(June 2008 TO December 2008)

ON SIX MONTHS INDUSTRIAL TRAINING

AT

Tulip Telecom Limited

Submitted in partial fulfillment of the requirements

For the award of the degree of
Bachelor of Technology [B.TECH]

SUBMITTED TO: SUBMITTED BY:

Mr. Parikshit Pravesh
(HOD Computer Deptt.) CSE – 7th Semester
510031259

PUNJAB COLLEGE OF
ENGINEERING & TECHNOLOGY
 [Affiliated to Punjab Technical University]

“VPN
TECHNOLOGY”
An Integral Part
Of Networking
 CERTIFICATE

This is to certify that the dissertation/project report (Course code) entitled

“VPN TECHNOLOGY-An Integral Part Of Networking” done by Mr.

PRAVESH Enrollment No. 510031259 is an authentic work carried out by him at

“TULIP TELECOM LTD”, under my guidance. The matter embodied in this

project work has not been submitted earlier for the award of any degree or diploma

to the best of my knowledge and belief.

Date: Signature of

the Guide

For Tulip

Telecom Ltd.
 Self Certificate

This is to certify that dissertation/project report entitled “VPN TECHNOLOGY-

An Integral Part Of Networking” done by me is an authentic work carried out for

the partial fulfillment of the requirements for the award of the degree of

B.TECH[CSE] under the guidance of Mr. .ANURAG SOOD & Mr.

DARSHAN PATHAK.

The matter embodied in this project work has not been submitted earlier for award

of any degree or diploma to the best of my knowledge and belief.

PRAVESH

510031259
 ACKNOWLEDGEMENT

This Industrial Training project is not the result of only my hard work but
there are so many peoples are involved in this project. I greatly and heartily thanks
to all of them for their contribution in this project. Special thanks to my talented and
polite guides Mr. Anurag Sood, Mr. Darshan Pathak & Mr. Bhanu Sharma without
them the my training would not be successful. They worked on this project as
developmental editor and advisor and offered their help generously when needed in
every aspect of my training. Thanks for their technical help for scrutinizing every
problem I faced during this tenure of training. To the guide colleges who has done
more than I can guess to keep this project in order and on schedule. I wish them
luck with their lives, and hope we will meet soon in a future project.

Finally, this project is completed with the Bless of Almighty God and my Parents
affections and my faith in God.
 PREFACE

This work has been done as a part of industrial training. This Purpose of industrial
training is to familiarize the students with the present working environment in
country and outside

To provide the students with the opportunity to study the latest technical trends
those have been established as well as one that what they are learning during the
period of industrial training will certainly help them to develop their potential and
technical skills.

As part of our industrial training we undertook a project in WAN

CONNECTIVITY THROUGH VPN, Chandigarh. During our stay here we learnt
how an actual project progress and what sort of problems that actually occur
throughout the project.

At last with all my sincere gratitude we would like to thank my friends

and project guide for their efforts to help in development of project.
 Introduction and Background

About TULIP TELECOM Ltd.

Tulip Telecom Ltd is an INDIA based data communication services

provider company. Tulip’s product port folio includes network integration,
which not only includes designing and developing networks for its clients but
also managing them.

Besides this Tulip is also engaged in wireless connectivity which provides a

range of point to point and point to multi-point wireless applications. Tulip’s
network covers more than 1,000 cities and towns, has over 50,000 links for
approximately more than 600 customers that include organizations across
all verticals such as BFSI, telecom, logistics, retail, the government and
manufacturing.

What adds to the company’s credibility is the quality of the network it has
been successful in providing to the interiors of many states. Tulip’s worth
mentioning Akshaya project in Malappuram district of Kerala is based on
last mile connectivity model which provides an area wide data connectivity
network with an always-on internet model that runs on fiber and reaches
connectivity to the last mile on wireless in much less cost and time.
According to a Frost and Sullivan report, Tulip Telecom is the largest
MPLS VPN service provider with a market share of 28%.

Tulip was also short-listed as one of the 6 finalists in the Asia Innovation
Awards by the Wall Street Journal at GES Singapore for its innovative use
of wireless on the Last Mile
Tulip Connect

We provide both inter-city as well as intra-city connectivity based upon the clients’
requirements.

Tulip inter-city network is based on optical fiber cable provided by multiple service
providers. The network is created in mesh architecture so that if any link does fail,
there are multiple alternate routes available. Consequently, Tulip network has an
inbuilt redundancy and provides the highest levels of uptime. In addition, Tulip has
expanded its network reach to more than 300 cities in India and thus we can provide
you connectivity anywhere in India.

The last mile connectivity is entirely based on wireless, using radio frequency
technology in Point-to-Point and Point-to-Multipoint applications. Licensed
frequencies are in major cities to overcome the interference issues.

 Highest levels of uptime with built-in redundancies

 One of the largest networks in the country
 Bandwidth on demand, upgrade in minutes
 Managed MPLS enabled network
 Immediate connectivity and co-location services
 World class design, converged voice, data, video network
 Single point for bandwidth and network equipment
Prestigious Clients

Our list of clients includes prestigious companies like the largest banks, service
providers, media companies, government enterprises, call centers / BPO's and
corporates.

Rural Connectivity
Tulip IT Services was selected as the service provider for Malappuram after
they came up with a cost-effective and terrain-friendly last-mile solutions for
the Akshaya Internet community centres housed there.

All the options for connectivity, like fiber, cable and leased line, were
explored by the state. Given the undulating hilly and highly vegetated terrain
of the place, wireless emerged as the most feasible option in terms of cost
and logistics in the deployment of the network.

Malappuram now has a well-considered hybrid connectivity infrastructure,

through a mix of wireless technologies like WipLL, Vine and 802.11.b WiFi
with multiple redundancies. The backbone redundancy was provided
through fiber.

The 550 Akshaya e-centres are connected in a LAN environment, which, in

turn, are connected to a Network Operating Centre (NOC). The NOC have
direct connectivity with the Internet backbone. The NOC infrastructure would
ensure browsing at no cost to users in the network. This would mean that
the entire district is converted into "a small wired office" seamlessly inter-
connected with linkages to three world-class purveyors of the technology.
Each Akshaya centre now caters to the needs of 1,000-1,500 households,
enabling each to benefit from the advantages of Internet connectivity. The
Malappuram experiment is only a pilot, to be replicated in phases over the
entire State. As the locations of these centres are strategically planned and
spatially distributed, they will form a powerful network to guide and support
the e-governance initiatives, community development interventions, e-
commerce and information dissemination. The connectivity infrastructure
which is established through the Akshaya project, i.e., network and
backbone, network centre, software, Internet access and management, can
also be used to connect, apart from Akshaya centres, all panchayat offices,
village offices and departmental offices spread across the district.
GENERAL BUSINESS PERCENATAGE
 Abstract

VPN stands for “VIRTUAL PRIVATE NETWORK”.

“VPN SYSTEM” as the name says is :

1) Network: topology where various hosts are physically connected to

each other.
2) Virtual: it ia virtual because hosts are not physically connected but,

connected virtually using WIRELESS Systems.

3) Private: it is private because all the clients feels as the whole network

is configured privately only for their usage which is actually not true.

Hence VPN system is combination of all the above three aspects of

networking.

This VPN application is a complete solution for Clients specially using

distributive system environment where the Client keeps track of details
regarding his / her remote location sites/offices to the Head-office site.

This application can be used in two ways:

1) Point-to-Point: where there is direct link b/w two sites of client the

service provider has no interference in this type of connectivity.

2) Multi-Point: where there is connectivity of many clients from a

particular location all sharing some allotted bandwidth.

Using VPN connectivity Client can access directly to all remote location
same as they would have accessed it while physically present there.
 INTRODUCTION TO VPN
The World has changed a lot in the last couple of decades. Instead of
simply dealing with local or regional concerns, many businesses now
have to think about global markets and logistics. Many companies
have facilities spread out across the country or around the world, and
there is one thing that all of them need: A way to maintain fast, secure
and reliable communication wherever their offices are.

Virtual Private Network

Image courtesy Cisco Systems, Inc.

A typical VPN might have a main LAN at the corporate headquarters of

a company, other LANs at remote offices or facilities and individual
users connecting from out in the field.
Until fairly recently, this has meant the use of leased lines to maintain a
Wide Area Network (WAN). Leased lines, ranging from ISDN (Integrated
Services Digital Network, 128 Kbps) to OC3 (Optical Carrier-3, 155 Mbps)
fiber, provided a company with a way to expand its private network beyond
its immediate geographic area. A WAN had obvious advantages over a
public network like the Internet when it came to reliability, performance and
security. But maintaining a WAN, particularly when using leased lines, can
become quite expensive and often rises in cost as the distance between the
offices increases.

As the popularity of the Internet grew, businesses turned to it as a means of

extending their own networks. First came Intranets, which are password-
protected sites designed for use only by company employees. Now, many
companies are creating their own VPN (virtual private network) to
accommodate the needs of remote employees and distant offices.

Basically, a VPN is a private network that uses a public network (usually the
Internet) to connect remote sites or users together. Instead of using a
dedicated, real-world connection such as leased line, a VPN uses "virtual"
connections routed through the Internet from the company's private network
to the remote site or employee. In this article, you will gain a fundamental
understanding of VPNs, and learn about basic VPN components,
technologies, tunneling and security.
WHAT MAKES A VPN ?

A well-designed VPN can greatly benefit a company. For example, it can:

• Extend geographic connectivity

• Improve security
• Reduce operational costs versus traditional WAN
• Reduce transit time and transportation costs for remote users
• Improve productivity
• Simplify network topology
• Provide global networking opportunities
• Provide telecommuter support
• Provide broadband networking compatibility
• Provide faster ROI (return on investment) than traditional WAN

What features are needed in a well-designed VPN? It should incorporate:

• Security
• Reliability
• Scalability
• Network management
• Policy management

TYPES OF VPN
 Examples of the three types of VPN

There are in general two types of VPN:

1) Remote Access VPN

2) Site-to-Site VPN

SITE-TO-SITE VPN is further classified as:

1) INTERNET VPN

2) INTRANET VPN
 Remote-Access VPN
.

Remote-access, also called a virtual private dial-up network (VPDN), is

a user-to-LAN connection used by a company that has employees who
need to connect to the private network from various remote locations.
Typically, a corporation that wishes to set up a large remote-access VPN
will outsource to an Enterprise Service Provider (ESP). The ESP sets up
a Network Access Server (NAS) and provides the remote users with
desktop client software for their computers. The telecommuters can then
dial a toll-free number to reach the NAS and use their VPN client software to
access the corporate network.

Site-to-Site VPN

Through the use of dedicated equipment and large-scale encryption, a

company can connect multiple fixed sites over a public network such as the
Internet. Site-to-site VPNs can be one of two types:
• Intranet-based - If a company has one or more remote
locations that they wish to join in a single private network, they
can create an intranet VPN to connect LAN to LAN.
• Extranet-based - When a company has a close relationship
with another company (for example, a partner, supplier or
customer), they can build an extranet VPN that connects LAN to
LAN, and that allows all of the various companies to work in a
shared environment.
 VPN SECURITY

As we know that security is very important for any system in such way VPN
system is also uses many security techniques. A well-designed VPN uses
several methods for keeping your connection and data secure:

• Firewalls
• Encryption
• IPSec
• AAA Server

FIREWALLS

A Firewall provides a strong barrier between your private network and the
Internet. You can set firewalls to restrict the number of open ports, what
type of packets are passed through and which protocols are allowed
through. Some VPN products, such as CISCO 1700 series router, can be
upgraded to include firewall capabilities by running the appropriate Cisco
IOS on them. You should already have a good firewall in place before you
implement a VPN, but a firewall can also be used to terminate the VPN
sessions
 ENCRYPTION

Encryption is the process of taking all the data that one computer is sending
to another and encoding it into a form that only the other computer will be
able to decode. Most Computer encryption techniques belong to one of two
categories:

• Symmetric-key encryption
• Public-key encryption
•

In symmetric-key encryption, each computer has a secret key (code) that

it can use to encrypt a packet of information before it is sent over the
network to another computer. Symmetric-key requires that you know which
computers will be talking to each other so you can install the key on each
one. Symmetric-key encryption is essentially the same as a secret code that
each of the two computers must know in order to decode the information.
The code provides the key to decoding the message. Think of it like this:
You create a coded message to send to a friend in which each letter is
substituted with the letter that is two down from it in the alphabet. So "A"
becomes "C," and "B" becomes "D". You have already told a trusted friend
that the code is "Shift by 2". Your friend gets the message and decodes it.
Anyone else who sees the message will see only nonsense.
Public-key encryption uses a combination of a private key and a public
key. The private key is known only to your computer, while the public key is
given by your computer to any computer that wants to communicate
securely with it. To decode an encrypted message, a computer must use
the public key, provided by the originating computer, and its own private
key. A very popular public-key encryption utility is called Pretty Good
Privacy (PGP), which allows you to encrypt almost anything. You can find
out more about PGP at thr PGP site.

IPSec
Internet Protocol Security Protocol (IPSec) provides enhanced security
features such as better encryption algorithms and more comprehensive
authentication.

Photo courtesy Cisco Systems, Inc.

A remote-access VPN utilizing IPSec

IPSec has two encryption modes: tunnel and transport. Tunnel encrypts
the header and the payload of each packet while transport only encrypts the
payload. Only systems that are IPSec compliant can take advantage of this
protocol. Also, all devices must use a common key and the firewalls of each
network must have very similar security policies set up. IPSec can encrypt
data between various devices, such as:

• Router to router
• Firewall to router
• PC to router
• PC to server

AAA Servers
AAA (authentication, authorization and accounting) servers are used for
more secure access in a remote-access VPN environment. When a request
to establish a session comes in from a dial-up client, the request is proxied
to the AAA server. AAA then checks the following:

• Who you are (authentication)

• What you are allowed to do (authorization)

• What you actually do (accounting)

The accounting information is especially useful for tracking client use for
security auditing, billing or reporting purposes.

CONCEPT OF TUNNELING
Most VPNs rely on tunneling to create a private network that reaches
across the Internet. Essentially, tunneling is the process of placing an entire
packet within another packet and sending it over a network. The protocol of
the outer packet is understood by the network and both points, called
tunnel interfaces, where the packet enters and exits the network.

Tunneling requires three different protocols:

• Carrier protocol - The protocol used by the network that the

information is travelling over

• Encapsulating protocol - The protocol (GRE, IPSec, L2F,

PPTP, L2TP) that is wrapped around the original data

• Passenger protocol - The original data (IPX, NetBeui, IP)

being carried

Tunneling has amazing implications for VPNs. For example, you can place
a packet that uses a protocol not supported on the Internet (such as
NetBeui) inside an IP packet and send it safely over the Internet. Or you
could put a packet that uses a private (non-routable) IP address inside a
packet that uses a globally unique IP address to extend a private network
over the Internet.
 A Tunneling Demonstration

Site-to-Site Tunneling

In a site-to-site VPN, GRE (generic routing encapsulation) is normally the

encapsulating protocol that provides the framework for how to package the
passenger protocol for transport over the carrier protocol, which is typically
IP-based. This includes information on what type of packet you are
encapsulating and information about the connection between the client and
server. Instead of GRE, IPSec in tunnel mode is sometimes used as the
encapsulating protocol. IPSec works well on both remote-access and site-
to-site VPNs. IPSec must be supported at both tunnel interfaces to use

Remote-Access Tunneling
In a remote-access VPN, tunneling normally takes place using PPP. Part of
the TCP/IP stack, PPP is the carrier for other IP protocols when
communicating over the network between the host computer and a remote
system. Remote-access VPN tunneling relies on PPP.

Each of the protocols listed below were built using the basic structure of
PPP and are used by remote-access VPNs.

• L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use

any authentication scheme supported by PPP.
• PPTP (Point-to-Point Tunneling Protocol) - PPTP was
created by the PPTP Forum, a consortium which includes US
Robotics, Microsoft, 3COM, Ascend and ECI Telematics. PPTP
supports 40-bit and 128-bit encryption and will use any
authentication scheme supported by PPP.
• L2TP (Layer 2 Tunneling Protocol) - L2TP is the product of a
partnership between the members of the PPTP Forum, Cisco
and the IETF (Internet Engineering Task Force). Combining
features of both PPTP and L2F, L2TP also fully supports IPSec.
L2TP can be used as a tunneling protocol for site-to-site VPNs
as well as remote-access VPNs. In fact, L2TP can create a
tunnel between:
• Client and router
• NAS and router
• Router and router
 The truck is the carrier protocol, the box is the
encapsulating protocol and the computer is the
passenger protocol.

Think of tunneling as having a computer delivered to you by UPS. The

vendor packs the computer (passenger protocol) into a box (encapsulating
protocol) which is then put on a UPS truck (carrier protocol) at the vendor's
warehouse (entry tunnel interface). The truck (carrier protocol) travels over
the highways (Internet) to your home (exit tunnel interface) and delivers the
computer. You open the box (encapsulating protocol) and remove the
computer (passenger protocol). Tunneling is just that simple!
 DELHI INTER POP CONNECTIVITY

5 .3 GH Z IN FINE T 5.3 G HZ, RA DW I N

5 .3 GHZ R AD W I N
JA N AKP U RI

PITAMP.
5.3 G HZ, IN FINE T

C ELE BRITY 5.3 G HZ,

INFI NE T B K P 2 .7 GH Z
13G HZ
W IT CO M FIBE R A IRSP AN
BH IKAJI
5.1G HZ
Met ro N EHR U PLAC E INFI NE T
Eth ern e t

G H ITTO R N I 2 .7 GH Z 1 3G H Z
A IRSP AN
Lajp atN ag ar
W ITCO M

2.7 G HZ,
FIBE R A IRS P A N

RF BA CK UP
TU LIP OKH LA
M E TRO E TH E RN E T 5 .3 GH Z
R A DW IN
N FC
R aje ndr apla c e CP

RA JIN D RA PL A CE
 LIFE CYCLE OF VPN CONNECTIVITY

1. CUSTOMER REQUIRMENT.

2. SURVEY

3. ANALYSIS BY PROJECT TEAM

4. LINK INSTALLATION BY ENGG.

5. TUNNEL CREATION BY NOC (NETWORK OPERATION CONTROL)

6. LOAD TESTING & CUSTOMER ACCEPTANCE

Customer Requirement

Every system has a life cycle so as that VPN too have a life cycle the life
cycle of any VPN begins with customer requirement face. Generally the
requirement of the customer is of two types

a) If a company has one or more remote locations that they wish to join in a
single private network, they can create an intranet VPN to connect LAN to
LAN

b) When a company has a close relationship with another company (for

example, a partner, supplier or customer), they can build an extranet VPN
that connects LAN to LAN, and that allows all of the various companies to
work in a shared environment.

Depending on the requirement tulip send its sales person for further queries.
Like that of the bandwidth required, what kind of data transfer will it be
voice or simple file transfer, or he wants to run a application like SAP or
other. Sales officer tells the approximations of the link installation. And he
forwards a report to the back office for the survey report. Then afterwards
the project manager decides the team size to implement the different links .

After this team is decided which includes engineers and riggers .

CASE STUDIES
OF WORK
PERFORMED IN
INDUSTRIAL
TRAINING AT
TULIP TELECOM
LIMITED.
SUBMITTED BY: PRAVESH
 CASE STUDIES

The following is the CASE STUDIES of the various work performed in

the period of Industrial Training (w.e.f 08 ) at TULIP TELECOM
LIMITED.

The followed is the details of all the work performed at both client as
well as Tulip Side.

The work at TULIP is of following types :

1) New Installation.

2) Trouble-Shooting the installed Link at Client Side.

3) Inspection of the CPE (Client Premises Equipments).

4) VOIP PHONES

5) VIDEO CONFRENSING
New Installation :

New installation includes installing all the equipments i.e

1) Subscriber Premises Radio (SPR) / Modem.

2) Router (CISCO or HUEWII mainly)

3) Power Over Ethernet (PoE)

4) Antenna and Feeder(2.7MHz or 5.3 MHz)

TROUBLE-SHOOTING :

Trouble-shooting includes the checking of the system and diagnosing

the reasons for the fault which causes the malfunctioning the link at
client side.

There can be many reasons of malfunctioning of the link at client side.

Some of them is specified below:

1) Wireless connectivity affected due to bad alignment of the

antenna because the Wireless System work on Radio Frequency
(RF) which uses LINE -OF-SIGHT for connectivity.

2) There can be seepage of water in Pictal which causes carbon

deposition on the pin of cable hence disconnecting the link.

3) Frequency Interference.

4) Conflicting IP.

5) Cable Breakage and Hanging of Equipments due to Bad

Environmental Condition.

INSPECTION OF CPE :

Inspection includes checking the Client Side Equipments (CPE)

regularly for their better working of Link.
Following is the work done while performing inspection at client site :

1) The inspection procedure includes checking the earthing voltage

at client premises.

2) Checking the condition of equipments whether the are well

maintained or not.

3) Checking the bandwidth given to the client and IP Schema of the

client.

4) Checking whether the physical topology of the equipments is as

per the Network Diagram i.e. First Modem, than Router, than to
switch and finally towards the LAN.
FIREPRO WIRELESS MODEMS

Firepro is an emerging leader of Point-to-Multipoint (PtMP) Fixed

Firepro deliver Point-to-Multipoint and point-to-point solutions for both licensed and unlicensed spectrums. We also
provide breakthrough in self-install, scalability, Non-Line-Of-Sight (NLOS) coverage, State of the art QoS, Video, VoIP
and various other applications.....

Multiple Configuration Options

Supports Multiple Applications
Modular Design
Dual Band Radio
WINBOX : SOFTWARE REQUIRED FOR CONFIGURATION OF FIREPRO
MODEM
CONFIGURATION:

THIS IMAGE SHOWS ALL THE CONFIGURATION OF THE MODEM

BANDWIDTH

THIS IMAGE REPRESENTS THE BANDWIDTH OF THE MODEM

 Link installation

Based on the survey report recommendation link installation phase begins

in following steps

1. Type of modem to be used.

2. Antenna required

Installation of Airspan Modem

BSR

The BSR, installed at the Base Station, is an encased outdoor radio module
providing a 9 pin D-type port for

RS-232 serial interface and a 15 pin D-type port for data, synchronization,
and power interfaces. The BSR is available in two models: BSR with an
integral antenna (BSR 900 MHz TDD V-pol); BSR with two N-type ports
(displayed below) for attaching up to two external antennas (BSR 900 MHz
TDD Dual Ext).
SPR
The SPR is an encased CPE outdoor radio module providing access to a 15 pin D-
type port for Ethernet, serial, and power interfaces. The SPR model is available in
two models: SPR with an integral antenna (SPRL
900MHz TDD V-pol) and SPR with an N-type port for attaching an external antenna
(SPR 900MHz TDD Ext).
Site preparation and planning

When preparing and planning the site, ensure the following:

1. Minimum obstructions (e.g. buildings) in the radio path between the Base
Station radio (i.e. BSR) and the
subscriber radios (i.e. SPR/IDR).

2. Minimum incursions on Fresnel Zone (recommended minimum of 60%

clearance of first Fresnel Zone).
-Minimum multipath fading: Some of the transmitted signals may be
reflected from a nearby building, by
water under the signal path, or from any other reflectors. This reflected
("bounced") signal can then be
received by the radio receiving the signal and superimposed on the main
received signal, thereby,
degrading the signal strength. Airspan recommends installing the outdoor
radios at the rear of the
building’s roof instead of the front. When you install at the rear, the front of
the building blocks incoming
signals from multipath reflections.
- Clean frequencies selected from Spectrum Analyzer results (see Chapters
9 and 13).

- Maximum received signal strength (RSS) at CPE by antenna alignment:

For the IDR, RSS can be
measured by the IDR's built-in RSS LEDs; for the SPR, RSS can be
measured by Airspan’s WipConfig
program or by connecting Airspan's RSS LED Plug Adapter.
- Radios are mounted as far as possible from sources of interference that
could degrade performance of
radio. Ensure a minimum of 1-meter separation between co-located outdoor
units.
Radios mounted as high as possible to avoid obstructions and to increase
link quality.
-BSR and SPR/IDR are within maximum range of reception.
-Maximum length of 100 meters CAT-5 cable connecting outdoor radio units
to indoor terminating units.
- Sufficient wiring conduit and cable ties to channel and protect the CAT 5
cable connecting the outdoor
radio to the indoor hub/switch.
- Required power source is available at the site.

External antenna consideration

In some scenarios, where capacity demand is relatively low, external omni-

directional antenna use at the Base
Station may seem attractive. However, it is recommended to avoid using
omni-directional antennas (ifpossible), due to the following disadvantages
that these antennas pose compared to directional antennas:

- Higher sensitivity to external interferences.

- Higher sensitivity to multipath, resulting in the following:

- The root mean square (RMS) delay spread at the Base Station is
substantially higher.

-Multipath interference at the CPE side (when using omni-directional

antenna at the Base Station) is
substantially higher. In fact, when using an omni-directional antenna, the
existence of clear Fresnel
zone between BSR and SPR/IDR is insufficient to eliminate multipath
interference, since multipath, in
this case, can be caused by reflections originating from obstacles outside
the Fresnel zone.

- Higher sensitivity to alignment. Since the omni-directional antenna gain

is achieved by narrowing the vertical beam width, a relatively low deviation
in the antenna alignment will result in severe signal
attenuation

Transmit Power and Cable Loss

Airspan’s AS WipLL radios provide transmit power compensation for power

attenuation caused by cable loss(of cable connecting to external antenna).
Cable loss is the loss of radio transmit (Tx) power as heat, and directly
proportional to cable length and quality, and operating frequency. In
accordance with FCC regulations, when operating in unlicensed bands, the
external antennas must provide an EIRP of ≤ 36 dBm to prevent
Interference with other radios. EIRP is defined as max. Power

To define BSR transmit power taking into consideration cable loss

(using WipManage):
1.In the BSR Zoom window, from the Configuration menu, point to RF, and
then choose Power Settings.
2. Ensure the Power Management Mode Active check box is cleared. On
the Power Level slide ruler, define the BSR’s maximum power level, e.g. 23
dBm.
3. In the Loss Compensation field, enter the power to compensate for
power attenuation due to cable length (i.e. cable loss compensation), e.g. 4
dB.
4. Click Apply, and then reset the BSR to apply the new power settings.
Therefore, taking cable loss into consideration, the total power level of 27
dBm (23 plus 4) is achieved.
Mounting of out door Radio units

Pole Mounting

The BSR and SPR can be pole mounted to avoid radio wave obstructions
between BSR and SPR. The
supplied pole-mounting bracket is designed to support the BSR/SPR on a
round pole of 45mm diameter.

To pole mount the BSR/SPR

1. Attach the mounting bracket to the BSR/SPR using two stainless steel bolts.

2. Attach the clamping bracket to the mounting bracket using two M8-stainless steel
bolts.

3. Attach the Clamping bracket to the pole by placing the two U-bolts around the pole,
and then inserting the U-bolt through the Clamping bracket and securing it by screwing
the two bolts on the U-bolt.

4. Adjust the vertical position of the BSR/SPR. Lock the BSR/SPR at the desired position
by inserting the locking bolt in the desired position. Once the correct angle has been set
both bolts must be tightened to lock the BSR/SPR bracket in place.

5. Adjust the BSR/SPR horizontal position by rotating the BSR/SPR about the pole, and
then tightens the Ubolt.BSR/SPR positioning is obtained in two planes by adjustment of
the mounting bracket assembly as shown
in the figure below.

Cabling
5
BSR-to-BSDU Cabling

The BSR interfaces with the provider’s backbone through the BSDU (or
SDA). The BSR connects to the BSDU using a CAT 5 cable. (The BSR-
to-SDA cabling is the same as SPR-to-SDA cabling.
Cable connection

1. Connect the 15-pin D-type male connector to the BSR’s 15-pin port.

2. Connect the 15-pin D-type male connector, at the other end of the CAT
5 cable, to one of the BSDU’s 15-pin D-type ports labeled BSR, located on
the BSDU’s rear panel.

SPR-to-SDA Cabling
The SPR interfaces with the subscriber’s Ethernet network (LAN) through
the SDA. The SPR connects to the SDA using a CAT 5 cable.

6
Cable connection

1. Connect the 15-pin D-type male connector, at one end of the CAT 5
cable, to the SPR’s 15-pin port.
2. Connect the 15-pin D-type male connector, at the other end of the CAT
5 cable, to the SDA’s 15-pinD-type
Software Installation

AS WipLL provides two main configuration and management tools:

WipManage and WipConfig. Before
installing these tools, ensure that the following system requirements are
fulfill.

Hardware requirements:

1.CPU 400 MHz minimum (recommended 1,000 MHz or more)

2. RAM 256 MB (recommended 512 MB or more)
3.Display adapter memory 8 MB
4.Graphics 1024 x 768 (recommended 1024 x 768 or more)
5.Minimum free hard disk space 500 MB (recommended 2 GB or more)
6.Network adapter 10/100 Mbps

Software requirements – operating systems:

1.Microsoft™ Windows™ NT 4 work station (English only) SP 3.0 or higher

2.Microsoft™ Windows™ 2000 Professional
3.Microsoft™ Windows™ XP Professional
Initial Configuration

To successfully establish an air and network link between the BSR and
SPRs/IDRs, the following initial configuration settings (using WipConfig)
must exist:

1. Correct IP and subnet addresses configured (according to your

network addressing scheme)
2. Correct BSR's Air MAC address configured for BSR
3. Correct BSR's Air MAC address assigned to SPRs/IDRs
4. Identical frequency table configured for BSR and SPRs/IDRs
5. Identical maximum transmission rate configured for BSR and
SPRs/IDRs
6. dentical mode (i.e. router or bridge) configured for BSR and
SPRs/IDRs

Default settings:-
Airspan’s factory default settings for the AS WipLL devices are listed in the
following table:
BSR Initialization

To perform BSR initial configuration:

1. Connect the PC running WipConfig to the BSR using serial cabling.

2. Start WipConfig.
3. On the toolbar, in the Communication group, select the Serial option, and
then click the Connect button,WipConfig connects to the BSR.
4. Apply factory defaults to the BSR, by performing the following:
a. On the toolbar, click the Set Factory Default button; A Warning
message box appears.
b. Click Yes to confirm applying factory defaults to the BSR; A Warning
message box appears.
c. Click Yes to confirm BSR reset; WipConfig applies the default settings
to the SPR/IDR.
5. From the Mode drop-down list, select Bridge (i.e. for transparent bridge
mode).
6. In the Network Configuration group, enter the following fields:
--Eth IP Address: enter the BSR’s IP address (e.g. 10.0.0.10)
--Eth Subnet Mask: enter the BSR’s subnet address (e.g.
255.255.255.0)
--Default Gateway: enter the BSR’s default gateway’s IP address if
relevant
7. In the RF Configuration group, enter the following fields:

--Air MAC Address: enter the BSR’s Air MAC address (0x0000
through 0xFFFF), e.g. 0x1200
--Frequency Table ID: enter frequency table number used by BSR
(0 through 63)
8. On the toolbar, click the Write button.
9. On the toolbar, click the Reset button to reset the BSR; A Warning
message box appears.
10. Click Yes to confirm BSR reset.

The figure below displays the BSR configured in the bridge mode.
SPR Initialization

To perform SPR/IDR initial configuration:

1. Connect the PC running WipConfig to the SPR/IDR using serial cabling.
2. Start WipConfig.
3. On the toolbar, in the Communication group, select the Serial option, and
then click the Connect button,WipConfig connects to the SPR/IDR.
4. Apply factory defaults to the SPR/IDR, by performing the following:
a. On the toolbar, click the Set Factory Default button; A Warning
message box appears.
b. Click Yes to confirm; A Warning message box appears.
c. Click Yes to confirm SPR/IDR reset; WipConfig applies the
default settings to the SPR/IDR.
5. From the Bridge Mode drop-down list, select Bridge (i.e. transparent
bridge mode).
6. In the Network Configuration group, enter the following fields:--Eth IP
Address: enter the SPR’s/IDR's IP address (e.g. 10.0.0.20)
--Eth Subnet Mask: enter the SPR’s/IDR's subnet address (e.g.
255.255.255.0)
--Default Gateway: enter the SPR’s/IDR's default gateway’s IP
address, if relevant
7. In the RF Configuration group, enter the following fields:
--Index in BSR: enter the SPR’s/IDR's index number to be indexed in
the BSR, e.g. 2
--BSR Air MAC Address: enter the BSR’s Air MAC address to which
the SPR/IDR is associated, e.g.
0x1200
8. On the toolbar, click the Write button to apply the new settings to the
SPR/IDR.
9. On the toolbar, click the Reset button to reset the SPR/IDR. A Warning
message box appears.
10. Click Yes to confirm resetting the SPR/IDR.

The figure below displays the SPR/IDR configured in the bridge mode.
Analyzing the RF Spectrum

Before setting up your wireless link between Base Station and subscribers,
Airspan recommends analyzing the RF spectrum at the
Base Station to select only clear frequency channels (i.e. without
interferences) for building a frequency table for the wireless transmission.

Airspan recommends using frequencies that are approximately 28, 20, and
12 dB above interference levels to effectively operate in 8- (4 Mbps/3
Mbps), 4-(2 Mbps), and 2-level FSK (1.33 Mbps/1 Mbps), respectively.

Accessing the spectrum analyzer:-

You can access the Spectrum Analyzer through either a serial or an IP

network communication mode.

To access the Spectrum Analyzer:

1. Start WipConfig and then connect WipConfig to the BSR by performing

one of the following:
--Serial mode: on the toolbar, select the Serial option, and then click
Connect.
--IP mode: on the toolbar, select the Network option, and then in the
Remote Agent field, enter the ASWipLL device's IP address, and then
click Connect.
2. In the Outlook bar, click the Spectrum Analyzer button; A message box
appears informing you that
the device will lose connection with all other devices.
3. Click OK.

Setting up the spectrum analyzer:-

Before you can start analyzing the spectrum, you need to define various
parameters in the Spectrum Analyzer.

To set up the Spectrum Analyzer:

1. Ensure the Setup tab (located in the top-right pane) is selected.

2. In the Refresh Rate field, enter the rate (in seconds) for polling the
BSR/PPR. (The default is 3 sec aximum is 3600 sec.)
3. In the Number of Sweeps group, select the option for scanning the
frequency range:
--ngle: scans the spectrum only once
--continuous: cyclically scans the spectrum (i.e. repetitively)
--Custom: you can define the number of sweeps (range is 0 through
1,000 sweeps)
4. To change the antenna gain, in the Antenna Gain field, enter the antenna
gain. If you want to restore the BSR’s default antenna gain, click the True
Antenna Gain Value button.
5. To define the frequency range for which you want to analyze, define the
following fields:
--Start Freq: frequency from where you want to scan (i.e. lower
frequency)
--Stop Freq: frequency to where you want to scan (i.e. upper
frequency)
Viewing Results:-

The Spectrum Analyzer results are plotted on the graph as well as displayed
in the Results table (to access the Results table simply click the Results
tab).

The following measurements are displayed:

--Average received signal strength (RSS) per frequency (plotted white

line on the graph)
--Maximum hold received signal strength (RSS) per frequency (plotted
yellow line on the graph)
--Distance (in spectrum RF) that the BSR/PPR can establish a viable
communication link with another transmitter. This is displayed in the
TxRxOffset field.

9
Configuring PC’s IP Address

To establish IP network connectivity between your PC running the NMS

(WipConfig or WipManage) and the AS WipLL devices, you need to
configure your PC's TCP/IP address settings in accordance with your AS

WipLL network's IP addressing scheme:

1.Define PC’s (i.e. Ethernet card) IP address so that it’s in same subnet as
the BSR/BSDU.

2.Configure PC’s default gateway with the IP address of the BSR, or with
the IP address of a router if oneexists between the PC and BSR.

To configure your PC’s IP address settings

1. On the Windows desktop, right-click My Network Places, and then from

the shortcut menu, choose
Properties; The Network and Dial-up Connections folder appears.
2. Right-click the desired connection, and then from the shortcut menu,
choose Properties; The Local Area
Connection Properties dialog box appears.
3. In the Components list, select Internet Protocol (TCP/IP), and then click
Properties; The Internet
Protocol (TCP/IP)
Properties dialog box appears:

4. Select the Use the Following IP Address option, and then enter the
following fields:
--IP Address: PC’s IP address, e.g. 10.0.0.2
--Subnet Mask: PC’s subnet mask address, which must be the same
as the BSR/BSDU (e.g.
255.255.255.0) so that the PC is in the same subnet as the
BSR/BSDU
--Default Gateway: PC’s default gateway, which can be the BSR’s IP
address (e.g. 10.0.0.10), or if a
router exists behind the BSR, then the router’s IP address
5. Click OK.
10
Establishing Link Using WIP manage

Once you have initialized the BSR and SPR/IDR using WipConfig, you need
to add various WipManage elements to establish a viable air and network
link between the BSR and SPR/IDR.

Adding a BS group:-
To add a BS Group:

1. In the Database Tree, right-click , and then from the shortcut menu,

choose Add BS Group.

BS Group Add dialog box appears.

2. In the Group Name field, enter a name for the BS Group, e.g.
“Manhattan_1”, and then click OK.
Adding a BS:-
You can now add a Base Station (BS) to the BS Group you added in the
previous subsection.

To add a BS:
1. In the Database Tree, click the (e.g. “Manahattan_1”) branch to which
you want to add the BS.
2. In the BSs Map view (in the right pane), right-click an empty area, and then from the
shortcut menu choose Add BS; The BS Add dialog box appears.
3. In the BS Name field, enter a name for the BS, e.g. “Times Square”, and then click
OK.

Adding a BSR

You can add up to six BSRs to each BSDU, allowing a maximum of 24

BSRs (6 BSRs x 4 BSDUs) per BS.
In our example, we need to add a BSR with IP address 10.0.0.10.

To add a BSR:
1. In the Database Tree, double-click the (e.g. “Times Square”) branch.

2. Right-click one of the six blue rectangles in the same row as the BSDU to
which you want to add the BSR, and then from the shortcut menu, choose
Add BSR; The BSR-Add dialog box appears.

3. In the Manage IP field, enter the BSR’s IP address, e.g. 10.0.0.10.

4. In the Get Community and Set Community fields, enter the SNMP
community rights.
5. Click OK.
The Permitted SPRs-Add dialog box appears.
2. In the IP Address field, enter the SPR’s/IDR's IP address (e.g. 10.0.0.20).

3. Click OK; The SPR index #2 icon appears green, as shown below,
indicating that a viable air and network link exists with the SPR/IDR. You
can now manage the SPR/IDR.
Testing BSR/SPR Network Link:-

You can test the BSR-SPR/IDR link by pinging the SPR/IDR from a PC
located behind the BSR.

To test the link by pinging:

1.From the PC (IP address 10.0.0.2) behind the BSR, open an MS-DOS
prompt and use the ping – t command to ping the SPR/IDR (IP address
10.0.0.20), e.g. ping 10.0.0.20 – t.
 Installation of Radwin Modem

WinLink-1000 is a carrier-class,high capacity, Point-to-Point broadband wireless

transm ission system .WinLink-1000 combine s legacy TDM and Ethernet services
over 2.4GHz and 5.xGHz license-exemptbands and is suitable for deployment in
FCC, E S T I, or C S A regulated countries. The system provides up to 48 Mbps
wirelesslink and supportsrangesof up to 80 km (50 miles).

Application

Figure1-1 illustratesa typical point-to-point application of two WinLink-1000

units .

Site A Site B
PBX PBX
Up to 80 km (50 miles)

E1/T1 E1/T1

E1/T1 E1/T1

10/100BaseT 10/100 BaseT

WinLink-1000 WinLink-1000

LAN LAN

Figure1-1. TypicalApplication
Features

Wireless Link

WinLink-1000 delivers up to 48 Mbps data rate for Ethernet and E1/T1 traffic. The
systemsupports a variety of spectrum bands and can be configured to operate in
any channel on the band with a carrier step resolution of 5 MHz.
WinLink-1000 operation complie s with E T S I,C S A and the FCC 47CF R Part 15 and
subpartC and E requirements.

WinLink-1000 employsTime Division Duplex (TDD) transmission. This technology

simplifies the installation and configuration procedure.There is no need to plan
and to allocateseparatechannelsfor the uplink and downlink data streams.
Operation over 2.4GHz and 5.x GHz bands is not affected by harsh weather
conditions,such a s fog, heavy rain etc.

LAN Interface
The WinLink-1000 LAN port provide s 10/100B aseT interfaces with
autonegotiation and transparent VLAN support. Traffic handling is provided by a
MAC-levelself-learningbridge.
TDM Interface

The WinLink-1000 TDM interface accepts E 1 or T1 traffic, supporting the

following:
• Unframed operation (E 1 and T1)
• AMI and B8ZS zero suppression(T1).

Figure 1-2. WinLink-1000 Units

Installation and Setup

WinLink-1000 System
WinLink-1000 system compris e sthe following units:
Outdoor Unit (ODU): The ODU has 2 configurations:ODU with integrated
antenna and ODU with N-Type connector for connection to an external antenna.
Both ODU types have the same interface to the IDU. The ODU with integrated
antenna has an enclosedaluminum frame with a front sealedplastic cover,
containing an integrated transceiverwith an antenna,RF module,
modem and standardinterfaces.

ODU includesa power connector,which receives-48 VDC, and R J-45for Ethernet

traffic from the indoor unit (IDU).

The ODU is attachedto a mast using a special mounting kit, which is supplied with
the unit.
Indoor Unit (IDU): There are two types of IDU cages . IDU-E that is a plastic
box of ½ x 19 in. and IDU-C that is basedon a metal 19in. box addressthe
carrier-classapplications.IDU is the interface unit between the ODU and the
user. It converts100–240 VAC to -48VDC, and feeds the ODU by it. The IDU
does not store any configuration data. Therefore,there is no need for additional
configuration of the WinLink-1000 system when replacingan IDU.

Site Requirements and Prerequisites

For the IDU, allow at least90 cm (36 in) of frontal clearancefor operatingand
maintenanceaccessibility.Allow at least10 cm (4 in) clearanceat the rear of the
unit for signal lines and interface cables.
The ambient operatingtemperature should be –45C to 60C/-49F to 140F
(ODU), or -5 C to 45C/23F to 113F (IDU) at a relative humidity of up to
90%, non-condensing.

Before startingthe installation,use the Link BudgetCalculator utility to calculate

expected performance of the link. You can vary parameter inputs to the calculator
to determine the optimum systemconfiguration. The utility is described in

Package Contents

The WinLink-1000 packagesinclude the following items:

ODU Package Containing:

• ODU

• Mast/Wall mounting kit plus mounting instructions

• Winlink-1000 Managerinstallation CD
IDU-E P ackageContents:
• IDU-E
• 110V/240V adaptor

• IDU wall-mountingdrilling template

• SpareR J-45connector

(Optional) IDU-C P ackageContents:

• IDU-C

• For AC model, 110v/240 VAC with 3-prong connector cable

• For DC model, -48 VDC with 3-pin terminal block connector (green)

• IDU standard 1-U, 19” carrier rack

• SpareR J-45connector

Externalantenna (if ordered)

ODU/IDU Cable at length ordered (optional)

Installation and Setup
Physicalinstallationof the WinLink-1000 systeminstallationincludes the following
steps:

1. InstallingODU at both site sof the link.

2. InstallingODU cable and connecting ODU to IDU at both sites.

3. Connectingpower.

4. Installingthe managementprogram on the network managementstation.

5. Running the Installationwizard from the management program.

6. Aligning the ODUs.

 WinLink-1000 with an external antenna

Typical Installation Diagram

5.2 Mounting the ODU

The ODU is the transmittingand receiving element of the WinLink-1000 system.

The ODU can be mounted on a mast or a wall. In both installations, the supplied
mounting kit is used to secure the ODU.
An WinLink-1000 link operatesin pairs of two WinLink-1000 system swith the
sam econfiguration. Both system smust be installed,and the antennas of the
outdoor units mus t be aligned for maximum throughput.

TO MOUNT THE ODU

1. Verify that the ODU mounting brackets are properly grounded.

2. Attach the ODU unit to the mast. Referto for the ODU mounting instructions.

3. Connect the ground cable to the cha ssispoint on the ODU.

4. Attach the ODU cable to the R J-45connector. Refer to for the connector
pinout.

5. Securethe cablesto the mast or brackets using provided UV-rated cable ties.

6. Repeatthe procedure at the remote site.

Connecting the ODU to the IDU

The ODU cable conducts all the user traffic between the IDU and the ODU. The
ODU cable also provides -48 VDC supply to the ODU. The maximum length for
one leg of the ODU cable is 100m (328 ft) in accordance with10/100Base T
standards.
ODU cable is supplied pre-assembl
ed with RJ-45 connectors,at the length
specified when ordering. If the ODU cable w as not ordered, use Cat. 5e shielded
cable, the wiring specificationsare given in

1. Route the cable from the ODU location into the building, leaving some spare.
Securethe cable along its path.
2. Connect the ODU cable to the R J-45connector on the IDU panel designated
WAN. illustratesa typical panel of the IDU-E and IDU-C.

. IDU s connector panels

Connecting the Power

Power is supplied to WinLink-1000 via an external AC/DC

converter,
which receives power from 110–240 VAC source and converts
it to -48

To connectthe power IDU-E:

1. Connect the 2-pin plug of the AC/DC converterto the 2-pin DC power
connector on the IDU-E rear panel.
2. Connect the AC/DC converter 3-prong plug to mains outlet.

To connectthe power for IDU-C:

 For AC power model, connect the AC cable 3-prong plug to mains outlet.
 For DC power model, connect to DC supply on the rack (male connector for
the terminal block is included).

Installing WinLink-1000 Management Software

WinLink-1000 management application is distributed on CD-ROM as an

executablefile. The application has the following PC requirements:

WinLink-1000 Installation and Operation Manual

• Memory: 128 MB RAM

• Disk: 1 GB free hard disk space

• Processor:Pentium 3 or higher

• Network: 10/100BaseTNIC

• Graphics:Card and Monitor that supports1024768 screenresolution with

16
• bit color

• Operating system:Windows 2000/XP

• Microsoft Explorer 5.01 or later.

To install the WinLink-1000 management program:

1. Insert the CD-ROM into your CD-ROM drive.

2. If the installation does not start automatically, run WinLink.exe from the CD-
ROM drive.
3. Follow the on screeninstructionsof the installationwizard to complete setup
of the WinLink-1000 Managementprogram in the desired location.

To perform initial setup:

1. Power up the site A IDU Wait about 1 minute.

2. Power up the site B IDU
3. Connect the managementstation to the LAN.

Any PC running the WinLink-1000 Management application can be used to

configure WinLink-1000 units.

To start WinLink manager

1. From the Start menu, point to Programs, point to WinLInk Manager, and then
click WinLinkManager.
The password/IP requestdialog appears .

Figure2-3. Login S creen

2. Selectthe suitableoption for the IP Addressfield:

Enter the IP addressof the ODU — default value 10.0.0.120.
 Figure2-5. Main Menu

Aligning the WinLink-1000 ODUs

Perform the WinLink-1000 ODU alignment using the Buzzerslocated inside the
ODUs. Alignment of a WinLink-1000 link must be performed by two people
simultaneously,at site A and at site B.

To align the ODUs via ODU Buzzer:

1. Verify that power is connected to the IDUs at both sites.

Do not stand in front of a live radio terminal.

 Warnin 2. Align the site A ODU in the direction of the site B ODU.
3. Align the site B ODU in the direction of the site A ODU
g
4. Alternating between each site, turn each ODU slowly
while listening to the buzzer beep sequence for the Best
S ignal sound, until optimal alignmentis achieved.
5. Securethe site A and site B ODUs to the mast/wall.

6. Monitor the link quality for about 15 minutes to verify stability.

Installing the Link

Installationand definition of all parameters are applied to both sidesof the link.

To install the link:

1. Verify that the management station is properly connectedto the sam eLAN a s
the IDU, and the WinLink Manager application is running.
2. In the toolbar, click the Link Installation button. The
Installationwizard open
 Figure. Link Installation Wizard

3. Click next to proceed with the Installationprocedure.

 Figure. Installation Wizard, System dialog box

Notes
4. Enter a S S ID(SystemID) minimum of eight characters. The ID
is initially
factory set.

 Both site sof a link must always have the sam enumber

5. Enter Link name for the link identification.

6. Enter a name for site 1.

7. Enter a name for site 2.

8. Click Next.
The ChannelSelectdialog box appears

Figure. Installation Wizard, Channel Selectdialog box

9. Selectthe required operating channel.

The pull down list shows the ISM frequenciesavailable.

The Manual option allows you a User defined channel, within the
systemfrequency band.
Selectinga new channelcau s esthe systemquality to change.The quality
bar showsthe adjustment until the systemfinds the best quality link.
10. Click Next.

The R ate Selectdialog box appears lists throughput ratesand capacities.

.

Figure2-10. Installation Wizard, R a tes dialog box

11. Selecta suitable air interface rate accordingto the servicesrequired.

12. Click Evaluate.

13. A question box pops up, askingif you want to re-evaluatethe link.
Click Y es to changethe rate No to keep the existingrate.
Selectinga new rate cause s the system quality to change.The quality bar
showsthe adjustment until the system finds the best quality link.

14. Click Next.

The ServiceParam etersdialog box appears.

Figure2-11. Installation Wizard, S ervices dialog box

15. In the Service dialog box, selectone of the following:

E1/T1 – Select the E1/T1 field, if you intend to transmit E 1/T1 data
andEthernetdata.The EthernetBW field show sthe remaining bandwidth in
Mbpsavailable for Ethernet. The available bandwidth depends on the
number of E1/T1ports selected.

Selectthe Ethernet field, if you intend to transmitEthernetdata only

16. Click Next
The Finish screenappears

Figure2-12. InstallationWizard,Finish Screen

17. Click Finishto complete the installation wizard.

When the wirelesslink is established between the site A and site B units,
the Link Status indication bar of the Main menu is within the green area.

18. Verify that the radio signal strength (RS S ) in the Main menu is
according to expected results.

Connecting the User Equipment.

The IDU-E is a standalone desktop, wall-mounted unit. This unit has
both front and rear panel connections.

The optional IDU-C is a standalonerackmounted unit. This unit has

only front panel connections.illustratesthe typical panelsof the IDUs.
 Cisco Router Configuration

ROUTER AND ITS COMMANDS

There are various types of routers, but the best is delivered by the
CISCO Company. It has various types of series in itself, which is
shown below :
1) THE 800

2) THE 1800
3) THE 2800

4) THE 3800
COMMANDS:

* Router# (type in config t)

Router(config)# (type in line vty 0 4)

Router(config-line)# (type in login)

Router(config-line)# (type in password VTY-Password-here)

This concludes setting your VTY Passwords!

(you can type in Ctrl-Z to go back to plain Enable Mode)

Router(config-line)# Ctrl-Z

Router#

Router>enable

Router#config

Router(config)#hostname N115-7206

N115-7206(config)#interface serial 1/1

N115-7206(config-if)ip address 192.168.155.2 255.255.255.0

N115-7206(config-if)no shutdown

N115-7206(config-if)ctrl-z

N115-7206#show interface serial 1/1

N115-7206#config

N115-7206(config)#interface ethernet 2/3

N115-7206(config-if)#ip address 192.168.150.90 255.255.255.0

N115-7206(config-if)#no shutdown

N115-7206(config-if)#ctrl-z

N115-7206#show interface ethernet 2/3

N115-7206#config

N115-7206(config)#router rip

N115-7206(config-router)#network 192.168.155.0

N115-7206(config-router)#network 192.168.150.0

N115-7206(config-router)#ctrl-z

N115-7206#show ip protocols

N115-7206#ping 192.168.150.1

N115-7206#config

N115-7206(config)#ip name-server 172.16.0.10

N115-7206(config)#ctrl-z

N115-7206#ping archie.au

N115-7206#config

N115-7206(config)#enable secret password

 N115-7206(config)#ctrl-z

N115-7206#copy running-config startup-config

N115-7206#exit

Cisco IOS Modes of Operation

The Cisco IOS software provides access to several different

command modes. Each command mode provides a different group of
related commands.
For security purposes, the Cisco IOS software provides two levels of
access to commands: user and privileged. The unprivileged user
mode is called user EXEC mode. The privileged mode is called
privileged EXEC mode and requires a password. The commands
available in user EXEC mode are a subset of the commands
available in privileged EXEC mode.
The following table describes some of the most commonly used
modes, how to enter the modes, and the resulting prompts. The
prompt helps you identify which mode you are in and, therefore,
which commands are available to you
Mode of Operation Usage How to Enter the Mode Prompt User EXEC
Change terminal settings on a temporary basis, perform basic tests,
and list system information. First level accessed. Router> Privileged
EXEC System administration, set operating parameters. From user
EXEC mode, enter enable password command Router# Global
Config Modify configuration that affect the system as a whole. From
privileged EXEC, enter configure terminal. Router(config)# Interface
Config Modify the operation of an interface. From global mode, enter interface
type number. Router(config-if)# Setup Create the initial configuration. From
privileged EXEC mode, enter command setup. Prompted dialog

User EXEC Mode:

When you are connected to the router, you are started in user EXEC
mode. The user EXEC commands are a subset of the privileged
EXEC commands.
Privileged EXEC Mode:
Privileged commands include the following:
• Configure – Changes the software configuration.
• Debug – Display process and hardware event messages.
• Setup – Enter configuration information at the prompts.
Enter the command disable to exit from the privileged EXEC mode
and return to user EXEC mode.

Configuration Mode
Configuration mode has a set of submodes that you use for modifying
interface settings, routing protocol settings, line settings, and so forth.
Use caution with configuration mode because all changes you enter
take effect immediately.
To enter configuration mode, enter the command configure terminal
and exit by pressing Ctrl-Z.
Note:
Almost every configuration command also has a no form. In general,
use the no form to disable a feature or function. Use the command
without the keyword no to re-enable a disabled feature or to enable a
feature that is disabled by default. For example, IP routing is enabled
by default. To disable IP routing, enter the no ip routing command
and enter ip routing to re-enable it.

Getting Help
In any command mode, you can get a list of available commands by
entering a question mark (?).
Router>?
To obtain a list of commands that begin with a particular character
sequence, type in those characters followed immediately by the
question mark (?).
Router#co?
configure connect copy
To list keywords or arguments, enter a question mark in place of a
keyword or argument. Include a space before the question mark.
Router#configure ?
memory Configure from NV memory
network Configure from a TFTP network host
terminal Configure from the terminal
You can also abbreviate commands and keywords by entering just
enough characters to make the command unique from other
commands. For example, you can abbreviate the show command to
sh.

Configuration Files
Any time you make changes to the router configuration, you must
save the changes to memory because if you do not they will be lost if
there is a system reload or power outage. There are two types of
configuration files: the running (current operating) configuration and
the startup configuration.
Use the following privileged mode commands to work with
configuration files.
• configure terminal – modify the running configuration manually from
the terminal.
• show running-config – display the running configuration.
• show startup-config – display the startup configuration.
• copy running-config startup-config – copy the running configuration
to the startup configuration.
• copy startup-config running-config – copy the startup configuration
to the running configuration.
• erase startup-config – erase the startup-configuration in NVRAM.
• copy tftp running-config – load a configuration file stored on a Trivial
File Transfer Protocol (TFTP) server into the running configuration.
• copy running-config tftp – store the running configuration on a TFTP
server.

IP Address Configuration

Take the following steps to configure the IP address of an interface.

Step 1: Enter privileged EXEC mode:
Router>enable password
Step 2: Enter the configure terminal command to enter global
configuration mode.
Router#config terminal
Step 3: Enter the interface type slot/port (for Cisco 7000 series) or
interface type port (for Cisco 2500 series) to enter the interface
configuration mode.
Example:
Router (config)#interface ethernet 0/1
Step 4: Enter the IP address and subnet mask of the
interface using the ip address ipaddress subnetmask command.
Example,
Router (config-if)#ip address 192.168.10.1 255.255.255.0
Step 5: Exit the configuration mode by pressing Ctrl-Z
Router(config-if)#[Ctrl-Z]
Routing Protocol Configuration

Routing Information Protocol (RIP)

Step 1: Enter privileged EXEC mode:

Router>enable password
Step 2: Enter the configure terminal command to enter global
configuration mode.
Router#config terminal
Step 3: Enter the router rip command
Router(config)#router rip
Step 4: Add the network number to use RIP and repeat this step for
all the numbers.
Router(config-router)#network network-number
Example: Router(config-router)#network 192.168.10.0
Note: To turn off RIP, use the no router rip command.
Router(config)#no router rip
Other useful commands
• Specify a RIP Version
By default, the software receives RIP version 1 and version 2
packets, but sends only version 1 packets. To control which RIP
version an interface sends, use one of the following commands in
interface configuration mode:
Command Purpose ip rip send version 1 Configure an interface to
send only RIP version 1 packets. ip rip send version 2 Configure an
interface to send only RIP version 2 packets. ip rip send version 1 2
Configure an interface to send only RIP version 1 and version 2
packets.

To control how packets received from an interface are processed,

use one of the following commands:
Command Purpose ip rip receive version 1 Configure an interface to
accept only RIP version 1 packets. ip rip receive version 2 Configure
an interface to accept only RIP version 2 packets ip rip receive
version 1 2 Configure an interface to accept only RIP version 1 or 2
packets.
• Enable or Disable Split Horizon
Use one of the following commands in interface configuration mode:

no ip split-horizon Disable split horizon.

Command Purpose ip split-horizon Enable split horizon.

Open Shortest Path First (OSPF)

Step 1: Enter privileged EXEC mode:
Router>enable password
Step 2: Enter the configure terminal command to enter global
configuration mode.
Router#config terminal
Step 3: Enter the router ospf command and follow by the process-id.
Router(config)#router ospf process-id
Pick the process-id which is not being used. To determine
what ids are being used, issue the show process
command.
Router(config)#show process
Step 4: Add the network number, mask and area-id
Router(config-router)#network network-number mask area area-id
The network-number identifies the network using OSPF. The mask
tells which bits to use from the network-number, and the area-id is
used for determining areas in an OSPF configuration.
Example:
Router(config-router)#network 192.168.10.0 255.255.255.0
area 0.0.0.0
Repeat this step for all the network numbers.
To turn off OSPF, use the following command.
Router(config)#no router ospf process-id

Other useful commands

• Configure OSPF Interface Parameters
You are not required to alter any of these parameters, but some
interface parameters must be consistent across all routers in an
attached network.
In interface configuration mode, specify any of the following:
Command Purpose ip ospf cost cost Explicitly specify the cost of
sending a packet on an OSPF interface. ip ospf retransmit-interval
seconds Specify the number of seconds between link state
advertisement retransmissions for adjacencies belonging to an OSPF
interface. ip ospf transmit-delay seconds Set the estimated number of
seconds it takes to transmit a link state update packet on an OSPF
interface. ip ospf priority number Set router priority to help determine
the OSPF designated router for a network. ip ospf hello-interval
seconds Specify the length of time, in seconds, between the hello
packets that a router sends on an OSPF interface. ip ospf dead-
interval seconds Set the number of seconds that a router’s hello
packets must not have been seen before its neighbors declare the
OSPF router down. ip ospf authentication-key password Assign a
specific password to be used by neighboring OSPF routers on a
network segment that is using OSPF’s simple password
authentication.

Interior Gateway Routing Protocol (IGRP)

• Create the IGRP Routing Process

To create the IGRP routing process, use the following required
commands starting in global configuration mode.
Step Command Purpose 1 router igrp autonomous-system Enable an
IGRP routing process, which place you in router configuration mode.
2 network network-number Associate networks with an IGRP routing
process.
• Disable Holddown
The holddown mechanism is used to help avoid routing loop in the
network, but has the effect of increasing the topology convergence
time.
To disable holddowns with IGRP, use the following command in
router configuration mode. All devices in an IGRP autonomous
system must be consistent in their use of holddowns.
Command Purpose No metric holddown Disable the IGRP holddown
period.
• Enforce a Maximum Network Diameter
Define a maximum diameter to the IGRP network. Routes whose hop
counts exceed this diameter are not advertised. The default
maximum diameter is 100 hops. The maximum diameter is 255 hops.

Use the following command in router configuration mode.

Command Purpose metric maximum-hops hops Configure the
maximum network diameter.
• To turn off IGRP, use the following command.
Router(config)#no router igrp autonomous-system

Tunneling
Most VPNs rely on tunneling to create a private network that reaches
across the Internet. Essentially, tunneling is the process of placing an
entire packet within another packet and sending it over a network.
The protocol of the outer packet is understood by the network and
both points, called tunnel interfaces, where the packet enters and
exits the network.

Tunneling requires three different protocols:

A) Carrier protocol - The protocol used by the network that the

information is traveling over
B)Encapsulating protocol - The protocol (GRE, IPSec, L2F, PPTP,
L2TP) that is wrapped around the original data

C)Passenger protocol - The original data (IPX, NetBeui, IP) being

carried

Tunneling has amazing implications for VPNs. For example, you can
place a packet that uses a protocol not supported on the Internet
(such as NetBeui) inside an IP packet and send it safely over the
Internet. Or you could put a packet that uses a private (non-routable)
IP address inside a packet that uses a globally unique IP address to
extend a private network over the Internet.
Tunneling: Site-to-Site

In a site-to-site VPN, GRE (generic routing encapsulation) is normally

the encapsulating protocol that provides the framework for how to
package the passenger protocol for transport over the carrier
protocol, which is typically IP-based. This includes information on
what type of packet you are encapsulating and information about the
connection between the client and server. Instead of GRE, IPSec in
tunnel mode is sometimes used as the encapsulating protocol. IPSec
works well on both remote-access and site-to-site VPNs. IPSec must
be supported at both tunnel interfaces to use.

Tunneling: Remote-Access

In a remote-access VPN, tunneling normally takes place using PPP.

Part of the TCP/IP stack, PPP is the carrier for other IP protocols
when communicating over the network between the host computer
and a remote system. Remote-access VPN tunneling relies on PPP.
Each of the protocols listed below were built using the basic structure
of PPP and are used by remote-access VPNs.
A ) L2F (Layer 2 Forwarding) - Developed by Cisco, L2F will use any
authentication scheme supported by PPP.

B) PPTP (Point-to-Point Tunneling Protocol) - PPTP was created by

the PPTP Forum, a consortium which includes US Robotics,
Microsoft, 3COM, Ascend and ECI Telematics. PPTP supports 40-bit
and 128-bit encryption and will use any authentication scheme
supported by PPP.

C) L2TP (Layer 2 Tunneling Protocol) - L2TP is the product of a

partnership between the members of the PPTP Forum, Cisco and the
IETF (Internet Engineering Task Force). Combining features of both
PPTP and L2F, L2TP also fully supports IPSec.
L2TP can be used as a tunneling protocol for site-to-site VPNs as
well as remote-access VPNs. In fact, L2TP can create a tunnel
between:
 Client and router
 NAS and router
 Router and router
Think of tunneling as having a computer delivered to you by UPS.
The vendor packs the computer (passenger protocol) into a box
(encapsulating protocol) which is then put on a UPS truck (carrier
protocol) at the vendor's warehouse (entry tunnel interface). The
truck (carrier protocol) travels over the highways (Internet) to your
home (exit tunnel interface) and delivers the computer. You open the
box (encapsulating protocol) and remove the computer (passenger
protocol). Tunneling is just that simple!
As you can see, VPNs are a great way for a company to keep its
employees and partners connected no matter where they are.

As the link is installed its now the time to test the link as every
instrument has a testing cycle in VPN connectivity we too have a
testing cycle. We use Netpersec for testing the load. If the link is
taking adequate amount of load link is handed over to the
customer other wise we move back for further quality
improvement of the link.
FIREWALL
Introduction

This document describe how to configure netear FXS538 firewall.

Requirements

Customer wants to allow some websites and rest will be blocked.

Connectivity

Lan Port-----------> Netgear ----------> Wan Port---------------------------> Internet

Steps Required For Basic Configuration

a) Open the webpage with 192.168.1.1 and login with username as admin and password
as
password.

b) Configure ISP1 Settings. This is the port where we need to terminate internet
bandwidth &
configure the port with logical configurations given.

Wan Settings ->s ISP1 Settings

c) Go to lan setup tab and diable dhcp.
d) Click on rouitng and add the default route towards ISP end.

e) Now go to wan mode and select use only nat under Network translation and Under
port mode
select use only single wan port1 (wan1)
f) Now click under Secuirty-> Firewall Rules -> LanWan Rules

Add the service by allowing any service or particular service as per the requirement.
The services will work from top to down.
g) Click On Security->Firewall->Attack check and check the box of Respond the ping to internet
ports.
If you are not selectign this then the you were not able to ping the ports.
h) Click on Security->Block Sites->
click yes for content filtering. If you are using no then you cannot block the websites. Enable the
proxy/java/activex/cookies if you want else you can leave that part. Under Apply keywords
blocking
select all the clicks and enable them.
For blocking websites you can use the dot(.) operator which means you are denying any type of
website. Under trusted domain you can enter the domain which you want user can access.

In the test setup I am only permitting www.cisco.com domain rest will be denied.
Monitoring Firewall
a) Click on Monitoring->Diagnostic tab and you will access basic troubleshooting tools.
b) Under Monitoring->Firewall Logs and Email , we can add the syslog server ip address and
fetch the
logs.

Remote Management
Click Administarion-> Remote Management -> Allow remote management and you canprovide
access as per your ease
Note:- By default all the lan ports are of group 1 part. You can change the geoups as per users.
If you want to restrict internal LAN users from access to certain sites on the Internet, you can use
the VPN firewall’s Content Filtering and Web Components filtering. By default, these features
are
disabled; all requested traffic from any Web site is allowed. If you enable one or more of these
features and users try to access a blocked site, they will see a “Blocked by NETGEAR” message.
Several types of blocking are available:

VIDEO CONFRENSING
Introducing the VSX Series
Your Polycom video conferencing system is a state-of-the-art visual
collaboration tool. With crisp, clean video and crystal-clear sound, VSX
systems provide natural video conferencing interaction through the
most
advanced video communications technology.
VSX Models
This section describes the standard components that come with the
VSX Series
systems. For technical specifications and detailed descriptions of
features
available for VSX models, please refer to the product literature
available at
www.polycom.com. Models with additional options are also available.
For
more information, please contact your Polycom distributor.
This guide covers instructions for the following models.

VSX 3000A Desktop Systems

The VSX 3000A systems deliver high-quality, video communication in
an
all-in-one appliance that includes the camera, LCD screen, speakers,
and
microphone. Save space in your office by using the VGA cable to
connect your
computer to the system’s 17” high-resolution XGA display.
VSX set-top systems VSX component systems VSX desktop systems
Administrator’s Guide for the VSX Series

1-2
VSX 5000 Set-top System

The VSX 5000 is a compact, entry-level system with an all-electronic,

built-in
camera.
VSX 6000A Set-top Systems

The VSX 6000A systems are entry-level video conferencing systems for
IP and
SIP networks only.
VSX 7000s Set-top Systems

The VSX 7000s systems provide cutting-edge video conferencing

technology
for IP and other networks. The subwoofer provides additional depth to
the
sound, creating a high-quality sonic space comparable to a home
theater
system.

VSX 7000e Component System

The VSX 7000e is a video component system for medium-sized
conferencing
rooms.
VSX 8000 Component System
The VSX 8000 system is a compact component system for custom
integration.
Setting Up Your System Hardware
This manual provides information to supplement the setup sheets
provided
with your system and its optional components. A printed copy of the
system
setup sheet is provided with each VSX system. PDF versions of the
system
setup sheets are available at www.polycom.com/videodocumentation.
Positioning the System
Position the system so that the camera does not face toward a window
or other
source of bright light.
Introducing the VSX Series
1-3
Place the camera and display together so that people at your site face
the
camera when they face the far site display.

Positioning Desktop Systems

The VSX 3000A systems are personal video conferencing systems for
the
desktop.
To position the system:
Place the VSX 3000A system on your desktop or on a table in a small
conference room, leaving enough space so that you can connect the
cables
easily.
If you need to place the system face-down to connect the cables, make sure that
the camera does not touch the work surface. The weight of the system can
damage
the camera mount.
Administrator’s Guide for the VSX Series
1-4
Positioning Set-top Systems
The VSX 5000, VSX 6000A, and VSX 7000s systems are designed to be
placed
on top of a monitor. You can order a shelf that can be mounted on a
wall or
placed on top of a flat-panel monitor.
To position the system:
1. The hardware kit you received with the system includes a pair of
self-adhesive feet. If the monitor’s chassis slopes back sharply, install
the
feet on the bottom of the system to stabilize it.

2. Place the system in the desired location, with the rounded front
portion
hanging over the front of the monitor or shelf. Leave enough space to
work, so that you can connect the cables easily.

3. Remove the packaging collar from around the VSX system camera.
Positioning Component Systems
The VSX 7000e and VSX 8000 systems are designed to be placed on a
tabletop
or in an equipment rack.
If you received a network interface module with your system, you may
find it
convenient to install it before positioning the system. Refer to the
installation
sheet that you received with the network interface module.
Feet
Introducing the VSX Series

To position the system:

1. Install the mounting brackets on the system if you need to mount it
in an
equipment rack, or install the self-adhesive feet if you will place the
system on a table or shelf.
2. Place the system in the desired location. Leave enough space to
work, so
that you can connect the cables easily.
3. Place the camera on or near the monitor displaying the far site so
that
people look towards the camera during calls.
Powering On
Connect power and power on the system after you have connected the
rest of
the equipment that you will use with it.
VSX 3000A Desktop System
The VSX 3000A systems have three power switches.
To power on the VSX 3000A:
1. Press the power switch near the connectors on the back of the
system.
2. Press the power switch on the lower back corner of the monitor.
3. Press the power button on the front of the monitor.
Powering On Set-top and Component Systems
For set-top systems, the power switch is on the back panel.
Do not use any power supply other than the one supplied with your VSX system.
Using the wrong power supply will void the warranty and may damage your
system.
Administrator’s Guide for the VSX Series
1-6
For component systems, the power switch is on the front. The indicator
light
in the switch provides this information:
• Light is green — system is powered on
• Light changes to from green to red, then to blue — system is
powering off
• Light is blue — system is powered off
• Light is off — system is not connected to power
Configuring with the Setup Wizard
When you power on your system for the first time, the setup wizard
detects
the system’s SCCP connections and leads you through the minimum
configuration steps required to place a call. This guide covers only the
SCCP
setup. Although the VSX SCCP system can be connected only to SCCP
networks, you can use the system to call users on other types of
networks if the
CallManager is configured to allow this. Please note that not all
network types
are available in all countries.
The setup wizard allows you to set a room password, which allows you
to
limit access to the Admin Settings. The default room password is the
14-digit
system serial number.
You can run the setup wizard or view the configuration screens in
either of
these two ways.
• In the room with the system — Use the remote control to
navigate the
screens and enter information. You can use the number pad on the
remote
control to enter text just like you can with a cell phone.
• From a remote location — Use a web browser to access VSXWeb.
For
more information about using VSX Web, refer to Accessing VSX Web
Make sure you can recall the room password if you set one. If you forget the
password, you will have to reset the system, delete the system files, and run the
setup wizard again in order to access the Admin Settings and reset the
password.
If Security Mode is enabled, the room password is required to access the Reset
System screen. If you forget the room password while the system is in Security
Mode, contact your Polycom distributor or Polycom Technical Support.

Networks
This guide covers network types used worldwide. Please note that not
all
network types are available in all countries.
Getting the Network Ready
Before you begin configuring the network options, you must make sure
your
network is ready for video conferencing.
To begin, refer to the Preparing Your Network for Video Conferencing
document,
available at www.polycom.com/videodocumentation. This document
contains information you need to prepare your network, such as
worksheets
that will help you order ISDN.
Network Connectivity Checklist
You will need this information to make and receive video calls at your
site:
Connecting to the LAN
You must connect the system to a LAN to:
• Make IP calls
• Access VSX Web
If... This information:
Should be provided by
your:
Your system is using a
static IP address
IP address IP Network Service Provider
or system administrator
System name System administrator
Administrator’s Guide for the VSX Series
2-2
• Use People+Content IP
• Update system software using the Polycom Softupdate program
Configuring LAN Properties
To configure LAN properties:
1. Go to System > Admin Settings > LAN Properties.
2. Configure these settings:
Setting Description
Connect to my
LAN
Specifies whether the system is part of the LAN.
Changing this setting causes the system to restart.
Host Name Indicates the system’s DNS name.
Changing this setting causes the system to restart.
IP Address Specifies how the system obtains an IP address.
• Obtain IP address automatically — Select if the
system gets an IP address from the DHCP server on the
LAN.
• Enter IP address manually — Select if the IP address
will not be assigned automatically.
Changing this setting causes the system to restart.
Your IP Address
is
or
Use the Following
IP Address
If the system obtains its IP address automatically, this area
displays the IP address currently assigned to the system.
If you selected Enter IP Address Manually, enter the IP
address here. Changing the IP address causes the system
to restart.
Domain Name Displays the domain name currently assigned to the system.
If the system does not automatically obtain a domain name,
enter one here.
Networks
2-3
3. Select and configure these settings:
Setting Description
DNS Servers Displays the DNS servers currently assigned to the system.
If the system does not automatically obtain a DNS server address,
enter up to four DNS servers here.
Changing this setting causes the system to restart.
Default
Gateway
Displays the gateway currently assigned to the system.
If the system does not automatically obtain a gateway IP address,
enter one here.
Changing this setting causes the system to restart.
Subnet Mask Displays the subnet mask currently assigned to the system.
If the system does not automatically obtain a subnet mask, enter
one here.
Changing this setting causes the system to restart.
WINS Server Displays the WINS server currently assigned to the system.
If the system does not automatically obtain a WINS server IP
address, enter one here.
Changing this setting causes the system to restart.
WINS
Resolution
Sends a request to the WINS server for WINS name resolution.
LAN Speed Specify the LAN speed to use. Note that the speed you choose
must be supported by the switch.
Choose Auto to have the network switch negotiate the speed
automatically. If you choose 10 Mbps or 100 Mbps, you must also
select a duplex mode.
Note: Be sure that the device and the switch settings match.
Typically, selecting Auto for both is sufficient. The LAN Speed
setting for the VSX system and the switch must match. Polycom
strongly recommends that you do not select Auto for either just
the VSX system or just the switch; the settings for both must be
the same.
Changing this setting causes the system to restart.
Duplex Mode Specify the Duplex mode to use. Note that the Duplex mode
you
choose must be supported by the switch.
Choose Auto to have the network switch negotiate the Duplex
mode automatically.
Changing this setting causes the system to restart.
Administrator’s Guide for the VSX Series
2-4
Configuring the VSX System to Use SCCP
When the VSX system is configured to use SCCP for calls, you can call
another
SCCP-enabled system by entering the system’s extension on the Place
a Call
screen.
To configure the VSX system to use SCCP:
1. On the Cisco CallManager, provision a SCCP extension for each VSX
system.
2. On the VSX System, go to System > Admin Settings > Network
> Call
Preference, and enable Enable SCCP.
3. On the VSX System, go to System > Admin Settings > General
Settings>
System Settings > Call Settings, and set Auto-Answer Point-to-
Point to Yes.
4. On the VSX System, go to System > Admin Settings > Network
> SCCP
Settings, and configure these settings on the Cisco CallManager
screen:
Polycom VSX software release 8.6.2 supporting the Cisco SCCP protocol has
been
certified with Cisco CallManager 4.2(3) and 5.1(1). Additionally, Polycom has
successfully deployed VSX software version 8.6.2 with other versions of the
Cisco
CallManager, including versions 4.1(x) and 5.0(x).
Polycom will work with joint customers in deploying the Polycom/Cisco solution
on
Cisco CallManager 4.1(3) and higher. For pre-sales support, please contact your
Polycom sales representative. For post-sales support, please refer to Polycom
Global Services at www.polycom.com.
Setting Description
CallManager
Address
Specifies the IP address of the Cisco CallManager.
Auto Discover
TFTP Address
Allows the system to discover the Primary, Secondary, and
Tertiary TFTP server addresses. When you choose this
setting, the system restarts and the fields are populated.
TFTP Server
Address
Allows you to specify the Primary, Secondary, and Tertiary
TFPT server addresses manually.
Local Extension Displays the extension assigned to this system by the Cisco
CallManager.
Networks
Configuring the Cisco CallManager for Use with the VSX
System
To support SCCP video calls, you must install a video plug-in on the
Cisco
CallManager server. Signed and unsigned plug-ins are available for
Cisco
CallManager at
http://www.polycom.com/resource_center/1,,pw-17246,FF.html.
You must also configure the Video Extensions in the Cisco CallManager.
To
place multipoint video calls using the Conference feature, the Cisco
CallManager needs to be provisioned with video bridge resources.
To install the video plug-in:
1. On the Cisco CallManager server, double-click the plug-in file to
start the
installation.
2. Follow the instructions on the wizard screens to complete the
installation.
3. Restart the system to activate the plug-in you just installed.
To configure the Cisco CallManager:
1. In the Cisco CallManager, go to the Phone Configuration >
Directory
Number Configuration screen.
2. Provision these settings for each Polycom Video Extension:
— Maximum Number of Calls: 1
— Busy Trigger: 1
After you have configured the VSX system and installed the plug-in,
you can
place SCCP calls.

Video Source Output Examples for

Multiple Monitors
The following tables show how the monitor settings on your VSX
system can
affect what you see on your displays. You can configure the video
sources for
your displays in many ways; these tables show only a few typical
configurations that are available on certain systems for point-to-point
calls.
Keep in mind that what you see on your displays can also be affected
by
multipoint display modes, dual monitor emulation, PIP settings, and so
on.
 VOIP PHONES

Introduction
This document provides you with the information on installation,
configuration and operation of
the MP-124 24-port, MP-108 8-port, MP-104 4-port and MP-102 2-port
VoIP media gateways. As
these units have similar functionality, except for the number of
channels and some minor
features, they are referred to collectively as the MP-1xx. Prior
knowledge of regular telephony
and data networking concepts is required.
Gateway Description
The MediaPack MP-1xx Series Analog VoIP gateways are cost-effective,
cutting edge technology
solutions, providing superior voice quality and optimized packet voice
streaming (voice, fax and
data traffic) over the same IP network. These gateways use the award-
winning, field-proven
Digital Signal Processing (DSP) voice compression technology used in
other MediaPack and
TrunkPackTM series products.
The MP-1xx gateways incorporate up to 24 analog ports for connection,
either directly to an
enterprise PBX (MP-10x/FXO), to phones, or to fax (MP-1xx/FXS),
supporting up to 24
simultaneous VoIP calls.
Additionally, the MP-1xx units are equipped with a 10/100 Base-TX
Ethernet port for connection
to the network.
The MP-1xx gateways are best suited for small to medium size
enterprises, branch offices or for
residential media gateway solutions.
The MP-1xx gateways enable Users to make free local or international
telephone/fax calls
between the distributed company offices, using their existing
telephones/fax. These calls are
routed over the existing network ensuring that voice traffic uses
minimum bandwidth.
The MP-1xx gateways are very compact devices that can be installed
as a desk-top unit (refer to
Section or on the wall or in a 19-inch rack
The MP-1xx gateways support H.323 ITU or SIP protocols, enabling the
deployment of "voice
over IP" solutions in environments where each enterprise or residential
location is provided with a
simple media gateway.
This provides the enterprise with a telephone connection (e.g., RJ-11),
and the capability to
transmit the voice and telephony signals over a packet network.
The MP-124 supports up to 24 analog telephone loop start FXS ports,
shown in Figure

Figure 1-1: MP-124 Gateway Front View

The MP-108 supports up to 8 analog telephone loop start FXS or FXO
ports, shown in Figure

Figure 1-2: MP-108 Gateway Front View

The MP-104 supports up to 4 analog telephone loop start FXS or FXO

ports, shown in Figure
Figure 1-3: MP-104 Gateway Front View

The MP-102 supports up to 2 analog telephone loop start FXS ports,

shown in Figure .
Figure 1-4: MP-102 Gateway Front View
The layout diagram illustrates a typical MP-108 and MP-104 or MP-102
VoIP
application.
Figure 1-5: Typical MP-1xx VoIP Application
BACK VIEW

CONNECTIVITY WITH PHONES

Configuring the MP-1xx Basic Parameters
To configure the MP-1xx basic parameters use the Embedded Web
Server’s ‘Quick Setup’
Figure 4-1: Quick Setup Screen
To configure basic H.323 parameters, take these 7 steps:
1. If the MP-1xx is behind a router with Network Address Translation
(NAT) enabled, perform
the following procedure. If it isn’t, leave the ‘NAT IP Address’ field
undefined.
Determine the “public” IP address assigned to the router (by using,
for instance, router
Web management). Enter this public IP address in the ‘NAT IP Address’
field.
Enable the DMZ (Demilitarized Zone) configuration on the residential
router for the LAN
port where the MP-1xx gateway is connected. This enables unknown
packets to be
routed to the DMZ port.
2. When working with a Gatekeeper, set ‘Working with Gatekeeper’
field, under ‘H.323
Parameters’, to ‘Yes’ and enter the IP address of the primary
Gatekeeper in the field
‘Gatekeeper IP Address’. When no Gatekeeper is used, the internal
routing table is used to
route the calls.
3. Leave parameter ‘Enable Annex D/T.38 FAX Relay’ at its default
unless your technical
requirements differ.

4. Select the coder (i.e., vocoder) that best suits your VoIP system
requirements. The default
coder is: G.7231 30 msec. To program the entire list of coders you
want the MP-1xx to use,
click the button on the left side of the ‘1st Coder’ field; the drop-down
list for the 2nd to 5th
coders appear. Select coders according to your system requirements.
Note that coders
higher on the list are preferred and take precedence over coders lower
on the list.
5. To program the Tel to IP Routing table, press the arrow button next
to ‘Tel to IP Routing
Table’. For information on how to configure the Tel to IP Routing table,
6. To program the Endpoint Phone Number table, press the arrow
button next to ‘Endpoint
Phone Numbers’. For information on how to configure the Endpoint
Phone Number table,

7. Click the Reset button and click OK in the prompt; The MP-1xx
applies the changes and
restarts. This takes approximately 1 minute to complete. When the MP-
1xx has finished
restarting, the Ready and LAN LEDs on the front panel are lit green.
You are now ready to start using the VoIP gateway. To prevent
unauthorized access to the MP-
1xx, it is recommended that you change the username and password
that are used to access the
.

MP-1xx H.323
to IP Routing Table
The Tel to IP Routing Table is used to route incoming Tel calls to IP
addresses. This routing table
associates a called / calling telephone number’s prefixes with a
destination IP address or with an
FQDN (Fully Qualified Domain Name). When a call is routed through
the VoIP gateway
(Gatekeeper isn’t used), the called and calling numbers are compared
to the list of prefixes on the
IP Routing Table (up to 50 prefixes can be configured); Calls that
match these prefixes are sent
to the corresponding IP address. If the number dialed does not match
these prefixes, the call is
not made.
When using a Gatekeeper, you do not need to configure the Tel to IP
Routing Table. However, if
you want to use fallback routing when communication with
Gatekeepers is lost, or to use the
‘Filter Calls to IP’ and ‘IP Security’ features or to assign IP profiles, you
need to configure the IP
Routing Table.
Note that for the Tel to IP Routing table to take precedence over a
Gatekeeper for routing calls,
set the parameter ‘PreferRouteTable’ to 1. The gateway checks the
'Destination IP Address' field
in the 'Tel to IP Routing' table for a match with the outgoing call. Only if
a match is not found, a
Gatekeeper is used.
Possible uses for Tel to IP Routing can be as follows:
• Can fallback to internal routing table if there is no communication
with the Gatekeepers.
• Call Restriction – (when Gatekeeper isn’t used), reject all outgoing
Tel IP calls that are
associated with the destination IP address: 0.0.0.0.
• IP Security – When the IP Security feature is enabled
(SecureCallFromIP = 1), the VoIP
gateway accepts only those IP Tel calls with a source IP address
identical to one of the IP
addresses entered in the Tel to IP Routing Table.
• Filter Calls to IP – When a Gatekeeper is used, the gateway checks
the Tel IP routing table
before a telephone number is routed to the Gatekeeper. If the number
is not allowed (number
isn’t listed or a Call Restriction routing rule was applied), the call is
released.
• Assign Profiles to destination address (also when a Gatekeeper is
used).
• Alternative Routing – (When Gatekeeper isn’t used) an alternative IP
destination for
telephone number prefixes is available. To associate an alternative IP
address to called
telephone number prefix, assign it with an additional entry (with a
different IP address), or
use an FQDN that resolves to two IP addresses. Call is sent to the
alternative destination
when one of the following occurs:
No ping to the initial destination is available, or when poor QoS (delay
or packet loss,
calculated according to previous calls) is detected, or when a DNS host
name is not
resolved. For detailed information on Alternative Routing, refer to
Section 8.4 on page
When a release reason that is defined in the ‘Reasons for Alternative
Tel to IP Routing’
table is received. For detailed information on the ‘Reasons for
Alternative Routing
Tables’
Tip: Tel to IP routing can be performed either before or after applying
the number
manipulation rules. To control when number manipulation is done, set
the
‘Tel to IP Routing Mode’ parameter
To configure the Tel to IP Routing table, take these 6 steps:
1. Open the ‘Tel to IP Routing’ screen (Protocol Management menu
> Routing Tables
submenu > Tel to IP Routing option); the ‘Tel to IP Routing’ screen is
displayed .
2. In the ‘Tel to IP Routing Mode’ field, select the Tel to IP routing
mode
3. In the ‘Routing Index' drop-down list, select the range of entries that
you want to edit.
4. Configure the Tel to IP Routing table according to
5. Click the Submit button to save your changes.
6. To save the changes so they are available after a power fail refer to
Section
 BIBLIOGRAPHY

This project is prepared by me with help of following :

• Team members

• Company magazine

• Manuals of the equipments

• Some websites etc.

 CONTENTS

1. Introduction to the company

2. Introduction to VPN

3. Link installation

4. Firepro wireless modems

5. Airspan modems

6. Radwin modems

7. Routers

8. Video confrensing

9. Voip phones

10.Firewall