background image

  

 

 
 
 

LP-3014PW

 

Wireless ADSL Modem

  

 
 

Installation Guide  

and  

User’s Manual 

 

 

Version 2.0.16 

 

 
 
 
 
 
 
 
 
 
 
 

 
 

            COMTAC. 

 
 

Summary of Contents for LP-3014PW

Page 1: ...LP 3014PW Wireless ADSL Modem Installation Guide and User s Manual Version 2 0 16 COMTAC ...

Page 2: ...roduced in any form by any means without prior written authorization of COMTAC or its licensors if any The information in this document is subject to change without notice This documentation is provided as is and all express or implied conditions representations and warranties including any implied warranty of merchantability fitness for a particular purpose or non infringement are disclaimed exce...

Page 3: ...IP CONFIGURATION FOR WINDOWS 95 98 ME 11 TCP IP CONFIGURATION FOR WINDOWS W2K XP 15 CHECK YOUR TCP IP PROTOCOL 18 C H A P T E R 5 ACCESS AND STATUS OF MODEM 19 ACCESSING THE WEB MANAGER 19 MODEM STATUS 19 Home Page 20 PPP Page 20 ADSL Status Page 21 C H A P T E R 6 CONFIGURE ADSL MODEM 22 WAN CONFIGURATION 22 PPPoE PPPoA mode with DHCP function 23 Router mode for Static IP with DHCP function 24 Br...

Page 4: ...ONFIGURATION 62 MISCELLANEOUS CONFIGURATION 64 TCP STATUS 68 ADMIN PASSWORD CONFIGURATION 69 RESET TO FACTORY DEFAULT 70 DIAGNOSTIC TEST 71 SYSTEM LOG 74 LOCAL CODE IMAGE UPDATE 75 C H A P T E R 8 FIREWALL CONFIGURATION 76 PROTECTION POLICY 77 HACKER LOG 79 SERVICE FILTERING 80 IP GROUP 81 SERVICE GROUP 83 TIME WINDOW 84 INBOUND POLICY 85 OUTBOUND POLICY 89 INBOUND OUTBOUND POLICY SAMPLE CONFIGURA...

Page 5: ...ruption in telephone service This Wireless ADSL Ethernet Modem Router is fully compliant with the full rate ADSL T1 413 Issue 2 and G dmt the splitterless G lite G 992 2 and IEEE 802 11g standards With data transfer rates of up to 8 Mbps downstream and 1Mbps upstream for ADSL transmission Product Features ADSL Compliance Compliant with ADSL standards 9 Full rate ANSI T1 413 Issue 2 and ITU G dmt G...

Page 6: ...ion NAT Network Address Translation ICMP Internet Control Message Protocol Simultaneous USB and Ethernet operation IGMP Internet Group Management Protocol Security User authentication for PPP PAP Password Authentication Protocol CHAP Challenge Authentication Protocol Password protected system management RADIUS client authentication USB Host Interface Compliant with USB Specification Revision 1 1 U...

Page 7: ... Port Only Each port can work at 10 Mbps or 100Mbps full duplex or half duplex mode Automatic MDI MDIX crossover for 100Base TX and 10Base T ports Auto negotiation and speed auto sensing support Back pressure based flow control on half duplex ports Pause frame based flow control on full duplex ports Store and forward switching mode High performance lookup engine with support for up to 4096 MAC add...

Page 8: ...ocol PAP RFC 1483 Multi protocol Encapsulation over ATM RFC 1552 Point to Point Protocol PPP RFC 1577 Classical IP and ARP over ATM RFC 1631 Network Address Translation NAT RFC 1638 Bridge Control Protocol BCP for the Point to Point Protocol PPP RFC 1661 Link Control Protocol LCP for the Point to Point Protocol PPP RFC 1723 Routing Information Protocol Version 2 RFC 1994 Challenged Handshake Authe...

Page 9: ... Indicators Front Panel Place the Wireless ADSL Router in a location that permits an easy view of the LED indicators shown in the front panel diagram below Wireless ADSL Ethernet Modem Router Single Port LED Indicators The LED Indicators read as follows LED NAME Descriptions PWR On ADSL modem is power on RDY Blink ADSL modem is ready Off ADSL modem is not ready or has malfunctioned ADSL Blink ADSL...

Page 10: ...ned Always On Please send back for repair ADSL Blink ADSL modem is ready to connect or the link is down On ADSL modem links to DSLAM successfully LAN 1 4 On ADSL modem has a successful Ethernet connection Rear Panel Wireless ADSL Ethernet Modem Router Single Port The rear panel of the Wireless Router provides access to the DC power adapter one USB connection one LAN connection one WAN connection o...

