VisionNet
202ER ADSL Ethernet Router
User’s Manual
Revision 1.1
February 27, 2003
Page 1: ...VisionNet VisionNet VisionNet VisionNet 202ER ADSL Ethernet Router User s Manual Revision 1 1 February 27 2003...
Page 2: ...Connecting the Hardware 15 Step 1 Connect the ADSL cable and optional telephone 16 Step 2 Connect the Ethernet cable 17 Step 3 Attach the power connector 17 Step 4 Turn on the VisionNet 202ER and powe...
Page 3: ...he System Date and Time 34 Changing the System Date and Time 34 Changing Your Login Password 35 Committing Your Changes and Rebooting the Device 36 Committing your changes 36 Rebooting the device usin...
Page 4: ...tions 61 Adding NAT Rules 63 The napt rule Translating between private and public IP addresses 63 The rdr rule Allowing external access to a LAN computer 65 The basic rule Performing 1 1 translations...
Page 5: ...6 12 Configuring the ATM VCC 87 Viewing Your ATM VC Setup 87 Adding ATM VCs 88 Modifying ATM VCs 90 13 Configuring PPP Interfaces 91 Viewing Your Current PPP Configuration 91 Viewing PPP Interface Det...
Page 6: ...uring IP Filters 117 Overview 117 Viewing Your IP Filter Configuration 117 Configuring IP Filter Global Settings 118 Creating IP Filter Rules 119 IP filter rule examples 124 Viewing IP Filter Statisti...
Page 7: ...rence to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television recep...
Page 8: ......
Page 9: ...d to use the Configuration Manager Contact your ISP to determine which settings you may need to change if any Accessing the Configuration Manager The Configuration Manager program is preinstalled into...
Page 10: ...k 3 The first time you launch the program use these defaults Default User Name admin Default Password visionnet Note You can change the password at any time see Changing Your Login Password on page 35...
Page 11: ...lick on a new tab The same task may appear in more than one tab when appropriate For example the Lan Config task displays in both the LAN tab and the Routing tab Commonly used buttons The following bu...
Page 12: ...about the VisionNet 202ER hardware and software versions the system uptime since the last reboot and the preconfigured operating mode DSL Displays performance statistics for the DSL line You can clic...
Page 13: ...me properties of these interfaces as described in Chapter 5 Services Summary Displays the following service that the VisionNet 202ER performs to help you manage your network o Translating private IP a...
Page 14: ...ect the date and time on your PCs Follow these instructions to change the date and time 1 At the bottom of the System View page click The System Modify page displays in a separate browser window Figur...
Page 15: ...in Chapter 12 To change the Configuration Manager login password 1 Click the Password Configuration in the Admin tab The User Password Configuration page displays by default Figure 10 User Password C...
Page 16: ...aves your changes from RAM to permanent storage called flash memory Note Submitting changes saves them only until the device is reset or powered down Committing changes saves them permanently Follow t...
Page 17: ...ng any changes you just committed Reboot from Backup Configuration Reboots the device using settings stored in backup memory These are the settings that were in effect before you committed new setting...
Page 18: ...at the top of the LAN Configuration page and cannot be changed by the user Configuring the LAN IP Address The LAN IP address identifies the LAN port eth 0 as a node on your network that is its IP add...
Page 19: ...Follow these steps to change the default LAN IP address or to configure the LAN port as a DHCP client 1 Launch Configuration Manager and then click the LAN Config The LAN Configuration page displays a...
Page 20: ...you LAN such as DHCP and NAT you will want to assign a fixed LAN IP address and mask This ensures that your LAN computers have a fixed address that they use to communicate with the device The IP addr...
Page 21: ...ADSL Ethernet router will initiate a request for an IP address from your LAN s DHCP server Assuming a different IP address is assigned your current connection will be terminated 4 Reconfigure your PC...
Page 22: ...dresses network masks Net Mask and interface names IF Name for each of its IP enabled interfaces The listed IP addresses may include The IP address of the device s LAN Ethernet port called eth 0 See C...
Page 23: ...for transmission You will not typically need to view this data but you may find it helpful when working with your ISP to diagnose network and Internet data transmission problems To view global IP sta...
Page 24: ...ach LAN PC with an IP address or you specified that it will receive IP information dynamically automatically If you chose to have the information assigned dynamically then you configured your PCs as D...
Page 25: ...ISP performs the DCHP server function for your network then you can configure the device as a DHCP relay agent When the VisionNet 202ER receives a request for Internet access from a computer on your n...
Page 26: ...r detailed instructions see the Quick Start chapter Part 2 Configuring Your Computers Next you define the pools of IP addresses you want to make available for distribution to your computers These addr...
Page 27: ...VisionNet 202ER ADSL Ethernet Router User s Guide 48 Figure 16 DHCP Server Pool Add Page...
Page 28: ...e Appendix A You can use the network mask to distinguish which pool of addresses should be distributed to a particular subset of computers on your LAN called a subnet Domain Name A user friendly name...
Page 29: ...address pool click A page displays with all the same information you entered when adding the pool To modify the domain name associated with an IP address pool or to exclude addresses from the pool cl...
Page 30: ...t has been leased from the pool Netmask The network mask associated with the leased address which identifies the network ID and host ID portions of the address see Appendix A Mac Address A hardware ID...
Page 31: ...xt you specify the IP address of the DHCP server and select the interfaces on your network that will be using the relay service 2 Launch the Configuration Manager click DHCP Relay in the LAN tab The D...
Page 32: ...set the DHCP mode only after you have configured DHCP relay or DHCP server settings See Configuring DHCP Server on page 47 or Configuring DHCP Relay on page 52 for additional instructions Follow thes...
Page 33: ......
Page 34: ...e VisionNet 202ER you set up a NAT rule to specify that whenever one of your computers communicates with the Internet that is it sends and receives IP data packets its private IP address which is refe...
Page 35: ...e addresses anyway The type of NAT function described above is called network address port translation napt You can use other types called flavors of NAT for other purposes for example providing outsi...
Page 36: ...20 NAT Configuration Page The NAT Configuration page contains the following elements The NAT Options drop down list which provides access to the Global Information page shown by default the NAT Rule C...
Page 37: ...ol the translation will no longer be performed if no matching data packets are received after the specified time has elapsed UDP Timeout sec Same as TCP Idle Timeout but for UDP packets ICMP Timeout s...
Page 38: ...ernet Router User s Guid 59 Figure 21 NAT Rule Global Statistics Page The table provides basic information for each NAT rule you have set up You can click to restart the accumulation of the statistics...
Page 39: ...fields refer to the instructions for adding a rule of the specified flavor pages 63 through 72 From the NAT Rule Configuration page you can click to add a new rule or use the icons in the right colum...
Page 40: ...tion session Rule ID The ID of the NAT rule invoked Interface The device interface on which the NAT rule was invoked from the rule definition Protocol The IP protocol used by the data packets that are...
Page 41: ...h the private IP address was translated In Address The private IP address that was translated Out Address The IP address of the outside destination web ftp site etc In Out Packets The number of incomi...
Page 42: ...s the source port numbers to port numbers that are defined on the NAT Global Configuration page see page 57 The Introduction to NAT on page 55 describes how the napt rule works 1 Click NAT in the Virt...
Page 43: ...be translated type 0 zero in each From field and 255 in each To field If you have several non sequential private addresses you can create an additional napt rule for each address These addresses shou...
Page 44: ...eb server Your ADSL Ethernet router receives a packet containing a request for access to your Web server The packet header contains the public address for your LAN as the destination IP address and a...
Page 45: ...col number 4 In the Local Address From and Local Address To fields type the same private IP address or the lowest and highest addresses in a range If you type the same IP address in both fields incomi...
Page 46: ...on your LAN you would expect that incoming packets destined for that computer would contain the port number 80 This setting serves as a filter data packets not containing this port number would not be...
Page 47: ...IC as the Rule Flavor and enter a Rule ID 2 Select the interface on which this rule will be effective 3 Select a protocol to which this rule applies or choose ALL This selection specifies which type o...
Page 48: ...63 to submit your changes The filter rule Configuring a basic rule with additional criteria Like the basic flavor the filter flavor translates public and private IP addresses on a one to one basis The...
Page 49: ...the starting and ending address that identify the range of public IP addresses to translate your private addresses to Or type the same address in both fields if you also specified a single address in...
Page 50: ...going direction the private source IP address in a data packet is translated to the LAN s public IP address To the rest of the Internet it appears as if the data packet originated from the public IP a...
Page 51: ...ss In you want a specific IP address or range of addresses to not be subject to an existing rule say rule ID 5 then you can create a pass rule with ID 1 through 4 Follow these instructions to add a pa...
Page 52: ...own or is encountering heavy traffic ISPs typically provide primary and secondary DNS addresses and may provide additional addresses Your LAN PCs learn these DNS addresses in one of the following ways...
Page 53: ...is option provides the advantage that you will not need to reconfigure the PCs or the ADSL Ethernet router if the ISP changes their DNS addresses Configured on the ADSL Ethernet router You can use the...
Page 54: ...ck Save and Reboot in the Save Setting tab 4 Click to save your changes to permanent memory Note DNS addresses that are assigned to LAN PCs prior to enabling DNS relay will remain in effect until the...
Page 55: ......
Page 56: ...ix in the number you dialed the middle set of three numbers and connect to a more localized switchboard that handles numbers with that prefix This final switchboard can then look at the last four digi...
Page 57: ...intelligently If it cannot determine which of these devices provides a good next hop because no such route has been defined then that device will forward the data to its default gateway Eventually a...
Page 58: ...the System Status tab and then click Routing Table in the task bar The IP Route page displays by default as shown in Figure 32 IP Route Table Page Figure 32 IP Route Table Page The IP Route Table dis...
Page 59: ...ess to send data to when its final destination is that shown in the destination column IFName Displays the name of the interface on the device through which data is forwarded to the specified next hop...
Page 60: ...or your LAN enter 0 0 0 0 in both the Destination and Net Mask fields Enter your ISP s IP address in the Gateway NextHop field Note that you cannot specify the interface name route type or route origi...
Page 61: ......
Page 62: ...ding devices that can access it from remote locations such as the computers telecommuters use Using RIP each device sends its routing table to its closest neighbor every 30 seconds The neighboring dev...
Page 63: ...en this page the table may be empty 2 If necessary change the Age and Update Time These are global settings for all interfaces that use RIP Age is the amount of time in seconds that the device s RIP t...
Page 64: ...n s in which information must be passed to the VisionNet 202ER in order for it to be accepted into its routing table RIP version 1 is the original RIP protocol Select RIP1 if you have devices that com...
Page 65: ...the RIP Configuration page you can click to view statistics on attempts to send and receive route table data over RIP enabled interfaces on the VisionNet 202ER Figure 35 RIP Global Statistics Page You...
Page 66: ...r Mode ATM On the Wide Area Network WAN that connects you to your ISP the ATM protocol performs functions like those that the Ethernet protocol performs on your LAN This chapter describes how to confi...
Page 67: ...ion between your ADSL Ethernet router and your ISP Max Proto per AAL5 If you are using an AAL5 type of interface this setting indicates the number of higher level interfaces that the VC can support th...
Page 68: ...etting tab 7 Click to save your changes to permanent memory The new interface should now display in the ATM VCC Configuration table You may need to create a new WAN interface or modify an existing int...
Page 69: ...VCC Interface Modify Page 2 Enter the new VPI and VCI values select the MUX type or change the maximum number of protocols that the VC can carry as directed by your ISP You cannot modify the interface...
Page 70: ...may not use the PPP protocol Contact your ISP to determine if you will need to change the default settings in order to connect to their server Viewing Your Current PPP Configuration To view your curr...
Page 71: ...ace are subject to the most restrictive set of firewall protections defined in the software o A private interface connects to your LAN such as the Ethernet interface Packets received on a private inte...
Page 72: ...be distributed to clients of the device s DHCP server This option is useful only when the ADSL Ethernet Router is configured to act as a DHCP Server for your LAN When set to Disable LAN hosts will use...
Page 73: ...be established for use when the device is turned on or rebooted o Disabled The PPP interface cannot currently be used o Start On Data The PPP connection will be made only when data is sent to the int...
Page 74: ...d specified on the PPP Configuration page o Auth Failure The ISP could not authorize the connection based on the user name and or password provided o PADT recvd The ISP issued a special packet type to...
Page 75: ...PPP Configuration Page click The PPP Interface Add page displays as shown in Figure 41 Figure 41 PPP Interface Add Page 2 Select a PPP interface name from the drop down list and then enter or select d...
Page 76: ...your login name and your password To modify the other settings you must delete the interface and create a new one To modify the other settings you must delete the interface and create a new one To de...
Page 77: ...d flexible devices than bridges and often provide a variety of security and network administration services Using the Bridging Feature Although the VisionNet 202ER is preconfigured to serve as a route...
Page 78: ...Configuration Page The table may be empty if bridging has not yet been established 2 Select the interface names on which you want to perform bridging and click For example select eth 0 LAN and eoa 0...
Page 79: ...interface has been assigned an IP address by displaying the EOA configuration table display the WAN tab and then click EOA If the Config IP Address field is empty and the Use DHCP field contains the w...
Page 80: ...who should be automatically notified Configuring Global Firewall Settings Follow these instructions to configure global firewall settings 1 Launch Configuration Manager click Firewall in the Security...
Page 81: ...address o Land Attack Sending packets that use the same address as the source and destination address o Ping of Death Illegal IP packet length DoS Protection Click the Enable radio button to use the...
Page 82: ...ttempted firewall violations Type the addresses in standard internet e mail address format e g jxsmith onecompany com The e mail message will contain the time of the violation the source address of th...
Page 83: ...he Firewall Configuration page The Black List page displays as shown in Figure 49 Figure 49 Firewall Blacklisted Hosts Page The table displays the following information for each entry Field Descriptio...
Page 84: ...eets criteria set forth in the rule The criteria can include the size of the packet the network or internet protocol it is carrying the direction in which it is traveling for example from the LAN to t...
Page 85: ...A public interface typically connects to the Internet PPP EoA and IPoA interfaces are typically public Packets received on a public interface are subject to the most restrictive set of firewall protec...
Page 86: ...ou set various criteria that must be met in order for the rule to be invoked Use these instructions to add a new IP filter rule and refer to the examples on page 124 for assistance 1 On the main IP Fi...
Page 87: ...mples on page 124 for suggestions on choosing the appropriate interface for various rule types In Interface Specifies the interface from which packets must have been forwarded to the interface specifi...
Page 88: ...specified address lteq any source IP address that is numerically less than or equal to the specified address gt any source IP address that is numerically greater than the specified address eq any sou...
Page 89: ...protocol criteria See the description of Src IP Address for the selection options Dest Port Specifies port number criteria for the destination computer s i e the port number of the type of computer t...
Page 90: ...be applied to packets whether or not they contain fragments assuming that they match the other criteria IP Option Pkt Determines whether the rule should apply to IP packets that have options specified...
Page 91: ...t memory IP filter rule examples Example 1 Blocking a specific computer on your LAN from using accessing web servers on the Internet 1 Add a new rule for outgoing packets on the ppp 0 interface from a...
Page 92: ...at the packet must contain the TCP protocol and must be destined for port 23 the well known port number used for the Telnet protocol 3 Enable the rule by clicking the radio button at the top of the pa...
Page 93: ...t the count to zero and to display newly accumulated data Managing Current IP Filter Sessions When two computers communicate using the IP protocol an IP session is created for the duration of the comm...
Page 94: ...interface on which the IP Filter rule is effective IP Address The IP addresses involved in the communication The first one shown is the initiator of the communication Port The hardware addresses of th...
Page 95: ......
Page 96: ...y using root as both the user ID and password Otherwise you can reset the device to the default configuration by pressing the Reset button on the back panel of the device using a pointed object such a...
Page 97: ...LAN or a public IP address for an Internet site if known If the target computer receives the message a Command Prompt window displays like that shown in Figure 59 Figure 59 Using the ping Utility If...
Page 98: ...mputers you can execute the nslookup command from the Start menu Click the Start button and then click Run In the Open text box type the following nslookup Click A Command Prompt window displays with...
