background image

Virtual Private Networks (VPNs)   12-11

You can remove a 

Filter Set

.

You can choose to configure 

Advanced IP Profile Options

 (see 

“Advanced IP Profile Options,”

 in the 

following section).

Note:

The SPI title field above changes to 

SPI (Security Parameters Index) -- Use Advanced IP Profile Options

 

if any of the SPI values differ from each other.

Advanced IP Profile Options

You can specify an 

ESP Receive SPI

. The value must be unique over the set of all ESP SPIs specified for 

the remote tunnel endpoint.

You can specify an 

ESP Transmit SPI

. The value must be unique over the set of all ESP SPIs specified for 

the remote tunnel endpoint.

You can specify an 

AH Receive SPI

 if AH authentication has been requested. The value must be unique 

over the set of all AH SPIs specified for the router.

You can specify an 

AH Transmit SPI

 if AH authentication has been requested. The value must be unique 

over the set of all AH SPIs specified for the remote tunnel endpoint.

You can specify a 

Local Tunnel Endpoint Address

. If not 0.0.0.0, this value must be one of the assigned 

inter face addresses, either WAN or LAN. This is used as the source address of all IPsec traffic.

You can specify a 

Next Hop Gateway

. If you specify the Remote Tunnel Endpoint Address, and the address 

is in the same subnet as the Remote Members Network you specified in the IP Profile Parameters, the 

Next Hop Gateway

 option allows you to enter the address by which the gateway par tner is reached.

If you do not specify the Remote Tunnel Endpoint Address, the router will use the default gateway to reach 
the par tner. If the par tner should be reached via an alternate por t (for example, the LAN instead of the 
WAN), the 

Next Hop Gateway

 field allows this path to be resolved.

                             Advanced IP Profile Options

         ESP Receive SPI:                   123456789
         ESP Transmit SPI:                  123456789
         AH Receive SPI:                    123456789
         AH Transmit SPI:                   123456789

         Local Tunnel Endpoint Address:     0.0.0.0
         Next Hop Gateway:                  0.0.0.0

Summary of Contents for 4752

Page 1: ...Netopia 4752 SDSL Integrated Access Device Administration Guide ...

Page 2: ...hts reserved Under the copyright laws such materials may not be copied in whole or part without the prior written consent of Netopia Inc Under the law copying includes translation to another language or format Netopia Inc 2470 Mariner Square Loop Alameda CA 94501 1010 U S A Part Number For additional copies of this electronic manual order Netopia part number 6161089 00 01 ...

Page 3: ...n to obtain 2 3 Chapter 3 Making the Physical Connections 3 1 Find a Location 3 1 What You Need 3 2 Identify the Connectors and Attach the Cables 3 3 Netopia 4752 Status Lights 3 4 Chapter 4 Sharing the Connection 4 1 Configuring TCP IP on Windows based Computers 4 2 Dynamic configuration recommended 4 2 Static configuration optional 4 3 Configuring TCP IP on Macintosh Computers 4 5 Dynamic config...

Page 4: ...up 7 8 Easy Setup Profile 7 9 IP Easy Setup 7 10 Easy Setup Security Configuration 7 11 Chapter 8 Voice Configuration 8 1 Introduction 8 1 Explanation of terms 8 1 Configuring the Voice Features 8 2 Part II Advanced Configuration Chapter 9 WAN and System Configuration 9 1 WAN Configuration 9 2 Multiple ATM Permanent Virtual Circuit Support 9 5 Multiple ATM PVC overview 9 5 Multiple ATM PVC configu...

Page 5: ...y 9 21 Upgrade feature set 9 21 Logging 9 22 Installing the Syslog client 9 22 Chapter 10 IP Setup 10 1 IP Setup 10 2 IP subnets 10 4 Static routes 10 6 IP Address Serving 10 10 IP Address Pools 10 13 DHCP NetBIOS Options 10 15 More Address Serving Options 10 17 Configuring the IP Address Server options 10 18 DHCP Relay Agent 10 23 Connection Profiles 10 25 Chapter 11 Multiple Network Address Tran...

Page 6: ...rks VPNs 12 1 Overview 12 1 About PPTP Tunnels 12 3 PPTP configuration 12 4 About IPsec Tunnels 12 7 Configuration 12 7 IP Profile Parameters 12 10 Advanced IP Profile Options 12 11 Interoperation with other features 12 12 Encryption Support 12 12 ATMP PPTP Default Answer Profile 12 13 VPN QuickView 12 14 Dial Up Networking for VPN 12 15 Installing Dial Up Networking 12 15 Creating a new Dial Up N...

Page 7: ...rk 13 4 How individual filters work 13 6 Design guidelines 13 10 Working with IP Filters and Filter Sets 13 11 Adding a filter set 13 12 Viewing filter sets 13 15 Modifying filter sets 13 16 Deleting a filter set 13 16 A sample IP filter set 13 16 Firewall Tutorial 13 19 General firewall terms 13 19 Basic IP packet components 13 20 Basic protocol types 13 20 Firewall design rules 13 21 Filter basi...

Page 8: ...erved IP Addresses 14 10 General Statistics 14 11 System Information 14 13 SNMP 14 13 The SNMP Setup screen 14 14 SNMP traps 14 15 Chapter 15 Utilities and Diagnostics 15 1 Ping 15 2 Trace Route 15 4 Telnet Client 15 5 Disconnect Telnet Console Session 15 6 Factory Defaults 15 6 Transferring Configuration and Firmware Files with TFTP 15 7 Updating firmware 15 7 Downloading configuration files 15 8...

Page 9: ...Appendix B About SDSL B 1 Appendix C Understanding IP Addressing C 1 What is IP C 1 About IP Addressing C 1 Subnets and subnet masks C 2 Example Using subnets on a Class C IP internet C 3 Example Working with a Class C subnet C 5 Distributing IP Addresses C 5 Technical note on subnet masking C 6 Configuration C 7 Manually distributing IP addresses C 8 Using address serving C 8 Tips and rules for d...

Page 10: ...uirements F 1 Environment F 1 Software and protocols F 1 Agency Approvals F 2 Regulatory notices F 2 Important Safety instructions F 4 Netopia 4752 Specifications F 5 Physical interface F 5 Data features F 5 Hardware specifications F 7 Voice features F 7 Glossary Index Limited Warranty and Limitation of Remedies ...

Page 11: ...P P P Pa a a ar r r rt t t t I I I I G G G Ge e e et t t tt t t ti i i in n n ng g g g S S S St t t ta a a ar r r rt t t te e e ed d d d ...

Page 12: ...Administration Guide ...

Page 13: ...chnically Centrex is a subset of PBX PBX users share a certain number of outside lines for making telephone calls external to the PBX Most medium sized and larger companies use a PBX because it s much less expensive than connecting an external telephone line to every telephone in the organization In addition it s easier to call someone within a PBX because the number you need to dial is typically ...

Page 14: ...atures include SDSL WAN Interface interoperable with major ATM and Frame Relay based DSL equipment A 10 100 Ethernet LAN Port Eight analog telephone ports local extensions One DB 9 serial console port Front panel status lights Setup and configuration management via console menu H H H Ho o o ow w w w t t t to o o o U U U Us s s se e e e T T T Th h h hi i i is s s s G G G Gu u u ui i i id d d de e e...

Page 15: ...y The CLEC uses a compatible type of switching equipment known as a Digital Subscriber Line Access Multiplexer DSLAM The DSLAM that you connect to with your Netopia Router must be capable of handling these symmetric connections The Netopia 4752 is certified for use with DSLAMs manufactured by Nokia Lucent Paradyne Nortel networks and Copper Mountain If you have purchased your Netopia Router throug...

Page 16: ...propriate refer your ISP to Netopia s Web site www netopia com for more information O O O Ob b b bt t t ta a a ai i i in n n ni i i in n n ng g g g a a a an n n n I I I IP P P P a a a ad d d dd d d dr r r re e e es s s ss s s s Typically each network computer that requires Internet access requires its own unique IP address If some or all network computers require simultaneous Internet access obtai...

Page 17: ... if your ISP supports it W W W Wi i i it t t th h h h N N N Ne e e et t t tw w w wo o o or r r rk k k k A A A Ad d d dd d d dr r r re e e es s s ss s s s T T T Tr r r ra a a an n n ns s s sl l l la a a at t t ti i i io o o on n n n If you are using MultiNAT you should obtain the following If you are connecting to a remote site using Network Address Translation on your router your provider will not...

Page 18: ...2 4 Administration Guide ...

Page 19: ...52 be sure to read the important safety information contained in Appendix F Technical Specifications and Safety Information When choosing a location for the Netopia Router consider Available space and ease of installation Physical layout of the building and how to best use the physical space available for connecting your Netopia Router to the LAN Available wiring and jacks Distance from the point ...

Page 20: ...pia CD containing Adobe Acrobat Reader for Windows and Macintosh ZTerm terminal emulator software for Classic MacOS and MacOSX and NCSA Telnet for Macintosh and documentation You will need A Windows 95 or 98 based PC or a Macintosh computer with Ethernet connectivity for configuring the Netopia 4752 This may be built in Ethernet or an add on card with TCP IP installed and configured See Sharing th...

Page 21: ...ter and the DSL wall outlet Port Description Telephone extension ports Eight RJ 11 telephone jacks for connecting your phone extensions DSL port An RJ 45 10Base T style jack labeled DSL for your DSL connection Ethernet port An RJ 45 10 100Base T Ethernet jack You will use this to configure the Netopia 4752 For a new installation use the Ethernet connection Alternatively you can use the console con...

Page 22: ... training 3 flashes red then flashes green The WAN interface is operational 3 is green Data is transmitted or received 4 flashes yellow No traffic is being transmitted or received 4 is dark Voice is operational 5 is green Voice traffic is transmitted or received 5 is yellow The Ethernet interface is connected at 10Base T speed 6 is dark The Ethernet interface is connected at 100Base T speed 6 is g...

Page 23: ...o o on n n n Once you have set up your physical local area network you will need to configure the TCP IP stack on each client workstation connected to your Netopia 4752 This chapter describes how to configure TCP IP for both Windows based and Macintosh computers This chapter explains the following topics Configuring TCP IP on Windows based Computers on page 4 2 Configuring TCP IP on Macintosh Comp...

Page 24: ...ns to configure other computers on your network to accept IP addresses served by the Netopia 4752 1 Go to the Start Menu Settings Control Panels and double click the Network icon From the Network components list select the Configuration tab 2 Select TCP IP Your Network Card Then select Properties In the TCP IP Properties screen select the IP Address tab Click Obtain an IP Address automatically 3 C...

Page 25: ...list select the Configuration tab 2 Select TCP IP Your Network Card Then select Properties In the TCP IP Properties screen select the IP Address tab Click Specify an IP Address Enter the following IP Address 192 168 1 2 Subnet Mask 255 255 255 0 or for 12 user models 255 255 255 240 This address is an example of one that can be used to configure the router Your ISP or network administrator may ask...

Page 26: ... Enter the following information Host Type the name you want to give to this computer Domain Type your domain name If you don t have a domain name type your ISP s domain name for example netopia com DNS Server Search Order Type the primary DNS IP address given to you by your ISP Click Add Repeat this process for the secondary DNS Domain Suffix Search Order Enter the same domain name you entered ab...

Page 27: ...uires that the optional AppleTalk kit be installed which can only be done after the router is configured You must have built in Ethernet or a third party Ethernet card and its associated drivers installed in your Macintosh Dynamic configuration recommended The Dynamic Host Configuration Protocol DHCP which enables dynamic addressing is enabled by default in the router To configure your Macintosh c...

Page 28: ...t mask 255 255 255 0 or for 12 user models 255 255 255 240 Router or Gateway address 192 168 1 1 Name server address Enter the primary and secondary name server addresses given to you by your ISP Implicit Search Path Starting domain name Enter your domain name if you do not have a domain name enter the domain name of your ISP If you are manually configuring for a fixed or static IP address perform...

Page 29: ...etwork with manual or static IP addresses Be sure each computer on your network has its own IP address More information about configuring your Macintosh computer for TCP IP connectivity through a Netopia 4752 can be found in Technote NIR_026 Open Transport and Netopia Routers located on the Netopia Web site ...