Page 11: ... Manual 7 Wireless ADSL Ethernet Modem Router Four Port The rear panel of the Wireless Router provides access to the DC power adapter one USB connection four LAN connections one WAN connection one antenna and power on off switch ...

Page 12: ...E INSTALLATION LP AL3011PW USB CABLE Power Switch Factory Reset button Splitter optional and changes depending on country specification RJ 11 ADSL port connect ADSL cable here RJ 45 Ethernet port connect Ethernet cable here Power Adapter Power cord connect here ...

Page 13: ...L3014PW Power Adapter Power cord connect here RJ 45 Ethernet port connect Ethernet cable here Factory Reset button USB CABLE Splitter optional and changes depending on country specification RJ 11 ADSL port connect ADSL cable here Power Switch ...

Page 14: ...cate that the self test phase has finished Finally the READY LED will be flashed to indicate that router is in normal operation ADSL connection Simply plug one end of the cable into the ADSL port RJ 11 receptacle on the rear panel of the Router and insert the other end into splitter Connect Router to LAN Prepare an Ethernet cable to connect Router to Hub or Switch of your LAN You can connect Route...

Page 15: ...must be performed for every host PC on your network if you use the DHCP function of the Router 1 Click Start button Settings and choose Control Panel 2 Double click Network icon and select Configuration tab 3 Select the TCP IP line that has been associated to your network card in the Configuration tab and click Properties 4 Now you have two setting methods A Get IP Address from Router automaticall...

Page 16: ... Configure IP Address manually Select Specify an IP address on the IP address tab The default IP address of Router is 10 0 0 2 So please use 10 0 0 X X is between 1 and 253 except 2 for IP address field and 255 0 0 0 0 for Subnet Mask field ...

Page 17: ...Wireless ADSL Modem User s Manual 13 In the Gateway tab add the IP address of the Router default IP is 10 0 0 2 in the New gateway field and click Add button ...

Page 18: ...Wireless ADSL Modem User s Manual 14 In the DNS Configuration tab add the DNS values which are provided by the ISP into DNS Server Search Order field and click Add button ...

Page 19: ... to be a DHCP client These same steps must be performed for every host PC on your network if you use the DHCP function of the Router 1 Click Start button Settings and choose Control Panel 2 Double click Network connections icon 3 Select Local Area Connection from Network Connections Right click on the icon and select Properties ...

Page 20: ...ethods A Get IP Address from Router DHCP B Configure IP Address manually Select Use the following IP address The default IP address of Router is 10 0 0 2 So please use 10 0 0 X X is between 1 and 253 except 2 for IP address field and 255 0 0 0 0 for Subnet Mask field ...

Page 21: ... User s Manual 17 In the Default Gateway field add the IP address of the Router default IP is 10 0 0 2 Select Use the following DNS server addresses Add DNS IP addresses which are provided by the ISP Then click OK button ...

Page 22: ...ging 10 0 0 2 with 32 bytes of data Reply from 10 0 0 2 bytes 32 times 10ms TTL 64 Reply from 10 0 0 2 bytes 32 times 10ms TTL 64 Reply from 10 0 0 2 bytes 32 times 10ms TTL 64 A communication link between your computer and this Router has been successfully established Otherwise if you get the following messages Pinging 10 0 0 2 with 32 bytes of data Request timed out Request timed out Request tim...

Page 23: ...he Web browser Enter the LAN port default IP address http 10 0 0 2 Entry of the user name and password will be prompted Enter the default login User Name and Password The default login User Name of the administrator is admin and the default login password is epicrouter The default login User Name for the non administrator is user and the default login password is password Modem Status The links un...

Page 24: ...atus page shows the status of PPP for each PPP interface PPP These fields display the Connection Name user defined Interface PVC Mode PPPoE or PPPoA Status Connected or Not Connected Packets Sent Packets Received Bytes Sent and Byte Received Connect and Disconnect This field allows the user to manually connect disconnect the PPP connection for each PPP interface In another word each PPP session ca...

Page 25: ...Wireless ADSL Modem User s Manual 21 ADSL Status Page The ADSL Status page shows the ADSL physical layer status ...

Page 26: ...Configuration The WAN configuration page allows user to set the configuration for the WAN ADSL ports First you select adapter say Pvc 0 1 With Adapter Per Virtual Circuit Setting it provides the configurations for IP address Subnet Mask Gateway and VPI VCI Current firmware supports eight PVCs To switch between the PVCs please choose the options of virtual circuit and click on the Submit button to ...

Page 27: ...th DHCP function As shown on highlighted parameters Enter VPI VCI User name Password and Encapsulation Disable Bridge mode and left other parameters unchanged Click Submit Save then Reboot system You will need these parameters from your ISP or phone company ...

Page 28: ...phone company Note The default IP address of this Router is 10 0 0 2 If you forget the modified IP address you can t access this device anymore and the only solution is to reset it by pushing reset button You may also need to enter DNS information if you can t access to internet Click DNS page DNS Proxy Select Enabled Select Auto Discovery User Configured and enter the DNS Server Select Add then C...

Page 29: ...Wireless ADSL Modem User s Manual 25 Bridge mode with DHCP function Enter VPI VCI Enable Bridge Mode enter Encapsulation IP Subnet Mask Gateway and leave others unchanged Save Submit then Reboot ...

Page 30: ... VCI Static IP Address provided by ISP Subnet Mask provided by ISP Default Gateway provided by ISP Encapsulation 1483 Bridged IP LLC or 1483 Routed IP LLC provided by ISP Bridged Disabled NAT Configuration NAPT Preferred DNS server IP is Provided by ISP Please see scenario 3 Router Mode Configuration with Static IP in Appendix for more detail configuration PPPoA RFC 2364 PPP is a widely used proto...

Page 31: ...d Disabled PPP User Name Provided by ISP PPP password Provided by ISP NAT Configuration NAPT Please see scenrio 5 Router Mode Configuration PPPoE in Appendix for more detail configuration Classical IP over ATM RFC 1577 Following settings are necessary when working under this mode VPI VCI Static IP Address provided by ISP Subnet Mask provided by ISP Default Gateway provided by ISP Encapsulation Cla...

Page 32: ... IP VC Mux Classical IP over ATM Bridge Enabled Disabled Disabled Disabled PPP Service N A Provided by ISP N A N A PPP User Name N A Provided by ISP N A N A PPP Password N A Provided by ISP N A N A DHCP Client enable Unchecked Unchecked Checked Unchecked Per VC Settings Under Per VC Setting it provides the configurations for IP address Subnet Mask Gateway and VPI VCI Current firmware supports eigh...

Page 33: ...ile receiving IGMP query or being activated by user the ADSL modem should be responsible to proxy that is change source IP to ADSL modem s WAN IP the IGMP report to ADSL WAN side include all PVCs The same case is for IGMP leave packet Not necessary to relay multicast routing between two ADSL PVCs or two interfaces in LAN side Special purpose multicast packet such as RIP 2 packet should run without...

Page 34: ...t Bit Rate When a PVC is specified as a CBR that PVC is guaranteed a certain bandwidth characterized by the Peak Cell Rate PCR The CBR does not have to transmit with a peak cell rate and when it does it is only when the bandwidth specified by the PCR is guaranteed o VBR nrt Variable Bit Rate non real time An PVC enabled with VBR nrt can transmit a cell only if the PVC has a token available The PVC...

Page 35: ...ifferent PVCs with different service category specifications coexist In this example the ADSL upstream is 900 kbps Example VBR nrt This example is provided to further explain the dynamics of VBR nrt A PVC has a service category of VBR nrt with the following parameters 1 PCR 400 kbps 2 SCR 100 kbps 3 MBS 22 cells Note that 22 cells 48 bytes cell 1056 bytes If the PVC has been idle for a while meani...

Page 36: ...blank MAC Spoofing MAC Spoofing Enable MAC Spoofing to make a different MAC Address appear on the WAN side This is also used to solve the scenario where the ISP only recognizes one MAC Address Default is Disabled MAC Address When MAC Spoofing is enabled copy the ISP recognized MAC address here Format for MAC address is six pairs of hexadecimal numbers 0 9 A F separated by colons Default is 00 00 0...

Page 37: ...gured with any combination over 8 PVCs Service Name The service name of PPP is required by some ISPs If the ISP does not provide the Service Name please leave it blank User Name Enter the PPP user name usually provided by the ISP Note You cannot have two different user accounts with the same account name If a different User Name with an already existing Account ID is submitted it will replace the ...

Page 38: ...he LAN port There are two ways to use this default IP address you can manually assigned an IP address and subnet mask for each PC on the LAN or you can instruct the Router to automatically assign them using DHCP The DHCP function is active by default LAN IP Address Subnet Mask The default is 10 0 0 2 and 255 0 0 0 User can change it to other private IP address such as 192 168 1 2 and 255 255 255 0...

Page 39: ...The Lease time is the amount of time of a network user will be allowed to connect with DHCP server If all fields are 0 the allocated IP addresses will be effective forever DHCP Relay If it is enabled the DHCP requests from local PCs will forward to the DHCP server runs on WAN side To have this function working properly please disable the NAT to run on router mode only disable the DHCP server on th...

Page 40: ...r defined to help distinguish different session for different PPP accounts and different PVCs PVC This field allows you to choose the specific PVC for the PPP session Service Name The Service Name of the PPP session is required by some ISPs If the ISP does not provide the Service Name please leave it blank Account to Use You must select an account created in PPP Account Configuration page here Dis...

Page 41: ...PP session connection attempts Range for Lcp Echo Interval field is 0 32767 default value is 10 Lcp Echo Maximum Consecutive Failure This is the number of times a PPP session can fail while trying to connect before stopping If a PPP session fails this number of times you must manually reconnect the PPP session Range for Lcp Echo Maximum Consecutive Failure field is 0 32767 default value is 6 Authe...

Page 42: ...selected all user configured criteria displayed in the filter table is bypassed Only filtered traffic will reset the Idle Timer use filter below Selecting this option will enable the PPP Idle Timeout filter and only allow traffic specified in the filter table to reset the idle timer The traffic specified in the filter table must also correspond with the Filter Application selection For example out...

Page 43: ...et related packets are part of the filter table IP Protocol This is the IP Protocol name corresponding to the Protocol Number Protocol This is the IP protocol number through which the PPP session can be activated The Protocol Numbers for filters are o TCP Protocol Number 6 o UDP Protocol Number 17 o ICMP Protocol Number 1 o IGMP Protocol Number 2 Port This is the Port through which the PPP session...

Page 44: ...Wireless ADSL Modem User s Manual 40 ...

Page 45: ... configuration between multiple LAN clients and multiple WAN connections When the Dynamic NAPT is chosen there is no need to configure the NAT Session and NAT Session Name Configuration NAT Static The NAT option only maps single WAN IP address to the local PC IP address It is peer to peer mapping 1x1 For each WAN interface only one local PC IP address can be associated with each WAN interface Clic...

Page 46: ...ism For each WAN Interface more than one local PCs can be associated with one WAN Interface Click the link Session Name Configuration to add the session name for WAN interface Session Name This field allows the user to enter his her own session Name to distinguish different NAT session for different interfaces among different PPP sessions and different PVCs Interface This field allows the user to ...

Page 47: ...accessible by enabling the virtual server The Virtual Server allows you to set up public services such as a Web server FTP E mail etc that can be accessed by external users of the Internet Each service is provided by a dedicated network computer configured with a fixed IP address Set up private network computers to act as servers and configure each server with a fixed IP address Enter the desired ...

Page 48: ...s the user to enter the private network IP address for the particular sever For example IP of Windows machine that connected with modem is 192 168 2 101 and you want to disable port 21 with UDP protocol ID Public Port Private Port Port Type Host IP Address 2 21 21 choose UDP 192 168 2 101 If you want to disable port 23 with both TCP and UDP protocols ID Public Port Private Port Port Type Host IP A...

Page 49: ...ets will be forwarded to the destination PC Destination MAC When the bridge filtering is enabled enter the Destination MAC address select Block and click Add Then all incoming WAN and LAN Ethernet packets matched with this destination MAC address will be filtered out If the Forward is selected then the packets will be forwarded to the destination PC Type Enter the hexadecimal number for the Ethern...

Page 50: ... by ISP or automatically assigned by ISP Click Submit and Save Settings to save your setting The DNS Configuration page allows users to set the configuration of DNS proxy The firmware supports the DNS proxy function For the DHCP requests from local PCs the DHCP server will set the LAN port IP as the default DNS server Thus all DNS query messages will come into LAN port first The DNS proxy on the A...

Page 51: ... to the DNS servers Use Auto Discovered DNS Servers Only The DNS proxy will store the DNS server IP addresses obtained from DHCP client or PPP into the table And all DNS query messages will be sent to one of the dynamically obtained DNS servers Use User Configured DNS Servers Only The DNS proxy will use the user configured preferred DNS server and alternate DNS server And all DNS query message wil...

Page 52: ...work The SSID must be identical for all points in the network It is case sensitive and must not exceed 31 characters Channel Select the appropriate channel to correspond with your network settings between 1 and 14 All access points and wireless PC adaptors must share the same channel to interoperate Range is for Channel field is 1 14 default is 6 If any number greater than 14 is entered the field ...

Page 53: ...for 64 bit is 10 hexadecimal characters and the key length for 128 bit is 26 hexadecimal characters Note If you have the WLAN Security see next section enabled always choose WEP Key ID 2 This will allow the 802 1x client and non 802 1x client to work simultaneously in the 802 1x WLAN security Method Auth Mode Select Open System or Share Key to set the authentications the Access Point recognizes o ...

Page 54: ...l called EAP Extensible Authentication Protocol to both the wired and wireless LAN media and supports multiple authentication methods such as Kerberos token cards one time passwords certificates and public key authentication Port security provides another means to ensure that only authorized users are on the network by limiting access based on MAC addresses For authentication of users with a RADIU...

Page 55: ...roup ReKey Interval sec This is the time out value for the WPA Group Key Note With WLAN Security enabled select Enable Encryption and choose WEP Key ID 2 on the Wireless Page see previous section This will allow the 802 1x client and non 802 1x client to work simultaneously in the 802 1x WLAN security Method RADIUS Server Address This is the IP address of the RADIUS server RADIUS Server Port This ...

Page 56: ...is to discard all changes since last save After either one of these buttons are clicked the ADSL Bridge Router will do the following Save Reboot Two pages will appear after pressing this button The first one states Your settings are being saved and the modem being rebooted Save and reboot in progress please wait Followed by Your settings have been saved and the modem has rebooted Done Reboot Only ...

Page 57: ...erface Use the Virtual Circuit selection to select different PVCs for status display Virtual Circuit Select the Virtual Circuit that you want to release renew select the appropriate option on the menu dropdown and click Execute ATM Status The ATM Status page shows all the statistics information of ATM cells This page contains information that is dynamic and will refresh every 2 seconds Reset Count...

Page 58: ... ADSL Configuration page allows you to set the configuration for ADSL protocols Annex Mode Config This allows you to manually configure the ADSL Bridge Router for Annex A or Annex B mode by selecting User Configured and choosing the Annex Mode in the next field ...

Page 59: ...ection for the RJ 11 Tip Ring is the default for the ADSL Bridge Router without the inner outer pair relay Available types are Auto Tip Ring default and A A1 where Tip Ring is the inner most pair of wires on the RJ11 and A A1 is the second inner most pair Bit Swapping This field allows you to enable or disable the upstream bit swapping Bit Swapping is disabled by default Route Table The Route Tabl...

Page 60: ...s already up then the route entry appears in the Routing Table immediately If there is a Gateway associated with the selected Network Interface then that Gateway s IP address appears in the Gateway field of the route entry If the selected Network Interface is dynamic but the connection is not established then the route entry does not appear in the Routing Table When the interface comes up later th...

Page 61: ...yer The purpose of a bridge is to connect two or more networks and enable packet sharing between them Bridges are different from routers because they forward packets based on physical addresses whereas routers use IP address to forward packets Bridges must learn all the physical MAC addresses of the devices so it can forward the packets reliably The purpose of the Learned MAC Table is to store and...

Page 62: ...entication entries and all RIPv1 messages are automatically rejected Supplier The RIP Supplier has two functions It transmits route updates over every RIP Supplier interface at the interval specified by Supply Interval see below It transmits route updates in response to specific requests from other routers Listener The RIP Listener listens and processes all RIP messages it receives from other RIP ...

Page 63: ...seconds This timer specifies how often the RIP sends announcements as a RIP Supplier Range for Supplier Interval field is 0 2147483647 default value is 30 Expire Timeout This field allows you to enter the Expire Timeout in seconds This timer specifies the expiration time of a route When a route has not been updated for more than the expire period of time it is removed from the Route Table This rou...

Page 64: ... any PPP user defined sessions maximum of 16 Enable This field allows you to Enable Yes or Disable No the specified interface for RIP Supplier This field allows you to select the Supplier Mode RIP Transmit Disabled The supplier transmit is disabled V1 BC The supplier transmits in RIPv1 Broadcast V2 BC The supplier transmits in RIPv2 Broadcast V2 MC The supplier transmits in RIPv2 Multicast Listene...

Page 65: ...Wireless ADSL Modem User s Manual 61 Current RIP Settings This field displays the each interface s RIP status ...

Page 66: ...management stations NMS network management protocols and a management information base MIB An SNMP agent is a node that resides on the network typically a computer or a router The SNMP agent is controlled and configured by the NMS by sending SNMP messages between one another SNMP agents are logged and identified in a Management Information Base MIB in which they are identified by an object identif...

Page 67: ...y can be up to 127 characters Default is public Write Community This is the password to access private information The Write Community can be up to 127 characters Default is private Trap Community This is the password to access and view SNMP traps The Trap Community can be up to 127 characters Default is trap community Trap SNMP Version Select from Version 1 or Version 2 Default is Version 1 Trap ...

Page 68: ... PPP IGMP and SNTP HTTP Server Access This field allows you to configure where these Web pages can be accessed from All When this field is checked it allows both WAN and LAN access to the Web pages This is the system default Restricted LAN This field allows the Web pages access from LAN side Restricted WAN Specified IP Subnet Mask This field allows the Web access from WAN side with a specify IP an...

Page 69: ...AN side FTP access This will disable WAN side access to the FTP server default is Disabled TFTP server This field allows you to enable or disable the TFTP connection System default is Disabled An example for the TFTP client updating the vxworks z product image code is DMZ A DMZ De Militarized Zone is added between a protected network and an external network in order to provide an additional layer ...

Page 70: ...erver runs on WAN side To have this function working properly please disable the NAT to run on router mode only disable the DHCP server on the LAN port and make sure the routing table has the correct routing entry DHCP Relay Target IP If DHCP Relay is enabled DHCP requests are relayed to DHCP Target IP on the WAN side IGMP Proxy This is the global setting for IGMP Proxy If it is enabled then the e...

Page 71: ...when ADSL link is up If this option is enabled the bridge router will connect the PPP session whenever an ADSL connection is established If this option is disabled the PPP session will not connect whenever the ADSL Showtime is reached System default is Enabled Note For more information clarification please refer to Section 4 4 PPP Configuration SNTP Simple Network Time Protocol is a efficient meth...

Page 72: ...ins information that is dynamic and will refresh every 2 seconds Reset Counters This button allows user to reset the TCP Status counter General Total Packets Data Packets Data Bytes Out of Order Packets Out of Order Bytes Discarded Packets Bad Checksum Bad Offset Header Too Short Connections Initiated Accepted Established Closed ...

Page 73: ...iguration The Admin Password Configuration page allows you to set the password for administrator The Admin password is same as the FTP password so it must have at least 8 characters for the FTP to work The Admin password can be up to 65 characters excluding ...

Page 74: ...Wireless ADSL Modem User s Manual 70 Reset to Factory Default The Reset to Factory Default page allows you to reset the ADSL Bridge Router to original factory default configuration ...

Page 75: ... again a few minutes after this test is completed Your ADSL bridge Router needs up to one minute to establish the ADSL connection depending on your phone line quality If this test returns FAIL make sure your phone line is connected to your ADSL Bridge Router secured and also check with your service provider to see if your service is activated If this test returns FAIL all other tests will be skipp...

Page 76: ...provider make sure the VPI and the VCI settings of the current VC are configured correctly This test returns SKIPPED if the AAL5 Connection test does not return PASS Test PPP Layer Connection This test returns PASS if your login name and password have passed authentication with your service provider If this test returns FAIL run this test again a few minutes after this test is completed especially...

Page 77: ...ervice provider by PPP or DHCP negotiation If this test returns FAIL run this test again a few minutes after this test is completed If this test returns FAIL consistently and your ADSL Bridge Router seems to not be working check to make sure your statically assigned primary DNS IP address is configured correctly or DHCP client is enabled with the current VC This test returns N A if there is no DNS...

Page 78: ...og This field allows you to clear the current contents of the System Log Save Log This field allows you to save the current contents of the System Log by right click HERE and select Save Target As to save it into a text file The System Log records ADSL Layer ADSL Link detected ADSL Link connected ADSL Link disconnected ATM Layer ATM detected ATM connected ATM disconnected ATM setting up VPI VCI ...

Page 79: ...P IP address PPP Gateway IP address PPP DNS Primary IP address PPP DSN Secondary IP address Local Code Image Update The Code Image Update page allows you to upgrade the image code locally Browse the location of file firmware dlf or bootrom dlf file and click the Upload to start the update The ADSL Bridge Router will reboot as part of the process of updating code ...

Page 80: ...he firewall is located at the point of entry for the network All data inbound and outbound must pass through the firewall for inspection Advanced Options This section contains options for protecting against particular wellknown attacks as well as documenting those attacks as they occur Firewall Databases This section allows you to create groups based on IP addresses subnet masks ports and time The...

Page 81: ... in order to prevent authorized and legitimate users to access network resources Basic Protection IP Spoofing checking IP spoofing is when an unauthorized user inserts the IP address of an authorized user into the IP packets in order to gain access to a network Selecting this option will allow the firewall to check for and filter out this discrepancy Ping of Death checking Ping of Death is a type ...

Page 82: ...SYN Flooding checking SYN Flooding is a type of DoS attack that is accomplished by not sending the final acknowledgement to the receiving server s SYN ACK SYNchronize ACKnowledge in the final part of the handshake process This causes the serve to keep signaling until it is timed out When a flood many of these attacks are sent simultaneously the server will probably overload and crash Enable SYN Fl...

Page 83: ...ds erroneous OOB Out of Band data that Windows is unable to process causing the target computer to crash Enable this if you are running an early 95 or NT version of Windows that is vulnerable to this attack Hacker Log This page allows you to configure which Protection Policy see previous section violations to log for admin viewing Alert Log Enable Disable for SYN Flooding Ping of Death IP Spoofing...

Page 84: ... Policies Enabling this will add Allow Policy acceptances to the log Allow Policies are discussed later in the Inbound Outbound policy section Log Database Properties Log Frequency This field lets you specify how many records to keep of each event Default is 100 Range for Log Frequency Field is 1 65535 Service Filtering Service Filtering allows you to disable service requests from certain sources ...

Page 85: ...ternal Network FTP from External Network DNS from External Network IKE from External Network RIP from External Network DHCP from External Network IP Group The IP Group lets you specify IP Addresses Single or Range and Subnet Masks and assign them to a group name for easy use when configuring inbound and outbound policies for the firewall ...

Page 86: ...o group a range of IP ddresses or subnet masks in which case this is the end address of that range whereas the IP addr 1 is the first address of that range IP Mask This field allows you to specify the address type assigned to the group Single IP This will let you specify one IP address for a given group IP Range This will let you specify a range of IP addresses for a given group starting with IP a...

Page 87: ...onfiguring inbound and outbound policies for the firewall Service Entry Name This is the name you assign to the group containing the port number The Service Name Entry can be up to 19 characters TCP UDP This specifies whether the port goes through TCP or UDP Port This is the port number associated with the group name Range for Port is 1 65535 ...

Page 88: ...use when configuring inbound and outbound policies for the firewall Time Window Name This is the name you assign to the group that is given the time designation The Time Window Name can be up to 19 characters Time Period This field allows you to specify the time period for both start time and end time by selecting the day hour minute and AM PM ...

Page 89: ...cy Database will be displayed in place of the table IP Address This field specifies the IP address or addresses to which the policy applies Both the source IP SrcIP and destination IP DesIP are specified here Port This field specifies the Port number to which the policy applies Both the source port SrcPort and destination port DesPort are specified here Prot Short for protocol this is the protocol...

Page 90: ...apply the policies in order from the top of the table to the bottom It is critical for both security and user accessibility to the WAN to have inbound policies in the correct order See Section 6 9 1 for an example of this Edit Clicking this button will display a table similar to the add table see below to the bottom of the policy table that will allow you to modify the corresponding policy Delete ...

Page 91: ...ond IP Address entry field Mask Range Selecting this will enable you to select a range of Subnet Masks to which the policy will apply The first Subnet Mask in the range must be entered into the first IP Address entry field and the last Subnet Mask in the range must be entered into the second IP Address entry field Dest IP This specifies the Destination IP for the Inbound Policy This is the interna...

Page 92: ...l through the Dest Port to the Dest IP All of these are specified above and must be configured by the user Deny Selecting this will cause the policy to deny packet transfer from the Src IP through the Src Port to travel through the Dest Port to the Dest IP All ofthese are specified above and must be configured by the user Time Window Filtering This field allows you to select a certain time frame f...

Page 93: ...e table IP Address This field specifies the IP address or addresses to which the policy applies Both the source IP SrcIP and destination IP DesIP are specified here Port This field specifies the Port number to which the policy applies Both the source port SrcPort and destination port DesPort are specified here Prot Short for protocol this is the protocol to which the policy applies Act Short for a...

Page 94: ...the table to the bottom It is critical for both security and user accessibility to the WAN to have outbound policies in the correct order See Section 6 9 1 for an example of this Edit Clicking this button will display a table similar to the add table see next page to the bottom of the policy table that will allow you to modify the corresponding policy Delete This will delete the corresponding poli...

Page 95: ...ll apply The first Subnet Mask in the range must be entered into the first IP Address entry field and the last Subnet Mask in the range must be entered into the second IP Address entry field Dest IP This specifies the Destination IP for the Inbound Policy This is the external WAN side outside of the firewall IP address or addresses and subnet mask s that will be affected by the policy See Src IP a...

Page 96: ...c IP through the Src Port to travel through the Dest Port to the Dest IP All of these are specified above and must be configured by the user Deny Selecting this will cause the policy to deny packet transfer from the Src IP through the Src Port to travel through the Dest Port to the Dest IP All of these are specified above and must be configured by the user Time Window Filtering This field allows y...

Page 97: ... all access to FTP Server 10 0 0 6 on the weekend Converting the access requirements from above so that the Inbound Policy can understand them yields the following Deny access from any Src WAN IP to any Des LAN IP through any source or destination port and through all protocols Allow access from any Src WAN IP to any Des LAN IP through port 80 HTTP through TCP Deny access from Src WAN IP 204 35 82...

Page 98: ...ible Outbound Policy Sample Configuration You want to deny all access to the WAN except for the following HTTP access from any IP through TCP Any access from 10 0 0 3 through any protocol FTP Access from 10 0 0 3 10 0 0 6 through any protocol Converting the access requirements from above so that the Outbound Policy can understand them yields the following Deny all access from any Src LAN IP to any...

Page 99: ...ess ADSL Modem User s Manual 95 Allow access from Src LAN IP range 10 0 0 3 10 0 0 6 to any Des WAN IP through port 20 FTP through any protocol The configuration should look like the following when complete ...

Page 100: ...rtual Circuit 0 LAN Configuration LAN IP 10 0 0 2 LAN subnet mask 255 0 0 0 DHCP server Disabled DHCP address pool selection User Defined User defined start address 10 0 0 3 User defined end address 10 0 0 14 Lease Time 0 User mode Multi user Ethernet mode Autosense NAT Configuration NAT Configuration Disabled DNS Configuration DNS proxy selection Use auto discovered DNS servers only Preferred DNS...

Page 101: ... 0 0 0 Encapsulation 1483 Bridged IP LLC Bridged Disabled IGMP Disabled PPP Service Name N A PPP User Name N A PPP password N A DHCP Client Enabled Host name N A Virtual Circuit 0 LAN Configuration LAN IP 10 0 0 2 LAN subnet mask 255 0 0 0 DHCP server Enabled DHCP address pool selection User Defined User defined start address 10 0 0 3 User defined end address 10 0 0 14 Lease Time 0 User mode Multi...

Page 102: ... Provided by ISP VC Setting Enabled VPI Provided By ISP VCI Provided By ISP Static IP Address Provided by ISP Subnet Mask Provided by ISP Encapsulation 1483 Bridged IP LLC Bridged Disabled IGMP Disabled PPP Service Name N A PPP User Name N A PPP password N A DHCP Client Disabled Host name N A Virtual Circuit 0 LAN Configuration LAN IP 10 0 0 2 LAN subnet mask 255 0 0 0 DHCP server Enabled DHCP add...

Page 103: ...P Relay Disabled IGMP proxy Disabled PPP reconnect on WAN access Disabled Router Mode PPPoA Configuration RFC2364 WAN Configuration Default Gateway 0 0 0 0 VC Setting Enabled VPI Provided By ISP VCI Provided By ISP Static IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Encapsulation PPPoA VC Mux Bridged Disabled IGMP Disabled PPP Service Name N A Required by some ISPs PPP User Name Provided by ISP PPP pass...

Page 104: ...WAN side HTTP server Disabled FTP server Disabled TFTP server Disabled HTTP server port 80 DMZ Disabled DMZ Host IP 0 0 0 0 DNS Proxy Enabled DHCP Relay Disabled IGMP proxy Disabled PPP reconnect on WAN access Enabled Router Mode PPPoE Configuration RFC2516 WAN Configuration Default Gateway 0 0 0 0 VC Setting Enabled VPI Provided By ISP VCI Provided By ISP Static IP Address 0 0 0 0 Subnet Mask 0 0...

Page 105: ...election Tip Ring RIP Configuration RIP Disabled Supplier True Gateway False Multicast False Interval 30 seconds Misc Configuration WAN side HTTP server Disabled FTP server Disabled TFTP server Disabled HTTP server port 80 DMZ Disabled DMZ Host IP 0 0 0 0 DNS Proxy Enabled DHCP Relay Disabled IGMP proxy Disabled PPP reconnect on WAN access Enabled Router Mode Configuration with Classical IP over A...

Page 106: ...ion NAPT DNS Configuration DNS proxy selection Use auto discovered DNS servers only Preferred DNS Server Provided by ISP Alternate DNS Server Provided by ISP ADSL Configuration Trellis Enabled Handshake protocol Autosense G dmt first Wiring Selection Tip Ring RIP Configuration RIP Disabled Supplier True Gateway False Multicast False Interval 30 seconds Misc Configuration WAN side HTTP server Disab...

Reviews: