background image

47

Home

WPA-PSK

One of the easiest ways to enable Privacy on your Wireless network is by selecting 

WPA-PSK

 (Wi-Fi Protected Access) from the pull-down menu.

The screen expands to allow you to enter a 

Pre Shared Key

. The key can be between 8 

and 63 characters, but for best security it should be at least 20 characters. When you have 
entered your key, click the 

Save Changes

 button.

Summary of Contents for Netopia 2200

Page 1: ...Administrator s Handbook Motorola Netopia Embedded Software Version 7 7 4 Qwest ...

Page 2: ... or expressed including but not limited to the implied warranties of merchantability and fitness for a particular purpose Motorola may make improvements or changes in the product s described in this manual at any time MOTOROLA and the Stylized M Logo are regis tered in the US Patent Trademark Office Microsoft Windows Windows Me and Windows NT are either trademarks or registered trademarks of Micro...

Page 3: ...lities 11 Wide Area Network Termination 12 Simplified Local Area Network Setup 14 Management 16 Security 18 CHAPTER 2 Basic Mode Setup 25 Important Safety Instructions 26 Set up the Motorola Netopia Gateway 27 Configure the Motorola Netopia Gateway 31 Motorola Netopia Gateway Status Indicator Lights 34 Accessing the Web User Interface 35 Links Bar 36 Home 37 Wireless 39 Gaming 58 Advanced Setup 65...

Page 4: ...125 Status 144 Diagnostics 149 Remote Access 151 Update Router 152 Reset Router 153 Restart Router 154 Basic Mode 155 Help 156 CHAPTER 4 BasicTroubleshooting 157 Status Indicator Lights 158 Factory Reset Switch 161 CHAPTER 5 Command Line Interface 163 Overview 165 Starting and Ending a CLI Session 168 Using the CLI Help Facility 169 About SHELL Commands 170 SHELL Commands 171 About CONFIG Commands...

Page 5: ...l Specifications and Safety Information 333 Description 333 Agency approvals 335 Manufacturer s Declaration of Conformance 336 Important Safety Instructions 338 47 CFR Part 68 Information 339 Electrical Safety Advisory 340 Copyright Acknowledgments 341 Index 345 ...

Page 6: ...Table of Contents 6 ...

Page 7: ... of Administrator s Handbook Dedicated Quickstart guides Specific White Papers The documents are available in electronic form as Portable Document Format PDF files They are viewed and printed from Adobe Acrobat Reader Exchange or any other applica tion that supports PDF files They are downloadable from Netopia s website http www netopia com NOTE This guide describes the wide variety of features an...

Page 8: ... functions and procedures are discussed in detail Chapter 4 Basic Troubleshooting Gives some simple suggestions for trouble shooting problems with your Gateway s initial configuration Chapter 5 Command Line Interface Describes all the current text based com mands for both the SHELL and CONFIG modes A summary table and individual com mand examples for each mode is provided Chapter 6 Glossary Chapte...

Page 9: ...talic monospaced Menu commands bold italic sans serif Web GUI page links and button names terminal Computer display text bold terminal User entered text Italic Italic type indicates the complete titles of manuals Convention Graphics Description Denotes an excerpt from a Web page or the visual truncation of a Web page Denotes an area of emphasis on a Web page Convention Description straight bracket...

Page 10: ...es separated with vertical bars Alternative values for an argument are presented in curly brackets with values separated with vertical bars bold terminal type face User entered text italic terminal type face Variables for which you supply your own values ...

Page 11: ...on into your home personal computer UPnP feature allows ease of connection with many compatible networked devices Management on page 16 A Web server built into the Motorola Netopia Operating System makes setup and maintenance easy using standard browsers Diagnostic tools facilitate troubleshooting Security on page 18 Network Address Translation NAT password protection Stateful Inspection firewall ...

Page 12: ...to scramble a challenge string 2 The password is a shared secret known by both peers 3 The unit sends the scrambled challenge back to the peer PAP a less robust method of authentication sends a username and password to a PPP server to be authenticated PAP s username and password pair are not encrypted and are therefore sent unscrambled Instant On PPP You can configure your Gateway for one of two t...

Page 13: ...there has been no traffic for the configured number of seconds it disconnects the link When new traffic that is destined for the Internet arrives at the Gateway the Gateway will instantly re establish the link Your service provider may be using a system that assigns the Internet address of your Gateway out of a pool of many possible Internet addresses The address assigned varies with each connecti...

Page 14: ...assle of configuring an IP address DNS Proxy Domain Name System DNS provides end users with the ability to look for devices or web sites by typing their names rather than IP addresses For web surfers this technology allows you to enter the URL Universal Resource Locator as text to surf to a desired web site The Motorola Netopia DNS Proxy feature allows the LAN side IP address of the Gateway to be ...

Page 15: ...e device and its services control the device and sub scribe to real time event notification PCs using UPnP can retrieve the Gateway s WAN IP address and automatically create NAT port maps This means that applications that sup port UPnP and are used with a UPnP enabled Motorola Netopia Gateway will not need application layer gateway support on the Motorola Netopia Gateway to work through NAT By def...

Page 16: ...eway s visual LED indicator lights you can run an extensive set of diagnostic tools from your Web browser Two of the facilities are Automated Multi Layer Test The Run Diagnostics link initiates a sequence of tests They examine the entire functionality of the Gateway from the physical connections to the data traffic Network Test Tools Three test tools to determine network reachability are available...

Page 17: ...nagement NOTE Your Service Provider may request information that you acquire from these var ious diagnostic tools Individual tests may be performed at the command line See Command Line Interface on page 163 ...

Page 18: ... or invoke maintenance functions Network Address Translation NAT The Motorola Netopia Gateway Network Address Translation NAT security feature lets you conceal the topology of a hard wired Ethernet or wireless network connected to its LAN interface from Gateways on networks connected to its WAN interface In other words the end computer stations on your LAN are invisible from the Internet Only a si...

Page 19: ...P IP router all LAN computers devices are exposed to the Internet A diagram of a typical NAT enabled LAN follows NOTE 1 The default setting for NAT is ON 2 Motorola uses Port Address Translation PAT to implement the NAT facility 3 NAT Pinhole traffic discussed below is always initiated from the WAN side WAN Interface LAN Ethernet Interface Motorola Netopia Gateway NAT Internet Embedded Admin Servi...

Page 20: ...ge the internal server ports for Web and Telnet of the Gateway if you wanted to have these services on the LAN using pinholes or the Default server Pinhole configuration rules provide an internal port forwarding facility that enables you to eliminate conflicts with embedded administrative ports 80 and 23 Default Server This feature allows you to Direct your Gateway to forward all externally initia...

Page 21: ...Sec Pass Through This Motorola Netopia service supports your independent VPN client software in a trans parent manner Motorola has implemented an Application Layer Gateway ALG to support multiple PCs running IP Security protocols This feature has three elements 1 On power up or reset the address mapping function NAT of the Gateway s WAN con figuration is turned on by default 2 When you use your th...

Page 22: ...are starting IPSec sessions they must be started one at a time to allow the associations to be created and mapped VPN IPSec Tunnel Termination This Motorola Netopia service supports termination of VPN IPsec tunnels at the Gateway This permits tunnelling from the Gateway without the use of third party VPN client software on your client PCs Currently one IPSec VPN tunnel is supported on Motorola Net...

Page 23: ... your Gateway even though your actual IP address may change as a result of a PPPoE con nection to the Internet See Dynamic DNS Settings on page 210 Stateful Inspection Firewall Stateful inspection is a security feature that prevents unsolicited inbound access when NAT is disabled You can configure UDP and TCP no activity periods that will also apply to NAT time outs if stateful inspection is enabl...

Page 24: ...24 ...

Page 25: ... and use your Motorola Netopia Gateway The following instructions cover installation in Router Mode This section covers Important Safety Instructions on page 26 Set up the Motorola Netopia Gateway on page 27 Configure the Motorola Netopia Gateway on page 31 Motorola Netopia Gateway Status Indicator Lights on page 34 Accessing the Web User Interface on page 35 Links Bar on page 36 ...

Page 26: ...urce or Class 2 power supply rated 12Vdc Sweden Apparaten skall anslutas till jordat uttag när den ansluts till ett nätverk Norway Apparatet må kun tilkoples jordet stikkontakt USB powered models For Use with Listed I T E Only TELECOMMUNICATION INSTALLATION When using your telephone equipment basic safety precautions should always be followed to reduce the risk of fire electric shock and injury to...

Page 27: ...o connect your Motorola Netopia Gateway to your power source PC or local area network and your Internet access point whether it is a dedicated DSL outlet or a DSL or cable modem Different Motorola Neto pia Gateway models are supplied for any of these connections Be sure to enable Dynamic Addressing on your PC Perform the following ...

Page 28: ...rd or Internet Protocol TCP IP Properties b Windows XP follows a path like this Start menu Control Panel Network and Internet Connections Network Connec tions Local Area Connection Properties Internet Protocol TCP IP Properties Then go to Step 2 Step 2 Select Obtain an IP address automati cally Step 3 Select Obtain DNS server address auto matically if available Step 4 Remove any previously configu...

Page 29: ...t You may not need to configure it at all To check open the Networking Control Panel and select Internet Protocol Version 4 TCP IPv4 Click the Properties button The Internet Protocol Version 4 TCP IPv4 Properties window should appear as shown If not select the radio buttons shown above and click the OK button ...

Page 30: ...path like this Apple Menu Control Panels TCP IP Control Panel b Mac OS X follows a path like this Apple Menu System Prefer ences Network Then go to Step 2 Step 2 Select Built in Ethernet Step 3 Select Configure Using DHCP Step 4 Close and Save if prompted Proceed to Configure the Motorola Netopia Gateway on page 31 ...

Page 31: ...ge appears For security you must create and enter an Administrative password for accessing the Motorola Netopia Gateway The administrative User name is admin The initial Password can be whatever you choose from one to 32 characters long This user name and password are separate from the user name and password you will use to access the Internet You may change them later You will be challenged for t...

Page 32: ...y as an Administrator you enter admin as the User Name and the Password you just created The browser displays the Internet Login page 2 Enter the User Name and Password supplied by your Internet Service Provider Click the Connect button ...

Page 33: ...ser s location box or by selecting one of your favorite Internet bookmarks You can access the Gateway s internal management pages at any time by entering http 192 168 0 1 in your browser s address field The Motorola Netopia Gateway s home page appears If you have any questions or encounter problems with your Motorola Netopia Gateway refer to the detailed documentation on the Motorola Netopia CD or...

Page 34: ...er Green when power is on Red when updating embedded software or for system failure Ethernet 1 2 3 4 Solid green when connected Flash green when there is activity on the LAN Red when bad userid and password are entered Wireless Flashes green when there is activity on the wireless LAN DSL Solid green when Internet connection is established Internet Solid green when router is connected Flashes green...

Page 35: ...r Motorola Netopia Gateway you will access the Motorola Netopia Gateway Home page You access the Home Page by typing http 192 168 0 1 in your Web browser s location box The Basic Mode Home Page appears The links in the left hand column on this page allow you to manage or configure several fea tures of your Gateway Each link is described in its own section ...

Page 36: ...s are available from almost every page allowing you to move freely about the site The headings in the following table are hyperlinks You can click on any heading to read about that feature Home on page 37 Wireless on page 39 Gaming on page 58 Advanced Setup on page 65 Status on page 66 Diagnostics on page 71 Help on page 72 ...

Page 37: ...ays information about the following categories Connection Information Router Information Local Network Click the Help link in the left hand column of links to display a page of explanatory infor mation Help is available for every page in the Web interface ...

Page 38: ... Home Page Links The links in the left hand column of the Home page access a series of pages to allow you to monitor diagnose and update your router The following sections give descriptions of these pages ...

Page 39: ...ess LAN services Wireless ID SSID The Wireless ID is preset to a number unique to your unit You can either leave it as is or change it by entering a freeform name of up to 32 characters for example Hercule s Wire less LAN On client PCs software this might also be called the Network Name The Wire less ID is used to identify this particular wireless LAN Depending on their operating system or client ...

Page 40: ...LAN Privacy The pull down menu for enabling Privacy offers four settings WPA 802 1x WPA PSK WEP Manual and Off No Privacy IT IS STRONGLY RECOMMENDED THAT YOU ENABLE SOME FORM OF PRIVACY FOR THE SECURITY OF YOUR WIRELESS NETWORK See Privacy on page 44 for more information ...

Page 41: ... The pull down menu allows you to select and lock the Gateway into the wireless transmis sion mode you want For compatibility with clients using 802 11b up to 11 Mbps transmis sion and 802 11g up to 20 Mbps select Normal 802 11b g To limit your wireless LAN to one mode or the other select 802 11b Only or 802 11g Only NOTE If you choose to limit the operating mode to 802 11b or 802 11g only clients...

Page 42: ...u At Startup the default setting causes the Motorola Netopia Gateway at startup to briefly initialize on the default channel then perform a full two to three second scan and switch to the best channel it can find remaining on that channel until the next reboot Continuous performs the at startup scan and will continuously monitor the current channel for any other Access Point beacons If an Access P...

Page 43: ...SID of the Motorola Netopia Router In addition if you have enabled WEP or WPA encryption on the Motorola Netopia Router your network clients must also have WEP or WPA encryption enabled and must have the same WEP or WPA encryption key as the Motorola Netopia Router Once the Motorola Netopia Gateway is located by a client computer by setting the client to a matching SSID the client can connect imme...

Page 44: ...If you are not using WPA PSK Privacy you can use WEP Encryption instead For this encryption to work both your Router and each client must share the same Wireless ID and both must be using the same encryption keys WPA 802 1x provides RADIUS server authentication support See RADIUS Server authentication below WPA PSK provides Wireless Protected Access the most secure option for your wire less networ...

Page 45: ...Authentica tion Dial In User Service RADIUS server In conjunction with Wireless User Authentication you can use a RADIUS server database to authenticate users seeking access to the wire less services as well as the authorized user list maintained locally within the Gateway If you select WPA 802 1x the screen expands Click the Configure RADIUS Server button The Configure RADIUS Server screen appears...

Page 46: ... secret should have the same characteristics as a normal password Alt RADIUS Server Addr Name An alternate RADIUS server name or IP address if available Alt RADIUS Server Secret The RADIUS secret key used by this alternate server The shared secret should have the same characteristics as a normal password RADIUS Server Port The port on which the RADIUS server is listening typically the default 1812...

Page 47: ...by selecting WPA PSK Wi Fi Protected Access from the pull down menu The screen expands to allow you to enter a Pre Shared Key The key can be between 8 and 63 characters but for best security it should be at least 20 characters When you have entered your key click the Save Changes button ...

Page 48: ...ting WEP Manual from the Privacy pull down menu You can provide a level of data security by enabling WEP Wired Equivalent Privacy for encryption of network data You can enable 40 128 or 256 bit WEP Encryption depend ing on the capability of your client wireless card for IP traffic on your LAN ...

Page 49: ...128bit and 58 digits for 256bit WEP Hexadecimal characters are 0 9 and a f Examples 40bit 02468ACE02 128bit 0123456789ABCDEF0123456789 256bit 592CA140F0A238B0C61AE162F592CA140F0A238B0C61AE162F21A09C Use WEP encryption key 1 4 Specifies which key the Gateway will use to encrypt transmitted traffic The default is key 1 Click the click Save Changes button Any WEP enabled client must have an identical...

Page 50: ...ple Wireless IDs click the button The Enable Multiple Wireless IDs screen appears to allow you to add up to three addi tional Wireless IDs When the Multiple Wireless SSIDs screen appears check the Enable SSID checkbox for each SSID you want to enable The screen expands to allow you to name each additional Wireless ID and specify a Pri vacy mode for each one ...

Page 51: ...al Wireless IDs are Closed System Mode Wireless IDs see below that will not be shown by a client scan and therefore must be manually configured at the client In addition wireless bridging between clients is disabled for all members of these addi tional network IDs Click the Save Changes button The Gateway will prompt you to restart it ...

Page 52: ... SSIDs One SSID is broadcast by default and has wireless bridging enabled by default Three additional SSIDs are in Closed System Mode and have wireless bridging disabled These network IDs cannot be configured separately in terms of MAC Address filtering You can configure privacy on one SSID and disable it on another SSID ...

Page 53: ...nding on Diffserv priority settings These priorities are mapped into four Access Categories AC in increasing order of priority Background BK Best Effort BE Video VI and Voice VO It requires WiFi Multimedia WMM capable clients usually a separate feature enabled at the client network settings and client PC software that makes use of Differentiated Ser vices Diffserv Refer to your operating system in...

Page 54: ...not recommended that you modify these settings without direct knowl edge or instructions to do so Modifying these settings inappropriately could seriously degrade network performance AIFs Arbitration Interframe Spacing the wait time in milliseconds for data frames cwMin Minimum Contention Window upper limit in milliseconds of the range for deter mining initial random backoff The value you choose m...

Page 55: ...ssions When Operating Mode is B only default values are used and this field is not config urable Click the Save Changes button Wireless MAC Authorization optional MAC Authorization allows you to specify which client PCs are allowed to join the wireless LAN by unique hardware MAC address To enable this feature click the Limit Wireless Access by MAC Address button The MAC Authorization screen appear...

Page 56: ... MAC addresses Click the Add button Once it is enabled only entered MAC addresses that have been set to Allow will be accepted onto the wireless LAN All unlisted addresses will be blocked in addition to the listed addresses with Allow disabled ...

Page 57: ...he Submit button When you are finished adding MAC addresses click the Save Changes button You will be returned to the 802 11 Wireless page You can Add Edit or Delete any of your entries later by returning to this page ...

Page 58: ... the rest of the information on the page is hidden From the Service Name pull down menu you can select any of a large number of pre defined games and software See Supported Games and Software on page 59 1 Once you choose a software service or game click Enable The Enable Service screen appears Select Host Device specifies the machine on which the selected software is hosted 2 Select a PC to host t...

Page 59: ...sted list choose the game or software you want to remove and click the Disable button Supported Games and Software Age of Empires v 1 0 Age of Empires The Rise of Rome v 1 0 Age of Wonders Asheron s Call Baldur s Gate Battlefield Communicator Buddy Phone Calista IP Phone CART Precision Racing v 1 0 Citrix Metaframe ICA Client Close Combat for Windows 1 0 Close Combat A Bridge Too Far v 2 0 ...

Page 60: ...rnet Phone IPSec IPSec IKE Jedi Knight II Jedi Outcast Kali KazaA LimeWire Links LS 2000 Mech Warrior 3 Mech Warrior 4 Vengeance Medal of Honor Allied Assault Microsoft Flight Simulator 98 Microsoft Flight Simulator 2000 Microsoft Golf 1998 Edition v 1 0 Microsoft Golf 1999 Edition Microsoft Golf 2001 Edition Midtown Madness v 1 0 Monster Truck Madness v 1 0 Monster Truck Madness 2 v 2 0 Motocross...

Page 61: ...ggers the feature Click the Next button If you chose Port Forwarding the Port Range entry screen appears Roger Wilco Rogue Spear ShoutCast Server SMTP SNMP SSH server StarCraft Starfleet Command StarLancer v 1 0 Telnet TFTP Tiberian Sun Command and Conquer Timbuktu Total Annihilation Ultima Online Unreal Tournament Server Urban Assault v 1 0 VNC Virtual Network Comput ing Westwood Online Command a...

Page 62: ...l Port Range Range of ports on which incoming traffic will be received Base Host Port The port number at the start of the port range your Router should use when forwarding traffic of the specified type s to the internal IP address Protocol Protocol type of Internet traffic TCP or UDP Click the Next button If you chose Trigger Ports the Trigger Ports entry screen appears ...

Page 63: ...s for inbound traffic Example Set the trigger port to 21 and configure a range of 25 110 You would need to do an outbound ftp before you were able to do an inbound smtp Click the Next button Static NAT This feature allows you to Direct your Router to forward all externally initiated IP traffic TCP and UDP protocols only to a default host on the LAN Enable it for certain situations Where you cannot...

Page 64: ...rmally would be discarded For instance this could be application traffic where you don t know in advance the port or protocol that will be used Some game applications fit this profile From the pull down menu select the address of the PC that you want to be your default NAT destination Click the Next button and your choice will be so designated ...

Page 65: ...r and networking settings Advanced Setup is for advanced users and system administrators and most users will not need to modify these settings If you need to enter Advanced Setup and click the Advanced Setup link the Advanced Setup Home page displays For more information see Advanced Setup on page 73 ...

Page 66: ... List on page 70 DSL When you click DSL the DSL Statistics page appears The DSL Statistics page displays information about the Router s WAN connection to the Internet Line State May be Up connected or Down disconnected Modulation Method of regulating the DSL signal DMT Discrete MultiTone allows con nections to work better when certain radio transmitters are present Data Path Type of path used by t...

Page 67: ...and when seeking technical support Ethernet supported models only When you click Ethernet the Ethernet Statistics page appears The Ethernet Statistics page displays your Router s unique hardware MAC address displays detailed statistics about your LAN data traffic upstream and downstream IP When you click IP the IP Statistics page appears The IP Statistics page displays the IP interfaces and routin...

Page 68: ...N Router IP Address The IP address of your Router as seen from the LAN DHCP Netmask Subnet mask of your LAN DHCP Start Address First IP address in the range being served to your LAN by the Router s DHCP server DHCP End Address Last IP address in the range being served to your LAN by the Router s DHCP server DHCP Server Status May be On or Off DNS Server The IP address of the default DNS server Dev...

Page 69: ...rom every Log page All Displays the entire system log Connection Displays events logged for the WAN connection System Displays events logged for the Router system configuration The CURRENT Router STATUS is displayed for all logs To clear the individual logs click the Clear Log button for that page To clear all the logs click the Clear All Logs button on the main Logs page You can save logs to a te...

Page 70: ...y User List When you click User List the User List Statistics page appears The User List Statistics page displays Ethernet Users PC Name IP Address and MAC Address displays Wireless SSID Users PC Name IP Address and MAC Address If you have multiple SSIDs defined see Enable Multiple Wireless IDs on page 50 Wireless SSID users are displayed by their respective SSID ...

Page 71: ...indow as they are generated This sequence of tests takes approximately one minute to generate results Please wait for the test to run to completion Each test generates one of the following result codes Result Meaning PASS The test was successful FAIL The test was unsuccessful SKIPPED The test was skipped because a test on which it depended failed PENDING The test timed out without producing a resu...

Page 72: ... When you click the Help link in the left hand column of links a page of explanatory infor mation displays Help in English only is available for every page in the Web interface Here is an example from the Home page ...

Page 73: ...ou can use any recent version of the best known web browsers such as Netscape Navigator or Microsoft Internet Explorer from any LAN attached PC or workstation The procedure is 1 Enter the name or IP address of your Netopia Gateway in the Web browser s window and press Return For example you would enter http 192 168 0 1 2 If an administrator or user password has been assigned to the Netopia Gateway...

Page 74: ...74 3 Click on the Advanced Setup link in the left hand column of links The Home Page opens in Advanced Setup ...

Page 75: ...tup The Advanced Setup Home Page is the summary page for your Motorola Netopia Gate way The links bar at the left provides links to controlling configuring and monitoring pages Critical configuration and operational status is displayed in the center section ...

Page 76: ...credentials as your current connection Connect button allows you to reconnect using a different User Name and Password This button is only available if you are not connected Disconnect button allows you to disconnect your current connection This button is only available if a connection is established Router Information Router Name and Model Your Router s manufacturing information Serial Number You...

Page 77: ...owing table are hyperlinks You can click on any heading to read about that feature This chapter covers the following Note Ethernet Wireless and USB links are only available on supported models Advanced Setup Configure Connection DHCP Server IP Passthrough NAT IPSec Router Password Time Zone VLAN Wireless Status DSL ATM Ethernet IP LAN USB Wireless Logs User List Diagnostics Update Router Reset Rout...

Page 78: ...s are intended for experienced users and adminis trators Exercise great caution when making any changes to Advanced Configuration options Connection on page 79 DHCP Server on page 82 IP Passthrough on page 85 NAT on page 87 IPSec on page 94 Router Password on page 104 Time Zone on page 105 VLAN on page 106 Wireless on page 125 ...

Page 79: ... Configuration page appears Note The appearance of this page will vary based on the model and WAN connection you have Here you can set up or change the way you connect to your ISP You should only change these settings at your ISP s direction or by agreement with your ISP ...

Page 80: ...switches to DHCP As soon as it can connect via DHCP the Gateway chooses and sets DHCP as its default Otherwise after attempting to connect via DHCP for 60 seconds the Gateway switches back to PPPoE The Gateway will continue to switch back and forth in this manner until it successfully connects Similarly selecting PPPoE PPPoA causes the Gateway to attempt to connect by trying these protocols in par...

Page 81: ...y discover other UPnP devices anything from an internet gateway device to a light switch retrieve an XML description of the device and its services control the device and subscribe to real time event notification By default UPnP is enabled on the Motorola Netopia Gateway For Windows XP users the automatic discovery feature places an icon representing the Motorola Netopia Gateway automatically in t...

Page 82: ...l computers can be added to your LAN without the hassle of configuring an IP address This is the default mode for your Router The Server configuration determines the functionality of your DHCP Settings This function ality enables the Router to assign your LAN computer s a private IP address and other parameters that allow network communication Router IP Address Specifies the IP address of the Rout...

Page 83: ... leases issued by the Router Enter lease time in dd hh mm ss days hours minutes seconds format DHCP Server Enable Uncheck this setting if you already have a DHCP server on your LAN This enables the DHCP server in this Router Additional IP Subnets The Additional IP Subnets screen allows you to configure up to seven secondary subnets and their DHCP ranges by entering IP address subnet mask pairs Not...

Page 84: ...ss and End Address of the subnet range in their respec tive fields Ranges cannot overlap and there may be only one range per subnet Click the Submit button When you are finished adding subnets click the Save Changes button and when prompted restart the Router To delete a configured subnet set both the IP address and subnet mask values to 0 0 0 0 either explicitly or by clearing each field and clic...

Page 85: ...he public WAN IP is used to provide IP address translation for private LAN computers The public WAN IP is assigned and reused on a LAN computer DHCP address serving can automatically serve the WAN IP address to a LAN computer When DHCP is used for addressing the designated passthrough PC the acquired or configured WAN address is passed to DHCP which will dynamically configure a single servable add...

Page 86: ...leases will be shortened to two minutes This allows for timely updates of the host s IP address which will be a private IP address before the WAN connection is established After the WAN connection is established and has an address the passthrough host can renew its DHCP address binding to acquire the WAN IP address A restriction Since both the Router and the passthrough host will use the same IP a...

Page 87: ...fferent PCs If you uncheck the Enable NAT checkbox the rest of the information on the page is hidden From the Service Name pull down menu you can select any of a large number of pre defined games and software See Supported Games and Software on page 89 1 Once you choose a software service or game click Enable The Enable Service screen appears Select Host Device specifies the machine on which the s...

Page 88: ...nd click Enable Each time you enable a software service or game your entry will be added to the list of Service Names displayed on the NAT Configuration page To remove a game or software from the hosted list choose the game or software you want to remove and click the Disable button ...

Page 89: ...ta Force 2 Diablo II Server Dialpad DNS Server Dune 2000 eDonkey 2000 eMule F 16 Mig 29 F 22 Lightning 3 Fighter Ace II FTP GNUtella H 323 compliant Netmeeting CUSeeME Half Life Hellbender for Windows v 1 0 Heretic II Hexen II Hotline Server HTTP HTTPS ICQ 2001b ICQ Old IMAP Client IMAP Client v 3 Internet Phone IPSec IPSec IKE Jedi Knight II Jedi Outcast Kali KazaA LimeWire Links LS 2000 Mech War...

Page 90: ...ainbow Six RealAudio Return to Castle Wolfenstein Roger Wilco Rogue Spear ShoutCast Server SMTP SNMP SSH server StarCraft Starfleet Command StarLancer v 1 0 Telnet TFTP Tiberian Sun Command and Conquer Timbuktu Total Annihilation Ultima Online Unreal Tournament Server Urban Assault v 1 0 VNC Virtual Network Comput ing Westwood Online Command and Conquer Win2000 Terminal Server XBox Live Games Yaho...

Page 91: ...WAN ports to an IP address on the LAN Trigger Ports forwards a range of ports to an IP address on the LAN only after specific outbound traffic triggers the feature Click the Next button If you chose Port Forwarding the Port Range entry screen appears Port Forwarding forwards a range of WAN ports to an IP address on the LAN Enter the fol lowing information ...

Page 92: ...n appears Trigger Ports forwards a range of ports to an IP address on the LAN only after specific out bound traffic triggers the feature Enter the following information Service Name A unique identifier for the Custom Service Global Port Range Range of ports on which incoming traffic will be received Local Trigger Port Port number of the type of outbound traffic that needs to happen will be the tri...

Page 93: ...connection is opened When you want all unsolicited traffic to go to a specific LAN host This feature allows you to direct unsolicited or non specific traffic to a designated LAN sta tion With NAT On in the Router these packets normally would be discarded For instance this could be application traffic where you don t know in advance the port or protocol that will be used Some game applications fit ...

Page 94: ...disable it if your LAN side VPN client includes its own NAT interoperability option Uncheck the Enable IPSec checkbox IPSec VPN A VPN IPSec Tunnel provides a single encrypted tunnel to be terminated on the Gateway making a secure tunnel available for all LAN connected users This implementation offers the following Eliminates the need for VPN client software on individual PCs Reduces the complexity...

Page 95: ...of them need to be changed from the defaults for every VPN tunnel Consult with your network administrator 2 Complete the Parameter Setup worksheet IPSec Tunnel Details Parameter Setup Worksheet on page 96 The worksheet provides spaces for you to enter your own specific values You can print the page for easy reference IPSec tunnel configuration requires precise parameter setup between VPN devices T...

Page 96: ...tname ASCII Local ID Address Value Local ID Mask Remote ID Type IP Address Subnet Hostname ASCII Remote ID Address Value Remote ID Mask Pre Shared Key Type HEX ASCII Pre Shared Key DH Group 1 2 5 PFS Enable Off On SA Encrypt Type DES 3DES SA Hash Type MD5 SHA1 Invalid SPI Recovery Off On Soft MBytes 1 1000000 Soft Seconds 60 1000000 Hard MBytes 1 1000000 Hard Seconds 60 1000000 IPSec MTU 100 1500 ...

Page 97: ...oup of tunnel parameters Refer to your IPSec Tunnel Details Parameter Setup Worksheet on page 96 and the Parameter Descriptions on page 100 as required Select the Encryption Protocol from the pull down menu Select the Authentication Protocol from the pull down menu If you choose Aggressive from the Negotiation Method pull down menu additional fields appear for you to supply applicable parameter in...

Page 98: ...the Tunnel Details entries Enter or select the required settings Soft MBytes Soft Seconds Hard MBytes and Hard Seconds values do not have to match the peer remote VPN device Refer to your IPSec Tunnel Details Parameter Setup Worksheet on page 96 9 Click the Submit button ...

Page 99: ...eturned to the IPSec configuration screen where your entries are displayed in a list You can return to this screen at any time to edit or delete your entries 10 Click the Save Changes button and when prompted restart your Router ...

Page 100: ...uthentication Protocol for IP packet header The three parameter values are None Encapsulating Security Payload ESP and Authentication Header AH Key Management The Key Management algorithm manages the exchange of security keys in the IPSec protocol architecture SafeHarbour supports the standard Inter net Key Exchange IKE Table 3 IPSec Tunnel Details page parameters Field Description Name The Name p...

Page 101: ... option appears Selection options are IP Address Subnet Hostname ASCII Remote ID Address Value If Aggressive mode is selected as the Negotiation Method this field appears This is the remote central office side IP address or Name Value if Subnet or Hostname are selected as the Local ID Type Remote ID Mask If Aggressive mode is selected as the Negotiation Method and Subnet as the Remote ID Type this...

Page 102: ... Security Associations SAs at the configured Hard MByte value The value can be configured between 1 and 1 000 000 MB and refers to data traffic passed This parameter does not need to match the peer gate way Hard Seconds Setting the Hard Seconds parameter forces the renegotiation of the IPSec Security Associations SAs at the configured Hard Seconds value The value can be configured between 60 and 1...

Page 103: ...ork access to the user s central office IKE establishes the tun nel and Xauth authenticates the specific remote user s Gateway Since NAT is supported over the tunnel the remote user network can have multi ple PCs behind the client Gateway accessing the VPN By using XAuth net work VPN managers can centrally control remote user authentication Xauth Username Password Xauth authentication credentials ...

Page 104: ...in password login Use the following procedure to create or change an Administrative Admin password for your Netopia Gateway Enter your new password in the New Password field Motorola s rules for a Password are It can have up to eight alphanumeric characters It is case sensitive Enter your new password again in the Confirm Password field You confirm the new password to verify that you entered it co...

Page 105: ...e Zone When you click the Time Zone link the Time Zone page appears You can set your local time zone by selecting your time zone from the pull down menu This allows you to set the time zone for access controls and in general ...

Page 106: ...tworks Beginning with Version 7 7 4 VLANs are now strictly layer 2 entities They can be thought of as virtual Ethernet switches into which can be added Ethernet ports router IP inter faces ATM PVC VCC interfaces SSIDs and any other physical port such as USB HPNA or MOCA This allows great flexibility on how the components of a system are connected to each other VLANs are part of Motorola s VGx Virt...

Page 107: ...and IP interface to VLAN binding LAN side VLAN with IP interface to VLAN binding Inter VLAN routing Bridged VLANs these VLANs are used to bridge traffic from LAN to WAN Prioritization per VLAN and per port Ethernet Switching Policy Setup Before you configure any VLANs the unconfigured Gateway is set up as a router composed of a LAN switch a WAN switch and a router in the middle with LAN and WAN IP...

Page 108: ...et Interface can be bound to multiple LAN VLANs but forwarding can be limited between an Ethernet LAN port and a WAN VLAN if you properly configure Inter VLAN groups Inter VLAN groups are also used to block routing between WAN interfaces If each WAN IP interface is bound to its own VLAN and if you configure a different Inter VLAN group for each WAN VLAN then no routing between WAN IP interfaces is...

Page 109: ...109 Links Bar An example of multiple VLANs using a Motorola Netopia Gateway with VGx managed switch technology is shown below A VLAN Model Combining Bridging and Routing ...

Page 110: ...re VLANs check the Enable checkbox To create a VLAN select a list item from the main VLAN page and click the Edit button The VLAN Entry page appears Check the Enable checkbox and enter a descriptive name for the VLAN ...

Page 111: ... is port based Traffic sent to this port will be treated as belonging to the VLAN and will not be forwarded to other ports that are not within a common VLAN segment Global indicating that the ports joining this VLAN are part of a global 802 1q Ethernet VLAN This VLAN includes ports on this Router and may include ports within other devices throughout the network The VID in this case may define the ...

Page 112: ...f zero 0 is permitted on the Ethernet WAN port only Admin Restricted If you want to prevent administrative access to the Gateway from this VLAN check the checkbox 802 1p Priority Bit If you set this from the pull down menu to a value greater than 0 all packets of this VLAN with unmarked priority bits pbits will be re marked to this prior ity Click the Submit button ...

Page 113: ...USB and or wireless Also if you have multiple wireless SSIDs defined these may be displayed as well See Multiple Wireless IDs on page 136 For Motorola Netopia VGx technology models separate Ethernet switch ports are dis played and may be configured To enable any of them on this VLAN check the associated Enable checkbox es Typically you will choose a physical port such as an Ethernet port example e...

Page 114: ...v priority mapping rules Promote Write any 802 1p priority bits into the IP TOS header bit field for received IP packets on this port destined for this VLAN Write any IP TOS priority bits into the 802 1p priority bit field for tagged IP packets transmitted from this port for this VLAN All mappings between Ethernet 802 1p and IP TOS are made according to a pre defined QoS mapping policy The pre def...

Page 115: ...these will appear in the list as ip vcc1 ip vcc2 and so forth When you select an IP interface the screen expands to allow you to configure Inter Vlan Groups Inter VLAN groups allow VLANs in the group to route traffic to the others ungrouped VLANs cannot route traffic to each other Click the Submit button If you want to create more VLANs repeat the process ...

Page 116: ...ning to the VLANs page and selecting the appropriate entry from the displayed list When you are finished click the Save Changes button Click the Restart Device button To view the settings for each VLAN select the desired VLAN from the list and click the Details button ...

Page 117: ...117 Links Bar The screen expands to display the VLAN settings ...

Page 118: ...ernet Switch so that those two networks can communicate The second VLAN will be for the other SSID The second VLAN will also be denied access to the 3347NWG VGx web interface and telnet interface This setup might be useful if you have a doctor s office or a coffee shop and you want to keep your customers separated from the rest of the network 1 In the VLANs page check the Enable checkbox select VL...

Page 119: ...For example call it Network A Since this VLAN will be for SSID1 and the Ethernet ports leave Admin Restricted unchecked This will give this VLAN access to the Gateway 3 Click the Submit button 4 In the Port Configuration for VLAN 1 page you add the Port Interfaces you want asso ciated with the VLAN ...

Page 120: ...d wireless ssid1 Select ip eth a the IP interface for the group This will be Inter Vlan Group 1 Check the Group 1 checkbox These ports will be able to communicate with each other 5 Click the Submit button 6 In the VLAN page select VLAN 2 in the VLANs list and click the Edit button ...

Page 121: ...LAN Name must be given another unique name For example call it Network B Since this is for the second SSID that we don t want to be given access to the Gateway check the Admin Restricted checkbox 7 Click the Submit button ...

Page 122: ...ion for VLAN 2 page you add the Port Interfaces you want associated with the VLAN Select the ip eth a port interface and check the ssid2 port interface Make this VLAN a member of Inter Vlan Group Group 2 9 Click the Submit button ...

Page 123: ...123 Links Bar 10 Next create a VLAN to provide the Inter Vlan Groups access to the Internet WAN For example call it WAN VLAN 11 Click the Submit button ...

Page 124: ...Group Group 1 and Group 2 checkboxes Members of Groups 1 and 2 will now be able to communicate with the Internet WAN but not with each other 12 When you are finished click the Submit button then the Save Changes button 13 When prompted to Save and Restart Connection click the Yes button ...

Page 125: ...wireless LAN services Wireless ID SSID The Wireless ID is preset to a number unique to your unit You can either leave it as is or change it by entering a freeform name of up to 32 characters for example Hercule s Wire less LAN On client PCs software this might also be called the Network Name The Wire less ID is used to identify this particular wireless LAN Depending on their operating system or cl...

Page 126: ...LAN Privacy The pull down menu for enabling Privacy offers four settings WPA 802 1x WPA PSK WEP Manual and Off No Privacy IT IS STRONGLY RECOMMENDED THAT YOU ENABLE SOME FORM OF PRIVACY FOR THE SECURITY OF YOUR WIRELESS NETWORK See Privacy on page 130 for more information ...

Page 127: ...ode The pull down menu allows you to select and lock the Gateway into the wireless transmis sion mode you want For compatibility with clients using 802 11b up to 11 Mbps transmis sion and 802 11g up to 20 Mbps select Normal 802 11b g To limit your wireless LAN to one mode or the other select 802 11b Only or 802 11g Only NOTE If you choose to limit the operating mode to 802 11b or 802 11g only clie...

Page 128: ...ni tialize on the default channel then perform a full two to three second scan and switch to the best channel it can find remaining on that channel until the next reboot Continuous performs the at startup scan and will continuously monitor the current channel for any other Access Point beacons If an Access Point beacon is detected on the same channel the Netopia Gateway will initiate a three to fo...

Page 129: ...cryption on the Motorola Netopia Router your network clients must also have WEP or WPA encryption enabled and must have the same WEP or WPA encryption key as the Motorola Netopia Router Once the Motorola Netopia Gateway is located by a client computer by setting the client to a matching SSID the client can connect immediately if WEP or WPA is not enabled If WEP or WPA is enabled then the client mu...

Page 130: ... If you are not using WPA PSK Privacy you can use WEP Encryption instead For this encryption to work both your Router and each client must share the same Wireless ID and both must be using the same encryption keys WPA 802 1x provides RADIUS server authentication support See RADIUS Server authentication below WPA PSK provides Wireless Protected Access the most secure option for your wire less netwo...

Page 131: ... maintained by a Remote Authentica tion Dial In User Service RADIUS server In conjunction with Wireless User Authentication you can use a RADIUS server database to authenticate users seeking access to the wire less services as well as the authorized user list maintained locally within the Gateway If you select WPA 802 1x the screen expands Click the Configure RADIUS Server button ...

Page 132: ...this server The shared secret should have the same characteristics as a normal password Alt RADIUS Server Addr Name An alternate RADIUS server name or IP address if available Alt RADIUS Server Secret The RADIUS secret key used by this alternate server The shared secret should have the same characteristics as a normal password RADIUS Server Port The port on which the RADIUS server is listening typi...

Page 133: ...is by selecting WPA PSK Wi Fi Protected Access from the pull down menu The screen expands to allow you to enter a Pre Shared Key The key can be between 8 and 63 characters but for best security it should be at least 20 characters When you have entered your key click the Save Changes button ...

Page 134: ...ting WEP Manual from the Privacy pull down menu You can provide a level of data security by enabling WEP Wired Equivalent Privacy for encryption of network data You can enable 40 128 or 256 bit WEP Encryption depend ing on the capability of your client wireless card for IP traffic on your LAN ...

Page 135: ...or 128bit and 58 digits for 256bit WEP Hexadecimal characters are 0 9 and a f Examples 40bit 02468ACE02 128bit 0123456789ABCDEF0123456789 256bit 592CA140F0A238B0C61AE162F592CA140F0A238B0C61AE162F21A09C Use WEP encryption key 1 4 Specifies which key the Gateway will use to encrypt transmitted traffic The default is key 1 Click the click Save Changes button Any WEP enabled client must have an identi...

Page 136: ...iple Wireless IDs click the button The Enable Multiple Wireless IDs screen appears to allow you to add up to three addi tional Wireless IDs When the Multiple Wireless SSIDs screen appears check the Enable SSID checkbox for each SSID you want to enable The screen expands to allow you to name each additional Wireless ID and specify a Pri vacy mode for each one ...

Page 137: ...ional Wireless IDs are Closed System Mode Wireless IDs see below that will not be shown by a client scan and therefore must be manually configured at the client In addition wireless bridging between clients is disabled for all members of these addi tional network IDs Click the Save Changes button The Gateway will prompt you to restart it ...

Page 138: ... SSIDs One SSID is broadcast by default and has wireless bridging enabled by default Three additional SSIDs are in Closed System Mode and have wireless bridging disabled These network IDs cannot be configured separately in terms of MAC Address filtering You can configure privacy on one SSID and disable it on another SSID ...