Page 30: ...4 8 Administration Guide ...

Page 31: ...r r r rk k k k This chapter describes how to physically connect the Netopia 4752 to your local area network LAN Before you proceed make sure the Netopia 4752 is properly configured You can customize the device s configuration for your particular LAN requirements using console based management see Console Based Management on page 6 1 This section covers the following topics Readying Computers on Yo...

Page 32: ...unicate using Internet protocols TCP IP stacks must be configured with some of the same information you used to configure the Netopia 4752 There are a number of TCP IP stacks available for PC computers Windows 95 includes a built in TCP IP stack See Configuring TCP IP on Windows based Computers on page 4 2 Macintosh computers use either MacTCP or Open Transport See Configuring TCP IP on Macintosh ...

Page 33: ... any one line should not exceed two 2 0 If too many devices are attached they many not ring properly The REN for telephone devices is usually listed on the product label or stamped or moulded into the body of the device Console Power 10 100 Ethernet DSL Telephone Extensions 1 2 3 4 5 7 8 6 Telephone Extension ports DSL Line port 10 100 Ethernet port Console port Power port 10 100Base T Hub Add com...

Page 34: ...5 4 Administration Guide ...

Page 35: ...management screens contain eight entry points to the Netopia 4752 configuration and monitoring features The entry points are displayed in the Main Menu shown below The Easy Setup menus display and permit changing the values contained in the default connection profile You can use Easy Setup to initially configure the router directly through a console session Easy Setup menus contain up to five desc...

Page 36: ...bout your router your network and their history See Statistics Logs on page 14 4 for detailed information The Quick Menus screen is a shortcut entry point to 22 of the most commonly used configuration menus that are accessed through the other menu entry points The Quick View menu displays at a glance current real time operating information about your router See Quick View Status Overview on page 1...

Page 37: ...s connection lets you use the computer to configure and monitor the Netopia 4752 via the console screens Netopia 4752 back panel To connect the Netopia 4752 to your computer for serial console communication use a console cable appropriate to your platform A DB 9 connector end attaches to a PC A mini DIN8 or a USB connector end attaches to a Macintosh computer depending on your computer s serial bu...

Page 38: ...gested Value Terminal type PC ANSI BBS Mac ANSI VT 100 or VT 200 Data bits 8 Parity None Stop bits 1 Speed 9600 bits per second can be set for up to 57600 Flow Control None Note The router firmware contains an autobaud detection feature If you are at any screen on the serial console you can change your baud rate and press Return HyperTerminal for the PC requires a disconnect The new baud rate is d...

Page 39: ...table items in a screen or pop up menu Up Down Left and Right Arrow Set a change to a selected item or open a pop up menu of options for a selected item like entering an upgrade key Return or Enter Change a toggle value Yes No On Off Tab Restore an entry or toggle value to its previous value Esc Move one item up Up arrow or Control K Move one item down Down arrow or Control O Display a dump of the...

Page 40: ...6 6 Administration Guide ...

Page 41: ...onfiguration access to your Netopia 4752 SDSL Integrated Access Device Accessing the Easy Setup console screens To access the console screens Telnet to the Netopia 4752 over your Ethernet network or physically connect with a serial console cable and access it with a terminal emulation program See Connecting through a Telnet Session on page 6 2 or Connecting a Console Cable to Your Device on page 6...

Page 42: ...e is configured for the recommended values If you are connecting via the Console port your computer s serial port is not being used by another device such as an internal modem or an application Turn off all other programs other than your terminal emulation program that may be interfering with your access to the port You have entered the correct password if necessary Your Netopia 4752 s console acc...

Page 43: ...Paradyne Nortel UE IMAS or HDLC Copper Mountain Data Rate for any Operation Mode other than Nokia EOC Fast or HDLC Copper Mountain 144 160 192 208 272 384 400 416 528 768 784 1040 1152 1168 1536 1552 1568 or 2320 Data Link Encapsulation PPP Frame Relay or RFC1483 PPP Mode VC Multiplexed default or LLC SNAP RFC1483 Mode Bridged 1483 default or Routed 1483 PPP over Frame Relay Enabled Off default or...

Page 44: ...necting a Console Cable to Your Device on page 6 3 Easy Setup Profile Screen Address Translation Enabled Yes default or No IP Addressing Unnumbered default or Numbered Local WAN IP Address Local WAN IP Mask n a Remote IP Address Remote IP Mask n a PPP Authentication None default PAP or CHAP User Name or Host Name n a Password or Secret n a IP Easy Setup Screen Ethernet IP Address Ethernet Subnet M...

Page 45: ... will be connecting Netopia 4752 v5 1 Easy Setup WAN Configuration System Configuration POTS Configuration Utilities Diagnostics Statistics Logs Quick Menus Quick View Return Enter goes to Easy Setup minimal configuration SDSL Line Configuration Operation Mode Generic Lucent Data Rate Nokia EOC Fast Nokia Fixed Data Link Encapsulation Paradyne PPP Mode Nortel UE IMAS HDLC Copper Mountain Data Circ...

Page 46: ... specify your data link encapsulation method Select Data Link Encapsulation and from the pop up menu choose Frame Relay the default PPP or RFC1483 or possibly PPPoE SDSL Line Configuration Operation Mode Generic D Reset to default settings for this DSLAM D P NO YES Data Circuit VPI 0 255 0 Data Circuit VCI 0 65535 38 PREVIOUS SCREEN NEXT SCREEN SDSL Line Configuration Operation Mode HDLC Copper Mo...

Page 47: ... the next pop up menu PPP Mode offers the choice of VC Multiplexed or LLC SNAP The next two fields Data Circuit VPI and Data Circuit VCI are editable Enter the Virtual Path Identifier and Virtual Channel Identifier values that your provider specifies For more information on VPIs and VCIs see Multiple ATM Permanent Virtual Circuit Support on page 9 5 2 Press the Down arrow key until you reach NEXT ...

Page 48: ...ce VCI fields are editable If you select Tollbridge the VPI and VCI fields do not appear Enter the Virtual Path Identifier and Virtual Channel Identifier values that your provider specifies For more information on VPIs and VCIs see Multiple ATM Permanent Virtual Circuit Support on page 9 5 3 Press the Down arrow key until you reach NEXT SCREEN Press Return to bring up the next screen Voice Easy Se...

Page 49: ...nother specific address if you want to use static addressing In that case enter the local WAN address your ISP gave you Press Return 3 If you selected PPP data link encapsulation in the SDSL Line Configuration screen a PPP Authentication menu item appears The authentication protocol and user name password combinations you enter must be assigned or agreed to in advance between you and your ISP Sele...

Page 50: ...r connection profiles will ensure this restriction See Multiple Network Address Translation on page 11 1 of this guide for more information 2 Select Ethernet Subnet Mask and enter the subnet mask your ISP has given you The Ethernet Subnet Mask defaults to a standard class mask derived from the class of the Ethernet IP address you entered in the previous step 3 Press the Down arrow key until the ed...

Page 51: ...addresses to your client workstations Normally you would accept the default On so that workstations on your LAN can use a single IP address assigned by your ISP to connect to the Internet 8 The IP address server will provide 100 IP addresses automatically to workstations on your LAN You only need to change the Number of Client IP Addresses if you have some other IP addressing scheme 9 By default t...

Page 52: ... The Router will restart and your configuration settings will be activated You can then Exit or Quit your Telnet application Easy Setup is now complete Easy Setup Security Configuration It is strongly suggested that you password protect configuration access to your Netopia By entering a Name and Password pair here access via serial Telnet and SNMP will be password protected Be sure to remember wha...

Page 53: ...one extensions and up to eight derived voice lines Like the rest of the 4700 series line the Netopia 4752 includes the Netopia data routing engine for any number of attached computers or other network devices connected to a single 10 100 Ethernet port Key features include Fax Modem Configurable Voice port for incoming or modem calls This is the secret term for echo cancellation support Voice Gatew...

Page 54: ...l dial tone and proceed to program the phone w local speed dial options In addition taking the phone off hook and pressing speed dial numbers will cause the stored speed dial digits to be sent out This is independent of the previous mode C C C Co o o on n n nf f f fi i i ig g g gu u u ur r r ri i i in n n ng g g g t t t th h h he e e e V V V Vo o o oi i i ic c c ce e e e F F F Fe e e ea a a at t t...

Page 55: ...o allows you to use a fax machine or modem on that phone port since fax machines and modems automatically cancel echoes If you want to disable echo cancellation toggle this item to No Voice Configuration Voice Gateway CopperCom Ring Cadence 20 Hz Port Configuration Voice Coding mu law Port Configuration Port 1 Echo Cancellation Enabled Yes Compression is G726 ADPCM 32K Port 2 Echo Cancellation Ena...

Page 56: ...lation for each port on the Netopia 4752 Select Voice Coding and press Return From the pop up menu choose the voice coding method you will be using The default is mu law which is the standard 8 bit 8 kHz mono format intended primarily for the requirements of voice in North America You can also choose a law a more common audio format outside North America ...

Page 57: ...P P P Pa a a ar r r rt t t t I I I II I I I A A A Ad d d dv v v va a a an n n nc c c ce e e ed d d d C C C Co o o on n n nf f f fi i i ig g g gu u u ur r r ra a a at t t ti i i io o o on n n n ...

Page 58: ...Administration Guide ...

Page 59: ...s of your Netopia 4752 SDSL Integrated Access Device You can customize these features for your individual setup These menus provide a powerful method for experienced users to set up their device s connection profiles and system configuration This section covers the following topics WAN Configuration on page 9 2 Multiple ATM Permanent Virtual Circuit Support on page 9 5 Creating a New Connection Pr...

Page 60: ...n WAN Setup The SDSL Line Configuration screen appears Main Menu WAN Configuration WAN Setup WAN Configuration WAN Wide Area Network Setup Display Change Connection Profile Add Connection Profile Delete Connection Profile ATMP PPTP Default Profile Scheduled Connections Configuration Changes Reset WAN Connection Yes From here you will configure yours and the remote sites WAN information ...

Page 61: ...t values that pertain to that particular DSLAM If the changes are such that the defaults completely change the configuration you will see an alert message asking you to confirm the resetting of the defaults SDSL Line Configuration Operation Mode Generic Lucent Clock Source Nokia EOC Fast Data Rate Mode Nokia Fixed Data Rate Paradyne Nortel UE IMAS Display Change Circuit HDLC Copper Mountain Add Ci...

Page 62: ...nge Circuit Add Circuit Delete Circuit menus permit you to assign multiple permanent virtual circuits For detailed information on multiple PVCs see Multiple ATM Permanent Virtual Circuit Support on page 9 5 Select Data Link Encapsulation and press Return The pop up menu will offer you the choice of PPP or RFC1483 The HDLC Copper Mountain Operation Mode also offers Frame Relay Your selection depend...

Page 63: ...r VPI and Virtual Channel Identifier VCI A VPI is an 8 bit value between 0 and 255 inclusive while a VCI is a 16 bit value between 0 and 65535 inclusive Circuits now support attributes in addition to their VPI and VCI values When configuring a circuit you can specify an optional circuit name of up to 14 characters The circuit name is used only to identify the circuit for management purposes as a c...

Page 64: ...ge Circuit screen From the Main Menu navigate to the SDSL Line Configuration screen Select Display Change Circuit and press Return Main Menu WAN Configuration WAN Setup SDSL Line Configuration SDSL Line Configuration Operation Mode Nokia Fixed Clock Source Network Data Rate Mode Hunt Data Rate 384 Display Change Circuit Add Circuit Delete Circuit Data Link Encapsulation RFC1483 RFC1483 Mode Routed...

Page 65: ...acter name with the circuit The default circuit name is Circuit n where n is some number between one and eight corresponding to the circuit s position in the list of up to eight circuits SDSL Line Configuration Operation Mode Generic Clock Source Network Data Rate Mode Hunt Data Rate Circuit Name VPI VCI Display Change Circuit Circuit 1 0 38 Add Circuit Voice Circuit 0 0 Delete Circuit Data Link E...

Page 66: ...ccording to pre defined dynamic binding rules when you add the second VC It will revert back to dynamic binding if the number of VCs is reduced to one for example by deleting previously defined VCs When the link comes up the device binds the VC dynamically to the first suitable Connection Profile or to the Default Profile if there is no Connection Profile configured If you factory default the devi...

