest user can be configured to access the router GUI from the LAN or the Internet
(WAN) by enabling the corresponding Login Policy.
198
Figure 130: User Login policy configuration
9.1.1 Admin Settings
Maintenance > Administration > System settings
199
This page allows one to set the name of the router.
Figure 131: Admin Settings
9.1.2 License Updates
Maintenance > Administration > Licsense Update

Certain features available in the DSR require a license. The licence is presented in the
form of a code specific for this particular router, which when activated enables the use
of this feature for a fixed duration. A license code is provided based on the router’s
MAC Address, so it is unique to that particular device.
Each license has the following three parameters:

Model: The license key model as it relates to the feature being enabled.
Activation Code: The specific activiation code corresponding to th is license.
Expires: Licenses can either have a fixed duration, which would be displayed in
this column, or are perpetual for the life of this router.
 Currently, dynamic web content filtering (WCF) is the only license -controlled
feature available in the DSR products.
200
Figure 132: License upload field and List of Active Licenses
9.1.3 Remote Management
Maintenance > Management > Remote Management

Both HTTPS and telnet access can be restricted to a subset of IP addresses. The router
administrator can define a known PC, single IP address or range of IP addresses that
are allowed to access the GUI with HTTPS. The opened port for SSL traffic can be
changed from the default of 443 at the same time as defining the allowed remote
management IP address range.
201
Figure 133: Remote Management from the WAN
Maintenance > Administration > Web GUI Management
This feature restricts management access via the GUI to a predefined set of IP addresses or VLAN
subnets. When enabled, the GUI management access can be restricted for all LAN hosts, and
instead enabled only via a specific IP address or specific VLAN subnet.
When this feature is enabled:

 Access will be allowed by the configured IP address or VLAN subnet, and no other LAN
hosts will be allowed to access the GUI management interface.
 Only the GUI management is affected. CLI / SNMP are not affected by this control
 User will still need administrator credentials to modify configuration settings
202
Figure 134: Web GUI Management from the WAN
9.1.4 CLI Access

In addition to the web-based GUI, the gateway supports SSH and Telnet management
for command-line interaction. The CLI login credentials are shared with the GUI for
administrator users. To access the CLI, type “cli” in the SSH or console prompt and
login with administrator user credentials.
9.2 SNMP Configuration

Maintenance > Management > SNMP
SNMP is an additional management tool that is useful when multiple routers in a
network are being managed by a central Master system. When an external SNMP
manager is provided with this router’s Management Information Base (MIB) file, the
manager can update the router’s hierarchal variables to view or update configuration
parameters. The router as a managed device has an SNMP agent that allows the MIB
configuration variables to be accessed by the Master (the SNMP manager). The Access
Control List on the router identifies managers in the network that have read-only or
read-write SNMP credentials. The Traps List outlines the port over which notifications
from this router are provided to the SNMP community (managers) and also the SNMP
version (v1, v2c, v3) for the trap.
203
Figure 135: SNMP Users, Traps, and Access Control
Maintenance > Management > SNMP > SNMP System Info

The router is identified by an SNMP manager via the System Information. The identifier
settings The SysName set here is also used to identi fy the router for SysLog logging.
204
Figure 136: SNMP system information f or this router
9.3 Configuring Time Zone and NTP

Maintenance > Administration > Date and Time
You can configure your time zone, whether or not to adjust for Day light Savings Time,
and with which Network Time Protocol (NTP) server to synchronize the date and time.
You can choose to set Date and Time manually, which will store the information on the
router’s real time clock (RTC). If the router has access to the internet, the most accurate
mechanism to set the router time is to enable NTP server communication.
 Accurate date and time on the router is critical for firewall schedules, Wi -Fi
power saving support to disable APs at certain times of the day, and accurat e
logging.
Please follow the steps below to configure the NTP server:

1. Select the router’s time zone, relative to Greenwich Mean Time (GMT).
2. If supported for your region, click to Enable Daylight Savings.
3. Determine whether to use default or custom Network Time Protocol (NTP) servers. If
custom, enter the server addresses or FQDN.
205
Figure 137: Date, Time, and NTP server setup
9.4 Log Configuration

This router allows you to capture log messages for traffic through the firewall, VPN,
and over the wireless AP. As an administrator you can monitor the type of traffic that
goes through the router and also be notified of potential attacks or errors when they are
detected by the router. The following sections describe the log configuration sett ings
and the ways you can access these logs.
9.4.1 Defining What to Log
Maintenance > Log Settings > Facility Logs

The Logs Facility page allows you to determine the granularity of logs to receive from
the router. There are three core components of the router, referred to as Facilities:
 Kernel: This refers to the Linux kernel. Log messages that correspond to this
facility would correspond to traffic through the firewall or network stack.
 System: This refers to application and management level features available on this
router, including SSL VPN and administrator changes for managing the unit.
 Wireless: This facility corresponds to the 802.11 driver used for providing AP
functionality to your network.
 Local1-UTM: This facility corresponds to IPS (Intrusion Prevention System) which
helps in detecting malicious intrusion attempts from the WAN.
For each facility, the following events (in order of severity) can be logged:
Emergency, Alert, Critical, Error, Warning, Notification, Information, Debugging.
When a particular severity level is selected, all events with severity equal to and
greater than the chosen severity are captured. For example if you have configured
CRITICAL level logging for the Wireless facility, then 802.11 logs with severities
CRITICAL, ALERT, and EMERGENCY are logged. The severity levels available for
logging are:
206
 EMERGENCY: system is unusable
 ALERT: action must be taken immediately
 CRITICAL: critical conditions
 ERROR: error conditions
 WARNING: warning conditions
 NOTIFICATION: normal but significant condition
 INFORMATION: informational
 DEBUGGING: debug-level messages
Figure 138: Facility settings for Logging
The display for logging can be customized based on where the logs are sent, ei ther
the Event Log viewer in the GUI (the Event Log viewer is in the Status > Logs page)
or a remote Syslog server for later review. E-mail logs, discussed in a subsequent
section, follow the same configuration as logs configured for a Syslog server.
Maintenance > Log Settings > Routing Logs

This page allows you to determine the type of traffic through the router that is logged
for display in Syslog, E-mailed logs, or the Event Viewer. Denial of service attacks,
general attack information, login attempts, dropped packets, and similar events can
be captured for review by the IT administrator.
207
Traffic through each network segment (LAN, WAN, DMZ) can be tracked based on
whether the packet was accepted or dropped by the firewall.
Accepted Packets are those that were successfully transferred through the
corresponding network segment (i.e. LAN to WAN). This option is particularly useful
when the Default Outbound Policy is “Block Always” so the IT admin can monitor
traffic that is passed through the firewall.
 Example: If Accept Packets from LAN to WAN is enabled and there is a
firewall rule to allow SSH traffic from LAN, then whenever a LAN machine
tries to make an SSH connection, those packets will be accepted and a
message will be logged. (Assuming the log option is set to Allow for the SSH
firewall rule.)
Dropped Packets are packets that were intentionally blocked from being transferred
through the corresponding network segment. This option is useful when the Default
Outbound Policy is “Allow Always”.
 Example: If Drop Packets from LAN to WAN is enabled and there is a firewall
rule to block SSH traffic from LAN, then whenever a LAN machine tries to
make an SSH connection, those packets will be dropped and a message will
be logged. (Make sure the log option is set to allow for this firewall rule.)
 Enabling accepted packet logging through the firewall may generate a significant
volume of log messages depending on the typical network traffic. This is
recommended for debugging purposes only.
In addition to network segment logging, unicast and multicast traffic can be logged.
Unicast packets have a single destination on the network, whereas broadcast (or
multicast) packets are sent to all possible destinations simultaneously. One other
useful log control is to log packets that are dropped due to configured bandwidth
profiles over a particular interface. This data will indicate to the admin whether the
bandwidth profile has to be modified to account for the desired internet traffic of LAN
users.
208
Figure 139: Log configuration options for traffic through router
Maintenance > Log Settings > IPv6 logs

This page allows you to configure the IPv6 logging
Figure 140: IPv6 Log configuration options for traffic through router
9.4.2 Sending Logs to E-mail or Syslog
Maintenance > Log Settings > Remote Logs

Once you have configured the type of logs that you want the router to collect, they
can be sent to either a Syslog server or an E -Mail address. For remote logging a key
configuration field is the Remote Log Identifier. Every logged message will contain
the configured prefix of the Remote Log Identifier, so that syslog servers or email
addresses that receive logs from more than one router can sort for the relevant device’s
logs.
209
Once you enable the option to e-mail logs, enter the e-mail server’s address (IP
address or FQDN) of the SMTP server. The router will connect to this server when
sending e-mails out to the configured addresses. The SMTP port and return e-mail
addresses are required fields to allow the router to package the logs and send a valid
e-mail that is accepted by one of the configured “send -to” addresses. Up to three e-
mail addresses can be configured as log recipients.
In order to establish a connection with the conf igured SMTP port and server, define
the server’s authentication requirements. The router supports Login Plain (no
encryption) or CRAM-MD5 (encrypted) for the username and password data to be
sent to the SMTP server. Authentication can be disabled if the server does not have
this requirement. In some cases the SMTP server may send out IDENT requests, and
this router can have this response option enabled as needed.
Once the e-mail server and recipient details are defined you can determine when the
router should send out logs. E-mail logs can be sent out based on a defined schedule
by first choosing the unit (i.e. the frequency) of sending logs: Hourly, Daily, or
Weekly. Selecting Never will disable log e -mails but will preserve the e-mail server
settings.
Figure 141: E-mail configuration as a Remote Logging option
An external Syslog server is often used by network administrator to collect and store
logs from the router. This remote device typically has less memory constraints tha n
the local Event Viewer on the router’s GUI, and thus can collect a considerable
number of logs over a sustained period. This is typically very useful for debugging
network issues or to monitor router traffic over a long duration.
210
This router supports up to 8 concurrent Syslog servers. Each can be configured to

receive different log facility messages of varying sever ity. To enable a Syslog server
select the checkbox next to an empty Syslog server field and assign the IP address or
FQDN to the Name field. The selected facility and severity level messages will be
sent to the configured (and enabled) Syslog server once you save this configuration
page’s settings.
Figure 142: Syslog server configuration for Remote Logging ( continued)
9.4.3 Event Log Viewer in GUI
Status > Logs > View All Logs

The router GUI lets you observe configured log messages from the Status menu.
Whenever traffic through or to the router matches the settings determined in the Tools
> Log Settings > Logs Facility or Tools > Log Settings > Logs Configuration
pages, the corresponding log message will be displayed in this window with a
timestamp.
 It is very important to have accurate system time (manually set or from a NTP
server) in order to understand log messages.
Status > Sysytem Information > All Logs > IPSec VPN Logs
This page displays IPsec VPN log messages as determined by the configuration
settings for facility and severity. This data is useful when evaluating IPsec VPN traffic
and tunnel health.
211
Figure 143: VPN logs displayed in GUI event viewer
9.5 Backing up and Restoring Configuration

Settings
Maintenance > Firmware&config. > Backup/restore
You can back up the router’s custom configuration settings to restore them to a different
device or the same router after some other changes. During backup, your settings are
saved as a file on your host. You can restore the router's saved settings from this file
as well. This page will also allow you revert to factory default settings or execute a soft
reboot of the router. This page also allows you to download and automate the dbglog
package, agrouping of system status, statistics, and support logs that are useful for D -
Link support to diagnose router issues.
 IMPORTANT! During a restore operation, do NOT try to go online, turn off the
router, shut down the PC, or do anything else to the router until the operation is
complete. This will take approximately 1 minute. Once the LEDs are turned off,
wait a few more seconds before doing anything with the router.
For backing up configuration or restoring a previously saved configuration, please

follow the steps below:
1. To save a copy of your current settings, click the Backup button in the Save Current
Settings option. The browser initiates an export of the configuration file and prompts to
save the file on your host.
2. If there is a USB storage device currently plugged in to the system, you can enable
Autobackup of the configuration file to the USB file system. The snapshot of current
configuration settings will be updated on the USB file system and overwrite any files with
the same filename (i.e. if there was an earlier configuration backup done to this location).
212
3. To restore your saved settings from a backup file, click Browse then locate the file on the
host. After clicking Restore, the router begins importing the file’s saved configuration
settings. After the restore, the router reboots automatically with the restored settings.
4. To erase your current settings and revert to factory default settings, click the Default
button. The router will then restore configuration settings to factory defaults and will
reboot automatically. (See Appendix B for the factory default parameters for the router).
Figure 144: Restoring configuration from a saved file will result in the
current configuration being overwritten and a reboot
The configuration file can be encrypted during the backup process by enabling
encryption. This will ensure confidential information like system username / passwords
are not available for view by unauthorized sources. Selecting this option will apply to
configuration files backed up on the host as well as a USB drive.
213
9.6 Generating DBGLOGs

Tools > System
This page also allows you to download and automate the debug log (a.k.a. “dbglog”)
package, agrouping of system status, statistics, and support logs that are useful for D -
Link support to diagnose router issues.
Clicking the download link for the debug logs will result in the package being saved on
the host machine used to manage this router. This package (a compressed archive) can
then be sent to D-Link support for evauation.
9.7 Upgrading Router Firmware

Maintenance > Firmware&config. > Firmware upgrade > Using System (PC)
You can upgrade to a newer software version from the Administration web page. In the
Firmware Upgrade section, to upgrade your firmware, click Browse, locate and select
the firmware image on your host, and click Upgrade. After the new firmware image is
validated, the new image is written to flash, and the router is automatically rebooted
with the new firmware. The Firmware Information and also the Status > Device Info
> Device Status page will reflect the new firmware version.
 IMPORTANT! During firmware upgrade, do NOT try to go online, turn off the
DSR, shut down the PC, or interrupt the process in anyway until the operation is
complete. This should take only a minute or so including the reboot p rocess.
Interrupting the upgrade process at specific points when the flash is being written
to may corrupt the flash memory and render the router unusable without a low-
level process of restoring the flash firmware (not through the web GUI).
214
Figure 145: Firmware version information and upgrade option
This router also supports an automated notification to determine if a newer firmware

version is available for this router. By clicking the Check Now button in the notification
section, the router will check a D -Link server to see if a newer firmware version for
this router is available for download and update the Status field below.
 IMPORTANT! After firmware 1.04B13, new user database architecture is

introduced. The new user database is easier to setup and more intuitively to use.
When users upgrade DSR’s firmware to 1.04B13 or latter, DSR will
automatically merge users in the old database into the new one. However, all user
databases will be swept away when users downgrade firm ware from 1.04B13 to
the older one, e.g. 1.03B43. Please keep in mind: backup your user database for
further restoring once you decide to downgrade firmware to the older on e.
9.8 Upgrading Router Firmware via USB

Maintenance > Firmware&config. > Firmware upgrade > Using USb
This page allows user to upgrade the firmware, backup and restore the settings using a
USB storage key.
215
Figure 146: Firmware upgrade and configuration restore/backup via USB
9.9 Dynamic DNS Setup

Network > Internet > Dynamic DNS > Dynamic DNS WAN1 Settings
Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP
addresses to be located using Internet domain names. To use DDNS, you must setup an
account with a DDNS provider such as DynDN S.org, D-Link DDNS, or Oray.net.
Each configured WAN can have a different DDNS service if required. Once configured,
the router will update DDNS services changes in the WAN IP address so that features
that are dependent on accessing the router’s WAN via FQDN will be directed to the
correct IP address. When you set up an account with a DDNS service, the host and
domain name, username, password and wildcard support will be provided by the
account provider.
216
Figure 147: Dynamic DNS configuration
9.10 Using Diagnostic Tools

Maintenance > Management > Diagnostics > Network Tools
The router has built in tools to allow an administrator to evaluate the communication
status and overall network health.
217
Figure 148: Router diagnostics tools available in the GUI
218
9.10.1 Ping
This utility can be used to test connectivity between this router and another device on
the network connected to this router. Enter an IP address and click PING . The
command output will appear indicating the ICMP echo request status.
9.10.2 Trace Route

This utility will display all the routers present between the destin ation IP address and
this router. Up to 30 “hops” (intermediate routers) between this router and the
destination will be displayed.
219
Figure 149: Sample trace route output
9.10.3 DNS Lookup

To retrieve the IP address of a Web, FTP, Mail or any other server on the Internet,
type the Internet Name in the text box and click Lookup. If the host or domain entry
exists, you will see a response with the IP address. A message stating “Unknown
Host” indicates that the specified Internet Name does not exist.
 This feature assumes there is internet access available on the WAN link(s) .
9.10.4 Router Options

The static and dynamic routes configured on this router can be shown by clicking
Display for the corresponding routing table. Clicking the Packet Trace button will
allow the router to capture and display traffic through the DSR between the LAN and
WAN interface as well. This information is often very useful in debugging traffic and
routing issues.
220
9.11 Localization
Maintenance > Administration > Set Language
The router GUI displays content in English by default. T he package manager feature
has to be enabled so that the appropriate language of the installed language pack age is
shown. The user must configure the package manager feature under Advanced settings
first, in order to install a language package.
Figure 150: Localization
221
Chapter 10. Router Status and Statistics

10.1 System Overview
The Status page allows you to get a detailed overview of the system configuration. The
settings for the wired and wireless interfaces are displayed in the DSR Status page, and
then the resulting hardware resource and router usage details are summarized on the
router’s Dashboard.
10.1.1 Device Status
Status > System Information > Device > System

The DSR Status page gives a summary of the router configuration settings configured
in the Setup and Advanced menus. The static hardware serial number and current
firmware version are presented in the General section. The WAN and LAN interface
information shown on this page are based on the administrator configuration
parameters. The radio band and channel settings are presented below along with all
configured and active APs that are enabled on this router.
222
Figure 151: Device Status display
223
224
Figure 152: Device Status display (continued)
10.1.2 Resource Utilization
Status > Device Info > Dashboard

The Dashboard page presents hardware and usage statistics. The CPU and Memory
utilization is a function of the available hardware and current configuration and traffic
through the router. Interface statistics for the wired connections (LAN, WAN1,
WAN2/DMZ, VLANs) provide indication of packets through and packets dropped by
the interface. Click refresh to have this page retrieve the most current statistics.
225
Figure 153: Resource Utilization statistics
Figure 154: Resource Utilization data (continued)
Figure 155: Resource Utilization data (continued)
226
10.2 Traffic Statistics

10.2.1 Wired Port Statistics
Status > Network Information > Device Statistics

Detailed transmit and receive statistics for each physical port are presented here. Each
interface (WAN1, WAN2/DMZ, LAN, and VLANs) have port specific packet level
information provided for review. Transmitted/received packets, port collisions, and
the cumulating bytes/sec for transmit/receive directions are provided for each
interface along with the port up time. If you suspect issues with any of the wired ports,
this table will help diagnose uptime or transmit level issues with the port.
The statistics table has auto-refresh control which allows display of the most current
port level data at each page refresh. The default auto-refresh for this page is 10
seconds.
Figure 156: Physical port statistics
10.2.2 Wireless Statistics
Status > Network Information > Wireless Statistics

The Wireless Statistics tab displays the incrementing traffic statistics for each enabled
access point. This page will give a snapshot of how much traffic is being transmitted
over each wireless link. If you suspect that a radio or VAP may be down, the details
on this page would confirm if traffic is being sent and received th rough the VAP.
The clients connected to a particular AP can be viewed by using the Status Button on
the list of APs in the Setup > Wireless > Access Points page. Traffic statistics are
shown for that individual AP, as compared to the summary stats for eac h AP on this
Statistics page. The poll interval (the refresh rate for the statistics) can be modified
to view more frequent traffic and collision statistics.
227
Figure 157: AP specific statistics
10.3 Active Connections

10.3.1 Sessions through the Router
Status > Network Information > Active Sessions

This table lists the active internet sessions through the router’s firewall. The session’s
protocol, state, local and remote IP addresses are shown.
Figure 158: List of current Active Firewall Sessions
10.3.2 Wireless Clients
Status > Network Information > Wireless Clients

The clients connected to a particular AP can be viewed on this page. Connected clients
are sorted by the MAC address and indicate the security parameters use d by the
wireless link, as well as the time connected to the corresponding AP.
228
The statistics table has auto-refresh control which allows display of the most current
port level data at each page refresh. The default auto-refresh for this page is 10
seconds.
Figure 159: List of connected 802.11 clients per AP
10.3.3 LAN Clients
Status > Network Information > LAN Clients

The LAN clients to the router are identified by a n ARP scan through the LAN switch.
The NetBIOS name (if available), IP address and MAC address of discovered LAN
hosts are displayed.
Figure 160: List of LAN hosts
10.3.4 Active VPN Tunnels
Status > Network Information > Active VPNs >IPsec SAs

You can view and change the status (connect or drop) of the router’s IPsec security
associations. Here, the active IPsec SAs (security associations) are listed along with
229
the traffic details and tunnel state. The traffic is a cumulative measure of
transmitted/received packets since the tunnel was established.
If a VPN policy state is “IPsec SA Not Established”, it can be enabled by clicking the
Connect button of the corresponding policy. The Active IPsec SAs table displays a
list of active IPsec SAs. Table fields are as follows.
Field Description
Policy Name IKE or VPN policy associated with this SA.
Endpoint IP address of the remote VPN gateway or client.
Tx (KB) Kilobytes of data transmitted over this SA.
Tx (Packets) Number of IP packets transmitted over this SA.
State Status of the SA for IKE policies: Not Connected or IPsec SA Established.
230
Figure 161: List of current Active VPN Sessions
All active SSL VPN connections, both for VPN tunnel and VPN Port forwarding, are
displayed on this page as well. Table fields are as follows.
231
Field Description
The SSL VPN user that has an active tunnel or port forwarding session to this
User Name
router.
IP Address IP address of the remote VPN client.
Local PPP Interface The interface (WAN1 or WAN2) through which the session is active.
Peer PPP Interface IP The assigned IP address of the virtual network adapter.
Status of the SSL connection between this router and the remote VPN client: Not
Connect Status
Connected or Connected.
232
Chapter 11. Trouble Shooting

11.1 Internet connection
Symptom: You cannot access the router’s web-configuration interface from a PC on
your LAN.
Recommended action:
1. Check the Ethernet connection between the PC and the router.
2. Ensure that your PC’s IP address is on the same subnet as the router. If you are using the
recommended addressing scheme, your PC’s address should be in the range 192.168.10.2
to 192.168.10.254.
3. Check your PC’s IP address. If the PC cannot reach a DHCP server, some versions of
Windows and Mac OS generate and assign an IP address. These auto-generated addresses
are in the range 169.254.x.x. If your IP address is in this range, check the connection from
the PC to the firewall and reboot your PC.
4. If your router’s IP address has changed and you don’t know what it is, reset the router
configuration to factory defaults (this sets the firewall’s IP address to 192.168.10.1).
5. If you do not want to reset to factory default settings and lose your configuration, reboot
the router and use a packet sniffer (such as Ethereal™) to capture packets sent during the
reboot. Look at the Address Resolution Protocol (ARP) packets to locate the router’s LAN
interface address.
6. Launch your browser and ensure that Java, JavaScript, or ActiveX is enabled. If you are
using Internet Explorer, click Refresh to ensure that the Java applet is loaded. Close the
browser and launch it again.
7. Ensure that you are using the correct login information. The factory default login name is
admin and the password is password. Ensure that CAPS LOCK is off when entering this
information.
Symptom: Router does not save configuration changes.

Recommended action:
1. When entering configuration settings, click Apply before moving to another menu or tab;
otherwise your changes are lost.
2. Click Refresh or Reload in the browser. Your changes may have been made, but the
browser may be caching the old configuration.
Symptom: Router cannot access the Internet.
233
Possible cause: If you use dynamic IP addresses, your router may not have requested
an IP address from the ISP.
Recommended action:
1. Launch your browser and go to an external site such as www.google.com.
2. Access the firewall’s configuration main menu at http://192.168.10.1.
3. Select Monitoring > Router Status .
4. Ensure that an IP address is shown for the WAN port. If 0.0.0.0 is shown, your firewall
has not obtained an IP address from your ISP. See the next symptom.
Symptom: Router cannot obtain an IP address from the ISP.

Recommended action:
1. Turn off power to the cable or DSL modem.
2. Turn off the router.
3. Wait 5 minutes, and then reapply power to the cable or DSL modem.
4. When the modem LEDs indicate that it has resynchronized with the ISP, reapply power to
the router. If the router still cannot obtain an ISP address, see the next symptom.
Symptom: Router still cannot obtain an IP address from the ISP.

Recommended action:
1. Ask your ISP if it requires a login program — PPP over Ethernet (PPPoE) or some other
type of login.
2. If yes, verify that your configured login name and password are correct.
3. Ask your ISP if it checks for your PC's hostname.
4. If yes, select Network Configuration > WAN Settings > Ethernet ISP
Settings and set the account name to the PC hostname of your ISP account.
5. Ask your ISP if it allows only one Ethernet MAC address to connect to the Internet, and
therefore checks for your PC’s MAC address.
6. If yes, inform your ISP that you have bought a new network device, and ask them to use
the firewall’s MAC address.
7. Alternatively, select Network Configuration > WAN Settings > Ethernet ISP
Settings and configure your router to spoof your PC’s MAC address.
Symptom: Router can obtain an IP address, but PC is unable to load Internet pages.
234
Recommended action:
1. Ask your ISP for the addresses of its designated Domain Name System (DNS) servers.
Configure your PC to recognize those addresses. For details, see your operating system
documentation.
2. On your PC, configure the router to be its TCP/IP gateway.
11.2 Date and time

Symptom: Date shown is January 1, 1970.
Possible cause: The router has not yet successfully reached a network time server
(NTS).
Recommended action:
1. If you have just configured the router, wait at least 5 minutes, select Administration >
Time Zone , and recheck the date and time.
2. Verify your Internet access settings.
Symptom: Time is off by one hour.

Possible cause: The router does not automatically adjust for Daylight Savings Time.
Recommended action:
1. Select Administration > Time Zone and view the current date and time settings.
2. Click to check or uncheck “Automatically adjust for Daylight Savings Time”, then click
Apply.
11.3 Pinging to Test LAN Connectivity

Most TCP/IP terminal devices and firewalls contain a ping utility that sends an ICMP
echo-request packet to the designated device. The DSR responds with an echo reply.
Troubleshooting a TCP/IP network is made very easy by using the ping utility in your
PC or workstation.
11.3.1 Testing the LAN path from your PC to your

router
1. From the PC’s Windows toolbar, select Start > Run.
2. Type ping <IP_address> where <IP_address> is the router’s IP address. Example: ping
192.168.10.1.
3. Click OK.
235
4. Observe the display:
 If the path is working, you see this message sequence:
Pinging <IP address> with 32 bytes of data

Reply from <IP address>: bytes=32 time=NN ms TTL=xxx
 If the path is not working, you see this message sequence:
Pinging <IP address> with 32 bytes of data

Request timed out
5. If the path is not working, Test the physical connections between PC and router
 If the LAN port LED is off, go to the “LED displays” section on pa ge B-

1 and follow instructions for “LAN or Internet port LEDs are not lit.”
 Verify that the corresponding link LEDs are lit for your network interface
card and for any hub ports that are connected to your workstation and
firewall.
6. If the path is still not up, test the network configuration:
 Verify that the Ethernet card driver software and TCP/IP software are
installed and configured on the PC.
 Verify that the IP address for the router and PC are correct and on the
same subnet.
11.3.2 Testing the LAN path from your PC to a remote

device
1. From the PC’s Windows toolbar, select Start > Run.
2. Type ping -n 10 <IP_address> where -n 10 specifies a maximum of 10 tries and <IP

address> is the IP address of a remote device such as your ISP’s DNS server. Example:
ping -n 10 10.1.1.1.
3. Click OK and then observe the display (see the previous procedure).
4. If the path is not working, do the following:
 Check that the PC has the IP address of your firewall listed as the default
gateway. (If the IP configuration of your PC is assigned by DHCP, this
information is not visible in your PC’s Network Control Panel.)
236
 Verify that the network (subnet) address of your PC is different from the
network address of the remote device.
 Verify that the cable or DSL modem is connected and functioning.
 Ask your ISP if it assigned a hostname to your PC.
If yes, select Network Configuration > WAN Settings > Ethernet ISP Settings
and enter that hostname as the ISP account name.
 Ask your ISP if it rejects the Ethernet MAC addresses of all but one of
your PCs.
Many broadband ISPs restrict access by allowing traffic from the MAC address of
only your broadband modem; but some ISPs additionally restrict access to the MAC
address of just a single PC connected to that modem. If this is the case, configure your
firewall to clone or spoof the MAC address from the authorized PC.
11.4 Restoring factory-default configuration settings

To restore factory-default configuration settings, do either of the following:
1. Do you know the account password and IP address?
 If yes, select Maintenance > Firmware & Config > Soft Reboot and
click Default.
 If you do not, do the following:
o On the rear panel of the router, press and hold the Reset button
about 10 seconds, until the test LED lights and then blinks.
o Release the button and wait for the router to reboot.
2. If the router does not restart automatically; manually restart it to make the default settings
effective.
3. After a restore to factory defaults —whether initiated from the configuration interface or
the Reset button — the following settings apply:
 LAN IP address: 192.168.10.1
 Username: admin
 Password: admin
 DHCP server on LAN: enabled
 WAN port configuration: Get configuration via DHCP
237
Chapter 12. Credits
Microsoft, Windows are registered trademarks of Microsoft Corp.

Linux is a registered trademark of Linus Torvalds.
UNIX is a registered trademark of The Open Group.
Appendix A. Glossary
ARP Address Resolution Protocol. Broadcast protocol for mapping IP addresses to MAC addresses.
CHAP Challenge-Handshake Authentication Protocol. Protocol for authenticating users to an ISP.
Dynamic DNS. System for updating domain names in real time. Allows a domain name to be
DDNS
assigned to a device with a dynamic IP address.
Dynamic Host Configuration Protocol. Protocol for allocating IP addresses dynamically so that
DHCP
addresses can be reused when hosts no longer need them.
Domain Name System. Mechanism for translating H.323 IDs, URLs, or e-mail IDs into IP
DNS addresses. Also used to assist in locating remote gatekeepers and to map IP addresses to
hostnames of administrative domains.
Fully qualified domain name. Complete domain name, including the host portion. Example:
FQDN
serverA.companyA.com.
FTP File Transfer Protocol. Protocol for transferring files between network nodes.
HTTP Hypertext Transfer Protocol. Protocol used by web browsers and web servers to transfer files.
Internet Key Exchange. Mode for securely exchanging encryption keys in ISAKMP as part of
IKE
building a VPN tunnel.
IP security. Suite of protocols for securing VPN tunnels by authenticating or encrypting IP

IPsec packets in a data stream. IPsec operates in either transport mode (encrypts payload but not
packet headers) or tunnel mode (encrypts both payload and packet headers).
Internet Key Exchange Security Protocol. Protocol for establishing security associations and
ISAKMP
cryptographic keys on the Internet.
ISP Internet service provider.
Media-access-control address. Unique physical-address identifier attached to a network

MAC Address
adapter.
Maximum transmission unit. Size, in bytes, of the largest packet that can be passed on. The
MTU
MTU for Ethernet is a 1500-byte packet.
Network Address Translation. Process of rewriting IP addresses as a packet passes through a

NAT router or firewall. NAT enables multiple hosts on a LAN to access the Internet using the single
public IP address of the LAN’s gateway router.
Microsoft Windows protocol for file sharing, printer sharing, messaging, authentication, and
NetBIOS
name resolution.
Network Time Protocol. Protocol for synchronizing a router to a single clock on the network,
NTP
known as the clock master.
Password Authentication Protocol. Protocol for authenticating users to a remote access server
PAP
or ISP.
240
Point-to-Point Protocol over Ethernet. Protocol for connecting a network of hosts to an ISP
PPPoE
without the ISP having to manage the allocation of IP addresses.
Point-to-Point Tunneling Protocol. Protocol for creation of VPNs for the secure transfer of data
PPTP
from remote clients to private servers over the Internet.
Remote Authentication Dial-In User Service. Protocol for remote user authentication and
RADIUS
accounting. Provides centralized management of usernames and passwords.
RSA Rivest-Shamir-Adleman. Public key encryption algorithm.
Transmission Control Protocol. Protocol for transmitting data over the Internet with guaranteed
TCP
reliability and in-order delivery.
User Data Protocol. Protocol for transmitting data over the Internet quickly but with no
UDP
guarantee of reliability or in-order delivery.
Virtual private network. Network that enables IP traffic to travel securely over a public TCP/IP
VPN network by encrypting all traffic from one network to another. Uses tunneling to encrypt all
information at the IP level.
Windows Internet Name Service. Service for name resolution. Allows clients on different IP
WINS subnets to dynamically resolve addresses, register themselves, and browse the network without
sending broadcasts.
IKE Extended Authentication. Method, based on the IKE protocol, for authenticating not just
XAUTH devices (which IKE authenticates) but also users. User authentication is performed after device
authentication and before IPsec negotiation.
241
242
Appendix B. Factory Default Settings
Feature Description Default Setting
User login URL http://192.168.10.1
Device login User name (case sensitive) admin
Login password (case sensitive) admin
WAN MAC address Use default address
Internet
WAN MTU size 1500
Connection
Port speed Autosense
IP address 192.168.10.1
IPv4 subnet mask 255.255.255.0
RIP direction None
RIP version Disabled
RIP authentication Disabled
DHCP server Enabled

Local area network
(LAN)
DHCP starting IP address 192.168.10.2
DHCP ending IP address 192.168.10.100
Time zone GMT
Time zone adjusted for Daylight Saving Time Disabled
SNMP Disabled
Remote management Disabled
Disabled (except traffic on port

Inbound communications from the Internet
80, the HTTP port)
Outbound communications to the Internet Enabled (all)

Firewall
Source MAC filtering Disabled
Stealth mode Enabled

Appendix C. Standard Services Available for

Port Forwarding & Firewall
Configuration
ANY ICMP-TYPE-8 RLOGIN

AIM ICMP-TYPE-9 RTELNET
BGP ICMP-TYPE-10 RTSP:TCP
BOOTP_CLIENT ICMP-TYPE-11 RTSP:UDP
BOOTP_SERVER ICMP-TYPE-13 SFTP
CU-SEEME:UDP ICQ SMTP
CU-SEEME:TCP IMAP2 SNMP:TCP
DNS:UDP IMAP3 SNMP:UDP
DNS:TCP IRC SNMP-TRAPS:TCP
FINGER NEWS SNMP-TRAPS:UDP
FTP NFS SQL-NET
HTTP NNTP SSH:TCP
HTTPS PING SSH:UDP
ICMP-TYPE-3 POP3 STRMWORKS
ICMP-TYPE-4 PPTP TACACS
ICMP-TYPE-5 RCMD TELNET
ICMP-TYPE-6 REAL-AUDIO TFTP
ICMP-TYPE-7 REXEC VDOLIVE
244
Appendix D. Log Output Reference
Facility: System (Networking)

Log Message Severity Log Message Severity
DBUpdate event: Table: %s BridgeConfig: too few arguments to
opCode:%d rowId:%d DEBUG command %s ERROR
BridgeConfig: too few arguments to
networkIntable.txt not found DEBUG command %s ERROR
sqlite3QueryResGet failed DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Interface is already deleted in bridge DEBUG ddnsDisable failed ERROR
removing %s from bridge %s... %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
adding %s to bridge %s... %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
stopping bridge... DEBUG ddnsDisable failed ERROR
stopping bridge... DEBUG failed to call ddns enable ERROR
stopping bridge... DEBUG ddnsDisable failed ERROR
%s:DBUpdate event: Table: %s
opCode:%d rowId:%d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Error in executing DB update
Wan is not up DEBUG handler ERROR
opCode:%d rowId:%d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
doDNS:failed DEBUG Illegal invocation of ddnsView (%s) ERROR
doDNS:failed DEBUG sqlite3QueryResGet failed.Query:%s ERROR
doDNS:Result = FAILED DEBUG sqlite3QueryResGet failed.Query:%s ERROR
doDNS:Result SUCCESS DEBUG ddns: SQL error: %s ERROR
Write Old Entry: %s %s %s: to %s DEBUG Illegal operation interface got deleted ERROR
Write New Entry: %s %s #%s : to %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Write Old Entry: %s %s %s: to %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Write New Entry: %s %s #%s : to %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
ifStaticMgmtDBUpdateHandler:
returning with " DEBUG ddnsDisable failed ERROR
nimfLinkStatusGet: buffer: \ DEBUG ddns: SQL error: %s ERROR
nimfLinkStatusGetErr: returning with
status: %d DEBUG Failed to call ddns enable ERROR
nimfAdvOptSetWrap: current Mac
Option: %d DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: current Port
Speed Option: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfAdvOptSetWrap: current Mtu
Option: %d DEBUG Failed to call ddns enable ERROR
nimfAdvOptSetWrap: looks like we are
reconnecting. " DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: Mtu Size: %d DEBUG ddnsDisable failed ERROR
nimfAdvOptSetWrap: NIMF table is %s DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap:WAN_MODE
TRIGGER DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfAdvOptSetWrap: MTU: %d DEBUG Failed to call ddns enable ERROR
nimfAdvOptSetWrap: MacAddress: %s DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: old Mtu Flag: %d DEBUG ddnsDisable failed ERROR
245
nimfAdvOptSetWrap: user has changed

MTU option DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: MTU: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfAdvOptSetWrap: old MTU size: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfAdvOptSetWrap: old Port Speed
Option: %d DEBUG ddnsDisable failed ERROR
nimfAdvOptSetWrap: old Mac Address
Option: %d DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: MacAddress: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Setting LED [%d]:[%d] For %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
l2tpEnable: command string: %s DEBUG ddnsDisable failed ERROR
nimfAdvOptSetWrap: handling reboot
scenario DEBUG failed to call ddns enable ERROR
nimfAdvOptSetWrap: INDICATOR = %d DEBUG ddns: SQL error: %s ERROR
nimfAdvOptSetWrap: UpdateFlag: %d DEBUG ddnsDisable failed ERROR
nimfAdvOptSetWrap: returning with
status: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfGetUpdateMacFlag: MacTable Flag Error in executing DB update
is: %d DEBUG handler ERROR
Failed to open the resolv.conf file.
nimfMacGet: Mac Option changed DEBUG Exiting./n ERROR
Could not write to the resolv.conf file.
nimfMacGet: Update Flag: %d DEBUG Exiting. ERROR
nimfMacGet: MacAddress: %s DEBUG Error opening the lanUptime File ERROR
nimfMacGet: MacAddress: %s DEBUG Error Opening the lanUptime File. ERROR
nimfMacGet: MacAddress: %s DEBUG failed to open %s ERROR
nimfMacGet: MacAddress: %s DEBUG failed to open %s ERROR
nimfMacGet: MacAddress: %s DEBUG failed to query networkInterface table ERROR
nimfMacGet:Mac option Not changed \ DEBUG failed to query networkInterface table ERROR
nimfMacGet: MacAddress: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
nimfMacGet: MacAddress: %s DEBUG failed to enable IPv6 forwarding ERROR
nimfMacGet: MacAddress: %s DEBUG failed to set capabilities on the " ERROR
nimfMacGet: returning with status: %s DEBUG failed to enable IPv6 forwarding ERROR
Now in enableing LanBridge function DEBUG failed to set capabilities on the " ERROR
sucessfully executed the command %s DEBUG failed to disable IPv6 forwarding ERROR
Now in disableing LanBridge function DEBUG failed to set capabilities on the " ERROR
sucessfully executed the command %s DEBUG failed to open %s ERROR
configPortTblHandler:Now we are in
Sqlite Update " DEBUG Could not create ISATAP Tunnel ERROR
The Old Configuration of ConfiPort
was:%s DEBUG Could not destroy ISATAP Tunnel ERROR
The New Configuration of ConfiPort
was:%s DEBUG Could not configure ISATAP Tunnel ERROR
The user has deselected the Could not de-configure ISATAP
configurable port DEBUG Tunnel ERROR
nimfStatusUpdate: updating
failed query %s DEBUG NimfStatus failed ERROR
nimfStatusUpdate: updating
failed query %s DEBUG NimfStatus failed ERROR
nimfLinkStatusGet: determinig link's
failed query %s DEBUG status failed ERROR
%s:DBUpdate event: Table: %s nimfLinkStatusGet: opening status
opCode:%d rowId:%d DEBUG file failed ERROR
246

opCode:%d rowId:%d DEBUG Failed to commit ERROR
%s:%d SIP ENABLE: %s DEBUG ifStatusDBUpdate: Failed to begin " ERROR
sipTblHandler:failed to update ifStatic DEBUG %s: SQL error: %s ERROR
sipTblHandler:failed to update
Configport DEBUG %s: Failed to commit " ERROR
nimfNetIfaceTblHandler: unable to
%s:%d SIP DISABLE: %s DEBUG get LedPinId ERROR
%s:%d SIP SET CONF: %s DEBUG get LedPinId ERROR
Failed to open %s: %s DEBUG get LedPinId ERROR
Failed to start sipalg DEBUG %s: unable to kill dhclient ERROR
nimfAdvOptSetWrap: unable to get
Failed to stop sipalg DEBUG current Mac Option ERROR
Failed to get config info DEBUG current Port " ERROR
Network Mask: 0x%x DEBUG current MTU Option ERROR
nimfAdvOptSetWrap: error getting
RTP DSCP Value: 0x%x DEBUG Mac Address from " ERROR
Need more arguments DEBUG the MTU ERROR
nimfAdvOptSetWrap: error setting
Invalid lanaddr DEBUG interface advanced " ERROR
Invalid lanmask DEBUG MTU size ERROR
Invalid option DEBUG Mac Address ERROR
nimfAdvOptSetWrap: error setting
Failed to set config info DEBUG interface advanced " ERROR
nimfAdvOptSetWrap: failed to get
Unknown option DEBUG old connectiontype ERROR
nimfAdvOptSetWrap: old connection
sshdTblHandler DEBUG type is: %s ERROR
pPort: %s DEBUG old MTU Option ERROR
pProtocol: %s DEBUG MTU size ERROR
nimfOldFieldValueGet: failed to get
pListerAddr: %s DEBUG old " ERROR
nimfOldFieldValueGet: user has
pKeyBits: %s DEBUG changed MTU size ERROR
pRootEnable: %s DEBUG old Port Speed " ERROR
nimfAdvOptSetWrap: user has
pRsaEnable: %s DEBUG changed Port Speed ERROR
pDsaEnable: %s DEBUG old Mac Address " ERROR
nimfAdvOptSetWrap: user has
pPassEnable: %s DEBUG changed Mac Address " ERROR
pEmptyPassEnable: %s DEBUG Mac Address ERROR
nimfAdvOptSetWrap:Failed to
pSftpEnable: %s DEBUG RESET the flag ERROR
nimfAdvOptSetWrap: setting
pScpEnable: %s DEBUG advanced options failed ERROR
247
nimfAdvOptSetWrap: interface
pSshdEnable: %s DEBUG advanced options applied ERROR
nimfGetUpdateMacFlag: unable to
pPrivSep: %s DEBUG get Flag from MacTable ERROR
%s:DBUpdate event: Table: %s nimfMacGet: Updating MAC address
opCode:%d rowId:%d DEBUG failed ERROR
Re-Starting sshd daemon.... DEBUG sqlite3QueryResGet failed.Query:%s ERROR
sshd re-started successfully. DEBUG error executing the command %s ERROR
sshd stopped . DEBUG error executing the command %s ERROR
failed query %s DEBUG error executing the command %s ERROR
vlan disabled, not applying vlan disableLan function is failed to
configuration.. DEBUG disable ConfigPort" ERROR
failed query %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
failed query %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Unable to Disable configurable port
no ports present in this vlanId %d DEBUG from ERROR
failed query %s DEBUG configPortTblHandler has failed ERROR
vlan disabled, not applying vlan
configuration.. DEBUG sqlite3QueryResGet failed.Query:%s ERROR
disabling vlan DEBUG handler ERROR
enabling vlan DEBUG sqlite3QueryResGet failed ERROR
vlan disabled, not applying vlan Failed to execute switchConfig for
configuration.. DEBUG port\ ERROR
Failed to execute switchConfig for
no ports present in this vlanId %d DEBUG port enable ERROR
Failed to execute ifconfig for port
failed query %s DEBUG enable ERROR
vlan disabled, not applying vlan
configuration.. DEBUG Failed to execute ethtool for\ ERROR
removing %s from bridge%s... %s DEBUG port disable ERROR
Failed to execute ifconfig for port
adding %s to bridge%d... %s DEBUG disable ERROR
restarting bridge... DEBUG sqlite3QueryResGet failed ERROR
[switchConfig] Ignoring event on port
number %d DEBUG sqlite3_mprintf failed ERROR
restarting bridge... DEBUG sqlite3QueryResGet failed ERROR
executing %s ... %s DEBUG port mirroring ERROR
Usage:%s <DB Name> <Entry
removing %s from bridge%s... %s DEBUG Name> <logFile> <subject> ERROR
adding %s to bridge%d... %s DEBUG sqlite3QueryResGet failed ERROR
Could not get all the required
[switchConfig] Ignoring event on %s DEBUG variables to email the Logs. ERROR
restarting bridge... DEBUG runSmtpClient failed ERROR
[switchConfig] Ignoring event on port
number %d DEBUG getaddrinfo returned %s ERROR
[switchConfig] executing %s ... %s DEBUG file not found ERROR
restarting bridge... DEBUG sqlite3QueryResGet failed.Query:%s ERROR
UserName: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Password: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
IspName: %s DEBUG No memory to allocate ERROR
Failed to Open SSHD Configuration
DialNumber: %s DEBUG File ERROR
248
Ipaddress should be provided with

Apn: %s DEBUG accessoption 1 ERROR
Subnetaddress should be provided
GetDnsFromIsp: %s DEBUG with accessoption 2 ERROR
IdleTimeOutFlag: %s DEBUG Failed to restart sshd ERROR
IdleTimeOutValue: %d DEBUG unable to open the " ERROR
AuthMetho: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
executing %s ... %s DEBUG handler ERROR
removing %s from bridge%d... %s DEBUG handler ERROR
adding %s to bridge%d... %s DEBUG unknown vlan state ERROR
Failed to execute vlanConfig binary
stopping bridge... DEBUG for vlanId %d ERROR
restarting bridge... DEBUG sqlite3_mprintf failed ERROR
Could not configure 6to4 Tunnel Access port can be present only in
Interface DEBUG single vlan ERROR
Could not de-configure 6to4 Tunnel Failed to execute vlanConfig binary
Interface DEBUG for vlanId %d ERROR
failed to restart 6to4 tunnel interfaces DEBUG unknown vlan state ERROR
BridgeConfig: too few arguments to Failed to execute vlanConfig binary
command %s DEBUG for port number %d ERROR
BridgeConfig: unsupported command
%d DEBUG Failed to clear vlan for oldPVID %d ERROR
BridgeConfig returned error=%d DEBUG for port number %d ERROR
sqlite3QueryResGet failed DEBUG Failed to clear vlan for %d ERROR
Error in executing DB update handler DEBUG Failed to set vlan entry for vlan %d ERROR
Failed to set vlan entries, while
sqlite3QueryResGet failed DEBUG enabling \ ERROR
Failed to remove vlan Interface for
vlanId \ DEBUG sqlite3QueryResGet failed ERROR
sqlite3QueryResGet failed DEBUG for port number %d ERROR
Invalid oidp passed DEBUG for vlanId %d ERROR
Invalid oidp passed DEBUG Failed to enable vlan ERROR
Failed to get oid from the tree DEBUG Failed to disable vlan ERROR
Failed to set vlanPort table entries,
threegEnable: Input to wrapper %s DEBUG while \ ERROR
threegEnable: spawning command %s DEBUG Failed to enable vlan ERROR
threegMgmtHandler: query string: %s DEBUG unknown vlan state ERROR
threegMgmtHandler: returning with Error in executing DB update
status: %s DEBUG handler ERROR
adding to dhcprealy ifgroup failed DEBUG unknown vlan state ERROR
adding to ipset fwDhcpRelay failed DEBUG for vlanId %d ERROR
Disabling Firewall Rule for DHCP Relay
Protocol DEBUG sqlite3_mprintf failed ERROR
Enabling Firewall Rule for DHCP Relay Access port can be present only in
Protocol DEBUG single vlan ERROR
prerouting Firewall Rule add for Relay Failed to execute vlanConfig binary
failed DEBUG for vlanId %d ERROR
prerouting Firewall Rule add for Relay
failed DEBUG unknown vlan state ERROR
249

%s: SQL get query: %s DEBUG for port number %d ERROR
%s: sqlite3QueryResGet failed DEBUG Failed to clear vlan for oldPVID %d ERROR
%s: no result found DEBUG for port number %d ERROR
%s: buffer overflow DEBUG Failed to clear vlan for %d ERROR
%s: value of %s in %s table is: %s DEBUG Failed to set vlan entry for vlan %d ERROR
Failed to set vlan entries, while
%s: returning with status: %s DEBUG enabling \ ERROR
dnsResolverConfigure: addressFamily: Failed to execute vlanConfig binary
%d DEBUG for port number %d ERROR
dnsResolverConfigure: LogicalIfName: Failed to execute vlanConfig binary
%s DEBUG for vlanId %d ERROR
chap-secrets File found DEBUG Failed to enable vlan ERROR
PID File for xl2tpd found DEBUG Failed to disable vlan ERROR
Failed to set vlanPort table entries,
pid: %d DEBUG while \ ERROR
options.xl2tpd file found DEBUG Failed to enable vlan ERROR
options.xl2tpd file not found DEBUG unknown vlan state ERROR
threegMgmtInit: unable to open the
Conf File for xl2tpd found DEBUG database file %s ERROR
threegConnEnable: failed to get the
xl2tpd.conf not found DEBUG WanMode ERROR
Chap Secrets file found DEBUG threegEnable:spawning failed ERROR
threegDisable: unable to kill ppp
Chap Secrets file not found DEBUG daemon ERROR
opCode:%d rowId:%d DEBUG threegMgmtHandler: Query: %s ERROR
threegMgmtHandler: error in
chap-secrets File found DEBUG executing database update ERROR
PID File for pptpd found DEBUG handler ERROR
pid: %d DEBUG are we getting invoked twice ?? ERROR
PID File for pptpd interface found DEBUG could not open %s to append ERROR
could not write nameserver %s to
pid: %d DEBUG %s ERROR
could not write nameserver %s to
options.pptpd file found DEBUG %s ERROR
options.pptpd file not found DEBUG could not open %s to truncate ERROR
dnsResolverConfigMgmtInit: unable
Conf File for pptpd found DEBUG to open the " ERROR
resolverConfigDBUpateHandler:
pptpd.conf not found DEBUG sqlite3QueryResGet " ERROR
Chap Secrets file found DEBUG could not configure DNS resolver ERROR
dnsResolverConfigure: could not
Chap Secrets file not found DEBUG write nameserver:%s," ERROR
opCode:%d rowId:%d DEBUG unboundMgmt: unable to open the " ERROR
ioctl call Failed-could not update
chap-secrets File found DEBUG active user Details ERROR
pppoeMgmtTblHandler: MtuFlag: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
pppoeMgmtTblHandler: Mtu: %d DEBUG Can't kill xl2tpd ERROR
pppoeMgmtTblHandler:
IdleTimeOutFlag: %d DEBUG xl2tpd restart failed ERROR
250
pppoeMgmtTblHandler:
IdleTimeOutValue: %d DEBUG failed to get field value ERROR
pppoeMgmtTblHandler: UserName: %s DEBUG failed to get field value ERROR
pppoeMgmtTblHandler: Password: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
pppoeMgmtTblHandler: DNS specified:
%s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
pppoeMgmtTblHandler: Service: %s DEBUG unboundMgmt: unable to open the " ERROR
pppoeMgmtTblHandler: StaticIp: %s DEBUG writing options.xl2tpd failed ERROR
pppoeMgmtTblHandler: NetMask: %s DEBUG xl2tpdStop failed ERROR
pppoeMgmtTblHandler: AuthOpt: %d DEBUG writing xl2tpd.conf failed ERROR
pppoeMgmtTblHandler: Satus: %d DEBUG writing options.xl2tpd failed ERROR
pppoeEnable: ppp dial string: %s DEBUG xl2tpdStop failed ERROR
pppoeMgmtDBUpdateHandler:
returning with status: %s DEBUG xl2tpdStart failed ERROR
pptpMgmtTblHandler: MtuFlag: %d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
writing Chap-secrets/Pap-Secrets
pptpMgmtTblHandler: Mtu: %d DEBUG failed ERROR
pptpMgmtTblHandler: IdleTimeOutFlag:
%d DEBUG xl2tpdStop failed ERROR
pptpMgmtTblHandler:
IdleTimeOutValue: %d DEBUG xl2tpdStart failed ERROR
pptpMgmtTblHandler: GetDnsFromIsp:
%d DEBUG sqlite3QueryResGet failed.Query:%s ERROR
pptpMgmtTblHandler: UserName: %s DEBUG failed ERROR
pptpMgmtTblHandler: Password: %s DEBUG xl2tpdStop failed ERROR
pptpMgmtTblHandler: dynamic MyIp
configured DEBUG xl2tpdStart failed ERROR
pptpMgmtTblHandler: MyIp: %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
pptpMgmtTblHandler: ServerIp: %s DEBUG failed ERROR
pptpMgmtTblHandler: StaticIp: %s DEBUG handler ERROR
pptpMgmtTblHandler: NetMask: %s DEBUG unboundMgmt: unable to open the " ERROR
pptpMgmtTblHandler:
MppeEncryptSupport: %s DEBUG Can't kill pptpd ERROR
pptpMgmtTblHandler: SplitTunnel: %s DEBUG pptpd restart failed ERROR
pptpEnable: ppp dial string: %s DEBUG Can't kill pptpd ERROR
pptpEnable: spawning command %s DEBUG failed to get field value ERROR
PID File for dhcpc found DEBUG failed to get field value ERROR
pid: %d DEBUG unboundMgmt: unable to open the " ERROR
pptpMgmtDBUpdateHandler: query
string: %s DEBUG writing options.pptpd failed ERROR
pptpMgmtDBUpdateHandler: returning
with status: %s DEBUG pptpdStop failed ERROR
dhcpcReleaseLease: dhcpc release
command: %s DEBUG writing pptpd.conf failed ERROR
dhcpcMgmtTblHandler: MtuFlag: %d DEBUG writing options.pptpd failed ERROR
dhcpcMgmtTblHandler: Mtu: %d DEBUG pptpdStop failed ERROR
DHCPv6 Server started successfully. DEBUG pptpdStart failed ERROR
DHCPv6 Server stopped successfully DEBUG failed ERROR
DHCPv6 Client started successfully. DEBUG handler ERROR
251
pppStatsUpdate: unable to get

DHCPv6 Client stopped successfully. DEBUG default MTU ERROR
pppoeMgmtInit: unable to open the
DHCPv6 Client Restart successful DEBUG database file %s ERROR
pppoeDisable: unable to kill ppp
l2tpMgmtTblHandler: MtuFlag: %d DEBUG daemon ERROR
pppoeMultipleEnableDisable: pppoe
l2tpMgmtTblHandler: Mtu: %d DEBUG enable failed ERROR
pppoeMultipleEnableDisable: pppoe
l2tpMgmtTblHandler: IspName: %s DEBUG disable failed ERROR
pppoeMgmtTblHandler: unable to
l2tpMgmtTblHandler: UserName: %s DEBUG get current Mtu Option ERROR
pppoeMgmtTblHandler: unable to
l2tpMgmtTblHandler: Password: %s DEBUG get the Mtu ERROR
pppoeMgmtTblHandler: pppoe
l2tpMgmtTblHandler: AccountName: %s DEBUG enable failed ERROR
pppoeMgmtDBUpdateHandler: failed
l2tpMgmtTblHandler: DomainName: %s DEBUG query: %s ERROR
l2tpMgmtTblHandler: Secret: not pppoeMgmtDBUpdateHandler: error
specified DEBUG in executing " ERROR
pptpMgmtInit: unable to open the
l2tpMgmtTblHandler: Secret: %s DEBUG database file %s ERROR
l2tpMgmtTblHandler: dynamic MyIp pptpEnable: error executing
configured DEBUG command: %s ERROR
pptpEnable: unable to resolve
l2tpMgmtTblHandler: MyIp: %s DEBUG address: %s ERROR
l2tpMgmtTblHandler: ServerIp: %s DEBUG pptpEnable: inet_aton failed ERROR
l2tpMgmtTblHandler: StaticIp: %s DEBUG pptpEnable: inet_aton failed ERROR
l2tpMgmtTblHandler: NetMask: %s DEBUG pptpEnable:spawning failed ERROR
pptpDisable: unable to kill ppp
l2tpMgmtTblHandler: SplitTunnel: %s DEBUG daemon ERROR
needToStartHealthMonitor: returning pptpMgmtTblHandler: unable to get
with status: %s DEBUG current MTU Option ERROR
pptpMgmtTblHandler: unable to get
l2tpEnable: command string: %s DEBUG the Mtu ERROR
pptpMgmtTblHandler:
l2tpEnable: command: %s DEBUG dbRecordValueGet failed for %s " ERROR
pptpMgmtTblHandler: pptp enable
l2tpEnable: command string: %s DEBUG failed ERROR
pptpMgmtTblHandler: pptp disable
PID File for dhcpc found DEBUG failed ERROR
pptpMgmtDBUpdateHandler:
pid: %d DEBUG sqlite3QueryResGet " ERROR
l2tpMgmtDBUpdateHandler: query pptpMgmtDBUpdateHandler: error in
string: %s DEBUG executing " ERROR
l2tpMgmtDBUpdateHandler: returning
with status: %s DEBUG Illegal invocation of dhcpConfig (%s) ERROR
dhcpLibInit: unable to open the
RADVD started successfully DEBUG database file %s ERROR
RADVD stopped successfully DEBUG sqlite3QueryResGet failed.Query:%s ERROR
dhcpcMgmtInit: unable to open the
empty update. nRows=%d nCols=%d WARN database file %s ERROR
Wan is not up or in load balencing dhcpcReleaseLease: unable to
mode WARN release lease ERROR
threegMgmtHandler: no row found.
nRows = %d nCols = %d WARN dhcpcEnable: unable to kill dhclient ERROR
pppoeMgmtDBUpdateHandler: empty dhcpcEnable: enabling dhcpc failed
update. WARN on: %s ERROR
252
dhcpcEnable: dhclient already running

on: %s WARN dhcpcDisable: unable to kill dhclient ERROR
dhcpcDisable: delete failed for
dhcpcDisable: deleted dhclient.leases WARN dhclient.leases ERROR
l2tpMgmtInit: unable to open the
database file %s ERROR dhcpcDisable: failed to reset the ip ERROR
l2tpEnable: unable to resolve address: dhcpcMgmtTblHandler: unable to get
%s ERROR current Mtu Option ERROR
dhcpcMgmtTblHandler: unable to get
l2tpEnable: inet_aton failed ERROR the Mtu ERROR
dhcpcMgmtTblHandler: dhclient
The Enable Command is %s ERROR enable failed ERROR
l2tpEnable:Executing the Command dhcpcMgmtTblHandler: dhcpc
failed ERROR release failed ERROR
dhcpcMgmtTblHandler: dhcpc
l2tpDisable: command string: %s ERROR disable failed ERROR
dhcpcMgmtDBUpdateHandler: failed
l2tpDisable: unable to stop l2tp session ERROR query: %s ERROR
l2tpMgmtTblHandler: unable to get dhcpcMgmtDBUpdateHandler: error
current MTU option ERROR in executing " ERROR
l2tpMgmtTblHandler: unable to get the
Mtu ERROR DHCPv6 Client start failed. ERROR
l2tpMgmtTblHandler:
dbRecordValueGet failed for %s " ERROR DHCPv6 Client stop failed. ERROR
failed to create/open DHCPv6 client
l2tpMgmtTblHandler: l2tpEnable failed ERROR " ERROR
l2tpMgmtTblHandler: disabling l2tp failed to write DHCPv6 client
failed ERROR configuration file ERROR
l2tpMgmtDBUpdateHandler:
sqlite3QueryResGet " ERROR failed to restart DHCPv6 Client ERROR
l2tpMgmtDBUpdateHandler: error in failed to create/open DHCPv6
executing ERROR Server " ERROR
Illegal invocation of tcpdumpConfig
(%s) ERROR Restoring old configuration.. ERROR
DHCPv6 Server configuration
Failed to start tcpdump ERROR update failed ERROR
Failed to stop tcpdump ERROR DHCPv6 Server Restart failed ERROR
Invalid tcpdumpEnable value ERROR sqlite3QueryResGet failed.Query:%s ERROR
Facility: System (VPN)

%d command not supported by eapAuth DEBUG PEAP key derive: ERROR ERROR
pCtx NULL. DEBUG PEAP context is NULL: ERROR ERROR
Current cert subject name= %s DEBUG Constructing P2 response: ERROR ERROR
X509_STORE_CTX_get_ex_data failed. DEBUG innerEapRecv is NULL: ERROR ERROR
Cannot get cipher, no session est. DEBUG Decrypting TLS data: ERROR ERROR
%s:
SSL_ERROR_WANT_X509_LOOKUP DEBUG Wrong identity size: ERROR ERROR
Wrong size for extensions packet:
err code = (%d) in %s DEBUG ERROR ERROR
BIO_write: Error DEBUG innerEapRecv is NULL: ERROR. ERROR
Decrypting: BIO reset failed DEBUG Inner EAP processing: ERROR ERROR
Encrypting BIO reset: ERROR DEBUG TLS handshake: ERROR. ERROR
253
BIO_read: Error DEBUG Sending P1 response: ERROR ERROR

EAP state machine changed from %s to Unexpected tlsGlueContinue return
%s. DEBUG value. ERROR
EAP state machine changed from %s to No more fragments in message.
%s. DEBUG ERROR ERROR
No phase 2 data or phase 2 data
Received EAP Packet with code %d DEBUG buffer NULL: ERROR ERROR
Allocating memory for PEAP Phase 2
Response ID %d DEBUG payload: ERROR ERROR
Response Method %d DEBUG TLS encrypting response: ERROR ERROR
Setting message in fragment buffer:
Created EAP/PEAP context: OK DEBUG ERROR ERROR
Allocating TLS read buffer is NULL:
Deleted EAP/PEAP context: OK DEBUG ERROR ERROR
Upper EAP sent us: decision = %d
method state = %d DEBUG Setting last fragment: ERROR ERROR
P2 decision=(%d); methodState=(%d) DEBUG Getting message: ERROR ERROR
Writing message to BIO: ERROR. DEBUG Processing PEAP message: ERROR ERROR
Encrypted (%d) bytes for P2 DEBUG Setting fragment: ERROR ERROR
P2: sending fragment. DEBUG Creating receive buffer: ERROR ERROR
P2: message size = %d DEBUG Setting first fragment: ERROR ERROR
P2: sending unfragmented message. DEBUG Sending P1 response: ERROR ERROR
NULL request (or response) PDU or
P1: Sending fragment. DEBUG NULL context: ERROR ERROR
Expecting start packet, got something
P1: Total TLS message size = (%d) DEBUG else: ERROR ERROR
P1: sending unfragmented message. DEBUG Protocol version mismatch: ERROR ERROR
peapFragFirstProcess: TLS record size Processing PEAP message (from
to receive = (%d) DEBUG frag): ERROR ERROR
Setting version %d DEBUG Processing PEAP message: ERROR ERROR
PEAP pkt rcvd: data len=(%d)
flags=(%d) version=(%d) DEBUG Processing PEAP message: ERROR ERROR
Got PEAP/Start packet. DEBUG Indicated length not valid: ERROR ERROR
Did not get Acknowledged result:
Got first fragment DEBUG ERROR ERROR
Cannot understand AVP value:
Got fragment (n) DEBUG ERROR ERROR
Got last fragment DEBUG eapExtResp is NULL: ERROR ERROR
eapWscCtxCreate:
Got unfragmented message DEBUG EAPAUTH_MALLOC failed. ERROR
eapWscProcess: umiIoctl req to WSC
Got frag ack. DEBUG failed, status = %d ERROR
Ext AVP parsed: flags=(0x%x) DEBUG eapWscCheck: Invalid frame ERROR
Mandatory bit not set: WARNING DEBUG eapWscBuildReq: Invalid state %d ERROR
eapWscProcessWscResp: Invalid
Ext AVP parsed: type=(%d) DEBUG data recd pData = %p, dataLen" ERROR
Data received for invalid context,
Ext AVP parsed: value=(%d) DEBUG dropping it ERROR
eapWscProcessWscResp: Build
Got PEAPv0 success! DEBUG Request failed ERROR
eapWscProcessWscResp: Invalid
Got PEAPv0 failure! DEBUG state %d ERROR
eapWscProcessWscResp: Message
pCtx NULL. DEBUG processing failed 0x%X ERROR
254
eapWscProcessWscData: Invalid
Authenticator response check: Error DEBUG notification recd %d ERROR
Authenticator response check: Failed DEBUG unable to initialize MD5 ERROR
MDString: adpDigestInit for md5
MS-CHAP2 Response AVP size = %u DEBUG failed ERROR
Created EAP/MS-CHAP2 context: OK. DEBUG EAPAUTH_MALLOC failed. ERROR
pCtx NULL. DEBUG EAPAUTH_MALLOC failed. ERROR
Deleted EAP/MS-CHAPv2 context: OK DEBUG NULL context created: Error ERROR
Not authenticated yet. DEBUG NULL context received: Error ERROR
Authenticator response invalid DEBUG Authenticator ident invalid. ERROR
Success request message invalid:
EAP-MS-CHAPv2 password changed. DEBUG Error ERROR
rcvd. opCode %d. DEBUG Plugin context is NULL ERROR
pCtx NULL. DEBUG Deriving implicit challenge: Error ERROR
TLS message len changed in the
fragment, ignoring. DEBUG Generating NT response: Error ERROR
no data to send while fragment ack
received. DEBUG NULL in/out buffer: Error ERROR
TLS handshake successful. DEBUG Incorrect vendor id. ERROR
Allocating memory for outBuff:
Created EAP/TTLS context: OK DEBUG ERROR ERROR
Deleted EAP/TTLS context: OK DEBUG AVP code not recognized ERROR
No more fragments in message.
ERROR DEBUG EAPAUTH_MALLOC failed. ERROR
Upper EAP sent us: method state = %d; Converting password to unicode:
decision = %d DEBUG Error ERROR
P2: sending fragment. DEBUG Generating password hash: Error. ERROR
Generating password hash hash:
P2 send unfragmented message. DEBUG Error. ERROR
P1: sending fragment. DEBUG Generating master key: Error. ERROR
Generating first 16 bytes of session
P1: sending unfragmented message. DEBUG key: Error.n ERROR
Generating second 16 bytes of
\tTLSMsgLen = 0x%x DEBUG session key: Error.n ERROR
Send req ptr = 0x%x; Send resp ptr = Converting password to unicode:
0x%x DEBUG Error ERROR
Constructing failure response:
P2 decision=(%d); methodState=(%d) DEBUG ERROR ERROR
Default EAP: method state = %d; Error checking authenticator
decision = %d DEBUG response. ERROR
TTLS pkt: data len=(%d) flags=(0x%x) DEBUG Error generating NT response. ERROR
Username string more than 256
Got start DEBUG ASCII characters: ERROR ERROR
Got first fragment (n). DEBUG Invalid Value-Size. ERROR
Invalid MS-Length. Got (%d),
Got fragment (n). DEBUG expected (%d) ERROR
Got last fragment DEBUG Error constructing response. ERROR
Got unfragmented message. DEBUG Got type (%d), expecting (%d) ERROR
Cannot handle message; opCode =
Got frag ack. DEBUG %d ERROR
Rcvd. AVP Code-%u: flags-0x%x: len-
%u: vendorId-%u: " DEBUG EAPAUTH_MALLOC failed. ERROR
MOD EAP: method state from upper =
%d; decision = %d DEBUG tlsGlueCtxCreate failed. ERROR
255
Got AVP len = %ul. Should be less than client certificate must be set in the
16777215 DEBUG profile. ERROR
AVP length extract: Error DEBUG received TLS message length too big. ERROR
total frags len > initial total TLS
pFB is NULL DEBUG length. ERROR
Requesting message before assembly total frags len > initial total TLS
complete DEBUG length. ERROR
total data rcvd(%d) doesnt match the
pFB is NULL DEBUG initial " ERROR
pFB is NULL DEBUG couldnt write %d data to TLS buffer. ERROR
invalid flags %s passed to
Buffer cannot hold message: ERROR DEBUG eapTlsBuildResp. ERROR
pFB is NULL: Error DEBUG EAPAUTH_MALLOC failed. ERROR
pFB is NULL DEBUG tlsGlueCtxCreate failed. ERROR
TLS_FB* is NULL. DEBUG Context NULL: ERROR ERROR
pFB->msgBuff is NULL. DEBUG Setting profile to glue layer: ERROR. ERROR
Error calculating binary. DEBUG _eapCtxCreate failed. ERROR
%d authentication not enabled in the
Error calculating binary. DEBUG system. ERROR
Initializing inner non-EAP auth plugin:
adpDigestInit for SHA1 failed. DEBUG ERROR ERROR
adpDigestInit for SHA1 failed. DEBUG TTLS key derive: ERROR ERROR
TTLS context from EAP plugin is
E = %d DEBUG NULL: ERROR ERROR
Allocating memory for TTLS Phase 2
R = %d DEBUG payload: ERROR ERROR
Could not initialize des-ecb DEBUG TLS Encrypting response: ERROR ERROR
Allocating TLS read buffer is NULL:
adpDigestInit for MD4 failed. DEBUG ERROR ERROR
Inner authentication (id: %d)
adpDigestInit for SHA1 failed. DEBUG unhandled ERROR
adpDigestInit for SHA1 failed. DEBUG innerEapRecv is NULL: ERROR. ERROR
Error converting received auth reponse
to bin. DEBUG Decrypting TLS data: ERROR ERROR
Gnerating challenge hash: Error DEBUG Processing Phase 2 method: Error ERROR
Generating password hash: Error DEBUG Writing message to BIO: ERROR. ERROR
Generating challenge response: Error DEBUG TLS handshake: ERROR. ERROR
Unexpected tlsGlueContinue return
Conn cipher name=%s ver=%s: %s DEBUG value. ERROR
Send req ptr = 0x%x; Send resp ptr = NULL request (or response) PDU or
0x%x DEBUG NULL context ERROR
Request ptr = 0x%x; DEBUG Protocol version mismatch: ERROR ERROR
Response ptr = 0x%x DEBUG Creating receive buffer: ERROR ERROR
Rcvd. AVP Code - %ul DEBUG Setting first fragment: ERROR ERROR
Rcvd. AVP flags - 0x%02x DEBUG Setting fragment: ERROR ERROR
Rcvd. AVP len - %ul DEBUG Setting last fragment: ERROR ERROR
Rcvd. AVP vendor id - %ul DEBUG Getting message: ERROR ERROR
\tCode = %d DEBUG Processing TTLS message: ERROR ERROR
\tIdent = %d DEBUG Processing TTLS message: ERROR ERROR
\tLen = %d DEBUG Processing TTLS message: ERROR ERROR
\tType = %d DEBUG Decapsulating AVP: ERROR ERROR
\tOpCode = %d DEBUG Processing EAP receive: Error ERROR
\tMSID = %d DEBUG AVP code not EAP: Error ERROR
256
\tmsLen = %d DEBUG Encapsulating AVP: ERROR ERROR

\tvalSize = %d DEBUG profile %s doesnt exist. ERROR
Frag Buffer bytes left = (%d) DEBUG profile %s is in use. ERROR
Stripped username=(%s) DEBUG profile %s already exists. ERROR
digestLen = %d. DEBUG EAPAUTH_MALLOC failed ERROR
ClearText = DEBUG User not found. ERROR
EAP-MD5 not enabled in system
CipherText = DEBUG configuration. ERROR
EAP-MSCHAPV2 not enabled in
digestLen = %d. DEBUG system configuration. ERROR
EAP-TLS not enabled in system
digestLen1 = %d. DEBUG configuration. ERROR
EAP-TTLS not enabled in system
digestLen2 = %d. DEBUG configuration. ERROR
password change is not allowed for this EAP-PEAP not enabled in system
user DEBUG configuration. ERROR
EAP-WSC not enabled in system
completed writing the policy DEBUG configuration. ERROR
PAP not enabled in system
completed writing the SA DEBUG configuration. ERROR
CHAP not enabled in system
completed writing the proposal block DEBUG configuration. ERROR
MSCHAP not enabled in system
cmdBuf: %s DEBUG configuration. ERROR
X509_DEBUG : Invalid Certificate for MSCHAPV2 not enabled in system
the generated" DEBUG configuration. ERROR
X590_ERROR : Failed to create File PAP/Token not enabled in system
'%s' DEBUG configuration. ERROR
EAP-MD5 not enabled in system
x509TblHandler DEBUG configuration. ERROR
EAP-MSCHAPV2 not enabled in
pCertType: %s DEBUG system config. ERROR
EAP-TLS not enabled in system
pRowQueryStr: %s DEBUG configuration. ERROR
EAP-TTLS and EAP-PEAP are not
x509SelfCertTblHandler DEBUG valid as inner" ERROR
pRowQueryStr: %s DEBUG invalid innerAuth %d. ERROR
opCode:%d rowId:%d DEBUG profile %s doesnt exist. ERROR
Re-assembling fragments incorrect
umiRegister failed ERROR size ERROR
eapAuthHandler: Invalid data received ERROR Error creating cipher context. ERROR
EAPAUTH_MALLOC failed. ERROR Error initializing cipher context. ERROR
malloc failed. ERROR Error creating digest context. ERROR
BIO_new_mem_buf failed. ERROR Error initializing digest context. ERROR
malloc failed. ERROR Error initializing DES in Klite ERROR
BIO_new_mem_buf failed. ERROR Error initializing MD4 in Klite ERROR
SSL_CTX_new (TLSv1_client_method)
failed. ERROR Error initializing RC4 in Klite ERROR
unable to set user configured CIPHER
list %s ERROR Error initializing SHA in Klite ERROR
Certificate verification failed. ERROR Error cleaning cipher context. ERROR
Server name match failed. Got (%s)
expected " ERROR Error destroying cipher context. ERROR
257
SSL_CTX_use_certificate_file (cert,
PEM) failed. ERROR Error cleaning digest context. ERROR
SSL_CTX_use_PrivateKey_file failed. ERROR Error destroying digest context. ERROR
private key does not match public key ERROR Error stripping domain name. ERROR
SSL_CTX_load_verify_locations failed ERROR Error cleaning digest context. ERROR
SSL_new failed. ERROR Error cleaning digest context. ERROR
Both SSL_VERIFY_PEER and Challenge not present in failure
SSL_VERIFY_NONE set: Error ERROR packet. ERROR
EAPAUTH_MALLOC failed. ERROR Wrong challenge length. ERROR
Incorrect password change version
EAPAUTH_MALLOC failed. ERROR value. ERROR
eapTimerCreate failed. ERROR Error generating password hash. ERROR
eapCtxDelete:pCtx == NULL ERROR Error generating password hash. ERROR
eapRole != EAP_ROLE_PEER or Error encrypting password hash with
EAP_ROLE_AUTHENTICATOR ERROR block ERROR
pEapCtx == NULL or pPDU == NULL. ERROR Could not initialize des-ecb ERROR
received EAP pdu bigger than
EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR
received EAP pdu bigger than
EAP_MTU_SIZE. ERROR Error cleaning cipher context. ERROR
state machine is in invalid state. ERROR Error cleaning digest context. ERROR
unable to create method context. ERROR Error cleaning digest context. ERROR
method ctxCreate failed. ERROR adpDigestInit for SHA1 failed. ERROR
method profile set failed. ERROR X509_ERROR : .Query:%s ERROR
X509_ERROR : Invalid Certificate for
state machine is in invalid state. ERROR the " ERROR
Only StandAlone authenticator
supported currently. ERROR invalid x509 certificate ERROR
state machine is in invalid state. ERROR Couldn't get the x509 cert hash ERROR
BuildReq operation failed ERROR Memory allocation failed ERROR
No method ops defined for current
method ERROR FileName too lengthy ERROR
Process operation failed ERROR Couldn't execute command ERROR
state machine is in invalid state. ERROR Memory allocation failed ERROR
Packet length mismatch %d, %d ERROR Memory allocation failed ERROR
eapAuthTypeToType: Invalid
eapAuthType %d ERROR invalid certificate data ERROR
eapTypeToAuthType: Invalid eapType
%d ERROR .Query:%s ERROR
unable to create method context. ERROR .Query:%s ERROR
method ctxCreate failed. ERROR Memory allocation failed ERROR
Invalid condition, methodState = %d, X509_ERROR : Failed to validate the
respMethod = %d ERROR certficate " ERROR
A EAP Ctx map already exists ERROR Memory allocation failed ERROR
eapTimerCreate: Currently unsupported
for Peer role ERROR .Query:%s ERROR
eapTimerStart: Currently unsupported
for Peer role ERROR Invalid Sign Key Length : %d ERROR
eapTimerDestroy: Currently
unsupported for Peer role ERROR Invalid Hash Alg : %d ERROR
eapTimerCancel: Currently unsupported
for Peer role ERROR Invalid Sign Alg : %d ERROR
eapTimerHandler: Currently
unsupported for Peer role ERROR No Memory Available ERROR
258
pCtx is NULL: ERROR ERROR Certificate Request Failed ERROR

tlsGlueCtxCreate failed ERROR File Open Failed ERROR
eapVars is NULL ERROR File is Empty ERROR
Context NULL: ERROR ERROR Memory Allocation Failed ERROR
Initializing inner EAP auth: ERROR ERROR File Open Failed ERROR
pCtx is NULL: ERROR ERROR File is Empty ERROR
Memory Allocation Failed ERROR Error in executing DB update handler ERROR
Facility: System (Admin)

Usage:%s <DBFile> DEBUG unable to register to UMI ERROR
Could not open database: %s DEBUG sqlite3QueryResGet failed ERROR
CPU LOG File not found DEBUG radSendtoServer: socket: %s ERROR
radSendtoServer: bind() Failed: %s:
MEM LOG File not found DEBUG %s ERROR
cpuMemUsageDBUpdateHandler: radRecvfromServer: recvfrom()
update query: %s DEBUG Failed: %s ERROR
radRecvfromServer: Packet too small
Printing the whole list after inserting DEBUG from %s:%d: %s ERROR
%s at %d(minute) %d(hour) radCheckMsgAuth: Invalid Message-
%d(dayOfMonth) %d(month)" DEBUG Authenticator length in" ERROR
adpCmdExec exited with return radDictLoad: couldn't open dictionary
code=%d DEBUG %s: %s ERROR
radBuildAndSendReq: Invalid
%s op=%d row=%d DEBUG Request Code %d ERROR
radPairAssign: bad attribute value
sqlite3_mprintf failed DEBUG length ERROR
radPairAssign: unknown attribute
sqlite3QueryResGet failed: query=%s DEBUG type %d ERROR
Printing the whole list after delete DEBUG radPairNew: unknown attribute %d ERROR
%s at %d(minute) %d(hour) radPairGen: Attribute(%d) has invalid
%d(dayOfMonth) %d(month)" DEBUG length ERROR
radPairValue: unknown attribute type
Printing the whole list after inserting DEBUG %d ERROR
%s at %d(minute) %d(hour) radPairValueLen: unknown attribute
%d(dayOfMonth) %d(month)" DEBUG type %d ERROR
radPairLocate: Attribute(%d) has
email logs: No logging events enabled DEBUG invalid length ERROR
radPairUnpackDefault: Unknown-
%s DEBUG Attribute[%d]: ERROR
Mail sent and the Database is reset. DEBUG radConfigure: can't open %s: %s ERROR
radConfigure: %s: line %d: bogus
Disabled syslog server DEBUG format: %s ERROR
radConfAssert: No AuthServer
Event logs are full, sending logs to email DEBUG Specified ERROR
radConfAssert: No Default Timeout
Email logs sending failed DEBUG Specified ERROR
radConfAssert: No Default Retry
Packing attribute: %s DEBUG Count Specified ERROR
radExtractMppeKey: Invalid MS-
Server found: %s, secret: %s DEBUG MPPE-Key Length ERROR
259
Packed Auth. Reqest: code:%d, id:%d, radVendorMessage: Invalid Length in

len:%d DEBUG Vendor Message ERROR
radVendorMessage: Unknown
Sending Packet to %x:%d .... DEBUG Vendor ID received:%d ERROR
radVendorAttrGet: Invalid Length in
Receiving Reply Packet.... DEBUG Vendor Message ERROR
radVendorAttrGet: Unknown Vendor
Verified Reply Packet Integrity DEBUG ID:%d ERROR
radVendorMessagePack: Unknown
Generated Reply Attribute-Value pairs DEBUG Vendor ID:%d ERROR
radGetIPByName: couldn't resolve
Verified Message-Authenticator DEBUG hostname: %s ERROR
Unloaded RADIUS Dictionary DEBUG radGetHostIP: couldn't get hostname ERROR
radGetHostIP: couldn't get host IP
Adding Dictionary Attribute %s DEBUG address ERROR
Adding Dictionary Value %s DEBUG RADIUS dictionary loading failed ERROR
Loaded Dictionary %s DEBUG Failed to set default timeout value ERROR
Adding Dictionary Attribute '%s' DEBUG Failed to set default retries value ERROR
ERROR: incomplete DB update
Adding Dictionary Value %s DEBUG information. ERROR
old values result does not contain 2
Receiving attribute: %s DEBUG rows ERROR
Processing attribute: %s DEBUG sqlite3QueryResGet failed ERROR
Processing attribute: %s DEBUG empty update. nRows=%d nCols=%d ERROR
Processing attribute: %s DEBUG Error in executing DB update handler ERROR
Processing attribute: %s DEBUG sqlite3QueryResGet failed ERROR
radConfGet: " DEBUG Invalid SQLITE operation code - %d ERROR
Added Server %s:%d with " DEBUG sqlite3QueryResGet failed ERROR
Added Server %s:%d with " DEBUG empty result. nRows=%d nCols=%d ERROR
Default Timeout Set to %d DEBUG sqlite3QueryResGet failed ERROR
Default Retry Count Set to %d DEBUG empty result. nRows=%d nCols=%d ERROR
RADIUS Accounting Exchange
%s - %s : %d DEBUG Failed ERROR
Deleting Server %s:%d with " DEBUG Unable to set debug for radAcct. ERROR
Adding RowId:%d to Server %s:%d with Unable to set debug level for
" DEBUG radAcct. ERROR
rowIds: %d - %d DEBUG ERROR: option value not specified ERROR
Deleting Server %s:%d with " DEBUG ERROR: option value not specified ERROR
RADIUS Deconfigured DEBUG Unable to initialize RADIUS ERROR
radEapMsgQueueAdd: Invalid EAP
Found Option %s on line %d of file %s DEBUG packet length(%d) ERROR
radEapRecvTask: invalid EAP
Setting Option %s with value %s DEBUG code:%d ERROR
radEapRecvTask: Packet length
RADIUS Configured DEBUG mismatch %d, %d ERROR
No attributes received in Access-
%d : Server %s:%d with " DEBUG Challenge message ERROR
DBUpdate event: Table: %s opCode:%d No State Attribute in Access-
rowId:%d DEBUG Challenge message ERROR
Host IP address: %s DEBUG radEapRecvTask: " ERROR
Adding Packet for existing cookie:%p DEBUG failed to initialize UMI ERROR
Adding Packet and cookie:%p DEBUG umiRegister failed. errno=%d ERROR
Releasing Packet and cookie:%p DEBUG Invalid arguments to ioctl handler ERROR
260
Releasing Packet with cookie:%p DEBUG radEapSendRtn: Invalid Arguments ERROR

radEapSendRtn: failed to allocate
Received EAP-Identity from Pnac: %s DEBUG buffer ERROR
Filling User-Name: %s DEBUG umiIoctl failed ERROR
failed to initialize EAP message
Filling State: DEBUG queue ERROR
Filling EAP-Message: DEBUG Unable to set debug for radEap. ERROR
Filling Service-Type: %d DEBUG Unable to set debug level for radEap. ERROR
Filling Framed-MTU: %d DEBUG ERROR: option value not specified ERROR
Received Access-Challenge from
Server DEBUG ERROR: option value not specified ERROR
Sending Reply EAP Packet to Pnac DEBUG could not initialize MGMT framework ERROR
Error sending packet to Pnac DEBUG Unable to initialize RADIUS ERROR
RADIUS Authentication Failed; " DEBUG Unable to set debug for radEap. ERROR
RADIUS Authentication Successful; " DEBUG Unable to set debug level for radEap. ERROR
Got Packet with cookie:%p DEBUG ERROR: option value not specified ERROR
Next DNS Retry after 1 min DEBUG Unable to initialize RADIUS ERROR
Next Synchronization after" DEBUG Invalid username or password ERROR
Next Synchronization after" DEBUG Unable to set debug for radAuth. ERROR
Unable to set debug level for
Next Synchronization after %d \ DEBUG radAuth. ERROR
Primary is not available, " DEBUG ERROR: option value not specified ERROR
Secondary is not available, " DEBUG Unable to initialize RADIUS ERROR
Invalid username, challenge or
Invalid value for use default servers, " DEBUG response ERROR
No server is configured, " DEBUG Unable to set debug for radAuth. ERROR
Unable to set debug level for
Backing off for %d seconds DEBUG radAuth. ERROR
Requesting time from %s DEBUG ERROR: option value not specified ERROR
Synchronized time with %s DEBUG Unable to initialize RADIUS ERROR
Received KOD packet from %s DEBUG Invalid username or password ERROR
No suitable server found %s DEBUG usage : %s <DB fileName> ERROR
Received Invalid Length packet from %s DEBUG ntpd : umi initialization failed ERROR
Received Invalid Version packet from
%s DEBUG ntpd : ntpInit failed ERROR
Received Invalid Mode packet from %s DEBUG ntpd : ntpMgmtInit failed ERROR
There was an error while getting the
Request Timed out from %s DEBUG timeZoneChangeScript." ERROR
Looking Up %s DEBUG unexpected reply from %d cmd=%d ! ERROR
Timezone difference :%d DEBUG cmd %d not supported. caller %d ERROR
Could not open file: %s DEBUG default reached ERROR
Could not read data from file DEBUG Unable to initialize ntpControl ERROR
ntpMgmt : Couldn't open database
ntpTblHandler DEBUG %s ERROR
ERROR : incomplete DB update
status: %d DEBUG information ERROR
tz: %d DEBUG empty update. nRows=%d nCols=%d ERROR
DayLightsaving: %d DEBUG Error in executing DB update handler ERROR
pNtpControl-
>ServerNames[PRIMARY_SERVER]:
%s DEBUG requestNtpTime: Invalid addr ERROR
261
pNtpControl-
>ServerNames[SECONDARY_SERVE
R]: %s DEBUG failed to take lock for compId: %d ERROR
failed to convert ioctl args to buffer
DS: %d DEBUG for" ERROR
pPriServ %s DEBUG request timeout dst(%d) <-- src(%d) ERROR
pSecServ %s DEBUG failed to take lock for compId: %d ERROR
umiIoctlArgsToBuf: failed to allocate
Making request from %d --> %d DEBUG memory ERROR
sent request dst(%d) <-- src(%d) using umiRecvFrom: could not allocate
option %d DEBUG memory ERROR
received request too small!(%d bytes) DEBUG adpMalloc failed ERROR
context with ID: %d already
Received a UMI request from %d DEBUG registered ERROR
Failed to allocate memory for
sent a reply src(%d) ---> dst(%d) DEBUG creating UMI context ERROR
Failed to create recvSem for UMI
umiRegister (%x,%x,%x,%x) DEBUG context ERROR
srcId=%d(%s) --> destId=%d(%s) Failed to create mutex locks for UMI
cmd=%d inLen=%d outLen=%d DEBUG context ERROR
Failed to create mutex recvQLock for
waiting for reply...Giving Up DEBUG UMI context ERROR
No request in the list after semTake DEBUG Invalid arguments to umiIoctl ERROR
reply timeout DEBUG could not find the destination context ERROR
timeout after semTake DEBUG memPartAlloc for %d size failed ERROR
srcId=%d(%s) <-- destId=%d(%s)
cmd=%d DEBUG memPartAlloc for %d size failed ERROR
No Handler registered for this UMI
Un-registerting component with Id %d DEBUG context ERROR
failed to send ioctl request: dst(%d) <--- Couldn't find component with ID
src(%d) DEBUG (%d)," ERROR
processed a reply dst(%d) <-- src(%d) DEBUG id=%d handler=%x ERROR
request with no result option dst(%d) <-- Received NULL buffer in
src(%d) DEBUG umiBufToIoctlArgs() ERROR
usbMgmtInit: unable to open the
cmd = %s DEBUG database file %s ERROR
cmdstring is %s %s:%d DEBUG call to printConfig failed ERROR
Calling printerConfig binary ... DEBUG Failed to Disable Network Storage" ERROR
Some error occurred while removing
Calling unmount for USB ... DEBUG device ERROR
Some error occurred while removing
Calling mount for USB ... DEBUG device ERROR
usbdevice is %d %s:%d DEBUG Sqlite update failed ERROR
Query string: %s DEBUG Failed to enable printer properly ERROR
sqlite3QueryResGet failed.Query:%s DEBUG Failed to mount device on system ERROR
%s: 1. usb is already disconnected for Failed to enable network storage
old usb type. " DEBUG device" ERROR
%s: 2.call disable for new usb type ! DEBUG Failed to mount device on system ERROR
%s: 3. usb is already disconnected for
old usb type. " DEBUG Sqlite update failed ERROR
%s: 4. Disabled old usb type . Now " DEBUG USB1 Touch failed ERROR
usbdevice is %d %s:%d DEBUG USB2 Touch failed ERROR
USB: failed to begin transaction: %s DEBUG Sqlite update failed ERROR
USB: SQL error: %s pSetString = %s DEBUG Failed query: %s ERROR
262
Failed to execute usb database

USB: failed to commit transaction: %s DEBUG update handler ERROR
Usage:%s <DBFile> <opType>
USB: updated table: %s DEBUG <tblName> <rowId> ERROR
USB: returning with status: %s DEBUG Illegal invocation of snmpConfig (%s) ERROR
opCode:%d rowId:%d DEBUG Invalid Community Access Type ERROR
executing %s status =%d DEBUG Invalid User Access Type ERROR
executing %s DEBUG Invalid Security Level ERROR
%s returned status=%d DEBUG Invalid Authentication Algorithm ERROR
%s returned status=%d DEBUG Invalid Privacy Algorithm ERROR
snmpd.conf not found DEBUG Invalid Argument ERROR
[SNMP_DEBUG] : Fwrite Successful DEBUG engineID ERROR
[SNMP_DEBUG]: Failed to get host
[SNMP_DEBUG] : Fwrite failed DEBUG address ERROR
radPairGen: received unknown attribute
%d of length %d WARN [SNMP_DEBUG] : FOPEN failed ERROR
radPairGen: %s has unknown type WARN sqlite3QueryResGet failed.Query:%s ERROR
radPairLocate: unknown attribute %ld of
length %d WARN sqlite3QueryResGet failed.Query:%s ERROR
radPairLocate: %s has unknown type WARN Invalid Security Level ERROR
Illegal invocation of cpuMemUsage (%s) ERROR Invalid Authentication Algorithm ERROR
cpuMemUsageDBUpdateHandler: SQL
error: %s ERROR Invalid Privacy Algorithm ERROR
unable to open the DB file %s ERROR Failed to Get Host Address ERROR
umiInit failed ERROR Invalid version ERROR
unable to register to UMI ERROR snmp v3 Trap Configuration Failed ERROR
Error Reading from the Database. ERROR sqlite3QueryResGet failed query:%s ERROR
short DB update event request! ERROR sqlite3QueryResGet failed.Query:%s ERROR
Failed to Open Snmp Configuration
Error in executing DB update handler ERROR File ERROR
adpListNodeRemove : Returned with
an error ERROR Failed to write access control entries ERROR
command too long. Try increasing " ERROR Failed to write snmpv3 users entries ERROR
failed to allocate memory for
CRON_NODE ERROR Failed to write snmp trap entries ERROR
sqlite3QueryResGet failed ERROR Failed to write system entries. ERROR
There was an error while reading the
schedules. ERROR Failed to restart snmp ERROR
unable to register to UMI ERROR %s failed with status ERROR
short DB update event request! ERROR Error in executing DB update handler ERROR
malloc(DB_UPDATE_NODE) failed ERROR %s: Unable to open file: %s ERROR
short ifDev event request! ERROR RADVD start failed ERROR
sqlite3_mprintf failed ERROR RADVD stop failed ERROR
failed to create/open RADVD
no component id matching %s ERROR configuration file %s ERROR
umiIoctl (%s,
UMI_CMD_DB_UPDATE(%d)) failed. ERROR Restoring old configuration.. ERROR
failed to write/update RADVD
sqlite3_mprintf failed ERROR configuration file ERROR
sqlite3_mprintf failed ERROR upnpDisableFunc failed ERROR
no component id matching %s ERROR upnpEnableFunc failed ERROR
263
umiIoctl (%s,
UMI_CMD_IFDEV_EVENT(%d)) failed. ERROR sqlite3QueryResGet failed.Query:%s ERROR
klogctl(9) failed ERROR Error in executing DB update handler ERROR
malloc failed for %d bytes ERROR unable to open the DB file %s ERROR
klogctl(4) failed ERROR umiInit failed ERROR
emailLogs: Invalid Number of
Arguments!! Exiting. ERROR unable to register to UMI ERROR
sqlite3QueryResGet failed ERROR short DB update event request! ERROR
Could not execute the smtpClient. ERROR short ifDev event request! ERROR
Error while cleaning the
database.Exiting. %s ERROR sqlite3_mprintf failed ERROR
%s failed. status=%d ERROR
Facility: System (Firewall)

Enabling rule for protocol binding. DEBUG Disable all NAT rules. DEBUG
Disabling rule for protocol binding. DEBUG Enable all NAT rules. DEBUG
Enabling Remote SNMP on WAN. DEBUG Enabling NAT URL filter rules. DEBUG
Disabling Remote SNMP on WAN DEBUG Restarting all NAT rules. DEBUG
wan traffic counters are restared DEBUG Deleting schedule based firewall rules. DEBUG
Deleting schedule based firewall rules
Traffic limit has been reached DEBUG from DB. DEBUG
Traffic meter monthly limit has been Update schedule based firewall rules
changed to %d. DEBUG in DB. DEBUG
Enabling traffic meter for only dowload. DEBUG Restart schedule based firewall rules. DEBUG
Enabling traffic meter for both
directions. DEBUG inter vlan routing enabled DEBUG
Enabling traffic meter with no limit. DEBUG inter vlan routing disabled DEBUG
Email alert in traffic meter disabled. DEBUG Disabling Content Filter for %d DEBUG
Email alert in traffic meter enabled. DEBUG Enabling Content Filter for %d DEBUG
Traffic Meter:Monthly limit %d MB has ./src/firewall/linux/user/firewalld.c:59:#
been " DEBUG undef ADP_DEBUG2 DEBUG
Traffic Metering: Adding rule to drop all ./src/firewall/linux/user/firewalld.c:61:#
traffic DEBUG define ADP_DEBUG2 printf DEBUG
Traffic Metering: %sabling Email traffic DEBUG Enabling Source MAC Filtering DEBUG
Disabling attack checks for IPv6 rules. DEBUG Disabling Source MAC Filtering DEBUG
Adding MAC Filter Policy for Block &
Enabling attack checks for IPv6 rules. DEBUG Permit Rest DEBUG
Configuring one to one NAT settings Adding MAC Filter Policy for Permit &
with %s private start IP " DEBUG Block Rest DEBUG
Deleting forward one to one NAT Restarting Source MAC Address
having setting %s private start" DEBUG Policy DEBUG
Disabling attack check for Block ping to Disabling Firewall Rule for DHCP
WAN interface. DEBUG Relay Protocol DEBUG
Disabling attack check for Stealth mode Enabling Firewall Rule for DHCP
for tcp DEBUG Relay Protocol DEBUG
Disabling attack check for Stealth mode prerouting Firewall Rule add for Relay
for udp DEBUG failed DEBUG
prerouting Firewall Rule add for Relay
Disabling attack check for TCP Flood. DEBUG failed DEBUG
264
Deleting MAC Filter Policy for Address

Disabling attack check for UDP Flood. DEBUG %s DEBUG
Adding MAC Filter Policy for Address
Disabling attack check for IPsec. DEBUG %s DEBUG
Disabling attack check for PPTP. DEBUG Disabling Firewall Rules for DMZ host DEBUG
Disabling attack check for L2TP. DEBUG Enabling Firewall Rules for DMZ host DEBUG
Disabling Firewall Rules for Spill Over
Disabling attack check for UDP Flood. DEBUG Load Balancing DEBUG
Disabling Firewall Rules for Load
Disabling attack check for IPsec. DEBUG Balancing DEBUG
Enabling Firewall Rules for Load
Disabling attack check for PPTP. DEBUG Balancing DEBUG
Enabling Firewall Rules for Spill Over
Disabling attack check for L2TP. DEBUG Load Balancing DEBUG
Enabling attack check for Block ping to Enabling Firewall Rules for Auto
WAN " DEBUG Failover DEBUG
Enabling attack check for Stealth Mode Enabling Firewall Rules for Load
for tcp. DEBUG Balancing . DEBUG
Enabling attack check for Stealth Mode Enabling Firewall Rules for Spill Over
for udp. DEBUG Load Balancing . DEBUG
Enabling Firewall Rules for Auto
Enabling attack check for TCP Flood. DEBUG Failover DEBUG
Enabling attack check for UDP Flood. DEBUG Deleting BlockSites Keyword \ DEBUG
Enabling attack check for IPsec. DEBUG Enabling BlockSites Keyword \ DEBUG
Enabling attack check for PPTP. DEBUG Disabling BlockSites Keyword \ DEBUG
Enabling attack check for L2TP. DEBUG Updating BlockSites Keyword from \ DEBUG
Enabling attack check for UDP Flood. DEBUG Inserting BlockSites Keyword \ DEBUG
Enabling attack check for IPsec. DEBUG Deleting Trusted Domain \ DEBUG
Enabling attack check for PPTP. DEBUG Adding Trusted Domain \ DEBUG
Restarting Schedule Based Firewall
Enabling attack check for L2TP. DEBUG Rules DEBUG
Enabling DoS attack check with %d
SyncFlood detect rate, " DEBUG Enabling Remote SNMP DEBUG
Disabling DoS attack check having %d
SyncFlood detect rate," DEBUG Disabling Remote SNMP DEBUG
Enabling ICSA Notification Item for
ICMP notification. DEBUG Enabling Remote SNMP DEBUG
Fragmented Packets. DEBUG Disabling DOS Attacks DEBUG
Multi cast Packets. DEBUG Enabling DOS Attacks DEBUG
Disabling ICSA Notification Item for
ICMP notification. DEBUG Enabling DOS Attacks DEBUG
Disabling ICSA Notification Item for
Fragmented Packets. DEBUG Restarting Firewall [%d]:[%d] For %s DEBUG
Disabling ICSA Notification Item for restartStatus = %d for LogicalIfName
Multi cast Packets. DEBUG = %s DEBUG
Adding IP/MAC binding rule for %s
MAC address " DEBUG Deleting Lan Group %s DEBUG
Deleting IP/MAC binding rule for %s
MAC " DEBUG Adding Lan Group %s DEBUG
./src/firewall/linux/user/firewalld.c:60:#u
ndef ADP_DEBUG DEBUG Deleting lan host %s from group %s DEBUG
./src/firewall/linux/user/firewalld.c:62:#d
efine ADP_DEBUG printf DEBUG Adding lan host %s from group %s DEBUG
Restarting traffic meter with %d mins, Disabling Firewall Rule for IGMP
%d hours, " DEBUG Protocol DEBUG
265
Updating traffic meter with %d mins, Enabling Firewall Rule for IGMP
%d hours, " DEBUG Protocol DEBUG
Deleting IP/MAC Bind Rule for MAC
Deleting traffic meter. DEBUG address %s and IP " DEBUG
Adding IP/MAC Bind Rule for MAC
Disabling block traffic for traffic meter. DEBUG address %s and IP DEBUG
Deleting Protocol Bind Rule for
Enabling traffic meter. DEBUG Service %s DEBUG
Adding lan group %s. DEBUG Service %s DEBUG
Deleting lan group %s. DEBUG Service %s DEBUG
Adding Protocol Bind Rule for Service
Renaming lan group from %s to %s. DEBUG %s DEBUG
Deleting host %s from %s group. DEBUG %s Session Settings DEBUG
Adding host %s to %s group. DEBUG Restarting IPv6 Firewall Rules... DEBUG
Enabling Keyword blocking for %s Deleting Port Trigger Rule for
keyword. DEBUG %d:%d:%d:%d:%d DEBUG
Disabling keyword Blocking for %s Deleting Port Trigger Rule for
keyword . DEBUG %d:%d:%d:%d:%d DEBUG
Deleting trusted domain with keyword Enabling Port Trigger Rule for
%s. DEBUG %d:%d:%d:%d:%d DEBUG
Disabling Port Trigger Rule for
Adding %s keyword to trusted domain. DEBUG %d:%d:%d:%d:%d DEBUG
Enabling Management Access from Enabling Port Trigger Rule for
Internet on port %d DEBUG %d:%d:%d:%d:%d DEBUG
Enabling remote access management Disabling Port Trigger Rule for
for IP address range" DEBUG %d:%d:%d:%d:%d DEBUG
Enabling remote access management Adding Port Trigger Rule for
to only this PC. DEBUG %d:%d:%d:%d:%d DEBUG
Disabling Management Access from
Internet on port %d DEBUG Enabling Content Filter DEBUG
Disabling remote access management
for IP address range" DEBUG Disabling Content Filter DEBUG
Disabling remote access management
only to this PC. DEBUG Enabling Content Filter DEBUG
MAC Filtering %sabled for BLOCK and Setting NAT mode for pLogicalIfName
PERMIT REST. DEBUG = %s DEBUG
MAC Filtering %sabled for PERMIT and
BLOCK REST. DEBUG Enabling DROP for INPUT DEBUG
Enabling Content Filtering. DEBUG Enabling DROP for FORWARD DEBUG
Disabling Content Filtering. DEBUG Enabling NAT based Firewall Rules DEBUG
Deleting rule, port triggering for protocol Setting transparent mode for
TCP. DEBUG pLogicalIfName \ DEBUG
Deleting rule, port triggering for protocol
UDP. DEBUG Enabling Accept for INPUT DEBUG
Deleting rule, port triggering for protocol
TCP. DEBUG Enabling Accept for FORWARD DEBUG
Deleting rule, port triggering for protocol Setting Routing mode for
UDP. DEBUG pLogicalIfName \ DEBUG
Enabling rule, port triggering for
protocol TCP. DEBUG Enabling DROP for INPUT DEBUG
protocol UDP. DEBUG Enabling DROP for FORWARD DEBUG
protocol TCP. DEBUG Disabling NAT based Firewall Rules DEBUG
Enabling rule, port triggering for Enabling Firewall Rules for URL
protocol UDP. DEBUG Filtering & " DEBUG
266
Enabling DNS proxy. DEBUG Adding Firewall Rule for RIP Protocol DEBUG
Restarting Schedule Based Firewall
Restarting DNS proxy. DEBUG Rules DEBUG
enabling IPS checks between %s and
checking DNS proxy for Secure zone. DEBUG %s zones. DEBUG
disabling IPS checks between %s and
checking DNS proxy for Public zone. DEBUG %s zones. DEBUG
Enabling Block traffic from %s zone. DEBUG Stopping IPS...%s DEBUG
Configuring firewall session settings for
" DEBUG IPS started. DEBUG
Disabling DMZ DEBUG Route already exists DEBUG
Route addition failed: Network
Disabling WAN-DMZ rules . DEBUG Unreachable DEBUG
Enabling WAN DMZ rules . DEBUG Route addition failed: Network is down DEBUG
Restarting DMZ rule having %s address
with %s address. DEBUG Route addition failed DEBUG
Enabling LAN DHCP relay. DEBUG Failed to add rule in iptables DEBUG
OneToOneNat configured successfully DEBUG Failed to delete rule from iptables DEBUG
fwLBSpillOverConfigure: Something
OneToOneNat configuration failed DEBUG going wrong here ERROR
fwLBSpillOverConfigure: unable to get
Deleting scheduled IPv6 rules. DEBUG interfaceName ERROR
delete from FirewallRules6 where fwLBSpillOverConfigure: Could not set
ScheduleName = '%s'. DEBUG PREROUTING rules ERROR
Update FirewallRules6 where fwLBSpillOverConfigure: Could not set
ScheduleName = '%s' to New " DEBUG POSTROUTING rules ERROR
fwLBSpillOverConfigure: Something
Dns proxy Restart failed DEBUG going wrong Here ERROR
fwL2TPGenericRules.c: unable to
deleting interface to ifgroup failed DEBUG open the database file " ERROR
fwL2TPGenericRules.c: inet_aton
adding interface to ifgroup failed DEBUG failed ERROR
deleting interface pVirtIface %s from fwPPTPGenericRules.c: unable to
ifgroup %d" DEBUG open the database file " ERROR
adding interface pVirtIface %s to fwPPTPGenericRules.c: inet_aton
ifgroup %d failed DEBUG failed ERROR
DNS proxy firewall rule add failed for
Deleting IP address %s. DEBUG %s ERROR
deleting interface %s from ifgroup %d
Adding new IP address %s. DEBUG failed ERROR
Updating old IP address %s to new IP adding interface %s to ifgroup %d
address %s. DEBUG failed ERROR
Restarting Firewall For %s Address nimfBridgeTblHandler: unable to get
Update from %s:%s DEBUG interfaceName ERROR
Disabling Firewall Rule for MSS packet
marking DEBUG nimfBridgeTblHandler: \ ERROR
Enabling Firewall Rule for MSS packet
marking DEBUG nimfBridgeTblHandler: unable to get \ ERROR
Enabling packet marking rule for %s Failed to %s traffic from %s to %s to
IDLE timer DEBUG IPS. ERROR
Deleted firewall rule %s for service %s Failed to %s traffic from %s to %s to
with action %s DEBUG IPS. ERROR
%s firewall rule %s for service %s with
action %s DEBUG failed to start IPS service. ERROR
Added firewall rule %s for service %s Timeout in waiting for IPS service to
with action %s DEBUG start. ERROR
267
Deleting inbound(WAN-LAN) firewall Usage:%s <DBFile> <opType>

rule. DEBUG <tblName> <rowId> " ERROR
Deleting inbound(WAN-DMZ) firewall xlr8NatConfig: illegal invocation of
rule. DEBUG (%s) ERROR
RIPng disabled. DEBUG Illegal invocation of [%s] ERROR
xlr8NatMgmtTblHandler: failed query:
RIPng enabled. DEBUG %s ERROR
Disable IPv6 firewall rule. DEBUG Could not open file: %s ERROR
Enable IPv6 firewall rule. DEBUG Rip Error Command Too Long ERROR
Deleting IGMP proxy rule. DEBUG No authentication for Ripv1 ERROR
Enable IGMP proxy rule. DEBUG Invalid Rip Direction ERROR
Restarting IGMP rule. DEBUG Invalid Rip Version ERROR
Traffic meter enabled with no limit type. DEBUG Invalid Password for 1st Key ERROR
Traffic meter enabled for only
download. DEBUG Invalid Time for 1st Key ERROR
Traffic meter enabled for both
directions. DEBUG Invalid Password for 2nd Key ERROR
Deleted firewall rule %s for service %s
with action %s DEBUG Invalid Time for 2nd Key ERROR
%s firewall rule %s for service %s with
action %s DEBUG Invalid First KeyId ERROR
Added firewall rule %s for service %s
with action %s DEBUG Invalid Second KeyId ERROR
Enabling Inter VLAN routing. DEBUG Invalid Authentication Type ERROR
Updating inter VLAN routing status. DEBUG ripDisable failed ERROR
Deleting inter VLAN routing. DEBUG ripEnable failed ERROR
Facility: Local0 (Wireless)

(node=%s) setting %s to val = %d DEBUG sqlite3QueryResGet failed ERROR
Custom wireless event: '%s' DEBUG sqlite3QueryResGet failed ERROR
Wireless event: cmd=0x%x len=%d DEBUG VAP(%s) set beacon interval failed ERROR
New Rogue AP
(%02x:%02x:%02x:%02x:%02x:%02x)
detected DEBUG VAP(%s) set DTIM interval failed ERROR
WPS session in progress, ignoring
enrolle assoc request DEBUG VAP(%s) set RTS Threshold failed ERROR
VAP(%s) set Fragmentation
ran query %s DEBUG Threshold failed ERROR
DBUpdate event: Table: %s opCode:%d
rowId:%d DEBUG VAP(%s) set Protection Mode failed ERROR
%sing VAPs using profile %s DEBUG VAP(%s) set Tx Power failed ERROR
%sing VAP %s DEBUG WDS Profile %s not found ERROR
ran query %s DEBUG Failed to initalize WPS on %s ERROR
%sing VAP instance %s DEBUG failed to get profile %s ERROR
VAP(%s) set Short Preamble failed DEBUG could not initialize MGMT framework ERROR
VAP(%s) set Short Retry failed DEBUG could not initialize MGMT framework ERROR
VAP(%s) set Long Retry failed DEBUG dot11VapBssidUpdt SQL error: %s ERROR
Decrypting context with key %s DEBUG sqlite3QueryResGet failed.Query:%s ERROR
KDOT11_GET_PARAM(IEEE80211_
Unknown IAPP command %d received. DEBUG IOC_CHANNEL) failed ERROR
268
Failed to get the channel setting for

unexpected reply from %d cmd=%d ! DEBUG %s ERROR
unexpected reply from %d cmd=%d ! DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Recvied DOT11_EAPOL_KEYMSG DEBUG sqlite3QueryResGet failed.Query:%s ERROR
shutting down AP:%s DEBUG profile %s not found ERROR
APCtx Found DEBUG sqlite3QueryResGet failed.Query:%s ERROR
Interface name and policy must be
APCtx Not-Found DEBUG specified ERROR
Interface name and policy must be
node not found *:*:*:%x:%x:%x DEBUG specified ERROR
error installing unicast key for %s DEBUG invalid ACL type %d ERROR
cmd =%d i_type =%d i_val=%d DEBUG interface name not specified ERROR
join event for new node %s DEBUG interface name not specified ERROR
wpa/rsn IE id %d/%d not supported DEBUG Invalid interface - %s specified ERROR
wpa IE id %d not supported DEBUG buffer length not specified ERROR
leave event for node %s DEBUG Invalid length(%d) specified ERROR
NodeFree request for node : %s DEBUG failed created iappdLock ERROR
installing key to index %d DEBUG failed to create cipher contexts. ERROR
iReq.i_val : %d DEBUG unable to register to UMI ERROR
pIfName : %s DEBUG iappSockInit() failed ERROR
iappInit got error, unregistering it with
iReq.i_val : %d DEBUG UMI ERROR
umiIoctl(UMI_COMP_UDOT11,%d,%
setting mode: %d DEBUG d) failed ERROR
Global counter wrapped, re- umiIoctl(UMI_COMP_KDOT11,%d,%
generating... DEBUG d) failed ERROR
Got
PNAC_EVENT_PREAUTH_SUCCESS
event for : %s DEBUG UDP failed, received Length is %d ERROR
event for non-existent node %s DEBUG umiIoctl(UMI_COMP_KDOT11, ERROR
PNAC_EVENT_EAPOL_START event umiIoctl(UMI_COMP_UDOT11,%d,%
received DEBUG d) \ ERROR
PNAC_EVENT_EAPOL_LOGOFF umiIoctl(UMI_COMP_KDOT11,%d,%
event received DEBUG d) \ ERROR
PNAC_EVENT_REAUTH event
received DEBUG No IAPP Node found for req id %d ERROR
PNAC_EVENT_AUTH_SUCCESS umiIoctl(UMI_COMP_UDOT11,%d,%
event received DEBUG d) \ ERROR
PNAC_EVENT_PORT_STATUS_CHAN umiIoctl(UMI_COMP_KDOT11,%d,%
GED event received DEBUG d) \ ERROR
umiIoctl(UMI_COMP_UDOT11,%d,%
unsupported event %d from PNAC DEBUG d) failed ERROR
event for non-existent node %s. Create
new node. DEBUG UDP socket is not created ERROR
Add new node to DOT11 Node list DEBUG UDP send failed ERROR
IAPP: socket (SOCK_STREAM)
Update dot11STA database DEBUG failed. ERROR
Add PMKSA to the list DEBUG IAPP: TCP connect failed to %s. ERROR
eapolRecvAuthKeyMsg: received key
message DEBUG cmd %d not supported.sender=%d ERROR
umiIoctl(UMI_COMP_KDOT11,%d,%
node not found DEBUG d) failed ERROR
eapolRecvKeyMsg: replay counter not IAPP-CACHE-NOTIFY-REQUEST
incremented DEBUG send to ERROR
269
eapolRecvKeyMsg: replay counter is not ./src/dot11/iapp/iappLib.c:1314:

same DEBUG ADP_ERROR ( ERROR
processing pairwise key message 2 DEBUG BSSID value passed is NULL ERROR
RSN IE matching: OK DEBUG reserved requestId is passed ERROR
processing pairwise key message 4 DEBUG interface name is NULL ERROR
processing group key message 2 DEBUG IP address value passed is NULL ERROR
processing key request message from
client DEBUG opening receive UDP socket failed ERROR
enabling broadcast for UDP socket
WPA version %2x %2x not supported DEBUG failed ERROR
opening receive TCP socket for new
(%s) group cipher %2x doesn't match DEBUG AP failed ERROR
./src/dot11/iapp/iappLib.c:1784:
(%s)Pairwise cipher %s not supported DEBUG ADP_ERROR( ERROR
(%s) authentication method %d not ./src/dot11/iapp/iappLib.c:1794:
supported DEBUG ADP_ERROR( ERROR
%s:Auth method=%s pairwise ./src/dot11/iapp/iappLib.c:1803:
cipher=%s IE size=%d DEBUG ADP_ERROR( ERROR
WPA version %2x %2x not supported DEBUG failed created dot11dLock. ERROR
Unable to obtain IE of type %d DEBUG failed initialize profile library. ERROR
PTK state changed from %s to %s DEBUG failed to create cipher contexts. ERROR
using PMKSA from cache DEBUG unable to register to UMI ERROR
PTK GK state changed from %s to %s DEBUG could not create MIB tree ERROR
GK state changed from %s to %s DEBUG unable to register to PNAC ERROR
Max registration attempts by DOT11
Sending PTK Msg1 DEBUG to PNAC exceeded ERROR
Sending PTK Msg3 DEBUG Creation of EAP WPS Profile Failed ERROR
umiIoctl(UMI_COMP_IAPP,%d )
Sending GTK Msg1 DEBUG failed ERROR
DOT11_RX_EAPOL_KEYMSG:
sending EAPOL pdu to PNAC... DEBUG unknown ifname %s ERROR
creating pnac authenticator with values
%d %d - %s DEBUG cmd %d not supported.sender=%d ERROR
Profile %s does not exist DEBUG inteface name passed is NULL ERROR
IAPP initialized. DEBUG BSSID passed is NULL ERROR
Encrypting context key=%s for DEBUG inteface name passed is NULL ERROR
could not find access point context for unable to allocate memory for
%s DEBUG DOT11_CTX ERROR
join event for existing node %s DEBUG unable to install wme mapping on %s ERROR
failed to send
PNAC_FORCE_AUTHORIZED " DEBUG unable to get %s mac address ERROR
failed to send PNAC_AUTHORIZED " DEBUG Failed to set %s SSID ERROR
failed to send
PNAC_VAR_KEY_AVAILABLE (TRUE)
" DEBUG Failed to set SSID broadcast status ERROR
failed to send
PNAC_VAR_KEY_TX_EN (TRUE) " DEBUG Failed to set PreAuth mode ERROR
failed to send
PNAC_VAR_KEY_TX_EN (FALSE) " DEBUG unable to install key ERROR
failed to send KDOT11_SET_PARAM:IEEE80211_I
PNAC_FORCE_AUTHORIZED " DEBUG OC_AUTHMODE failed ERROR
KDOT11_SET_PARAM:IEEE80211_I
failed to send PNAC_AUTHORIZED " DEBUG OC_PRIVACY failed ERROR
mic verification: OK DEBUG wpaInit failed ERROR
270
dot11InstallProfile: unable to get

pnacIfConfig: Invalid supplicant" DEBUG interface index ERROR
Failed to process user request DEBUG adpHmacInit(%s) failed ERROR
Failed to process user request - %s(%d) DEBUG interface %s not found ERROR
pnacIfConfigUmiIoctl: umiIoctl failed DEBUG AP not found on %s ERROR
pnacIfConfigUmiIoctl: usrPnac returned
%d DEBUG keyLen > PNAC_KEY_MAX_SIZE ERROR
%d DEBUG Invalid profile name passed ERROR
%d DEBUG Creation of WPS EAP Profile failed ERROR
pnacKernNotifier: invalid PAE
configuration " DEBUG unsupported command %d ERROR
From pnacEapDemoAuthRecv:
unsupported response " DEBUG device %s not found ERROR
From pnacEapDemoAuthRecv: invalid
codes received DEBUG unsupported command %d ERROR
From pnacRadXlateDemoRecv:
received unknown " DEBUG dot11NodeAlloc failed ERROR
From pnacRadXlateDemoRecv: invalid
codes received DEBUG Getting WPA IE failed for %s ERROR
Error from pnacRadXlateDemoRecv:
malloc failed DEBUG Getting WPS IE failed for %s ERROR
From pnacRadXlateRadPktHandle: Failed initialize authenticator for node
received a non-supported" DEBUG %s ERROR
Only md5 authentication scheme Failed to get the system up time while
currently supported. " DEBUG adding node %s ERROR
Message from authenticator: DEBUG error creating PNAC port for node %s ERROR
from pnacPDUXmit: bufsize = %d,
pktType = %d," DEBUG dot11NodeAlloc failed ERROR
pnacPDUXmit: sending eap packet.
code = %d, " DEBUG Invalid arguments. ERROR
pnacRecvRtn: no corresponding pnac
port pae found DEBUG umiIoctl(UMI_COMP_IAPP,%d) failed ERROR
sending unicast key DEBUG Invalid IE. ERROR
umiIoctl(UMI_COMP_KDOT11_VAP,
sending broadcast key DEBUG %d ) failed ERROR
from pnacAuthPAEDisconnected: umiIoctl(UMI_COMP_KDOT11,%d
calling pnacTxCannedFail DEBUG ,%d) failed ERROR
from pnacAuthPAEForceUnauth: calling KDOT11_SET_PARAM:IEEE80211_I
pnacTxCannedFail DEBUG OC_WME_CWMIN failed ERROR
state changed from %s to %s DEBUG OC_WME_CWMAX failed ERROR
PNAC user comp id not set. dropping KDOT11_SET_PARAM:IEEE80211_I
event %d DEBUG OC_WME_AIFS failed ERROR
KDOT11_SET_PARAM:80211_IOC_
sending event %d to %d DEBUG WME_TXOPLIMIT failed ERROR
requesting keys informantion from %d DEBUG OC_WME_ACM failed ERROR
pnacUmiPortPaeParamSet: error in KDOT11_SET_PARAM:IEEE80211_I
getting port pae DEBUG OC_WME failed ERROR
pnacUmiPortPaeParamSet: invalid
param - %d DEBUG invalid group cipher %d ERROR
pnacRecvASInfoMessage: Skey of KDOT11_SET_PARAM:IEEE80211_I
length %d set DEBUG OC_MCASTCIPHER failed ERROR
pnacRecvASInfoMessage: reAuthPeriod KDOT11_SET_PARAM:IEEE80211_I
set to: %d DEBUG OC_MCASTKEYLEN failed ERROR
271
pnacRecvASInfoMessage: suppTimeout KDOT11_SET_PARAM:IEEE80211_I

set to: %d DEBUG OC_UCASTCIPHERS failed ERROR
PORT SUCCESSFULLY DESTROYED DEBUG OC_KEYMGTALGS failed ERROR
creating physical port for %s DEBUG OC_WPA failed ERROR
pnacAuthInit: using defualt
pnacAuthParams DEBUG unknow cipher type = %d ERROR
pnacSuppInit: using defualt
pnacSuppParams DEBUG umiIoctl(UMI_COMP_IAPP,%d) failed ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG invalid media value=%d ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG invalid mediaOpt value=%d ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG invalid mode value=%d ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG dot11PnacIfCreate failed ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG wpaPRF failed ERROR
Error from
pnacCombinedStMachTriggerFunc: " DEBUG Error generating global key counter ERROR
Error from wpaCalcMic: unsupported key
pnacCombinedStMachTriggerFunc: " DEBUG descriptor version ERROR
Error from integrity failed. need to stop all
pnacCombinedStMachTriggerFunc: " DEBUG stations " ERROR
Error from couldn't find AP context for %s
pnacCombinedStMachTriggerFunc: " DEBUG interface ERROR
received a pdu on %s DEBUG dot11Malloc failed ERROR
pnacRecvMapi: protoType: %04x
pPhyPort->authToASSendRtn:%p DEBUG dot11Malloc failed ERROR
eapolRecvKeyMsg: unknown
port not found DEBUG descType =%d ERROR
from pnacRecvMapi: pkt body len = %d, eapolRecvKeyMsg: invalid descriptor
pktType = %d DEBUG version ERROR
from pnacPDUProcess: received eapolRecvKeyMsg: incorrect
PNAC_EAP_PACKET DEBUG descriptor version ERROR
eapolRecvKeyMsg: Ack must not be
from pnacPDUProcess: currentId = %d DEBUG set ERROR
from pnacPDUProcess: code = %d, eapolRecvKeyMsg: MIC bit must be
identifier = %d, " DEBUG set ERROR
from pnacPDUProcess: setting rxResp wpaAuthRecvPTKMsg2: unexpected
true DEBUG packet received ERROR
from pnacPDUProcess: code = %d, wpaAuthRecvPTKMsg2: mic check
identifier = %d, " DEBUG failed ERROR
wpaAuthRecvPTKMsg2: rsn ie
from pnacPDUProcess: received " DEBUG mismatch ERROR
wpaAuthRecvPTKMsg4: unexpected
from pnacPDUProcess: received " DEBUG packet received ERROR
from pnacPDUProcess: received wpaAuthRecvPTKMsg4:
PNAC_EAPOL_KEY_PACKET DEBUG keyDataLength not zero ERROR
wpaAuthRecvPTKMsg4: mic check
doing pnacTxCannedFail DEBUG failed ERROR
wpaAuthRecvGTKMsg2: unexpected
doing pnacTxCannedSuccess DEBUG packet received ERROR
doing pnacTxReqId DEBUG secureBit not set in GTK Msg2 ERROR
wpaAuthRecvGTKMsg2:
doing pnacTxReq DEBUG keyDataLength not zero ERROR
272
wpaAuthRecvGTKMsg2: mic check

doing pnacTxStart DEBUG failed ERROR
wpaAuthRecvKeyReq: unexpected
doing pnacTxLogoff DEBUG packet received ERROR
wpaAuthRecvKeyReq:
doing pnacTxRspId: 1st cond DEBUG keyDataLength not zero ERROR
wpaAuthRecvKeyReq: mic check
doing pnacTxRspId: entering 2nd cond DEBUG failed ERROR
from pnacTxRspId: code = %d, identifier
= %d, length = %d, " DEBUG invalid OUI %x %x %x ERROR
doing pnacTxRspId: 2nd cond DEBUG (%s) invalid OUI %x %x %x ERROR
doing pnacTxRspAuth: 1st cond DEBUG [%s:%d] Cipher in WPA IE : %x ERROR
doing pnacTxRspAuth: 2nd cond DEBUG (%s) invalid OUI %x %x %x ERROR
message for unknown port PAE DEBUG short WPA IE (length = %d) received ERROR
from pnacACToSuppRecvRtn: calling
pnacEapPktRecord DEBUG PTK state machine in unknown state. ERROR
from pnacEapPktRecord: code = %d,
identifier = %d, " DEBUG dot11InstallKeys failed ERROR
from pnacEapPktRecord: received group state machine entered into
success pkt DEBUG WPA_AUTH_GTK_INIT ERROR
from pnacEapPktRecord: received
failure pkt DEBUG dot11Malloc failed ERROR
from pnacEapPktRecord: received
request pkt DEBUG dot11Malloc failed ERROR
unknown EAP-code %d DEBUG dot11Malloc failed ERROR
Authenticator[%d]: DEBUG aesWrap failed ERROR
Auth PAE state = %s DEBUG unknown key descriptor version %d ERROR
Auth Reauth state = %s DEBUG dot11Malloc failed ERROR
Back auth state = %s DEBUG could not initialize AES128ECB ERROR
Supplicant[%d]: DEBUG could not initialize AES-128-ECB ERROR
Supp Pae state = %s DEBUG MD5 initialization failed ERROR
from pnacBackAuthFail: calling
pnacTxCannedFail DEBUG RC4 framework initialization failed ERROR
%s returned ERROR DEBUG PNAC framework initialization failed ERROR
pnacUmiIoctlHandler: cmd: %s(%d) DEBUG ERROR: option value not specified ERROR
%s not configured for 802.1x DEBUG ERROR: -u can be used only with -s ERROR
could not process PDU received from
the wire DEBUG ERROR: user-name not specified ERROR
pnacPDUForward: failed to foward the
received PDU DEBUG failed to enable debug ERROR
Creating PHY port with AUTH backend :
%s SendRtn: %p RecvRtn:%p DEBUG [%s]: failed to convert string to MAC " ERROR
pnacUmiAuthConfig: %s not configured
for 802.1x DEBUG failed to initialize UMI ERROR
pnacSuppRegisterUserInfo: not a valid pnacPhyPortParamSet:invalid
AC DEBUG arguments ERROR
pnacPhyPortParamSet:Failed to
pnacIfConfig: autoAuth Enabled DEBUG create socket ERROR
Error from
pnacSendRtn: no pnac port pae found pnacPhyPortParamSet:%s-device
for " DEBUG invalid ERROR
Error from
pnacPhyPortParamSet:%s-Getting
sending portStatus: %s[%d] to dot11 DEBUG MAC address " ERROR
273
pnacRecvASInfoMessage: Rkey of pnacPhyPortParamSet:Failed to add

length %d set DEBUG 802.1X multicast " ERROR
pnacIsInterfaceUp: failed to create a
ASSendRtn: %p ASToAuthRecv: %p DEBUG raw socket ERROR
adpRand failed:unable to generate pnacIsInterfaceUp: failed to get
random unicast key WARN interface flags ERROR
using group key as unicast key WARN failed to allocate buffer ERROR
Integrity check failed more than once in
last 60 secs. WARN UMI initialization failed ERROR
MIC failed twice in last 60 secs, taking
countermeasures WARN UMI initialization failed ERROR
Error from pnacEapDemoAuthLibInit:
Failed to set dot11 port status WARN malloc failed ERROR
Error from pnacEapDemoAuthRecv:
PTK state machine in NO_STATE. WARN received null EAP pkt ERROR
Error from pnacEapDemoAuthRecv:
PTK state machine in NO_STATE!! WARN send " ERROR
Error from pnacRadXlateASAdd:
PMKSA refcount not 1 WARN cannot open socket ERROR
IV verification failednknown subtype> WARN received null EAP pkt ERROR
pnacIfConfig: overwriting previous From pnacRadXlateDemoRecv: send
interface " WARN " ERROR
pnacIfConfig: overwriting previous " WARN RADIUS " ERROR
pnacIfConfig: overwriting previous Error from pnacRadXlateDemoRecv:
username" WARN RADIUS " ERROR
Error from
pnacIfConfig: overwriting previous pnacRadXlateRadIdRespSend: send
password" WARN to failed ERROR
Error from
pnacRadXlateRadNonIdRespSend:
%s: Failed to set port status WARN send to failed ERROR
Error from
pnacRadXlateRadRecvProc:
%s: Failed to notify event to dot11 WARN recvfrom failed ERROR
From
pnacLibDeinit: Failed to destroy the pnacRadXlateRadPktIntegrityChk: no
phyPort:%s WARN corresponding " ERROR
Error from
pnacPortPaeDeconfig:kpnacPortPaeDe pnacRadXlateRadPktIntegrityChk: no
config failed WARN message " ERROR
pnacPortPaeDeconfig:kpnacPortPaeDe Error from
config failed WARN pnacRadXlateRadPktIntegrityChk: " ERROR
From
pnacBackAuthSuccess: failed to notify pnacRadXlateRadChalPktHandle: no
the destination " WARN encapsulated eap " ERROR
Error from
pnacRadXlateRadChalPktHandle:
could not initialize MGMT framework ERROR malloc for eap " ERROR
Error from
pnacEapDemoSuppUserInfoRegister:
umiInit failed ERROR invalid " ERROR
Error from pnacEapDemoSuppRecv:
iappInit failed ERROR received null EAP pkt ERROR
could not initialize IAPP MGMT. ERROR send ptr to pnac supplicant" ERROR
From pnacEapDemoSuppRecv: user
dot11Malloc failed ERROR info not entered yet ERROR
274

buffer length not specified ERROR couldn't " ERROR
MDString: adpDigestInit for md5
Invalid length(%d) specified ERROR failed ERROR
Failed to get information about
authorized AP list. ERROR pnacUmiInit: UMI initialization failed ERROR
Recd IE data for non-existent AP %s ERROR could not start PNAC task ERROR
Recd IE data for wrong AP %s ERROR invalid aruments ERROR
Received Invalid IE data from WSC ERROR pnacIfNameToIndex failed ERROR
pnacPhyPortParamSet: device invalid
Recd IE data for non-existent AP %s ERROR %s%d ERROR
Recd WSC Start command without pnacPhyPortParamSet: EIOCGADDR
interface name ERROR ioctl failed ERROR
pnacPhyPortParamSet: multicast
Recd WSC start for non-existent AP %s ERROR addr add ioctl failed ERROR
pnacPhyPortParamUnset: multicast
Recd WSC start for wrong AP %s ERROR addr del ioctl failed ERROR
Unable to send
WSC_WLAN_CMD_PORT to WSC ERROR pnacPDUXmit: Invalid arguments ERROR
pnacPDUXmit: failed to get
Failed to get the ap context for %s ERROR M_BLK_ID ERROR
WPS can only be applied to from pnacIsInterfaceUp: device
WPA/WPA2 security profiles ERROR %s%d invalid ERROR
pnacRecvRtn: dropping received
wpsEnable: running wsccmd failed ERROR packet as port is" ERROR
Failed to get the ap context for %s ERROR pnacSendRtn: Invalid arguments ERROR
WPS conf. under non WPA/WPA2 pnacSendRtn: no physical port
security setting ERROR corresponding to" ERROR
Failed to reset the Beacon Frame IE in pnacSendRtn: dropping packet as
the driver ERROR port" ERROR
Failed to reset the Beacon Frame IE in pnacAuthBuildRC4KeyDesc:
the driver ERROR adpEncryptInit(RC4) failed ERROR
pnacAuthBuildRC4KeyDesc:
WPS method cannot be NULL ERROR adpCipherContextCtrl" ERROR
PIN value length should be a multiple of pnacDot11UserSet: incorrect buffer
4 !! ERROR length ERROR
Failed to initiate PIN based association,
PIN = %s ERROR PNAC user component id not set. ERROR
Failed to initiate PBC based enrolle pnacKeyInfoGet:failed to allocate
association ERROR buffer ERROR
Invalid association mode. (Allowed PNAC user comp id not set. dropping
modes : PIN/PBC) ERROR EAPOL key pkt ERROR
pnacUmiPortPaeParamSet: invalid
wpsEnable: running wsccmd failed ERROR buffer received ERROR
Failed to send QUIT command to WSC Error from pnacRecvASInfoMessage:
from DOT11 ERROR " ERROR
Failed to clear off the WPS process ERROR pnacRecvASInfoMessage: " ERROR
pnacRecvASInfoMessage: Bad info
missing profile name ERROR length ERROR
A profile exists with the same name ERROR Error from pnacLibInit: malloc failed ERROR
Error in allocating memory for profile ERROR could not create phy ports lock ERROR
missing profile name ERROR could not create nodes ports lock ERROR
missing profile name ERROR port exists for iface - %s ERROR
Profile name and interface name must
be specified ERROR pnacPhyPortCreate failed ERROR
Profile %s does not exist ERROR kpnacPhyPortCreate failed ERROR
275
Could not set profile %s on the interface

%s ERROR invalid argument ERROR
pnacAuthConfig: maxAuth limit
missing profile name ERROR reached ERROR
Profile %s does not exist ERROR pnacAuthConfig: malloc failed ERROR
Error from pnacAuthConfig: pAsArg
Profile %s does not exist ERROR cannot be NULL ERROR
Error from pnacAuthConfig: receive
SSID should not be longer than %d ERROR routine hook " ERROR
Profile %s does not exist ERROR pnacAuthConfig: pnacAuthInit failed ERROR
Profile %s does not exist ERROR kpnacPortPaeConfig failed ERROR
Profile %s does not exist ERROR Invalid arguments ERROR
Error from pnacSuppConfig: malloc
Profile %s does not exist ERROR failed ERROR
Error from pnacSuppConfig: receive
Profile %s does not exist ERROR routine hook " ERROR
Error from pnacSuppConfig:
Profile %s does not exist ERROR pnacSuppInit failed ERROR
SSID not set. SSID is needed to
generate password hash ERROR kpnacPortPaeConfig failed ERROR
pnacAuthDeconfig failed: pPortPae
Password string too big ERROR NULL ERROR
Error from pnacPhyPortDestroy: port
dot11Malloc failed ERROR not configured ERROR
pnacPhyPortDestroy: Failed to
Profile %s does not exist ERROR deconfigure port ERROR
Hex string should only have %d hex
chars ERROR pnacPhyPortParamUnset FAILED ERROR
Error from pnacPhyPortCreate:
dot11Malloc failed ERROR malloc failed ERROR
Error from pnacPhyPortCreate:
Profile %s does not exist ERROR pnacPhyPortParamSet" ERROR
invalid key index %d. key index should error from pnacPhyPortCreate:
be 0-3. ERROR malloc failed ERROR
Error from pnacAuthInit:
wepKey length incorrect ERROR pnacPortTimersInit failed ERROR
Profile %s does not exist ERROR pnacAuthPAEInit failed ERROR
Invalid Cipher type %d ERROR pnacAuthKeyTxInit failed ERROR
Profile supports WEP stas,Group cipher Error from pnacAuthInit:
must be WEP ERROR pnacReauthTimerInit failed ERROR
Profile %s does not exist ERROR pnacBackAuthInit failed ERROR
Profile %s does not exist ERROR pnacCtrlDirInit failed ERROR
Profile %s does not exist ERROR pnacKeyRecvInit failed ERROR
invalid pairwise cipher type %d ERROR Error from pnacSuppInit: malloc failed ERROR
Error from pnacSuppInit:
Cipher %s is already in the list. ERROR pnacPortTimersInit failed ERROR
Profile %s does not exist ERROR pnacKeyRecvInit failed ERROR
Invalid Cipher type %d ERROR pnacSuppKeyTxInit failed ERROR
Cipher %s not found in the list. ERROR pnacSuppPAEInit failed ERROR
276
Error from pnacRecvRtn: invalid

Profile %s does not exist ERROR arguments ERROR
Error from pnacRecvMapi:
Profile %s does not exist ERROR unsupported PDU received ERROR
Auth method %s is already in the list ERROR suppToACSendRtn returned not OK! ERROR
Error from pnacBasicPktCreate:
Profile %s does not exist ERROR malloc failed ERROR
Error from pnacEAPPktCreate: basic
Auth method %s not found in the list. ERROR pkt create failed ERROR
Error from pnacTxCannedFail: eap
Profile %s does not exist ERROR pkt create failed ERROR
Error from pnacTxCannedSuccess:
Profile %s does not exist ERROR eap pkt create failed ERROR
Error from pnacTxReqId: eap pkt
Profile %s does not exist ERROR create failed ERROR
invalid type value %d. supported values Error from pnacTxReq: eap pkt create
are 1,2,3,4 ERROR failed ERROR
Error from pnacSendRespToServer:
Profile %s does not exist ERROR malloc failed ERROR
invalid type value %d. supported values Error from pnacSendRespToServer:
are 1,2,3,4 ERROR no AS configured ERROR
Error from pnacTxStart: basic pkt
invalid type value %d. supported values Error from pnacTxStart: basic pkt
are 1,2,3,4 ERROR create failed ERROR
Error from pnacTxRspId: eap pkt
invalid type value %d. supported values Error from pnacTxRspAuth: eap pkt
are 1,2,3,4 ERROR create failed ERROR
Error from pnacEapPktRecord: EAP
Profile %s does not exist ERROR packet too" ERROR
invalid type value %d. supported values
are 1,2,3,4 ERROR Error from pnacEapPktRecord: " ERROR
from pnacBackAuthTimeout: calling
Profile %s does not exist ERROR pnacTxCannedFail ERROR
ERROR: incomplete DB update hmac_md5: adpHmacContextCreate
information. ERROR failed ERROR
rows ERROR hmac_md5:adpHmacInit failed ERROR
pnacUmiIoctlHandler: invalid cmd:
sqlite3QueryResGet failed ERROR %d ERROR
pnacEapRadAuthSend: Invalid
Error in executing DB update handler ERROR arguments ERROR
pnacEapRadAuthSend: failed to
sqlite3QueryResGet failed ERROR allocate inbuffer ERROR
ERROR: incomplete DB update
information. ERROR pnacXmit : umiIoctl failed[%d] ERROR
rows ERROR pnacPDUForward: Invalid input ERROR
pnacPDUForward: error in getting
sqlite3QueryResGet failed ERROR port pae information ERROR
pnacPDUForward: error allocating
Error in executing DB update handler ERROR memory ERROR
pnacUmiIfMacAddrChange: %s not
sqlite3QueryResGet failed.Query:%s ERROR configured for 802.1x ERROR
pnacUmiIfMacAddrChange: could not
sqlite3QueryResGet failed.Query:%s ERROR process PDU received" ERROR
pnacUmiPhyPortConfig: Invalid config
sqlite3QueryResGet failed.Query:%s ERROR data ERROR
277
pnacUmiPhyPortConfig: Invalid
sqlite3QueryResGet failed.Query:%s ERROR backend name specified ERROR
pnacUmiPhyPortConfig: could not
startStopVap failed to stop %s ERROR create PNAC physical" ERROR
pnacUmiAuthConfig: Invalid config
Invalid SQLITE operation code - %d ERROR data ERROR
./src/dot11/mgmt/dot11Mgmt.c:1177: pnacUmiAuthConfig: Invalid backend
ADP_ERROR ( ERROR name specified ERROR
only delete event expected on
dot11RogueAP. ERROR unable to create new EAP context. ERROR
unable to apply %s profile on the EAP
sqlite3QueryResGet failed ERROR context. ERROR
pnacUmiAuthConfig: could not
unhandled database operation %d ERROR configure PNAC PAE " ERROR
pnacUmiSuppConfig: Invalid config
sqlite3QueryResGet failed ERROR data ERROR
pnacUmiSuppConfig: Invalid backend
failed to configure WPS on %s ERROR name specified ERROR
pnacUmiSuppConfig: %s not
sqlite3QueryResGet failed ERROR configured for 802.1x ERROR
pnacUmiSuppConfig: could not
sqlite3QueryResGet failed ERROR PNAC port Access" ERROR
pnacUmiSuppConfig: Failed to
sqlite3QueryResGet failed ERROR register user information ERROR
pnacPortByMacDeconfig: port not
sqlite3QueryResGet failed ERROR found ERROR
pnacPortByMacDeconfig: port not
sqlite3QueryResGet failed ERROR found ERROR
no VAP rows returned. expected one ERROR pnacUmiIfDown: Invalid config data ERROR
multiple VAP rows returned. expected
one ERROR pnacUmiIfDown: Invalid config data ERROR
Error from pnacPortDeconfig: port not
sqlite3QueryResGet failed ERROR configured ERROR
invalid query result. ncols=%d pnacUmiIfDown: could not de-
nrows=%d ERROR configure port ERROR
pnacUmiPhyPortDestroy: Invalid
%s:VAP(%s) create failed ERROR config data ERROR
pnacUmiPhyPortDestroy: Invalid
sqlite3QueryResGet failed ERROR config data ERROR
invalid query result. ncols=%d pnacUmiPhyPortDestroy: Failed to
nrows=%d ERROR destroy the port ERROR
Invalid config data ERROR
Facility: Kernel

DNAT: multiple ranges no longer
supported DEBUG %s: %s%s:%d -> %s:%d %s, DEBUG
DNAT: Target size %u wrong for %u
ranges, DEBUG %s: %s%s:%d %s, DEBUG
%s: Failed to add WDS MAC: %s,
DNAT: wrong table %s, tablename DEBUG dev->name, DEBUG
DNAT: hook mask 0x%x bad, %s: Device already has WDS mac
hook_mask DEBUG address attached, DEBUG
%s%d: resetting MPPC/MPPE %s: Added WDS MAC: %s, dev-
compressor, DEBUG >name, DEBUG
278
%s: WDS MAC address %s is not

%s%d: wrong offset value: %d, DEBUG known by this interface, DEBUG
%s%d: wrong length of match value: [madwifi] %s() : Not enough space.,
%d, DEBUG __FUNCTION__ DEBUG
%s%d: too big offset value: %d, DEBUG Returning to chan %d, ieeeChan DEBUG
%s%d: cannot decode offset value, DEBUG WEP DEBUG
%s%d: wrong length code: 0x%X, DEBUG AES DEBUG
%s%d: short packet (len=%d),
__FUNCTION__, DEBUG AES_CCM DEBUG
%s%d: bad sequence number: %d,
expected: %d, DEBUG CKIP DEBUG
expected: %d, DEBUG TKIP DEBUG
%s: cannot map channel to mode;
PPPIOCDETACH file->f_count=%d, DEBUG freq %u flags 0x%x, DEBUG
PPP: outbound frame not passed DEBUG %s: %s, vap->iv_dev->name, buf DEBUG
PPP: VJ decompression error DEBUG %s: [%s] %s, vap->iv_dev->name, DEBUG
%s: [%s] %s, vap->iv_dev->name,
PPP: inbound frame not passed DEBUG ether_sprintf(mac), buf DEBUG
[%s:%s] discard %s frame, %s, vap-
PPP: reconstructed packet DEBUG >iv_dev->name, DEBUG
[%s:%s] discard frame, %s, vap-
PPP: no memory for DEBUG >iv_dev->name, DEBUG
[%s:%s] discard %s information
missed pkts %u..%u, DEBUG element, %s, DEBUG
%s%d: resetting MPPC/MPPE [%s:%s] discard information element,
compressor, DEBUG %s, DEBUG
[%s:%s] discard %s frame, %s, vap-
%s%d: wrong offset value: %d, DEBUG >iv_dev->name, DEBUG
%s%d: wrong length of match value: [%s:%s] discard frame, %s, vap-
%d, DEBUG >iv_dev->name, DEBUG
%s%d: too big offset value: %d, DEBUG ifmedia_add: null ifm DEBUG
%s%d: cannot decode offset value, DEBUG Adding entry for DEBUG
%s%d: wrong length code: 0x%X, DEBUG ifmedia_set: no match for 0x%x/0x%x, DEBUG
%s%d: short packet (len=%d),
__FUNCTION__, DEBUG ifmedia_set: target DEBUG
expected: %d, DEBUG ifmedia_set: setting to DEBUG
%s%d: bad sequence number: %d, ifmedia_ioctl: no media found for
expected: %d, DEBUG 0x%x, DEBUG
ifmedia_ioctl: switching %s to , dev-
PPPIOCDETACH file->f_count=%d, DEBUG >name DEBUG
PPP: outbound frame not passed DEBUG ifmedia_match: multiple match for DEBUG
PPP: VJ decompression error DEBUG <unknown type> DEBUG
PPP: inbound frame not passed DEBUG desc->ifmt_string DEBUG
PPP: reconstructed packet DEBUG mode %s, desc->ifmt_string DEBUG
PPP: no memory for DEBUG <unknown subtype> DEBUG
missed pkts %u..%u, DEBUG %s, desc->ifmt_string DEBUG
%s: INC_USE_COUNT, now %d,
__FUNCTION__, mod_use_count \ DEBUG %s%s, seen_option++ ? , : , DEBUG
%s: DEC_USE_COUNT, now %d,
__FUNCTION__, mod_use_count \ DEBUG %s%s, seen_option++ ? , : , DEBUG
PPPOL2TP %s: _fmt, DEBUG %s, seen_option ? > : DEBUG
279
PPPOL2TP: --> %s, __FUNCTION__) DEBUG %s: %s, dev->name, buf DEBUG
%s: no memory for sysctl table!,
PPPOL2TP: <-- %s, __FUNCTION__) DEBUG __func__ DEBUG
%s: no memory for VAP name!,
%s: recv: , tunnel->name DEBUG __func__ DEBUG
%s: failed to register sysctls!, vap-
%s: xmit:, session->name DEBUG >iv_dev->name DEBUG
%s: no memory for new proc entry
%s: xmit:, session->name DEBUG (%s)!, __func__, DEBUG
%s: module use_count is %d,
__FUNCTION__, mod_use_count DEBUG %s: 0x%p len %u, tag, p, len DEBUG
PPPOL2TP %s: _fmt, DEBUG %03d:, i DEBUG
PPPOL2TP: --> %s, __FUNCTION__) DEBUG %02x, ((u_int8_t *)p)[i] DEBUG
PPPOL2TP: <-- %s, __FUNCTION__) DEBUG first difference at byte %u, i DEBUG
%s: recv: , tunnel->name DEBUG %s: , t->name DEBUG
FAIL: ieee80211_crypto_newkey
%s: xmit:, session->name DEBUG failed DEBUG
%s: xmit:, session->name DEBUG FAIL: ieee80211_crypto_setkey failed DEBUG
PPPOL2TP %s: _fmt, DEBUG FAIL: unable to allocate skbuff DEBUG
PPPOL2TP: --> %s, __FUNCTION__) DEBUG FAIL: wep decap failed DEBUG
PPPOL2TP: <-- %s, __FUNCTION__) DEBUG FAIL: decap botch; length mismatch DEBUG
FAIL: decap botch; data does not
%s: recv: , tunnel->name DEBUG compare DEBUG
%s: xmit:, session->name DEBUG FAIL: wep encap failed DEBUG
%s: xmit:, session->name DEBUG FAIL: encap data length mismatch DEBUG
IRQ 31 is triggered DEBUG FAIL: encrypt data does not compare DEBUG
[%s:%d] , __func__, __LINE__\ DEBUG PASS DEBUG
\t[R%s %#0x %#0x 0x%08x%08x],
(status == ERROR ? # : ), page, addr,
(uint32_t)(*pValue >> 32), %u of %u 802.11i WEP test vectors
(uint32_t)(*pValue & 0xffffffff) DEBUG passed, pass, total DEBUG
\t[W%s %#0x %#0x 0x%08x%08x],
(status == ERROR ? # : ), page, addr,
(uint32_t)(value >> 32),
(uint32_t)(value & 0xffffffff) DEBUG %s: 0x%p len %u, tag, p, len DEBUG
%s: mac_add
%02X:%02X:%02X:%02X:%02X:%02X
, dev->name, addr[0], addr[1], addr[2],
addr[3], addr[4], addr[5] DEBUG %03d:, i DEBUG
%s: mac_del
%02X:%02X:%02X:%02X:%02X:%02X
addr[3], addr[4], addr[5] DEBUG %02x, ((u_int8_t *)p)[i] DEBUG
%s: mac_kick
%02X:%02X:%02X:%02X:%02X:%02X
addr[3], addr[4], addr[5] DEBUG first difference at byte %u, i DEBUG
%s: mac_undefined
%02X:%02X:%02X:%02X:%02X:%02X
addr[3], addr[4], addr[5] DEBUG %s: , t->name DEBUG
%s: addr_add
%02X:%02X:%02X:%02X:%02X:%02X
, dev->name, addr[0], addr[1], addr[2], FAIL: ieee80211_crypto_newkey
addr[3], addr[4], addr[5] DEBUG failed DEBUG
280
%s: addr_del
%02X:%02X:%02X:%02X:%02X:%02X
addr[3], addr[4], addr[5] DEBUG FAIL: ieee80211_crypto_setkey failed DEBUG
%s: mac_undefined
%02X:%02X:%02X:%02X:%02X:%02X
addr[3], addr[4], addr[5] DEBUG FAIL: unable to allocate skbuff DEBUG
%s: set_float %d;%d, DEBUG FAIL: ccmp encap failed DEBUG
IRQ 32 is triggered DEBUG FAIL: encap data length mismatch DEBUG
ip_finish_output2: No header cache
and no neighbour! DEBUG FAIL: encrypt data does not compare DEBUG
a guy asks for address mask. Who is
it? DEBUG FAIL: ccmp decap failed DEBUG
icmp v4 hw csum failure) DEBUG FAIL: decap botch; length mismatch DEBUG
FAIL: decap botch; data does not
expire>> %u %d %d %d, expire, DEBUG compare DEBUG
expire++ %u %d %d %d, expire, DEBUG PASS DEBUG
rt_cache @%02x: %u.%u.%u.%u, %u of %u 802.11i AES-CCMP test
hash, DEBUG vectors passed, pass, total DEBUG
rt_bind_peer(0) @%p,
NET_CALLER(iph) DEBUG %s: 0x%p len %u, tag, p, len DEBUG
ip_rt_advice: redirect to DEBUG %03d:, i DEBUG
ip_rt_bug: %u.%u.%u.%u ->
%u.%u.%u.%u, %s, DEBUG %02x, ((u_int8_t *)p)[i] DEBUG
udp cork app bug 2) DEBUG first difference at byte %u, i DEBUG
udp cork app bug 3) DEBUG ieee80211_crypto_newkey failed DEBUG
udp v4 hw csum failure.) DEBUG ieee80211_crypto_setkey failed DEBUG
UDP: short packet: From
%u.%u.%u.%u:%u %d/%d to
%u.%u.%u.%u:%u, DEBUG unable to allocate skbuff DEBUG
UDP: bad checksum. From
%d.%d.%d.%d:%d to
%d.%d.%d.%d:%d ulen %d, DEBUG tkip enmic failed DEBUG
%s: lookup policy [list] found=%s, DEBUG enmic botch; length mismatch DEBUG
%s: called: [output START],
__FUNCTION__ DEBUG enmic botch DEBUG
%s: flow dst=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl4_dst, family) DEBUG tkip encap failed DEBUG
%s: flow src=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl4_src, family) DEBUG encrypt phase1 botch DEBUG
%s: flow dst=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl6_dst, family) DEBUG encrypt data length mismatch DEBUG
%s: flow src=%s, __FUNCTION__,
XFRMSTRADDR(fl->fl6_src, family) DEBUG encrypt data does not compare DEBUG
it? DEBUG tkip decap failed DEBUG
icmp v4 hw csum failure) DEBUG decrypt phase1 botch DEBUG
expire>> %u %d %d %d, expire, DEBUG decrypt data does not compare DEBUG
expire++ %u %d %d %d, expire, DEBUG decap botch; length mismatch DEBUG
rt_cache @%02x: %u.%u.%u.%u,
hash, DEBUG decap botch; data does not compare DEBUG
NET_CALLER(iph) DEBUG tkip demic failed DEBUG
281
ip_rt_advice: redirect to DEBUG 802.11i TKIP test vectors passed DEBUG

%u.%u.%u.%u, %s, DEBUG %s, buf DEBUG
%u.%u.%u.%u:%u %d/%d to Atheros HAL assertion failure: %s:
%u.%u.%u.%u:%u, DEBUG line %u: %s, DEBUG
%d.%d.%d.%d:%d to ath_hal: logging to %s %s,
%d.%d.%d.%d:%d ulen %d, DEBUG ath_hal_logfile, DEBUG
it? DEBUG ath_hal: logging disabled DEBUG
fib_add_ifaddr: bug: prim == NULL DEBUG %s%s, sep, ath_hal_buildopts[i] DEBUG
ath_pci: No devices found, driver not
fib_del_ifaddr: bug: prim == NULL DEBUG installed. DEBUG
expire>> %u %d %d %d, expire, DEBUG _fmt, __VA_ARGS__ DEBUG
%s: Warning, using only %u entries in
expire++ %u %d %d %d, expire, DEBUG %u key cache, DEBUG
rt_cache @%02x: %u.%u.%u.%u, %s: TX99 support enabled, dev-
hash, DEBUG >name DEBUG
%s:grppoll Buf allocation failed
rt_bind_peer(0) @%p, DEBUG ,__func__ DEBUG
ip_rt_advice: redirect to DEBUG %s: %s: unable to start recv logic, DEBUG
%u.%u.%u.%u, %s, DEBUG %s: %s: unable to start recv logic, DEBUG
%s: lookup policy [list] found=%s, DEBUG %s: no skbuff, __func__ DEBUG
%s: called: [output START], %s: hardware error; resetting, dev-
__FUNCTION__ DEBUG >name DEBUG
%s: flow dst=%s, __FUNCTION__, %s: rx FIFO overrun; resetting, dev-
XFRMSTRADDR(fl->fl4_dst, family) DEBUG >name DEBUG
%s: flow src=%s, __FUNCTION__, %s: unable to reset hardware: '%s'
XFRMSTRADDR(fl->fl4_src, family) DEBUG (HAL status %u) DEBUG
%s: flow dst=%s, __FUNCTION__, %s: unable to start recv logic, dev-
XFRMSTRADDR(fl->fl6_dst, family) DEBUG >name DEBUG
%s: flow src=%s, __FUNCTION__, %s: %s: unable to reset hardware:
XFRMSTRADDR(fl->fl6_src, family) DEBUG '%s' (HAL status %u), DEBUG
it? DEBUG %s: %s: unable to start recv logic, DEBUG
icmp v4 hw csum failure) DEBUG ath_mgtstart: discard, no xmit buf DEBUG
%s: [%02u] %-7s , tag, ix, ciphers[hk-
expire>> %u %d %d %d, expire, DEBUG >kv_type] DEBUG
expire++ %u %d %d %d, expire, DEBUG %02x, hk->kv_val[i] DEBUG
rt_cache @%02x: %u.%u.%u.%u,
hash, DEBUG mac %s, ether_sprintf(mac) DEBUG
NET_CALLER(iph) DEBUG %s , sc->sc_splitmic ? mic : rxmic DEBUG
ip_rt_advice: redirect to DEBUG %02x, hk->kv_mic[i] DEBUG
%u.%u.%u.%u, %s, DEBUG txmic DEBUG
%u.%u.%u.%u:%u %d/%d to
%u.%u.%u.%u:%u, DEBUG %02x, hk->kv_txmic[i] DEBUG
%d.%d.%d.%d:%d to %s: unable to update h/w beacon
%d.%d.%d.%d:%d ulen %d, DEBUG queue parameters, DEBUG
REJECT: ECHOREPLY no longer %s: stuck beacon; resetting (bmiss
supported. DEBUG count %u), DEBUG
282
ipt_rpc: only valid for PRE_ROUTING,

FORWARD, POST_ROUTING,
LOCAL_IN and/or LOCAL_OUT
targets. DEBUG move data from NORMAL to XR DEBUG
moved %d buffers from NORMAL to
ip_nat_init: can't setup rules. DEBUG XR, index DEBUG
ip_nat_init: can't register in hook. DEBUG move buffers from XR to NORMAL DEBUG
moved %d buffers from XR to
ip_nat_init: can't register out hook. DEBUG NORMAL, count DEBUG
ip_nat_init: can't register adjust in %s:%d %s, __FILE__, __LINE__,
hook. DEBUG __func__ DEBUG
ip_nat_init: can't register adjust out %s:%d %s, __FILE__, __LINE__,
ip_nat_init: can't register local out %s: no buffer (%s), dev->name,
%s: no skbuff (%s), dev->name,
ip_nat_init: can't register local in hook. DEBUG __func__ DEBUG
%s: HAL qnum %u out of range, max
ipt_hook: happy cracking. DEBUG %u!, DEBUG
ip_conntrack: can't register pre-routing grppoll_start: grppoll Buf allocation
defrag hook. DEBUG failed DEBUG
ip_conntrack: can't register local_out %s: HAL qnum %u out of range, max
defrag hook. DEBUG %u!, DEBUG
ip_conntrack: can't register pre-routing
hook. DEBUG %s: AC %u out of range, max %u!, DEBUG
ip_conntrack: can't register local out
hook. DEBUG %s: unable to update hardware queue DEBUG
ip_conntrack: can't register local in %s: bogus frame type 0x%x (%s),
helper hook. DEBUG dev->name, DEBUG
ip_conntrack: can't register postrouting
helper hook. DEBUG ath_stoprecv: rx queue 0x%x, link %p, DEBUG
ip_conntrack: can't register post- %s: %s: unable to reset channel %u
routing hook. DEBUG (%u MHz) DEBUG
ip_conntrack: can't register local in
hook. DEBUG %s: %s: unable to restart recv logic, DEBUG
%s: unable to allocate channel table,
ip_conntrack: can't register to sysctl. DEBUG dev->name DEBUG
ip_conntrack_rtsp v %s: unable to allocate channel table,
IP_NF_RTSP_VERSION loading DEBUG dev->name DEBUG
ip_conntrack_rtsp: max_outstanding %s: unable to collect channel list from
must be a positive integer DEBUG HAL; DEBUG
ip_conntrack_rtsp: setup_timeout must R (%p %llx) %08x %08x %08x %08x
be a positive integer DEBUG %08x %08x %c, DEBUG
ip_conntrack_rtsp: ERROR registering T (%p %llx) %08x %08x %08x %08x
port %d, ports[i] DEBUG %08x %08x %08x %08x %c, DEBUG
ip_nat_rtsp v IP_NF_RTSP_VERSION %s: no memory for sysctl table!,
loading DEBUG __func__ DEBUG
%s: Sorry! Cannot find this match %s: no memory for device name
option., __FILE__ DEBUG storage!, __func__ DEBUG
%s: failed to register sysctls!, sc-
ipt_time loading DEBUG >sc_dev->name DEBUG
%s: mac %d.%d phy %d.%d, dev-
ipt_time unloaded DEBUG >name, DEBUG
ip_conntrack_irc: max_dcc_channels 5 GHz radio %d.%d 2 GHz radio
must be a positive integer DEBUG %d.%d, DEBUG
ip_conntrack_irc: ERROR registering radio %d.%d, ah-
port %d, DEBUG >ah_analog5GhzRev >> 4, DEBUG
283
ip_nat_h323: radio %d.%d, ah-

ip_nat_mangle_tcp_packet DEBUG >ah_analog5GhzRev >> 4, DEBUG
ip_nat_h323:
ip_nat_mangle_udp_packet DEBUG %s: Use hw queue %u for %s traffic, DEBUG
%s: Use hw queue %u for CAB traffic,
ip_nat_h323: out of expectations DEBUG dev->name, DEBUG
%s: Use hw queue %u for beacons,
ip_nat_h323: out of RTP ports DEBUG dev->name, DEBUG
Could not find Board Configuration
ip_nat_h323: out of TCP ports DEBUG Data DEBUG
Could not find Radio Configuration
ip_nat_q931: out of TCP ports DEBUG data DEBUG
ath_ahb: No devices found, driver not
ip_nat_ras: out of TCP ports DEBUG installed. DEBUG
ip_nat_q931: out of TCP ports DEBUG _fmt, __VA_ARGS__ DEBUG
ip_conntrack_core: Frag of proto %u., DEBUG _fmt, __VA_ARGS__ DEBUG
xlr8NatIpFinishOutput: Err.. skb2 ==
Broadcast packet! DEBUG NULL ! DEBUG
Should bcast: %u.%u.%u.%u- xlr8NatSoftCtxEnqueue: Calling
>%u.%u.%u.%u (sk=%p, ptype=%u), DEBUG xlr8NatIpFinishOutput () .., status DEBUG
xlr8NatSoftCtxEnqueue:
ip_conntrack version %s (%u buckets, xlr8NatIpFinishOutput () returned
%d max) DEBUG [%d], status DEBUG
ERROR registering port %d, DEBUG icmpExceptionHandler: Exception! DEBUG
netfilter PSD loaded - (c) astaro AG DEBUG fragExceptionHandler: Exception! DEBUG
netfilter PSD unloaded - (c) astaro AG DEBUG algExceptionHandler: Exception! DEBUG
%s , SELF DEBUG dnsExceptionHandler: Exception! DEBUG
%s , LAN DEBUG IPsecExceptionHandler: Exception! DEBUG
ESP Packet Src:%x Dest:%x
Sport:%d dport:%d secure:%d spi:%d
%s , WAN DEBUG isr:%p, DEBUG
xlr8NatConntrackPreHook: We found
TRUNCATED DEBUG the valid context, DEBUG
SRC=%u.%u.%u.%u xlr8NatConntrackPreHook: Not a
DST=%u.%u.%u.%u , DEBUG secured packet. DEBUG
LEN=%u TOS=0x%02X xlr8NatConntrackPreHook: isr=[%p],
PREC=0x%02X TTL=%u ID=%u , DEBUG pIsr DEBUG
FRAG:%u , ntohs(ih->frag_off) & xlr8NatConntrackPreHook:
IP_OFFSET DEBUG secure=[%d], secure DEBUG
Context found for ESP
TRUNCATED DEBUG %p,pFlowEntry->post.pIsr[0] DEBUG
xlr8NatConntrackPreHook: New
PROTO=TCP DEBUG connection. DEBUG
xlr8NatConntrackPostHook:
INCOMPLETE [%u bytes] , DEBUG postSecure=[%d] postIsr=[%p %p], DEBUG
proto %d spi %d <-------> proto %d spi
SPT=%u DPT=%u , DEBUG %d,pPktInfo->proto,pPktInfo->spi, DEBUG
SEQ=%u ACK=%u , DEBUG IPSEC_INF Clock skew detected DEBUG
IPSEC_ERR [%s:%d]: Max (%d) No
WINDOW=%u , ntohs(th->window) DEBUG of SA Limit reached, DEBUG
RES=0x%02x ,
(u8)(ntohl(tcp_flag_word(th) & IPSEC_ERR [%s:%d]: Max (%d) No
TCP_RESERVED_BITS) >> 22) DEBUG of SA Limit reached, DEBUG
URGP=%u , ntohs(th->urg_ptr) DEBUG IPSEC_ERR [%s:%d]: time(secs): %u DEBUG
284
ERROR: Failed to add entry to IPsec

TRUNCATED DEBUG sa table DEBUG
%02X, op[i] DEBUG sa table DEBUG
PROTO=UDP DEBUG sa table DEBUG
INCOMPLETE [%u bytes] , DEBUG sa table DEBUG
SPT=%u DPT=%u LEN=%u , DEBUG sa table DEBUG
SPT=%u DPT=%u LEN=%u , DEBUG sa table DEBUG
PROTO=ICMP DEBUG unknown oid '%s', varName DEBUG
could not find oid pointer for '%s',
INCOMPLETE [%u bytes] , DEBUG varName DEBUG
TYPE=%u CODE=%u , ich->type, ich-
>code DEBUG unRegistering IPsecMib ..... DEBUG
INCOMPLETE [%u bytes] , DEBUG sa table DEBUG
ID=%u SEQ=%u , DEBUG sa table DEBUG
PARAMETER=%u , DEBUG sa table DEBUG
GATEWAY=%u.%u.%u.%u , DEBUG sa table DEBUG
MTU=%u , ntohs(ich->un.frag.mtu) DEBUG sa table DEBUG
PROTO=AH DEBUG sa table DEBUG
INCOMPLETE [%u bytes] , DEBUG unknown oid '%s', varName DEBUG
could not find oid pointer for '%s',
SPI=0x%x , ntohl(ah->spi) DEBUG varName DEBUG
PROTO=ESP DEBUG unRegistering IPsecMib ..... DEBUG
. %u.%u.%u.%u, NIPQUAD(trt-
INCOMPLETE [%u bytes] , DEBUG >rt_dst) DEBUG
SPI=0x%x , ntohl(eh->spi) DEBUG %02x, *p DEBUG
PROTO=%u , ih->protocol DEBUG >rt_dst) DEBUG
UID=%u , skb->sk->sk_socket->file-
>f_uid DEBUG %02x, *p DEBUG
<%d>%sIN=%s OUT=%s , loginfo- . %u.%u.%u.%u, NIPQUAD(trt-
>u.log.level, DEBUG >rt_dst) DEBUG
level_string DEBUG %02x, *p DEBUG
%sIN=%s OUT=%s , DEBUG >rt_dst) DEBUG
%s , prefix == NULL ? loginfo->prefix :
prefix DEBUG %02x, *p DEBUG
unable to register vIPsec kernel comp
IN= DEBUG to UMI DEBUG
OUT= DEBUG unregistering VIPSECK from UMI .... DEBUG
PHYSIN=%s , physindev->name DEBUG in vIPsecKIoctlHandler cmd - %d, cmd DEBUG
%s: Error. DST Refcount value less
PHYSOUT=%s , physoutdev->name DEBUG than 1 (%d), DEBUG
for %s DEVICE refcnt: %d ,pDst-
MAC= DEBUG >dev->name, DEBUG
%s: Got Null m:%p *m:%p sa:%p
%02x%c, *p, DEBUG *sa:%p,__func__,ppBufMgr, DEBUG
285
%s Got Deleted SA:%p

NAT: no longer support implicit source state:%d,__func__,pIPsecInfo,pIPsecI
local NAT DEBUG nfo->state DEBUG
NAT: packet src %u.%u.%u.%u -> dst %s: %s: fmt, __FILE__,
%u.%u.%u.%u, DEBUG __FUNCTION__ , ## args) INFO
SNAT: multiple ranges no longer %s: %s: fmt, __FILE__,
supported DEBUG __FUNCTION__ , ## args) INFO
format,##args) DEBUG ipt_TIME: format, ## args) INFO
IPT_ACCOUNT_NAME : checkentry()
wrong parameters (not equals existing
version DEBUG table parameters). INFO
offset_before=%d, offset_after=%d,
correction_pos=%u, x->offset_before, IPT_ACCOUNT_NAME : checkentry()
x->offset_after, x->correction_pos DEBUG too big netmask. INFO
failed to allocate %zu for new table
%s., sizeof(struct
ip_ct_h323: DEBUG t_ipt_account_table), info->name INFO
ip_ct_h323: incomplete TPKT IPT_ACCOUNT_NAME : checkentry()
(fragmented?) DEBUG wrong network/netmask. INFO
account: Wrong netmask given by
netmask parameter (%i). Valid is 32 to
ip_ct_h245: decoding error: %s, DEBUG 0., netmask INFO
ip_ct_h245: packet dropped DEBUG failed to create procfs entry. INFO
ip_ct_q931: decoding error: %s, DEBUG failed to register match. INFO
ip_ct_q931: packet dropped DEBUG failed to create procfs entry . INFO
MPPE/MPPC encryption/compression
ip_ct_ras: decoding error: %s, DEBUG module registered INFO
ip_ct_ras: packet dropped DEBUG module unregistered INFO
PPP generic driver version
ERROR registering port %d, DEBUG PPP_VERSION INFO
ERROR registering port %d, DEBUG module registered INFO
ipt_connlimit [%d]:
src=%u.%u.%u.%u:%d MPPE/MPPC encryption/compression
dst=%u.%u.%u.%u:%d %s, DEBUG module unregistered INFO
ipt_connlimit [%d]:
src=%u.%u.%u.%u:%d PPP generic driver version
dst=%u.%u.%u.%u:%d new, DEBUG PPP_VERSION INFO
ipt_connlimit: Oops: invalid ct state ? DEBUG PPPoL2TP kernel driver, %s, INFO
ipt_connlimit: Hmm, kmalloc failed :-( DEBUG PPPoL2TP kernel driver, %s, INFO
ipt_connlimit: src=%u.%u.%u.%u
mask=%u.%u.%u.%u DEBUG PPPoL2TP kernel driver, %s, INFO
_lvl PPPOL2TP: _fmt, ##args DEBUG failed to create procfs entry . INFO
%02X, ptr[length] DEBUG proc dir not created .. INFO
%02X, ((unsigned char *) m-
>msg_iov[i].iov_base)[j] DEBUG Initialzing Product Data modules INFO
%02X, skb->data[i] DEBUG De initializing by \ INFO
_lvl PPPOL2TP: _fmt, ##args DEBUG kernel UMI module loaded INFO
%02X, ptr[length] DEBUG kernel UMI module unloaded INFO
>msg_iov[i].iov_base)[j] DEBUG Loading bridge module INFO
286
%02X, skb->data[i] DEBUG Unloading bridge module INFO

_lvl PPPOL2TP: _fmt, ##args DEBUG unsupported command %d, cmd INFO
%02X, ptr[length] DEBUG Loading ifDev module INFO
>msg_iov[i].iov_base)[j] DEBUG Unloading ifDev module INFO
ERROR#%d in alloc_chrdev_region,
%02X, skb->data[i] DEBUG result INFO
KERN_EMERG THE value read is
%d,value*/ DEBUG ERROR#%d in cdev_add, result INFO
KERN_EMERG Factory Reset button
is pressed DEBUG using bcm switch %s, bcmswitch INFO
KERN_EMERG Returing error in INTR privlegedID %d wanporttNo: %d,
registration DEBUG privlegedID,wanportNo INFO
KERN_EMERG Initialzing Factory
defaults modules DEBUG Loading mii INFO
pSipListNode DEBUG Unloading mii INFO
SIPALG: Memeory allocation failed for
pSipNodeEntryTbl DEBUG %s: Version 0.1 INFO
pkt-err %s, pktInfo.error DEBUG %s: driver unloaded, dev_info INFO
wlan: %s backend registered, be-
pkt-err %s, pktInfo.error DEBUG >iab_name INFO
pkt-err %s, pktInfo.error DEBUG wlan: %s backend unregistered, INFO
wlan: %s acl policy registered, iac-
%s Len=%d, msg, len DEBUG >iac_name INFO
wlan: %s acl policy unregistered, iac-
%02x , ((uint8_t *) ptr)[i] DEBUG >iac_name INFO
End DEBUG %s, tmpbuf INFO
CVM_MOD_EXP_BASE MISMATCH
cmd=%x base=%x, cmd, DEBUG VLAN2 INFO
op->sizeofptr = %ld, op->sizeofptr DEBUG VLAN3 INFO
opcode cmd = %x, cmd DEBUG VLAN4 <%d %d>, INFO
modexp opcode received DEBUG %s: %s, dev_info, version INFO
Memory Allocation failed DEBUG %s: driver unloaded, dev_info INFO
modexpcrt opcode received DEBUG %s, buf INFO
kmalloc failed DEBUG %s: %s (, dev_info, ath_hal_version INFO
kmalloc failed DEBUG %s: driver unloaded, dev_info INFO
%s: %s: mem=0x%lx, irq=%d
kmalloc failed DEBUG hw_base=0x%p, INFO
kmalloc failed DEBUG %s: %s, dev_info, version INFO
kmalloc Failed DEBUG %s: driver unloaded, dev_info INFO
kmalloc failed DEBUG %s: %s: mem=0x%lx, irq=%d, INFO
unknown cyrpto ioctl cmd received %x,
cmd DEBUG %s: %s: mem=0x%lx, irq=%d, INFO
register_chrdev returned ZERO DEBUG %s: %s, dev_info, version INFO
const char *descr, krb5_keyblock *k) { DEBUG %s: driver unloaded, dev_info INFO
F password, &pdata DEBUG %s, buf INFO
test key, key DEBUG %s: %s (, dev_info, ath_hal_version INFO
pre-hashed key, key DEBUG %s: driver unloaded, dev_info INFO
AES 128-bit key, &key DEBUG %s: Version 2.0.0 INFO
287
test key, key DEBUG %s: driver unloaded, dev_info INFO

wlan: %s backend registered, be-
pre-hashed key, key DEBUG >iab_name INFO
const char *descr, krb5_keyblock *k) { DEBUG wlan: %s backend unregistered, INFO
wlan: %s acl policy registered, iac-
128-bit AES key,&dk DEBUG >iac_name INFO
wlan: %s acl policy unregistered, iac-
256-bit AES key, &dk DEBUG >iac_name INFO
WARNING: DEBUG %s: %s, dev_info, version INFO
bwMonMultipathNxtHopSelect::
checking rates DEBUG %s: driver unloaded, dev_info INFO
hop :%d dev:%s usableBwLimit = %d
currBwShare = %d lastHopSelected =
%d weightedHopPrefer = %d , DEBUG %s: %s (, dev_info, ath_hal_version INFO
1. selecting hop: %d lastHopSelected =
%d , selHop, lastHopSelected DEBUG %s: driver unloaded, dev_info INFO
4. hop :%d dev:%s usableBwLimit =
%d currBwShare = %d
lastHopSelected = %d
weightedHopPrefer = %d , DEBUG %s: %s: mem=0x%lx, irq=%d, INFO
%d , selHop, lastHopSelected DEBUG %s: %s, dev_info, version INFO
%d , selHop, lastHopSelected DEBUG %s: driver unloaded, dev_info INFO
bwMonitor multipath selection enabled DEBUG ath_pci: switching rfkill capability %s, INFO
bwMonitor multipath selection disabled DEBUG Unknown autocreate mode: %s, INFO
weightedHopPrefer set to %d
,weightedHopPrefer DEBUG %s: %s: mem=0x%lx, irq=%d, INFO
bwMonitor sysctl registration failed DEBUG %s: %s, dev_info, version INFO
bwMonitor sysctl registered DEBUG %s: driver unloaded, dev_info INFO
bwMonitor sysctl not registered DEBUG %s: %s, dev_info, version INFO
Unregistered bwMonitor sysctl DEBUG %s: unloaded, dev_info INFO
CONFIG_SYSCTL enabled ... DEBUG %s: %s, dev_info, version INFO
Initialized bandwidth monitor ... DEBUG %s: unloaded, dev_info INFO
Removed bandwidth monitor ... DEBUG %s: %s, dev_info, version INFO
Oops.. AES_GCM_encrypt failed
(keylen:%u),key->cvm_keylen DEBUG %s: unloaded, dev_info INFO
Oops.. AES_GCM_decrypt failed
(keylen:%u),key->cvm_keylen DEBUG failed to create procfs entry . INFO
%s, msg DEBUG ICMP: %u.%u.%u.%u: INFO
%02x%s, data[i], DEBUG ICMP: %u.%u.%u.%u: Source INFO
Wrong address mask %u.%u.%u.%u
Failed to set AES encrypt key DEBUG from INFO
Redirect from %u.%u.%u.%u on %s
Failed to set AES encrypt key DEBUG about INFO
AES %s Encrypt Test Duration: IP: routing cache hash table of %u
%d:%d, hard ? Hard : Soft, DEBUG buckets, %ldKbytes, INFO
source route option %u.%u.%u.%u ->
Failed to set AES encrypt key DEBUG %u.%u.%u.%u, INFO
Failed to set AES encrypt key DEBUG ICMP: %u.%u.%u.%u: INFO
AES %s Decrypt Test Duration:
%d:%d, hard ? Hard : Soft, DEBUG ICMP: %u.%u.%u.%u: Source INFO
Failed to set AES encrypt key DEBUG from INFO
288

Failed to set AES encrypt key DEBUG about INFO
IP: routing cache hash table of %u
Failed to set AES encrypt key DEBUG buckets, %ldKbytes, INFO
Failed to set AES encrypt key DEBUG %u.%u.%u.%u, INFO
Failed to set DES encrypt key[%d], i DEBUG from INFO
Failed to set DES decrypt key[%d], i DEBUG about INFO
Failed to set DES encrypt key[%d], i DEBUG source route option INFO
Failed to set DES decrypt key[%d], i DEBUG ICMP: %u.%u.%u.%u: INFO
Failed to set DES encrypt key DEBUG ICMP: %u.%u.%u.%u: Source INFO
Failed to set DES decrypt key DEBUG from INFO
Failed to set DES encrypt key DEBUG about INFO
IP: routing cache hash table of %u
Failed to set DES decrypt key DEBUG buckets, %ldKbytes, INFO
AES Software Test: DEBUG %u.%u.%u.%u, INFO
AES Software Test %s, aesSoftTest(0) IPsec: device unregistering: %s, dev-
? Failed : Passed DEBUG >name INFO
AES Hardware Test: DEBUG IPsec: device down: %s, dev->name INFO
AES Hardware Test %s, WARNIN
aesHardTest(0) ? Failed : Passed DEBUG mark: only supports 32bit mark G
WARNIN
3DES Software Test: DEBUG ipt_time: invalid argument G
3DES Software Test %s, WARNIN
des3SoftTest(0) ? Failed : Passed DEBUG ipt_time: IPT_DAY didn't matched G
./Logs_kernel.txt:45:KERN_WARNIN WARNIN
3DES Hardware Test: DEBUG G G
3DES Hardware Test %s, ./Logs_kernel.txt:59:KERN_WARNIN WARNIN
des3HardTest(0) ? Failed : Passed DEBUG G G
ipt_LOG: not logging via system WARNIN
DES Software Test: DEBUG console G
DES Software Test %s, desSoftTest(0) %s: wrong options length: %u, fname, WARNIN
? Failed : Passed DEBUG opt_len G
%s: options rejected: o[0]=%02x, WARNIN
DES Hardware Test: DEBUG o[1]=%02x, G
DES Hardware Test %s, WARNIN
desHardTest(0) ? Failed : Passed DEBUG %s: wrong options length: %u, G
%s: options rejected: o[0]=%02x, WARNIN
SHA Software Test: DEBUG o[1]=%02x, G
SHA Software Test %s, shaSoftTest(0) %s: don't know what to do: WARNIN
? Failed : Passed DEBUG o[5]=%02x, G
%s: wrong options length: %u, fname, WARNIN
SHA Hardware Test: DEBUG opt_len G
SHA Hardware Test %s, %s: options rejected: o[0]=%02x, WARNIN
shaHardTest(0) ? Failed : Passed DEBUG o[1]=%02x, G
WARNIN
MD5 Software Test: DEBUG %s: wrong options length: %u, G
MD5 Software Test %s, %s: options rejected: o[0]=%02x, WARNIN
md5SoftTest(0) ? Failed : Passed DEBUG o[1]=%02x, G
%s: don't know what to do: WARNIN
MD5 Hardware Test: DEBUG o[5]=%02x, G
289
MD5 Hardware Test %s, *** New port %d ***, ntohs(expinfo- WARNIN
md5HardTest(0) ? Failed : Passed DEBUG >natport) G
WARNIN
AES Software Test: %d iterations, iter DEBUG ** skb len %d, dlen %d,(*pskb)->len, G
WARNIN
AES Software Test Duration: %d:%d, DEBUG ********** Non linear skb G
WARNIN
AES Hardware Test: %d iterations, iter DEBUG End of sdp %p, nexthdr G
WARNIN
AES Hardware Test Duration: %d:%d, DEBUG %s: unknown pairwise cipher %d, G
WARNIN
3DES Software Test: %d iterations, iter DEBUG %s: unknown group cipher %d, G
%s: unknown SIOCSIWAUTH flag WARNIN
3DES Software Test Duration: %d:%d, DEBUG %d, G
3DES Hardware Test: %d iterations, %s: unknown SIOCGIWAUTH flag WARNIN
iter DEBUG %d, G
3DES Hardware Test Duration: WARNIN
%d:%d, DEBUG %s: unknown algorithm %d, G
WARNIN
DES Software Test: %d iterations, iter DEBUG %s: key size %d is too large, G
WARNIN
DES Software Test Duration: %d:%d, DEBUG try_module_get failed \ G
WARNIN
DES Hardware Test: %d iterations, iter DEBUG %s: request_irq failed, dev->name G
WARNIN
DES Hardware Test Duration: %d:%d, DEBUG try_module_get failed G
WARNIN
SHA Software Test: %d iterations, iter DEBUG try_module_get failed \ G
WARNIN
SHA Software Test Duration: %d:%d, DEBUG %s: unknown pairwise cipher %d, G
WARNIN
SHA Hardware Test: %d iterations, iter DEBUG %s: unknown group cipher %d, G
%s: unknown SIOCSIWAUTH flag WARNIN
SHA Hardware Test Duration: %d:%d, DEBUG %d, G
%s: unknown SIOCGIWAUTH flag WARNIN
MD5 Software Test: %d iterations, iter DEBUG %d, G
WARNIN
MD5 Software Test Duration: %d:%d, DEBUG %s: unknown algorithm %d, G
WARNIN
MD5 Hardware Test: %d iterations, iter DEBUG %s: key size %d is too large, G
unable to load %s, WARNIN
MD5 Hardware Test Duration: %d:%d, DEBUG scan_modnames[mode] G
./pnac/src/pnac/linux/kernel/xcalibur.c:2 WARNIN
09:#define DEBUG_PRINTK printk DEBUG Failed to mkdir /proc/net/madwifi G
WARNIN
bcmDeviceInit: registration failed DEBUG try_module_get failed G
WARNIN
bcmDeviceInit: pCdev Add failed DEBUG %s: request_irq failed, dev->name G
too many virtual ap's (already got WARNIN
REG Size == 8 Bit DEBUG %d), sc->sc_nvaps G
Value = %x ::: At Page = %x : Addr = WARNIN
%x DEBUG %s: request_irq failed, dev->name G
rix %u (%u) bad ratekbps %u mode WARNIN
REG Size == 16 Bit DEBUG %u, G
Value = %x ::: At Page = %x : Addr = cix %u (%u) bad ratekbps %u mode WARNIN
%x DEBUG %u, G
WARNIN
REG Size == 32 Bit DEBUG %s: no rates for %s?, G
290
Value = %x ::: At Page = %x : Addr = no rates yet! mode %u, sc- WARNIN
%x DEBUG >sc_curmode G
WARNIN
REG Size == 64 Bit DEBUG %u.%u.%u.%u sent an invalid ICMP G
WARNIN
REG Size is not in 8/16/32/64 DEBUG dst cache overflow G
Written Value = %x ::: At Page = %x : WARNIN
Addr = %x DEBUG Neighbour table overflow. G
WARNIN
bcm_ioctl :Unknown Ioctl Case : DEBUG host %u.%u.%u.%u/if%d ignores G
=========Register Dump for Port martian destination %u.%u.%u.%u WARNIN
Number # %d=========,port DEBUG from G
%s : Read Status=%s WARNIN
data=%#x,regName[j], DEBUG martian source %u.%u.%u.%u from G
%s : Read Status=%s WARNIN
data=%#x,regName[j], DEBUG ll header: G
powerDeviceInit: device registration WARNIN
failed DEBUG %u.%u.%u.%u sent an invalid ICMP G
WARNIN
powerDeviceInit: adding device failed DEBUG dst cache overflow G
%s: Error: Big jump in pn number. WARNIN
TID=%d, from %x %x to %x %x. DEBUG Neighbour table overflow. G
%s: The MIC is corrupted. Drop this WARNIN
frame., __func__ DEBUG host %u.%u.%u.%u/if%d ignores G
%s: The MIC is OK. Still use this frame martian destination %u.%u.%u.%u WARNIN
and update PN., __func__ DEBUG from G
ADDBA send failed: recipient is not a WARNIN
11n node DEBUG martian source %u.%u.%u.%u from G
WARNIN
Cannot Set Rate: %x, value DEBUG ll header: G
Getting Rate Series: %x,vap- WARNIN
>iv_fixed_rate.series DEBUG %u.%u.%u.%u sent an invalid ICMP G
Getting Retry Series: %x,vap- WARNIN
>iv_fixed_rate.retries DEBUG dst cache overflow G
WARNIN
IC Name: %s,ic->ic_dev->name DEBUG Neighbour table overflow. G
usage: rtparams rt_idx <0|1> per WARNIN
<0..100> probe_intval <0..100> DEBUG host %u.%u.%u.%u/if%d ignores G
usage: acparams ac <0|3> RTS <0|1> WARNIN
aggr scaling <0..4> min mbps <0..250> DEBUG martian source %u.%u.%u.%u from G
usage: hbrparams ac <2> enable WARNIN
<0|1> per_low <0..50> DEBUG ll header: G
%s(): ADDBA mode is AUTO, martian destination %u.%u.%u.%u WARNIN
__func__ DEBUG from G
WARNIN
%s(): Invalid TID value, __func__ DEBUG %u.%u.%u.%u sent an invalid ICMP G
%s(): ADDBA mode is AUTO, WARNIN
__func__ DEBUG dst cache overflow G
WARNIN
%s(): Invalid TID value, __func__ DEBUG Neighbour table overflow. G
WARNIN
%s(): Invalid TID value, __func__ DEBUG host %u.%u.%u.%u/if%d ignores G
martian destination %u.%u.%u.%u WARNIN
Addba status IDLE DEBUG from G
%s(): ADDBA mode is AUTO, WARNIN
__func__ DEBUG martian source %u.%u.%u.%u from G
291
WARNIN
%s(): Invalid TID value, __func__ DEBUG ll header: G
Error in ADD- no node available DEBUG Unable to create ip_set_list ERROR
%s(): Channel capabilities do not
match, chan flags 0x%x, DEBUG Unable to create ip_set_hash ERROR
%s: cannot map channel to mode; freq ip_conntrack_in: Frag of proto %u
%u flags 0x%x, DEBUG (hook=%u), ERROR
ic_get_currentCountry not initialized Unable to register netfilter socket
yet DEBUG option ERROR
Country ie is %c%c%c, DEBUG Unable to create ip_conntrack_hash ERROR
%s: wrong state transition from %d to Unable to create ip_conntrack slab
%d, DEBUG cache ERROR
%s: wrong state transition from %d to
%d, DEBUG Unable to create ip_expect slab cache ERROR
%s: wrong state transition from %d to Unable to create ip_set_iptreeb slab
%s: wrong state transition from %d to Unable to create ip_set_iptreed slab
%s: wrong state transition from %d to %s: cannot allocate space for
%d, DEBUG %scompressor, fname, ERROR
%s: wrong state transition from %d to %s: cannot allocate space for MPPC
%d, DEBUG history, ERROR
ieee80211_deliver_l2uf: no buf %s: cannot allocate space for MPPC
available DEBUG history, ERROR
%s: %s, vap->iv_dev->name, buf /*
NB: no */ DEBUG %s: cannot load ARC4 module, fname ERROR
%s: [%s] %s, vap->iv_dev->name, DEBUG %s: cannot load SHA1 module, fname ERROR
%s: [%s] %s, vap->iv_dev->name, %s: CryptoAPI SHA1 digest size too
ether_sprintf(mac), buf DEBUG small, fname ERROR
[%s:%s] discard %s frame, %s, vap- %s: cannot allocate space for SHA1
>iv_dev->name, DEBUG digest, fname ERROR
[%s:%s] discard frame, %s, vap-
>iv_dev->name, DEBUG %s%d: trying to write outside history ERROR
[%s:%s] discard %s information
element, %s, DEBUG %s%d: trying to write outside history ERROR
[%s:%s] discard information element,
%s, DEBUG %s%d: trying to write outside history ERROR
[%s:%s] discard %s frame, %s, vap- %s%d: too big uncompressed packet:
>iv_dev->name, DEBUG %d, ERROR
[%s:%s] discard frame, %s, vap- %s%d: encryption negotiated but not
>iv_dev->name, DEBUG an ERROR
HBR list
dumpNode\tAddress\t\t\tState\tTrigger\t %s%d: error - not an MPPC or MPPE
Block DEBUG frame ERROR
Nodes
informationAddress\t\t\tBlock\t\tDroped Kernel doesn't provide ARC4 and/or
VI frames DEBUG SHA1 algorithms ERROR
%d\t
%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.
2x\t%s\t%s\t%s, DEBUG PPP: not interface or channel?? ERROR
%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.
2x\t%s\t\t%d, DEBUG PPP: no memory (VJ compressor) ERROR
[%d]\tFunction\t%s, j, ni-
>node_trace[i].funcp DEBUG failed to register PPP device (%d), err ERROR
[%d]\tMacAddr\t%s, j, DEBUG PPP: no memory (VJ comp pkt) ERROR
[%d]\tDescp\t\t%s, j, ni-
>node_trace[i].descp DEBUG PPP: no memory (comp pkt) ERROR
292
[%d]\tValue\t\t%llu(0x%llx), j, ni-
>node_trace[i].value, DEBUG ppp: compressor dropped pkt ERROR
ifmedia_add: null ifm DEBUG PPP: no memory (fragment) ERROR
Adding entry for DEBUG PPP: VJ uncompressed error ERROR
ifmedia_set: no match for 0x%x/0x%x, DEBUG ppp_decompress_frame: no memory ERROR
ppp_mp_reconstruct bad seq %u <
ifmedia_set: target DEBUG %u, ERROR
PPP: couldn't register device %s
ifmedia_set: setting to DEBUG (%d), ERROR
ifmedia_ioctl: switching %s to , dev- ppp: destroying ppp struct %p but
>name DEBUG dead=%d ERROR
ifmedia_match: multiple match for DEBUG ppp: destroying undead channel %p !, ERROR
PPP: removing module but units
<unknown type> DEBUG remain! ERROR
desc->ifmt_string DEBUG PPP: failed to unregister PPP device ERROR
%s: cannot allocate space for
mode %s, desc->ifmt_string DEBUG %scompressor, fname, ERROR
%s: cannot allocate space for MPPC
<unknown subtype> DEBUG history, ERROR
%s: cannot allocate space for MPPC
%s, desc->ifmt_string DEBUG history, ERROR
%s%s, seen_option++ ? , : , DEBUG %s: cannot load ARC4 module, fname ERROR
%s%s, seen_option++ ? , : , DEBUG %s: cannot load SHA1 module, fname ERROR
%s: CryptoAPI SHA1 digest size too
%s, seen_option ? > : DEBUG small, fname ERROR
%s: cannot allocate space for SHA1
%s: %s, dev->name, buf DEBUG digest, fname ERROR
%s: no memory for sysctl table!,
__func__ DEBUG %s%d: trying to write outside history ERROR
%s: failed to register sysctls!, vap-
>iv_dev->name DEBUG %s%d: trying to write outside history ERROR
Atheros HAL assertion failure: %s: line
%u: %s, DEBUG %s%d: trying to write outside history ERROR
ath_hal: logging to %s %s, %s%d: too big uncompressed packet:
ath_hal_logfile, DEBUG %d, ERROR
%s%d: encryption negotiated but not
ath_hal: logging disabled DEBUG an ERROR
%s%d: error - not an MPPC or MPPE
%s%s, sep, ath_hal_buildopts[i] DEBUG frame ERROR
ath_pci: No devices found, driver not Kernel doesn't provide ARC4 and/or
installed. DEBUG SHA1 algorithms ERROR
---:%d pri:%d qd:%u ad:%u sd:%u
tot:%u amp:%d %02x:%02x:%02x, DEBUG PPP: not interface or channel?? ERROR
SC Pushbutton Notify on %s::%s,dev-
>name,vap->iv_dev->name DEBUG PPP: no memory (VJ compressor) ERROR
Could not find Board Configuration
Data DEBUG failed to register PPP device (%d), err ERROR
Could not find Radio Configuration
data DEBUG PPP: no memory (comp pkt) ERROR
%s: No device, __func__ DEBUG ppp: compressor dropped pkt ERROR
ath_ahb: No devices found, driver not
installed. DEBUG PPP: no memory (VJ comp pkt) ERROR
PKTLOG_TAG %s:proc_dointvec
failed, __FUNCTION__ DEBUG PPP: no memory (comp pkt) ERROR
PKTLOG_TAG %s:proc_dointvec
failed, __FUNCTION__ DEBUG PPP: no memory (fragment) ERROR
293
%s: failed to register sysctls!,

proc_name DEBUG PPP: VJ uncompressed error ERROR
PKTLOG_TAG %s: proc_mkdir failed,
__FUNCTION__ DEBUG ppp_decompress_frame: no memory ERROR
PKTLOG_TAG %s: pktlog_attach ppp_mp_reconstruct bad seq %u <
failed for %s, DEBUG %u, ERROR
PKTLOG_TAG %s:allocation failed for PPP: couldn't register device %s
pl_info, __FUNCTION__ DEBUG (%d), ERROR
PKTLOG_TAG %s:allocation failed for ppp: destroying ppp struct %p but
pl_info, __FUNCTION__ DEBUG dead=%d ERROR
PKTLOG_TAG %s: create_proc_entry
failed for %s, DEBUG ppp: destroying undead channel %p !, ERROR
PKTLOG_TAG %s: sysctl register PPP: removing module but units
failed for %s, DEBUG remain! ERROR
PKTLOG_TAG %s: page fault out of
range, __FUNCTION__ DEBUG PPP: failed to unregister PPP device ERROR
PKTLOG_TAG %s: page fault out of
range, __FUNCTION__ DEBUG JBD: bad block at offset %u, ERROR
PKTLOG_TAG %s: Log buffer
unavailable, __FUNCTION__ DEBUG JBD: corrupted journal superblock ERROR
PKTLOG_TAG DEBUG JBD: bad block at offset %u, ERROR
Logging should be disabled before
changing bufer size DEBUG JBD: Failed to read block at offset %u, ERROR
%s:allocation failed for pl_info,
__func__ DEBUG JBD: error %d scanning journal, err ERROR
%s: Unable to allocate buffer, __func__ DEBUG JBD: IO error %d recovering block ERROR
%s:allocation failed for pl_info,
__func__ DEBUG ./Logs_kernel.txt:303:KERN_ERR ERROR
%s: Unable to allocate buffer, __func__ DEBUG ./Logs_kernel.txt:304:KERN_ERR ERROR
Atheros HAL assertion failure: %s: line
%u: %s, DEBUG JBD: recovery pass %d ended at ERROR
ath_hal: logging to %s %s,
ath_hal_logfile, DEBUG %s: %s:%d: BAD SESSION MAGIC \ ERROR
ath_hal: logging disabled DEBUG %s: %s:%d: BAD TUNNEL MAGIC \ ERROR
msg->msg_namelen wrong, %d, msg-
%s%s, sep, ath_hal_buildopts[i] DEBUG >msg_namelen ERROR
failed to allocate rx descriptors: %d, addr family wrong: %d, usin-
error DEBUG >sin_family ERROR
udp addr=%x/%hu, usin-
ath_stoprecv: rx queue %p, link %p, DEBUG >sin_addr.s_addr, usin->sin_port ERROR
no mpdu (%s), __func__ DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
Reset rx chain mask. Do internal reset.
(%s), __func__ DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
OS_CANCEL_TIMER failed!! DEBUG socki_lookup: socket file changed! ERROR
__func__ DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
%s: unable to collect channel list from
hal; DEBUG %s: %s:%d: BAD SESSION MAGIC \ ERROR
%s: cannot map channel to mode; freq
%u flags 0x%x, DEBUG %s: %s:%d: BAD TUNNEL MAGIC \ ERROR
%s: unable to reset channel %u msg->msg_namelen wrong, %d, msg-
(%uMhz) DEBUG >msg_namelen ERROR
addr family wrong: %d, usin-
%s: unable to restart recv logic, DEBUG >sin_family ERROR
%s: start DFS WAIT period on channel udp addr=%x/%hu, usin-
%d, __func__,sc->sc_curchan.channel DEBUG >sin_addr.s_addr, usin->sin_port ERROR
294
%s: cancel DFS WAIT period on

channel %d, __func__, sc-
>sc_curchan.channel DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
Non-DFS channel, cancelling previous
DFS wait timer channel %d, sc-
>sc_curchan.channel DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
%s: unable to reset hardware; hal
status %u DEBUG socki_lookup: socket file changed! ERROR
%s: unable to start recv logic, __func__ DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
%s: unable to start recv logic, __func__ DEBUG %s: %s:%d: BAD SESSION MAGIC \ ERROR
status %u, DEBUG %s: %s:%d: BAD TUNNEL MAGIC \ ERROR
msg->msg_namelen wrong, %d, msg-
hardware error; reseting DEBUG >msg_namelen ERROR
addr family wrong: %d, usin-
rx FIFO overrun; reseting DEBUG >sin_family ERROR
%s: During Wow Sleep and got udp addr=%x/%hu, usin-
BMISS, __func__ DEBUG >sin_addr.s_addr, usin->sin_port ERROR
AC\tRTS \tAggr Scaling\tMin
Rate(Kbps)\tHBR \tPER LOW
THRESHOLD DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
BE\t%s\t\t%d\t%6d\t\t%s\t%d, DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
BK\t%s\t\t%d\t%6d\t\t%s\t%d, DEBUG socki_lookup: socket file changed! ERROR
VI\t%s\t\t%d\t%6d\t\t%s\t%d, DEBUG %s: %s:%d: BAD TUNNEL MAGIC ERROR
VO\t%s\t\t%d\t%6d\t\t%s\t%d, DEBUG rebootHook: null function pointer ERROR
--%d,%p,%lu:0x%x 0x%x 0x%p 0x%x
0x%x 0x%x 0x%x, DEBUG Bad ioctl command ERROR
bb state: 0x%08x 0x%08x, bbstate(sc, fResetMod: Failed to configure gpio
4ul), bbstate(sc, 5ul) DEBUG pin ERROR
%08x %08x %08x %08x %08x %08x fResetMod: Failed to register interrupt
%08x %08x%08x %08x %08x %08x, DEBUG handler ERROR
noise floor: (%d, %d) (%d, %d) (%d,
%d), DEBUG registering char device failed ERROR
%p: %08x %08x %08x %08x %08x
%08x %08x %08x %08x %08x %08x
%08x, DEBUG unregistering char device failed ERROR
--%d,%p,%lu:0x%x 0x%x 0x%p 0x%x
0x%x 0x%x 0x%x, DEBUG proc entry delete failed ERROR
%08x %08x %08x %08x %08x %08x
%08x %08x%08x %08x %08x %08x, DEBUG proc entry initialization failed ERROR
%s: unable to allocate device object., testCompHandler: received %s from
__func__ DEBUG %d, (char *)pInBuf, ERROR
%s: unable to attach hardware; HAL
status %u, DEBUG UMI proto registration failed %d,ret ERROR
%s: HAL ABI msmatch; DEBUG AF_UMI registration failed %d,ret ERROR
%s: Warning, using only %u entries in
%u key cache, DEBUG umi initialization failed %d,ret ERROR
unable to setup a beacon xmit queue! DEBUG kernel UMI registration failed! ERROR
unable to setup CAB xmit queue! DEBUG ./Logs_kernel.txt:447:KERN_ERR ERROR
unable to setup xmit queue for BE ERROR msm not found properly %d,
traffic! DEBUG len %d, msm, ERROR
%s DFS attach failed, __func__ DEBUG ModExp returned Error ERROR
%s: Invalid interface id = %u,
__func__, if_id DEBUG ModExp returned Error ERROR
295
%s:grppoll Buf allocation failed %s: 0x%p len %u, tag, p, (unsigned
,__func__ DEBUG int)len ERROR
%s: unable to start recv logic, DEBUG %03d:, i ERROR
%s: Invalid interface id = %u,
__func__, if_id DEBUG %02x, ((unsigned char *)p)[i] ERROR
__func__ DEBUG mic check failed ERROR
%s: Tx Antenna Switch. Do internal %s: 0x%p len %u, tag, p, (unsigned
reset., __func__ DEBUG int)len ERROR
Radar found on channel %d (%d MHz), DEBUG %03d:, i ERROR
End of DFS wait period DEBUG %02x, ((unsigned char *)p)[i] ERROR
%s error allocating beacon, __func__ DEBUG mic check failed ERROR
failed to allocate UAPSD QoS NULL tx
descriptors: %d, error DEBUG [%s] Wrong parameters, __func__ ERROR
failed to allocate UAPSD QoS NULL
wbuf DEBUG [%s] Wrong Key length, __func__ ERROR
__func__ DEBUG [%s] Wrong parameters, __func__ ERROR
%s: unable to update h/w beacon
queue parameters, DEBUG [%s] Wrong Key length, __func__ ERROR
ALREADY ACTIVATED DEBUG [%s] Wrong parameters, __func__ ERROR
%s: missed %u consecutive beacons, DEBUG [%s] Wrong Key length, __func__ ERROR
%s: busy times: rx_clear=%d,
rx_frame=%d, tx_frame=%d, __func__,
rx_clear, rx_frame, tx_frame DEBUG [%s] Wrong parameters, __func__ ERROR
%s: unable to obtain busy times,
__func__ DEBUG [%s] Wrong Key length, __func__ ERROR
%s: beacon is officially stuck, DEBUG [%s]: Wrong parameters, __func__ ERROR
[%s] Wrong Key Length %d,
Busy environment detected DEBUG __func__, des_key_len ERROR
[%s] Wrong parameters %d,
Inteference detected DEBUG __func__, des_key_len ERROR
rx_clear=%d, rx_frame=%d, [%s] Wrong Key Length %d,
tx_frame=%d, DEBUG __func__, des_key_len ERROR
%s: resume beacon xmit after %u
misses, DEBUG [%s] Wrong parameters, __func__ ERROR
%s: stuck beacon; resetting (bmiss
count %u), DEBUG [%s] Wrong Key Length, __func__ ERROR
EMPTY QUEUE DEBUG [%s] Wrong parameters, __func__ ERROR
SWRInfo: seqno %d isswRetry %d
retryCnt %d,wh ? (*(u_int16_t *)&wh-
>i_seq[0]) >> 4 : 0, bf->bf_isswretry,bf-
>bf_swretries DEBUG [%s] Wrong Key Length, __func__ ERROR
Buffer #%08X --> Next#%08X
Prev#%08X Last#%08X,bf,
TAILQ_NEXT(bf,bf_list), DEBUG [%s] Wrong parameters, __func__ ERROR
Stas#%08X flag#%08X
Node#%08X, bf->bf_status, bf-
>bf_flags, bf->bf_node DEBUG [%s] Wrong parameters, __func__ ERROR
Descr #%08X --> Next#%08X
Data#%08X Ctl0#%08X Ctl1#%08X,
bf->bf_daddr, ds->ds_link, ds-
>ds_data, ds->ds_ctl0, ds->ds_ctl1 DEBUG [%s] Wrong parameters, __func__ ERROR
Ctl2#%08X Ctl3#%08X
Sta0#%08X Sta1#%08X,ds->ds_hw[0],
ds->ds_hw[1], lastds->ds_hw[2],
lastds->ds_hw[3] DEBUG [%s] Wrong parameters, __func__ ERROR
296
device name=%s not found, pReq-

Error entering wow mode DEBUG >ifName ERROR
Wakingup due to wow signal DEBUG unable to register KIFDEV to UMI ERROR
%s, wowStatus = 0x%x, __func__, ERROR: %s: Timeout at page %#0x
wowStatus DEBUG addr %#0x ERROR
ERROR: %s: Timeout at page %#0x
Pattern added already DEBUG addr %#0x ERROR
Error : All the %d pattern are in use.
Cannot add a new pattern ,
MAX_NUM_PATTERN DEBUG Invalid IOCTL %#08x, cmd ERROR
%s: unable to register device, dev-
Pattern added to entry %d ,i DEBUG >name ERROR
Remove wake up pattern DEBUG ath_pci: 32-bit DMA not available ERROR
mask = %p pat = %p ath_pci: cannot reserve PCI memory
,maskBytes,patternBytes DEBUG region ERROR
mask = %x pat = %x
,(u_int32_t)maskBytes, ath_pci: cannot remap PCI memory
(u_int32_t)patternBytes DEBUG region) ; ERROR
Pattern Removed from entry %d ,i DEBUG ath_pci: no memory for device state ERROR
Error : Pattern not found DEBUG >name ERROR
PPM STATE ILLEGAL %x %x, ath_dev_probe: no memory for device
forcePpmStateCur, afp->forceState DEBUG state ERROR
FORCE_PPM %4d %6.6x %8.8x %s: no memory for device state,
%8.8x %8.8x %3.3x %4.4x, DEBUG __func__ ERROR
failed to allocate tx descriptors: %d,
error DEBUG kernel MIBCTL registration failed! ERROR
failed to allocate beacon descripotrs:
%d, error DEBUG Bad ioctl command ERROR
failed to allocate UAPSD descripotrs:
%d, error DEBUG WpsMod: Failed to configure gpio pin ERROR
WpsMod: Failed to register interrupt
hal qnum %u out of range, max %u!, DEBUG handler ERROR
HAL AC %u out of range, max %zu!, DEBUG registering char device failed ERROR
HAL AC %u out of range, max %zu!, DEBUG unregistering char device failed ERROR
%s: unable to update hardware queue %s:%d - ERROR: non-NULL node
%u!, DEBUG pointer in %p, %p<%s>! ERROR
%s:%d - ERROR: non-NULL node
Multicast Q: DEBUG pointer in %p, %p<%s>! ERROR
%p , buf DEBUG can't alloc name %s, name ERROR
buf flags - 0x%08x --------- , buf- %s: unable to register device, dev-
>bf_flags DEBUG >name ERROR
failed to automatically load module:
buf status - 0x%08x, buf->bf_status DEBUG %s; \ ERROR
# frames in aggr - %d, length of
aggregate - %d, length of frame - %d, Unable to load needed module: %s;
sequence number - %d, tidno - %d, DEBUG no support for \ ERROR
isdata: %d isaggr: %d isampdu: %d ht:
%d isretried: %d isxretried: %d
shpreamble: %d isbar: %d ispspoll: %d
aggrburst: %d calcairtime: %d
qosnulleosp: %d, DEBUG Module \%s\ is not known, buf ERROR
%p: 0x%08x 0x%08x 0x%08x 0x%08x
0x%08x 0x%08x 0x%08x 0x%08x
0x%08x 0x%08x, DEBUG Error loading module \%s\, buf ERROR
297
0x%08x 0x%08x 0x%08x 0x%08x

0x%08x 0x%08x 0x%08x 0x%08x
0x%08x 0x%08x, DEBUG Module \%s\ failed to initialize, buf ERROR
0x%08x 0x%08x 0x%08x 0x%08x, DEBUG ath_pci: 32-bit DMA not available ERROR
ath_pci: cannot reserve PCI memory
sc_txq[%d] : , i DEBUG region ERROR
ath_pci: cannot remap PCI memory
tid %p pause %d : , tid, tid->paused DEBUG region) ; ERROR
%d: %p , j, tid->tx_buf[j] DEBUG ath_pci: no memory for device state ERROR
%s: unable to attach hardware: '%s'
%p , buf DEBUG (HAL status %u), ERROR
axq_q: DEBUG %s: HAL ABI mismatch; ERROR
status %u, __func__, status DEBUG %s: failed to allocate descriptors: %d, ERROR
%s: unable to setup a beacon xmit
****ASSERTION HIT**** DEBUG queue!, ERROR
MacAddr=%s, DEBUG %s: unable to setup CAB xmit queue!, ERROR
%s: unable to setup xmit queue for
TxBufIdx=%d, i DEBUG %s traffic!, ERROR
Tid=%d, tidno DEBUG >name ERROR
AthBuf=%p, tid->tx_buf[i] DEBUG %s: autocreation of VAP failed: %d, ERROR
%s: unable to reset hardware; hal ath_dev_probe: no memory for device
status %u, DEBUG state ERROR
%s: unable to reset hardware; hal kdot11RogueAPEnable called with
status %u, DEBUG NULL argument. ERROR
kdot11RogueAPEnable: can not add
%s: unable to start recv logic, DEBUG more interfaces ERROR
kdot11RogueAPGetState called with
_fmt, __VA_ARGS__ \ DEBUG NULL argument. ERROR
sample_pri=%d is a multiple of kdot11RogueAPDisable called with
refpri=%d, sample_pri, refpri DEBUG NULL argument. ERROR
===========ft-
>ft_numfilters=%u===========, ft- %s: SKB does not exist.,
>ft_numfilters DEBUG __FUNCTION__ ERROR
filter[%d] filterID = %d
rf_numpulses=%u; rf->rf_minpri=%u;
rf->rf_maxpri=%u; rf->rf_threshold=%u;
rf->rf_filterlen=%u; rf->rf_mindur=%u;
rf->rf_maxdur=%u,j, rf->rf_pulseid, DEBUG %s: recvd invalid skb ERROR
NOL DEBUG unable to register KIFDEV to UMI ERROR
WARNING!!! 10 minute CAC period as The system is going to factory
channel is a weather radar channel DEBUG defaults........!!! CRITICAL
%s disable detects, __func__ DEBUG %s, msg CRITICAL
%s enable detects, __func__ DEBUG %02x, *(data + i) CRITICAL
%s disable FFT val=0x%x , __func__,
val DEBUG Inside crypt_open in driver ###### CRITICAL
%s enable FFT val=0x%x , __func__,
val DEBUG Inside crypt_release in driver ###### CRITICAL
%s debug level now = 0x%x , Inside crypt_init module in driver
__func__, dfs_debug_level DEBUG @@@@@@@@ CRITICAL
RateTable:%d, maxvalidrate:%d,
ratemax:%d, pRc- Inside crypt_cleanup module in driver
>rateTableSize,k,pRc->rateMaxPhy DEBUG @@@@@@@@ CRITICAL
%s: txRate value of 0x%x is bad.,
__FUNCTION__, txRate DEBUG SKB is null : %p ,skb CRITICAL
Valid Rate Table:- DEBUG DST is null : %p ,dst CRITICAL
298
Index:%d, value:%d, code:%x,

rate:%d, flag:%x, i,
(int)validRateIndex[i], DEBUG DEV is null %p %p ,dev,dst CRITICAL
RateTable:%d, maxvalidrate:%d,
ratemax:%d, pRc- Packet is Fragmented %d,pBufMgr-
>rateTableSize,k,pRc->rateMaxPhy DEBUG >len CRITICAL
Marked the packet proto:%d sip:%x
dip:%x sport:%d dport:%d
Can't allocate memory for ath_vap. DEBUG spi:%d,isr:%p:%p %p CRITICAL
SAV CHECK FAILED IN
Unable to add an interface for ath_dev. DEBUG DECRYPTION CRITICAL
%s: [%02u] %-7s , tag, ix, ciphers[hk-
>kv_type] DEBUG FAST PATH Breaks on BUF CHECK CRITICAL
%02x, hk->kv_val[i] DEBUG FAST PATH Breaks on DST CHECK CRITICAL
mac %02x-%02x-%02x-%02x-%02x- FAST PATH Breaks on MTU %d %d
%02x, mac[0], mac[1], mac[2], mac[3], %d,bufMgrLen(pBufMgr),mtu,dst_mtu
mac[4], mac[5] DEBUG (pDst->path) CRITICAL
FAST PATH Breaks on MAX PACKET
%d
%d,bufMgrLen(pBufMgr),IP_MAX_PA
mac 00-00-00-00-00-00 DEBUG CKET CRITICAL
SAV CHECK FAILED IN
%02x, hk->kv_mic[i] DEBUG ENCRYPTION CRITICAL
Match Found proto %d spi
%d,pPktInfo->proto,pFlowEntry-
txmic DEBUG >pre.spi CRITICAL
PRE: proto: %u srcip:%u.%u.%u.%u
sport :%u dstip: %u.%u.%u.%u dport:
%02x, hk->kv_txmic[i] DEBUG %u, CRITICAL
POST: proto: %u srcip:%u.%u.%u.%u
Cannot support setting tx and rx keys sport :%u dstip: %u.%u.%u.%u dport:
individually DEBUG %u, CRITICAL
bogus frame type 0x%x (%s), DEBUG Clearing the ISR %p,p CRITICAL
PROTO:%d %u.%u.%u.%u---
ERROR: ieee80211_encap ret NULL DEBUG >%u.%u.%u.%u, CRITICAL
ERROR: ath_amsdu_attach not called DEBUG ESP-DONE: %p %p,sav,m CRITICAL
%s: no memory for cwm attach,
__func__ DEBUG ESP-BAD: %p %p,sav,m CRITICAL
%s: error - acw NULL. Possible attach
failure, __func__ DEBUG Bug in ip_route_input_slow(). CRITICAL
%s: unable to abort tx dma, __func__ DEBUG Bug in ip_route_input_slow(). CRITICAL
%s: no memory for ff attach, __func__ DEBUG Bug in ip_route_input \ CRITICAL
Failed to initiate PBC based enrolle
association DEBUG Bug in ip_route_input_slow(). CRITICAL
KERN_EMERG Returing error in INTR AH: Assigning the secure flags for sav
registration DEBUG :%p,sav CRITICAL
ESP: Assigning the secure flags for
sav :%p skb:%p src:%x
dst:%x,sav,skb,ip->ip_src.s_addr,ip-
KERN_EMERG Initialzing Wps module DEBUG >ip_dst.s_addr CRITICAL
%s Buffer %d mtu %d path mtu %d
header %d trailer
%d,__func__,bufMgrLen(pBufMgr),mt
%s:%d %s, __FILE__, __LINE__, u,dst_mtu(pDst->path),pDst-
__func__ DEBUG >header_len,pDst->trailer_len CRITICAL
299
Appendix E. RJ-45 Pin-outs

RJ-45
Signal Adapter Signal
Cable
RJ-45 PIN DB-9 PIN
CTS NC NC NC
DTR NC NC NC
TxD 6 3 RxD
GND 5 5 GND
GND 4 5 GND
RxD 3 2 TxD
DSR NC NC NC
RTS NC NC NC
300
Appendix F. New Wi Fi Frequency table ( New

appendix section )
Channel
supported in20 Channel supported in 40
Country Mhz Mhz
Upper side Lower side
band band
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
1) Australia 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
36, 40, 44, 48, 149, 40, 48, 153, 36, 44, 149,
5 Ghz 153, 157, 161, 165 161 157
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
2) Russia 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
36, 40, 44, 48, 149, 40, 48, 153, 36, 44, 149,
5 Ghz 153, 157, 161, 165 161 157
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
3) Iceland 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
4) Singapore 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
5) Sweden 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
6) Taiwan 2.4Ghz 10, 11 10, 11 7
56, 60, 64, 149, 153,
5 Ghz 157, 161, 165 64, 153, 161 60, 149, 157
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
7) Finland 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
8) Slovenia 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
9) Ireland 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
United 1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
10) states 2.4Ghz 10, 11 10, 11 7
36, 40, 44, 48, 149, 40, 48, 153, 36, 44, 149,
5 Ghz 153, 157, 161, 165 161 157
Latin 1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
11) America 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
301
36, 40, 44, 48, 149, 40, 48, 153, 36, 44, 149,
5 Ghz 153, 157, 161, 165 161 157
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
12) Denmark 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
13) Germany 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
14) Netherlands 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
15) Norway 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36, 44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
16) Poland 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
Luxembour 1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
17) g 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
South 1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
18) Africa 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
United 1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
19) Kingdom 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
20) Ireland 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
21) France 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
22) Israel 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
23) Korea 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
36, 40, 44, 48, 149, 40, 48, 153, 36, 44, 149,
5 Ghz 153, 157, 161 161 157
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
24) Japan 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
5 Ghz 36, 40, 44, 48 40, 48 36,44
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
25) Egypt 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
302
36, 40, 44, 48, 52, 56,

5 Ghz 60, 64 40, 48, 56, 64 36, 44, 52, 60
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
26) Brazil 2.4Ghz 10, 11,12,13 10, 11,12,13 7,8,9
36, 40, 44, 48, 149, 40, 48, 153, 36, 44, 149,
5 Ghz 153, 157, 161, 165 161 157
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
27) Canada 2.4Ghz 10, 11 10, 11 7
36, 40, 44, 48, 149, 40, 48, 153, 36, 44, 149,
5 Ghz 153, 157, 161, 165 161 157
1, 2, 3, 4, 5, 6, 7, 8, 9, 5, 6, 7, 8, 9, 1, 2, 3, 4, 5, 6,
28) China 2.4Ghz 10, 11, 12, 13 10, 11, 12, 13 7, 8, 9
36, 40, 44, 48, 149, 40, 48, 153, 36, 44, 149,
5 Ghz 153, 157, 161, 165 161 157
303
Appendix G. Product Statement

1. DSR-1000N
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instructions, may cause harmful interference to
radio communications. However, there is no guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the interference by
one or more of the following measures:
 Reorient or relocate the receiving antenna.
 Increase the separation between the equipment and receiver.
 Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
 Consult the dealer or an experienced radio/TV technician for help.
FCC Radiation Exposure Statement

This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment.
This equipment should be installed and operated with a minimum distance of 20 centimeters between the
radiator and your body.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:
1) This device may not cause harmful interference, and

2) This device must accept any interference received, including interference that may cause undesired
operation.
This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.
The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm from
all persons and must not be co-located or operating in conjunction with any other antenna or transmitter.
This transmitter is restricted to indoor use in the 5150MHz to 5250MHz frequency range.
Non-modification Statement
Use only the integral antenna supplied by the manufacturer when operating this device. Unauthorized
antennas, modifications, or attachments could damage the TI Navigator access point and violate FCC
regulations. Any changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate this equipment.
Canadian Department of Communications Industry Canada (IC) Notice

This Class B digital apparatus complies with Canadian ICES-003 and RSS-210. Cet appareil numérique de la
classe B est conforme à la norme NMB-003 et CNR-210 du Canada.
ndustry Canada Statement

This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following two
conditions:
2) This device must accept any interference received, including interference that may cause undesired
operation.
IMPORTANT NOTE: Radiation Exposure Statement

This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. End users
304
must follow the specific operating instructions for satisfying RF exposure compliance. To maintain compliance
with IC RF exposure compliance requirements, please follow operation instruction as documented in this
manual.
Europe – EU Declaration of Conformity
This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following
test methods have been applied in order to prove presumption of conformity with the essential requirements
of the R&TTE Directive 1999/5/EC:
- EN 60950-1: 2006+A11:2009
Safety of information technology equipment
- EN 300 328 V1.7.1 (2006-10)

Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband transmission systems; Data
transmission equipment operating in the 2,4 GHz ISM band and using wide band modulation techniques;
Harmonized EN covering essential requirements under article 3.2 of the R&TTE Directive
- EN 301 893-1 V1.5.1 (2008-12)

Broadband Radio Access Networks (BRAN); 5 GHz high performance RLAN; Harmonized EN covering
essential requirements of article 3.2 of the R&TTE Directive
- EN 301 489-17 V1.3.2 (2008-04) and EN 301 489-1 V1.8.1 (2008-04)

Electromagnetic compatibility and Radio spectrum Matters (ERM); Electro Magnetic Compatibility (EMC)
standard for radio equipment and services; Part 17: Specific conditions for 2,4 GHz wideband transmission
systems and 5 GHz high performance RLAN equipment
This device is a 2.4 GHz wideband transmission system (transceiver), intended for use in all EU member
states and EFTA countries under the following conditions and/or with the following restrictions:
- In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain
authorization to use the device for setting up outdoor radio links and/or for supplying public access to
telecommunications and/or network services.
- This device may not be used for setting up outdoor radio links in France and in some areas the RF output
power may be limited to 10 mW EIRP in the frequency range of 2454 – 2483.5 MHz. For detailed information
the enduser should contact the national spectrum authority in France.
This device is a 5 GHz wideband transmission system (transceiver), intended for use in all EU member
- This device may only be used indoors in the frequency bands 5150 – 5250 MHz.
- In France and Luxembourg a limited implementation of the frequency bands 5150 – 5250 MHz and 5250 –
5350 MHz. In Luxermbourg it is not allowed to make use of the frequency band 5470 – 5725 MHz. End-users
are encouraged to contact the national spectrum authorities in France and Luxembourg in order to obtain the
latest information about any restrictions in the 5 GHz frequency band(s).
305
Česky [D-Link Corporation] tímto prohlašuje, že tento [DSR-1000N] je ve shodě se základními

[Czech] požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES.
Dansk Undertegnede [D-Link Corporation] erklærer herved, at følgende udstyr [DSR-1000N]

[Danish] overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
Deutsch Hiermit erklärt [D-Link Corporation], dass sich das Gerät [DSR-1000N] in Übereinstimmung
[German] mit den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen der
Richtlinie 1999/5/EG befindet.
Eesti Käesolevaga kinnitab [D-Link Corporation] seadme [DSR-1000N] vastavust direktiivi

[Estonian] 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele
sätetele.
English Hereby, [D-Link Corporation], declares that this [DSR-1000N] is in compliance with the
essential requirements and other relevant provisions of Directive 1999/5/EC.
Español Por medio de la presente [D-Link Corporation] declara que el [DSR-1000N] cumple con los
[Spanish] requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la
Directiva 1999/5/CE.
Ελληνική ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ [D-Link Corporation] ΔΗΛΩΝΕΙ ΟΤΙ [DSR-1000N] ΣΥΜΜΟΡΦΩΝΕΤΑΙ

[Greek] ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ
ΟΔΗΓΙΑΣ 1999/5/ΕΚ.
Français Par la présente [D-Link Corporation] déclare que l'appareil [DSR-1000N] est conforme aux
[French] exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.
Italiano Con la presente [D-Link Corporation] dichiara che questo [DSR-1000N] è conforme ai
[Italian] requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.
Latviski Ar šo [D-Link Corporation] deklarē, ka [DSR-1000N] atbilst Direktīvas 1999/5/EK

[Latvian] būtiskajām prasībām un citiem ar to saistītajiem noteikumiem.
Lietuvių Šiuo [D-Link Corporation] deklaruoja, kad šis [DSR-1000N] atitinka esminius reikalavimus
[Lithuanian] ir kitas 1999/5/EB Direktyvos nuostatas.
Hierbij verklaart [D-Link Corporation] dat het toestel [DSR-1000N] in overeenstemming is

Nederlands met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG.
[Dutch]
Malti Hawnhekk, [D-Link Corporation], jiddikjara li dan [DSR-1000N] jikkonforma mal-ħtiġijiet

[Maltese] essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC.
Magyar Alulírott, [D-Link Corporation] nyilatkozom, hogy a [DSR-1000N] megfelel a vonatkozó

[Hungarian] alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
Polski Niniejszym [D-Link Corporation] oświadcza, że [DSR-1000N] jest zgodny z zasadniczymi

[Polish] wymogami oraz pozostałymi stosownymi postanowieniami Dyrektywy 1999/5/EC.
306
[D-Link Corporation] declara que este [DSR-1000N]está conforme com os requisitos

Português essenciais e outras disposições da Directiva 1999/5/CE.
[Portuguese]
[D-Link Corporation] izjavlja, da je ta [DSR-1000N] v skladu z bistvenimi zahtevami in

Slovensko ostalimi relevantnimi določili direktive 1999/5/ES.
[Slovenian]
[D-Link Corporation] týmto vyhlasuje, že [DSR-1000N] spĺňa základné požiadavky a všetky

Slovensky príslušné ustanovenia Smernice 1999/5/ES.
[Slovak]
Suomi [D-Link Corporation] vakuuttaa täten että [DSR-1000N] tyyppinen laite on direktiivin
[Finnish] 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.
Svenska Härmed intygar [D-Link Corporation] att denna [DSR-1000N] står I överensstämmelse med
[Swedish] de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv
1999/5/EG.
307
2.DSR-500N
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses, and can radiate radio frequency
one or more of the following measures:
connected.
FCC Radiation Exposure Statement

This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment.
This equipment should be installed and operated with a minimum distance of 20 centimeters between the
radiator and your body.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions:

2) This device must accept any interference received, including interference that may cause
undesired operation.
The antennas used for this transmitter must be installed to provide a spectrum distance of at least 20cm
from all persons and must not be co-located or operating in conjunction with any other antenna or
transmitter.
Non-modification Statement
Use only the integral antenna supplied by the manufacturer when operating this device. Unauthorized
antennas, modifications, or attachments could damage the TI Navigator access point and violate FCC
regulations. Any changes or modifications not expressly approved by the party responsible for compliance
could void the user's authority to operate this equipment.
Canadian Department of Communications Industry Canada (IC) Notice

This Class B digital apparatus complies with Canadian ICES-003 and RSS-210. Cet appareil numérique de
la classe B est conforme à la norme NMB-003 et CNR-210 du Canada.
Industry Canada Statement

conditions:
2) This device must accept any interference received, including interference that may cause
undesired operation.
IMPORTANT NOTE: Radiation Exposure Statement

This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment.
End users must follow the specific operating instructions for satisfying RF exposure compliance.
To maintain compliance with IC RF exposure compliance requirements, please follow operation instruction
as documented in this manual.
308
This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following
test methods have been applied in order to prove presumption of conformity with the essential requirements
of the R&TTE Directive 1999/5/EC:
- EN 60950-1: 2006+A11:2009
Safety of information technology equipment
- EN 300 328 V1.7.1 (2006-10)

Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband transmission systems; Data
transmission equipment operating in the 2,4 GHz ISM band and using wide band modulation techniques;
Harmonized EN covering essential requirements under article 3.2 of the R&TTE Directive
- EN 301 489-17 V1.3.2 (2008-04) and EN 301 489-1 V1.8.1 (2008-04)

Electromagnetic compatibility and Radio spectrum Matters (ERM); Electro Magnetic Compatibility (EMC)
standard for radio equipment and services; Part 17: Specific conditions for 2,4 GHz wideband transmission
systems and 5 GHz high performance RLAN equipment
- In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain authorization
to use the device for setting up outdoor radio links and/or for supplying public access to telecommunications and/or
network services.
- This device may not be used for setting up outdoor radio links in France and in some areas the RF output
power may be limited to 10 mW EIRP in the frequency range of 2454 – 2483.5 MHz. For detailed information the
enduser should contact the national spectrum authority in France.
309
Česky [D-Link Corporation] tímto prohlašuje, že tento [DSR-500N] je ve shodě se základními

Dansk Undertegnede [D-Link Corporation] erklærer herved, at følgende udstyr [DSR-500N]

[Danish] overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
Deutsch Hiermit erklärt [D-Link Corporation], dass sich das Gerät [DSR-500N] in Übereinstimmung
[German] mit den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen der
Richtlinie 1999/5/EG befindet.
Eesti Käesolevaga kinnitab [D-Link Corporation] seadme [DSR-500N] vastavust direktiivi

[Estonian] 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele
sätetele.
English Hereby, [D-Link Corporation], declares that this [DSR-500N] is in compliance with the
essential requirements and other relevant provisions of Directive 1999/5/EC.
Español Por medio de la presente [D-Link Corporation] declara que el [DSR-500N] cumple con los
[Spanish] requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la
Directiva 1999/5/CE.
ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ [D-Link Corporation] ΔΗΛΩΝΕΙ ΟΤΙ [DSR-500N] ΣΥΜΜΟΡΦΩΝΕΤΑΙ

Ελληνική ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ
[Greek] ΟΔΗΓΙΑΣ 1999/5/ΕΚ.
Par la présente [D-Link Corporation] déclare que l'appareil [DSR-500N] est conforme aux
Français exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.
[French]
Italiano Con la presente [D-Link Corporation] dichiara che questo [DSR-500N] è conforme ai
[Italian] requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.
Latviski Ar šo [D-Link Corporation] deklarē, ka [DSR-500N] atbilst Direktīvas 1999/5/EK

[Latvian] būtiskajām prasībām un citiem ar to saistītajiem noteikumiem.
Lietuvių Šiuo [D-Link Corporation] deklaruoja, kad šis [DSR-500N] atitinka esminius reikalavimus
[Lithuanian] ir kitas 1999/5/EB Direktyvos nuostatas.
Hierbij verklaart [D-Link Corporation] dat het toestel [DSR-500N] in overeenstemming is

Nederlands met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG.
[Dutch]
Malti Hawnhekk, [D-Link Corporation], jiddikjara li dan [DSR-500N] jikkonforma mal-ħtiġijiet

[Maltese] essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC.
Magyar Alulírott, [D-Link Corporation] nyilatkozom, hogy a [DSR-500N] megfelel a vonatkozó

[Hungarian] alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
Polski Niniejszym [D-Link Corporation] oświadcza, że [DSR-500N] jest zgodny z zasadniczymi

310
[D-Link Corporation] declara que este [DSR-500N]está conforme com os requisitos

Português essenciais e outras disposições da Directiva 1999/5/CE.
[Portuguese]
[D-Link Corporation] izjavlja, da je ta [DSR-500N] v skladu z bistvenimi zahtevami in

Slovensko ostalimi relevantnimi določili direktive 1999/5/ES.
[Slovenian]
[D-Link Corporation] týmto vyhlasuje, že [DSR-500N] spĺňa základné požiadavky a

Slovensky všetky príslušné ustanovenia Smernice 1999/5/ES.
[Slovak]
Suomi [D-Link Corporation] vakuuttaa täten että [DSR-500N] tyyppinen laite on direktiivin
[Finnish] 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.
Svenska Härmed intygar [D-Link Corporation] att denna [DSR-500N] står I överensstämmelse
[Swedish] med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av
direktiv 1999/5/EG.
311
3.DSR-250N
Federal Communication Commission Interference Statement
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses and can radiate radio frequency
one of the following measures:

connected.
FCC Caution:
Any changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate this equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1)
This device may not cause harmful interference, and (2) this device must accept any interference received,
including interference that may cause undesired operation.
RSS-GEN 7.1.4:
User Manual for Transmitters with Detachable Antennas
The user manual of transmitter devices equipped with detachable antennas shall contain the following
information in a conspicuous location:
This device has been designed to operate with the antennas listed below, and having a maximum gain of [1.8]
dB. Antennas not included in this list or having a gain greater than [1.8] dB are strictly prohibited for use with
this device. The required antenna impedance is [50] ohms.
RSS-GEN 7.1.5
To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that
the equivalent isotropically radiated power (e.i.r.p.) is not more than that permitted for successful
communication.
Le présent appareil est conforme aux CNR d'Industrie Canada applicables aux appareils radio exempts de
licence. L'exploitation est autorisée aux deux conditions suivantes: (1) l'appareil ne doit pas produire de
brouillage, et (2) l'utilisateur de l'appareil doit accepter tout brouillage radioélectrique subi, même si le
brouillage est susceptible d'en comSpromettre le fonctionnement.
Is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximation
of the Laws of the Member States relating to Electromagnetic Compatibility (2004/108/EC), Low-voltage
Directive (2006/95/EC), the procedures given in European Council Directive 99/5/EC and 2004/104/EC.
The equipment was passed. The test was performed according to the following European standards:
EN 300 328 V.1.7.1
EN 301 489-1 V.1. 8.1 / EN 301 489-17 V.2.1.1
EN 62311
EN 60950-1
312
Regulatory statement (R&TTE)

European standards dictate maximum radiated transmit power of 100mW EIRP and frequency range 2.400-
2.4835GHz; In France, the equipment must be restricted to the 2.4465-2.4835GHz frequency range and must
be restricted to indoor use.
Operation of this device is subjected to the following National regulations and may be prohibited to use if
certain restriction should be applied.
D=0.020m is the minimum safety distance between the EUT and human body when the E-Field strength is
61V/m.
NCC Warning Statement
Article 12
Without permission, any company, firm or user shall not alter the frequency, increase the power, or change
the characteristics and functions of the original design of the certified lower power frequency electric
machinery.
Article 14
The application of low power frequency electric machineries shall not affect the navigation safety nor interfere
a legal communication, if an interference is found, the service will be suspended until improvement is made
and the interference no longer exists.
313
4. DSR-150N
Federal Communication Commission Interference Statement
Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, uses and can radiate radio frequency
one of the following measures:

connected.
FCC Caution:
Any changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate this equipment. This device complies with Part 15 of the FCC Rules. Operation is
subject to the following two conditions:
(1) This device may not cause harmful interference, and

(2) this device must accept any interference received, including interference that may cause undesired
operation.
IMPORTANT NOTE:
FCC Radiation Exposure Statement:

This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This
equipment should be installed and operated with minimum distance 20cm between the radiator & your body.
The availability of some specific channels and/or operational frequency bands are country dependent and are
firmware programmed at the factory to match the intended destination. The firmware setting is not accessible
by the end user.
Note: The country code selection is for non-US model only and is not available to all US model. Per FCC
regulation, all WiFi product marketed in US must fixed to US operation channels only..

This device complies with the essential requirements of the R&TTE Directive 1999/5/EC. The following test
methods have been applied in order to prove presumption of conformity with the essential requirements of the
R&TTE Directive 1999/5/EC:
EN 60950-1:
Safety of Information Technology Equipment
EN50385 : (2002-08)
Product standard to demonstrate the compliance of radio base stations and fixed terminal stations for wireless
telecommunication systems with the basic restrictions or the reference levels related to human exposure to
radio frequency electromagnetic fields (110MHz - 40 GHz) - General public
EN 300 328 V1.7.1: (2006-10)

Electromagnetic compatibility and Radio spectrum Matters (ERM); Wideband Transmission systems; Data
transmission equipment operating in the 2,4 GHz ISM band and using spread spectrum modulation
techniques; Harmonized EN covering essential requirements under article 3.2 of the R&TTE Directive
EN 301 489-1 V1.8.1: (2008-04)
314
Electromagnetic compatibility and Radio Spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC)
standard for radio equipment and services; Part 1: Common technical requirements
EN 301 489-17 V2.1.1 (2009-05)

Electromagnetic compatibility and Radio spectrum Matters (ERM); ElectroMagnetic Compatibility (EMC)
standard for radio equipment; Part 17: Specific conditions for Broadband Data Transmission Systems
states and EFTA countries, except in France and Italy where restrictive use applies.
In Italy the end-user should apply for a license at the national spectrum authorities in order to obtain
authorization to use the device for setting up outdoor radio links and/or for supplying public access to
telecommunications and/or network services.
This device may not be used for setting up outdoor radio links in France and in some areas the RF output
power may be limited to 10 mW EIRP in the frequency range of 2454 – 2483.5 MHz. For detailed
information the end-user should contact the national spectrum authority in France.
Česky [Jméno výrobce] tímto prohlašuje, že tento [typ zařízení] je ve shodě se základními
Dansk Undertegnede [fabrikantens navn] erklærer herved, at følgende udstyr [udstyrets
[Danish] typebetegnelse] overholder de væsentlige krav og øvrige relevante krav i direktiv
1999/5/EF.
Deutsch Hiermit erklärt [Name des Herstellers], dass sich das Gerät [Gerätetyp] in
[German] Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen
Bestimmungen der Richtlinie 1999/5/EG befindet.
Eesti Käesolevaga kinnitab [tootja nimi = name of manufacturer] seadme [seadme tüüp = type of
[Estonian] equipment] vastavust direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist
tulenevatele teistele asjakohastele sätetele.
English Hereby, [name of manufacturer], declares that this [type of equipment] is in compliance
with the essential requirements and other relevant provisions of Directive 1999/5/EC.
Español Por medio de la presente [nombre del fabricante] declara que el [clase de equipo] cumple
[Spanish] con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de
la Directiva 1999/5/CE.
Ελληνική ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ [name of manufacturer] ΔΗΛΩΝΕΙ ΟΤΙ [type of equipment]
[Greek] ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ
ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999/5/ΕΚ.
Français Par la présente [nom du fabricant] déclare que l'appareil [type d'appareil] est conforme aux
[French] exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.
Italiano Con la presente [nome del costruttore] dichiara che questo [tipo di apparecchio] è
[Italian] conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva
1999/5/CE.
Latviski Ar šo [name of manufacturer / izgatavotāja nosaukums] deklarē, ka [type of equipment /
[Latvian] iekārtas tips] atbilst Direktīvas 1999/5/EK būtiskajām prasībām un citiem ar to saistītajiem
noteikumiem.
Lietuvių Šiuo [manufacturer name] deklaruoja, kad šis [equipment type] atitinka esminius
[Lithuanian] reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas.
Hierbij verklaart [naam van de fabrikant] dat het toestel [type van toestel] in
Nederlands overeenstemming is met de essentiële eisen en de andere relevante bepalingen van
[Dutch] richtlijn 1999/5/EG.
Malti Hawnhekk, [isem tal-manifattur], jiddikjara li dan [il-mudel tal-prodott] jikkonforma mal-
[Maltese] ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC.
315
Magyar Alulírott, [gyártó neve] nyilatkozom, hogy a [... típus] megfelel a vonatkozó alapvetõ
[Hungarian] követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
Polski Niniejszym [nazwa producenta] oświadcza, że [nazwa wyrobu] jest zgodny z zasadniczymi
Português [Nome do fabricante] declara que este [tipo de equipamento] está conforme com os
[Portuguese] requisitos essenciais e outras disposições da Directiva 1999/5/CE.
Slovensko [Ime proizvajalca] izjavlja, da je ta [tip opreme] v skladu z bistvenimi zahtevami in ostalimi
[Slovenian] relevantnimi določili direktive 1999/5/ES.
Slovensky [Meno výrobcu] týmto vyhlasuje, že [typ zariadenia] spĺňa základné požiadavky a všetky
[Slovak] príslušné ustanovenia Smernice 1999/5/ES.
Suomi [Valmistaja = manufacturer] vakuuttaa täten että [type of equipment = laitteen
[Finnish] tyyppimerkintä] tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä
koskevien direktiivin muiden ehtojen mukainen.
Svenska Härmed intygar [företag] att denna [utrustningstyp] står I överensstämmelse med de
[Swedish] väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv
1999/5/EG.
Industry Canada statement:

conditions:
(1) This device may not cause harmful interference, and

(2) This device must accept any interference received, including interference that may cause undesired
operation.
Ce dispositif est conforme à la norme CNR-210 d'Industrie Canada applicable aux appareils radio exempts
de licence. Son fonctionnement est sujet aux deux conditions suivantes: (1) le dispositif ne doit pas produire
de brouillage préjudiciable, et (2) ce dispositif doit accepter tout brouillage reçu, y compris un brouillage
susceptible de provoquer un fonctionnement indésirable.
Radiation Exposure Statement:

This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment. This
equipment should be installed and operated with minimum distance 20cm between the radiator & your body.
Déclaration d'exposition aux radiations:

Cet équipement est conforme aux limites d'exposition aux rayonnements IC établies pour un environnement
non contrôlé. Cet équipement doit être installé et utilisé avec un minimum de 20 cm de distance entre la
source de rayonnement et votre corps.
Wall-Mount Option
The Router has four wall-mount slots on its bottom panel.
Before you begin, make sure you have two screws that are size #4 - this indicates a diameter measurement
of 0.112inches (2.845mm).
1. Determine where you want to mount the Router.

2. Drill two holes into the wall. Make sure adjacent holes are 2.36 inches (60mm) apart.
3. Insert a screw into each hole, and leave 0.2inches (5mm) of its head exposed.
4. Maneuver the Router so the wall-mount slots line up with the two screws.
5. Place the wall-mount slots over the screws and slide the Router down until the screws fit snugly into the
wall-mount slots.
316

DSR 1000N Manual 2 02 EN

Uploaded by

Copyright:

Available Formats

DSR 1000N Manual 2 02 EN

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DSR 1000N Manual 2 02 EN

Uploaded by

Copyright:

Available Formats

User Manual

Unified Services Router

Unified Services Router

Chapter 2. Configuring Your Network: LAN Setup ............................................................................. 13

Chapter 3. Connecting to the Internet: WAN Setup ........................................................................... 43

3.7 WAN3 (3G) Configuration ...................................................................................... 82

Chapter 4. Wireless Access Point Setup ............................................................................................. 86

Chapter 5. Securing the Private Network .......................................................................................... 105

Chapter 6. IPsec / PPTP / L2TP VPN ................................................................................................ 137

6.4 PPTP / L2TP Tunnels ........................................................................................... 146

Chapter 7. SSL VPN ............................................................................................................................. 157

Chapter 8. Advanced Configuration Tools ......................................................................................... 180

Chapter 9. Administration & Management ......................................................................................... 198

9.8 Upgrading Router Firmware via USB................................................................. 215

Chapter 10. Router Status and Statistics ............................................................................................. 222

Chapter 11. Trouble Shooting ................................................................................................................ 233

Chapter 12. Credits ................................................................................................................................. 239

Appendix A. Glossary .............................................................................................................................. 240

Appendix B. Factory Default Settings ................................................................................................... 243

Appendix D. Log Output Reference ....................................................................................................... 245

Appendix E. RJ-45 Pin-outs.................................................................................................................... 300

Appendix F. New Wi Fi Frequency table ( New appendix section ) ................................................. 301

Appendix G. Product Statement ............................................................................................................. 304

Figure 67: Custom Services configuration ............................................................................................ 120

Figure 99: User group configuration ...................................................................................................... 160

 Superior Wireless Performance

 Flexible Deployment Options

branch office connectivity through encrypted virtual links. The DSR-150/150N,

1.1 About this User Manual

1.2 Typographical Conventions

o Model numbers DSR-500/500N/1000/1000N/250/250N/150/150N

 GUI Menu Path/GUI Navigation – Monitoring > Router Status

 Default login credentials for the management GUI:

2.1 LAN Configuration

To configure LAN Connectivity, please follow the steps below:

 IP address (factory default: 192.168.10.1).

 Subnet mask (factory default: 255.255.255.0).

2. In the DHCP section, select the DHCP mode:

 None: the router’s DHCP server is disabled for the LAN

 If DHCP is being enabled, enter the following DHCP server parameters:

3. In the DNS Host Name Mapping section:

 Host Name: Provide a valid host name

 IP address: Provide the IP address of the host name,

4. In the LAN proxy section:

5. Click Save Settings to apply all changes.

Figure 1: Setup page for LAN TCP/IP settings ( a)

Figure 2: Setup page for LAN TCP/IP settings (b)

2.1.1 LAN DHCP Reserved IPs

The actions that can be taken on list of reserved IP addresses are:

Select: Selects all the reserved IP addresses in the list.

Delete: Deletes the selected IP address reservation(s)

Figure 3: LAN DHCP Reserved IPs

2.1.2 LAN DHCP Leased Clients

Figure 4: LAN DHCP Leased Clients

2.1.3 LAN Configuration in an IPv6 Network

The following settings are used to configure the DHCPv6 server:

 The domain name of the DHCPv6 server is an optional setting

IPv6 Address Pools

 Prefix Length: Length prefix address