Chapter 6 Broadband

VMG3926-B10A User’s Guide

81

The following table describes the labels in this screen.

6.5.1

Modify 802.1X Settings

Use this screen to edit 802.1X authentication settings. Click the

Edit

icon next to the rule you want

to edit. The screen shown next appears.

Figure 28

Network Setting

>

Broadband > 802.1x > Modify

Table 14

Network Setting > Network Setting > 802.1x

LABEL

DESCRIPTION

#

This is the index number of the entry.

Status

This field displays whether the authentication is active or not. A yellow bulb signifies that

this authentication is active. A gray bulb signifies that this authentication is not active.

Interface

This is the interface that uses the authentication. This displays

N/A

when there is no

interface assigned.

EAP Identity

This shows the EAP identity of the authentication. This displays

N/A

when there is no EAP

identity assigned.

EAP method

This shows the EAP method used in the authentication. This displays

N/A

when there is no

EAP method assigned.

Bidirectional

Authentication

This shows whether bidirectional authentication is allowed.

Certificate

This shows the certificate used for this authentication. This displays

N/A

when there is no

certificate assigned.

Trusted CA

This shows the Trusted CA used for this authentication. This displays

N/A

when there is no

Trusted CA assigned.

Modify

Click this icon to edit an item.

Apply

Click

Apply

to save your changes back to the VMG.

Cancel

Click

Cancel

to return to the previous configuration.

Chapter 6 Broadband

VMG3926-B10A User’s Guide

82

The following table describes the labels in this screen.

6.6

Technical Reference

The following section contains additional technical information about the VMG features described in

this chapter.

Encapsulation

Be sure to use the encapsulation method required by your ISP. The VMG can work in bridge mode

or routing mode. When the VMG is in routing mode, it supports the following methods.

IP over Ethernet

IP over Ethernet (IPoE) is an alternative to PPPoE. IP packets are being delivered across an

Ethernet network, without using PPP encapsulation. They are routed between the Ethernet interface

and the WAN interface and then formatted so that they can be understood in a bridged

environment. For instance, it encapsulates routed Ethernet frames into bridged Ethernet cells.

PPP over ATM (PPPoA)

PPPoA stands for Point to Point Protocol over ATM Adaptation Layer 5 (AAL5). A PPPoA connection

functions like a dial-up Internet connection. The VMG encapsulates the PPP session based on

RFC1483 and sends it through an ATM PVC (Permanent Virtual Circuit) to the Internet Service

Provider’s (ISP) DSLAM (digital access multiplexer). Please refer to RFC 2364 for more information

on PPPoA. Refer to RFC 1661 for more information on PPP.

Table 15

Network Setting

>

Broadband > 802.1x: Edit

LABEL

DESCRIPTION

Active

This field allows you to activate/deactivate the authentication.

Select this to enable the authentication. Clear this to disable this authentication without

having to delete the entry.

Interface

Select an interface to which the authentication applies.

EAP Identity

Enter the EAP identity of the authentication.

EAP method

This is the EAP method used for this authentication.

Bidirectional

Authentication

Select Enable to allow bidirectional authentication.

Certificate

Select the certificate you want to assign to the authentication. You need to import the

certificate in the

Security

>

Certificates

>

Local Certificates

screen.

Trusted CA

Select the Trusted CA you want to assign to the authentication. You need to import the

certificate in the

Security

>

Certificates

>

Trusted CA

screen.

OK

Click

OK

to save your changes.

Cancel

Click

Cancel

to exit this screen without saving.

Chapter 6 Broadband

VMG3926-B10A User’s Guide

83

PPP over Ethernet (PPPoE)

Point-to-Point Protocol over Ethernet (PPPoE) provides access control and billing functionality in a

manner similar to dial-up services using PPP. PPPoE is an IETF standard (RFC 2516) specifying how

a personal computer (PC) interacts with a broadband modem (DSL, cable, wireless, etc.)

connection.

For the service provider, PPPoE offers an access and authentication method that works with existing

access control systems (for example RADIUS).

One of the benefits of PPPoE is the ability to let you access one of multiple network services, a

function known as dynamic service selection. This enables the service provider to easily create and

offer new IP services for individuals.

Operationally, PPPoE saves significant effort for both you and the ISP or carrier, as it requires no

specific configuration of the broadband modem at the customer site.

By implementing PPPoE directly on the VMG (rather than individual computers), the computers on

the LAN do not need PPPoE software installed, since the VMG does that part of the task.

Furthermore, with NAT, all of the LANs’ computers will have access.

RFC 1483

RFC 1483 describes two methods for Multiprotocol Encapsulation over ATM Adaptation Layer 5

(AAL5). The first method allows multiplexing of multiple protocols over a single ATM virtual circuit

(LLC-based multiplexing) and the second method assumes that each protocol is carried over a

separate ATM virtual circuit (VC-based multiplexing). Please refer to RFC 1483 for more detailed

information.

Multiplexing

There are two conventions to identify what protocols the virtual circuit (VC) is carrying. Be sure to

use the multiplexing method required by your ISP.

VC-based Multiplexing

In this case, by prior mutual agreement, each protocol is assigned to a specific virtual circuit; for

example, VC1 carries IP, etc. VC-based multiplexing may be dominant in environments where

dynamic creation of large numbers of ATM VCs is fast and economical.

LLC-based Multiplexing

In this case one VC carries multiple protocols with protocol identifying information being contained

in each packet header. Despite the extra bandwidth and processing overhead, this method may be

advantageous if it is not practical to have a separate VC for each carried protocol, for example, if

charging heavily depends on the number of simultaneous VCs.

Traffic Shaping

Traffic Shaping is an agreement between the carrier and the subscriber to regulate the average rate

and fluctuations of data transmission over an ATM network. This agreement helps eliminate

congestion, which is important for transmission of real time data such as audio and video

connections.

Chapter 6 Broadband

VMG3926-B10A User’s Guide

84

Peak Cell Rate (PCR) is the maximum rate at which the sender can send cells. This parameter may

be lower (but not higher) than the maximum line speed. 1 ATM cell is 53 bytes (424 bits), so a

maximum speed of 832Kbps gives a maximum PCR of 1962 cells/sec. This rate is not guaranteed

because it is dependent on the line speed.

Sustained Cell Rate (SCR) is the mean cell rate of each bursty traffic source. It specifies the

maximum average rate at which cells can be sent over the virtual connection. SCR may not be

greater than the PCR.

Maximum Burst Size (MBS) is the maximum number of cells that can be sent at the PCR. After MBS

is reached, cell rates fall below SCR until cell rate averages to the SCR again. At this time, more

cells (up to the MBS) can be sent at the PCR again.

If the PCR, SCR or MBS is set to the default of "0", the system will assign a maximum value that

correlates to your upstream line rate.

The following figure illustrates the relationship between PCR, SCR and MBS.

Figure 29

Example of Traffic Shaping

ATM Traffic Classes

These are the basic ATM traffic classes defined by the ATM Forum Traffic Management 4.0

Specification.

Constant Bit Rate (CBR)

Constant Bit Rate (CBR) provides fixed bandwidth that is always available even if no data is being

sent. CBR traffic is generally time-sensitive (doesn't tolerate delay). CBR is used for connections

that continuously require a specific amount of bandwidth. A PCR is specified and if traffic exceeds

this rate, cells may be dropped. Examples of connections that need CBR would be high-resolution

video and voice.

Variable Bit Rate (VBR)

The Variable Bit Rate (VBR) ATM traffic class is used with bursty connections. Connections that use

the Variable Bit Rate (VBR) traffic class can be grouped into real time (VBR-RT) or non-real time

(VBR-nRT) connections.

The VBR-RT (real-time Variable Bit Rate) type is used with bursty connections that require closely

controlled delay and delay variation. It also provides a fixed amount of bandwidth (a PCR is

Chapter 6 Broadband

VMG3926-B10A User’s Guide

85

specified) but is only available when data is being sent. An example of an VBR-RT connection would

be video conferencing. Video conferencing requires real-time data transfers and the bandwidth

requirement varies in proportion to the video image's changing dynamics.

The VBR-nRT (non real-time Variable Bit Rate) type is used with bursty connections that do not

require closely controlled delay and delay variation. It is commonly used for "bursty" traffic typical

on LANs. PCR and MBS define the burst levels, SCR defines the minimum level. An example of an

VBR-nRT connection would be non-time sensitive data file transfers.

Unspecified Bit Rate (UBR)

The Unspecified Bit Rate (UBR) ATM traffic class is for bursty data transfers. However, UBR doesn't

guarantee any bandwidth and only delivers traffic when the network has spare bandwidth. An

example application is background file transfer.

IP Address Assignment

A static IP is a fixed IP that your ISP gives you. A dynamic IP is not fixed; the ISP assigns you a

different one each time. The Single User Account feature can be enabled or disabled if you have

either a dynamic or static IP. However the encapsulation method assigned influences your choices

for IP address and default gateway.

Introduction to VLANs

A Virtual Local Area Network (VLAN) allows a physical network to be partitioned into multiple logical

networks. Devices on a logical network belong to one group. A device can belong to more than one

group. With VLAN, a device cannot directly talk to or hear from devices that are not in the same

group(s); the traffic must first go through a router.

In Multi-Tenant Unit (MTU) applications, VLAN is vital in providing isolation and security among the

subscribers. When properly configured, VLAN prevents one subscriber from accessing the network

resources of another on the same LAN, thus a user will not see the printers and hard disks of

another user in the same building.

VLAN also increases network performance by limiting broadcasts to a smaller and more

manageable logical broadcast domain. In traditional switched environments, all broadcast packets

go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast

domain.

Introduction to IEEE 802.1Q Tagged VLAN

A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership

of a frame across bridges - they are not confined to the switch on which they were created. The

VLANs can be created statically by hand or dynamically through GVRP. The VLAN ID associates a

frame with a specific VLAN and provides the information that switches need to process the frame

across the network. A tagged frame is four bytes longer than an untagged frame and contains two

bytes of TPID (Tag Protocol Identifier), residing within the type/length field of the Ethernet frame)

and two bytes of TCI (Tag Control Information), starts after the source address field of the Ethernet

frame).

The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for Ethernet switches. If

a frame received at an Ethernet port has a CFI set to 1, then that frame should not be forwarded as

it is to an untagged port. The remaining twelve bits define the VLAN ID, giving a possible maximum