Page 81 / 327 Scroll up to view Page 76 - 80
Chapter 6 Broadband
VMG3926-B10A User’s Guide
81
The following table describes the labels in this screen.
6.5.1
Modify 802.1X Settings
Use this screen to edit 802.1X authentication settings. Click the
Edit
icon next to the rule you want
to edit. The screen shown next appears.
Figure 28
Network Setting
>
Broadband > 802.1x > Modify
Table 14
Network Setting > Network Setting > 802.1x
LABEL
DESCRIPTION
#
This is the index number of the entry.
Status
This field displays whether the authentication is active or not. A yellow bulb signifies that
this authentication is active. A gray bulb signifies that this authentication is not active.
Interface
This is the interface that uses the authentication. This displays
N/A
when there is no
interface assigned.
EAP Identity
This shows the EAP identity of the authentication. This displays
N/A
when there is no EAP
identity assigned.
EAP method
This shows the EAP method used in the authentication. This displays
N/A
when there is no
EAP method assigned.
Bidirectional
Authentication
This shows whether bidirectional authentication is allowed.
Certificate
This shows the certificate used for this authentication. This displays
N/A
when there is no
certificate assigned.
Trusted CA
This shows the Trusted CA used for this authentication. This displays
N/A
when there is no
Trusted CA assigned.
Modify
Click this icon to edit an item.
Apply
Click
Apply
to save your changes back to the VMG.
Cancel
Click
Cancel
to return to the previous configuration.
Page 82 / 327
Chapter 6 Broadband
VMG3926-B10A User’s Guide
82
The following table describes the labels in this screen.
6.6
Technical Reference
The following section contains additional technical information about the VMG features described in
this chapter.
Encapsulation
Be sure to use the encapsulation method required by your ISP. The VMG can work in bridge mode
or routing mode. When the VMG is in routing mode, it supports the following methods.
IP over Ethernet
IP over Ethernet (IPoE) is an alternative to PPPoE. IP packets are being delivered across an
Ethernet network, without using PPP encapsulation. They are routed between the Ethernet interface
and the WAN interface and then formatted so that they can be understood in a bridged
environment. For instance, it encapsulates routed Ethernet frames into bridged Ethernet cells.
PPP over ATM (PPPoA)
PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection
functions like a dial-up Internet connection. The VMG encapsulates the PPP session based on
RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service
Provider’s (ISP) DSLAM (digital access multiplexer). Please refer to RFC 2364 for more information
on PPPoA. Refer to RFC 1661 for more information on PPP.
Table 15
Network Setting
>
Broadband > 802.1x: Edit
LABEL
DESCRIPTION
Active
This field allows you to activate/deactivate the authentication.
Select this to enable the authentication. Clear this to disable this authentication without
having to delete the entry.
Interface
Select an interface to which the authentication applies.
EAP Identity
Enter the EAP identity of the authentication.
EAP method
This is the EAP method used for this authentication.
Bidirectional
Authentication
Select Enable to allow bidirectional authentication.
Certificate
Select the certificate you want to assign to the authentication. You need to import the
certificate in the
Security
>
Certificates
>
Local Certificates
screen.
Trusted CA
Select the Trusted CA you want to assign to the authentication. You need to import the
certificate in the
Security
>
Certificates
>
Trusted CA
screen.
OK
Click
OK
to save your changes.
Cancel
Click
Cancel
to exit this screen without saving.
Page 83 / 327
Chapter 6 Broadband
VMG3926-B10A User’s Guide
83
PPP over Ethernet (PPPoE)
Point-to-Point Protocol over Ethernet (PPPoE) provides access control and billing functionality in a
manner similar to dial-up services using PPP. PPPoE is an IETF standard (RFC 2516) specifying how
a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.)
connection.
For the service provider, PPPoE offers an access and authentication method that works with existing
access control systems (for example RADIUS).
One of the benefits of PPPoE is the ability to let you access one of multiple network services, a
function known as dynamic service selection. This enables the service provider to easily create and
offer new IP services for individuals.
Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no
specific configuration of the broadband modem at the customer site.
By implementing PPPoE directly on the VMG (rather than individual computers), the computers on
the LAN do not need PPPoE software installed, since the VMG does that part of the task.
Furthermore, with NAT, all of the LANs’ computers will have access.
RFC 1483
RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5
(AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit
(LLC-based multiplexing) and the second method assumes that each protocol is carried over a
separate ATM virtual circuit (VC-based multiplexing). Please refer to RFC 1483 for more detailed
information.
Multiplexing
There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to
use the multiplexing method required by your ISP.
VC-based Multiplexing
In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for
example, VC1 carries IP, etc. VC-based multiplexing may be dominant in environments where
dynamic creation of large numbers of ATM VCs is fast and economical.
LLC-based Multiplexing
In this case one VC carries multiple protocols with protocol identifying information being contained
in each packet header. Despite the extra bandwidth and processing overhead, this method may be
advantageous if it is not practical to have a separate VC for each carried protocol, for example, if
charging heavily depends on the number of simultaneous VCs.
Traffic Shaping
Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate
and fluctuations of data transmission over an ATM network. This agreement helps eliminate
congestion, which is important for transmission of real time data such as audio and video
connections.
Page 84 / 327
Chapter 6 Broadband
VMG3926-B10A User’s Guide
84
Peak Cell Rate (PCR) is the maximum rate at which the sender can send cells. This parameter may
be lower (but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a
maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not guaranteed
because it is dependent on the line speed.
Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the
maximum average rate at which cells can be sent over the virtual connection. SCR may not be
greater than the PCR.
Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS
is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more
cells (up to the MBS) can be sent at the PCR again.
If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that
correlates to your upstream line rate.
The following figure illustrates the relationship between PCR, SCR and MBS.
Figure 29
Example of Traffic Shaping
ATM Traffic Classes
These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0
Specification.
Constant Bit Rate (CBR)
Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being
sent. CBR traffic is generally time-sensitive (doesn't tolerate delay). CBR is used for connections
that continuously require a specific amount of bandwidth. A PCR is specified and if traffic exceeds
this rate, cells may be dropped. Examples of connections that need CBR would be high-resolution
video and voice.
Variable Bit Rate (VBR)
The Variable Bit Rate (VBR) ATM traffic class is used with bursty connections. Connections that use
the Variable Bit Rate (VBR) traffic class can be grouped into real time (VBR-RT) or non-real time
(VBR-nRT) connections.
The VBR-RT (real-time Variable Bit Rate) type is used with bursty connections that require closely
controlled delay and delay variation. It also provides a fixed amount of bandwidth (a PCR is
Page 85 / 327
Chapter 6 Broadband
VMG3926-B10A User’s Guide
85
specified) but is only available when data is being sent. An example of an VBR-RT connection would
be video conferencing. Video conferencing requires real-time data transfers and the bandwidth
requirement varies in proportion to the video image's changing dynamics.
The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not
require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical
on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an
VBR-nRT connection would be non-time sensitive data file transfers.
Unspecified Bit Rate (UBR)
The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't
guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An
example application is background file transfer.
IP Address Assignment
A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a
different one each time. The Single User Account feature can be enabled or disabled if you have
either a dynamic or static IP. However the encapsulation method assigned influences your choices
for IP address and default gateway.
Introduction to VLANs
A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical
networks. Devices on a logical network belong to one group. A device can belong to more than one
group. With VLAN, a device cannot directly talk to or hear from devices that are not in the same
group(s); the traffic must first go through a router.
In Multi-Tenant Unit (MTU) applications, VLAN is vital in providing isolation and security among the
subscribers. When properly configured, VLAN prevents one subscriber from accessing the network
resources of another on the same LAN, thus a user will not see the printers and hard disks of
another user in the same building.
VLAN also increases network performance by limiting broadcasts to a smaller and more
manageable logical broadcast domain. In traditional switched environments, all broadcast packets
go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast
domain.
Introduction to IEEE 802.1Q Tagged VLAN
A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership
of a frame across bridges - they are not confined to the switch on which they were created. The
VLANs can be created statically by hand or dynamically through GVRP. The VLAN ID associates a
frame with a specific VLAN and provides the information that switches need to process the frame
across the network. A tagged frame is four bytes longer than an untagged frame and contains two
bytes of TPID (Tag Protocol Identifier), residing within the type/length field of the Ethernet frame)
and two bytes of TCI (Tag Control Information), starts after the source address field of the Ethernet
frame).
The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for Ethernet switches. If
a frame received at an Ethernet port has a CFI set to 1, then that frame should not be forwarded as
it is to an untagged port. The remaining twelve bits define the VLAN ID, giving a possible maximum

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top