Page 139: ...epending on Diffserv priority settings These priorities are mapped into four Access Categories AC in increasing order of priority Background BK Best Effort BE Video VI and Voice VO It requires WiFi Multimedia WMM capable clients usually a separate feature enabled at the client network settings and client PC software that makes use of Differentiated Ser vices Diffserv Refer to your operating system...

Page 140: ...not recommended that you modify these settings without direct knowl edge or instructions to do so Modifying these settings inappropriately could seriously degrade network performance AIFs Arbitration Interframe Spacing the wait time in milliseconds for data frames cwMin Minimum Contention Window upper limit in milliseconds of the range for deter mining initial random backoff The value you choose m...

Page 141: ...smissions When Operating Mode is B only default values are used and this field is not config urable Click the Save Changes button Wireless MAC Authorization optional MAC Authorization allows you to specify which client PCs are allowed to join the wireless LAN by unique hardware MAC address To enable this feature click the Limit Wireless Access by MAC Address button The MAC Authorization screen app...

Page 142: ...d MAC addresses Click the Add button Once it is enabled only entered MAC addresses that have been set to Allow will be accepted onto the wireless LAN All unlisted addresses will be blocked in addition to the listed addresses with Allow disabled ...

Page 143: ...k the Submit button When you are finished adding MAC addresses click the Save Changes button You will be returned to the 802 11 Wireless page You can Add Edit or Delete any of your entries later by returning to this page ...

Page 144: ...u click DSL the DSL Statistics page appears The DSL Statistics page displays information about the Router s WAN connection to the Internet Line State May be Up connected or Down disconnected Modulation Method of regulating the DSL signal DMT Discrete MultiTone allows con nections to work better when certain radio transmitters are present Data Path Type of path used by the device s processor Downst...

Page 145: ...oubleshooting and when seeking technical support Ethernet When you click Ethernet the Ethernet Statistics page appears The Ethernet Statistics page displays your Router s unique hardware MAC address displays detailed statistics about your LAN data traffic upstream and downstream IP When you click IP the IP Statistics page appears The IP Statistics page displays the IP interfaces and routing table ...

Page 146: ... The IP address of your Router as seen from the LAN DHCP Netmask Subnet mask of your LAN DHCP Start Address First IP address in the range being served to your LAN by the Router s DHCP server DHCP End Address Last IP address in the range being served to your LAN by the Router s DHCP server DHCP Server Status May be On or Off DNS Server The IP address of the default DNS server Devices on LAN Display...

Page 147: ...plays detailed statistics about your LAN data traffic upstream and downstream Logs When you click Logs the Logs page appears Select a log from the pull down menu the pull down menu is available from every Log page All Displays the entire system log Connection Displays events logged for the WAN connection System Displays events logged for the Router system configuration ...

Page 148: ... can be opened with your favorite text editor Note Some browsers such as Internet Explorer for Windows XP require that you specify the Motorola Netopia Gateway s URL as a Trusted site in Internet Options Security User List When you click User List the User List Statistics page appears The User List Statistics page displays Ethernet Users PC Name IP Address and MAC Address displays Wireless SSID Us...

Page 149: ...xamines the functionality of the Router from the physical connections to the data traffic being sent by users through the Router You enter a web address such as tftp netopia com or a known IP address in the Web Address field and click the Test button Results will be displayed in the Progress Window as they are generated ...

Page 150: ...ing result codes Result Meaning PASS The test was successful FAIL The test was unsuccessful SKIPPED The test was skipped because a test on which it depended failed PENDING The test timed out without producing a result Try running Diagnostics again WARNING The test was unsuccessful The Service Provider equipment your Router con nects to may not support this test ...

Page 151: ...ited Remote Access authorization lasts for a selected period of inactivity after which it is automatically disabled again to protect against unauthorized access attempts to your Router Selecting Unlimited will enable remote access until the Router is rebooted Be sure to tell the authorized person what the password is and for how long the time out is set Permanent remote access to the router i e ac...

Page 152: ...splayed at the top of the page example screen your screen may vary If you want to check for an updated version without installing it click the Check Software from Server link From a Server If an updated version exists click the Update Software from Server button and a new version will automatically be downloaded to your Router When the download and installation is complete you will be prompted to ...

Page 153: ...o do that When you click the link you will be challenged to confirm that this is what you want to do If you want to clear your settings click the Yes reset to factory settings button The Router configuration will be reset to the factory default Any configuration information you have entered will be lost and will have to be re entered The Router is restarted automati cally ...

Page 154: ...154 Link Restart Router When the Gateway is restarted it will disconnect all users initialize all its interfaces and copy the Operating System Software and feature keys from its internal storage ...

Page 155: ...155 Basic Mode Basic Mode When you click Basic Mode you will be returned to the Basic Mode Home Page ...

Page 156: ...6 Help When you click the Help link in the left hand column of links a page of explanatory informa tion displays Help is available for every page in the Web interface Here is an example from the Home page ...

Page 157: ...mple suggestions for troubleshooting problems with your Gate way s initial configuration Before troubleshooting make sure you have read the Quickstart Guide plugged in all the necessary cables and set your PC s TCP IP controls to obtain an IP address automatically ...

Page 158: ...ed when updating embedded software or for system failure Ethernet 1 2 3 4 Solid green when connected Flash green when there is activity on the LAN Red when bad userid and password are entered Wireless Flashes green when there is activity on the wireless LAN DSL Solid green when Internet connection is established Internet Solid green when router is connected Flashes green when transmitting or recei...

Page 159: ... If LED is not Lit Possible problems Power Make sure the power switch is in the ON position Make sure the power adapter is plugged into the DSL Router properly Try a known good wall outlet Replace the power supply and or unit DSL Make sure that any telephone has a microfilter installed Make sure the you are using the correct cable The DSL cable is the thinner standard tele phone cable Make sure th...

Page 160: ...P Properties for the Ethernet Network Control Panel is set to obtain an IP address via DHCP Make sure the PC has obtained an address in the 192 168 1 x range You may have changed the subnet addressing Make sure the PC is configured to access the Internet over a LAN Disable any installed network devices Ethernet HomePNA wireless that are not being used to connect to the DSL Router Wireless Make sur...

Page 161: ...ip into the opening 3 Hold the button in until the Power LED turns RED and then hold it in until it turns GREEN again If you don t hold it this long the normal configuration will be cleared but not all the con figuration info default settings etc in some cases you may NOT want to clear all the default settings as well This entire process takes approximately 10 seconds approxi mately five seconds f...

Page 162: ...162 ...

Page 163: ...CLI Help Facility on page 169 About SHELL Commands on page 170 SHELL Commands on page 171 About CONFIG Commands on page 187 CONFIG Commands on page 191 CONFIG Commands Remote ATA Configuration Commands on page 191 PPPoE with IPoE Settings on page 246 DSL Commands on page 194 Ethernet Port Settings on page 248 Bridging Settings on page 196 802 3ah Ethernet OAM Settings on page 249 DHCP Settings on ...

Page 164: ...e 239 VLAN Settings on page 288 Network Address Translation NAT Default Settings on page 240 VoIP settings on page 294 Network Address Translation NAT Pinhole Settings on page 240 UPnP settings on page 301 PPPoE PPPoA Settings on page 242 DSL Forum settings on page 302 SNMP Settings on page 265 Backup IP Gateway Settings on page 304 CONFIG Commands ...

Page 165: ...iagnose to run self test download to download config file etheroam to show Ethernet OAM info exit to quit this shell help to get more help all or help help install to download and program an image into flash license to enter an upgrade key to add a feature log to add a message to the diagnostic log loglevel to report or change diagnostic log level netstat to show IP information nslookup to send DNS q...

Page 166: ...166 view to show configuration information voip to show VoIP info who to show who is using the shell ...

Page 167: ...ADSL options diffserv Differentiated Services options dns Domain Name System options dslf cpewan TR 069 CPE WAN management dslf lanmgnt TR 064 LAN management dynamic dns Dynamic DNS client options ethernet Ethernet options ethernet MAC override Ethernet options igmp IGMP configuration options ip TCP IP protocol options ip maps IPmaps options nat default Network Address Translation default options p...

Page 168: ...nterface log in process emulates the log in process for a UNIX host To logon enter the username either admin or user and your password Entering the administrator password lets you display and update all Motorola Netopia Gateway settings Entering a user password lets you display but not update Motorola Netopia Gateway settings When you have logged in successfully the command line interface lists th...

Page 169: ...alidates its settings when you save and displays a warn ing message if the configuration is not correct Using the CLI Help Facility The help command lets you display on line help for SHELL and CONFIG commands To dis play a list of the commands available to you from your current location within the command line interface hierarchy enter help To obtain help for a specific CLI command type help comma...

Page 170: ...ould see Netopia 3000 9437188 as your CLI prompt SHELL Command Shortcuts You can truncate most commands in the CLI to their shortest unique string For example you can use the truncated command q in place of the full quit command to exit the CLI However you would need to enter rese for the reset command since the first characters of reset are common to the restart command The only commands you cann...

Page 171: ...bled configure Puts the command line interface into Configure mode which lets you configure your Motor ola Netopia Gateway with Config commands Config commands are described starting on page 167 diagnose Runs a diagnostic utility to conduct a series of internal checks and loopback tests to verify network connectivity over each interface on your Motorola Netopia Gateway The console displays the resu...

Page 172: ...confirm keyword the download begins as soon as all infor mation is entered You can also download an SSL certificate file from a trusted Certification Authority CA on platforms that support SSL as follows download cert server_address filename confirm install server_address filename confirm Not supported on model 3342 3352 Downloads a new version of the Motorola Netopia Gateway operating software from a ...

Page 173: ...command without the optional level argument the command line interface displays the current log level setting You can enter the loglevel command with the level argument to specify the types of diagnostic messages you want to record All messages with a level number equal to or greater than the level you specify are recorded For example if you specify loglevel 3 the diagnostic log will retain high l...

Page 174: ...ssue a series of ICMP Echo requests for the device with the specified name or IP address The hostname argument is the name of the device you want to ping for example ping ftp netopia com The ip_address argument is the IP address in dotted decimal notation of the device you want to locate If a host using the specified name or IP address is active it returns one or more ICMP Echo replies confirming ...

Page 175: ... is only for the 3342N 3352N If the Gateway is not a 3342N 3352N this command does nothing but returns the message CD mode is not supported on this plat form reset crash Clears crash dump information which identifies the contents of the Motorola Netopia Gateway registers at the point of system malfunction reset dhcp server Clears the DHCP lease table in the Motorola Netopia Gateway reset diffserv ...

Page 176: ...ified WAN User to allow for other users to access the WAN This function is only available if the number of WAN Users is restricted and NAT is on Use the all parameter to disconnect all users If you logon as Admin you can disconnect any or all users If you logon as User you can only disconnect yourself reset wan This function resets WAN interface statistics reset wepkeys This function allows you to...

Page 177: ... the Backup port Up or Down and reports the current port in use show bridge interfaces Displays bridge interfaces maintained by the Motorola Netopia Gateway show bridge table Displays the bridging table maintained by the Motorola Netopia Gateway show config Dumps the Motorola Netopia Gateway s configuration script just as the script com mand does in config mode show crash Displays the most recent c...

Page 178: ...istics maintained by the Motorola Netopia Gateway Beginning with Firmware Version 7 7 supports display of individual LAN switch port statis tics as well as WAN Ethernet statistics where applicable Example show enet status all 10 100 Ethernet 1 Port Status Link down Transmit OK 0 Transmit unicastpkts 0 Receive OK 0 Receive unicastpkts 0 Tx Octets 0 Rx Octets 0 10 100 Ethernet 2 Port Status Link dow...

Page 179: ...t OK 0 Transmit unicastpkts 0 Receive OK 0 Receive unicastpkts 0 Tx Octets 0 Rx Octets 0 show etheroam ah Displays OAM internal information such as OAM mode state configurations events and OAM statistics show features Displays standard and keyed features installed in the Motorola Netopia Gateway show group mgmt Displays the IGMP Snooping Table show ip arp Displays the Ethernet address resolution t...

Page 180: ...show ip firewall Displays firewall statistics show ip lan discovery Displays the LAN Host Discovery Table of hosts on the wired or wireless LAN and whether or not they are currently online show ip routes Displays the IP routes stored in your Motorola Netopia Gateway show ip state insp Displays whether stateful inspection is enabled on an interface or not exposed addresses and blocked packet statist...

Page 181: ...w pppoe Displays status information for each PPPoE socket such as the socket state service names and host ID values show rtsp Displays RTSP ALG session activity data show security log Displays blocks of information from the Motorola Netopia Gateway security log show status Displays the current status of a Motorola Netopia Gateway the device s hardware and software revision levels a summary of erro...

Page 182: ...0000003c 00000000 GlobalPort 00000000 00000000 SumPort 0000003c 00000000 segment 3 port masks PortPort 00000000 00000000 GlobalPort 00000000 00000000 SumPort 00000000 00000000 segment 4 port masks PortPort 00000000 00000000 GlobalPort 00000000 00000000 SumPort 00000000 00000000 segment 5 port masks PortPort 00000000 00000000 GlobalPort 00000000 00000000 SumPort 00000000 00000000 segment 6 port mas...

Page 183: ...rtPort 00000000 00000000 GlobalPort 00000000 00000000 SumPort 00000000 00000000 vlan active segment Type 1 Index 1 Vid 1 PortMask 00001006 00000001 SwitchMask 00000004 WirelessMask 00001000 vlan active link namePtr eth lan uplink portType 1 portIndex 1 ifId 45 vlan active link namePtr ethernet0 0 portType 3 portIndex 2 ifId 46 vlan active link namePtr ssid1 portType 5 portIndex 12 ifId 56 vlan act...

Page 184: ...mePtr ethernet0 2 portType 3 portIndex 4 ifId 92 vlan active link namePtr ethernet0 3 portType 3 portIndex 5 ifId 93 show wireless all Shows wireless status and statistics show wireless clients MAC_address Displays details on connected clients or more details on a particular client if the MAC address is added as an argument telnet hostname ip_address port Lets you open a telnet connection to the s...

Page 185: ...net work The server_address argument identifies the IP address of the TFTP server on which you want to store the Motorola Netopia Gateway settings The filename argu ment identifies the path and name of the configuration file on the TFTP server If you include the optional confirm keyword you will not be prompted to confirm whether or not you want to perform the operation view config Dumps the Motoro...

Page 186: ...orola Netopia Gateway is currently using to acquire the IP settings for the specified DSL port The vcc id identifier is an index letter in the range B I and does not directly map to the VCC in use Enter the reset dhcp client release without the variable to see the letter assigned to each virtual circuit reset dsl Resets any open DSL connection reset ppp vccn Resets the point to point connection ov...

Page 187: ...FIG mode by typing config at the SHELL prompt the Netopia 3000 9437188 top prompt reminds you that you are at the top of the CONFIG hierarchy If you move to the ip node in the CONFIG hierarchy by typing ip at the CONFIG prompt the prompt changes to Netopia 3000 9437188 ip to identify your current location Some CLI commands are not available until certain conditions are met For example you must enab...

Page 188: ...rom one subnode to another You can move from one subnode to another by entering a partial path that identifies how far back to climb Moving from any subnode to any other subnode You can move from any subnode to any other subnode by entering a partial path that starts with a top level CONFIG com mand Scrolling backward and forward through recent commands You can use the Up and Down arrow keys to sc...

Page 189: ...When you use the CONFIG step mode the command line interface prompts you for all required and optional information You can Command component Rules for entering CONFIG commands Command verbs CONFIG commands must start with a command verb set view delete You can truncate CONFIG verbs to three characters set vie del CONFIG verbs are case insensitive You can enter SET Set or set Keywords Keywords are ...

Page 190: ...ou can enter the CONFIG step mode by entering set from the top node of the CONFIG hier archy You can enter step mode for a particular service by entering set service_name In stepping set mode press Control X Return Enter to exit For example Netopia 3000 9437188 top set system system name Netopia 3000 9437188 Mycroft Diagnostic Level High medium Stepping mode ended Validating Your Configuration You ...

Page 191: ... Netopia ATA is restarted it comes up with the newly downloaded configuration set ata profile 0 3 ata option on off Enables or disables the remote ATA configuration option for the specified ATA configuration profile to be stored in the Gateway set ata profile 0 3 ata mac addr MAC_addr Specifies the MAC address of the ATA for the specified configuration profile set ata profile 0 3 ata qos enable on of...

Page 192: ...ess for the specified profile set ata profile 0 3 ata proxy server ip_addr Specifies a SIP proxy server hostname or IP address for the specified profile set ata profile 0 3 ata proxy port port Specifies a SIP proxy server port typically 5060 for the specified profile set ata profile 0 3 ata registrar server ip_addr Specifies a registrar server hostname or IP address for the specified profile set ata ...

Page 193: ...lue Specifies an authorization ID for the specified profile set ata profile 0 3 ata user name string Specifies the ISP supplied user name for the specified profile set ata profile 0 3 ata user display name string Specifies the a user display or screen name for the specified profile set ata profile 0 3 ata user password string Specifies the user password for the specified profile ...

Page 194: ...ter is required for CBR VCs Enter the Peak Cell Rate that applies to the VC This value should be between 1 and the line rate You set this value according to specifications defined by your service provider vbr Three parameters are required for VBR VCs Enter the Peak Cell Rate the Sus tained Cell Rate and the Maximum Burst Size that apply to the VC You set these values according to specifications de...

Page 195: ...M VC transmission rate must drop to the Sustained Cell Rate set atm vcc n vpi 0 255 Select the virtual path identifier vpi for VCC n Your Service Provider will indicate the required vpi number set atm vcc n vci 0 65535 Select the virtual channel identifier vci for VCC n Your Service Provider will indicate the required vci number set atm vccn encap ppp vcmux ppp llc ether llc ip llc ppoe vcmux pppo...

Page 196: ...ging table fills up the oldest table entries are dropped to make room for new entries Virtual circuits that use IP framing cannot be bridged NOTE For bridging in the 3341 or any model with a USB port you cannot set the bridge option off or bridge ethernet option off these are on by default because of the USB port Common Commands set bridge sys bridge on off Enables or disables bridging services in...

Page 197: ...es for the specified interface Specified interface must be part of a VLAN if bridge is turned on Only RFC 1483 Bridged encapsulation is sup ported currently show log command will show that WAN Bridge is enabled when at least one WAN inter face is bridged show ip interfaces and show bridge interfaces commands will show the interfaces that are not in bridged mode and that are in bridged modes respec...

Page 198: ...ve the new configuration the Motorola Netopia Gate way clears its DHCP settings set dhcp start address ip_address If you selected server specifies the first address in the DHCP address range The Motorola Netopia Gateway can reserve a sequence of up to 253 IP addresses within a subnet beginning with the specified address for dynamic assignment set dhcp end address ip_address If you selected server ...

Page 199: ...r address ip_address If you selected relay agent specifies the IP address of the relay agent server set dhcp range 2 8 start address ip_address Specifies the starting IP address of DHCP range n when subnet n option is on See Addi tional subnets on page 220 set dhcp range 2 8 end address ip_address Specifies the ending IP address of DHCP range n when subnet n option is on See Addi tional subnets on...

Page 200: ...ows the formats and sizes for known options and whether or not you can configure a gen option of that type Option Data Format Data Size bytes Can Configure 0 Empty 0 No 1 IP mask 4 Yes 2 Unsigned 4 byte integer 4 Yes 3 11 IP address list Multiples of 4 Yes 12 String up to 100 characters N Yes 13 Unsigned 2 byte integer 2 Yes 14 15 String up to 100 characters N Yes 16 Unsigned 4 byte integer 4 Yes ...

Page 201: ...ss list Multiples of 4 Yes 46 Unsigned 1 byte integer 1 Yes 47 String up to 100 characters N Yes 48 49 IP address list Multiples of 4 Yes 50 IP address 4 No 51 Unsigned 4 byte integer 4 No 52 Unsigned 1 byte integer 1 No 53 Unsigned 1 byte integer 1 Yes 54 IP address 4 Yes 55 String up to 100 characters N No 56 String up to 100 characters N Yes 57 Unsigned 2 byte integer 2 Yes 58 59 Unsigned 4 byt...

Page 202: ...ring Multiples of 2 Yes 88 Encoded DN list N Yes 89 IP address list Multiples of 4 Yes 90 Complex N No 91 97 Undefined Weakly defined Yes 98 String up to 100 characters N Yes 99 115 Undefined Weakly defined Yes 116 Flag 1 Yes 117 Unsigned 2 byte integer list Multiples of 2 Yes 118 IP address 4 Yes 119 Encoded DN list 2 N Yes 120 Encoded DN list or IP Address list N Yes 121 125 Complex N No 126 127...

Page 203: ...any printable character octal representations e g 0007 and hex representations e g xA4 If the data type is hex then an even number of hex characters e g 0123456789AbcdEf If the data type is dotted decimal then a series of numbers between 0 and 255 sep arated by a period IP addresses are generally represented in this form 249 note Microsoft uses this instead of 121 N Yes 255 Empty 0 No Option Data ...

Page 204: ...y set dhcp filterset name string rule n dhcp option 0 255 Creates a DHCP filterset named string for example settopbox with rule number n Up to two filtersets can be added Your Gateway supports a single LAN DHCP server instance but an additional filterset is available for use when bridging to block undesired DHCP traffic Up to 8 rules can be created in the filterset which are evaluated in order dhcp...

Page 205: ...nge within a DHCP pool where that range will be used to allocate an address if the wildcard matches The value 0 0 0 0 means regular processing 255 255 255 255 means discard set dhcp filterset name string rule n absent pool ip_address Specifies the start IP address of the range within a DHCP pool where that range will be used to allocate an address if the option in the DHCP packet is not present The...

Page 206: ...2 168 6 100 set dhcp filterset name settopbox rule 1 absent pool 0 0 0 0 Netopia 3000 9450000 dhcp set dhcp assigned filterset string Assigns the filterset named string created above to the DHCP configuration ...

Page 207: ...plat forms 2200 Series and 33xxN Series models are supported Currently adsl2anxm and adsl2 anxm are not supported in Annex B set dmt autoConfig off on Enables support for automatic VPI VCI detection and configuration When set to on the default a pre defined list of VPI VCI pairs are searched to find a valid configuration for your ADSL line Entering a value for the VPI or VCI setting will disable th...

Page 208: ...scan for POTS for information only Metallic termination is always enabled Domain Name System Settings Domain Name System DNS is an information service for TCP IP networks that uses a hierarchical naming system to identify network domains and the hosts associated with them You can identify a primary DNS server and one secondary server Common Commands set dns domain name domain name Specifies the de...

Page 209: ...ed DNS priority relative to acquired DNS These server addresses may be acquired via DHCP client PPP or statically configured A DNS learned server priority is assigned to each configured interface By default configured DNSes have the highest prior ity lowest number then PPP acquired DNSes and DHCP acquired DNSes have lowest pri ority highest number The default priorities for each type are Configure...

Page 210: ...IP address may change as a result of a PPPoE con nection to the Internet set dynamic dns option off dyndns org set dynamic dns ddns host name myhostname dyndns org set dynamic dns ddns user name myusername set dynamic dns ddns user password myuserpassword Enables or disables dynamic DNS services The default is off If you specify dyndns org you must supply your hostname username for the service and...

Page 211: ... used in the querier selection process and by listening to other router protocols From the host point of view the snooping function listens at a port level for an IGMP report The switch then processes the IGMP report and starts forwarding the relevant mul ticast stream onto the host s port When the switch receives an IGMP leave message it processes the leave message and if appropriate stops the mu...

Page 212: ... of the IGMP Querier version 1 version 2 or version 3 If you know you will be communicating with other hosts that are limited to v1 or v2 for backward compatibility select accordingly otherwise allow the default v3 NOTE IGMP Querier version is relevant only if the router is configured for IGMP for warding If any IGMP v1 routers are present on the subnet the querier must use IGMP v1 The use of IGMP...

Page 213: ...multicasting the stream immediately When one or more wireless clients leave a group and the router deter mines that only a single wireless client is interested in the stream it will once again uni cast the stream set igmp snooping off on Enables IGMP Snooping set igmp robustness value Sets IGMP robustness range from 2 255 The default is 2 set igmp query intvl value Sets the query interval range fr...

Page 214: ...query count the number of Group Specific Query messages sent before the gateway assumes that there are no members of the host group being queried on this interface The default is 2 set igmp fast leave off on Sets fast leave on or off Set to off by default fast leave enables a non standard expedited leave mechanism The querier keeps track of which client is requesting which channel by IP address Wh...

Page 215: ...he Motorola Netopia Gateway You must enable TCP IP services before you can enter other TCP IP settings for the Motorola Netopia Gateway If you turn off TCP IP services and save the new configuration the Motorola Netopia Gateway clears its TCP IP settings ARP Timeout Settings set ip arp timeout 60 6000 Sets the timeout value for ARP timeout Default 600 secs 10 mins range 60 secs 6000 secs 1 100 min...

Page 216: ...net web and SNMP is disabled RIP and ICMP traffic is still accepted The none argument means that all traffic is accepted set ip dsl vccn addr mapping on off Specifies whether you want the Motorola Netopia Gateway to use network address trans lation NAT when communicating with remote routers Address mapping lets you conceal details of your network from remote routers It also permits all LAN devices...

Page 217: ...set to 0 for the interface Enables or disables unnumbered IP addressing where an address of 0 is allowed AND the DHCP client is disabled on the specified interface This setting applies to native IP as well as PPP interfaces to support running an IPoE interface without an address set ip dsl vccn rip send off v1 v2 v1 compat v2 MD5 Specifies whether the Motorola Netopia Gateway should use Routing In...

Page 218: ... option on off Enables or disables communications through the designated Ethernet port in the Gateway You must enable TCP IP functions for an Ethernet port before you can configure its network settings set ip ethernet A address ip_address Assigns an IP address to the Motorola Netopia Gateway on the local area network The IP address you assign to the local Ethernet interface must be unique on your ...

Page 219: ...2 MD5 Specifies whether the Motorola Netopia Gateway should use Routing Information Protocol RIP broadcasts to advertise its routing tables to other routers on your network RIP Ver sion 2 RIP 2 is an extension of the original Routing Information Protocol RIP 1 that expands the amount of useful information in the RIP packets While RIP 1 and RIP 2 share the same basic algorithms RIP 2 supports sever...

Page 220: ...bnet 2 8 option on off Enables or disables additional LAN subnets Up to seven additional subnets may be config ured set ip ethernet A subnet n address ip_address Specifies an IP address for the subnet n when subnet n option is on set ip ethernet A subnet n netmask netmask Specifies the subnet mask for the subnet n when subnet n option is on Default IP Gateway Settings set ip gateway option on off ...

Page 221: ...Motorola Netopia Gateway will not negotiate its IP address with the remote peer If the remote peer does not accept the IP address specified in the ip_address argument as valid the link will not come up The default value for the ip_address argument is 0 0 0 0 which indicates that the vir tual PPP interface will use the IP address assigned to it by the remote peer Note that the remote peer must be c...

Page 222: ...s to DHCP PPPoE enables automatic sensing of your WAN connection type PPPoE or DHCP The gateway attempts to connect using PPPoE first If the Gateway fails to connect after 60 seconds it switches to DHCP As soon as it can connect via DHCP the Gateway chooses and sets DHCP as its default Otherwise after attempting to connect via DHCP for 60 seconds the Gateway switches back to PPPoE The Gateway will...

Page 223: ...her routers on the other side of the PPP link If you specify v2 MD5 you must also specify a rip receive key Keys are ASCII strings with a maximum of 31 characters and must match the other router s keys for proper oper ation of MD5 support set ip ip ppp vccn igmp null source addr on off Specifies whether you want the Motorola Netopia Gateway to identify the source IP address of every IGMP packet tr...

Page 224: ...224 set ip ip ppp vccn dns acquired dns priority 0 255 Sets the priority for DNS acquired via PPP See Domain Name System Settings on page 208 for more information ...

Page 225: ...topia Gate way Use the following commands to add static ARP entries to the Motorola Netopia Gateway static ARP table set ip static arp ip address ip_address Specifies the IP address for the static ARP entry Enter an IP address in the ip_address argument in dotted decimal format The ip_address argument cannot be 0 0 0 0 set ip static arp ip address ip_address hardware address MAC_address Specifies ...

Page 226: ...226 IP Prioritization set ip prioritize off on Allows you to support traffic that has the TOS bit set This defaults to off ...

Page 227: ...elf will not override TOS bit settings made by the endpoints Support for source provided IP TOS priorities within the Gateway is achieved simply by turning the DiffServe option on and by setting the lohi asymmetry to adjust the behavior of the Gateway s internal queues set diffserv lohi ratio 60 100 percent Sets a percentage between 60 and 100 used to regulate the level of packets allowed to be pe...

Page 228: ...ction is to mark the packets for high priority streams in the outbound direction start port end port Allows you to specify a range of ports to check for a particular flow if the protocol selection is TCP or UDP inside ip mask If you want packets originating from a certain LAN IP address to be marked enter the IP address and subnet mask here If you leave the address equal to zero this check is igno...

Page 229: ...asic_q2 set diffserv qos best effort queue basic_q3 set diffserv qos dscp map default custom default the default DSCP queue mappings are used custom allows you to set up customized mappings between DSCP code points and queue types If custom is selected the following can be configured set diffserv qos dscp map 0 best effort assured expedite network control QoS Setting TOS Bit Value Behavior Off TOS...

Page 230: ...cp map 11 best effort set diffserv qos dscp map 12 best effort set diffserv qos dscp map 13 assured set diffserv qos dscp map 14 best effort set diffserv qos dscp map 15 best effort set diffserv qos dscp map 16 best effort set diffserv qos dscp map 17 assured set diffserv qos dscp map 18 best effort set diffserv qos dscp map 19 best effort set diffserv qos dscp map 20 best effort set diffserv qos ...

Page 231: ...ue as follows create and configure one or more queues which can be a basic queue or a priority queue comprising a group of basic queues a weighted fair queue comprising a group of basic queues or a funnel comprising a group of basic queues assign a queue instance to the Ethernet WAN interface map packet attributes to a queue The same queue name can be assigned to multiple interfaces which require ...

Page 232: ...el Funnel Queue Basic Queue set queue name basic_queue_name option on off set queue name basic_queue_name type basic Specifies the Basic Queue named basic_queue_name attributes Basic queues have one input and one output The basic queue is assigned an ID with the following attribute when the queue is full discard By default the following Basic Queues are created basic_q0 basic_q1 basic_q2 basic_q3 ...

Page 233: ... rate in bits per second bps or percentage of the line rate relative bps is the default n entry number for this input queue input_queue_name name of input queue weight_value numeric relative weight of queue share bw if enabled the bandwidth for this queue can be shared between other queues when idle default input specifies the default input queue name The default special queuing configuration shap...

Page 234: ...entry 3 weight 30000 set queue name wfq entry 3 share bw off set queue name wfq entry 4 input basic_q3 set queue name wfq entry 4 weight 40000 set queue name wfq entry 4 share bw off set queue name wfq default input basic_q0 ...

Page 235: ..._queue_name name of priority queue input_queue_name name of input queue priority_value numeric relative priority of queue The higher the number the higher the priority of the queue default input specifies the default input queue name By default the following priority queue is created set queue name pq option on set queue name pq type priority set queue name pq entry 1 input basic_q0 set queue name...

Page 236: ...nel queues are created Rate limiting priority queue to 100Kbps set queue name pq 100kbps option on set queue name pq 100kbps type funnel set queue name pq 100kbps input pq set queue name pq 100kbps bps 100000 Rate limiting weighted fair queue to 100Kbps set queue name wfq 100kbps option on set queue name wfq 100kbps type funnel set queue name wfq 100kbps input wfq set queue name wfq 100kbps bps 10...

Page 237: ...ideo on Demand VoD The default is on Static Route Settings A static route identifies a manually configured pathway to a remote network Unlike dynamic routes which are acquired and confirmed periodically from other routers static routes do not time out Consequently static routes are useful when working with PPP since an intermittent PPP link may make maintenance of dynamic routes problematic You ca...

Page 238: ...twork connected to the Motorola Netopia Gateway configured interface set ip static routes destination network net_address metric integer Specifies the metric hop count for the static route The default metric is 1 Enter a num ber from 1 to 15 for the integer argument to indicate the number of routers actual or best guess a packet must traverse to reach the remote network You can enter a metric of 1...

Page 239: ...information associated with that route IPMaps Settings set ip maps name name internal ip ip address Specifies the name and static ip address of the LAN device to be mapped set ip maps name name external ip ip address Specifies the name and static ip address of the WAN device to be mapped Up to 8 mapped static IP addresses are supported ...

Page 240: ...h Specifies whether you want your Motorola Netopia Gateway to forward unsolicited traffic from the WAN to a default server or an IP passthrough host when it doesn t know what else to do with it set nat default dhcp enable on off Allows the IP passthrough host to acquire its IP address via DHCP if ip passthrough is enabled set nat default address ip_address Specifies the IP address of the NAT defau...

Page 241: ...ntry in the router s pinhole table You can name pinhole table entries sequentially 1 2 3 by port number 21 80 23 by protocol or by some other naming scheme set pinhole name name protocol select tcp udp Specifies the type of protocol being redirected set pinhole name name external port start 0 49151 Specifies the first port number in the range being translated set pinhole name name external port en...

Page 242: ...PPP Settings NOTE For the DSL platform you must identify the virtual PPP interface vccn a num ber from 1 to 8 set ppp module vccn option on off Enables or disables PPP on the Motorola Netopia Gateway set ppp module vccn auto connect on off Supports manual mode required for some vendors The default on is not normally changed If auto connect is disabled off you must manually start stop a ppp connect...

Page 243: ...d ing another echo from an LCP echo request The integer argument can be any number from between 5 and 300 seconds set ppp module vccn lost echoes max integer Specifies the maximum number of lost echoes the Motorola Netopia Gateway should tol erate before bringing down the PPP connection The integer argument can be any number from between 1 and 20 set ppp module vccn failures max integer Specifies ...

Page 244: ...cn connection type instant on always on Specifies whether a PPP connection is maintained by the Motorola Netopia Gateway when it is unused for extended periods If you specify always on the Motorola Netopia Gateway never shuts down the PPP link If you specify instant on the Motorola Neto pia Gateway shuts down the PPP link after the number of seconds specified in the time out setting below if no tr...

Page 245: ...ateway before the link can be established set ppp module vccn port authentication option off on pap only chap only Specifying on turns both PAP and CHAP on or you can select PAP or CHAP Specify the username and password when port authentication is turned on both CHAP and PAP CHAP or PAP Authentication must be enabled before you can enter other information set ppp module vccn port authentication us...

Page 246: ...the number of IPoE sessions up to four on Ethernet WAN including VDSL platforms NOTE Enabling pppoe with ipoe disables support for multiple PPPoE sessions Example set ip ethernet C option on set ip ethernet C address 0 0 0 0 set ip ethernet C broadcast 0 0 0 255 set ip ethernet C netmask 255 255 255 0 set ip ethernet C restrictions admin disabled set ip ethernet C addr mapping on set ip ethernet C...

Page 247: ... configure two VCCs with the same VPI VCI to enable concurrent PPPoE and IPoE support and you will need to configure the individual settings for each interface for proper operation set atm vcc n encap pppoe llc Specifies that the VCC will allow a second VCC with the same VPI VCI values as the first pppoe llc denotes this special case Example set atm option on set atm vcc 1 option on set atm vcc 1 ...

Page 248: ...if mcast fwd is set to on If enabled the source IP address of every IGMP packet transmitted from this interface is set to 0 0 0 0 This complies with the requirements of TR 101 and removes the need for a publicly adver tised IP address on the WAN interface Ethernet Port Settings set ethernet ethernet A mode auto 100M full 100M full fixed 100M half fixed 10M full fixed 10M half fixed 100M half 10M full ...

Page 249: ...ions in future releases 802 3ah Ethernet OAM exchanges periodic Ethernet OAM heartbeat frames between the endpoints of the physical link being monitored and thus discovers and keeps alive the Link connectivity and reports faults if the link goes down Supported OAM request and response types are remote loopback enable remote loopback disable variable request variable response set ethernet oam ah op...

Page 250: ...timer value for continuity check in seconds Range is 1 300 sec onds Default is 1 set ethernet oam ah keepalive timer 5 305 Specifies the keep alive timer value in seconds Range is 5 305 seconds Default is 5 etheroam ah ping Sends OAM remote loopback request in active mode ...

Page 251: ...face displays help for a node when you navigate to that node set preference more lines Specifies how many lines of information you want the command line interface to display at one time The lines argument specifies the number of lines you want to see at one time The range is 1 65535 By default the command line interface shows you 22 lines of text before displaying the prompt More y n If you enter ...

Page 252: ...opia Gateway graphical user interface Similarly you would have to configure your telnet application to use the appropriate port when opening a configuration connection to your Motorola Neto pia Gateway set servers web http 1 65534 Specifies the port number for HTTP web communication with the Motorola Netopia Gate way Because port numbers in the range 0 1024 are used by other protocols you should u...

Page 253: ...terface BreakWater Basic Firewall s three settings are ClearSailing ClearSailing BreakWater s default setting supports both inbound and outbound traffic It is the only basic firewall setting that fully interoperates with all other Motorola Neto pia software features SilentRunning Using this level of firewall protection allows transmission of outbound traffic on pre con figured TCP UDP ports It dis...

Page 254: ... their network from these types of attacks BreakWater offers three levels of increasing protection The following tables indicate the state of ports associated with session types both on the WAN side and the LAN side of the Gateway Application Select this Level Other Considerations Typical Internet usage browsing e mail SilentRunning Multi player online gaming ClearSailing Set Pinholes once defined...

Page 255: ...pia server Enabled Disabled Disabled 80 http external Enabled Disabled Disabled 80 http Motorola Netopia server Enabled Disabled Disabled 67 DHCP client Enabled Enabled Disabled 68 DHCP server Not Applicable Not Applicable Not Applicable 161 snmp Enabled Disabled Disabled ping ICMP Enabled Disabled Disabled Gateway LAN Side BreakWater Setting ClearSailing SilentRunning LANdLocked Port Session Type...

Page 256: ...es keys for encryption and decryption Because this VPN software implementation is built to these standards the other side of the tunnel can be either another Motorola Neto pia unit or another IPsec IKE based security product For VPN you can choose to have traffic authenticated encrypted or both When connecting the Motorola Netopia unit in a telecommuting scenario the corporate VPN settings will di...

Page 257: ...ork set security ipsec tunnels name 123 dest int netmask netmask Specifies the subnet mask of the destination computer or internal network The subnet mask specifies which bits of the 32 bit IP address represents network information The default subnet mask for most networks is 255 255 255 0 class C subnet mask set security ipsec tunnels name 123 encrypt protocol ESP ESP none See page 94 for details...

Page 258: ...3 IKE mode DH group 1 1 2 5 See page 94 for details about SafeHarbour IPsec tunnel capability set security ipsec tunnels name 123 IKE mode isakmp SA encrypt DES DES 3DES See page 94 for details about SafeHarbour IPsec tunnel capability set security ipsec tunnels name 123 IKE mode ipsec mtu mtu_value The Maximum Transmission Unit is a link layer restriction on the maximum number of bytes of data in...

Page 259: ...gressive Default is off set security ipsec tunnels name 123 xauth username username Sets the Xauth username if Xauth is enabled set security ipsec tunnels name 123 xauth password password Sets the Xauth password if Xauth is enabled set security ipsec tunnels name 123 nat enable on off Enables or disables NAT on the specified IPsec tunnel The default is off set security ipsec tunnels name 123 nat p...

Page 260: ...mask ip mask set security ipsec tunnels name 123 remote id type IP address Subnet Hostname ASCII Specifies the NAT remote ID type for the specified IPsec tunnel when Aggressive Mode is set set security ipsec tunnels name 123 remote id id_value Specifies the NAT remote ID value as specified in the remote id type for the specified IPsec tunnel when Aggressive Mode is set Note If subnet is selected t...

Page 261: ...60 1000000 The soft parameters designate when the system begins to negotiate a new key For example after 82800 seconds 23 hours or 1 Gbyte has been transferred whichever comes first the key will begin to be renegotiated The hard parameters indicate that the renegotiation must be complete or the tunnel will be disabled For example 86400 seconds 24 hours means that the renegotiation must be complete...

Page 262: ...nspection default mapping to router option off or on on the specified inter face set security state insp ip ppp dsl vccn tcp seq diff 0 65535 set security state insp ethernet A B tcp seq diff 0 65535 Sets the acceptable TCP sequence difference on the specified interface The TCP sequence number difference maximum allowed value is 65535 If the value of tcp seq diff is 0 it means that this check is d...

Page 263: ...ied list or if the list does not exist creates the list for the stateful inspection feature xposed addr settings only apply if NAT is off Example set security state insp xposed addr exposed address 32 32 has been added to the xposed addr list Sets the exposed list address number set security state insp xposed addr exposed address n start ip ip_address Sets the exposed list range starting IP addres...

Page 264: ...pection feature for the exposed address list Accepted values for protocol are tcp udp both or any If protocol is not any you can set port ranges set security state insp xposed addr exposed address n start port 1 65535 set security state insp xposed addr exposed address n end port 1 65535 ...

Page 265: ...e Motorola Netopia Gateway set snmp community trap name Adds the specified name to the list of communities associated with the Motorola Netopia Gateway set snmp trap ip traps ip address Identifies the destination for SNMP trap messages The ip address argument is the IP address of the host acting as an SNMP console set snmp sysgroup contact contact_info Identifies the system contact such as the nam...

Page 266: ...ite user The read only account will have read only access to all objects known to the agent while the read write account will have read write access to all objects known to the agent SNMPv3 adds the ability to authenticate and or encrypt management traffic For security reasons enabling SNMPv3 will disable SNMPv1 v2 If SNMPv3 is enabled the firmware will no longer respond to SNMPv1 SNMPv2 traffic n...

Page 267: ...cation if the security model is set to auth or auth priv set snmp v3 ro account auth password Specifies the authentication password a 1 32 character string for the Read Only account if the security model is set to auth or auth priv You are prompted for a new password and then to repeat the password If there is an existing password the user must enter the old password then the new password and repe...

Page 268: ...f the security model is set to auth or auth priv set snmp v3 rw account auth password Specifies the authentication password a 1 32 character string for the Read Write account if the security model is set to auth or auth priv You are prompted for a new password and then to repeat the password If there is an existing password the user must enter the old password then the new password and repeat it s...

Page 269: ...u can enter that name in the Address text field of your browser to open a connection to your Motorola Netopia Gateway NOTE Some broadband cable oriented Service Providers use the System Name as an important identification and support parameter If your Gateway is part of this type of network do NOT alter the System Name unless specifically instructed by your Service Provider set system diagnostic l...

Page 270: ...h High level informational messages or greater includes status messages that may be significant but do not constitute errors The default alerts Warnings or greater includes recoverable error conditions and useful opera tor information failures Failures includes messages describing error conditions that may not be recoverable ...

Page 271: ...memory set system idle timeout telnet 1 120 http 1 120 Specifies a timeout period of inactivity for telnet or HTTP access to the Gateway after which a user must re login to the Gateway Defaults are 5 minutes for HTTP and 15 min utes for telnet set system username administrator name user name Specifies the usernames for the administrative user the default is admin and a non administrative user the ...

Page 272: ...ations through the device set system heartbeat option on off protocol udp tcp port client 1 65535 ip server ip_address dns_name port server 1 65535 url server server_name number 1 1073741823 interval 00 00 00 20 sleep 00 00 30 00 contact email string domain_name location string The heartbeat setting is used in conjunction with the configuration server to broadcast con tact and location information...

Page 273: ...me zone of 0 is GMT time options are 12 through 12 1 hour increments from GMT time update period specifies how often in minutes the Gateway should update the clock daylight savings specifies whether daylight savings time is in effect it defaults to off set system zerotouch option on off Enables or disables the Zero Touch option Zero Touch refers to automatic configuration of your Motorola Netopia ...

Page 274: ... following commands are available set system syslog host nameip ip_address hostname Specifies the syslog server s address either in dotted decimal format or as a DNS name up to 64 characters set system syslog log facility local0 local7 Sets the UNIX syslog Facility Acceptable values are local0 through local7 set system syslog log violations off on Specifies whether violations are logged or ignored...

Page 275: ...nsp ip ppp vcc1 deny fragments on 3 Enabling syslog Type config Type the command to enable syslog set system syslog option on Set the IP Address of the syslog host set system syslog host nameip ip addr example set system syslog host nameip 10 3 1 1 Enable change the options you require set system syslog log facility local1 set system syslog log violations on set system syslog log accepted on set s...

Page 276: ...t server address ip addr 5 Type the command to save the configuration Type save Exit the configuration interface by typing exit Restart the router by typing restart The router will reboot with the new configuration in effect ...

Page 277: ... Setting on page 128 set wireless default channel 1 14 Specifies the wireless 2 4GHz sub channel on which the wireless Gateway will operate For US operation this is limited to channels 1 11 Other countries vary for example Japan is channel 14 only The default channel in the US is 6 Channel selection can have a signifi cant impact on performance depending on other wireless activity in proximity to ...

Page 278: ...or each See below set wireless multi ssid second ssid third ssid fourth ssid name Specifies a descriptive name for each SSID when multi ssid option is set to on set wireless multi ssid second ssid privacy off WEP WPA PSK WPA 802 1x set wireless multi ssid third ssid privacy off WEP WPA PSK WPA 802 1x set wireless multi ssid fourth ssid privacy off WEP WPA PSK WPA 802 1x Specifies the type of priva...

Page 279: ...g keys The pass phrase can be 8 63 characters It is recommended to use at least 20 characters for best security set wireless multi ssid second ssid weplen 40 64bit 128bit 256bit set wireless multi ssid third ssid weplen 40 64bit 128bit 256bit set wireless multi ssid fourth ssid weplen 40 64bit 128bit 256bit Specifies the WEP key length for the multiple SSIDs when second third or fourth ssid privac...

Page 280: ... down the router s wireless transmit coverage by lowering its radio power output Default is full power Transmit power settings are useful in large venues with multiple wireless routers where you want to reuse channels Since there are only three non overlapping channels in the 802 11 spectrum it helps to size the Gate way s cell to match the location This allows you to install a router to cover a s...

Page 281: ...in milliseconds for data frames Valid values are 1 255 cwmin Minimum Contention Window upper limit in milliseconds of the range for determining initial random backoff The value you choose must be lower than cwmax Valid values are 1 3 7 15 31 63 127 255 or 511 cwmax Maximum Contention Window upper limit in milliseconds of the range of determining final random backoff The value you choose must be hi...

Page 282: ...Gateway WMM background parameters set wireless wmm client edca voice aifs 1 255 set wireless wmm client edca voice cwmin value set wireless wmm client edca voice cwmax value set wireless wmm client edca voice txoplimit 0 9999 Sets values for client WMM voice parameters set wireless wmm client edca video aifs 1 255 set wireless wmm client edca video cwmin value set wireless wmm client edca video cw...

Page 283: ...ient edca background aifs 1 255 set wireless wmm client edca background cwmin value set wireless wmm client edca background cwmax value set wireless wmm client edca background txoplimit 0 9999 Sets values for client WMM background parameters ...

Page 284: ...P enabled client must have the identical key of the same length in the identical slot 1 4 as the wireless Gateway in order to successfully receive and decrypt the packet Similarly the client also has a default key that it uses to encrypt its transmis sions In order for the wireless Gateway to receive the client s data it must likewise have the identical key of the same length in the same slot For ...

Page 285: ...acy encryption key1 hexadecimal digits set wireless network id privacy encryption key2 hexadecimal digits set wireless network id privacy encryption key3 hexadecimal digits set wireless network id privacy encryption key4 hexadecimal digits The encryption keys Enter keys using hexadecimal digits For 40 64bit encryption you need 10 digits 26 digits for 128bit and 58 digits for 256bit WEP Valid hexad...

Page 286: ...thernet MAC address is six hexadecimal values between 00 and FF inclusive separated by colons or dashes e g 00 00 C5 70 00 04 set wireless mac auth wrlss MAC list mac address MAC address_string allow access on off Designates whether the MAC address is enabled or not for wireless network access Dis abled MAC addresses cannot be used for access until enabled ...

Page 287: ...ed secret should have the same characteristics as a normal password set radius alt radius name server_name_string Specifies an alternate RADIUS server name or IP address to be used if the primary server is unreachable set radius alt radius secret shared_secret Specifies the secret key used by the alternate RADIUS server set radius radius port port_number Specifies the port on which the RADIUS serv...

Page 288: ...vlan name name id VID Specifies VLAN id VID when type is set to global The numerical range of possible VIDs is 1 4094 A VID of zero 0 is permitted on the Ethernet WAN port only set vlan name name admin restricted off on Turns admin restricted off or on Default is off If you select on administrative access to the Gateway is blocked from the specified VLAN set vlan name name seg pbits 0 7 Specifies ...

Page 289: ...is port destined for this VLAN Write any IP TOS priority bits into the 802 1p priority bit field for tagged IP packets transmitted from this port for this VLAN All mappings between Ethernet 802 1p and IP TOS are made via diffserv dscp map settings set vlan name name ports port port pbits 0 7 Specifies the 802 1p priority bit for this port associated with the specified VLAN If you set this to a val...

Page 290: ...estricted off off on off seg pbits 0 0 7 0 ports At this point you have created a VLAN It is called vlan1 without any admin restrictions Next add the port eth0 1 port to this VLAN ports eth0 1 option off off on on priority off off on on promote off off on on port pbits 0 0 7 1 eth0 2 option off off on eth0 3 option off off on eth0 4 option off off on ssid1 option off off on vcc1 option off off on ...

Page 291: ...option off set vlan name LanPorts ip interfaces ip ppp a option off set vlan name LanPorts ip interfaces ip eth b option off set vlan name LanPorts ip interfaces ip eth c option off set vlan name LanPorts ip interfaces ip eth a option on set vlan name LanPorts inter vlan routing group 1 on set vlan name LanPorts inter vlan routing group 2 off set vlan name LanPorts inter vlan routing group 3 off s...

Page 292: ... option off set vlan name PPPoE_11 inter vlan routing group 1 on set vlan name PPPoE_11 inter vlan routing group 2 off set vlan name PPPoE_11 inter vlan routing group 3 off set vlan name PPPoE_11 inter vlan routing group 4 off set vlan name Mgmt_2017 type global set vlan name Mgmt_2017 id 2017 set vlan name Mgmt_2017 admin restricted off set vlan name Mgmt_2017 seg pbits 3 set vlan name Mgmt_2017 ...

Page 293: ...off set vlan name Video_31 ports eth1 option on set vlan name Video_31 ports eth1 tag on set vlan name Video_31 ports eth1 priority off set vlan name Video_31 ports eth1 promote off set vlan name Video_31 ports eth1 port pbits 0 set vlan name Video_31 ip interfaces ip ppp a option off set vlan name Video_31 ip interfaces ip eth b option off set vlan name Video_31 ip interfaces ip eth c option off ...

Page 294: ...fied phone Default is off set voip phone 0 1 sip proxy server server_name ip_address Specifies the SIP proxy server for the specified phone by fully qualified server name or IP address set voip phone 0 1 sip proxy server domain domain_name Specifies the SIP proxy server domain name or IP address for the specified phone set voip phone 0 1 sip proxy server transport UDP TCP TLS Specifies the SIP pro...

Page 295: ...caller id dis plays for the specified phone set voip phone 0 1 sip user name username Specifies the user name that authenticates the user to SIP for the specified phone set voip phone 0 1 sip user password password Specifies the password that authenticates the user to SIP for the specified phone set voip phone 0 1 auth id string Specifies the authorization ID that authenticates the user to SIP for...

Page 296: ...ype implementation at 16 kbit s set voip phone 0 1 codec G726_24 priority 1 2 3 4 5 6 7 none Assigns a priority to the G726 24 codec a common audio media type implementation at 24 kbit s set voip phone 0 1 codec G726_32 priority 1 2 3 4 5 6 7 none Assigns a priority to the G726 32 codec a common audio media type implementation at 32 kbit s set voip phone 0 1 codec G726_40 priority 1 2 3 4 5 6 7 no...

Page 297: ...setting call feature call forwarding all number phone_number call forwarding all number specifies the number to which calls are to be forwarded when call forwarding all option is on set voip phone 0 1 sip advanced setting call feature call forwarding on busy option off on call forwarding on busy option turns call forwarding when the line is busy on or off set voip phone 0 1 sip advanced setting ca...

Page 298: ...advanced setting call feature subscribe mwi option off on subscribe mwi option if set to on the Message Waiting Indicator is enabled when new voice mail is received set voip phone 0 1 sip advanced setting dsp settings echo option echo off echo on echo on nlp echo on cng nlp echo option specifies under what conditions the system invokes or disables echo can cellation Default is echo on cng nlp Comf...

Page 299: ...ation When speech is not present the CNG algorithm generates a noise signal at the level sent from the transmit side vad std sid enables Voice Activity Detection with standard Silence Insertion Descrip tor support vad suppress sid enables Voice Activity Detection but suppresses standard Silence Insertion Descriptor support Example set voip phone 0 sip option on set voip phone 0 sip proxy server 10...

Page 300: ...t voip phone 0 sip advanced setting dsp settings echo option echo on cng nlp set voip phone 0 sip advanced setting dsp settings echo start attenuation 8192 set voip phone 0 sip advanced setting dsp settings echo max attenuation 16384 set voip phone 0 sip advanced setting dsp settings echo tail length 0 set voip phone 0 sip advanced setting dsp settings vad option off set voip phone 1 sip option on...

Page 301: ...option off set voip phone 1 sip advanced setting dsp settings echo option echo on cng nlp set voip phone 1 sip advanced setting dsp settings echo start attenuation 8192 set voip phone 1 sip advanced setting dsp settings echo max attenuation 16384 set voip phone 1 sip advanced setting dsp settings echo tail length 0 set voip phone 1 sip advanced setting dsp settings vad option off UPnP settings set...

Page 302: ...Motorola Netopia Gateway and management agent in UPnP and TR 064 is strictly over the LAN whereas the communication in TR 069 is over the WAN link for some features and over the LAN for others TR 069 allows a remote Auto Config Server ACS to provision and manage the Motorola Netopia Gateway TR 069 protects sensitive data on the Gateway by not advertising its presence and by password protection set...

Page 303: ...y URL and port number The format for the ACS URL is as follows http some_url com port_number or http 123 45 678 910 port_number On units that support SSL the format for the ACS URL can also be https some_url com port_number or https 123 45 678 910 port_number ...

Page 304: ...he primary WAN connection fail traffic would be automatically redirected through your alternate gateway device to maintain Internet connectivity set backup option disabled manual automatic Specifies whether backup to an IP gateway is disabled or enabled as manual or auto matic Default is disabled set backup failure timeout 1 10 Specifies the number of minutes you want the system to wait before the...

Page 305: ...ystem to wait before attempting to switch back to the WAN connection This allows you to be sure that the WAN connection is well re established before the gateway switches back to it from the backup mode Default is 1 set ip backup gateway option on off Turns the backup gateway option on or off Default is off set ip backup gateway interface ip address Specifies the backup gateway interface ip addres...

Page 306: ...0xffffffff pbo k1_3 0x00000000 0xffffffff pbo k2_1 0x00000000 0xffffffff pbo k2_2 0x00000000 0xffffffff pbo k2_3 0x00000000 0xffffffff line type 0x00 0xff us max inter delay 0x00 0xff ds max inter delay 0x00 0xff us target noise margin 0x0000 0xffff ds target noise margin 0x0000 0xffff min noise margin 0x0000 0xffff port bandplan 0x00 xff framing mode 0x00 0xff band mod 0x00 0xff port option 0x00 ...

Page 307: ... back off k2_3 line type 0x81 VDSL port line type auto 0x80 vdsl 0x81 vdsl_etsi 0x82 us max inter delay 0x04 VDSL port upstream max inter delay ds max inter delay 0x04 VDSL port downstream max inter delay us target noise margin 0x0C VDSL port upstream target noise margin ds target noise margin 0x0C VDSL port downstream target noise margin min noise margin 0x0A VDSL port minimum noise margin port b...

Page 308: ...nd is reduced by up to 2 5 dB but never below a minimum of 4 dB Bit 2 SUPPORT_INI Bit 4 TLAN Enable Bit 5 PBO Weak mode Enable Applicable only when PBO Bit 3 0 Bit 6 ADSL_SAFE_MODE Enable Bit 7 TLAN_SAFE_MODE Enable Applicable only when TLAN Enable Bit 4 is set If TLAN_SAFE_MODE not set line will attempt to retrain at higher rates but less stable line ...

Page 309: ...0x08 BP10_998_2 0x09 BP998_2B_3_8M 0x09 BP11_998_2 0x0A BP12_998_2 0x0B BP13_MXU_3 0x0C BP14_MXU_3 0x0D BP15_MXU_3 0x0E BP16_997_4B_4P 0x0F BP17_998_138_4400 0x10 BP18_997_138_4400 0x11 BP19_997_32_4400 0x12 BP20_998_138_4400_opBand 0x15 BP21_997_138_4400_opBand 0x16 BP22_998_138_4400_opBand 0x16 BP23_998_138_16000 0x17 BP24_998_3B_8KHZ 0x18 BP25_998_138_17600 0x19 BP26_CH1_3 0x1A BP27_CH1_4 0x1B ...

Page 310: ...am band in the PSD Upstream Band 0 or Optional band Upstream band 1 Upstream band 2 and Upstream Band 3 Setting all K2 parameters to 0 and all K1 to a high power level ie low number will essentially disable UPBO pbo k1_2 pbo k1_3 pbo k2_1 pbo k2_2 pbo k2_3 line type VDSL_AUTO_DETECT 0x80 VDSL 0x81 VDSL_ETSI 0x82 us max inter delay Maximum upstream interleave delay Provisioned in steps of 0 5 ms Us...

Page 311: ... 0x08 BP10_998_2 0x09 BP998_2B_3_8M 0x09 BP11_998_2 0x0A BP12_998_2 0x0B BP13_MXU_3 0x0C BP14_MXU_3 0x0D BP15_MXU_3 0x0E BP16_997_4B_4P 0x0F BP17_998_138_4400 0x10 BP18_997_138_4400 0x11 BP19_997_32_4400 0x12 BP20_998_138_4400_opBand 0x15 BP21_997_138_4400_opBand 0x16 BP22_998_138_4400_opBand 0x16 BP23_998_138_16000 0x17 BP24_998_3B_8KHZ 0x18 BP25_998_138_17600 0x19 BP26_CH1_3 0x1A BP27_CH1_4 0x1B...

Page 312: ...38 KHz 2 ANNEX_B_32_64 ie 138 KHz to 276 KHz 3 ANNEX_B_6_64 ie 25KHz to 276 KHz port option Bit 0 I 43 G hs carrier set Bit 1 V 43 G hs carrier set Bit 2 A 43 G hs carrier set Bit 3 B 43 G hs carrier set Bit 4 7 shall be set to 0 power mode 0 8 5dBm power output 1 11 5 dBm power output tx filter 0 using internal filter in Tx path 1 using K1 external filter in Tx path for Korea VLR Application 2 using...

Page 313: ...th for US Korea VLR Application 3 using H1 external filter in Rx path for 100 100 Application dying gasp Dying Gasp is a message sent from CPE to CO using the indica tor bit It indicates that the CPE is experiencing an impending loss of power Off Dying Gasp off don t send a message to CO On Dying Gasp on VDSL Parameters Accepted Values Parameter Accepted Values ...

Page 314: ...314 ...

Page 315: ... 100Base T IEEE 802 3 specification for Ethernet that uses unshielded twisted pair UTP wiring with RJ 45 eight conductor plugs at each end Runs at 100 Mbps A ACK Acknowledgment Message sent from one network device to another to indicate that some event has occurred See NAK access rate Transmission speed in bits per second of the cir cuit between the end user and the network ...

Page 316: ...agram from tampering including the fields in the header that do not change in transit Does not provide confidentiality ANSI American National Standards Institute ASCII American Standard Code for Information Interchange pronounced ASK ee Code in which numbers from 0 to 255 represent individual characters such as letters numbers and punctuation marks used in text representation and communi cation pr...

Page 317: ...I Basic Rate Interface ISDN standard for provision of low speed ISDN services two B channels 64 kbps each and one D channel 16 kbps over a single wire pair bridge Device that passes packets between two network seg ments according to the packets destination address broadcast Message sent to all nodes on a network broadcast address Special IP address reserved for simulta neous broadcast to all netwo...

Page 318: ...a customer site to the telephone company network CO Central Office Typically a local telephone company facility responsible for connecting all lines in an area compression Operation performed on a data set that reduces its size to improve storage or transmission rate crossover cable Cable that lets you connect a port on one Ethernet hub to a port on another Ethernet hub You can order an Ethernet c...

Page 319: ... encryption key is the most accepted variant of DES DH Group Diffie Hellman is a public key algorithm used between two systems to determine and deliver secret keys used for encryption Groups 1 2 and 5 are supported Also see Diffie Hellman listing DHCP Dynamic Host Configuration Protocol A network configu ration protocol that lets a router or other device assign IP addresses and supply other networ...

Page 320: ...rs by name rather than by numeric IP address DSL Digital Subscriber Line Modems on either end of a single twisted pair wire that delivers ISDN Basic Rate Access DTE Data Terminal Equipment Network node that passes information to a DCE modem for transmission A computer or router communicating through a modem is an example of a DTE device DTR Data Terminal Ready Circuit activated to indicate to a mo...

Page 321: ...ic flow confidentiality It encrypts the contents of the datagram as specified by the Security Association The ESP transformations encrypt and decrypt portions of datagrams wrapping or unwrapping the dat agram within another IP datagram Optionally ESP transforma tions may perform data integrity validation and compute an Integrity Check Value for the datagram being sent The com plete IP datagram is ...

Page 322: ...r node FTP server Host on network from which clients can transfer files H Hard MBytes Setting the Hard MBytes parameter forces the renegotiation of the IPSec Security Associations SAs at the configured Hard MByte value The value can be configured between 1 and 1 000 000 MB and refers to data traffic passed Hard Seconds Setting the Hard Seconds parameter forces the renegotiation of the IPSec Securi...

Page 323: ...ritical network element that connects everything to one centralized point A hub is simply a box with multiple ports for network connections Each device on the network is attached to the hub via an Ether net cable I IKE Internet Key Exchange protocol provides automated key management and is a preferred alternative to manual key man agement as it provides better security Manual key manage ment is pr...

Page 324: ...k control pro tocol in PPP specifying how IP communications will be config ured and operated over a PPP link IPSEC A protocol suite defined by the Internet Engineering Task Force to protect IP traffic at packet level It can be used for protecting the data transmitted by any service or application that is based on IP but is commonly used for VPNs ISAKMP Internet Security Association and Key Managem...

Page 325: ...ed to what was received M magic number Random number generated by a router and included in packets it sends to other routers If the router receives a packet with the same magic number it is using the router sends and receives packets with new random numbers to determine if it is talking to itself MD5 A 128 bit message digest authentication algorithm used to create digital signatures It computes a ...

Page 326: ...cation software layer Those in between are the Presentation Session Transport Network and Data Link layers Simple first and second generation fire wall technologies inspect between 1 and 3 layers of the 7 layer model while our SMLI engine inspects layers 2 through 7 N NAK Negative acknowledgment See ACK Name The Name parameter refers to the name of the config ured tunnel This is mainly used as an ...

Page 327: ...a communication channel Peer External IP Address The Peer External IP Address is the public or routable IP address of the remote gateway or VPN server you are establishing the tunnel with Peer Internal IP Network The Peer Internal IP Network is the private or Local Area Network LAN address of the remote gateway or VPN Server you are communicating with Peer Internal IP Netmask The Peer Internal IP ...

Page 328: ... router or host to network con nections using synchronous or asynchronous circuits Pre Shared Key The Pre Shared Key is a parameter used for authenticating each side The value can be an ASCII or Hex and a maximum of 64 characters Pre Shared Key Type The Pre Shared Key Type classifies the Pre Shared Key SafeHarbour supports ASCII or HEX types protocol Formal set of rules and conventions that specif...

Page 329: ...available routes and distances for remote network destinations S SA Encrypt Type SA Encryption Type refers to the symmetric encryption type This encryption algorithm will be used to encrypt each data packet SA Encryption Type values supported include DES and 3DES SA Hash Type SA Hash Type refers to the Authentication Hash algorithm used during SA negotiation Values supported include MD5 SHA1 N A w...

Page 330: ... done on bundles setup delete relay serial communication Method of data transmission in which data bits are transmitted sequentially over a communication channel SHA 1 An implementation of the U S Government Secure Hash Algorithm a 160 bit authentication algorithm Soft MBytes Setting the Soft MBytes parameter forces the renegotiation of the IPSec Security Associations SAs at the configured Soft MB...

Page 331: ... from and received by the proper IP addresses along the proper communication ports in the correct order and that no imposter packets interrupt the packet flow Packet filtering monitors only the ports involved while the Motorola Netopia Gateway analyzes the continuous conversation stream preventing session hijacking and denial of service attacks static route Route entered manually in a routing tabl...

Page 332: ...ed twisted pair cable V VJ Van Jacobson Abbreviation for a compression standard documented in RFC 1144 W WAN Wide Area Network Private network facilities usually offered by public telephone companies but increasingly avail able from alternative access providers sometimes called Com petitive Access Providers or CAPs that link business network nodes WWW World Wide Web ...

Page 333: ... 3 0cm H 8 7 22 0 cm W 5 2 13 2cm L Communications interfaces The Motorola Netopia 2200 and 3300 Series Gateways have an RJ 11 jack for DSL line connections or an RJ 45 jack for cable DSL modem connections and 1 or 4 port 10 100Base T Ethernet switch for your LAN connections Some models have a USB port that can be used to connect to your PC in some cases the USB port also serves as the power sourc...

Page 334: ... memory via TFTP or web upload does not apply to 3342 3352 Routing TCP IP Internet Protocol Suite RIP WAN support PPPoE DHCP static IP address Security PAP CHAP UI password security IPsec Secure Sockets Layer SSL certificates Management configuration methods HTTP Web server Telnet SNMP TR 069 Diagnostics Ping event logging routing table displays statistics counters web based management ...

Page 335: ... European directive 73 23 EN60950 Europe EMI Compatibility 89 336 EEC European directive EN55022 1994 CISPR22 Class B EN300 386 V1 2 1 non wireless products EN 301 489 wireless products Regulatory notices European Community This Motorola Netopia product conforms to the European Community CE Mark standard for the design and manufacturing of information technology equipment This standard covers a br...

Page 336: ...nce with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the foll...

Page 337: ...ng associated with a single line individual service may be extended by means of a certified connector assembly telephone extension cord The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations Repairs to the certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier Any repairs...

Page 338: ... substantial compensation Caution The direct plug in power supply serves as the main power disconnect locate the direct plug in power supply near the product for easy access For use only with CSA Certified Class 2 power supply rated 12VDC Telecommunication installation cautions Never install telephone wiring during a lightning storm Never install telephone jacks in wet locations unless the jack is...

Page 339: ...ich this unit is connected b The ringer equivalence number 0 XB c The USOC jack required RJ11C d The FCC Registration Number XXXUSA XXXXX XX E Items b and d are indicated on the label The Ringer Equivalence Number REN is used to determine how many devices can be connected to your telephone line In most areas the sum of the REN s of all devices on any one line should not exceed five 5 0 If too many...

Page 340: ...ble is experienced with this equipment the Motorola Netopia 2200 or 3300 Series router for repair or warranty information please contact Motorola Technical Support 510 597 5400 www netopia com If the equipment is causing harm to the telephone network the telephone company may request that you disconnect the equipment until the problem is resolved h This equipment not intended to be repaired by the...

Page 341: ...ames without prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRA...

Page 342: ... cryptsoft com THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRAN TIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF ...

Page 343: ...D4 Message Digest Algorithm in all material mentioning or referencing this soft ware or this function License is also granted to make and use derivative works provided that such works are identified as derived from the RSA Data Security Inc MD4 Message Digest Algorithm in all material men tioning or referencing the derived work RSA Data Security Inc makes no representations concerning either the m...

Page 344: ...NTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTI TUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CA...

Page 345: ...ing 42 128 277 B Backup 304 Bridging 196 Broadcast address 216 218 C CLI 163 command 170 Arguments 188 Command shortcuts 170 Command truncation 188 Configuration mode 187 Keywords 188 Navigating 187 Prompt 170 187 Restart command 170 SHELL mode 170 View command 189 Closed System Mode 42 128 Command ARP 171 185 Ping 174 Telnet 184 Command line interface see CLI Community 265 Compression protocol 24...

Page 346: ...et 67 145 Ethernet address 196 Ethernet statistics 175 F Factory Reset Switch 161 firewall 180 FTP 240 G Gaming 58 H Hardware address 196 hijacking 331 Home Page Basic Mode 35 Hop count 238 HTTP traffic 252 I ICMP Echo 174 IGMP 211 IGMP Snooping 212 IP 67 145 IP address 215 218 Default 73 IP interfaces 180 IP Passthrough 85 IP routes 180 IP Subnets 83 IPMap table 180 IPSec Tunnel 180 K Keywords CL...

Page 347: ...t upnp option 301 Operating Mode Wireless 41 127 278 P PAP 12 Password Administrator 73 168 User 73 168 persistent log 271 Ping 16 Ping command 174 Pinholes 240 Port authentication 245 Port Forwarding 61 91 Port forwarding 20 Port renumbering 252 PPP 187 PPPoE 12 Primary nameserver 208 Prompt CLI 170 187 Protocol compression 243 Q qos max burst size 195 qos peak cell rate 194 qos service class 194...

Page 348: ...tifica tion traps ip address command 265 Set system diagnostic level command 269 Set system heartbeat command 272 Set system name command 269 Set system NTP command 273 Set system password command 272 set system syslog 274 Set wireless option command 277 Set wireless user auth option command 285 SHELL Command Shortcuts 170 Commands 170 Prompt 170 SHELL level 187 SHELL mode 170 show config 177 Show...

Page 349: ... Protocol 172 Truncation 188 U UPnP 81 User List 70 148 User name 168 User password 73 168 V set atm 194 195 View command 189 view config 185 VLAN ID 112 VLAN Settings 288 Voice over IP 294 VoIP 294 VPI VCI 80 VPN IPSec Pass Through 21 IPSec Tunnel Termination 22 W Weighted Fair Queue 233 weighted fair queuing 231 Wide Area Network 12 Wi Fi Protected Access 47 133 Wired Equivalent Privacy 48 134 W...

Page 350: ...350 ...

Page 351: ...Motorola Netopia 2200 3300 or 7000 series Motorola Inc 6001 Shellmound Street Emeryville CA 94608 October 2007 ...

Reviews: