Gebruiksaanwijzing /service van het product 2200 van de fabrikant Netopia
Ga naar pagina of 351
Netopia ® Software User Guide April 2006 Netopia ® 2200 and 3300 Series Gateways Version 7.6.
2 Copyright Copyright © 2006 Netopia, Inc. Netopia, the Netopia logo, and 3-D Reach are register ed trademarks belonging to Netopia, Inc., registered U.S. Patent and Trade mark Of fice. Broadband Without Boundaries is a trademark belonging to Netopia, Inc.
3 T able of Contents T able of Contents Copyright . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 CHAPTER 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 What’s New in 7.6 . .
T able of Contents 4 Status Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Enable Remote Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Expert Mode . . . . . . . . . . .
5 T able of Contents Configure the IPMaps Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 FAQs for the IPMaps Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 What are IPMaps and how are they used? . . . . . . . .
T able of Contents 6 SafeHarbour IPSec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Configuring a SafeHarbour VPN . . . . . . . . . . . . . . . . . . . . . . . . 132 Parameter Descriptions . . . . . . . . . . . . . . . .
7 T able of Contents Modifying filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Deleting filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 Moving filters . . . . . . . . . . .
T able of Contents 8 CHAPTER 6 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . 221 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Starting and Ending a CLI Session . . . . . . . . . .
9 T able of Contents Default IP Gateway Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 IP-over-PPP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Static ARP Settings . . . . . . . . . . . . . . . . . .
T able of Contents 10 CHAPTER 7 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 1 -----A----- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 -----B----- . . . . . . . . . . . . . .
11 T able of Contents International . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 Regulatory notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 European Community. . . . . . .
T able of Contents 12 VPN IPSec Pass Through . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 VPN IPSec Tunnel Termination. . . . . . . . . . . . . . . . . . . . . . . . . 344 Stateful Inspection Firewall . . . . . . . . . . . . . . . . .
13 What’ s New in 7.6 CHAPTER 1 Introduction What’ s New in 7.6 New in Netopia Fir mware V ersion 7.6 are the following features: • TR-069 CLI Enhancements. See “TR-069” on page 300 . • V ariable wireless transmission power contr ol CLI command.
14 About Netopia Documentation ☛ NO TE: This guide describes the wide variety of features and functionality of the Neto- pia Gateway , when used in Router mode.
15 Documentation Conventions Documentation Con ventions General This manual uses the following conventions to present infor mation: Internal W eb Interface Command Line Interface Syntax conventions fo.
16 curly ({ }) brackets, with values sep- arated with ver tical bars (|). Alternative values for an ar gument ar e pre- sented in curly ({ }) brackets, with values separated with ver tical bars (|).
17 Organization Organization This guide consists of nine chapters, including a glossar y , and an index. It is organized as follows: • Chapter 1, “Introduction” — Describes the Netopia document suite, the purpose of, the audience for , and str ucture of this guide.
18.
19 CHAPTER 2 Basic Mode Setup Most users will find that the basic Quickstar t configuration is all that they ever need to use. This section may be all that you ever need to configure and use your Netopia Gateway . The following instr uctions cover installation in Router Mode .
20 Impor tant Safety Instructions PO WER SUPPL Y INST ALLA TION Connect the power supply cord to the power jack on the Netopia Gateway . Plug the power supply into an appropriate electrical outlet.
21 Wichtige Sicherheitshinweise Wichtige Sicherheitshinweise NETZTEIL INST ALLIEREN V erbinden Sie das Kabel vom Netzteil mit dem Power-Anschluss an dem Netopia Gateway .
22 Setting up the Netopia Gatewa y Refer to your Quickstar t Guide for instr uctions on how to connect your Netopia gateway to your power source, PC or local ar ea network, and your Internet access point, whether it is a dedicated DSL outlet or a DSL or cable modem.
23 Setting up the Netopia Gateway Then go to Step 2. Step 2. Select Obtain an IP address automatically . Step 3. Select Obtain DNS ser ver address automatically , if available. Step 4. Remove any previously configur ed Gateways, if available. Step 5.
24 Macintosh MacOS 8 or higher or Mac OS X: Step 1. Access the TCP/IP or Network control panel. a. MacOS follows a path like this: Apple Menu -> Control Panels -> TCP/IP Contr ol Panel.
25 Setting up the Netopia Gateway Then go to Step 2. Step 2. Select Built-in Ethernet Step 3. Select Configure Using DHCP Step 4. Close and Save, if prompted.
26 Configuring the Netopia Gatewa y 1. Run y our W eb browser application, such as Firefo x or Microsoft Internet Explorer , from the computer connected to the Netopia Gatewa y . Enter http://192.168.1.254 in the Location text box. The Admin Password page appears.
27 Configuring the Netopia Gateway MiA V o VDSL and Ethernet W AN models Quic kstar t The browser then displays the Quickstar t page. 2. Click the Connect to the Internet button. Once a connection is established, your browser is r edirected to your ser vice pr ovider’s home page or a registration page on the Inter net.
28 PPP oE Quic kstar t For a PPPoE connection, your browser will display a dif ferent series of web pages: The browser then displays the Quickstar t web page. 3. Enter the username and passw ord supplied b y your Internet Service Pr o- vider . Click the Connect to the Internet button.
29 Configuring the Netopia Gateway 4. When the connection succeeds, y our browser will displa y a success message. Once a connection is established, your browser is r edirected to your ser vice pr ovider’s home page or a registration page on the Inter net.
30 Netopia Gatewa y Status Indicator Lights Colored LEDs on your Netopia Gateway indicate the status of various por t activity . Dif fer ent Gateway models have dif fer ent por ts for your connections and dif fer ent indicator LEDs. The Quickstar t Guide accompanying your Netopia Gateway describes the behavior of the various indicator LEDs.
31 Home Page - Basic Mode Home P age - Basic Mode After you have per for med the basic Quickstar t configuration, any time you log in to your Netopia Gateway you will access the Netopia Gateway Home Page. Y ou access the Home Page by typing http://192.
32 The Home Page displays the following infor mation in the center section: The links in the left-hand column on this page allow you to manage or configure several fea- tures of your Gateway . Each link is described in its own section. Item Description Serial Number This is the unique serial number of your Gateway .
33 Home Page - Basic Mode Link: Mana g e My Account Y ou can change your ISP account infor mation for the Netopia Gateway . Y ou can also man- age other aspects of your account on your ser vice provider’s account management Web site. Click on the Mana g e My Account link.
34 Link: Status Details If you need to diagnose any problems with your Netopia Gateway or its connection to the Internet, you can r un a sophisticated diagnostic tool. It checks several aspects of your physical and electronic connection and r epor ts its results on-scr een.
35 Home Page - Basic Mode Link: Enab le Remote Mana g ement This link allows you to authorize a remotely-located person, such as a suppor t technician, to directly access your Netopia Gateway . This is useful for fixing configuration problems when you need exper t help.
36 Link: Exper t Mode Most users will find that the basic Quickstar t configuration is all that they ever need to use. Some users, however , may want to do more advanced configuration. The Netopia Gateway has many advanced features that can be accessed and configur ed through the Exper t Mode pages.
37 Home Page - Basic Mode Link: Update Firmware (This link is not available on the 3342/3352 models, since fir mware updates must be upgraded via the USB host driver .) Periodically , the embedded fir mwar e in your Gateway may be updated to improve the oper- ation or add new features.
38 Link: F actor y Reset In some cases, you may need to clear all the configuration settings and star t over again to program the Netopia Gateway . Y ou can per for m a factor y r eset to do this. Click on F actor y Reset to reset the Gateway back to its original factor y default settings.
39 Accessing the Expert Web Interface CHAPTER 3 Expert Mode Using the Exper t Mode Web-based user inter face for the Netopia 2200- and 3300-series Gateway you can configure, tr oubleshoot, and monitor the status of your Gateway .
40 3. Click on the Exper t Mode link in the left-hand column of links. Y ou are challenged to confir m your choice. Click OK . The Home Page opens in Exper t Mode.
41 Accessing the Expert Web Interface Home P age - Exper t Mode The Home Page is the summar y page for your Netopia Gateway . The toolbar at the top pro- vides links to controlling, configuring, and monitoring pages. Critical configuration and oper- ational status is displayed in the center section.
42 Home P age - Information The Home page’s center section contains a summar y of the Gateway’s configuration set- tings and operational status. Summary Information Field Status and/or Descriptio.
43 Accessing the Expert Web Interface DHCP Ser ver On or Of f . ON if using DHCP to get IP addresses for your LAN client machines. DHCP Leases A “lease” is held by each LAN client that has obtained an IP address thr ough DHCP . Ethernet (or USB) Status Status of your Ethernet network connection (if suppor ted).
44 T oolbar The toolbar is the dark blue bar at the top of the page containing the major navigation but- tons. These buttons are available fr om almost ever y page, allowing you to move freely about the site. Navigating the W eb Interface Link: Breadcrumb T rail The breadcr umb trail is built in the light br own area beneath the toolbar .
45 Restart Restar t Button: Restar t The Restar t button on the toolbar allows you to restar t the Gateway at any time. Y ou will be prompted to confir m the r estar t befor e any action is taken. The Restar t Confir mation mes- sage explains the consequences of and reasons for r estar ting the Gateway .
46 Link: Aler t Symbol The Aler t symbol appears in the upper right cor ner if you make a database change; one in which a change is made to the Gateway’s configuration. The Aler t ser ves as a r eminder that you must Save the changes and Restart the Gateway before the change will take ef fect.
47 Help Help Button: Help Context-sensitive Help is provided in your Gateway . The page shown here is displayed when you are on the Home page or other transitional pages. T o see a context help page example, go to Security -> P ass w ords , then click Help .
48 Configure Button: Configure The Configuration options are pr esented in the order of likelihood you will need to use them. Quickstart is typically accessed during the hardwar e installation and initial configu- ration phase. Often, these settings should be changed only in accor dance with infor - mation from y our Service Pro vider .
49 Configure 2. Click Connect to the Internet . A brief message is displayed while the Gateway attempts to establish a connection. 3. When the connection succeeds, y our browser will displa y y our Ser vice Pro vider’ s home page .
50 Link: LAN * Enable Interface : Enables all LAN-connected computers to share resour ces and to con- nect to the W AN. The Inter face should always be enabled unless you ar e instr ucted to dis- able it by your Ser vice Provider during tr oubleshooting.
51 Configure • Adv anced : Clicking on the Advanced link displays the Advanced LAN IP Inter face page. • IGMP Forwarding : The default setting is Disabled. If you check this option, it will enable Internet Gr oup Management Protocol (IGMP) multicast for warding.
52 • Static Client Address T ranslation: If you check this checkbox, this feature allows a statically addressed computer whose IP addr ess falls outside of the LAN subnet(s) to simply plug in and get online without any manual configuration on either the host or the Netopia Gateway .
53 Configure Wireless (supported models) If your Gateway is a wireless model (such as a 3347W) you can enable or disable the wir e- less LAN (WLAN) by clicking the Wireless link.
54 ☛ NO TE: On the 2200-Series Gateways, WEP-Manual privacy is enabled by default. Use the Netopia Installation Wizard on the accompanying Netopia CD to gener- ate WEP keys for connecting wireless client computers. Privac y • Off - No Privac y pr ovides no encr yption on your wireless LAN data.
55 Configure The Pre Shared Key is a passphrase shar ed between the Router and the clients and is used to generate dynamically changing keys. The passphrase can be 8-63 characters or up to 64 hex characters. It is recommended to use at least 20 characters for best secu- rity .
56 Click the Submit button. The Aler t icon appears. Click the Aler t icon, and then the Sa ve and Restar t link..
57 Configure Adv anced If you click the Ad v anced link, the advanced 802.11 Wireless Settings page appears. Note: This page displays dif fer ent options depending on which for m of Privacy or other.
58 options you have enabled. Y ou can then configure: Operating Mode: The pull-down menu allows you to select and lock the Gateway into the wireless transmission mode you want. For compatibility with clients using 802.11 b (up to 11 Mbps transmission) and 802.
59 Configure Enable Closed System Mode : If enabled, Closed System Mode hides the wireless net- work from the scanning featur es of wireless client computers.
60 Block Wireless Bridging: Check the checkbox to block wireless clients fr om communicat- ing with other wireless clients on the LAN side of the Gateway . • WEP - Manual allows you to enter your own encr yption keys manually . This is a dif ficult process, but only needs to be done once.
61 Configure Encryption Key #1 – #4 : The encr yption keys. Y ou enter keys using hexadecimal digits. For 40/64bit encr yption, you need ten digits; 26 digits for 128bit, and 58 digits for 256bit WEP . Hexadecimal characters ar e 0 – 9, and a – f.
62 Multiple SSIDs The Multiple Wireless SSIDs featur e allows you to add additional network identifiers (SSIDs or Network Names ) for your wireless network. T o enable Multiple Wireless SSIDs, click the Multiple SSIDs link. When the Multiple Wireless SSIDs scr een appears, check the Enable SSID checkbox for each SSID you want to enable.
63 Configure Privacy modes available from the pull-down menu for the multiple SSIDs ar e: WP A-PSK , WP A-802.1x , or Off-No Privacy . WEP can also be selected on the additional SSIDs as long as it is not used on the primar y SSID. WEP can only be used on one SSID, so any oth- ers will not have WEP available.
64 T o enable Wireless MAC Authentication, click the MA C A uthorization link. When the Wireless MAC Authentication scr een appears, check the Enable Wireless MAC A uthorization checkbox: The screen expands as follows: Click the Ad d button. The A uthorized Wireless MA C Address Entry screen appears.
65 Configure Enter the MAC (hardwar e) address of the client PC you want to authorize for access to your wireless LAN. The Allow Access? checkbox is enabled by default. Unchecking this check- box specifically denies access from this MAC addr ess. Click the Submit button.
66 Use RADIUS Server RADIUS ser vers allow exter nal authentication of users by means of a remote authentica- tion database. The remote authentication database is maintained by a Remote Authentica- tion Dial-In User Ser vice (RADIUS) ser ver .
67 Configure The Adv anced Network Configuration page appears. Y ou access the RADIUS Ser ver configuration scr een from the Advanced Network Configura- tion web page, by clicking the RADIUS Server link.
68 Link: W AN W AN IP Interfaces Y our IP inter faces ar e listed. Click on an inter face to configur e it. IP Gatewa y Enable Gate way: Y ou can configure the Gateway to send packets to a default gateway if it does not know how to reach the destination host.
69 Configure A TM Circuits: Y ou can configure the A TM cir cuits and the number of Sessions. The IP Inter face(s) should be r econfigured after making changes here. Netopia Fir mware V ersion 7 suppor ts VPI/VCI autodetection by default. If VPI/VCI auto- detection is enabled, the A TM Circuits page displays VPI/VCI = 0.
70 Y ou can choose UBR (Unspecified Bit Rate), CBR (Constant Bit Rate), or VBR (V ariable Bit Rate) from the pull-down menu and set the Peak Cell Rate (PCR) in the editable field. UBR (Unspecified Bit Rate) guarantees no minimum transmission rate. Cells are transmitted on a “best ef for t” basis.
71 Configure ☛ Note: The dif fer ence between VBR-r t and VBR-nr t is the tolerated Cell Delay V aria- tion range and the provisioned Maximum Burst Size. Class PCR SCR MBS T ransmit Priority Comments UBR X N/A N/A Low PCR is a cap CBR X N/A N/A High PCR is a guaranteed rate VBR X X X High PCR > SCR.
72 Link: Ad v anced Selected Advanced options are discussed in the pages that follow . Many are self-explana- tor y or are dictated by your ser vice provider .
73 Configure Link: IP Static Routes A static route identifies a manually configur ed pathway to a remote network. Unlike dynamic routes, which ar e acquired and confir med periodically from other r outers, static routes do not time out.
74 • Interface T ype : Choose PPP (vcc1) – depending on the inter face; typically vcc1 for DSL – or IP Address fr om the pull-down menu to specify whether the static route is accessible through PPP or IP addr ess. • Gatewa y : Enter the IP address of the gateway for the static r oute.
75 Configure When you are finished, click the Aler t icon , switch to the Save Changes page, and click the Sa ve Changes link. Link: IP Static ARP Y our Gateway maintains a dynamic Address Resolution Pr otocol (ARP) table to map IP addresses to Ether net (MAC) addresses.
76 Configure Specific Pinholes. Planning f or Y our Pinholes. Deter mine if any of the ser vice applications that you want to provide on your LAN stations use TCP or UDP protocols. If an application does, then you must configur e a pinhole to implement por t for- warding.
77 Configure ☛ TIPS f or making Pinhole Entries: 1. If the por t for war ding feature is requir ed for Web ser vices, ensur e that the embedded Web ser ver’s por t number is r e-assigned PRIOR to any Pinhole data entr y . 2. Enter data for one Pinhole at a time.
78 A diagram of this LAN example is: Y ou can also use the LAN-side address of the Gateway , 192.168.1.x:8100 to access the web and 192.168.1.x:23 to access the telnet ser ver . WA N LAN Ethernet Interface 192.168.1.1 192.168.1.2 192.168.1.3 my-webserver my-mailserver my-games Gatewa y NA T NA T Pinholes Embedded W eb Server 210.
79 Configure Pinhole Configuration Procedure. Use the following steps: 1. From the Configure toolbar button -> Ad v anced link, select the Internal Server s link. Since Por t For war ding is required for this example, the Netopia embedded Web ser ver is configured first.
80 5. Click Ad d . T ype your specific data into the Pinhole Entries table of this page. Clic k Submit . 6. Click on the Ad d or Edit more Pinholes link.
81 Configure 7. Click on the Ad d or Edit more Pinholes link. Click the Ad d button. Add the next Pinhole. T ype the specific data for the third Pinhole. ☛ NO TE: Note the following parameters for the “my-games” Pinhole: 1. The Protocol ID is UDP .
82 10. Select the Sa ve and Restar t link to complete the entire Pinhole creation task and ensure that the parameters are pr operly sa ved. ☛ NO TE: REMEMBER: When you have re-assigned the por t addr ess for the embedded Web ser ver , you can still access this facility .
83 Configure Configure the IPMaps Feature F A Qs for the IPMaps Feature Before configuring an example of an IPMaps-enabled network, r eview these frequently asked questions. What are IPMaps and how are the y used? The IPMaps feature allows multi- ple static W AN IP addresses to be assigned to the Netopia Gateway .
84 IPMaps Block Dia gram The following diagram shows the IPMaps principle in conjunction with existing Netopia NA T operations: NA T/P A T T able 143.137.50.37 143.137.50.36 143.137.50.35 192.168.1.1 192.168.1.n 192.168.1.3 192.168.1.2 ... ... Netopia Gatewa y Static IP Addresses for IPMaps Applications 143.
85 Configure Link: Default Server This feature allows you to: • Direct your Gateway to for war d all exter nally initiated IP traf fic (TCP and UDP protocols only) to a default host on the LAN. • Enable it for cer tain situations: – Where you cannot anticipate what por t number or packet pr otocol an in-bound appli- cation might use.
86 T ypical Network Diagram. A typical network using the NA T Default Ser ver looks like this: Y ou can also use the LAN-side address of the Gateway , 192.
87 Configure With this topology , you configur e the embedded administration por ts as a first task, fol- lowed by the Pinholes and, finally , the NA T Default Ser ver . When using both NA T pinholes and NA T Default Ser ver the Gateway works with the follow- ing r ules (in sequence) to for war d traf fic from the Inter net to the LAN: 1.
88 The Host Har dware Address field displays. Here you enter the MAC address of the desig- nated IP-Passthrough computer . • If this MAC address is not all zer oes, then it will use DHCP to set the LAN host's address to the (configur ed or acquired) WAN IP address.
89 Configure Link: Diff erentiated Ser vices When you click the Diff erentiated Services link, the Dif fer entiated Ser vices configura- tion screen appears. Netopia Fir mware V ersion 7.6 of fers Dif fer entiated Ser vices (Dif fser v) enhancements.
90 Y ou can then define Custom Flows. If your applications do not provide Quality of Ser vice (QoS) control, Custom Flows allows you to define str eams for some protocols, por t ranges, and between specific end point addresses. • T o define a custom flow , click the Ad d button.
91 Configure • Quality of Service (QoS) – This is the Quality of Ser vice setting for the flow , based on the TOS bit infor mation. Select Expedite, Assure, or Of f (default) from the pull-down menu. The following table outlines the TOS bit settings and behavior: QoS Setting T OS Bit V alue Behavior Of f TOS=000 This custom flow is disabled.
92 Link: DNS Y our Ser vice Pr ovider may maintain a Domain Name ser ver . If you have the infor mation for the DNS ser vers, enter it on the DNS page. If your Gateway is configured to use DHCP to obtain its W AN IP addr ess, the DNS information is automatically obtained fr om that same DHCP Ser ver .
93 Configure Y our Ser vice Pr ovider may , for cer tain ser vices, want to provide configuration from its DHCP ser vers to the computers on your LANs. In this case, the Gateway will relay the DHCP requests fr om your computers to a DHCP ser ver in the Ser vice Provider's network.
94 Link: RADIUS Ser ver RADIUS ser vers allow exter nal authentication of users by means of a remote authentica- tion database. The remote authentication database is maintained by a Remote Authentica- tion Dial-In User Ser vice (RADIUS) ser ver .
95 Configure Link: SNMP When you click the SNMP link, the SNMP configuration page appears. The Simple Network Management Protocol (SNMP) lets a network administrator monitor problems on a network by r etrieving settings on remote network devices.
96 ☛ W ARNING: SNMP presents y ou with a security issue . The community facility of SNMP behaves some what like a passwor d. The community “public” is a well-known comm unity name . It could be used to examine the configu- ration of y our Gateway b y your service pr ovider or an unin vited revie wer .
97 Configure The IP T rap Entr y screen appears. Enter an IP T rap Entr y IP address. This is the destination for SNMP trap messages, the IP address of the host acting as an SNMP console. Click the Submit button. Click the Aler t icon, and in the resulting page, click the Save and Restar t link.
98 T o configure the IGMP options available in Netopia Gateways, click the IGMP link. The IGMP page appears. Y ou can set the following options: • IGMP Snooping – checking this checkbox enables the Netopia Gateway to “listen in” to IGMP traf fic.
99 Configure • Unsolicited Report Inter val – the amount of time in seconds between r epetitions of a par ticular computer’s initial repor t of membership in a gr oup. The default unsolicited repor t inter val is 10 seconds. • Querier V ersion – select a version of the IGMP Querier from the pull-down menu: v1 or v2 .
100 Link: UPnP Universal Plug and Play (UPnP™) is a set of protocols that allows a PC to automatically dis- cover other UPnP devices (anything from an inter net gateway device to a light switch), retrieve an XML description of the device and its ser vices, contr ol the device, and sub- scribe to real-time event notification.
101 Configure Link: LAN Mana g ement TR-064 is a LAN-side DSL Gateway configuration specification. It is an extension of UPnP . It defines more ser vices to locally manage the Netopia Gateway .
102 Link: Ad v anced -> Ethernet Bridg e The Netopia Gateway can be used as a bridge, rather than a router . A bridge is a device that joins two networks.
103 Configure Configuring for Bridge Mode 1. Bro wse into the Netopia Gatewa y’ s web interface. 2. Click on the Configure button in the upper Men u bar . 3. Click on the LAN link. The LAN page appears. 4. In the bo x titled LAN IP Inter- face (Ethernet 100BT): Make note of the Ethernet IP Addr ess and subnet mask.
104 The Ethernet Bridge page appears. The appearance of this page varies, depending on your Gateway’s inter- faces. 7. If av ailable: a. Check the Enable Bridging on P ort selection. (This may be Always On.) b. Click Submit . 8. If y ou want the Gateway to do both bridging and routing, check the Enable Concurrent Bridging/Routing chec kbox.
105 Configure 11 . If you are satisfied with the c hang es y ou have made, clic k Sa ve and Restar t in the Save Database bo x to Apply c hanges and restar t Gatewa y . Y ou have now configured your Netopia Gateway for bridging, and it will bridge all traf fic across the WAN.
106 Link: VLAN A Vir tual Local Area Network (VLAN) is a network of computers that behave as if they ar e connected to the same wire even though they may be physically located on dif ferent seg- ments of a LAN. Y ou set up VLANs by configuring the Gateway software rather than har d- ware.
107 Configure An example of multiple VLANs is shown below: T o create a VLAN, click the Ad d button. The VLAN Entry page appears. Y ou can create up to 32 VLANs, and you can also r estrict any VLAN, and the computers on it, from administering the Gateway .
108 • VLAN id – This must be a unique identifying number between 1 and 4095. • VLAN Name – A descriptive name for the VLAN. • VLAN Protocol – This field is not editable; you can only associate por ts with a VLAN. • Admin Restricted – If you want to prevent administrative access to the Gateway fr om this VLAN, check the checkbox.
109 Configure For Netopia VGx technology models, separate Ethernet switch por ts are displayed and may be configured. T o enable any of them on this VLAN, select one, and click the Ad d button.
11 0 Y ou can Add , Edit , or Delete your VLAN entries by retur ning to the VLANs page, and selecting the appropriate entr y fr om the displayed list..
111 Configure Link: System The System Name defaults to your Gateway's factor y identifier combined with its serial number . Some cable-oriented Ser vice Providers use the System Name as an impor tant identification and suppor t parameter .
11 2 • Syslog : Enable syslog logging in the system. • Syslog Host Name/IP Address : Enter the name or the IP Address of the host that should receive syslog messages. • Facility : From the pull-down menu, select the Syslog facility to be used by the router when generating syslog messages.
11 3 Configure Log Event Messages Administration Related Log Messages 1. administrative access attempted: This log-message is generated whene ver the user attempts to access the router's management interf ace.
11 4 DSL Log Messages (most common): 1. W AN: Data link activated at <Rate> Kbps (rx/tx) This log message is generated when the DSL link comes up . 2.W AN: Data link deactivated This log message is generated when the DSL link goes down. 3. RFC1483 up This log message is generated when RFC1483 link comes up .
11 5 Configure 6. dropped - frag- mented packet: This log-message is generated whene ver a pac ket, tra versing the router , is dropped because it is fragmented, stateful inspection is turned ON on the packet's transmit or receiv e interf ace, and deny- fragment option is enab led.
11 6 Link: Internal Ser vers Y our Gateway ships with an embedded Web ser ver and suppor t for a T elnet session, to allow ease of use for configuration and maintenance. The default por ts of 80 for HTTP and 23 for T elnet may be reassigned. This is necessar y if a pinhole is created to suppor t appli- cations using por t 80 or 23.
11 7 Configure T o select the games or software that you want to host for a specific PC, highlight the name(s) in the box on the left side of the screen.
11 8 Buddy Phone Calista IP Phone CART Precision Racing, v 1.0 Citrix Metaframe/ICA Client Close Combat for Windows 1.0 Close Combat: A Bridge T oo Far , v 2.0 Close Combat III: The Russian Front, v 1.0 Combat Flight Sim: WWII Europe Series, v 1.0 Combat Flight Sim 2: WWII Pacific Thr , v 1.
11 9 Configure Rename a User(PC) If a PC on your LAN has no assigned host name, you can assign one by clicking the Rename a User(PC) link. T o rename a ser ver , select the ser ver fr om the pull-down menu. Then type a new name in the text box below the pull-down menu.
120 ☛ NO TE: The new name given to a ser ver is only known to Software Hosting. It is not used as an identifier in other network functions, such as DNS or DHCP . Link: Clear Options T o restor e the factor y configuration of the Gateway , choose Clear Options .
121 Configure Link: Time Zone When you click the Time Zone link, the Time Zone page appears. Y ou can set your local time zone by selecting the number of hours your time zone is distant from Gr eenwich Mean Time (GMT +12 – -12) from the pull-down menu.
122 Security Button: Security The Security features ar e available by clicking on the Security toolbar button. Some items of this categor y do not appear when you log on as User .
123 Security Link: P ass w or ds Access to your Gateway may be controlled thr ough two optional user accounts, Admin and User . When you first power up your Gateway , you cr eate a password for the Admin account. The User account does not exist by default.
124 T o display the Passwor ds window , click the Security toolbar button on the Home page. Use the following procedur e to change existing passwords or add the User passwor d for your Netopia Gateway: 1. Select the account type from the Username pull-down list.
125 Security Link: Fire wall Use a Netopia Firewall BreakW ater Basic Firewall. Br eakW ater delivers an easily selectable set of pre- configured fir ewall protection levels. For simple implementation these settings (comprised of three levels) ar e readily available through Netopia’s embedded web ser ver inter face.
126 4. Click on the radio b utton to select the protection le vel you want. Click Submit . Changing the BreakW ater setting does not r equire a restar t to take ef fect. This makes it easy to change the setting “on the fly ,” as your needs change.
127 Security TIPS for making y our BreakW ater Basic Firewall Selection Basic Firewall Bac kground As a device on the Internet, a Netopia Gateway r equires an IP addr ess in order to send or receive traf fic. The IP traf fic sent or r eceived have an associated application por t which is dependent on the nature of the connection r equest.
128 This table shows how inbound traf fic is tr eated. Inbound means the traf fic is coming from the W AN into the WAN side of the Gateway . This table shows how outbound traf fic is tr eated. Outbound means the traf fic is coming from the LAN-side computers into the LAN side of the Gateway .
129 Security ☛ NO TE: The Gateway’s W AN DHCP client por t in SilentRunning mode is enabled . This feature allows end users to continue using DHCP-ser ved IP addr esses from their Ser vice Providers, while having no identifiable pr esence on the Inter net.
130 Link: IPSec When you click on the IPSec link, the IPSec configuration screen appears. Y our Gateway can suppor t two mechanisms for IPSec tunnels: • IPSec P assThrough suppor ts Vir tual Private Network (VPN) clients running on LAN- connected computers.
131 Security SafeHarbour IPSec VPN SafeHarbour VPN IPSec T unnel provides a single, encr ypted tunnel to be terminated on the Gateway , making a secur e tunnel available for all LAN- connected users. This imple- mentation of fers the following: • Eliminates the need for VPN client software on individual PCs.
132 A typical SafeHarbour configuration is shown below: Configuring a SafeHarbour VPN Use the following procedur e to configure your SafeHarbour tunnel.
133 Security T able 1: IPSec T unnel Details Parameter Setup W orksheet P arameter Netopia Gate way Peer Gatewa y Name P eer Internal Network P eer Internal Netmask NA T Enable On/Of f P A T Address N.
134 3. Be sure that y ou have SafeHarbour VPN enabled. SafeHarbour is a keyed feature. See “Install Keys” on page 184. for infor mation con- cerning installing Netopia Softwar e Feature Keys. 4. Check the Enab le SafeHarbour IPSec chec kbox. Checking this box will automatically display the SafeHarbour IPSec T unnel Entry parameters.
135 Security 10. Make the T unnel Details entries. Enter or select the requir ed set- tings. Refer to your “IPSec T unnel Details Parameter Setup Work- sheet” on page 133 .) 11 . Click Update . The Aler t button appears. 12. Click the Aler t button.
136 P arameter Descriptions The following tables describe SafeHarbour’s parameters that are used for an IPSec VPN tunnel configuration: T able 2: IPSec Configuration page parameters Field Description Name The Name parameter refers to the name of the configur ed tunnel.
137 Security P A T Address If NA T is enabled, this field appears. Y ou can specify a Por t Address Trans- lation (P A T) addr ess or leave the default all-zeroes (if Xauth is enabled). If you leave the default. the address will be r equested from the remote r outer and dynamically applied to the Gateway .
138 SA Hash T ype SA Hash Type refers to the Authentication Hash algorithm used during SA negotiation. V alues suppor ted include MD5 and SHA1. N/A will display if NONE is chosen for Auth Protocol. In valid SPI Recovery Enabling this allows the Gateway to re-establish the tunnel if either the Netopia Gateway or the peer gateway is rebooted.
139 Security Xauth Enable Extended Authentication (XAuth), an extension to the Inter net Key Exchange (IKE) protocol. The Xauth extension pr ovides dual authentication for a remote user’s Netopia Gateway to establish a VPN, authorizing net- work access to the user’s central of fice.
140 Link: Stateful Inspection All computer operating systems are vulnerable to attack fr om outside sources, typically at the operating system or Internet Pr otocol (IP) layers.
141 Security • UDP no-activity time-out : The time in seconds after which a UDP session will be ter- minated, if there is no traf fic on the session. • TCP no-activity time-out : The time in seconds after which an TCP session will be ter- minated, if there is no traf fic on the session.
142 Add, Edit, or delete exposed addresses options ar e active only if NA T is disabled on a W AN inter face. The hosts specified in exposed addr esses will be allowed to receive inbound traf- fic even if there is no cor r esponding outbound traf fic.
143 Security Click the Ad d button to add a new range of exposed addresses. Y ou can edit a previously configur ed range by clicking the Edit button, or delete the entr y entirely by clicking the Delete button. All configuration changes will trigger the Aler t Icon.
144 Stateful Inspection Options Stateful Inspection Parameters are active on a WAN inter face only if you enable them on your Gateway . • Stateful Inspection : T o enable stateful inspection on this W AN inter face, check the checkbox. • Default Mapping to Router : This is disabled by default.
145 Security Open P orts in Default Stateful Inspection Installation P ort Protocol Description LAN (Private) Interface W AN (Public) Interface 23 TCP telnet Y es No 53 UDP DNS Y es No 67 UDP Bootps Y.
146 Firewall T utorial General firewall terms ☛ Note: Breakwater Basic Firewall (see “BreakW ater Basic Firewall” on page 125 ) does not make use of the packet filter suppor t and can be used in addition to filtersets Filter rule: A filter set is comprised of individual filter r ules.
147 Firewall T utorial This header infor mation is what the packet filter uses to make filtering decisions. It is impor tant to note that a packet filter does not look into the IP data stream (the User Data from above) to make filtering decisions.
148 Example TCP/UDP Ports Firewall design rules There ar e two basic r ules to firewall design: • “What is not explicitly allowed is denied.” and • “What is not explicitly denied is allowed.” The first r ule is far more secur e, and is the best approach to fir ewall design.
149 Firewall T utorial and a packet goes through these r ules destined for FTP , the packet would for war d through the first r ule (WWW), go through the second r ule (FTP), and match this r ule; the packet is allowed through. If you had this filter set for example.
150 Example filter set page This is an example of the Netopia filter set page:.
151 Firewall T utorial Filter basics In the source or destination IP addr ess fields, the IP address that is enter ed must be the network address of the subnet. A host addr ess can be entered, but the applied subnet mask must be 32 bits (255.255.255.
152 Example filters Example 1 Incoming packet has the source addr ess of 200.1.1.28 This incoming IP packet has a source IP addr ess that matches the network address in the Source IP Addr ess field in Netopia Fir mware V ersion 7.6. This will not for ward this packet.
153 Firewall T utorial Example 4 Incoming packet has the source addr ess of 200.1.1.104. This r ule does match and this packet will not be for warded. Example 5 Incoming packet has the source addr ess of 200.1.1.96. This r ule does match and this packet will not be for warded.
154 Link: P ac ket Filter When you click the P ac ket Filter link the Filter Sets screen appears. Security should be a high priority for anyone administering a network connected to the Internet. Using packet filters to contr ol network communications can greatly impr ove your network’s security .
155 Firewall T utorial admit or refuse TCP/IP connections fr om cer tain remote networks and specific hosts. Y ou will also use filters to screen par ticular types of connections.
156 Filter priority Continuing the customs inspectors analogy , imagine the inspectors lined up to examine a package. If the package matches the first inspector’s criteria, the package is either rejected or passed on to its destination, depending on the first inspector’s par ticular orders.
157 Firewall T utorial A filtering rule The criteria are based on infor mation contained in the packets. A filter is simply a r ule that prescribes cer tain actions based on cer tain conditions. For example, the following r ule qualifies as a filter: “Block all T elnet attempts that originate from the r emote host 199.
158 P ort numbers A filter can also match a packet’s por t number attributes, but only if the filter’s protocol type is set to TCP or UDP , since only those pr otocols use por t numbers.
159 Firewall T utorial • Less Than: For the filter to match, the packet’s por t number must be less than the por t number specified in the filter . • Less Than or Equal: For the filter to match, the packet’s por t number must be less than or equal to the por t number specified in the filter .
160 • Fwd: Shows whether the filter for wards ( Ye s ) a packet or discards ( No ) it when ther e’s a match. • Src-IP: The packet source IP address to match. • Src-Mask: The packet source subnet mask to match. • Dst-IP: The packet destination IP address to match.
161 Firewall T utorial • Source IP Address = 199.211.211.17 • Source IP address mask = 255.255.255.255 • Destination IP Address = 0.0.0.0 • Destination IP address mask = 0.
162 Filtering example #2 Suppose a filter is configured to block all incoming IP packets with the sour ce IP address of 200.233.14.0, regar dless of the type of connection or its destination. The filter would look like this: This filter blocks any packets coming from a r emote network with the IP network address 200.
163 Firewall T utorial Design guidelines Careful thought must go into designing a new filter set. Y ou should consider the following guidelines: • Be sure the filter set’s overall purpose is clear fr om the beginning. A vague purpose can lead to a faulty set, and that can actually make your network less secure.
164 W orking with IP Filters and Filter Sets T o work with filters and filter sets, begin by accessing the filter set pages. ☛ NOTE: Make sure you understand how filters work befor e attempting to use them. Read the section “Packet Filter” on page 154 .
165 Working with IP Filters and Filter Sets Enter new name for the filter set, for example Filter Set 1 . T o save the filter set, click the Submit button. The saved filter set is empty (contains no filters), but you can retur n to it later to add filters (see “ Adding filters to a filter set” ).
166 Packets in Netopia Firmware V ersion 7.6 pass through an input filter if they originate from the W AN and through an output filter if they’re being sent out to the W AN. The process for adding input and output filters is exactly the same. The main dif ference between the two involves their refer ence to source and destination.
167 Working with IP Filters and Filter Sets The Filter Set page appears. ☛ Note: There ar e two Ad d buttons in this page, one for input filters and one for out- put filters. In this section, you’ll learn how to add an input filter to a filter set.
168 2. If y ou want the filter to forwar d packets that match its criteria to the desti- nation IP address, chec k the F orward chec kbox. If For ward is unchecked, packets matching the filter’s criteria will be discar ded. 3. Enter the Source IP address this filter will match on.
169 Working with IP Filters and Filter Sets If Protocol Type is set to TCP or UDP , the settings for por t comparison will appear . These settings only take ef fect if the Pr otocol Type is TCP or UDP . 9. From the Source P or t Compare pull-down men u, choose a comparison method for the filter to use on a pac ket’ s source port number .
170 Modifying filters T o modify a filter , select a filter from the table and click the Edit button. The Rule Entr y page appears. The parameters in this page are set in the same way as the ones in the orig- inal Rule Entr y page (see “Adding filters to a filter set” on page 165 ).
171 Associating a Filter Set with an Interface Associating a Filter Set with an Interface Once you have created a filter set, you must associate it with an inter face in order for it to be ef fective. Depending on its application, you can associate it with either the WAN (usu- ally the Internet) inter face or the LAN.
172 Y ou can repeat this pr ocess for both the W AN and LAN inter faces, to associate your filter sets. When you retur n to the Filter Sets page, it will display your inter face associations.
173 Policy-based Routing using Filtersets P olic y-based Routing using Filtersets Netopia Fir mware V ersion 7.6 of fers the ability to route IP packets using criteria other than the destination IP address.
174 If you check the Idle Reset checkbox, a match on this r ule will keep the W AN connection alive by resetting the idle-timeout status. The Idle Reset setting is used to deter mine if a packet which matches the filter will cause an “instant-on” link to connect, if it is down; or reset its idle timer , if it is already up.
175 Policy-based Routing using Filtersets configure one filter to match the first type of packet and apply For ce Routing. A subsequent filter is requir ed to match and for ward all other packets.
176 Link: Security Log Security Monitoring is a keyed feature. See page 184 for infor mation concer ning installing Netopia Software Featur e Keys. Security Monitoring detects security-related events, including common types of malicious attacks, and writes them to the security log file.
177 Policy-based Routing using Filtersets The capacity of the security log is 100 security aler t messages. When the log reaches capacity , subsequent messages ar e not captured, but they ar e noted in the log entr y count.
178 T o reset this log, select Reset from the Security Monitor tool bar . The following message is displayed. When the Security Log contains no entries, this is the response: Timestamp Backgr ound Dur.
179 Install Install Button: Install From the Install toolbar button you can Install new Operating System Softwar e and Feature Keys as updates become available. On selected models, you can install a Secure Sockets Layer (SSL V3.0) cer tificate fr om a tr usted Cer tification Authority (CA) for authentication purposes.
180 Link: Install Software (This link is not available on the 3342/3352 models, since fir mware updates must be upgraded via the USB host driver . 3342N/3352N models are upgradeable by this proced- sure.) This page allows you to install an updated release of the Netopia Fir mwar e.
181 Install Step 1: Required Files Upgrading Netopia Fir mware V ersion 7.6 requires a Netopia fir mwar e image file. Backgr ound Fir mware upgrade image files ar e posted periodically on the Netopia website. Y ou can download the latest operating system software for your Gateway by accessing the following URL: http://www .
182 3. Enter the filename into the text bo x b y using one of these techniques: The Netopia fir mware file name begins with a shor tened for m of the version number and ends with the suf fix “.bin” (for “binar y”). Example: nta760.bin a. Click the Browse button, select the file you want, and click Open .
183 Install 5. When the success message appears, click the Restart b utton and confirm the Restart when you are prompted. Y our Netopia Gateway restar ts with its new image. V erify the Netopia Firmware Release T o verify that the Netopia fir mware image has loaded successfully , use the following steps: 1.
184 Link: Install K eys Y ou can obtain advanced product functionality by employing a softwar e Feature Key . Soft- ware featur e keys are specific to a Gateway's serial number . Once the feature key is installed and the Gateway is restar ted, the new featur e's functionality becomes enabled.
185 Install 4. Click the Install Ke y button. 5. Click the Restar t toolbar button. The Confir mation screen appears..
186 6. Click the Restar t the Gate wa y link to confirm. T o chec k your installed features: 7. Click the Install toolbar button. 8. Click the list of f eatures link.
187 Install The System Status page appears with the infor mation from the featur es link displayed below . Y ou can check that the feature you just installed is enabled.
188 Link: Install Certificate Secure Sockets Layer (SSL) is a pr otocol for transmitting private infor mation over the Inter- net. SSL uses two keys to encr ypt data: a public key known to ever yone and a private or secret key known only to the r ecipient of the message.
189 Install The Install Cer tificate page appears. 2. Bro wse to the location where you ha ve saved y our cer tificate and select the file, or type the full path.
190.
191 CHAPTER 4 Basic Troubleshooting This section gives some simple suggestions for troubleshooting pr oblems with your Gate- way’s initial configuration.
192 Status Indicator Lights The first step in troubleshooting is to check the status indicator lights (LEDs) in the or der outlined below . Netopia Gateway 2240N/2241N status indicator lights LED Action P ower Green when power is on. Red if device malfunctions.
193 Status Indicator Lights Netopia Gateway 2246N status indicator lights LED Action P ower Green when power is on. Red if device malfunctions. Ethernet 1, 2, 3, 4 Solid gr een when connected. Flash green when ther e is activity on the LAN. DSL Solid green when Inter net connection is established.
194 Netopia Gateway 2247NWG status indicator lights LED Action P ower Green when power is on. Red if device malfunctions. Ethernet 1, 2, 3, 4 Solid gr een when connected. Flash green when ther e is activity on the LAN. Wireless Flashes green when ther e is activity on the wireless LAN.
195 Status Indicator Lights Netopia Gateway 3340(N) status indicator lights E t h e r n e t L i n k E t h e r n e t T r a f f i c D S L T r a f f i c D S L S y n c P P P o E A c t i v e P o w e r P ow.
196 Netopia Gateway 3341(N), 3351(N) status indicator lights E t h e r n e t L i n k E t h e r n e t T r a f f i c D S L T r a f f i c D S L S y n c U S B A c t i v e P o w e r P ower: USB Active: DSL.
197 Status Indicator Lights Netopia Gateway 3342/3342N, 3352/3352N status indicator lights ☛ Special patterns: • Both LEDs are of f during boot (power on boot or war m reboot). • When the 3342/3352 successfully boots up, both LEDs flash green once.
198 Netopia Gateway 3346(N), 3356(N) status indicator lights L A N 1 L A N 2 L A N 3 L A N 4 D S L S Y N C P o w e r P ower: DSL Sync: Solid green when trained with the DSL line Blinks green when traf.
199 Status Indicator Lights Netopia Gatewa y 3347W , 3347 (N) WG status indicator lights P ower - Green when power is applied Flashes green when training Solid green when connected Solid green when trained to each por t on the LAN. LAN 1, 2, 3, 4 - DSL SYNC - Flash green when ther e is activity on each por t.
200 Netopia Gateway MiA V o status indicator lights P ower - Ethernet 1, 2, 3, 4 - Flash green when there is activity on the LAN. Front View Solid green when connected. Green when power is on. Wireless - Flashes green when there is activity on the wireless LAN.
201 Status Indicator Lights LED Function Summary Matrix If a status indicator light does not look cor rect, look for these possible pr oblems: Unlit Solid Green Flashing Green Solid Red P ower No powe.
202 EN Link Unlit Note: EN Link light is inactive if only using USB. 1. Make sure the you ar e using the Ethernet cable, not the DSL cable. The Ethernet cable is thicker than the standar d telephone cable. 2. Make sure the Ether net cable is securely plugged into the Ether net jack on the PC.
203 Factory Reset Switch F actor y Reset Switch (optional on some models; 3342/3342N/3352/3352N models do not have a reset switch) Lose your password? This section shows how to r eset the Netopia Gateway so that you can access the configuration screens once again.
204 2. Carefully insert the point of a pen or an unwound paper clip into the open- ing. • If you press the factor y default button for less than 1/2 a second, the unit will continue to r un as nor mal.
205 CHAPTER 5 Advanced T roubleshooting Advanced T roubleshooting can be accessed fr om the Gateway’s W eb UI. Point your br owser to http://192.168.1.254 . The main page displays the device status. (If this does not make the Web UI appear , then do a r elease and renew in Windows networking to see what the Gateway address r eally is.
206 Home P age The home page displays basic infor mation about the Gateway . This includes the ISP User- name, Connection Status, Device Address, Remote Gateway Addr ess, DNS-1, and DNS-2.
207 Status of Connection ‘Waiting for DSL’ is displayed while the Gateway is training. This should change to ‘Up’ within two minutes. If not, make sure an RJ-11 cable is used, the Gateway is connected to the cor rect wall jack, and the Gateway is not plugged into a micro filter .
208 Button: T r oubleshoot Expert Mode Exper t Mode has advanced troubleshooting tools that ar e used to pinpoint the exact source of a pr oblem. Clicking the T roubleshoot tab displays a page with links to System Status, Network T ools, and Diagnostics.
209 Link: System Status In the system status screen, ther e are several utilities that are useful for tr oubleshooting. Some examples are given in the following pages.
210 Link: P or ts: Ethernet The Ethernet por t selection shows the traf fic sent and received on the Ether net inter face. There should be frames and bytes on both the upstr eam and downstream sides. If there are not, this could indicate a bad Ether net cable or no Ether net connection.
21 1 Link: P or ts: DSL The DSL por t selection shows the state of the DSL line, whether it is up or down and how many times the Gateway attempted to train. The state should indicate ‘up’ for a working configuration. If it is not, check the DSL cable and make sure it is plugged in cor r ectly and not connected to a micro filter .
212 Link: IP: Interfaces The IP inter faces selection shows the state and configuration infor mation for your IP LAN and W AN inter faces. Below is an example: IP interfaces: Ethernet 100BT: ( up broadcast default rip-send v1 rip-receive v1 ) inet 192.
213 Link: DSL: Cir cuit Confi guration The DSL Circuit Configuration scr een shows the traf fic sent and r eceived over the DSL line as well as the trained rate (upstream and downstr eam) and the VPI/VCI. V erify traf fic is being sent over the DSL line.
214 Link: System Log: Entire The system log shows the state of the W AN connection as well as the PPPoE session. V er- ify that the PPPoE session has been cor rectly established and ther e are no failures. If there ar e er ror messages, go to the WAN configuration and verify the settings.
215 Link: Dia gnostics The diagnostics section tests a number of dif fer ent things at the same time, including the DSL line, the Ethernet inter face and the PPPoE session. The following table summarizes the possible results. CODE Description P ASS The test was successful.
216 Link: Netw ork T ools Three test tools ar e available from this page. • NSLookup - conver ts a domain name to its IP address and vice versa. • Ping - tests the “reachability” of a par ticular network destination by sending an ICMP echo request and waiting for a r eply .
217 PING: The network tools section sends a PING from the Gateway to either the LAN or WAN to verify connectivity . A PING could be either an IP addr ess (163.176.4.32) or Domain Name (www .netopia.com). 2. T o use the Ping capability , type a destination ad dress (domain name or IP address) in the te xt box and c lick the Ping button.
218 Below are some specific tests: 3. T o use the T raceRoute capability , type a destination address (domain name or IP address) in the te xt box and c lick the T raceRoute button.
219 Example: Show the path to the grosso.com site. Result: It took 20 hops to get to the grosso.com web site..
220.
221 CHAPTER 6 Command Line Interface The Netopia Gateway operating software includes a command line inter face (CLI) that lets you access your Netopia Gateway over a telnet connection. Y ou can use the command line inter face to enter and update the unit’s configuration settings, monitor its per for mance, and restar t it.
222 Overview The CLI has two major command modes: SHELL and CONFIG . Summary tables that list the commands are pr ovided below . Details of the entir e command set follow in this sec- tion.
223 Overview CONFIG Commands Command V erbs Status and/or Description delete Delete configuration list data help Help command option sav e Sa ve configur ation data script Print configuration data .
224 Star ting and Ending a CLI Session Open a telnet connection from a workstation on your network. Y ou initiate a telnet connection by issuing the following command from an IP host that sup- por ts telnet, for example, a personal computer r unning a telnet application such as NCSA T elnet.
225 Using the CLI Help Facility Saving Settings In CONFIG mode, the save command saves the working copy of the settings to the Gate- way . The Gateway automatically validates its settings when you save and displays a war n- ing message if the configuration is not cor rect.
226 The only commands you cannot tr uncate are restart and clear . T o prevent accidental inter r uption of communications, you must enter the restart and clear commands in their entirety . Y ou can use the Up and Down ar r ow keys to scroll backward and for ward through r ecent commands you have entered.
227 SHELL Commands diagnose Runs a diagnostic utility to conduct a series of internal checks and loopback tests to verify network connectivity over each inter face on your Netopia Gateway. The console displays the results of each test as the diagnostic utility r uns.
228 install [ server_address ] [ filename ] [confirm] (Not suppor ted on model 3342/3352) Downloads a new version of the Netopia Gateway operating software fr om a TFTP (T rivial File T ransfer Protocol) ser ver, validates the software image, and programs the image into the Netopia Gateway memor y .
229 SHELL Commands •1 or low – Low-level infor mational messages or greater; includes trivial status mes- sages. •2 or medium – Medium-level infor mational messages or greater; includes status mes- sages that can help monitor network traf fic.
230 • The -c count ar gument lets you specify the number of ICMP packets generated for the ping request. V alues gr eater than 250 are tr uncated to 250. Y ou can use the ping command to deter mine whether a hostname or IP address is already in use on your network.
231 SHELL Commands reset ipmap Clears the IPMap table (NA T). reset log Rewinds the diagnostic log display to the top of the existing Netopia Gateway diagnostic log. The reset log command does not clear the diagnostic log. The next show log com- mand will display infor mation from the beginning of the log file.
232 show config Dumps the Netopia Gateway’s configuration script just as the script command does in config mode. show crash Displays the most recent crash infor mation, if any , for your Netopia Gateway. show dhcp a g ent Displays DHCP relay-agent leases.
233 SHELL Commands show ip igmp Displays the contents of the IGMP Group Addr ess table and the IGMP Repor t table main- tained by your Netopia Gateway. show ip interfaces Displays the IP inter faces for your Netopia Gateway. show ip ipsec Displays IPSec T unnel statistics.
234 show log Displays blocks of infor mation from the Netopia Gateway diagnostic log. T o see the entir e log, you can repeat the show log command or you can enter show log all. show memory [all] Displays memor y usage infor mation for your Netopia Gateway.
235 SHELL Commands telnet { hostname | ip_address } [ port ] Lets you open a telnet connection to the specified host through your Netopia Gateway. • The hostname ar gument is the name of the device to which you want to connect; for example, telnet ftp.
236 W AN Commands atmping vccn [ segment | end-to-end ] Lets you check the A TM connection reachability and network connectivity . This command sends five Operations, Administration, and Maintenance (OAM) loopback calls to the speci- fied vpi/vci destination.
237 About CONFIG Commands show dsl Displays DSL por t statistics, such as upstream and downstr eam connection rates and noise levels. show ppp [{ stats | lcp | ipcp }] Displays infor mation about open PPP links. Y ou can display a subset of the PPP statistics by including an optional stats , lcp , or ipcp ar gument for the show ppp command.
238 Netopia-3000/9437188 (top)>> quit Netopia-3000/9437188 > • Moving fr om top to a subnode — Y ou can navigate from the top node to a subnode by entering the node name (or the significant letters of the node name) at the CONFIG prompt and pr essing R ETURN .
239 About CONFIG Commands Entering Commands in CONFIG Mode CONFIG commands consist of keywords and ar guments. Keywor ds in a CONFIG command specify the action you want to take or the entity on which you want to act. Ar guments in a CONFIG command specify the values appropriate to your site.
240 Guidelines: CONFIG Commands The following table provides guidelines for entering and for matting CONFIG commands. If a command is ambiguous or miskeyed, the CLI prompts you to enter additional infor ma- tion. For example, you must specify which vir tual circuit you ar e configuring when you are setting up a Netopia Gateway.
241 About CONFIG Commands When you are in step mode, the command line inter face prompts you to enter requir ed and optional settings. If a setting has a default value or a cur rent setting, the command line inter face displays the default value for the command in par entheses.
242 CONFIG Commands This section describes the keywords and ar guments for the various CONFIG commands. DSL Commands A TM Settings. Y ou can use the CLI to set up each A TM vir tual cir cuit. set atm option {on | off } Enables the W AN inter face of the Netopia Gateway to be configur ed using the Asynchro- nous T ransfer Mode (A TM) protocol.
243 CONFIG Commands the raw W AN (DSL) bit rate. The Maximum Burst Size (MBS) is the number of cells that can be sent at the PCR rate, after which the PVC must fall back to the SCR rate.
244 Y our Ser vice Pr ovider will indicate the requir ed encapsulation mode. set atm [vccn] pppoe-sessions { 1 ... 8 } Select the number of PPPoE sessions to be configured for VCC 1, up to a total of eight. The total number of pppoe-sessions and PPPoE VCCs config- ured must be less than or equal to eight.
245 CONFIG Commands set bridge ethernet option { on | off } Enables or disables bridging ser vices for the specified vir tual cir cuit using Ethernet fram- ing. set bridge dsl vcc n option { on | off } Enables or disables bridging ser vices for the specified inter face.
246 set dhcp start-address ip_address If you selected server , specifies the first addr ess in the DHCP address range. The Neto- pia Gateway can reser ve a sequence of up to 253 IP addr esses within a subnet, beginning with the specified address for dynamic assignment.
247 CONFIG Commands DMT Settings DSL Commands set dmt type [ lite | dmt | ansi | multi | adsl2 | adsl2+ | readsl2 | adsl2anxm | adsl2+anxm ] Selects the type of Discrete Multitone (DMT) asynchr onous digital subscriber line (ADSL) protocol to use for the WAN inter face.
248 • auto - The device will scan for standard telephone ser vice (POTS). If it finds POTS, it dis- ables metallic ter mination. If it does not find POTS during the search period, then metal- lic ter mination is enabled. • disabled - There is no POTS detection, and metallic ter mination is disabled.
249 CONFIG Commands rent dynamically-assigned IP addr ess. This allows you to get to the IP address assigned to your Gateway , even though your actual IP addr ess may change as a result of a PPPoE con- nection to the Internet. set dynamic-dns option [ off | d yndns.
250 IP Settings Y ou can use the command line inter face to specify whether TCP/IP is enabled, identify a default Gateway , and to enter TCP/IP settings for the Netopia Gateway LAN and WAN por ts. ☛ NO TE: For the DSL platfor m you must identify the vir tual PPP inter face [ vccn ], a num- ber from 1 to 8.
251 CONFIG Commands The broadcast addr ess for most networks is the network number followed by 255. For example, the broadcast addr ess for the 192.168.1.0 network would be 192.168.1.255. set ip dsl vccn netmask netmask Specifies the subnet mask for the TCP/IP network connected to the vir tual circuit.
252 If you specify v2-MD5 , you must also specify a rip-send-key . Keys ar e ASCII strings with a maximum of 31 characters, and must match the other router(s) keys for pr oper operation of MD5 suppor t.
253 CONFIG Commands set ip ethernet A netmask netmask Specifies the subnet mask for the local Ethernet inter face. The subnet mask specifies which bits of the 32-bit binar y IP address r epresent network infor mation. The default sub- net mask for most networks is 255.
254 set ip ethernet A rip-receive { off | v1 | v2 | v1-compat | v2-MD5 } Specifies whether the Netopia Gateway should use Routing Infor mation Protocol (RIP) broadcasts to update its r outing tables with infor mation received from other r outers on your network.
255 CONFIG Commands set ip ip-ppp [ vccn ] address ip_address Assigns an IP address to the vir tual PPP inter face. If you specify an IP address other than 0.
256 set ip ip-ppp [ vccn ] rip-send { off | v1 | v2 | v1-compat | v2-MD5 } Specifies whether the Netopia Gateway unit should use Routing Infor mation Protocol (RIP) broadcasts to adver tise its r outing tables to routers on the other side of the PPP link.
257 CONFIG Commands Static ARP Settings Y our Netopia Gateway maintains a dynamic Address Resolution Pr otocol (ARP) table to map IP addresses to Ether net (MAC) addresses. Y our Netopia Gateway populates this ARP table dynamically , by r etrieving IP address/MAC addr ess pairs only when it needs them.
258 IP Prioritization set ip prioritize [ off | on ] Allows you to suppor t traf fic that has the TOS bit set. This defaults to off . Differentiated Services (DiffServ) The commands in this section are suppor ted beginning with Fir mwar e V ersion 7.
259 CONFIG Commands set diffserv custom-flows name name protocol [ TCP | UDP | ICMP | other ] direction [ outbound | inbound | both ] start-por t [ 0 - 49151 ] end-port [ 0 - 49151 ] inside-ip inside.
260 • qos – Allows you to specify the Quality of Ser vice for the flow: off , assure , or expedite . These are used both to mark the IP TOS byte and to distribute packets into the queues as if they were marked by the sour ce.
261 CONFIG Commands set ip static-routes destination-netw ork net_address interface { ip-address | ppp-vccn } Specifies the inter face thr ough which the static route is accessible. set ip static-routes destination-netw ork net_address gatewa y-address gate_address Specifies the IP address of the Gateway for the static r oute.
262 IPMaps Settings set ip-maps name < name > internal-ip < ip address > Specifies the name and static ip address of the LAN device to be mapped. set ip-maps name < name > external-ip < ip address > Specifies the name and static ip address of the WAN device to be mapped.
263 CONFIG Commands set nat-default host-hard ware-address MA C_address } Specifies the hardwar e (MAC) address of the IP passthr ough host. Network Ad dress T ranslation (NA T) Pinhole Settings NA T pinholes let you pass specific types of network traf fic through the NA T inter faces on the Netopia Gateway.
264 set pinhole name name external-port-end [ 0 - 49151 ] Specifies the last por t number in the range being translated. set pinhole name name internal-ip internal-ip Specifies the IP address of the inter nal host to which traf fic of the specified type should be transfer red.
265 CONFIG Commands set ppp module [vccn] mru integer Specifies the Maximum Receive Unit (MRU) for the PPP inter face. The integer ar gument can be any number between 128 and 1492 for PPPoE; 1500 other wise. set ppp module [vccn] magic-number { on | off } Enables or disables LCP magic number negotiation.
266 set ppp module [vccn] configure-max integer Specifies the maximum number of unacknowledged configuration requests that your Neto- pia Gateway will send.
267 CONFIG Commands CHAP and specify the same name and secret on the Netopia Gateway befor e the link can be established. set ppp module [vccn] port-authentication option [ off | on | pap-only | c hap-only ] Specifying on turns both P AP and CHAP on, or you can select P AP or CHAP .
268 set preference more lines Specifies how many lines of infor mation you want the command line inter face to display at one time. The lines ar gument specifies the number of lines you want to see at one time. The range is 1-65535. By default, the command line inter face shows you 22 lines of text before displaying the pr ompt: More …[y|n] ? .
269 CONFIG Commands P ort Renumbering Settings If you use NA T pinholes to for war d HTTP or telnet traf fic thr ough your Netopia Gateway to an internal host, you must change the por t numbers the Netopia Gateway uses for its own configuration traf fic.
270 Security Settings Security settings include the Firewall and IPSec parameters. All of the security functionality is keyed. Firewall Settings (f or BreakW ater Firewall) set security firewall option [ ClearSailing | SilentRunning | LANdLocked ] The 3 settings for BreakW ater ar e discussed in detail on page page 125 .
271 CONFIG Commands set security ipsec tunnels name "123" tun-enable (on) {on | off} This enables this par ticular tunnel. Cur rently , one tunnel is suppor ted. set security ipsec tunnels name "123" dest-ext-ad dress ip-address Specifies the IP address of the destination gateway .
272 set security ipsec tunnels name "123" IKE-mode pre-shared-key ("") {he x string} See page 130 for details about SafeHarbour IPsec tunnel capability . Example: 0x1234 set security ipsec tunnels name "123" IKE-mode neg-method {main | aggressive} See page 130 for details about SafeHarbour IPsec tunnel capability .
273 CONFIG Commands set security ipsec tunnels name "123" IKE-mode PFS-enable { off | on } See page 130 for details about SafeHarbour IPsec tunnel capability .
274 set security ipsec tunnels name "123" local-id id_value Specifies the NA T local ID value as specified in the local-id-type for the specified IPsec tunnel, when Aggressive Mode is set.
275 CONFIG Commands Internet Ke y Exchange (IKE) Settings The following four IPsec parameters configure the r ekeying event. set security ipsec tunnels name "123" IKE-mode ipsec-soft-mbytes.
276 Stateful Inspection Stateful inspection options are accessed by the security state-insp tag. set security state-insp [ ip-ppp | dsl ] vcc n option [ off | on ] set security state-insp ethernet [ A | B ] option [ off | on ] Sets the stateful inspection option of f or on on the specified inter face.
277 CONFIG Commands set security state-insp udp-timeout [ 30 - 65535 ] Sets the stateful inspection UDP timeout inter val, in seconds. set security state-insp xposed-addr e xposed-address# " n " Allows you to add an entr y to the specified list, or , if the list does not exist, creates the list for the stateful inspection feature.
278 set security state-insp xposed-addr exposed-ad dress# " n " start-por t [ 1 - 65535 ] set security state-insp xposed-addr exposed-ad dress# " n " end-port [ 1 - 65535 ] P acket Filtering Settings Packet Filtering settings are suppor ted beginning with Fir mwar e V ersion 7.
279 CONFIG Commands set security pkt-filter filterset filterset-name [ in | out ] index frc-rte [ on | off ] T urns for ced r outing on or of f for the specified filter r ule. A match on this r ule will for ce a route for packets. The default is off .
280 set security pkt-filter filterset filterset-name [ in | out ] index tos-mask value Specifies the TOS (Type Of Ser vice) mask to match packets. The value for tos-mask can be from 0 – 255.
281 CONFIG Commands set security pkt-filter filterset filterset-name [ in | out ] index src-port value Specifies the source IP por t to match packets (the por t on the sending host that originated the packet, if the underlying protocol is TCP or UDP).
282 SNMP Settings The Simple Network Management Protocol (SNMP) lets a network administrator monitor problems on a network by r etrieving settings on remote network devices. The network administrator typically r uns an SNMP management station program on a local host to obtain infor mation from an SNMP agent such as the Netopia Gateway.
283 CONFIG Commands SNMP Notify T ype Settings SNMP Notify Type is suppor ted beginning with Fir mware V ersion 7.4.2. set snmp notify type [ v1-trap | v2-trap | inform ] Sets the type of SNMP notifi.
284 set system diagnostic-le vel { off | low | medium | high | alerts | failures } Specifies the types of log messages you want the Netopia Gateway to recor d.
285 CONFIG Commands set system passw ord { admin | user } Specifies the administrator or user password for a Netopia Gateway. When you enter the set system password command, you are pr ompted to enter the old password (if any) and new password.
286 out, each hear tbeat sequence will send out a total 20 hear tbeats, spaced at 30 second inter vals, and then sleep for 30 minutes. So to have the Gateway send out packets “forever”, this number can be set ver y high.
287 CONFIG Commands set system ntp option [ off | on ]: server-address (204.152.184.72) alt-server-address (18.72.0.3): time-zone [ -12 - 12 ] update-period (60) [ 1 - 65535 ]: daylight-sa vings [ off | on ] Specifies the NTP ser ver address, time zone, and how often the Gateway should check the time from the NTP ser ver .
288 Syslog set system syslog option [ off | on ] Enables or disables system syslog feature. If syslog option is on , the following commands are available: set system syslog host-nameip [ ip_address | hostname ] Specifies the syslog ser ver’s address either in dotted decimal for mat or as a DNS name up to 64 characters.
289 CONFIG Commands set security state-insp eth B option on • Type the command to enable the router to dr op fragmented packets set security state-insp eth B deny-fragments on 3.
290 Wireless Settings (supported models) set wireless option ( on | off ) Administratively enables or disables the wireless inter face. set wireless network-id ssid { network_name } Specifies the wireless network id for the Gateway . A unique ssid is generated for each Gateway .
291 CONFIG Commands set wireless mode { both-b-and-g | b-only | g-onl y } Beginning with Netopia Fir mware V ersion 7.5.1. specifies the wireless operating mode for connecting wireless clients: both-b-and-g , b-only , or g-only , and locks the Gateway in that mode.
292 set wireless multi-ssid second-ssid-priv acy { off | WEP | WP A-PSK | WP A-802.1x } set wireless multi-ssid thir d-ssid-priv acy { off | WEP | WP A-PSK | WP A-802.1x } set wireless multi-ssid f ourth-ssid-privacy { off | WEP | WP A-PSK | WP A-802.
293 CONFIG Commands set wireless multi-ssid second-ssid-wepke y { hexadecimal digits } set wireless multi-ssid thir d-ssid-wepkey { hexadecimal digits } set wireless multi-ssid f ourth-ssid-wepkey { hexadecimal digits } Specifies a WEP key for the multiple SSIDs, when second- , third- , or f our th-ssid-priv acy is set to WEP .
294 protect your network and data fr om intr uders. Note that 40bit is the same as 64bit and will work with either type of wireless client. The default is off . A single key is selected (see default-key ) for encr yption of outbound/transmitted packets.
295 CONFIG Commands set wireless network-id priv acy encryption-key1 { hexadecimal digits } set wireless network-id priv acy encryption-key2 { hexadecimal digits } set wireless network-id priv acy encryption-key3 { hexadecimal digits } set wireless network-id priv acy encryption-key4 { hexadecimal digits } The encr yption keys.
296 Wireless MA C Address A uthorization Settings set wireless mac-auth option { on | off } Enabling this feature limits the MAC addr esses that are allowed to access the LAN as well as the W AN to specified MAC (har dware) addresses.
297 CONFIG Commands set radius radius-port port_number Specifies the por t on which the RADIUS ser ver is listening. The default value is 1812. VLAN Settings These settings are suppor ted beginning with Fir mwar e V ersion 7.
298 id (1) [ 1 - 4095 ]: 52 type (by-port) [ by-port ]: admin-restricted (off) [ off | on ]: off port (port) node list ... Select (port) node to modify from list, or enter new (port) to create. • At this point you have created a VLAN. It is called vlan1 , with vlan-id 52 , without any admin restrictions.
299 CONFIG Commands ☛ Note: T o make a set of VLANs non-routable, the lan-uplink por t must be included in at least one VLAN and must be excluded from any VLANs that ar e non- routable. UPnP settings set upnp option [ on | off ] PCs using UPnP can retrieve the Gateway’s WAN IP address, and automatically create NA T por t maps.
300 TR-069. DSL For um CPE WAN Management Protocol (TR-069) provides ser vices similar to UPnP and TR-064. The communication between the Netopia Gateway and management agent in UPnP and TR-064 is strictly over the LAN, whereas the communication in TR-069 is over the W AN link for some featur es and over the LAN for others.
301 CONFIG Commands On units that suppor t SSL, the for mat for the ACS URL can also be: https:// some_url.com : port_number or https:// 123.45.678.910 : port_number.
302 VDSL Settings ☛ CA UTION! These settings are for ver y advanced users and lab technicians. Exer cise extreme caution when modifying any of these settings.
303 CONFIG Commands VDSL P arameter Defaults P arameter Default Meaning sys-option 0x00 VDSL system option(bit0=ntr , 1=margin, 2=ini, 3=pbo , 4=tlan, 5=pbo) sys-bandplan 0x02 VDSL system bandplan(bp_.
304 VDSL P arameters Accepted V alues P arameter Accepted V alues sys-option Bit[0]: NTR_DISABLE Bit[1]: AL W_MARGIN_ADJUST . 1: the SNR margin f or the optional band is reduced by up to 2.5 dB, b ut nev er below a minimum of 4 dB . Bit[2]: SUPPOR T_INI Bit[4]: TLAN Enable Bit[5]: PBO Weak mode Enab le (Applicable only when PBO Bit[3]=0.
305 CONFIG Commands sys-bandplan BP1_998_3 (0x00) BP2_998_3 (0x01) BP998_3B_8_5M (0x01) BP3_998_4 (0x02) BP998_4B_12M (0x02) BP4_997_3 (0x03) BP997_3B_7_1M (0x03) BP5_997_3 (0x04) BP6_997_4 (0x05) BP9.
306 psd-mask-le vel 0x00 -- def ault mask (old gains from before) 0x01 -- ANSI M1 CAB 0x02 -- ANSI M2 CAB 0x03 -- ETSI M1 CAB 0x04 -- ETSI M2 CAB 0x05 -- ITU-T Anne x F (Japan) 0x06 - ANSI M1 Ex 0x07 .
307 CONFIG Commands por t-bandplan BP1_998_3 (0x00) BP2_998_3 (0x01) BP998_3B_8_5M (0x01) BP3_998_4 (0x02) BP998_4B_12M (0x02) BP4_997_3 (0x03) BP997_3B_7_1M (0x03) BP5_997_3 (0x04) BP6_997_4 (0x05) B.
308 framing-mode HDLC – 0x80 A UT O – 0x90 A TM – 0x00 band-mod Bit 0, 1: Tx Cfg band 1- All tones on 2- All tones below 640 Khz are turned off 3- All tones below 1.1 Mhz are turned off Bit 2,3: Not used Bit 4,5: Rx Cfg band 1- All tones on 2- All tones below 640 Khz are turned off 3- All tones below 1.
309 CONFIG Commands rx-filter 0: using internal filter in Rx path 1: using K1 e xter nal filter in Rx path (f or Korea VLR Application) 2: using U1 e xter nal filter in Rx path (f or US / Korea VL.
310.
31 1 CHAPTER 7 Glossary 10Base-T . IEEE 802.3 specification for Ether net that uses unshielded twisted pair (UTP) wiring with RJ-45 eight-conductor plugs at each end. Runs at 10 Mbps. 100Base-T . IEEE 802.3 specification for Ether net that uses unshielded twisted pair (UTP) wiring with RJ-45 eight-conductor plugs at each end.
312 ADSL. Asymmetric Digital Subscriber Line. Modems attached to twisted pair copper wiring that transmit 1.5-9 Mbps downstream (to the subscriber) and 16 -640 kbps upstream, depending on line distance. (Downstr eam rates are usually lower that 1.5Mbps in practice.
313 BRI. Basic Rate Inter face. ISDN standar d for provision of low-speed ISDN ser vices (two B channels (64 kbps each) and one D channel (16 kbps)) over a single wire pair . bridge . Device that passes packets between two network segments accord- ing to the packets' destination address.
314 crosso ver cable. Cable that lets you connect a por t on one Ether net hub to a por t on another Ether net hub. Y ou can order an Ether net cr ossover cable from Netopia, if needed.
315 Diffie-Hellman. A group of key-agr eement algorithms that let two computers compute a key independently without exchanging the actual key . It can gen- erate an unbiased secret key over an insecur e medium. diffserv . Dif ferentiated Ser vices. A method for controlling Quality of Ser vice (QoS) queue priority settings.
316 encapsulation. T echnique used to enclose infor mation for matted for one protocol, such as AppleT alk, within a packet for matted for a dif fer ent proto- col, such as TCP/IP . Encrypt Protocol. Encr yption pr otocol for the tunnel session. Parameter values suppor ted include NONE or ESP .
317 FTP . File T ransfer Protocol. Application pr otocol that lets one IP node trans- fer files to and from another node. FTP server . Host on network from which clients can transfer files.
318 -----I----- IGMP . I nternet G r oup M anagement P rotocol allows a r outer to deter mine which host groups have members on a given network segment. IKE. I nter net K ey E xchange protocol provides automated key management and is a prefer r ed alternative to manual key management as it pr ovides bet- ter security .
319 -----K----- Ke y Management . The Key Management algorithm manages the exchange of security keys in the IPSec protocol ar chitecture. SafeHarbour suppor ts the standard Inter net K e y Exchange (IKE) -----L----- LCP .
320 at the other end of the connection conver ts the analog signal back to a digi- tal signal. MRU . Maximum Receive Unit. The maximum packet size, in bytes, that a network inter face will accept.
321 Aggressive Mode. Main mode r equires 3 two-way message exchanges while Aggressive mode only r equires 3 total message exchanges. null modem. Cable or connection device used to connect two computing devices directly rather than over a network. -----P----- packet.
322 PPP . Point-to-Point Protocol. Pr ovides a method for transmitting datagrams over serial router-to-r outer or host-to-network connections using synchronous or asynchronous cir cuits. Pre-Shared Ke y . The Pre-Shared Key is a parameter used for authenticating each side.
323 route. Path through a network fr om one node to another . A lar ge inter net- work can have several alternate r outes from a sour ce to a destination. routing tab le . T able stor ed in a router or other networking device that recor ds available routes and distances for r emote network destinations.
324 Soft MBytes. Setting the Soft MBytes parameter forces the r enegotiation of the IPSec Security Associations (SAs) at the configured Soft MByte value. The value can be configured between 1 and 1,000,000 MB and refers to data traf fic passed. If this value is not achieved, the Har d MBytes parameter is enforced.
325 -----T ----- telnet. IP protocol that lets a user on one host establish and use a vir tual ter minal connection to a remote host. TR-064. TR-064 is a LAN-side DSL Gateway configuration specification; an extension of UPnP . It defines mor e ser vices to locally manage a Gateway .
326 -----W ----- W AN. Wide Ar ea Network. Private network facilities, usually of fer ed by pub- lic telephone companies but increasingly available fr om alternative access providers (sometimes called Competitive Access Pr oviders, or CAPs), that link business network nodes.
327 Description CHAPTER 8 T echnical Specifications and Safety Information Description Dimensions: Smart Modems: 13.5 cm (w) x 13.5 cm (d) x 3.5 cm (h); 5.25” (w) x 5.25” (d) x 1.375” (h) Wireless Models: 19.5 cm (w) x 17.0 cm (d) x 4.0 cm (h); 7.
328 Relative storage humidity: 20 to 80% noncondensing Software and protocols Software media: Software pr eloaded on internal flash memor y; field upgrades done via download to internal flash memor y via TFTP or web upload.
329 Agency approvals Agency appro v als North America Safety Approvals: ■ United States – UL 60950, Third Edition ■ Canada – CSA: CAN/CSA-C22.2 No.
330 The Netopia Fir mware V ersion 7.6 complies with the following EU directives: ■ Low V oltage, 73/23/EEC ■ EMC Compatibility , 89/336/EEC, conforming to EN 55 022 Manufacturer’ s Declaration of Conf ormance ☛ Warnings: This is a Class B product.
331 Manufacturer ’ s Declaration of Conformance ☛ Impor tant This product was tested for FCC compliance under conditions that included the use of shielded cables and connectors between system components. Changes or modifica- tions to this product not authorized by the manufactur er could void your authority to operate the equipment.
332 Important Safety Instructions A ustralian Safety Information The following safety infor mation is provided in confor mance with Australian safety requir ements: Caution DO NOT USE BEFORE READING T.
333 47 CFR Part 68 Information 47 CFR P ar t 68 Inf ormation FCC Requirements 1. The Federal Communications Commission (FCC) has established Rules which permit this device to be directly connected to the telephone network. Standar dized jacks are used for these connections.
334 d) The REN is used to deter mine the number of devices that may be connected to a telephone line. Excessive RENs on a telephone line may result in the devices not ringing in r esponse to an incoming call. In most but not all areas, the sum of RENs should not exceed five (5.
335 CHAPTER 9 Overview of Major Capabilities The Netopia Gateway of fers simplified setup and management featur es as well as advanced broadband r outer capabilities.
336 Wide Area Netw ork T ermination PPP oE/PPP oA (P oint-to-P oint Protocol over Ethernet/A TM) The PPPoE specification, incorporating the PPP and Ethernet standar ds, allows your com- puter(s) to connect to your Ser vice Provider’s network thr ough your Ether net W AN connec- tion.
337 Simplified Local Area Network Setup • Y our network may change address with each connection making it mor e dif ficult to attack. When you configure Instant On access, you can also configur e an idle time-out value.
338 ☛ NO TE: The Netopia DNS Proxy only pr oxies UDP DNS queries, not TCP DNS queries. Management Embedded W eb Server There is no specialized softwar e to install on your PC to configure, manage, or maintain your Netopia Gateway .
339 Security T raceRoute - displays the path to a destination by showing the number of hops and the router addr esses of these hops. The system log also provides diagnostic infor mation. ☛ NO TE: Y our Ser vice Pr ovider may request infor mation that you acquir e from these var- ious diagnostic tools.
340 from r outers on networks connected to its W AN inter face. In other wor ds, the end com- puter stations on your LAN are in visible from the Inter net. Only a single W AN IP address is r equired to pr ovide this security suppor t for your entir e LAN.
341 Security ☛ NO TE: 1. The default setting for NA T is ON . 2. Netopia uses Por t Address Translation (P A T) to implement the NA T facility . 3. NA T Pinhole traf fic (discussed below) is always initiated from the WAN side. Netopia Adv anced Features for NA T Using the NA T facility provides ef fective LAN security .
342 Common TCP/IP protocols and por ts ar e: See page 75 for How T o instr uctions. Default Server This feature allows you to: • Direct your Gateway to for war d all exter nally initiated IP traf fic (TCP and UDP protocols only) to a default host on the LAN.
343 Security IP-P assthrough Netopia OS now of fers an IP passthr ough feature. The IP passthrough featur e allows a sin- gle PC on the LAN to have the Gateway’s public address assigned to it. It also pr ovides P A T (NAPT) via the same public IP address for all other hosts on the private LAN subnet.
344 ☛ NO TE: Typically , no special configuration is necessar y to use the IPSec pass through feature. In the diagram, VPN PC clients are shown behind the Netopia Gateway and the secure ser ver is at Corporate Headquar ters across the W AN. Y ou cannot have your secure ser ver behind the Netopia Gateway .
345 Index Symbols !! command 226 A Access the GUI 39 Address resolution table 232 Administrative restrictions 255 Administrator password 39 , 123 , 224 Arguments, CLI 239 ARP Command 226 , 236 Authent.
346 DSL Forum settings 299 E Echo request 265 echo-period 265 Embedded Web Server 338 Ethernet address 244 Ethernet statistics 230 F Feature Keys Obtaining 184 filter parts 157 parts of 157 filter pri.
347 Install Software 179 Quickstart 48 , 50 , 68 Local Area Network 337 Location, SNMP 282 Log 234 Logging in 224 lost echoes 265 M Magic number 265 Memory 234 Metric 261 Multiple SSIDs 62 Multiple Wi.
348 Restrictions 255 RIP 251 , 253 Routing Information Protocol (RIP) 251 , 253 S Secondary nameserver 248 Secure Sockets Layer 188 Security filters 154 Security log 177 Set bncp command 242 , 243 , 2.
349 Syslog 111 System contact, SNMP 282 System diagnostics 284 system idle-timeout 284 T Telnet 224 , 262 Telnet command 235 Telnet traffic 269 TFTP 262 TFTP server 228 Toolbar 44 TOS bit 157 , 173 Tr.
350.
Netopia 2200 and 3300 series by Netopia Netopia, Inc. 6001 Shellmound Street Emer yville, CA 94608 April 10, 2006.
Een belangrijk punt na aankoop van elk apparaat Netopia 2200 (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen Netopia 2200 heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens Netopia 2200 vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding Netopia 2200 leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over Netopia 2200 krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van Netopia 2200 bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de Netopia 2200 kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met Netopia 2200 . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.