Page 67: ...s Choosing a profile from the list statically binds the circuit to the selected profile Choosing Use Default Profile for Circuit statically binds the circuit to the Default Profile When the circuit is bound to a Connection Profile Use Connection Profile displays the name of the profile when the circuit is associated with the Default Profile Use Connection Profile displays Default Profile When more...

Page 68: ...ction for ATM VC Statistics To access the ATM VC Statistics screen navigate from the Main Menu to Statistics Logs then General Statistics The General Statistics screen appears Select VC Traffic Statistics Main Menu Statistics Logs General Statistics General Statistics Physical I F Rx Bytes Tx Bytes Rx Pkts Tx Pkts Rx Err Tx Err Ethernet Hub 0 0 0 0 0 0 Aux Async 0 0 0 0 0 0 ATM SDSL 1 22152 5092 4...

Page 69: ...n A pop up window appears displaying detailed information for the selected circuit ATM VC Statistics VPI VCI Local IP Addr Frames Rx Frames Tx Bytes Rx Bytes Tx SCROLL UP 0 39 111 222 333 4 0 0 0 0 8 36 1 0 70 0 SCROLL DOWN ATM VC Statistics View St VPI VCI 0 39 Circuit Name Circuit 4 8 36 Connection Profile Name Profile 4 Bytes Rx 0 Bytes Tx 0 Frames Rx 0 Frames Tx 0 Frames Rx Discarded 0 Frames ...

Page 70: ...gnize and authenticate a connection To create a new connection profile you navigate to the WAN Configuration screen from the Main Menu and select Add Connection Profile The Add Connection Profile screen appears On a Netopia 4752 SDSL Integrated Access Device you can add up to 15 more connection profiles for a total of 16 but you can only use one at a time 1 Select Profile Name and enter a name for...

Page 71: ...elect the authentication method your ISP uses if any PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol or None PAP is the most common and requires you to enter a User Name and Password in the next two fields CHAP requires you to enter a Host Name and Secret in the next two fields You can specify user name and password for both outgoing and incoming connections t...

Page 72: ...select Display Change Connection Profile The list of Connection Profiles is displayed in a scrolling pop up screen IP Profile Parameters Address Translation Enabled Yes Local WAN IP Address 0 0 0 0 Remote IP Address 0 0 0 0 Remote IP Mask 0 0 0 0 Filter Set Remove Filter Set Receive RIP Off Toggle to Yes if this is a single IP address ISP account Configure IP requirements for a remote network conn...

Page 73: ...Profile item to Yes or No the default This item controls whether or not the SDSL link will come up without an explicitly configured connection profile If your ISP is serving you a dynamic IP Address you need not explicitly configure a connection profile and the default behavior of the device will be to connect automatically once it is powered on If you select IP Parameters the IP Parameters screen...

Page 74: ...on Mode with RFC1483 as the data link encapsulation method You can enable it by toggling to Yes If you use HDLC Copper Mountain operation Mode with RFC1483 as the data link encapsulation method NAT is enabled by default as shown below For details on setting up IP Parameters see IP Setup on page 10 1 IP Parameters Default Profile Address Translation Enabled No Filter Set Firewall Remove Filter Set ...

Page 75: ... 3 You can also retrieve the Netopia 4752 s configuration information and remotely set its data routing parameters using the Simple Network Management Protocol see SNMP on page 14 13 Open a Telnet connection to the device s IP address for example 192 168 1 1 The console screen will open to the Main Menu similar to the screen shown below Navigating through the System Configuration screens To help y...

Page 76: ... you need to configure your Netopia 4752 Some users however require advanced settings or prefer manual control over the default selections For these users the Netopia 4752 provides system configuration options To help you determine whether you need to use the system configuration options review the following requirements If you have one or more of these needs use the system configuration options d...

Page 77: ...dress serving These screens allow you to configure IP address serving on your network by means of DHCP WANIP and BootP Details are given in IP Address Serving on page 10 10 Date and time You can set the system s date and time in the Set Date and Time screen Select Date and Time in the System Configuration screen and press Return The Set Date and Time screen appears System Configuration IP Setup Fi...

Page 78: ...ust be separated by forward slashes 2 Select Current Time and enter the time in the format HH MM where HH is the hour using either the 12 hour or 24 hour clock and MM is the minutes 3 Select AM or PM and choose AM or PM Console configuration You can change the default terminal communications parameters to suit your requirements Set Date and Time System Date Format MM DD YY Current Date MM DD YY 3 ...

Page 79: ...you to monitor and configure many of the data routing features of your network by means of a standard Simple Network Management Protocol SNMP agent Details are given in SNMP on page 14 13 Security These screens allow you to add users and define passwords on your network Details are given in Security on page 13 1 Upgrade feature set You can upgrade your Netopia 4752 by adding new feature sets throu...

Page 80: ...S name up to 63 characters You can specify the UNIX syslog Facility to use by selecting the Facility pop up Installing the Syslog client The Goodies folder on the Netopia CD contains a Syslog client daemon program that can be configured to report the WAN events you specified in the Logging Configuration screen To install the Syslog client daemon exit from the graphical Netopia CD program and locat...

Page 81: ...10 14 06 tsnext netopia com WAN 56K Modem 1 activated at 115 Kbps May 5 10 14 06 tsnext netopia com Connect Confirmed to our DN 5108645534 May 5 10 14 06 tsnext netopia com PPP Channel 1 up Answer Profile name Default Profile May 5 10 14 06 tsnext netopia com PPP NCP up session 1 Channel 1 Final fallback negotiated auth Local PAP Remote NONE May 5 10 14 06 tsnext netopia com PPP PAP we accepted re...

Page 82: ...9 24 Administration Guide ...

Page 83: ...Address Serving on page 10 10 More Address Serving Options on page 10 17 DHCP Relay Agent on page 10 23 Connection Profiles on page 10 25 Network Address Translation allows communication between the LAN connected to the Netopia 4752 and the Internet using a single or a few IP address es instead of a routed account with separate IP addresses for each computer on the network Network Address Translat...

Page 84: ...opia 4752 Select Ethernet IP Address and enter the IP address for the Netopia 4752 s Ethernet port Select Ethernet Subnet Mask and enter the subnet mask for the Ethernet IP address that you entered in the last step If you desire multiple subnets select Define Additional Subnets If you select this item you will be taken to the IP Subnets screen This screen allows you to define IP addresses and mask...

Page 85: ... network that the Netopia 4752 needs to recognize If this is the case select Receive RIP and select v1 v2 or Both from the pop up menu With Receive RIP set to v1 the Netopia 4752 s Ethernet port will accept routing information provided by RIP packets from other routers that use the same subnet mask Set to v2 the Netopia 4752 will accept routing information provided by RIP packets from other router...

Page 86: ...ber between one and eight If you have eight subnets configured there will be eight rows on this screen Otherwise there will be one more row than the number of configured subnets The last row will have the value 0 0 0 0 in both the IP address and subnet mask fields to indicate that you can edit the values in this row to configure an additional subnet All eight row labels are always visible regardle...

Page 87: ...ill the vacant fields The subnets configured on this screen are tied to the address serving pools configured on the IP Address Pools screen and that changes on this screen may affect the IP Address Pools screen In particular deleting a subnet configured on this screen will delete the corresponding address serving pool if any on the IP Address Pools screen IP Subnets IP Address Subnet Mask 1 192 12...

Page 88: ...static routes are used only if they appear in the IP routing table which contains all of the routes used by the Netopia 4752 see IP Routing Table on page 14 9 Static routes are helpful in situations where a route to a network must be used and other means of finding the route are unavailable For example static routes are useful when you cannot rely on RIP To go to the Static Routes screen select St...

Page 89: ...l appear The table has the following columns Dest Network The network IP address of the destination network Static Routes Display Change Static Route Add Static Route Delete Static Route Configure View Delete Static Routes from this and the following Screens Dest Network Subnet Mask Next Gateway Priority Enabled 0 0 0 0 0 0 0 0 163 176 8 1 Low Yes Select a Static Route to modify ...

Page 90: ...t to No Be sure to read the rules on the installation of static routes in the IP routing table See Rules of static route installation on page 10 9 Select Destination Network IP Address and enter the network IP address of the destination network Select Destination Network Subnet Mask and enter the subnet mask used by the destination network Select Next Gateway IP Address and enter the IP address fo...

Page 91: ...tatic routes Select a static route from the table and go to the Change Static Route screen The parameters in this screen are the same as the ones in the Add Static Route screen see Adding a static route on page 10 8 Deleting a static route To delete a static route in the Static Routes screen select Delete Static Route to display a table of static routes Select a static route from the table and pre...

Page 92: ...permanent since there is no lease renewal mechanism in BootP The third protocol called Dynamic WAN is part of the PPP MP suite of wide area protocols used for WAN connections It allows remote terminal adapters and NAT enabled routers to be assigned a temporary IP address for the duration of their connection Since no two hosts can use the same IP address at the same time make sure that the addresse...

Page 93: ...or instance on your local area network you may want to first figure out which machines are going to be allocated specific static IP addresses so that you can determine the pool of IP addresses that you will be serving addresses from via DHCP BootP and or Dynamic WAN Example Your ISP has given your Netopia 4752 the IP address 192 168 6 137 with a subnet mask of 255 255 255 248 The subnet mask alloc...

Page 94: ...ure Address Pools appears instead If you select Configure Address Pools you will be taken to the IP Address Pools screen that allows you to configure an address serving pool for each of the configured Ethernet IP subnets See IP Address Pools on page 10 13 IP Address Serving Configure Address Pools Serve DHCP Clients Yes DHCP NetBios Options Serve BOOTP Clients Yes Serve Dynamic WAN Clients Yes ...

Page 95: ...ddress on the subnet You can edit the remaining columns in each row The 1st Client Addr and Clients columns allow you to specify the base and extent of the address serving pool for a particular subnet Entering 0 0 0 0 for the first client address or 0 for the number of clients indicates that no addresses will be served from the corresponding Ethernet IP subnet The Client Gateway column allows you ...

Page 96: ...address is available The client stores this address in non volatile storage for example on disk and the specific storage method location differs depending on the client operating system When requesting an address a client may provide a client identifier or if it does not the Netopia 4752 may construct a pseudo client identifier for the client When the client subsequently requests an address the Ne...

Page 97: ... a non IBM network operating system or network interface card must offer a NetBIOS emulator Many vendors either provide a version of NetBIOS to interface with their hardware or emulate its transport layer communications services in their network products A NetBIOS emulator is a program provided by NetWare clients that allow workstations to run applications that support IBM s NetBIOS calls Select D...

Page 98: ...nished setting up DHCP NetBIOS Options To return to the IP Address Serving screen press Escape To enable BootP s address serving capability select Serve BOOTP Clients and toggle to Yes Note Addresses assigned through BootP are permanently allocated from the IP Address Serving pool until you release them To release these addresses navigate back to the Main Menu then Statistics Logs Served IP Addres...

Page 99: ...o view the host name associated with a client to which the router has leased an IP address The ability for the router s Ethernet IP address es to overlap the DHCP address serving pool s The ability to serve as a DHCP Relay Agent The Netopia 4752 supports reserving an IP address only for a type 1 client identifier i e an Ethernet hardware address It does not support reserving an IP address for an a...

Page 100: ...fier is still accessible in a Details pop up menu See below Note The server does not query the client for its host name Macintosh computers running versions of MacOS prior to MacOS version 8 5 OT 2 0 1 TCP IP 2 0 1 do not supply a host name option in their DHCP messages so no host name will appear in the Served IP Addresses list Served IP Statistics Logs Main Menu Addresses Served IP Addresses IP ...

Page 101: ... are Details Exclude Include Release and Reserve The action popup is context sensitive and lists only those operations that apply to the selected IP address in its current lease state Served IP Addresses IP Address Type Expires Host Name Client Identifier SCROLL UP 192 168 1 100 192 168 1 101 192 168 1 102 192 168 1 103 192 168 1 104 192 168 1 105 192 168 1 106 192 168 1 107 192 168 1 108 Details ...

Page 102: ...layed if the entry is not already excluded Selecting Exclude excludes the IP address from the address serving pool so the address will not be served to a client If the IP address is currently leased to or reserved for a client you will be presented with a warning dialog asking you to confirm the operation Served IP Addresses IP Address Type Expires Host Name Client Identifier SCROLL UP 192 168 1 1...

Page 103: ...tively being used by a client is generally not recommended Reserve is displayed if the entry is available declined excluded leased offered or reserved Reserving an IP address for a client with a particular Ethernet MAC address guarantees that a client with the specified MAC address will be offered or leased the specified IP address Moreover it prevents the specified IP address from being offered o...

Page 104: ... 192 168 1 104 192 168 1 105 IP Address is 192 168 1 108 192 168 1 106 MAC Address 00 00 c5 45 89 ef 192 168 1 107 192 168 1 108 CANCEL OK 192 168 1 109 192 168 1 110 192 168 1 111 192 168 1 112 192 168 1 113 SCROLL DOWN Lease Management Served IP Addresses IP Address Type Expires Host Name Client Identifier SCROLL UP 192 168 1 1 Excluded for the router s IP address 192 168 1 2 Excluded 192 168 1 ...

Page 105: ...cally in the Netopia Router and respond to the client s request itself However if the Netopia Router is configured to act as a DHCP relay agent it does not satisfy the DHCP request itself but instead forwards the request to one or more remote DHCP servers These servers process the request assign an address from an address pool configured on the remote server and forward the response back to the Ne...

Page 106: ...ter an IP address and press Return an additional field appears You can enter up to four DHCP server addresses In the example above DHCP requests from clients on the LAN will be relayed to the DHCP servers at IP addresses 10 1 1 1 20 1 1 1 and 30 1 1 1 IP Address Serving IP Address Serving Mode Disabled DHCP Server Number of Client IP Addresses DHCP Relay Agent 1st Client Address Client Default Gat...

Page 107: ...seful for creating VPNs Connection Profiles define the line and networking protocols necessary for the router to make a remote connection A connection profile is like an address book entry describing how the router is to get to a remote site or how to recognize and authenticate a remote user connecting to the router To create a new Connection Profile you navigate to the WAN Configuration screen fr...

Page 108: ... Address Translation beginning on page 11 1 For more information on IP addressing see Appendix C Understanding IP Addressing The Local WAN IP Address is displayed for numbered or NAT profiles The Local WAN IP Mask is displayed for numbered profiles The Remote IP Address and Remote IP Mask are displayed for unnumbered profiles IP Profile Parameters Address Translation Enabled Yes IP Addressing Numb...

Page 109: ...files in your router return to the WAN Configuration screen and select Display Change Connection Profile The list of connection profiles is displayed in a scrolling pop up screen WAN Configuration Profile Name IP Address Easy Setup Profile 127 0 0 2 Profile 1 0 0 0 0 on Yes Up Down Arrow Keys to select ESC to dismiss Return Enter to Edit ...

Page 110: ...10 28 Administration Guide ...

Page 111: ...r IP service ports into different values This mapping serves two functions It allows the addresses of many computers on a LAN to be represented to the public Internet by only one or a few addresses saving you money It can be used as a security feature by obscuring the true addresses of important machines from potential hackers on the Internet To help you understand some of the concepts discussed h...

Page 112: ...own Website or provide other Internet services to the public you need more than classic NAT The reason is noted under Port Address Translation above external users cannot initiate traffic to computers on your LAN because external users can never see the real addresses of the computers on your LAN If you want users outside your LAN to have access for example to a Web or FTP server that you host you...

Page 113: ...ned to a pool of available addresses for other workstations to use A common example is a DSL customer s application Most DSL ISPs only provide customers with a few IP addresses for use on their network For networks with more than four or five machines it is usually mandatory to use NAT A customer may have 15 workstations on the LAN all of which need Internet access The customer is only provided fi...

Page 114: ...arisons are made in this order 1 The Netopia Router first checks its internal NAT cache to see if the data is part of a previously initiated connection if not 2 The Netopia Router checks the configured server lists to see if this traffic is intended to be forwarded to an internal host based on the type of service 3 The Netopia Router then checks to see if there is a static dynamic or PAT mapping f...

Page 115: ...st The mappings in the map list are order dependent and are compared in order from the top of the list to the bottom If a particular resource is not available subordinate mappings can be defined that will redirect traffic Supported traffic MultiNat supports the following IP protocols PAT TCP UDP traffic which does not carry source or destination IP addresses or ports in the data stream i e HTTP Te...

Page 116: ...NAT configuration becomes effective This will map all your private addresses 0 0 0 0 through 255 255 255 255 to your public address These map lists are bound to the Easy Setup Profile See Binding Map Lists and Server Lists on page 11 22 This is all you need to do if you want to continue to use a single PAT or 1 to many NAT configuration Server Lists and Dynamic NAT configuration You use the advanc...

Page 117: ...ire configuration using the Network Address Translation item on the IP Setup screen An example MultiNAT configuration at the end of this chapter describes some applications for these features See the MultiNAT Configuration Example on page 11 28 In order to configure the router to make servers on your LAN visible to the Internet you use advanced features in the System Configuration screens describe...

Page 118: ...r NAT rules The following rules apply to assigning NAT ranges and server lists Static public address ranges must not overlap other static PAT public addresses or the public address assigned to the router s WAN interface A PAT public address must not overlap any static address ranges It may be the same as another PAT address or server list address but the port range must not overlap You configure t...

Page 119: ...ss each time it is negotiated If you choose dynamic as the range type a new menu item First Public Address becomes visible Select First Public Address and enter the first exterior IP address in the range you want to assign Select Last Public Address and enter an IP address at the end of the range If you choose static as the range type a new menu item First Public Address becomes visible Select Fir...

Page 120: ...First and Last Private Address and enter the first and last interior IP addresses you want to assign to this mapping Select Use NAT Public Range and press Return A screen appears displaying the public ranges you have defined Add NAT Map List Map List Name my_map Add Map Add NAT Map my_map First Private Address 192 168 1 1 Last Private Address 192 168 1 254 Use NAT Public Range ADD NAT MAP CANCEL ...

Page 121: ... map See Add NAT Public Range on page 11 9 The Add NAT Map screen now displays the range you have assigned Select ADD NAT MAP and press Return Your mapping is added to your map list Add NAT Map my_map Public Address Range Type Name 0 0 0 0 pat Easy PAT 206 1 1 6 pat my_first_range 206 1 1 1 206 1 1 2 static my_second_range NEW RANGE Up Down Arrow Keys to select ESC to cancel Return Enter to Delete...

Page 122: ... select Show Change Map List and press Return Select the map list you want to modify from the pop up menu The Show Change NAT Map List screen appears Network Address Translation NAT Map List Name Add Out Easy PAT List Show Ch my_map Delete Add Map Show Ch Delete Add Ser Show Ch Delete NAT Ass Up Down Arrow Keys to select ESC to dismiss Return Enter to Edit Show Change NAT Map List Map List Name my...

Page 123: ...he same pop up menu Scroll to the map you want to modify using the arrow keys and press Return The Change NAT Map screen appears Show Change NAT Map List Private Address Range Type Public Address Range 192 168 1 1 192 168 1 254 pat 206 1 1 6 192 168 1 253 192 168 1 254 static 206 1 1 1 206 1 1 2 192 168 1 1 192 168 1 252 dynamic 206 1 1 3 206 1 1 5 Change NAT Map my_map First Private Address 192 1...

Page 124: ...to reorder the priority of the maps such that the dynamic map applies first and any additional traffic is routed via PAT or static All operations are done from a single pop up menu In the Show Change Map List screen select Move Map A selection mode pop up menu appears In this mode you scroll to the map you want to move and press Return to select it for moving After pressing Return you are in Move ...

Page 125: ...rdering Note The pat map is generally left at the bottom of the list Show Change NAT Map List Private Address Range Type Public Address Range 192 168 1 2 192 168 1 252 dynamic 206 1 1 3 206 1 1 252 192 168 1 252 192 168 1 253 static 206 1 1 1 206 1 1 2 192 168 1 1 192 168 1 251 pat 206 1 1 6 Up Down Arrow Keys to select ESC to dismiss Return Enter to Edit ...

Page 126: ... accessible and it isn t accessible through other means such as a static mapping you must create a server list Select Add Server List from the Network Address Translation screen The Add NAT Server List screen appears Select Server List Name and type in a descriptive name A new menu item Add Server appears Add NAT Server List Server List Name my_servers Add Server ...

Page 127: ...r define your own by selecting Other If you select Other a screen is displayed that allows you to enter the port number range for your customized service Add NAT Server my_servers Service Server Private IP Address 192 168 1 45 Public IP Address 206 1 1 1 ADD NAT SERVER CANCEL Add NAT Server my_servers Type Port s Service ftp 21 telnet 23 Server Private IP Address smtp 25 tftp 69 Public IP Address ...

Page 128: ... acquire its public IP address from the WAN IP address specified by your WAN IP configuration in the Connection Profile If that is a static IP address then the PAT map list and server lists will acquire that address If it is a negotiated IP address such as may be assigned via DHCP or PPP the PAT map list and server lists will acquire that address each time it is negotiated Select ADD NAT SERVER an...

Page 129: ...s Translation screen Select the Server List Name you want to modify from the pop up menu and press Return The Show Change NAT Server List screen appears Network Address Translation NAT Server List Name A my_servers S D A S D A S D Up Down Arrow Keys to select ESC to dismiss Return Enter to Edit Show Change NAT Server List Server List Name my_servers Add Server Show Change Server Delete Server ...

Page 130: ...turn Your changes take effect and you are returned to the Show Change NAT Server List screen Show Change NAT Server List Private Address Public Address Port Se 192 168 1 254 206 1 1 6 smtp 192 168 1 254 206 1 1 5 smtp 192 168 1 254 206 1 1 4 smtp Ad 192 168 1 254 206 1 1 3 smtp 192 168 1 254 206 1 1 1 smtp Sh De Up Down Arrow Keys to select ESC to dismiss Return Enter to Edit Change NAT Server My ...

Page 131: ...op up menu lists your configured servers Select the one you want to delete and press Return A dialog box asks you to confirm your choice Choose CONTINUE and press Return The server is deleted from the list Show Change NAT Server List Internal Address External Address Port Se 192 168 1 254 206 1 1 6 smtp 19 19 Ad Are you sure you want to delete this Server Sh CANCEL CONTINUE De ...

Page 132: ...p list to a Connection Profile from the Main Menu go to the WAN Configuration screen then the Display Change Connection Profile screen From the pop up menu list of your Connection Profiles choose the one you want to bind your map list to Select IP Profile Parameters and press Return The IP Profile Parameters screen appears Main Menu WAN Configuration IP Profile Parameters Display Change Connection...

Page 133: ... NAT and IP Addressing Also the Local WAN IP Address and Mask fields visibility are dependent only on the IP Addressing type IP Profile Parameters NAT Map List Name Address Trans Easy PAT s IP Addressing my_map mbered None NAT Map List sy PAT NAT Server Li Local WAN IP Remote IP Add 7 0 0 2 Remote IP Mas 5 255 255 255 Filter Set tBIOS Filter Remove Filter Receive RIP th Up Down Arrow Keys to selec...

Page 134: ... to a Connection Profile From the Main Menu go to the WAN Configuration screen then the Default Profile screen Select IP Parameters and press Return The IP Parameters Default Profile screen appears Toggle Address Translation Enabled to Yes Main Menu WAN Configuration IP Parameters Default Profile WAN Default Profile IP Parameters Default Profile Address Translation Enabled Yes NAT Map List Easy PA...

Page 135: ... selected will now be bound to the default profile Note There is no interdependency between NAT and IP Addressing Also the Local WAN IP Address and Mask fields visibility are dependent only on the IP Addressing type IP Parameters Default Profile NAT Map List Name Easy PAT List my_map Address Trans None s NAT Map List NAT Server Li Filter Set F Remove Filter Receive RIP th Up Down Arrow Keys to sel...

Page 136: ...ork Address Translation screen Select NAT Associations and press Return The NAT Associations screen appears You can toggle NAT On or Off for each Profile Interface name You do this by navigating to the NAT field associated with each profile using the arrow keys Toggle NAT on or off by using the Tab key You can reassign any of your map lists or server lists to any of the Profile Interfaces You do t...

Page 137: ...l then be associated with the corresponding profile or interface NAT Associations NAT Map List Name Profile Interface Name Nat Server List Name Easy Setup Profile On Easy PAT List my_servers Profile 01 On my_first_map my_servers Profile 02 On my_second_map my_server_list Profile 03 On my_map None Profile 04 On None None Default Answer Profile On my_servers Up Down Arrow Keys to select ESC to dismi...

Page 138: ...6 1 1 6 255 255 255 248 subnet mask Your internal devices have IP addresses of 192 168 1 1 through 192 168 1 254 255 255 255 0 subnet mask In this example you will statically map the first five public IP addresses 206 1 1 1 206 1 1 5 to the first five corresponding private IP addresses 192 168 1 1 192 168 1 5 You will use these 1 to 1 mapped addresses to give your servers real addresses You will t...

Page 139: ...REVIOUS SCREEN NEXT SCREEN Enter a subnet mask in decimal and dot form xxx xxx xxx xxx Enter basic information about your WAN connection with this screen IP Easy Setup Ethernet IP Address 192 168 1 1 Ethernet Subnet Mask 255 255 255 0 Domain Name ISP net Primary Domain Name Server 173 166 101 1 Secondary Domain Name Server 173 166 102 1 Default IP Gateway 206 1 1 254 IP Address Serving On Number o...

Page 140: ...turn This returns you to the Network Address Translation screen Select Add Public Range and press Return Type a name for this static range as shown below Enter the first and last public addresses your ISP assigned in their respective fields as shown The first five public IP addresses 206 1 1 1 206 1 1 5 in this example are statically mapped to the first five corresponding private IP addresses 192 ...

Page 141: ... you need to bind the Map List to the profile You do this through either the NAT Associations screen or the profile s configuration screens The PAT part of this example setup will allow any user on the Netopia Router s LAN with an IP address in the range of 192 168 1 6 through 192 168 1 254 to initiate traffic flow to the outside world for example the Internet No one on the Internet would be able ...

Page 142: ... Web server s address 192 168 1 2 and the public address for example 206 1 1 2 and then select ADD NAT SERVER Now return to Add Server choose the smtp port and enter 192 168 1 3 your Mail server s IP address for the Server Private IP Address You can decide if you want to present both your Web and Mail services as being on the same public address 206 1 1 2 or if you prefer to have your Mail server ...

Page 143: ... to call her daughter at college at the same time you are talking to your relatives your calls don t overlap but each is separate and private Neither house has a direct wire to the places they call Both share the same lines on the telephone poles or underground on the street These calls are virtual private networks Virtual because they appear to be direct connections between the calling and answer...

Page 144: ...e access over the Internet to the resources of another LAN by setting up a tunnel with a Windows NT server running Remote Access Services RAS or with another Netopia Router As a server a Netopia R series router can provide remote users a secure connection to the resources of the LAN over a dial up cable DSL or any other type of Internet access Because PPTP can create a VPN tunnel using the Dial Up...

Page 145: ...n Note You must choose which protocol you will be using since you cannot both export PPTP and use ATMP or vice versa at the same time Having both an ATMP tunnel and a PPTP export is not possible because functions require GRE and the router s PPTP export server does not distinguish the GRE packets it forwards Since it processes all of them ATMP tunneling is impaired For example you cannot run an AT...

Page 146: ... native encapsulation Consequently the Easy Setup Profile does not offer PPTP datalink encapsulation See the User s Reference Guide for information on creating Connection Profiles Channel 4 and higher events such as connections and disconnections reported in the WAN Event Histories are VPN tunnel events To define a PPTP tunnel navigate to the Add Connection Profile menu from the Main Menu Main Men...

Page 147: ...way field allows this path to be resolved You can specify a Data Compression algorithm either None or Standard LZS for the PPTP connection Note When the Authentication protocol is MS CHAP compression is set to None and the Data Compression option is hidden From the pop up menu select an Authentication protocol for the PPP connection Options are PAP CHAP or MS CHAP The default is PAP The authentica...

Page 148: ...e normally initiated On Demand however you can disable this feature When disabled the tunnel must be manually established via the call management screens or may be scheduled using the scheduled connections feature See Scheduled Connections in the User s Reference Guide Some networks that use Microsoft Windows NT PPTP Network Servers require additional authentication information called Windows NT D...

Page 149: ...the receiving side an IPsec compliant device decrypts each packet Netopia Routers support the more secure Tunnel mode DES stands for Data Encryption Standard a popular symmetric key encryption method DES uses a 56 bit key The Netopia 4752 offers IPsec DES encryption over the VPN tunnel Configuration IPsec tunnels are defined in the same manner as PPTP tunnels You configure the Connection Profile a...

Page 150: ...y an Encryption Transform The choices are DES or NULL The default is DES Add Connection Profile Profile Name Profile 1 Profile Enabled Data Link Encapsulation PPP Data Link Options Frame Relay RFC1483 ATMP IP Profile Parameters PPTP IPsec COMMIT CANCEL IPsec Encryption Authentication Options Encryption Transform DES Encryption Key NULL Authentication Type ESP Authentication Transform HMAC MD5 96 A...

Page 151: ...Authentication Type is anything other than None The default is HMAC MD5 96 and the choices are HMAC MD5 96 or HMAC SHA1 96 for both AH and ESP You must specify an Authentication Key if the Authentication Type is anything other than None The key must be an ASCII string of up to 48 characters for both HMAC MD5 96 and HMAC SHA1 96 Key The key is a hexadecimal entry of 16 bytes 32 characters of input ...

Page 152: ...bnet of the remote IPsec tunnel and will be used with the Remote Members Mask to determine and set the route You must specify a Remote Members Mask This is the subnet mask of the remote subnet to which the IPsec tunnel will route You can specify Address Translation Enabled For more information see Chapter 11 Multiple Network Address Translation If Address Translation Enabled is set to Yes you can ...

Page 153: ...e value must be unique over the set of all AH SPIs specified for the remote tunnel endpoint You can specify a Local Tunnel Endpoint Address If not 0 0 0 0 this value must be one of the assigned interface addresses either WAN or LAN This is used as the source address of all IPsec traffic You can specify a Next Hop Gateway If you specify the Remote Tunnel Endpoint Address and the address is in the s...

Page 154: ...Protocol MS CHAP is enabled Netopia complies with this feature to allow MPPE only when MS CHAP is negotiated MS CHAP and MPPE are user selectable options in the PPTP Tunnel Options screen If either the client or the server side specifies encryption then encryption becomes mandatory for both Netopia s ATMP implementation supports Data Encryption Standard DES data encryption for user data transfer o...

Page 155: ... The Default VPN Profile screen appears Toggle Answer VPN Connections to Yes if you want the router to accept VPN connections or No the WAN Configuration WAN Wide Area Network Setup Display Change Connection Profile Add Connection Profile Delete Connection Profile WAN Default Profile ATMP PPTP Default Profile Scheduled Connections Configuration Changes Reset WAN Connection Yes Frame Relay Configur...

Page 156: ...uickView You can view the status of your VPN connections in the VPN QuickView screen From the Main Menu select QuickView and then VPN QuickView The VPN QuickView screen appears Profile Name Lists the name of the Connection Profile being used if any Type Shows the data link encapsulation method PPTP or ATMP Rx Pckts Shows the number of packets received via the VPN tunnel Tx Pckts Shows the number o...

Page 157: ...or Windows 95 and comes standard with Windows 98 and Windows NT The VPN tunnel behaves as a private network connection unrelated to other traffic on the network Once you have installed Dial Up Networking you will be able to connect to your remote site as if you had a direct private connection regardless of the intervening network s through which your data passes You may need to install the Dial Up...

Page 158: ...e named it icon on your desktop Open the Dial Up Networking folder and then double click Make New Connection The Make New Connection wizard window appears 2 Type a name for this connection such as the name of your company or the computer you are dialing into From the pull down menu select the device you intend to use for the virtual private network connection This can be any device you have instal...

Page 159: ...n for the profile you created in the previous section 2 Right click the icon and from the pop up menu select Properties 3 In the Properties window click the Server Type button From the Type of Dial up Server pull down menu select the appropriate type of server for your system version Windows 95 users select PPP Windows 95 Windows NT 3 5 Internet Windows 98 users select PPP Windows 98 Windows NT Se...

Page 160: ...lled and have an established Internet connection Windows 95 VPN installation 1 From your Internet browser navigate to the following URL http www microsoft com NTServer nts downloads recommended dunl3win95 releasenotes aso Download the Microsoft Windows 95 VPN patch dun 1 3 to the Windows 95 computer you intend to use as a VPN client with PPTP Follow the installation instructions 2 From the Windows...

Page 161: ...t menu select Settings then Control Panel and click once The Control Panel screen appears 2 Double click Add Remove Programs The Add Remove Programs screen appears 3 Click the Windows Setup tab The Windows Setup screen will be displayed within the top center box 4 Double click Communications This displays a list of possible selections for the communications option Active components will have a che...

Page 162: ...s initiate and terminate mean the beginning and end of the tunnel they do not mean activate and deactivate ATMP is a tunneling protocol with two basic aspects Tunnels are created and torn down using a session protocol that is UDP based User or client data is transferred across the tunnel by encapsulating the client data within Generic Routing Encapsulation GRE The GRE data is then routed using sta...

Page 163: ...ed Profiles using ATMP do not offer a Telco Options screen ATMP Partner IP Address specifies the address of the other end of the tunnel When unspecified the Add Connection Profile Profile Name Profile 1 Profile Enabled Data Link Encapsulation PPP Data Link Options Frame Relay ATM FUNI ATMP IP Profile Parameters PPTP ADD PROFILE NOW CANCEL ATMP Tunnel Options ATMP Partner IP Address 173 167 8 134 T...

Page 164: ...n Ascend router in Router mode leave this field blank You must specify a Password used for authenticating the tunnel Note The Password entry will be the same for both ends of the tunnel For Netopia to Netopia connections only you can specify a Data Encryption algorithm for the ATMP connection from the pop up menu either DES or None None is the default Note Ascend does not support DES encryption fo...

Page 165: ...y vary slightly between ATMP and PPTP but both protocols operate on the same basic premise there are control and negotiation operations and there is the tunnelled traffic that carries the payload of data between the VPN endpoints The difference is that ATMP uses UDP to handle control and negotiation while PPTP uses TCP Then both ATMP and PPTP use GRE to carry the payload For PPTP negotiation to wo...

Page 166: ...nd from the pop up menu select Basic Firewall Select Display Change Input Filter Display Change Input Filter screen For Input Filter 1 set the Destination Port information as shown below Main Menu System Filter Sets IP Filter Sets Display Change IP Filter Set Configuration Basic Firewall Source IP Addr Dest IP Addr Proto Src Port D Port On Fwd 1 0 0 0 0 0 0 0 0 TCP NC 1723 Yes Yes 2 0 0 0 0 0 0 0 ...

Page 167: ... Yes Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 Protocol Type GRE Source IP Addr Dest IP Addr Proto Src Port D Port On Fwd 1 0 0 0 0 0 0 0 0 TCP NC 1723 Yes Yes 2 0 0 0 0 0 0 0 0 GRE Yes Yes Change Output Filter 1 Enabled Yes Forward Yes Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Addres...

Page 168: ...ut Filter 2 set the Protocol Type to allow GRE as shown below Change Output Filter 2 Enabled Yes Forward Yes Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 Protocol Type GRE ...

Page 169: ...o Display Change IP Filter Set and from the pop up menu select Basic Firewall Select Display Change Input Filter Display Change Input Filter screen For Input Filter 1 set the Destination Port information as shown below Main Menu System Filter Sets IP Filter Sets Display Change IP Filter Set Configuration Basic Firewall Source IP Addr Dest IP Addr Proto Src Port D Port On Fwd 1 0 0 0 0 0 0 0 0 UDP ...

Page 170: ...s Forward Yes Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 Protocol Type GRE Source IP Addr Dest IP Addr Proto Src Port D Port On Fwd 1 0 0 0 0 0 0 0 0 UDP NC NC Yes Yes 2 0 0 0 0 0 0 0 0 GRE Yes Yes Change Output Filter 1 Enabled Yes Forward Yes Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP...

