Lancom 850 UMTS User manual
LANCOM 3850 UMTS
© 2007 LANCOM Systems GmbH, Wuerselen (Germany). All rights reserved.
While the information in this manual has been compiled with great care, it may not be deemed an assurance of product
characteristics. LANCOM Systems shall be liable only to the degree specified in the terms of sale and delivery.
The reproduction and distribution of the documentation and software included with this product is subject to written per-
mission by LANCOM Systems. We reserve the right to make any alterations that arise as the result of technical develop-
ment.
All explanations and documents for registration of the products you find in the appendix of this documentation, if they
were present at the time of printing.
Trademarks
Windows®, Windows Vista™, Windows XP®and Microsoft®are registered trademarks of Microsoft, Corp.
The LANCOM Systems logo, LCOS and the name LANCOM are registered trademarks of LANCOM Systems GmbH. All other
names mentioned may be trademarks or registered trademarks of their respective owners.
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http://www.openssl.org/.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software developed by the NetBSD Foundation, Inc. and its contributors.
The firmware of LANCOM VP-100 incorporates components available in source code as Open Source software with specific
licenses and copyrights of various authors. In particular the firmware incorporates components which are subject to the
GNU General Public License, version 2 (GPL). The license agreement including the text of the GPL can be found on the
product CD in the product folder as LC-VP100-License-EN.txt. The source codes and all license texts can be obtained from
LANCOM Systems GmbH FTP server electronically upon request.
Subject to change without notice. No liability for technical errors or omissions.
LANCOM Systems GmbH
Adenauerstr. 20/B2
52146 Wuerselen
Germany
www.lancom.eu
Wuerselen, September 2007
110536/0907
LANCOM 3850 UMTS
Preface
3
EN
Preface
Thank you for placing your trust in this LANCOM product.
The combination of UMTS/HSDPA, WLAN, DSL and VPN opens up a completely
new range of possibilities in enterprise connectivity—for example, mobile
conference rooms that are connected via UMTS/HSDPA and offer Internet
access over WLAN or access to the company network via VPN.
As a back-up connection for site coupling, UMTS/HSDPA is cheaper and faster
than the conventional alternative, ISDN. Furthermore, it is significantly less
prone to failure as there are no cables which are at risk from construction
works. Using VRRP with the LANCOM 3850 UMTS offers fully vendor-inde-
pendent high availability and a completely transparent, automatic switch of
media in the event of backup.
Apart from that, UMTS/HSDPA is able to bridge the “last mile” for customers
who do not have access to an equivalent broadband connection. The UMTS/
HSDPA card is simply operated in the CardBus expansion slot of the LANCOM
3850 UMTS. The device automatically switches Internet access between
HSDPA, UMTS and GPRS depending on availability.
Security settings
To maximize the security available from your product, we recommend that you
undertake all of the security settings (e.g. firewall, encryption, access protec-
tion) that were not already activated when you purchased the product. The
LANconfig Wizard 'Security Settings' will help you with this task. Further infor-
mation is also available in the chapter 'Security settings'.
We would additionally like to ask you to refer to our Internet site
www.lancom.eu for the latest information about your product and technical
developments, and also to download our latest software versions.
User manual and reference manual
The documentation of your device consists of the following parts:
Installation guide
User manual
Reference manual
You are now reading the user manual. It contains all information you need to
put your device into operation. It also contains all of the important technical
specifications.
LANCOM 3850 UMTS
Preface
4
EN
The reference manual can be found on the LANCOM product CD as an Acrobat
(PDF) document. It is designed as a supplement to the user manual and goes
into detail on topics that apply to a variety of models. These include, for exam-
ple:
The system design of the operating system LCOS
Configuration
Management
Diagnosis
Security
Routing and WAN functions
Firewall
Quality of Service (QoS)
Virtual Private Networks (VPN)
Virtual Local Networks (VLAN)
Wireless networks (WLAN)
Backup solutions
Further server services (DHCP, DNS, charge management)
This documentation was created by …
... several members of our staff from a variety of departments in order to
ensure you the best possible support when using your LANCOM product.
In case you encounter any errors, or just want to issue critics enhancements,
please do not hesitate to send an email directly to:
Our online services www.lancom.eu are available to you around the
clock should you have any queries regarding the topics discussed in
this manual or require any further support. The area 'Support' will
help you with many answers to frequently asked questions (FAQs).
Furthermore, the knowledgebase offers you a large reserve of infor-
mation. The latest drivers, firmware, utilities and documentation are
constantly available for download.
In addition, LANCOM support is available. For telephone numbers and
LANCOM 3850 UMTS
Preface
5
EN
contact addresses of LANCOM support, please see the enclosed leaf-
let or the LANCOM Systems website.
Information symbols
Very important instructions. Failure to observe this may result in damage.
Important instruction that should be observed.
Additional information that may be helpful but which is not required.
LANCOM 3850 UMTS
Contents
6
EN
Contents
1 Introduction 10
1.1 What is a Wireless LAN? 10
1.1.1 Which hardware to use? 10
1.1.2 Operation modes of Wireless LANs and base stations 10
1.2 The advantages of the UMTS/HSPDA solution 11
1.2.1 “Last mile“ via UMTS/HSPDA 11
1.2.2 Mobile conference room 12
1.2.3 UMTS/HSPDA Backup 13
1.3 What can your LANCOM Wireless Router do? 15
2 Installation 19
2.1 Package contents 19
2.2 System requirements 19
2.2.1 Configuring the LANCOM devices 19
2.2.2 Operating access points in managed mode 20
2.3 Status displays, interfaces an hardware installation 20
2.3.1 Status display 20
2.3.2 The back of the unit 25
2.4 Hardware installation 27
2.5 Software installation 29
2.5.1 Starting Software Setup 29
2.5.2 Which software should I install? 30
3 Basic configuration 31
3.1 Which information is necessary? 31
3.1.1 TCP/IP settings 31
3.1.2 Configuration protection 33
3.1.3 Settings for the Wireless LAN 33
3.2 Instructions for LANconfig 35
3.3 Instructions for WEBconfig 37
3.4 TCP/IP settings to workstation PCs 41
LANCOM 3850 UMTS
Contents
7
EN
4 Setting up Internet access 43
4.1 Instructions for LANconfig 44
4.2 Instructions for WEBconfig 45
5 Setting up the UMTS profile 46
5.1 Internet access 46
5.2 VPN site coupling 49
5.3 Other settings 51
5.3.1 Choosing the mobile telephone network 51
5.3.2 Activate UMTS/GPRS profile 52
5.3.3 UMTS/HSPDA only or automatic UMTS/HSPDA/GPRS se-
lection 53
5.3.4 Set up a time limit 54
6 Point- to-point connections 55
6.1 Antenna alignment for P2P operations 56
6.2 Configuration 57
6.3 Access points in relay mode 59
6.4 Security for point-to-point connections 59
6.4.1 Encryption with 802.11i/WPA 60
6.4.2 LEPS for P2P connections 61
LANCOM 3850 UMTS
Contents
8
EN
7 Security settings 62
7.1 Security for the Wireless LAN 62
7.1.1 Closed network 62
7.1.2 Access control via MAC address 63
7.1.3 LANCOM Enhanced Passphrase Security 63
7.1.4 Encryption of the data transfer 64
7.1.5 802.1x / EAP 65
7.1.6 IPSec over WLAN 66
7.2 Tips for handling keys 66
7.3 The security settings wizard 67
7.3.1 Wizard for LANconfig 67
7.3.2 Wizard for WEBconfig 68
7.4 The firewall wizard 68
7.4.1 Wizard for LANconfig 69
7.4.2 Configuration under WEBconfig 69
7.5 The security checklist 69
8 Options and accessories 74
8.1 Optional LANCOM WLAN antennas 74
8.1.1 Antenna Diversity 74
8.1.2 Installation of AirLancer Extender antennas 75
8.2 LANCOM Public Spot Option 75
9 Troubleshooting 77
9.1 PIN Handling 77
9.2 No DSL connection is established 80
9.3 DSL data transfer is slow 80
9.4 Unwanted connections under Windows XP 81
10 Appendix 82
10.1 Performance data and specifications 82
10.2 Contact assignment 83
10.2.1 LAN/WAN interface 10/100Base-TX, DSL interface 83
10.2.2 Configuration interface (Outband) 83
10.3 Declaration of conformity 84
LANCOM 3850 UMTS
Chapter 1: Introduction
10
EN
1Introduction
1.1 What is a Wireless LAN?
The following sections describe the functionality of wireless networks
in general. The functions supported by your device are listed in the
table 'What can your LANCOM do?'. Detailed information on Wireless
LANs can be found in the LCOS reference manual.
A Wireless LAN connects single terminals (e.g. PCs or notebooks) to a local
network (also LAN – Local Area Network). In contrast to a conventional LAN,
communication takes place via radio links rather than via network cables. This
is the reason why a Wireless LAN is also called a Wireless Local Area Network
(WLAN).
All functions of a cable-bound network are also available in a Wireless LAN:
access to files, servers, printers etc. is as possible as the connection of individ-
ual stations to an internal mail system or to the Internet access.
The advantages of Wireless LANs are obvious: notebooks and PCs can be set
up just where they are needed. Due to Wireless LANs, problems with missing
connections or structural alterations belong to the past.
Apart from that, wireless LANs can also be used for connections over longer
distances. Expensive leased lines and the associated construction measures
can be spared.
1.1.1 Which hardware to use?
Each station of the Wireless LAN needs access to the Wireless LAN in the form
of a wireless interface. Devices which have no built-in wireless interface can
be upgraded with a supplement card or an adapter.
LANCOM Systems offers wireless adapters by its LANCOM product
line. An LANCOM wireless adapter enables a device (e.g. PC or note-
book) for access to the Wireless LAN.
1.1.2 Operation modes of Wireless LANs and base stations
Wireless LAN technology and base stations in Wireless LANs are used in the
following operation modes:
Simple direct connections between terminals without base station (ad-
hoc mode)
LANCOM 3850 UMTS
Chapter 1: Introduction
11
EN
Larger Wireless LANs, connection to LANs with one or more base stations
(infrastructure network)
Setting-up of an Internet access
Connecting two LANs via a direct radio link (point-to-point mode)
Connecting of devices with Ethernet interface via base stations (client
mode)
Extending an existing Ethernet network with WLAN (bridge mode)
Relay function for connecting networks via multiple access points.
Central Management with a LANCOM WLAN Controller
1.2 The advantages of the UMTS/HSPDA solution
The combination of UMTS/HSPDA, WLAN, DSL and VPN opens up a comple-
tely new range of possibilities in enterprise connectivity—for example, mobile
conference rooms that are connected via UMTS/HSPDA and offer Internet
access over WLAN or access to the company network via VPN. As a back-up
connection for site coupling, UMTS/HSPDA is cheaper and/or faster than the
conventional alternatives, ISDN and Analog. Furthermore, it is significantly
less prone to failure as there are no cables which are at risk from construction
works. Apart from that, UMTS/HSPDA is able to bridge the “last mile” for cus-
tomers who do not have access to an equivalent broad-band connection.
The UMTS/HSPDA card is simply operated in the CardBus expansion slot of the
appropriate LANCOM devices. The device automatically switches Internet
access between UMTS/HSPDA and GPRS depending on availability.
1.2.1 “Last mile“ via UMTS/HSPDA
The Internet connection over UMTS/HSPDA is recommendable wherever a
broadband Internet connection is not available. When accessing the Internet
with UMTS/HSPDA you can currently reach significant higher downstream
rates than with an ISDN connection.
LANCOM 3850 UMTS
Chapter 1: Introduction
12
EN
For a regular Internet connection over UMTS/HSPDA, various net providers
offer so called “homezone“ tariffs. With this tariff the data transfer within the
homezone radio cell is usually far below the costs of the usual mobile tariffs
where the data card is used in multiple radio cells.
A special application is the use of a WLAN Access Point with UMTS/
HSPDA connection and LANCOM UMTS/VPN Option as a HotSpot in
places without Internet via cable.
1.2.2 Mobile conference room
The modern business world requires ever increasing mobility from a growing
number of employees. That means that a constant access to e-mails, Internet
or to servers at headquarters is becoming more and more important.
A WLAN access point with UMTS/HSPDA connection provides the required fle-
xibility for people who often work in different places. Nearly every modern
notebook has a WLAN interface; the only thing missing for mobile Internet or
VPN access is a WAN interface. With the wireless Internet access over UMTS/
HSPDA or GPRS, mobile working areas can be created very easily.
Internet connection over UMTS/HSPDA
Internet
LANCOM 3850 UMTS
Chapter 1: Introduction
13
EN
For a group of staff members, who e.g. often work together on projects at a
customer’s location, a so-called mobile conference room can be established.
The access point then only has to be configured once by the administrator; the
staff members on location simply have to supply the device with power and
slot in the data card. With an appropriate configuration the router automati-
cally builds up a connection to the Internet. The result is that all notebooks
with a compatible passphrase in the WLAN configuration can directly access
the Internet. As long as the router has a VPN connection to headquarters, the
field staff can also access all of the services in the network of headquarters
(fileserver, mailserver, data bases) from the mobile office.
With the LANCOM UMTS/VPN Option the VPN support with five con-
nection channels is automatically activated. Further information to
the configuration can be found in the LCOS reference manual.
1.2.3 UMTS/HSPDA Backup
The high availability of data lines e. g. between branch offices and headquar-
ters in large company networks are in the majority of cases established over
backup solutions with ISDN or analog. The standard Internet connection is
then provided e. g. over a DSL connection, and an ISDN or analog line is used
as a backup line in the case the DSL line breaks down.
Internet connection over UMTS/HSPDA
Internet
Mobile WLAN, e.g. for a „mobile
conference room“.
VPN connection to headquarters
LANCOM 3850 UMTS
Chapter 1: Introduction
14
EN
As an alternative to the ISDN or analog backup method, a UMTS/HSPDA con-
nection can assure the availability of the data connection. If the connection to
the Internet is established by a router with LANCOM UMTS/VPN Option, the
UMTS/HSPDA connection can directly replace the DSL connection in the case
of a breakdown. The advantages of the UMTS/HSPDA backup solution com-
pared to the ISDN/analog option:
Faster than ISDN/analog: the data rate with UMTS/HSPDA is considerably
faster.
Safer than ISDN or analog: if a physical damage of the DSL line is the
reason for the breakdown, the ISDN/analog line usually breaks down as
well because both use the same physical line.
Cheaper than ISDN: the monthly charges for an UMTS/HSPDA account
depend upon the tariff well under the charges for an ISDN account. Com-
pared to the short time of breakdown of a DSL connection, the higher
connection tariffs for the UMTS/HSPDA are not relevant.
Adding the UMTS/HSPDA backup to existing installations is often simply an
issue of adding devices with LANCOM UMTS/VPN Option to existing LANCOM
devices. In complicated scenarios an existing ISDN backup in a VPN router can
be extended by the UMTS/HSPDA backup in a second device. In this case, the
routers will exchange the information about accessible routes using the “Rou-
ting Information Protocol“ (RIP).
A sophisticated backup system for protection against router hardware failure
can be implemented by using VRRP. Two or more routers are installed in a net-
work, one of which can replace the other in case of device failure. In addition
to normal VRRP, LANCOM devices can link the backup event triggering func-
tion to the availability of a data connection. With this additional feature,
Internet connection over DSL
Internet
Brach office with VPN over DSL
and backup over UMTS/HSPDA
VPN connection to headquarters
Backup connection over
UMTS/HSPDA
LANCOM 3850 UMTS
Chapter 1: Introduction
15
EN
LANCOM devices with more than one WAN interface (e.g. DSL and UMTS/
HSPDA interface) can be implemented flexibly in backup solutions. The
backup event is triggered for example, when the default route is no longer
available via the DSL interface. The device's UMTS/HSPDA interface can take
its place further along in the backup chain should the backup router also fail.
Further information to the configuration of backup lines can be found
in the LCOS reference manual.
1.3 What can your LANCOM Wireless Router do?
The following list shows you properties and functions of your device
Headquarters
DSL
ISDN
Internet
Branch
UMTS/
HSPDA
LANCOM 3850
UMTS
Applications
Internet access ✔
IP router with Stateful Inspection Firewall ✔
DHCP and DNS server (for LAN and WAN) ✔
VPN gateway ✔
UMTS/HSPDA function for internet connection, as mobile conference room or as
backup solution
✔
LAN-LAN coupling over VPN ✔
LANCOM 3850 UMTS
Chapter 1: Introduction
16
EN
RAS server (over VPN) ✔
Wireless LAN
Wireless transmission by IEEE 802.11g / IEEE 802.11b or wireless transmission by
IEEE 802.11a
✔
Simultaneous dual band operation possible with additional radio card ✔
Point-to-point mode (six P2P paths can be defined per WLAN interface) ✔
Relay function to link two P2P connections ✔
Turbo Mode: Double the bandwidth at 2.4 GHz and 5 GHz. ✔
Super AG incl. hardware compression and bursting ✔
Multi SSID ✔
Roaming function ✔
802.11i / WPA with hardware AES encryption ✔
WEP encryption (up to 128 Bit key length, WEP152) ✔
IEEE 802.1x/EAP ✔
MAC address filter (ACL) ✔
Individual passphrases per MAC address (LEPS) ✔
Closed network function ✔
Integrated RADIUS server ✔
VLAN ✔
Traffic lock function ✔
QoS for WLAN (IEEE 802.11e, WMM/WME) ✔
WLANmonitor for visualization of access points and clients in larger WLANs ✔
WLAN group configuration for simultaneous configuration of multiple devices ✔
LANCOM 3850
UMTS
LANCOM 3850 UMTS
Chapter 1: Introduction
17
EN
Connection to the LAN
Fast-Ethernet-connection (10/100base-TX) ✔
Power-over-Ethernet (PoE) ✔
DHCP and DNS server ✔
Connection to the WAN
WAN connection for DSL or cable modem ✔
UMTS/HSPDA connection via UMTS card in CardBus slot ✔
USB connector
USB 2.0 host port (full speed: 12 Mbps) for connecting a USB printer and for future
extensions
✔
Internet access (IP router)
Stateful Inspection Firewall ✔
Firewall filter (address, port) ✔
IP masquerading (NAT, PAT) ✔
Quality of Service ✔
Digital certificates (X.509) incl. PKCS#12 ✔
Advanced Routing and Forwarding (ARF networks) 8
N:N mapping for routing networks with the same IP-address ranges over VPN ✔
Policy- based routing ✔
Load balancing for bundling multiple DSL channels 2 channels
Backup solutions and load balancing with VRRP ✔
PPPoE server ✔
WAN RIP ✔
Rapid Spanning Tree Protocol ✔
Layer-2 QoS Tagging ✔
LANCOM 3850
UMTS
LANCOM 3850 UMTS
Chapter 1: Introduction
18
EN
802.1p ✔
NAT Traversal (NAT-T) ✔
DMZ with configurable IDS checks ✔
Power supply
12 V via separate power adapter (DC) ✔
Power-over-Ethernet (PoE) according to the standard IEEE 802.3af ✔
Configuration and firmware
Configuration with LANconfig or with web browser, additionally terminal mode for
Telnet or other terminal programs, SNMP interface and TFTP server function., SSH
connection.
✔
Configuration wizards ✔
1-Click-VPN wizard for easiest setup of RAS access and site-to-site LAN coupling
via VPN
✔
Serial configuration interface ✔
FirmSafe with firmware versions for absolutely secure software upgrades ✔
Optional software extensions
LANCOM Public Spot Option ✔
LANCOM VPN Option with 25 active tunnels for protection of network couplings ✔
Optional hardware extensions
AirLancer Extender antennas for extended range ✔
AirLancer MC-54 PC card for extension to a second radio cell (dual band) ✔
LANCOM ES-1108P PoE switch for Ethernet cabling;
simultaneously supplies power over Ethernet
✔
Lightning-protection adapters SA-5 and SA-LAN ✔
LANCOM 3850
UMTS
LANCOM 3850 UMTS
Chapter 2: Installation
19
EN
2 Installation
2.1 Package contents
Please check the package contents for completeness before starting the
installation. In addition to the LANCOM Wireless Router itself, the package
should contain the following accessories:
If anything is missing, please contact your retailer or the address stated on the
delivery slip of the unit.
2.2 System requirements
2.2.1 Configuring the LANCOM devices
Computers that connect to a LANCOM must meet the following minimum
requirements:
Operating system that supports TCP/IP, e.g. Windows Vista™,
Windows XP, Millennium Edition (Me), Windows 2000, Windows 98,
Linux, BSD Unix, Apple Mac OS, OS/2.
Access to the LAN via the TCP/IP protocol.
The LANtools also require a Windows operating system. A web brow-
ser under any operating system provides access to WEBconfig.
LANCOM 3850
UMTS
12V DC Power adapter ✔
Dual-band diversity antennas 2
PoE LAN connector cable (green plugs) ✔
DSL connector cable (deep blue plugs) ✔
Connector cable for the configuration interface ✔
Enclosure for cardbus slot ✔
LANCOM CD ✔
Printed documentation ✔
LANCOM 3850 UMTS
Chapter 2: Installation
20
EN
2.2.2 Operating access points in managed mode
LANCOM Wireless Routers and LANCOM Access Points can be operated either
as self-sufficient Access Points with their own configuration ("Access Point
mode“) or as components in a WLAN infrastructure, which is controlled from
a central WLAN Controller ("managed mode").
For operation in managed mode the Access Points require firmware of
version 7.22 or higher and a current loader (version 1.86 or higher).
2.3 Status displays, interfaces an hardware installation
2.3.1 Status display
Meanings of the LEDs
In the following sections we will use different terms to describe the behaviour
of the LEDs:
Blinking means, that the LED is switched on or off at regular intervals in
the respective indicated colour.
Flashing means, that the LED lights up very briefly in the respective
colour and stay then clearly longer (approximately 10x longer) switched
off.
Inverse flashing means the opposite. The LED lights permanently in the
respective colour and is only briefly interrupted.
Flickering means, that the LED is switched on and off in irregular inter-
vals.
Front side
The LANCOM Wireless Routers have status displays on the front panel.
3850 Wireless
Power
WLAN
DSL
UMTS
ETH 1
ETH 2
VPN
쐃쐏쐄
쐂쐆쐋
Table of contents
Other Lancom Network Router manuals
Lancom
Lancom LANcare Basic User manual
Lancom
Lancom 1781VA User manual
Lancom
Lancom GS-1224 User manual
Lancom
Lancom 1811 User manual
Lancom
Lancom 1781VAW User manual
Lancom
Lancom GS-2310P User manual
Lancom
Lancom 821 User manual
Lancom
Lancom 1821n Wireless User manual
Lancom
Lancom 1781VAW User manual
Lancom
Lancom 1751 UMTS User manual
Lancom
Lancom 1783VA-4G User manual
Lancom
Lancom 800+ User manual
Lancom
Lancom 1721+ VPN Manual
Lancom
Lancom 7111 VPN User manual
Lancom
Lancom AP-321-3G User manual
Lancom
Lancom 1723 VOIP User manual
Lancom
Lancom 1722 VOIP User manual
Lancom
Lancom 1711+ VPN User manual
Lancom
Lancom 3550 Wireless User manual
Lancom
Lancom AirLancer MC-54 User manual
