IP Address

To configure the
The default IP address of the CT-5372 (LAN port) is 192.168.1.1.
CT-5372 for the first time, the configuration PC must have a static IP address within the 192.168.1.x subnet. Follow the steps below to configure your PC IP address to use subnet 192.168.1.x. STEP 1: Right click on the Local Area Connection under the Network and Dial-Up connection window and select Properties. STEP 2: Enter the TCP/IP screen and change the IP address to the domain of 192.168.1.x/24.
STEP 3: Click OK to submit the settings. STEP 4: Start your Internet browser and type the IP address for the router (192.168.1.1) in the Web address bar. 15

3.2 Login Procedure

Perform the following steps to bring up the Web user interface and configure the CT-5372. To log on to the system from the Web browser, follow the steps below:
STEP 1: Start your Internet browser. Type the IP address for the router in the Web address field. For example, if the IP address is 192.168.1.1, type http://192.168.1.1 STEP 2: You will be prompted to enter your user name and password. Type root in the user name and 12345 in the password field, and click OK. Management link. These values can be changed later in the Web User Interface by selecting the
STEP 3: After successfully logging in, you will reach the Quick Setup menu.

Default Settings

It will then read the configuration profile from the Permanent The configuration profile
During power on initialization, the CT-5372 initializes all configuration attributes to default values. Storage section on the flash memory. The default attributes are overridden when identical attributes with different values are configured. in Permanent Storage can be created via the Web user interface or telnet user interface, or other management protocols. The factory default configuration can be restored either by pushing the reset button for more than five seconds, or by clicking the Restore Default Configuration option in the Restore Settings screen. The following default settings are present when setting up the router for the first time. LAN port IP address: 192.168.1.1 Local administrator account name: root Local administrator account password: 12345 Local non- administrator account name: user Local non- administrator account password: user Remote WAN access account name: support Remote WAN access account password: support DHCP server on LAN interface: enabled WAN IP address: none

R (number of check bytes in RS code word): 0 S (RS code word size in DMT frame): D (interleaver depth): Delay (msec): 0

VDSL Statistics

Field Status: B0 Traffic Type: B0 Rate (Kbps): B1 Traffic Type: B1 Rate (Kbps): Derived Second Counters: Current 15 min ES: Current 15 min SES: Current 15 min UAS: Current 24 hours ES: Current 24 hours SES: Current 24 hours UAS: Anomaly Counters: Bearer 0: Current 15 min CRC-8 anomalies: Current 15 min Corrected Codewords: Current 24 hours CRC-8 anomalies: Current 24 hours Corrected Codewords: Bearer 1: Current 15 min CRC-8 anomalies: Current 15 min Corrected Codewords: Current 24 hours CRC-8 anomalies: Current 24 hours Corrected Codewords:
Description VDSL link status. ATM or PTM Bearer 0 current sync rate. ATM or PTM Bearer 1 current sync rate. An accumulative total for current 15 minute ES. An accumulative total for current 15 minute SES. An accumulative total for current 15 minutes UAS. An accumulative total for current 24 hours ES. An accumulative total for current 24 hours SES. An accumulative total for current 24 hours UAS.
An accumulative total for current 15 minute CRC-8 anomalies An accumulative total for current 15 minute Corrected Codewords An accumulative total for current 24 hours CRC-8 anomalies An accumulative total for current hours CRC-8 corrected codewords An accumulative total for current 15 minute CRC-8 anomalies An accumulative total for current 15 minute Corrected Codewords An accumulative total for current 24 hours CRC-8 anomalies An accumulative total for current 24 hours CRC-8 corrected codewords 29
Choose Route to display the routes that the route information has learned.
Click ARP to display the ARP information.
Click DHCP to display the DHCP information.

Chapter 5 Quick Setup

The Quick Setup allows the user to configure the A/VDSL router for DSL connectivity and Internet access. It also guides the user though the WAN network setup first and then the LAN interface setup. You can either manually customize the router or follow the online instruction to set up the router. The CT-5372 A/VDSL router supports the following five network operating modes over an ATM PVC WAN interface. PPP over Ethernet (PPPoE) PPP over ATM (PPPoA) MAC Encapsulated Routing (MER) IP over ATM (IPoA) Bridging The following configuration considerations apply: The WAN network operating mode operation depends on the service providers configuration on the Central Office side and Broadband Access Server for the PVC If the service provider provides PPPoE service, then the connection selection depends on whether the LAN-side device (typically a PC) is running a PPPoE client or whether the CT-5372 is to run the PPPoE client. support both cases simultaneously. If some or none of the LAN-side devices do not run PPPoE client, then select PPPoE. If every LAN-side device is running a PPPoE client, then select Bridge in PPPoE mode. CT-5372 also supports pass-through PPPoE sessions from the LAN side while simultaneously running a PPPoE client for non-PPPoE LAN devices. NAPT and firewall are always enabled when PPPoE mode is selected, but they can be enabled or disabled by the user when MER or IPoA is selected, NAPT and firewall are always disabled when Bridge mode is selected. Depending on the network operating mode, and whether NAPT and firewall are enabled or disabled, the main panel will display or hide the NAPT/Firewall menu. Bridge. For instance, at initial setup, the default network operating mode is The main panel will not show the NAPT and Firewall menu. The CT-5372 can

this item is not selected, you will not be able to use the ADSL service. The default
5. Upon completion, click Next.
The following screen appears.
The Device Setup page allows the user to configure the LAN interface IP address and DHCP server. If the user would like this ADSL router to assign dynamic IP addresses, DNS server and default gateway to other LAN devices, select the radio box Enable DHCP server on the LAN to enter the starting IP address and end IP address and DHCP lease time. This configures the router to automatically assign IP addresses, default gateway address and DNS server addresses to each of your PCs.
Note that the routers default IP address is 192.168.1.1 and the default private address range provided by the ISP server in the router is 192.168.1.2 through 192.168.1.254.
Select Enable DHCP Server Relay (if required), and enter the DHCP Server IP Address. This allows the router to relay the DHCP packets to the remote DHCP server. The remote DHCP server will provide the IP address. To configure a secondary IP address for the LAN port, click the box as shown below.
6. After entering your settings, select Next to display the following screen. The WAN Setup-Summary screen presents the entire configuration summary. Save/Reboot if the settings are correct. settings. Click Click Back if you wish to modify the
7. The following screen will be displayed. To enable the wireless function, select the box (by clicking on it) and input the SSID. Then, click Next.
The following screen will be displayed.
After clicking Save/Reboot, the router will save the configuration to the flash memory, and reboot. again. automatically. The Web UI will not respond until the system is brought up After the system is up, the Web UI will refresh to the Device Info page The CT-5372 is ready for operation and the LEDs display as

IP Over ATM

To configure IP Over ATM, 1. Select Quick Setup and click Next. 2. Enter the PVC Index and click Next. 3. Type the VPI and VCI values provided by the ISP and click Next. 4. Select the IP over ATM (IPoA) radio button and click Next. The following screen appears.
Notice that DHCP is not supported over IPoA. The user must enter the IP address or WAN interface for the default gateway setup, and the DNS server addresses provided by the ISP. 5. Click Next. The following screen appears.
Enable NAT checkbox If the LAN is configured with a private IP address, the user should select this checkbox. up. The NAT submenu on the left side main panel will be displayed after reboot. The user can then configure NAT-related features after the system comes If a private IP address is not used on the LAN side, this checkbox should be de-selected to free up system resources for better performance. When the system comes back after reboot, the NAT submenu will not be displayed on the left main panel. The default setting for IPoA is enable. Enable Firewall checkbox If the firewall checkbox is selected, the firewall submenu on the left side main panel will be displayed after system reboot. after the system comes up. The user can then configure firewall features When system If firewall is not used, this checkbox should be

To add a Virtual Server, simply click the Add button. The following will be displayed.
Select a Service Or Custom Server Server IP Address External Port Start
User should select the service from the list. Or User can enter the name of their choice. Enter the IP address for the server. Enter the starting external port number (when you select Custom Server). When a service is selected the port ranges are automatically configured.

External Port End

Enter the ending external port number (when you select Custom Server). When a service is selected the port ranges are automatically configured.
Protocol Internal Port Start
User can select from: TCP, TCP/UDP or UDP. Enter the internal port starting number (when you select Custom Server). When a service is selected the port ranges are automatically configured

Internal Port End

Enter the internal port ending number (when you select Custom Server). When a service is selected the port ranges are automatically configured.

Port Triggering

Some applications require that specific ports in the Router's firewall be opened for access by the remote parties. Port Trigger dynamically opens up the 'Open Ports' in the firewall when an application on the LAN initiates a TCP/UDP connection to a remote party using the 'Triggering Ports'. The Router allows the remote party from the WAN side to establish new connections back to the application on the LAN side using the 'Open Ports'. A maximum 32 entries can be configured.
To add a Trigger Port, simply click the Add button. The following will be displayed.
Select an Application Or Custom Application Trigger Port Start
User should select the application from the list. Or User can enter the name of their choice. Enter the starting trigger port number (when you select custom application). When an application is selected the port ranges are automatically configured.

Trigger Port End

Enter the ending trigger port number (when you select custom application). When an application is selected the port ranges are automatically configured.
Trigger Protocol Open Port Start
User can select from: TCP, TCP/UDP or UDP. Enter the starting open port number (when you select custom application). When an application is selected the port ranges are automatically configured.

Open Port End

Enter the ending open port number (when you select custom application). When an application is selected the port ranges are automatically configured.

Select between 0-7. Enter name for traffic class Select Low, Medium or High. Select between 0-7. The lower the digit shows the higher the priority Select either: Normal Service, Minimize Cost, Maximize Reliability, Maximize Throughput, Minimize Delay
Physical LAN Port Protocol Source IP Address Source Subnet Mask Source Port (port or port:port) Destination IP address Destination Subnet Mask Destination port (port or port:port) 802.1p Priority
User can select from: ENET, ENET(1-4), USB, Wireless or Wireless_Guest. User can select from: TCP, TCP/UDP, UDP or ICMP. Enter the source IP address. Enter the subnet mask for the source IP address. Enter source port number. Enter destination IP address. Enter destination subnet mask. Enter destination port number. Select between 0-7. The lower the digit shows the higher the priority
If the Enable Differentiated Service Configuration box is ticked (i.e. selected) the following screen will be displayed:
The additional Items are explained here. Assign Differentiated Services Code Point (DSCP) Mark Source MAC Address The selected Code Point gives the corresponding priority to the packets that satisfies the rules set below.
A packet belongs to SET-1, if a binary-AND of its source MAC address with the Source MAC Mask is equal to the binary-AND of the Source MAC Mask and this field.
Source MAC Mask Destination MAC Address
This is the mask used to decide how many bits are checked in Source MAC Address. A packet belongs to SET-1 then the result that the Destination MAC Address of its header binary-AND to the Destination MAC Mask must equal to the result that this field binary-AND to the Destination MAC Mask.

Destination MAC Mask:

This is the mask used to decide how many bits are checked in Destination MAC Address.

Routing

The Routing dialog box allows you to configure Default gateway, Static Route and

Default Gateway

If Enable Automatic Assigned Default Gateway checkbox is selected, this router will accept the first received default gateway assignment from one of the PPPoA, PPPoE or MER/DHCP enabled PVC(s). If the checkbox is not selected, enter the static default gateway AND/OR a WAN interface. Click 'Save/Apply' button to save it. NOTE: If changing the Automatic Assigned Default Gateway from unselected to selected, You must reboot the router to get the automatic assigned default gateway.

Static Route

Choose Static Route to display the Static Route screen. The Static Route screen lists the configured static routes, and allows configuring static routes. Choose Add or Remove to configure the static routes.
To add static route, click the Add button to display the following screen. Enter the destination network address, subnet mask, gateway AND/OR available WAN interface then click Save/Apply to add the entry to the routing table.

6.6.3 RIP

User-defined label The IP address of remote tunnel Gateway, and you can use numeric address and domain name It chooses methods that specify the acceptable host IP on the local side. It has single and subnet. If you choose single, please entry the host IP address for VPN. If you choose subnet, please entry the subnet information for VPN.
Tunnel access from remote IP addresses IP Address for VPN
It chooses methods that specify the acceptable host IP on the remote side. has single and subnet. If you choose single, please input the host IP address for VPN. If you choose subnet, please input the subnet information for VPN. It
Key Exchange Method Authentication Method Pre-Shared Key Perfect Forward Secrecy Advanced IKE Settings
It has two modes. One is auto and the other is manual. It has either pre-shared key or x.509. Input Pre-shared key Enable/disable the method that is Perfect Forward Secrecy. On IPSec Auto mode, you need to choose the setting of two phases. Click the button then choose which modes, Encryption Algorithm, Integrity Algorithm, Select Diffie-Hellman Group for Key Exchange, key time on different phases.
The following is displayed if the Show Advanced Settings button is clicked.
Advanced IKE Settings Phase 1 Mode Defines the exchange mode for phase 1 when racoon is the initiator. It also means the acceptable exchange mode when racoon is responder. The first exchange mode is what racoon uses when it is the initiator. Encryption Algorithm Specify the encryption algorithm used for the phase 1 negotiation. 3des, Integrity Algorithm This directive must be defined. Algorithm is one of following: des, aes-128(192, 256) for Oakley. Define the hash algorithm used for the phase 1. Algorithm is one of following: md5, sha1 for Oakley. 83
Select Diffie-Hellman Group for Key Exchange
Define the group used for the Diffie-Hellman exponentiations. This directive must be defined. group is one of following: modp768, modp1024, modp1536, modp2048, modp3072, modp4096, modp6144, modp8192. When you want to use aggressive mode, you must define the same DH group in each proposal.
Key Life Time Phase 2 Encryption Algorithm

Define lifetime of the phase 1 SA proposal. Specify the encryption algorithm used for the phase 2 negotiation. 3des, This directive must be defined. Algorithm is one of following: des, aes-128(192, 256) for Oakley
Integrity Algorithm Select Diffie-Hellman Group for Key Exchange
Define the hash algorithm used for the phase 2. Algorithm is one of following: md5, sha1 for Oakley
Define the group of Diffie-Hellman exponentiations. If you do not require PFS then you can omit this directive.
Any proposal will be accepted if you do not specify one.

Key Life Time

Define how long an IPsec-SA will be used, in time units. Any proposal will be accepted, and no attribute(s) will be proposed to the peer if you do not specify it(them).

6.12 Certificate

A certificate is a public key, attached with its owners information (company name, server name, personal real name, contact e-mail, postal address, etc) and digital signatures. There will be one or more digital signatures attached on the certificate, indicating that these signers have verified that the owner information of this certificate is correct.

6.12.1

Click Create Certificate Request to generate a certificate signing request. The certificate signing request can be submitted to the vendor/ISP/ITSP to apply for a certificate. Some information must be included in the certificate signing request. Actually, your vendor/ISP/ITSP will ask you to provide the information they require and to provide the information in the format they regulate. The explanation for each column in the following table is only for reference. Certificate Name Common Name Organization Name A user-defined name for the certificate. Usually, it is the fully qualified domain name for the machine. The exact legal name of your organization. Do not abbreviate. cannot be abbreviated. Country/Region Name The two-letter ISO abbreviation for your country.
State/Province Name The state or province where your organization is located. It
Click Apply to generate a private key and a certificate signing request.
This page is used to paste the certificate content and the private key provided by your vendor/ISP/ITSP.

6.12.2

Trusted CA
CA is the abbreviation for Certificate Authority. CA is a part of the X.509 system. It is itself a certificate, attached with the owner information of this certificate authority. But its purpose is not to do encryption/decryption. Its purpose is to sign and issue certificates; in order to prove the owner information of that certificate is correct.
Click Import Certificate to paste the certificate content of your trusted CA. Generally speaking, the certificate content will be provided by your vendor/ISP/ITSP and is used to authenticate the Auto-Configuration Server (ACS) that the CPE will connect to.

Security options include authentication and encryption services based on the wired equivalent privacy (WEP) algorithm. WEP is a set of security services used to When data encryption is enabled, protect 802.11 networks from unauthorized access, such as eavesdropping; in this case, the capture of wireless network traffic. secret shared encryption keys are generated and used by the source station and the destination station to alter frame bits, thus avoiding disclosure to eavesdroppers. 802.11 supports two subtypes of network authentication services: open system and shared key. Under open system authentication, any wireless station can request The system that needs to authenticate with another wireless The receiving station then sends back a frame that indicates authentication. sending station.
station sends an authentication management frame that contains the identity of the whether it recognizes the identity of the sending station. Under shared key authentication, each wireless station is assumed to have received a secret shared key over a secure channel that is independent from 802.11 wireless network communications channel. The following screen appears when Security is selected. The Security page allows you to configure security features of the wireless LAN interface. You can set the network authentication method, selecting data encryption, specify whether a network key is required to authenticate to this wireless network and specify the encryption strength. Click Apply to configure the wireless security options.

Option Select SSID

Description Sets the wireless network name. Identifier. SSID stands for Service Set All stations must be configured with the correct SSID to
access the WLAN. If the SSID does not match, that user will not be granted access. The naming conventions are: Minimum is one character and maximum number of characters: 32 bytes.

Network

It specifies the network authentication. the wireless network.

When this checkbox is

Authentication selected, it specifies that a network key be used for authentication to If the Network Authentication (Shared mode) Open system authentication checkbox is not shared (that is, if open system authentication is used), no authentication is provided. only performs identity verifications. Different authentication type pops up different settings requests. Choosing 802.1X, enter RADIUS Server IP address, RADIUS Port, and RADIUS key. Also, enable WEP Encryption and the Encryption Strength.
Select the Current Network Key and enter 13 ASCII characters or 26 hexadecimal digits for 128-bit encryption keys and enter 5 ASCII characters or 10 hexadecimal digits for 64-bit encryption keys.

After choosing the Add button, the following screen appears.

Enter the MAC

address and click Apply to add the MAC address to the wireless MAC address filters.

Option MAC Restrict Mode

Description Radio buttons that allow settings of; Off: MAC filtering function is disabled. Allow: Permits PCs with listed MAC addresses to connect to the access point. Deny: Prevents PCs with listed MAC from connecting to the access point.

MAC Address

Lists the MAC addresses subject to the Off, Allow, or Deny instruction. The Add button prompts an entry field that requires you type in a MAC address in a two-character, 6-byte convention: xx:xx:xx:xx:xx:xx where xx are hexadecimal numbers. The maximum number of MAC addresses that can be added is 60.

Wireless Bridge

This page allows you to configure wireless bridge features of the wireless LAN interface. You can select Wireless Bridge (also known as Wireless Distribution System) to disable access point functionality. Selecting Access Point enables access point functionality. Wireless bridge functionality will still be available and wireless stations will be able to associate to the AP. Select Disabled in Bridge Restrict, which disables wireless bridge restriction. Any wireless bridge will be granted access. Selecting Enabled or Enabled (Scan) enables wireless bridge restriction. Only those bridges selected in Remote Bridges will be granted access.
Option AP Mode Bridge Restrict
Description Access Point Wireless Bridge Enabled Enabled (Scan) Disabled

Advanced

The Advanced page allows you to configure advanced features of the wireless LAN interface. You can select a particular channel on which to operate, force the transmission rate to a particular speed, set the fragmentation threshold, set the RTS threshold, set the wakeup interval for clients in power-save mode, set the beacon interval for the access point, set XPress mode and set whether short or long preambles are used.
Click Apply to configure the advanced wireless options.

Option AP Isolation

Ethernet Connection Pass: indicates that the Ethernet interface from your

USB ADSL Synchronization

This option is for future release. Pass: Indicates that the DSL modem has detected a DSL signal from the telephone company. telephone company. Fail: indicates that the DSL modem does not detect a signal from the telephone companys DSL network. The WAN LED will stop blinking (i.e. training) and the LED will stop illuminating (i.e. go blank). A solid WAN LED on the router also indicates the detection of a DSL signal from the

Chapter 9 Management

The Management section of the CT-5372 supports the following maintenance functions and processes:
Settings System log TR-069 Client Internet Time Access Control Update software Save/Reboot

Settings

The Settings option allows you to back up your settings to a file, retrieve the setting file, and restore the settings.

Configuration Backup

The Backup option under Management>Settings save your router configurations to a file on your PC. Click BACKUP Settings in the main window. You will be prompted to define the location of the backup file to save. After choosing the file location, click Backup Settings. The file will then be saved to the assigned location.

Tools Update Settings

The Update option under Management>Settings update your router settings using your saved files.

Restore Default

Clicking the Restore Default Configuration option in the Restore Settings screen can restore the original factory installed settings.
NOTE: This entry has the same effect as the hardware reset-to-default button. The CT-5372 board hardware and the boot loader support the reset to default button. If the reset button is continuously pushed for more than 5 seconds, the boot loader will erase the entire configuration data saved on the flash memory. NOTE: Restoring system settings requires a system reboot. the current Web UI session be closed and restarted. in order to configure the CT-5372. This necessitates that

Before restarting the

connected PC must be configured with a static IP address in the 192.168.1.x subnet
Default settings The CT-5372 default settings are LAN port IP= 192.168.1.1, subnet mask = 255.255.255.0 Local user name: root Password: 12345 Remote user name: support Remote user password: support
After the Restore Default Configuration button is selected, the following screen appears. Close the DSL Router Configuration window and wait for 2 minutes before reopening your web browser. If necessary, reconfigure your PC's IP address to match your new configuration.

System Log

The System Log option under Management>Settings allows you to view the system events log, or to configure the System Log options. The default setting of system log is disabled. Follow the steps below to enable and view the system log.
1. Click Configure System Log to display the following screen.
2. Select from the desired Log options described in the following table, and then click Save/Apply.

Option Log

Description Indicates whether the system is currently recording events. The user can enable or disable event logging. By default, it is disabled. To enable it, tick Enable and then Apply button.

Log level

Allows you to configure the event level and filter out unwanted events below this level. The events ranging from the highest critical level Emergency down to this configured level will be recorded to the log buffer on the CT-5372 SDRAM. When the log buffer is full, the newer event will wrap up to the top of the log buffer and overwrite the old event. By default, the log level is Debugging, which is the lowest critical level. The following log levels are Emergency = system is unusable Alert = action must be taken immediately Critical = critical conditions Error = Error conditions Warning = normal but significant condition Notice= normal but insignificant condition Informational= provides information for reference Debugging = debug-level messages Emergency is the most serious event level, whereas Debugging is the least important. For instance, if the log level is set to Debugging, all the events from the lowest Debugging level to the most critical level Emergency level will be recorded. If the log level is set to Error, only Error and the level above will be logged.

Display Level Mode

Allows the user to select the logged events and displays on the View System Log page for events of this level and above to the highest Emergency level. Allows you to specify whether events should be stored in the local memory, or be sent to a remote syslog server, or both simultaneously. If remote mode is selected, view system log will not be able to display events saved in the remote syslog server. When either Remote mode or Both mode is configured, the WEB UI will prompt the user to enter the Server IP address and Server UDP port.
3. Click View System Log.
The results are displayed as follows.

TR-069 Client

WAN Management Protocol (TR-069) allows a Auto-Configuration Server (ACS) to perform auto-configuration, provision, collection, and diagnostics to this device.
Option Inform Inform Interval ACS URL
Description Disable/Enable TR-069 client on the CPE. The duration in seconds of the interval for which the CPE MUST attempt to connect with the ACS and call the Inform method. URL for the CPE to connect to the ACS using the CPE WAN Management Protocol. This parameter MUST be in the form of a valid HTTP or HTTPS URL. An HTTPS URL indicates that the ACS supports SSL. The host portion of this URL is used by the CPE for validating the certificate from the ACS when using certificate-based authentication.

ACS User Name

Username used to authenticate the CPE when making a connection to the ACS using the CPE WAN Management Protocol. This username is used only for HTTP-based authentication of the CPE.

ACS Password

Password used to authenticate the CPE when making a connection to the ACS using the CPE WAN Management Protocol. This password is used only for HTTP-based authentication of the CPE.
Connection Request Username used to authenticate an ACS making a Connection. 112
User Name Password Get RPC Methods
Request to the CPE. Request to the CPE. This method may be used by a CPE or ACS to discover the set of methods supported by the ACS or CPE it is in communication with. This list may include both standard TR-069 methods (those defined in this specification or a subsequent version) and vendor-specific methods. The receiver of the response MUST ignore any unrecognized methods. Click this button to force the CPE to immediately establish a connection to the ACS.
Connection Request Password used to authenticate an ACS making a Connection

Internet Time

The Internet Time option under Management menu bar configures the Modems time. To automatically synchronize with Internet time servers, tick the corresponding box displayed on the screen. Then click Save/Apply. Note: This menu item will not be displayed if a Bridged PVC is configured.