Page 171: ... Output Filter 2 set the Protocol Type to allow GRE as shown below Change Output Filter 2 Enabled Yes Forward Yes Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 Protocol Type GRE ...

Page 172: ...12 30 Administration Guide ...

Page 173: ... later in this chapter there are other actions you can take to make the Netopia 4752 and your network more secure Change the SNMP community strings or passwords The default community strings are universal and could easily be known to a potential intruder Set the answer profile so it must match incoming calls to a connection profile Leave the Enable Dial in Console Access option set to No When usin...

Page 174: ...ions screen because it controls access to the configuration screens Access to the Security Options screen can be protected with a password Select Password for This Screen in the Security Options screen and enter a password Make sure this password is secure and is different from any of the user account passwords Protecting the configuration screens You can protect the configuration screens with use...

Page 175: ...scape Telnet Access Telnet is a TCP IP service that allows remote terminals to access hosts on an IP network The Netopia 4752 supports Telnet access to its configuration screens CAUTION You should consider password protecting or restricting Telnet access to the Netopia 4752 if you suspect there is a chance of tampering To password protect the configuration screens select Easy Setup from the Main M...

Page 176: ... a filter and what s a filter set A filter is a rule that lets you specify what sort of data can flow in and out of your network A particular filter can be either an input filter one that is used on data packets coming in to your network from the Internet or an output filter one that is used on data packets going out from your network to the Internet A filter set is a group of filters that work to...

Page 177: ...ge arrives from Rome the first inspector sends it along without allowing the second inspector to see it A package from Paris is ignored by the first inspector rejected by the second inspector and never seen by the others A package from London is ignored by the first two inspectors so it s seen by the third inspector In the same way filter sets apply their filters in a particular order The first fi...

Page 178: ...o understand this particular filter look at the parts of a filter Parts of a filter A filter consists of criteria based on packet attributes A typical filter can match a packet on any one of the following attributes The source IP address where the packet was sent from The destination IP address where the packet is going The type of higher layer Internet protocol the packet is carrying such as TCP ...

Page 179: ...s than or equal to the port number specified in the filter Equal For the filter to match the packet s port number must equal the port number specified in the filter Greater Than For the filter to match the packet s port number must be greater than the port number specified in the filter Greater Than or Equal For the filter to match the packet s port number must be greater than or equal to the port...

Page 180: ...ighest priority is first in the table Source IP Addr The packet source IP address to match Dest IP Addr The packet destination IP address to match Proto The protocol to match This can be entered as a number see the table below or as TCP or UDP if those protocols are used Protocol Number to use Full name N A 0 Ignores protocol type ICMP 1 Internet Control Message Protocol TCP 6 Transmission Control...

Page 181: ...ddresses are masked determines what the final match will be although the mask is not displayed in the table that displays the filter sets you set it when you create the filter In fact since the mask for the destination IP address is 0 0 0 0 the address for Dest IP Addr could have been anything The mask for Source IP Addr must be 255 255 255 255 since an exact match is desired Source IP Addr 199 21...

Page 182: ...ty set and that can actually make your network less secure Be sure each individual filter s purpose is clear Determine how filter priority will affect the set s actions Test the set on paper by determining how the filters would respond to a number of different hypothetical packets Consider the combined effect of the filters If every filter in a set fails to match on a particular packet the packet ...

Page 183: ...strongly recommended that you take the latter and safer approach to all of your filter set designs Working with IP Filters and Filter Sets This section covers IP filters and filter sets To work with filters and filter sets begin by accessing the filter set screens Note Make sure you understand how filters work before attempting to use them Read the section About Filters and Filter Sets beginning o...

Page 184: ...ter sets have a default name The first filter set you add will be called Filter Set 1 the next filter will be Filter Set 2 and so on To give a new filter set a different name select Filter Set Name and enter a new name for the filter set To save the filter set select ADD FILTER SET The saved filter set is empty contains no filters but you can return to it later to add filters see Modifying filter ...

Page 185: ...ur local network is the destination of the packets it checks and the remote network is their source From the perspective of an output filter your local network is the source of the packets and the remote network is their destination Adding filters to a filter set In this section you ll learn how to add an input filter to a filter set Adding an output filter works exactly the same way providing you...

Page 186: ...ss This allows you to further modify the way the filter will match on the destination address Enter 0 0 0 0 to force the filter to match on all destination IP addresses 7 Select Protocol Type and enter ICMP TCP UDP Any or the number of another IP transport protocol see the table on page 13 8 Note If Protocol Type is set to TCP or UDP the settings for port comparison that you configure in steps 8 a...

Page 187: ...meters in this screen are set in the same way as the ones in the Add Filter screen see Adding filters to a filter set on page 13 13 Deleting filters To delete a filter select Delete Input Filter or Delete Output Filter in the Add IP Filter Set screen to display a table of filters Select the filter from the table and press Return to delete it Press Escape to exit the table without deleting the filt...

Page 188: ...r Set in the IP Filter Sets screen to display a list of filter sets Select a filter set from the list and press Return to delete it Press Escape to exit the list without deleting the filter set A sample IP filter set This section contains the settings for a filter set called Basic Firewall which is part of the Netopia 4752 s factory configuration Basic Firewall blocks undesirable traffic originati...

Page 189: ...rd all TCP and UDP traffic respectively when the destination port is greater than 1023 This type of traffic generally does not allow a remote host to connect to the LAN using one of the potentially intrusive Internet services such as Telnet FTP and WWW Output filter 1 This filter forwards all outgoing traffic to make sure that no outgoing connections from the LAN are blocked Setting Input filter 1...

Page 190: ...s to be the only one used with Basic Firewall The results of combining filter set modifications can be difficult to predict It is recommended that you take special care if you are making more than one modification to the sample filter set Trusted host To allow unlimited access by a trusted remote host with the IP address a b c d corresponding to a numbered IP address such as 163 176 8 243 insert t...

Page 191: ...WW Deleting a filter set does not delete the filters in that set However the filters in the deleted set are no longer in effect unless they are part of another set The deleted set will no longer appear in the answer profile or any connection profiles to which it was added Firewall Tutorial General firewall terms Filter rule A filter set is comprised of individual filter rules Filter set A grouping...

Page 192: ...on mechanism so packets are not lost RFC 793 is the specification for TCP UDP User Datagram Protocol Unlike TCP UDP does not guarantee reliable sequenced packet delivery If data does not reach its destination UDP does not retransmit the data RFC 768 is the specification for UDP There are many more ports defined in the Assigned Addresses RFC The table that follows shows some of these port assignmen...

Page 193: ...or example if you had the following filter set Allow WWW access Allow FTP access Allow SMTP access Deny all other packets and a packet goes through these rules destined for FTP the packet would forward through the first rule WWW go through the second rule FTP and match this rule the packet is allowed through If you had this filter set for example Allow WWW access Allow FTP access Deny FTP access D...

Page 194: ... implied rule tells the filter set what to do with a packet that does not match any of the filter rules An example of implied rules is as follows Established connections The TCP header contains one bit called the ACK bit or TCP Ack bit This ACK bit appears only with TCP not UDP The ACK bit is part of the TCP mechanism that guarantees the delivery of data The ACK bit is set whenever one side of a c...

Page 195: ...t Equal To Matches any port other than what is defined Less Than Anything less than the port defined Less Than or Equal Any port less than or equal to the port defined Equal Matches only the port defined Greater Than or Equal Matches the port or any port greater Greater Than Matches anything greater than the port defined Change Filter Enabled Yes Forward No Source IP Address 0 0 0 0 Source IP Addr...

Page 196: ...IP Address field 00000000 in the Netopia 4752 This will not forward this packet Filter Rule 200 1 1 0 Source IP Network Address 255 255 255 128 Source IP Mask Forward No What happens on match IP Address Binary Representation 200 1 1 28 00011100 Source address in incoming IP packet AND 255 255 255 128 10000000 Perform the logical AND 00000000 Logical AND result Netopia Internet IP 200 1 1 DATA Inco...

Page 197: ...s after the logical AND is 1011000 this rule does not match and this packet will be forwarded Filter Rule 200 1 1 0 Source IP Network Address 255 255 255 128 Source IP Mask Forward No What happens on match IP Address Binary Representation 200 1 1 184 10111000 Source address in incoming IP packet AND 255 255 255 128 10000000 Perform the logical AND 10000000 Logical AND result Filter Rule 200 1 1 96...

Page 198: ...0 this rule does match and this packet will not be forwarded This rule masks off a single IP address Filter Rule 200 1 1 96 Source IP Network Address 255 255 255 240 Source IP Mask Forward No What happens on match IP Address Binary Representation 200 1 1 104 01101000 Source address in incoming IP packet AND 255 255 255 240 11110000 Perform the logical AND 01100000 Logical AND result Filter Rule 20...

Page 199: ...t certain departments from accessing the Internet can use LAN side filtering as well as schools desiring to prevent their student network from downloading files via FTP etc The default WAN filtersets Basic Firewall and NetBIOS Filter should never be applied to your internal LAN because they can cut off access from all of your internal computers to the router itself Instead you should create separa...

Page 200: ...or subnet Instead create a new filter set in accordance with the standard filtering rules described earlier Advanced Security Options Security Databases Local only RADIUS Server Addr Name RADIUS Server Secret Alt RADIUS Server Addr Name Alt RADIUS Server Secret RADIUS Identifer RADIUS Server Authentication Port 1812 LAN EN Hub IP Filter Set Remove Filter Set Advanced Security Options Security Data...

Page 201: ...e select Remove Filter Set and press Return The filter set will be disconnected from the LAN interface Note Removing the filter set from the LAN does not delete the filter set It is still available to be reassociated with the same or another interface or modified further ...

Page 202: ...curity database modes Local Only RADIUS only RADIUS then Local Local then RADIUS R R R RA A A AD D D DI I I IU U U US S S S c c c cl l l li i i ie e e en n n nt t t t c c c co o o on n n nf f f fi i i ig g g gu u u ur r r ra a a at t t ti i i io o o on n n n To display the Security Options screen from the Main Menu select System Configuration Security then Security Options If you select Advanced S...

Page 203: ...r is not contacted Only if the primary RADIUS server fails to respond at all is the alternate RADIUS server contacted Therefore do not attempt to select any of the RADIUS options unless you have a RADIUS server correctly configured for this purpose If you attempt to use RADIUS authentication without a RADIUS server you will lose your configuration access to the router The Advanced Security Options...

Page 204: ...e either an IP address or an arbitrary string to be used as the identifier in the router s outgoing Access Request packets The RADIUS identifier is limited to 63 characters RADIUS Server Authentication Port specifies the UDP destination port to which the router s RADIUS authentication requests will be sent The default value is 1812 the official IANA assigned UDP port number for the RADIUS authenti...

Page 205: ...en RADIUS or RADIUS then Local causes the router to present the following warning alert Security Options You are about to delete the only local password If you continue you will be unable to configure this device unless a Radius Server is available to authenticate you CONTINUE CANCEL Show Users Add User Delete User Netopia URG tonyf Advanced Security Optio Password for This Scree ...

Page 206: ...13 34 Administration Guide ...

Page 207: ...s Quick View Status Overview on page 14 1 Statistics Logs on page 14 4 Event Histories on page 14 4 Voice Logs on page 14 7 IP Routing Table on page 14 9 Served IP Addresses on page 14 10 General Statistics on page 14 11 System Information on page 14 13 SNMP on page 14 13 Quick View Status Overview You can get a useful overall status report from the Netopia 4752 in the Quick View screen To go to t...

Page 208: ... as your primary default gateway it is shown here Secondary DNS Server If you are using the router s defaults DHCP and NAT this value will be 0 0 0 0 If you have assigned an IP address as a secondary gateway it is shown here Domain Name The domain name you have assigned typically the name of your ISP MAC Address The Netopia 4752 s hardware address for those interfaces that support DHCP IP Address ...

Page 209: ...ss in use for this connection or the caller identification if available Status lights This section shows the current real time status of the Netopia 4752 s status lights LEDs It is useful for remotely monitoring the router s status The Quick View screen s arrangement of LEDs corresponds to the physical arrangement of LEDs on the router Each LED representation can report one of four states The LED ...

Page 210: ... You can view two different event histories one for the router s system and one for the WAN The Netopia 4752 s built in battery backup prevents loss of event history from a shutdown or reset The router s event histories are structured to display the most recent events first and to make it easy to distinguish error messages from informational messages Error messages are prefixed with an asterisk Bo...

Page 211: ...ry select the event and then press Return A dialog box containing more information about the selected event will appear Press Return or Escape to dismiss the dialog box To clear the event history select Clear History at the bottom of the history screen and press Return WAN Event History Current Date 12 3 98 03 02 23 PM Date Time Event SCROLL UP 07 03 98 13 59 06 DSL IP up channel 1 gateway 173 166...

Page 212: ...list and press Return To obtain more information about any event listed in the Device Event History select the event and then press Return A dialog box containing more information about the selected event appears Press Return or Escape to dismiss the dialog box To clear the Device Event History select Clear History and press Return Device Event History Current Date 1 18 01 10 34 14 AM Date Time Ev...

Page 213: ... Escape to dismiss the dialog box To clear the Voice Log select Clear History and press Return Voice Accounting Log The Voice Accounting Log screen lists a total of 128 voice related events giving the time and date for each event as well as a brief description The most recent events appear at the top In the Statistics Logs screen select Voice Accounting Log The Voice Accounting Log screen appears ...

Page 214: ...listed in the Voice Accounting Log select the event and then press Return A dialog box containing more information about the selected event appears Press Return or Escape to dismiss the dialog box To clear the Voice Accounting Log select Clear History and press Return Voice Accounting Log Current Date 1 5 01 01 46 27 PM Date Time Event SCROLL UP 1 5 01 05 29 08 Out 231 to 333 Duration 00 00 14 1 5...

Page 215: ...istics Logs WAN Event History Device Event History Voice Log Voice Accounting Log Voice Error Log IP Routing Table Served IP Addresses General Statistics System Information IP Routing Table Network Address Subnet Mask via Router Port Type SCROLL UP 0 0 0 0 255 0 0 0 0 0 0 0 Other 127 0 0 1 255 255 255 255 127 0 0 1 Loopback Local 192 168 1 0 255 255 255 240 192 168 1 1 Ethernet Local 192 168 1 1 2...

Page 216: ...e IP Address Lease Management screen appears Served IP Addresses IP Address Type Expires Client Identifier SCROLL UP 192 168 1 100 DHCP 00 36 EN 00 00 c5 4a 1f ea 192 168 1 101 DHCP 00 58 EN 08 00 07 16 0c 85 192 168 1 102 192 168 1 103 192 168 1 104 192 168 1 105 192 168 1 106 192 168 1 107 192 168 1 108 192 168 1 109 192 168 1 110 192 168 1 111 192 168 1 112 192 168 1 113 SCROLL DOWN Lease Manag...

Page 217: ...tistics screen select General Statistics and press Return The General Statistics screen appears The General Statistics screen displays information about data traffic on the Netopia 4752 s data ports This information is useful for monitoring and troubleshooting your LAN Note that the counters roll over at their maximum field width that is they restart again at 0 General Statistics Phys I F Rx Bytes...

Page 218: ... for the following protocols IP IP packets on the Ethernet The right side of the table lists the total number of occurrences of each of six types of communication statistics Rx Bytes The number of bytes received Tx Bytes The number of bytes transmitted Rx Packets The number of packets received Tx Pkts The number of packets transmitted Rx Err The number of bad Ethernet packets received Tx Err The n...

Page 219: ...gent allowing monitoring and configuration of many of the data routing features by a standard SNMP manager The Netopia 4752 supports the following management information base MIB documents MIB II RFC 1213 Interface MIB RFC 1229 Ethernet MIB RFC 1643 Netopia MIB These MIBs are on the Netopia 4752 CD included with the Netopia 4752 Load these MIBs into your SNMP management software in the order they ...

Page 220: ...y in the MIB II system group Although optional the information you enter in these items can help a system administrator manage the network more efficiently Community strings The Read Only Community String and the Read Write Community String are like passwords that must be used by an SNMP manager querying or configuring the Netopia 4752 An SNMP manager using the Read Only Community String can exami...

Page 221: ...operations and Set Requests are still allowed using the non empty Read Write community string Even if you decide not to use SNMP you should change the community strings This prevents unauthorized access to the Netopia 4752 through SNMP For more information on security issues see Suggested Security Measures on page 13 1 SNMP traps An SNMP trap is an informational message sent from an SNMP agent in ...

Page 222: ...eceivers screen Modifying IP trap receivers 1 To edit an IP trap receiver select Display Change IP Trap Receiver in the IP Trap Receivers screen 2 Select an IP trap receiver from the table and press Return 3 In the Change IP Trap Receiver screen edit the information as needed and press Return Deleting IP trap receivers 1 To delete an IP trap receiver select Delete IP Trap Receiver in the IP Trap R...

Page 223: ...Console Session on page 15 6 Factory Defaults on page 15 6 Transferring Configuration and Firmware Files with TFTP on page 15 7 Transferring Configuration and Firmware Files with XMODEM on page 15 10 Restarting the System on page 15 12 Note These utilities and tests are accessible only through the console based management screens See Chapter 6 Console Based Management for information on accessing ...

Page 224: ...5 3 Select Data Size to change the default setting This is the size in bytes of each Ping packet sent The default setting is adequate in most cases but you can change it to any value from 0 only header data to 1664 4 Select Delay seconds to change the default setting The delay in seconds determines the time between Ping packets sent The default setting is adequate in most cases but you can change ...

Page 225: ...e Message Description Resolving host name Finding the IP address for the domain name style address Can t resolve host name IP address can t be found for the domain name style address Pinging Ping test is in progress Complete Ping test was completed Cancelled by user Ping test was cancelled manually Destination unreachable from w x y z Ping test was able to reach the router with IP address w x y z ...

Page 226: ...e dropped and a destination unreachable notification is returned to the sender see the table on the previous page This ensures that no infinite routing loops occur The TTL value can be set and retrieved using the SNMP MIB II ip group s ipDefaultTTL object Trace Route You can count the number of routers between your Netopia Router and a given destination with the Trace Route utility In the Statisti...

Page 227: ...et client select Telnet from the Utilities Diagnostics menu The Telnet client screen appears Enter the host name or the IP address in dotted decimal format of the machine you want to Telnet into and press Return Either accept the default control character Q used to suspend the Telnet session or type a different one START A TELNET SESSION becomes highlighted Press Return and the Telnet session will...

Page 228: ...ess Return The Netopia 4752 will reboot and its settings will return to the factory defaults deleting your configurations In an emergency you can also use the Reset switch to return the router to its factory default settings Call Netopia Technical Support for instructions on using the Reset switch Note Reset to factory defaults with caution You will need to reconfigure all of your settings in the ...

Page 229: ...y your organization s network administrator The Netopia 4752 SDSL Integrated Access Device ships with an embedded operating system referred to as firmware The firmware governs how the device communicates with your network and the WAN or remote site Firmware updates are periodically posted on the Netopia website To update either the device s firmware follow these steps Select TFTP Server Name and e...

Page 230: ... item will change from Idle to Reading Firmware The TFTP Current Transfer Bytes item will reflect the number of bytes transferred Downloading configuration files The Netopia 4752 can be configured by downloading a configuration file using TFTP Once downloaded the file reconfigures all of the router s parameters as if someone had manually done so through the console port To download a configuration...

Page 231: ...rs or just for creating configuration backup files Uploading a file can also be useful for troubleshooting purposes The uploaded configuration file can be tested on a different Netopia 4752 unit by Netopia or your network administrator To upload a configuration file follow these steps 1 Select TFTP Server Name and enter the server name or IP address of the TFTP server you will use The server name ...

Page 232: ...activity on the device or the attached computer This includes WAN traffic such as a DSL connection or screen savers or other automatic programs running on the attached computer Such activity can slow down or interrupt the file transfer requiring you to rerun the upgrade Updating firmware Firmware updates may be available periodically from Netopia or from a site maintained by your organization s ne...

Page 233: ...ownloading a configuration file The downloaded file reconfigures all of the Router s parameters Configuration files are available from a site maintained by your organization s network administrator or from your local site see Uploading configuration files below Follow these steps to download a configuration file 1 Make sure you have the configuration file on disk and know the path to its location ...

Page 234: ...using the console or the WAN interface To upload a configuration file 1 Decide on a name for the file and a path for saving it 2 Select Receive Config from Netopia and press Return The following dialog box appears 3 Select CANCEL to exit without uploading the file or select CONTINUE to upload the file If you choose CONTINUE you will have ten seconds to use your terminal emulation software to initi...

Page 235: ...P P P Pa a a ar r r rt t t t I I I II I I II I I I A A A Ap p p pp p p pe e e en n n nd d d di i i ix x x xe e e es s s s ...

Page 236: ...Administration Guide ...

Page 237: ...uration process review the following suggestions before calling for technical support There are five zones to consider when troubleshooting initial configuration 1 The computer s connection to the Netopia 4752 2 The Netopia 4752 s connection to the telecommunication line s 3 The telecommunication line s connection to your ISP 4 The ISP s connection to the Internet 5 The Netopia 4752 s connection t...

Page 238: ...he default values are 9600 N 8 and 1 Characters are missing from some of the configuration screens Try changing the Netopia 4752 s default speed of 9600 bps and setting your terminal emulation software to match the new speed Network problems Problems communicating with remote IP hosts Verify the accuracy of the default gateway s IP address entered in the IP Setup or Easy Setup screen Use the Netop...

Page 239: ...r clip size Reset Switch slot 3 Carefully insert the larger end of a standard size paper clip until you contact the internal Reset Switch No need to unwind the paper clip 4 Press this switch 5 This will reset the unit to factory defaults and you will now be able to reprogram the Netopia 4752 Power Outages If you suspect that power was restored after a power outage and the Netopia 4752 is connected...

Page 240: ... number Serial number Firmware version What kind of local network s do you have with how many devices Ethernet TCP IP Other What kind of telephone s and or fax machine s or other devices do you have and how many each How to reach us We can help you with your problem more effectively if you have completed the environment profile in the previous section If you contact us by telephone please be ready...

Page 241: ...etopia World Wide Web server via http www netopia com Internet via anonymous FTP to ftp netopia com pub FAX Back This service provides technical notes that answer the most commonly asked questions and offers solutions for many common problems encountered with Netopia products FAX Back 1 510 814 5040 ...

Page 242: ...A 6 Administration Guide ...

Page 243: ...n both directions Asymmetric DSL Service is better suited for individual consumers who generally require more speed in the download stream web surfing with little data going in the other direction Netopia s SDSL router has fewer implementation issues than ADSL routers It uses 2B1Q line encoding same as T1 or ISDN and this doesn t produce the same noise and interference as ADSL which uses DMT or CA...

Page 244: ...rtable with SDSL since it uses the same technology as its predecessor and ISDN The line coding employed by both HDSL and ISDN has not caused any interference with existing services like T1 This means service providers deploy SDSL solutions without worry about impact on other services in neighboring binder groups ...

Page 245: ...s the term IP in a very general and inclusive way to identify all of the following Networks that use the Internet Protocol along with accompanying protocols such as TCP UDP and ICMP Packets that include an IP header within their structure Devices that send IP packets About IP Addressing Every networking protocol uses some form of addressing in order to ensure that packets are delivered correctly I...

Page 246: ...e organizations that have very large numbers of IP hosts while smaller organizations with fewer hosts get Class B or Class C addresses You can tell the various classes apart by the value of the first or high order byte Class A networks use values from 1 to 127 Class B networks use values from 128 to 191 and Class C networks use values from 192 to 223 The following table summarizes some of the diff...

Page 247: ... determine this information simply from an IP address Subnet mask information is configured as part of the process of setting up IP routers and gateways such as the Netopia 4752 Note If you receive a routed account from an ISP there must be a mask associated with your network IP address By using the IP address with the mask you can discover exactly how many IP host addresses you actually have To c...

Page 248: ...255 128 mask 192 168 1 2 via router Usable IP Addresses available to Customer Site A 192 168 1 1 192 168 1 126 Netopia 4752 A IP Address 192 168 1 2 Subnet Mask 255 255 255 128 Remote IP 192 168 1 129 Remote Sub 255 255 255 128 Gateway 192 168 1 1 Usable IP Addresses avail able to Customer Site A 192 168 1 1 192 168 1 126 PC 1 IP Address 192 168 1 3 Subnet Mask 255 255 255 128 Gateway 192 168 1 1 ...

Page 249: ...ble to access Customer Site A but not the Internet If it is not possible to define a static route on Router B RIP could be enabled to serve the same purpose To use RIP instead of a static route enable Transmit RIP on Netopia 4752 A and Transmit and Receive RIP on Router B This will allow the route from Customer Site B to propagate on Router B and Customer Site A Example Working with a Class C subn...

Page 250: ...pful in determining dynamic address allocation for a network The term lease describes the action of a workstation requesting and using an IP address The address is dynamic and can be returned to the address pool at a later time The term renew refers to what the workstations do to keep their leased IP address At certain intervals the workstation talks to the DHCP or MacIP server and renews the leas...

Page 251: ... requests and renews its lease every half hour The Mac workstation relinquishes its address upon shutdown in all but one case If the TCP IP control panel is set to initialize at startup and no IP services are used or the TCP IP control panel is not opened the DHCP address will NOT be relinquished upon shutdown However if the TCP IP control panel is opened or if an IP application is used the Mac WI...

Page 252: ... why manually distributed addresses are called static addresses Static addresses are useful in cases when you want to make sure that a host on your network cannot have its address taken away by the address server Appropriate candidates for a static address include a network administrator s computer a computer dedicated to communicating with the Internet and routers Using address serving The Netopi...

Page 253: ...e s IP Setup screen This method requires a static value to be used Thus any user dialing in can obtain the same IP address for every connection to the profile If you want to serve addresses statically define the address in the Connection Profile Notes The addresses that are to be served cannot be used elsewhere For example you wouldn t want to define a static address in a Connection Profile to be ...

Page 254: ...ss 199 1 1 32 is reserved as the network address Address 199 1 1 47 is reserved as the broadcast address This leaves 14 addresses to allocate from 199 1 1 33 through 199 1 1 46 If you want to allocate a sub block of 10 addresses using DHCP enter 10 in the DHCP Setup screen s Number of Addresses to Allocate item Then in the same screen s First Address item enter the first address in the sub block t...

Page 255: ...etwork address can be used on your main network while portions of it can be subnetted to the two remaining networks Note The IP address a b c 0 has letters in place of the first three numbers to generalize it for this example The figure shows a possible network configuration following this scheme The main network is set up with the Class C address a b c 0 and contains Router A which could be a Net...

Page 256: ...ion IP address The Netopia 4752 compares the packet s destination IP address with the routes in its IP routing table It begins with the route at the bottom of the list and works up until there s a match or the route to the default gateway is reached When a b c 249 is masked by the first route s subnet mask it yields a b c 248 which matches the network address in the route The Netopia 4752 uses the...

Page 257: ...ckets as well as to packets addressed to their specific individual host addresses Depending on the age and type of IP equipment you use broadcasts will be addressed using either all zeros or all ones but not both If your network requires zeros broadcasting you must configure this through SNMP Packet header types As previously mentioned IP works with other protocols to allow communication over IP n...

Page 258: ...C 14 Administration Guide ...

Page 259: ...0 104 1101000 9 1001 41 101001 73 1001001 105 1101001 10 1010 42 101010 74 1001010 106 1101010 11 1011 43 101011 75 1001011 107 1101011 12 1100 44 101100 76 1001100 108 1101100 13 1101 45 101101 77 1001101 109 1101101 14 1110 46 101110 78 1001110 110 1101110 15 1111 47 101111 79 1001111 111 1101111 16 10000 48 110000 80 1010000 112 1110000 17 10001 49 110001 81 1010001 113 1110001 18 10010 50 1100...

Page 260: ... 173 10101101 205 11001101 237 11101101 142 10001110 174 10101110 206 11001110 238 11101110 143 10001111 175 10101111 207 11001111 239 11101111 144 10010000 176 10110000 208 11010000 240 11110000 145 10010001 177 10110001 209 11010001 241 11110001 146 10010010 178 10110010 210 11010010 242 11110010 147 10010011 179 10110011 211 11010011 243 11110011 148 10010100 180 10110100 212 11010100 244 11110...

Page 261: ...ring Great Circle Associates Mountain View CA Chapman D Brent and Elizabeth D Zwicky Building Internet Firewalls O Reilly Associates Sebastopol CA 1995 Dense and technical but Chapter 6 provides a basic introduction to packet filtering Clark W SNA Internetworking ConneXions The Interoperability Report Vol 6 No 3 March 1992 Comer D E Internetworking with TCP IP Principles Protocols and Architecture...

Page 262: ... San Mateo CA 1992 Miller M A LAN Protocol Handbook M T Books San Mateo CA 1990 Miller M A LAN Troubleshooting Handbook M T Books San Mateo CA 1989 Perlman R Interconnections Bridges and Routers Addison Wesley Publishing Company Reading MA 1992 Rose M T The Open Book A Practical Perspective on OSI Prentice Hall Englewood Cliffs NJ 1990 Rose M T The Simple Book An Introduction to Management of TCP ...

Page 263: ...rks 2nd ed Prentice Hall Englewood Cliffs NJ 1988 Terplan K Communication Networks Management Prentice Hall Englewood Cliffs NJ 1992 Tsuchiya P Components of OSI IS IS Intra Domain Routing ConneXions The Interoperability Report Vol 3 No 8 August 1989 Tsuchiya P Components of OSI Routing An Overview ConneXions The Interoperability Report Vol 3 No 8 August 1989 Zimmerman H OSI Reference Model The IS...

Page 264: ...E 4 Administration Guide ...

Page 265: ...ions a 10 100Base T Ethernet port for your LAN connection 8 telephone extension jacks and a DB 9 Console port Power requirements 12 VDC input 1 5 amps Environment Operating temperature 0 to 40 C Storage temperature 0 to 70 C Relative storage humidity 20 to 80 noncondensing Software and protocols Software media Software preloaded on internal flash memory field upgrades done via download to internal...

Page 266: ...erence when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to corre...

Page 267: ...The equipment must also be installed using an acceptable method of connection In some cases the company s inside wiring associated with a single line individual service may be extended by means of a certified connector assembly telephone extension cord The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations Repairs to the cer...

Page 268: ...ne equipment basic safety precautions should always be followed to reduce the risk of fire electric shock and injury to persons including the following 1 Do not use this product near water for example near a bathtub wash bowl kitchen sink or laundry tub in a wet basement or near a swimming pool 2 Avoid using a telephone other than a cordless type during an electrical storm There may be a remote ri...

Page 269: ...e management screens CLI also SNMP Data features Routing Network Protocols IP routing Dynamic Host Configuration Protocol DHCP Server RFC 2131 Client RFC 2131 and Relay Agent RFC 1542 NAT NAPT Network Address and Network Address Port Translation RFC 1631 Port Translation allows mail Web PPTP IPsec and other servers on the LAN to be accessible from the Internet MultiNAT Sophisticated NAT extension ...

Page 270: ...et IP Addressing Dynamic Host Configuration Protocol DHCP and BootP servers Supports up to 8 different pools of IP addresses one per subnet with a maximum of 512 addresses WAN IP Interface Numbered or Unnumbered Interface Quality of service TOS Bit Type of Service or application based queuing Frame Relay FRF 12 support ATM UBR support Management Auto SpeedSet with some DSLAMs Automatically hunts t...

Page 271: ...des dial tone for outside calling to any connected extension CallerID support with connected CallerID equipment delivers name and telephone number during call waiting Selective Compression Each port configurable for either 64 Kbps PCM or 32 Kbps ADPCM Voice quality G 168 echo cancellation 16 millisecond fixed tail length Crosstalk of no more than 40 db Time slips corrected on hold times of up to 1...

Page 272: ...F 8 Administration Guide Speed Dialing by dialing a feature code Three Way Calling Custom Ringing Distinctive Ringing ...

Page 273: ...se when describing modem data transfer speeds bps See bits per second branch A length of cable in a star network that goes from the center of the star to a wall jack broadcast A network transaction that sends data to all hosts connected to the network burstiness Data that uses bandwidth only sporadically that is information that does not use the total bandwidth of a circuit 100 percent of the time...

Page 274: ...P IP protocol for discovering and maintaining network resource information distributed among different servers download The process of transferring a file from a server to a client DTE Data Terminal Equipment Term defined by standards committees that applies to communications equipment typically personal computers or data terminals as distinct from other devices that attach to the network typicall...

Page 275: ...ow much of the address is network number and how much is host address See also Class A B and C networks Internet Protocol IP address A network address that uniquely identifies a device on an IP network This type of address consists of 4 bytes represented as decimal values separated by periods e g 192 168 2 143 All IP addresses of the form 192 168 1 xxx are private IP addresses IP Internet Protocol...

Page 276: ...ocol A method for ensuring secure network access Password Authentication Protocol PAP A form of PPP authentication that requires an exchange of user names and clear text passwords between two devices PAP passwords are sent unencrypted parameter A numerical code that controls an aspect of terminal and or network operation Parameters control such aspects as page size data transmission speed and timi...

Page 277: ...n each bit written as 1 corresponds to 1 bit of network address information One subnet mask applies to all IP devices on an individual IP network Symmetric Digital Subscriber Line SDSL A digital communication medium that operates over existing analog telephone lines provided by the telephone company SDSL will allow you to connect to the Internet at a minimum of 128Kbps bi directional up to 2 320 M...

Page 278: ... a country or even the world WAN IP In addition to being a router the Netopia ISDN Router is also an IP address server There are four protocols it can use to distribute IP addresses over the WAN which include DHCP BootP IPCP and MacIP WAN IP is a feature for both the Small Office and Corporate Netopia ISDN Router models wiring closet A central location where a building s telephone and network wiri...

Page 279: ...he console 9 20 connecting to an Ethernet network 5 3 connecting to the configuration screens 9 17 connection profiles defined 7 9 console configuring 9 20 connection problems A 2 screens connecting to 9 17 console configuration 9 21 console based management configuring with 6 1 7 1 9 1 D D port 13 9 Data Encryption Standard DES 12 12 date and time setting 9 19 deciding on an ISP account 2 2 defau...

Page 280: ...ed 13 4 deleting 13 15 disadvantages of 13 10 input 13 13 modifying 13 15 output 13 13 using 13 11 viewing 13 15 firewall 13 16 firmware files updating with TFTP 15 7 updating with XMODEM 15 10 FTP sessions 13 19 further reading E 1 G general statistics 14 11 Glossary 1 H how to reach us A 4 I input filter 3 13 17 input filters 1 and 2 13 17 input filters 4 and 5 13 17 Internet addresses see IP ad...

Page 281: ...ics 15 1 Network Address Translation 10 3 see NAT 10 1 network problems A 2 network status overview 14 1 O Operation Mode 9 3 output filter 1 13 17 P packet header C 13 password to protect security screen 13 2 user accounts 13 1 PAT Port Address Translation 11 2 permanent virtual circuit 9 5 ping 15 2 ping test configuring and initiating 15 2 port number comparisons 13 7 port numbers 13 6 PPTP 12 ...

Page 282: ...sfer Protocol see TFTP troubleshooting A 1 configuration PC A 1 console based management 7 2 event histories 14 4 WAN statistics 14 11 trusted host 13 18 trusted subnet 13 18 tunnel options ATMP 12 20 PPTP 12 3 tunneling 12 2 U updating firmware with TFTP 15 7 with XMODEM 15 10 updating Netopia s firmware 15 7 uploading configuration files 15 9 with TFTP 15 9 with XMODEM 15 12 user accounts 13 1 u...

Page 283: ... OF MER CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE REGARDING THE ENCLOSED PRODUCT EXCEPT AS OTHERWISE EXPRESSLY PROVIDED ABOVE NETOPIA AND ITS LICENSOR S DO NOT WARRANT GUARANTEE OR MAKE ANY REPRESENTATION REGARDING THE USE OR THE RESULTS OF THE USE OF THE PRODUCT IN TERMS OF ITS CORRECTNESS ACCURACY RELIABILITY CURRENTNESS OR OTHERWISE THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF T...

Page 284: ...2 Administration Guide ...

Reviews: