Netopia 4753 Administration Manual Download Page 61 | Manualshive

Page: 61 / 282

background image

WAN and System Configuration 9-3

need to change it unless your provider specifically tells you to do so.

■

Select

Data Link Encapsulation

and from the pop-up menu choose your DLE.

■

If you selected RFC1483, the next pop-up menu

RFC1483 Mode

offers the choice of Bridged 1483 or

Routed 1483. If you select Bridged 1483, a new option

PPP over Ethernet (PPPoE)

appears. You can

then toggle PPPoE On or Off. Choosing Routed 1483 hides the PPPoE option.

■

If you selected PPP, the next pop-up menu

PPP Mode

offers the choice of VC Multiplexed or LLC SNAP.

■

If you selected ATM WAN DSL Mode, the next three fields,

Display/Change Circuit

,

Data Circuit VPI

, and

Data Circuit VCI

are editable. Other wise they do not appear. Enter the Vir tual Path Identifier and Vir tual

Channel Identifier values that your provider specifies. For more information on VPIs and VCIs, see

“Multiple

ATM Permanent Vir tual Circuit Suppor t”

below.

M

M

M

Mu

u

u

ullllttttiiiip

p

p

pllllee

e

e A

A

A

ATT

T

TM

M

M

M P

P

P

Pee

e

errrrm

m

m

maa

a

an

n

n

nee

e

en

n

n

ntttt V

V

V

Viiiirrrrttttu

u

u

uaa

a

allll C

C

C

Ciiiirrrrccccu

u

u

uiiiitttt S

S

S

Su

u

u

up

p

p

pp

p

p

po

o

o

orrrrtttt

The Netopia 4753 suppor ts up to eight permanent vir tual circuits.

M

M

M

Mu

u

u

ullllttttiiiip

p

p

pllllee

e

e A

A

A

ATT

T

TM

M

M

M P

P

P

PV

V

V

VC

C

C

C o

o

o

ovvv

vee

e

errrrvvv

viiiiee

e

ew

w

w

w

On cell-based DSL WAN inter faces, the ATM connection between the device and the central office equipment
(DSLAM) is divided logically into one or more vir tual circuits (VCs). A vir tual circuit may be either a permanent
vir tual circuit (PVC) or a switched vir tual circuit (SVC). Netopia devices suppor t PVCs.

VCs are identified by a Vir tual Path Identifier (VPI) and Vir tual Channel Identifier (VCI). A VPI is an 8-bit value
between 0 and 255, inclusive, while a VCI is a 16-bit value between 0 and 65535, inclusive.

■

Circuits now suppor t attributes in addition to their VPI and VCI values. When configuring a circuit, you can
specify an optional circuit name of up to 14 characters. The circuit name is used only to identify the circuit
for management purposes as a convenience to aid in selecting circuits from lists. The default circuit name
is “Circuit <n>”, where <n> is some number between one and eight corresponding to the circuit’s position
in the list of up to eight circuits.

■

You can also individually enable or disable a circuit without deleting it. This is useful for temporarily
removing a circuit without losing the configured attributes.

■

In order to function, each circuit must be bound to a Connection Profile or to the Default Profile. Among
other attributes, the profile binding specifies the IP addressing information for use on the circuit. Each
circuit must be bound to a distinct Connection Profile. You cannot bind multiple circuits to the same
Connection Profile.

«
...
59
60
61
62
63
...
»

Summary of Contents for 4753

Page 1: ...Netopia 4753 G SHDSL Integrated Access Device Administration Guide ...

Page 2: ...hts reserved Under the copyright laws such materials may not be copied in whole or part without the prior written consent of Netopia Inc Under the law copying includes translation to another language or format Netopia Inc 2470 Mariner Square Loop Alameda CA 94501 1010 U S A Part Number For additional copies of this electronic manual order Netopia part number 6161091 PF 01 ...

Page 3: ...ing Information from the ISP 2 3 Local LAN IP address information to obtain 2 3 Chapter 3 Making the Physical Connections 3 1 Find a Location 3 1 What You Need 3 2 Important Safety instructions 3 3 Identify the Connectors and Attach the Cables 3 4 Netopia 4753 Status Lights 3 5 Chapter 4 Sharing the Connection 4 1 Configuring TCP IP on Windows based Computers 4 2 Dynamic configuration recommended ...

Page 4: ...1 Accessing the Easy Setup console screens 7 1 Quick Easy Setup Connection Path 7 3 DSL Line Configuration 7 5 Voice Easy Setup 7 6 Easy Setup Profile 7 7 IP Easy Setup 7 8 Easy Setup Security Configuration 7 9 Chapter 8 Voice Configuration 8 1 Introduction 8 1 Explanation of terms 8 1 Configuring the Voice Features 8 2 Part II Advanced Configuration Chapter 9 WAN and System Configuration 9 1 WAN ...

Page 5: ...te and time Network Time Protocol 9 17 Console configuration 9 19 SNMP Simple Network Management Protocol 9 20 Security 9 20 Upgrade feature set 9 20 Logging 9 20 Installing the Syslog client 9 21 Chapter 10 IP Setup 10 1 IP Setup 10 2 IP subnets 10 4 Static routes 10 6 IP Address Serving 10 10 IP Address Pools 10 13 DHCP NetBIOS Options 10 15 More Address Serving Options 10 17 Configuring the IP ...

Page 6: ... WAN Default Profile 11 25 NAT Associations 11 27 MultiNAT Configuration Example 11 29 Chapter 12 Virtual Private Networks VPNs 12 1 Overview 12 1 About PPTP Tunnels 12 3 PPTP configuration 12 4 About IPsec Tunnels 12 7 Configuration 12 7 IP Profile Parameters 12 10 Advanced IP Profile Options 12 11 Interoperation with other features 12 12 Encryption Support 12 12 ATMP PPTP Default Answer Profile ...

Page 7: ...rking with IP Filters and Filter Sets 13 11 Adding a filter set 13 12 Viewing filter sets 13 15 Modifying filter sets 13 16 Deleting a filter set 13 16 A sample IP filter set 13 16 Firewall Tutorial 13 19 General firewall terms 13 19 Basic IP packet components 13 20 Basic protocol types 13 20 Firewall design rules 13 21 Filter basics 13 23 Example filters 13 24 LAN IP Filtersets 13 27 RADIUS Clien...

Page 8: ... Setup screen 14 14 SNMP traps 14 15 Chapter 15 Utilities and Diagnostics 15 1 Ping 15 2 Trace Route 15 4 Telnet Client 15 5 Disconnect Telnet Console Session 15 6 Factory Defaults 15 6 Transferring Configuration and Firmware Files with TFTP 15 7 Updating firmware 15 7 Downloading configuration files 15 8 Uploading configuration files 15 9 Transferring Configuration and Firmware Files with XMODEM ...

Page 9: ... Example Using subnets on a Class C IP internet B 3 Example Working with a Class C subnet B 5 Distributing IP Addresses B 5 Technical note on subnet masking B 6 Configuration B 7 Manually distributing IP addresses B 8 Using address serving B 8 Tips and rules for distributing IP addresses B 9 Nested IP Subnets B 11 Broadcasts B 13 Packet header types B 13 Appendix C Binary Conversion Table C 1 Appe...

Page 10: ...2 Regulatory notices E 2 Important Safety instructions E 4 Netopia 4753 Specifications E 5 Physical interface E 5 Data features E 5 Hardware specifications E 7 Voice features E 7 Glossary 1 Index 1 Limited Warranty and Limitation of Remedies 1 ...

Page 11: ...P P P Pa a a ar r r rt t t t I I I I G G G Ge e e et t t tt t t ti i i in n n ng g g g S S S St t t ta a a ar r r rt t t te e e ed d d d ...

Page 12: ...Administration Guide ...

Page 13: ...echnically Centrex is a subset of PBX PBX users share a certain number of outside lines for making telephone calls external to the PBX Most medium sized and larger companies use a PBX because it s much less expensive than connecting an external telephone line to every telephone in the organization In addition it s easier to call someone within a PBX because the number you need to dial is typically...

Page 14: ...eatures include G SHDSL WAN Interface interoperable with major ATM and Frame Relay based DSL equipment A 10 100 Ethernet LAN Port Eight analog telephone ports local extensions One DB 9 serial console port Front panel status lights Setup and configuration management via console menu H H H Ho o o ow w w w t t t to o o o U U U Us s s se e e e T T T Th h h hi i i is s s s G G G Gu u u ui i i id d d de...

Page 15: ...l not have to dial into the Internet G SHDSL uses more of the bandwidth on copper phone lines than what is currently used for plain old telephone service POTS By using frequencies between 26 kHz and 1MHz G SHDSL can encode more data to achieve higher data rates than would otherwise be possible in the restricted frequency range of a POTS network up to 4 kHz In order to use the frequencies above the...

Page 16: ... CLEC that also supports voice services Use an ISP that provides Internet access through a G SHDSL Digital Subscriber Line and that supports the Netopia 4753 G SHDSL Integrated Access Device If you would like to use an ISP that you already have a relationship with but that is not familiar with the Netopia 4753 call us at 1 800 NETOPIA Our representative can call your ISP and introduce them to the ...

Page 17: ...rk Address Translation provides Internet access to the network connected to the Netopia 4753 using only a single IP address These routers translate between the internal or local area network LAN addresses and a single external IP address and route accordingly For more information on Network Address Translation see Chapter 11 Multiple Network Address Translation Obtaining Information from the ISP A...

Page 18: ... the router Without Network Address Translation If you are not using Network Address Translation you will need to obtain all of the local LAN IP address information from your ISP If you are not using SmartIP NAT you should obtain The number of Ethernet IP host addresses available with your account and the first usable IP host address in the address block The Ethernet IP address for your Netopia 47...

Page 19: ...ecting your Netopia 4753 be sure to read the important safety information contained in Appendix E Technical Specifications and Safety Information When choosing a location for the Netopia Router consider Available space and ease of installation Physical layout of the building and how to best use the physical space available for connecting your Netopia Router to the LAN Available wiring and jacks Di...

Page 20: ...etopia CD containing Adobe Acrobat Reader for Windows and Macintosh ZTerm terminal emulator software for Classic MacOS and MacOSX and NCSA Telnet for Macintosh and documentation You will need A Windows 95 or 98 based PC or a Macintosh computer with Ethernet connectivity for configuring the Netopia 4753 This may be built in Ethernet or an add on card with TCP IP installed and configured See Sharing...

Page 21: ...rated 12Vdc 1 5A CAUTION Europe Only For use only with a GS approved Limited Power Source rated 12Vdc 1 5A TELECOMMUNICATION INSTALLATION CAUTIONS When using your telephone equipment basic safety precautions should always be followed to reduce the risk of fire electric shock and injury to persons including the following 1 Do not use this product near water for example near a bathtub wash bowl kitc...

Page 22: ...r and the DSL wall outlet Port Description Telephone extension ports Eight RJ 11 telephone jacks for connecting your phone extensions DSL port An RJ 45 10Base T style jack labeled DSL for your DSL connection Ethernet port An RJ 45 10 100Base T Ethernet jack You will use this to configure the Netopia 4753 For a new installation use the Ethernet connection Alternatively you can use the console conne...

Page 23: ... is red The Ethernet interface is operational 3 is green The Ethernet interface is disabled 3 is dark The DSL WAN interface is inactive 4 is dark The DSL WAN interface is training 4 flashes green Initially the LED is dark then flashes green while attempting to establish connection to the DSLAM While exchanging connection information with the DSLAM the LED flashes slightly faster The DSL WAN interf...

Page 24: ...3 6 Administration Guide ...

Page 25: ...o o on n n n Once you have set up your physical local area network you will need to configure the TCP IP stack on each client workstation connected to your Netopia 4753 This chapter describes how to configure TCP IP for both Windows based and Macintosh computers This chapter explains the following topics Configuring TCP IP on Windows based Computers on page 4 2 Configuring TCP IP on Macintosh Comp...

Page 26: ...our network to accept IP addresses served by the Netopia 4753 1 Go to the Start Menu Settings Control Panels and double click the Network icon From the Network components list select the Configuration tab 2 Select TCP IP Your Network Card Then select Properties In the TCP IP Properties screen select the IP Address tab Click Obtain an IP Address automatically 3 Click on the DNS Configuration tab Cl...

Page 27: ...Network components list select the Configuration tab 2 Select TCP IP Your Network Card Then select Properties In the TCP IP Properties screen select the IP Address tab Click Specify an IP Address Enter the following IP Address 192 168 1 2 Subnet Mask 255 255 255 0 This address is an example of one that can be used to configure the router Your ISP or network administrator may ask you to use a diffe...

Page 28: ... Enter the following information Host Type the name you want to give to this computer Domain Type your domain name If you don t have a domain name type your ISP s domain name for example netopia com DNS Server Search Order Type the primary DNS IP address given to you by your ISP Click Add Repeat this process for the secondary DNS Domain Suffix Search Order Enter the same domain name you entered ab...

Page 29: ...uires that the optional AppleTalk kit be installed which can only be done after the router is configured You must have built in Ethernet or a third party Ethernet card and its associated drivers installed in your Macintosh Dynamic configuration recommended The Dynamic Host Configuration Protocol DHCP which enables dynamic addressing is enabled by default in the router To configure your Macintosh c...

Page 30: ...t mask 255 255 255 0 or for 12 user models 255 255 255 240 Router or Gateway address 192 168 1 1 Name server address Enter the primary and secondary name server addresses given to you by your ISP Implicit Search Path Starting domain name Enter your domain name if you do not have a domain name enter the domain name of your ISP If you are manually configuring for a fixed or static IP address perform...

Page 31: ...etwork with manual or static IP addresses Be sure each computer on your network has its own IP address More information about configuring your Macintosh computer for TCP IP connectivity through a Netopia 4753 can be found in Technote NIR_026 Open Transport and Netopia Routers located on the Netopia Web site ...

Page 32: ...4 8 Administration Guide ...

Page 33: ...r r r rk k k k This chapter describes how to physically connect the Netopia 4753 to your local area network LAN Before you proceed make sure the Netopia 4753 is properly configured You can customize the device s configuration for your particular LAN requirements using console based management see Console Based Management on page 6 1 This section covers the following topics Readying Computers on Yo...

Page 34: ...unicate using Internet protocols TCP IP stacks must be configured with some of the same information you used to configure the Netopia 4753 There are a number of TCP IP stacks available for PC computers Windows 95 includes a built in TCP IP stack See Configuring TCP IP on Windows based Computers on page 4 2 Macintosh computers use either MacTCP or Open Transport See Configuring TCP IP on Macintosh ...

Page 35: ... any one line should not exceed two 2 0 If too many devices are attached they many not ring properly The REN for telephone devices is usually listed on the product label or stamped or moulded into the body of the device Console Power 10 100 Ethernet DSL Telephone Extensions 1 2 3 4 5 7 8 6 Telephone Extension ports DSL Line port 10 100 Ethernet port Console port Power port 10 100Base T Hub Add com...

Page 36: ...5 4 Administration Guide ...

Page 37: ...management screens contain eight entry points to the Netopia 4753 configuration and monitoring features The entry points are displayed in the Main Menu shown below The Easy Setup menus display and permit changing the values contained in the default connection profile You can use Easy Setup to initially configure the router directly through a console session Easy Setup menus contain up to five desc...

Page 38: ...formation about your router your network and their history See Statistics Logs on page 14 4 for detailed information The Quick Menus screen is a shortcut entry point to 22 of the most commonly used configuration menus that are accessed through the other menu entry points The Quick View menu displays at a glance current real time operating information about your router See Quick View Status Overvie...

Page 39: ...inter port This connection lets you use the computer to configure and monitor the Netopia 4753 via the console screens Netopia 4753 back panel To connect the Netopia 4753 to your computer for serial console communication use a console cable appropriate to your platform A DB 9 connector end attaches to a PC A mini DIN8 or a USB connector end attaches to a Macintosh computer depending on your comput...

Page 40: ...gested Value Terminal type PC ANSI BBS Mac ANSI VT 100 or VT 200 Data bits 8 Parity None Stop bits 1 Speed 9600 bits per second can be set for up to 57600 Flow Control None Note The router firmware contains an autobaud detection feature If you are at any screen on the serial console you can change your baud rate and press Return HyperTerminal for the PC requires a disconnect The new baud rate is d...

Page 41: ...table items in a screen or pop up menu Up Down Left and Right Arrow Set a change to a selected item or open a pop up menu of options for a selected item like entering an upgrade key Return or Enter Change a toggle value Yes No On Off Tab Restore an entry or toggle value to its previous value Esc Move one item up Up arrow or Control K Move one item down Down arrow or Control O Display a dump of the...

Page 42: ...6 6 Administration Guide ...

Page 43: ...configuration access to your Netopia 4753 G SHDSL Integrated Access Device Accessing the Easy Setup console screens To access the console screens Telnet to the Netopia 4753 over your Ethernet network or physically connect with a serial console cable and access it with a terminal emulation program See Connecting through a Telnet Session on page 6 2 or Connecting a Console Cable to Your Device on pa...

Page 44: ...Console port your computer s serial port is not being used by another device such as an internal modem or an application Turn off all other programs other than your terminal emulation program that may be interfering with your access to the port You have entered the correct password if necessary Your Netopia 4753 s console access may be password protected from a previous configuration See your syst...

Page 45: ...Mode VC Multiplexed default or LLC SNAP RFC1483 Mode Bridged 1483 default or Routed 1483 PPP over Ethernet PPPoE for Bridged 1483 only Off default or On Data Circuit VPI Data Circuit VPI for ATM WAN DSL Mode only 0 255 8 is default 0 65535 35 is default Voice Easy Setup Screen Voice Gateway CopperCom JetStream TollBridge TDSoft or Zhone Voice VPI Voice VCI for any Voice Gateway other than TollBrid...

Page 46: ...m See Connecting a Console Cable to Your Device on page 6 3 The Main Menu appears Password or Secret n a IP Easy Setup Screen Ethernet IP Address Ethernet Subnet Mask 192 168 1 1 255 255 255 0 Domain Name n a Primary Domain Name Server n a Secondary Domain Name Server n a Default IP Gateway n a Easy Setup Security Configuration Screen Write Access Name n a Write Access Password n a Parameter Defau...

Page 47: ...ears You can then toggle PPPoE On or Off Choosing Routed 1483 hides the PPPoE option If you selected PPP the next pop up menu PPP Mode offers the choice of VC Multiplexed or LLC SNAP 5 The next two fields Data Circuit VPI and Data Circuit VCI are editable Enter the Virtual Path Identifier and Virtual Channel Identifier values that your provider specifies For more information on VPIs and VCIs see M...

Page 48: ...ce VCI fields are editable If you select Tollbridge the VPI and VCI fields do not appear Enter the Virtual Path Identifier and Virtual Channel Identifier values that your provider specifies For more information on VPIs and VCIs see Multiple ATM Permanent Virtual Circuit Support on page 9 3 3 Press the Down arrow key until you reach NEXT SCREEN Press Return to bring up the next screen Voice Easy Se...

Page 49: ...another specific address if you want to use static addressing In that case enter the local WAN address your ISP gave you Press Return 3 If you selected PPP data link encapsulation in the DSL Line Configuration screen a PPP Authentication menu item appears The authentication protocol and user name password combinations you enter must be assigned or agreed to in advance between you and your ISP Sele...

Page 50: ... connection profiles will ensure this restriction See Multiple Network Address Translation on page 11 1 of this guide for more information 2 Select Ethernet Subnet Mask and enter the subnet mask your ISP has given you The Ethernet Subnet Mask defaults to a standard class mask derived from the class of the Ethernet IP address you entered in the previous step 3 Press the Down arrow key until the edi...

Page 51: ...ddresses to your client workstations Normally you would accept the default On so that workstations on your LAN can use a single IP address assigned by your ISP to connect to the Internet 8 The IP address server will provide 100 IP addresses automatically to workstations on your LAN You only need to change the Number of Client IP Addresses if you have some other IP addressing scheme 9 By default th...

Page 52: ... The Router will restart and your configuration settings will be activated You can then Exit or Quit your Telnet application Easy Setup is now complete Easy Setup Security Configuration It is strongly suggested that you password protect configuration access to your Netopia By entering a Name and Password pair here access via serial Telnet and SNMP will be password protected Be sure to remember wha...

Page 53: ...ia 4753 supports up to eight telephone extensions and up to eight derived voice lines Like the rest of the 4700 series line the Netopia 4753 includes the Netopia data routing engine for any number of attached computers or other network devices connected to a single 10 100 Ethernet port Key features include Fax Modem Configurable Voice port for incoming fax or modem calls This is another term for e...

Page 54: ...l dial tone and proceed to program the phone w local speed dial options In addition taking the phone off hook and pressing speed dial numbers will cause the stored speed dial digits to be sent out This is independent of the previous mode C C C Co o o on n n nf f f fi i i ig g g gu u u ur r r ri i i in n n ng g g g t t t th h h he e e e V V V Vo o o oi i i ic c c ce e e e F F F Fe e e ea a a at t t...

Page 55: ... Ring Cadence 20 Hz Port Configuration Voice Coding mu law LES Profile Number Profile 9 Port Configuration Port 1 Echo Cancellation Enabled Yes Compression is G726 ADPCM 32K Port 2 Echo Cancellation Enabled Yes Compression is G726 ADPCM 32K Port 3 Echo Cancellation Enabled Yes Compression is G726 ADPCM 32K Port 4 Echo Cancellation Enabled Yes Compression is G726 ADPCM 32K Port 5 Echo Cancellation ...

Page 56: ...ur service provider must supply you with the correct provisioning information The reason is that in those gateway types the voice gateway expects this type of provisioning to be done prior to making any voice calls If the voice gateway is not LES compliant the pop up menus are not available and these fields are for information only Once you have made your settings for each voice port press Escape ...

Page 57: ...P P P Pa a a ar r r rt t t t I I I II I I I A A A Ad d d dv v v va a a an n n nc c c ce e e ed d d d C C C Co o o on n n nf f f fi i i ig g g gu u u ur r r ra a a at t t ti i i io o o on n n n ...

Page 58: ...Administration Guide ...

Page 59: ...of your Netopia 4753 G SHDSL Integrated Access Device You can customize these features for your individual setup These menus provide a powerful method for experienced users to set up their device s connection profiles and system configuration This section covers the following topics WAN Configuration on page 9 2 Multiple ATM Permanent Virtual Circuit Support on page 9 3 Creating a New Connection P...

Page 60: ... Clock Source and from the pop up menu select either Network the default or Internal Select Cell Format and from the pop up menu select either Scrambled the default or Unscrambled This setting must match the format used by your service provider Scrambled is the most common so you probably do not need to change it unless your provider specifically tells you to do so Select Unused Cell Format and fr...

Page 61: ... P P P PV V V VC C C C o o o ov v v ve e e er r r rv v v vi i i ie e e ew w w w On cell based DSL WAN interfaces the ATM connection between the device and the central office equipment DSLAM is divided logically into one or more virtual circuits VCs A virtual circuit may be either a permanent virtual circuit PVC or a switched virtual circuit SVC Netopia devices support PVCs VCs are identified by a ...

Page 62: ...Change Circuit screen From the Main Menu navigate to the DSL Line Configuration screen Select Display Change Circuit and press Return Main Menu WAN Configuration WAN Setup DSL Line Configuration DSL Line Configuration WAN DSL Mode ATM Regional Setting Annex A Clock Source Network Cell Format Scrambled Unused Cell Format Idle Data Link Encapsulation RFC1483 RFC1483 Mode Bridged 1483 PPP over Ethern...

Page 63: ...The default circuit name is Circuit n where n is some number between one and eight corresponding to the circuit s position in the list of up to eight circuits DSL Line Configuration WAN DSL Mode ATM Regional Setting Annex A Clock Source Network Cell Format Scrambled Unused Cell Format Circuit Name VPI VCI Data Link Encapsulation Circuit 1 8 35 RFC1483 Mode Voice Circuit 0 0 PPP over Ethernet PPPoE...

Page 64: ...ccording to pre defined dynamic binding rules when you add the second VC It will revert back to dynamic binding if the number of VCs is reduced to one for example by deleting previously defined VCs When the link comes up the device binds the VC dynamically to the first suitable Connection Profile or to the Default Profile if there is no Connection Profile configured If you factory default the devi...

Page 65: ...s Choosing a profile from the list statically binds the circuit to the selected profile Choosing Use Default Profile for Circuit statically binds the circuit to the Default Profile When the circuit is bound to a Connection Profile Use Connection Profile displays the name of the profile when the circuit is associated with the Default Profile Use Connection Profile displays Default Profile When more...

Page 66: ...ction for ATM VC Statistics To access the ATM VC Statistics screen navigate from the Main Menu to Statistics Logs then General Statistics The General Statistics screen appears Select VC Traffic Statistics Main Menu Statistics Logs General Statistics General Statistics Physical I F Rx Bytes Tx Bytes Rx Pkts Tx Pkts Rx Err Tx Err Ethernet Hub 0 0 0 0 0 0 Aux Async 0 0 0 0 0 0 ATM SDSL 1 22152 5092 4...

Page 67: ...n A pop up window appears displaying detailed information for the selected circuit ATM VC Statistics VPI VCI Local IP Addr Frames Rx Frames Tx Bytes Rx Bytes Tx SCROLL UP 0 39 111 222 333 4 0 0 0 0 8 36 1 0 70 0 SCROLL DOWN ATM VC Statistics View St VPI VCI 0 39 Circuit Name Circuit 4 8 36 Connection Profile Name Profile 4 Bytes Rx 0 Bytes Tx 0 Frames Rx 0 Frames Tx 0 Frames Rx Discarded 0 Frames ...

Page 68: ...ize and authenticate a connection To create a new connection profile you navigate to the WAN Configuration screen from the Main Menu and select Add Connection Profile The Add Connection Profile screen appears On a Netopia 4753 G SHDSL Integrated Access Device you can add up to 15 more connection profiles for a total of 16 but you can only use one at a time 1 Select Profile Name and enter a name fo...

Page 69: ...tion method your ISP uses if any PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol or None PAP is the most common and requires you to enter a User Name and Password in the next two fields CHAP requires you to enter a Host Name and Secret in the next two fields You can specify user name and password for both outgoing and incoming connections the Send User Name Pa...

Page 70: ...select Display Change Connection Profile The list of Connection Profiles is displayed in a scrolling pop up screen IP Profile Parameters Address Translation Enabled Yes Local WAN IP Address 0 0 0 0 Remote IP Address 0 0 0 0 Remote IP Mask 0 0 0 0 Filter Set Remove Filter Set Receive RIP Off Toggle to Yes if this is a single IP address ISP account Configure IP requirements for a remote network conn...

Page 71: ... Profile item to Yes or No the default This item controls whether or not the DSL link will come up without an explicitly configured connection profile If your ISP is serving you a dynamic IP Address you need not explicitly configure a connection profile and the default behavior of the device will be to connect automatically once it is powered on If you select IP Parameters the IP Parameters screen...

Page 72: ...ault in the Default Profile You can enable it by toggling to Yes If you use RFC1483 as the data link encapsulation method NAT is enabled by default as shown below For details on setting up IP Parameters see IP Setup on page 10 1 IP Parameters Default Profile Address Translation Enabled No Filter Set Firewall Remove Filter Set Receive RIP Both Transmit RIP Off Return Enter accepts Tab toggles ESC c...

Page 73: ...page 6 3 You can also retrieve the Netopia 4753 s configuration information and remotely set its parameters using the Simple Network Management Protocol see SNMP on page 14 13 Open a Telnet connection to the device s IP address for example 192 168 1 1 The console screen will open to the Main Menu similar to the screen shown below Navigating through the System Configuration screens To help you find...

Page 74: ...4753 Some users however require advanced settings or prefer manual control over the default selections For these users the Netopia 4753 provides system configuration options To help you determine whether you need to use the system configuration options review the following requirements If you have one or more of these needs use the system configuration options described in later chapters System co...

Page 75: ...ss serving These screens allow you to configure IP address serving on your network by means of DHCP WANIP and BootP Details are given in IP Address Serving on page 10 10 Date and time Network Time Protocol You can set the system s date and time in the Set Date and Time screen Select Date and Time in the System Configuration screen and press Return The Set Date and Time screen appears System Config...

Page 76: ...The default address 204 152 184 72 is a public NTP server and may be suitable for your needs or you can supply your own choice From the pop up Time Zone menu select your time zone Set the NTP Update Interval to some convenient interval such as every day 24 00 or every few hours From the pop up System Date Format menu select the date format used in your region MM DD YY DD MM YY or YY MM DD From the...

Page 77: ...inal communications parameters to suit your requirements To go to the Console Configuration screen select Console Configuration in the System Configuration screen Follow these steps to change a parameter s value 1 Select the parameter you want to change 2 Select a new value for the parameter Return to step 1 if you want to configure another parameter 3 Select SET CONFIG NOW to save the new paramet...

Page 78: ...ature set upgrade or visit the Netopia Web site at www netopia com for information on new feature sets how to obtain them and how to install them on your Netopia 4753 Logging You can configure a UNIX compatible syslog client to report a number of subsets of the events entered in the device s WAN Event History See WAN Event History on page 14 5 The Syslog client for the PC only is supplied as a ZIP...

Page 79: ... Setup Request from our DN 5108645534 May 5 10 14 06 tsnext netopia com Requested Disc from DN 917143652500 May 5 10 14 06 tsnext netopia com Received Clear Confirm for our DN 5108645534 May 5 10 14 06 tsnext netopia com Link 1 down No answer May 5 10 14 06 tsnext netopia com Device restarted May 5 10 14 06 tsnext netopia com Received Speech Setup Ind from DN not supplied May 5 10 14 06 tsnext net...

Page 80: ...9 22 Administration Guide ...

Page 81: ...Address Serving on page 10 10 More Address Serving Options on page 10 17 DHCP Relay Agent on page 10 23 Connection Profiles on page 10 25 Network Address Translation allows communication between the LAN connected to the Netopia 4753 and the Internet using a single or a few IP address es instead of a routed account with separate IP addresses for each computer on the network Network Address Translat...

Page 82: ...opia 4753 Select Ethernet IP Address and enter the IP address for the Netopia 4753 s Ethernet port Select Ethernet Subnet Mask and enter the subnet mask for the Ethernet IP address that you entered in the last step If you desire multiple subnets select Define Additional Subnets If you select this item you will be taken to the IP Subnets screen This screen allows you to define IP addresses and mask...

Page 83: ...t network that the Netopia 4753 needs to recognize If this is the case select Receive RIP and select v1 v2 or Both from the pop up menu With Receive RIP set to v1 the Netopia 4753 s Ethernet port will accept routing information provided by RIP packets from other routers that use the same subnet mask Set to v2 the Netopia 4753 will accept routing information provided by RIP packets from other route...

Page 84: ...ber between one and eight If you have eight subnets configured there will be eight rows on this screen Otherwise there will be one more row than the number of configured subnets The last row will have the value 0 0 0 0 in both the IP address and subnet mask fields to indicate that you can edit the values in this row to configure an additional subnet All eight row labels are always visible regardle...

Page 85: ... fill the vacant fields The subnets configured on this screen are tied to the address serving pools configured on the IP Address Pools screen and changes on this screen may affect the IP Address Pools screen In particular deleting a subnet configured on this screen will delete the corresponding address serving pool if any on the IP Address Pools screen IP Subnets IP Address Subnet Mask 1 192 128 1...

Page 86: ...static routes are used only if they appear in the IP routing table which contains all of the routes used by the Netopia 4753 see IP Routing Table on page 14 9 Static routes are helpful in situations where a route to a network must be used and other means of finding the route are unavailable For example static routes are useful when you cannot rely on RIP To go to the Static Routes screen select St...

Page 87: ...l appear The table has the following columns Dest Network The network IP address of the destination network Static Routes Display Change Static Route Add Static Route Delete Static Route Configure View Delete Static Routes from this and the following Screens Dest Network Subnet Mask Next Gateway Priority Enabled 0 0 0 0 0 0 0 0 163 176 8 1 Low Yes Select a Static Route to modify ...

Page 88: ...t to No Be sure to read the rules on the installation of static routes in the IP routing table See Rules of static route installation on page 10 9 Select Destination Network IP Address and enter the network IP address of the destination network Select Destination Network Subnet Mask and enter the subnet mask used by the destination network Select Next Gateway IP Address and enter the IP address fo...

Page 89: ...tatic routes Select a static route from the table and go to the Change Static Route screen The parameters in this screen are the same as the ones in the Add Static Route screen see Adding a static route on page 10 8 Deleting a static route To delete a static route in the Static Routes screen select Delete Static Route to display a table of static routes Select a static route from the table and pre...

Page 90: ...permanent since there is no lease renewal mechanism in BootP The third protocol called Dynamic WAN is part of the PPP MP suite of wide area protocols used for WAN connections It allows remote terminal adapters and NAT enabled routers to be assigned a temporary IP address for the duration of their connection Since no two hosts can use the same IP address at the same time make sure that the addresse...

Page 91: ... out which machines are going to be allocated specific static IP addresses so that you can determine the pool of IP addresses that you will be serving addresses from via DHCP BootP and or Dynamic WAN Example Your ISP has given your Netopia 4753 the IP address 192 168 6 137 with a subnet mask of 255 255 255 248 The subnet mask allocated will give you six IP addresses to use when connecting to the I...

Page 92: ...ure Address Pools appears instead If you select Configure Address Pools you will be taken to the IP Address Pools screen that allows you to configure an address serving pool for each of the configured Ethernet IP subnets See IP Address Pools on page 10 13 IP Address Serving Configure Address Pools Serve DHCP Clients Yes DHCP NetBios Options Serve BOOTP Clients Yes Serve Dynamic WAN Clients Yes ...

Page 93: ...ddress on the subnet You can edit the remaining columns in each row The 1st Client Addr and Clients columns allow you to specify the base and extent of the address serving pool for a particular subnet Entering 0 0 0 0 for the first client address or 0 for the number of clients indicates that no addresses will be served from the corresponding Ethernet IP subnet The Client Gateway column allows you ...

Page 94: ...address is available The client stores this address in non volatile storage for example on disk and the specific storage method location differs depending on the client operating system When requesting an address a client may provide a client identifier or if it does not the Netopia 4753 may construct a pseudo client identifier for the client When the client subsequently requests an address the Ne...

Page 95: ... a non IBM network operating system or network interface card must offer a NetBIOS emulator Many vendors either provide a version of NetBIOS to interface with their hardware or emulate its transport layer communications services in their network products A NetBIOS emulator is a program provided by NetWare clients that allow workstations to run applications that support IBM s NetBIOS calls Select D...

Page 96: ...nished setting up DHCP NetBIOS Options To return to the IP Address Serving screen press Escape To enable BootP s address serving capability select Serve BOOTP Clients and toggle to Yes Note Addresses assigned through BootP are permanently allocated from the IP Address Serving pool until you release them To release these addresses navigate back to the Main Menu then Statistics Logs Served IP Addres...

Page 97: ...o view the host name associated with a client to which the router has leased an IP address The ability for the router s Ethernet IP address es to overlap the DHCP address serving pool s The ability to serve as a DHCP Relay Agent The Netopia 4753 supports reserving an IP address only for a type 1 client identifier i e an Ethernet hardware address It does not support reserving an IP address for an a...

Page 98: ...fier is still accessible in a Details pop up menu See below Note The server does not query the client for its host name Macintosh computers running versions of MacOS prior to MacOS version 8 5 OT 2 0 1 TCP IP 2 0 1 do not supply a host name option in their DHCP messages so no host name will appear in the Served IP Addresses list Served IP Statistics Logs Main Menu Addresses Served IP Addresses IP ...

Page 99: ... are Details Exclude Include Release and Reserve The action popup is context sensitive and lists only those operations that apply to the selected IP address in its current lease state Served IP Addresses IP Address Type Expires Host Name Client Identifier SCROLL UP 192 168 1 100 192 168 1 101 192 168 1 102 192 168 1 103 192 168 1 104 192 168 1 105 192 168 1 106 192 168 1 107 192 168 1 108 Details ...

Page 100: ...layed if the entry is not already excluded Selecting Exclude excludes the IP address from the address serving pool so the address will not be served to a client If the IP address is currently leased to or reserved for a client you will be presented with a warning dialog asking you to confirm the operation Served IP Addresses IP Address Type Expires Host Name Client Identifier SCROLL UP 192 168 1 1...

Page 101: ...tively being used by a client is generally not recommended Reserve is displayed if the entry is available declined excluded leased offered or reserved Reserving an IP address for a client with a particular Ethernet MAC address guarantees that a client with the specified MAC address will be offered or leased the specified IP address Moreover it prevents the specified IP address from being offered o...

Page 102: ... 192 168 1 104 192 168 1 105 IP Address is 192 168 1 108 192 168 1 106 MAC Address 00 00 c5 45 89 ef 192 168 1 107 192 168 1 108 CANCEL OK 192 168 1 109 192 168 1 110 192 168 1 111 192 168 1 112 192 168 1 113 SCROLL DOWN Lease Management Served IP Addresses IP Address Type Expires Host Name Client Identifier SCROLL UP 192 168 1 1 Excluded for the router s IP address 192 168 1 2 Excluded 192 168 1 ...

Page 103: ...cally in the Netopia Router and respond to the client s request itself However if the Netopia Router is configured to act as a DHCP relay agent it does not satisfy the DHCP request itself but instead forwards the request to one or more remote DHCP servers These servers process the request assign an address from an address pool configured on the remote server and forward the response back to the Ne...

Page 104: ...ter an IP address and press Return an additional field appears You can enter up to four DHCP server addresses In the example above DHCP requests from clients on the LAN will be relayed to the DHCP servers at IP addresses 10 1 1 1 20 1 1 1 and 30 1 1 1 IP Address Serving IP Address Serving Mode Disabled DHCP Server Number of Client IP Addresses DHCP Relay Agent 1st Client Address Client Default Gat...

Page 105: ...eful for creating VPNs Connection Profiles define the line and networking protocols necessary for the router to make a remote connection A connection profile is like an address book entry describing how the router is to get to a remote site or how to recognize and authenticate a remote user connecting to the router To create a new Connection Profile you navigate to the WAN Configuration screen fro...

Page 106: ... Address Translation beginning on page 11 1 For more information on IP addressing see Appendix B Understanding IP Addressing The Local WAN IP Address is displayed for numbered or NAT profiles The Local WAN IP Mask is displayed for numbered profiles The Remote IP Address and Remote IP Mask are displayed for unnumbered profiles IP Profile Parameters Address Translation Enabled Yes IP Addressing Numb...

Page 107: ...files in your router return to the WAN Configuration screen and select Display Change Connection Profile The list of connection profiles is displayed in a scrolling pop up screen WAN Configuration Profile Name IP Address Easy Setup Profile 127 0 0 2 Profile 1 0 0 0 0 on Yes Up Down Arrow Keys to select ESC to dismiss Return Enter to Edit ...

Page 108: ...10 28 Administration Guide ...

Page 109: ...r IP service ports into different values This mapping serves two functions It allows the addresses of many computers on a LAN to be represented to the public Internet by only one or a few addresses saving you money It can be used as a security feature by obscuring the true addresses of important machines from potential hackers on the Internet To help you understand some of the concepts discussed h...

Page 110: ...own Website or provide other Internet services to the public you need more than classic NAT The reason is noted under Port Address Translation above external users cannot initiate traffic to computers on your LAN because external users can never see the real addresses of the computers on your LAN If you want users outside your LAN to have access for example to a Web or FTP server that you host you...

Page 111: ...ned to a pool of available addresses for other workstations to use A common example is a DSL customer s application Most DSL ISPs only provide customers with a few IP addresses for use on their network For networks with more than four or five machines it is usually mandatory to use NAT A customer may have 15 workstations on the LAN all of which need Internet access The customer is only provided fi...

Page 112: ...arisons are made in this order 1 The Netopia Router first checks its internal NAT cache to see if the data is part of a previously initiated connection if not 2 The Netopia Router checks the configured server lists to see if this traffic is intended to be forwarded to an internal host based on the type of service 3 The Netopia Router then checks to see if there is a static dynamic or PAT mapping f...

Page 113: ...st The mappings in the map list are order dependent and are compared in order from the top of the list to the bottom If a particular resource is not available subordinate mappings can be defined that will redirect traffic Supported traffic MultiNat supports the following IP protocols PAT TCP UDP traffic which does not carry source or destination IP addresses or ports in the data stream i e HTTP Te...

Page 114: ...NAT configuration becomes effective This will map all your private addresses 0 0 0 0 through 255 255 255 255 to your public address These map lists are bound to the Easy Setup Profile See Binding Map Lists and Server Lists on page 11 23 This is all you need to do if you want to continue to use a single PAT or 1 to many NAT configuration Server Lists and Dynamic NAT configuration You use the advanc...

Page 115: ...ire configuration using the Network Address Translation item on the IP Setup screen An example MultiNAT configuration at the end of this chapter describes some applications for these features See the MultiNAT Configuration Example on page 11 29 In order to configure the router to make servers on your LAN visible to the Internet you use advanced features in the System Configuration screens describe...

Page 116: ...r NAT rules The following rules apply to assigning NAT ranges and server lists Static public address ranges must not overlap other static PAT public addresses or the public address assigned to the router s WAN interface A PAT public address must not overlap any static address ranges It may be the same as another PAT address or server list address but the port range must not overlap You configure t...

Page 117: ...ss such as may be assigned via DHCP or PPP the PAT map list and server lists will acquire that address each time it is negotiated If you choose dynamic as the range type a new menu item First Public Address becomes visible Select First Public Address and enter the first exterior IP address in the range you want to assign Select Last Public Address and enter an IP address at the end of the range If...

Page 118: ...ist and press Return The Add NAT Map List screen appears Select Map List Name and enter a descriptive name for this map list A new menu item Add Map appears Select Add Map and press Return The Add NAT Map screen appears Select First and Last Private Address and enter the first and last interior IP addresses you want to assign Add NAT Map List Map List Name my_map Add Map Add NAT Map my_map First P...

Page 119: ...you have defined From the list of public ranges you defined select the one that you want to map to the interior range for this Add NAT Map my_map Public Address Range Type Name 0 0 0 0 pat Easy PAT 206 1 1 6 pat my_first_range 206 1 1 1 206 1 1 2 static my_second_range NEW RANGE Up Down Arrow Keys to select ESC to cancel Return Enter to Delete Select ...

Page 120: ...u can create a new public range to be used by this map See Add NAT Public Range on page 11 9 The Add NAT Map screen now displays the range you have assigned Select ADD NAT MAP and press Return Your mapping is added to your map list Add NAT Map my_map First Private Address 192 168 1 1 Last Private Address 192 168 1 254 Use NAT Public Range my_first_range Public Range Type is pat Public Range Start ...

Page 121: ...n screen select Show Change Map List and press Return Select the map list you want to modify from the pop up menu The Show Change NAT Map List screen appears Network Address Translation NAT Map List Name Add Out Easy PAT List Show Ch my_map Delete Add Map Show Ch Delete Add Ser Show Ch Delete NAT Ass Up Down Arrow Keys to select ESC to dismiss Return Enter to Edit Show Change NAT Map List Map List...

Page 122: ...pop up menu Scroll to the map you want to modify using the arrow keys and press Return The Change NAT Map screen appears Show Change NAT Map List Private Address Range Type Public Address Range 192 168 1 1 192 168 1 254 pat 206 1 1 6 192 168 1 253 192 168 1 254 static 206 1 1 1 206 1 1 2 192 168 1 1 192 168 1 252 dynamic 206 1 1 3 206 1 1 5 Change NAT Map my_map First Private Address 192 168 1 253...

Page 123: ...ay want to reorder the priority of the maps such that the dynamic map applies first and any additional traffic is routed via PAT or static All operations are done from a single pop up menu In the Show Change Map List screen select Move Map A selection mode pop up menu appears In this mode you scroll to the map you want to move and press Return to select it for moving After pressing Return you are ...

Page 124: ...Note The pat map is generally left at the bottom of the list Show Change NAT Map List Private Address Range Type Public Address Range 192 168 1 2 192 168 1 252 dynamic 206 1 1 3 206 1 1 252 192 168 1 252 192 168 1 253 static 206 1 1 1 206 1 1 2 192 168 1 1 192 168 1 251 pat 206 1 1 6 Up Down Arrow Keys to select ESC to dismiss Return Enter to Edit ...

Page 125: ... through other means such as a static mapping you must create a server list or use the pre existing Easy Servers list and add your entries to this list preferred Select Add Server List from the Network Address Translation screen The Add NAT Server List screen appears Select Server List Name and type in a descriptive name A new menu item Add Server appears Add NAT Server List Server List Name my_se...

Page 126: ... your own by selecting Other If you select Other a screen is displayed that allows you to enter the port number range for your customized service Add NAT Server my_servers Service Server Private IP Address 192 168 1 45 Public IP Address 206 1 1 1 ADD NAT SERVER CANCEL Add NAT Server my_servers Type Port s Service ftp 21 telnet 23 Server Private IP Address smtp 25 tftp 69 Public IP Address gopher 7...

Page 127: ...ist will acquire its public IP address from the WAN IP address specified by your WAN IP configuration in the Connection Profile If that is a static IP address then the PAT map list and server lists will acquire that address If it is a negotiated IP address such as may be assigned via DHCP or PPP the PAT map list and server lists will acquire that address each time it is negotiated Select ADD NAT S...

Page 128: ...ation screen Select the Server List Name you want to modify from the pop up menu and press Return The Show Change NAT Server List screen appears Network Address Translation NAT Server List Name A my_servers S D A S D A S D Up Down Arrow Keys to select ESC to dismiss Return Enter to Edit Show Change NAT Server List Server List Name my_servers Add Server Show Change Server Delete Server ...

Page 129: ...press Return Your changes take effect and you are returned to the Show Change NAT Server List screen Show Change NAT Server List Private Address Public Address Port Se 192 168 1 254 206 1 1 6 smtp 192 168 1 254 206 1 1 5 smtp 192 168 1 254 206 1 1 4 smtp Ad 192 168 1 254 206 1 1 3 smtp 192 168 1 254 206 1 1 1 smtp Sh De Up Down Arrow Keys to select ESC to dismiss Return Enter to Edit Change NAT Se...

Page 130: ...nu lists your configured servers Select the one you want to delete and press Return A dialog box asks you to confirm your choice Choose CONTINUE and press Return The server is deleted from the list Show Change NAT Server List Internal Address External Address Port Se 192 168 1 254 206 1 1 6 smtp 19 19 Ad Are you sure you want to delete this Server Sh CANCEL CONTINUE De ...

Page 131: ...ind a map list to a Connection Profile from the Main Menu go to the WAN Configuration screen then the Display Change Connection Profile screen From the pop up menu list of your Connection Profiles choose the one you want to bind your map list to Select IP Profile Parameters and press Return The IP Profile Parameters screen appears Main Menu WAN Configuration IP Profile Parameters Display Change Co...

Page 132: ... IP Addressing Also the Local WAN IP Address and Mask fields visibility are dependent only on the IP Addressing type IP Profile Parameters NAT Map List Name Address Trans Easy PAT s IP Addressing my_map mbered None NAT Map List sy PAT NAT Server Li Local WAN IP Remote IP Add 7 0 0 2 Remote IP Mas 5 255 255 255 Filter Set tBIOS Filter Remove Filter Receive RIP th Up Down Arrow Keys to select ESC to...

Page 133: ...er lists to a Connection Profile From the Main Menu go to the WAN Configuration screen then the Default Profile screen Select IP Parameters and press Return The IP Parameters Default Profile screen appears Toggle Address Translation Enabled to Yes Main Menu WAN Configuration IP Parameters Default Profile WAN Default Profile IP Parameters Default Profile Address Translation Enabled Yes NAT Map List...

Page 134: ...d will now be bound to the default profile Note There is no interdependency between NAT and IP Addressing Also the Local WAN IP Address and Mask fields visibility are dependent only on the IP Addressing type IP Parameters Default Profile NAT Map List Name Easy PAT List my_map Address Trans None s NAT Map List NAT Server Li Filter Set F Remove Filter Receive RIP th Up Down Arrow Keys to select ESC ...

Page 135: ...the Network Address Translation screen Select NAT Associations and press Return The NAT Associations screen appears You can toggle NAT On or Off for each Profile Interface name You do this by navigating to the NAT field associated with each profile using the arrow keys Toggle NAT on or off by using the Tab key You can reassign any of your map lists or server lists to any of the Profile Interfaces ...

Page 136: ...e associated with the corresponding profile or interface NAT Associations NAT Map List Name Profile Interface Name Nat Server List Name Easy Setup Profile On Easy PAT List my_servers Profile 01 On my_first_map my_servers Profile 02 On my_second_map my_server_list Profile 03 On my_map None Profile 04 On None None Default Answer Profile On my_servers Up Down Arrow Keys to select ESC to dismiss Retur...

Page 137: ...h 206 1 1 6 255 255 255 248 subnet mask Your internal devices have IP addresses of 192 168 1 1 through 192 168 1 254 255 255 255 0 subnet mask In this example you will statically map the first five public IP addresses 206 1 1 1 206 1 1 5 to the first five corresponding private IP addresses 192 168 1 1 192 168 1 5 You will use these 1 to 1 mapped addresses to give your servers real addresses You wi...

Page 138: ...SCREEN NEXT SCREEN Enter a subnet mask in decimal and dot form xxx xxx xxx xxx Enter basic information about your WAN connection with this screen IP Easy Setup Ethernet IP Address 192 168 1 1 Ethernet Subnet Mask 255 255 255 0 Domain Name ISP net Primary Domain Name Server 173 166 101 1 Secondary Domain Name Server 173 166 102 1 Default IP Gateway 206 1 1 254 IP Address Serving On Number of Client...

Page 139: ...press Return This returns you to the Network Address Translation screen Select Add Public Range and press Return Type a name for this static range as shown below Enter the first and last public addresses your ISP assigned in their respective fields as shown The first five public IP addresses 206 1 1 1 206 1 1 5 in this example are statically mapped to the first five corresponding private IP addres...

Page 140: ...AT configuration on a previously defined Connection Profile then you need to bind the Map List to the profile You do this through either the NAT Associations screen or the profile s configuration screens The PAT part of this example setup will allow any user on the Netopia Router s LAN with an IP address in the range of 192 168 1 6 through 192 168 1 254 to initiate traffic flow to the outside worl...

Page 141: ...ter your Web server s address 192 168 1 2 and the public address for example 206 1 1 2 and then select ADD NAT SERVER Now return to Add Server choose the smtp port and enter 192 168 1 3 your Mail server s IP address for the Server Private IP Address You can decide if you want to present both your Web and Mail services as being on the same public address 206 1 1 2 or if you prefer to have your Mail...

Page 142: ...11 34 Administration Guide ...

Page 143: ...r at college at the same time you are talking to your relatives your calls don t overlap but each is separate and private Neither house has a direct wire to the places they call Both share the same lines on the telephone poles or underground on the street These calls are virtual private networks Virtual because they appear to be direct connections between the calling and answering parties even tho...

Page 144: ... router can provide all users on a LAN with secure access over the Internet to the resources of another LAN by setting up a tunnel with a Windows NT server running Remote Access Services RAS or with another Netopia Router As a server a Netopia R series router can provide remote users a secure connection to the resources of the LAN over a dial up cable DSL or any other type of Internet access Becau...

Page 145: ... your tunnel will use and whether or not you will be using the VPN client software in a standalone remote connection Having both an ATMP tunnel and a PPTP export is not possible because functions require GRE and the router s PPTP export server does not distinguish the GRE packets it forwards Since it processes all of them ATMP tunneling is impaired For example you cannot run an ATMP tunnel between...

Page 146: ... native encapsulation Consequently the Easy Setup Profile does not offer PPTP datalink encapsulation See the User s Reference Guide for information on creating Connection Profiles Channel 4 and higher events such as connections and disconnections reported in the WAN Event Histories are VPN tunnel events To define a PPTP tunnel navigate to the Add Connection Profile menu from the Main Menu Main Men...

Page 147: ...way field allows this path to be resolved You can specify a Data Compression algorithm either None or Standard LZS for the PPTP connection Note When the Authentication protocol is MS CHAP compression is set to None and the Data Compression option is hidden From the pop up menu select an Authentication protocol for the PPP connection Options are PAP CHAP or MS CHAP The default is PAP The authentica...

Page 148: ...e normally initiated On Demand however you can disable this feature When disabled the tunnel must be manually established via the call management screens or may be scheduled using the scheduled connections feature See Scheduled Connections in the User s Reference Guide Some networks that use Microsoft Windows NT PPTP Network Servers require additional authentication information called Windows NT D...

Page 149: ...re Tunnel mode encrypts both the header and the payload On the receiving side an IPsec compliant device decrypts each packet Netopia Routers support the more secure Tunnel mode DES stands for Data Encryption Standard a popular symmetric key encryption method DES uses a 56 bit key The Netopia 4753 offers IPsec DES encryption over the VPN tunnel Configuration IPsec tunnels are defined in the same ma...

Page 150: ...y an Encryption Transform The choices are DES or NULL The default is DES Add Connection Profile Profile Name Profile 1 Profile Enabled Data Link Encapsulation PPP Data Link Options Frame Relay RFC1483 ATMP IP Profile Parameters PPTP IPsec COMMIT CANCEL IPsec Encryption Authentication Options Encryption Transform DES Encryption Key NULL Authentication Type ESP Authentication Transform HMAC MD5 96 A...

Page 151: ...Authentication Type is anything other than None The default is HMAC MD5 96 and the choices are HMAC MD5 96 or HMAC SHA1 96 for both AH and ESP You must specify an Authentication Key if the Authentication Type is anything other than None The key must be an ASCII string of up to 48 characters for both HMAC MD5 96 and HMAC SHA1 96 Key The key is a hexadecimal entry of 16 bytes 32 characters of input ...

Page 152: ...bnet of the remote IPsec tunnel and will be used with the Remote Members Mask to determine and set the route You must specify a Remote Members Mask This is the subnet mask of the remote subnet to which the IPsec tunnel will route You can specify Address Translation Enabled For more information see Chapter 11 Multiple Network Address Translation If Address Translation Enabled is set to Yes you can ...

Page 153: ...e value must be unique over the set of all AH SPIs specified for the remote tunnel endpoint You can specify a Local Tunnel Endpoint Address If not 0 0 0 0 this value must be one of the assigned interface addresses either WAN or LAN This is used as the source address of all IPsec traffic You can specify a Next Hop Gateway If you specify the Remote Tunnel Endpoint Address and the address is in the s...

Page 154: ...Protocol MS CHAP is enabled Netopia complies with this feature to allow MPPE only when MS CHAP is negotiated MS CHAP and MPPE are user selectable options in the PPTP Tunnel Options screen If either the client or the server side specifies encryption then encryption becomes mandatory for both Netopia s ATMP implementation supports Data Encryption Standard DES data encryption for user data transfer o...

Page 155: ... The Default VPN Profile screen appears Toggle Answer VPN Connections to Yes if you want the router to accept VPN connections or No the WAN Configuration WAN Wide Area Network Setup Display Change Connection Profile Add Connection Profile Delete Connection Profile WAN Default Profile ATMP PPTP Default Profile Scheduled Connections Configuration Changes Reset WAN Connection Yes Frame Relay Configur...

Page 156: ...uickView You can view the status of your VPN connections in the VPN QuickView screen From the Main Menu select QuickView and then VPN QuickView The VPN QuickView screen appears Profile Name Lists the name of the Connection Profile being used if any Type Shows the data link encapsulation method PPTP or ATMP Rx Pckts Shows the number of packets received via the VPN tunnel Tx Pckts Shows the number o...

Page 157: ...through which your data passes You may need to install the Dial Up Networking feature of Windows 95 98 or 2000 to take advantage of the virtual private networking feature of your Netopia router Note For the latest information and tech notes on Dial Up Networking and VPNs be sure to visit the Netopia website at http www netopia com and for the latest software and release notes the Microsoft website...

Page 158: ...rotocol and click OK 4 Type the drive and directory location of your installation files in the Windows NT Setup dialog box and then click Continue The PPTP files are copied from the installation directory and the PPTP Configuration dialog box will appear 5 Click the Number of Virtual Private Networks drop down arrow and select the number of VPN devices you want the client to support You can select...

Page 159: ...erver type displays PPP Windows NT Windows 95 Plus Internet In the Network protocols dialog box ensure that the network protocols used on your private network are selected Any selected protocol TCP IP IPX SPX NetBEUI must already be installed on the PPTP client your are configuring In addition RAS must be configured to use that protocol to dial out Also check the TCP IP Settings to ensure that Ser...

Page 160: ...al Private Networking at the bottom of the list Click OK at the bottom of each screen then close the Control Panel screen by clicking the upper right corner marked with an X Note Your Windows ME Installation CD may be required and your computer will need to be restarted 5 Go to the Start Menu again select Programs select Accessories select Communications and click to select Dial up Networking 6 In...

Page 161: ...lating the client data within Generic Routing Encapsulation GRE The GRE data is then routed using standard methods ATMP configuration ATMP is a Datalink Encapsulation option in Connection Profiles It is not an option in device or link configuration screens since ATMP is not a native encapsulation The Easy Setup Profile does not offer ATMP datalink encapsulation See the User s Reference Guide for i...

Page 162: ...fault gateway to reach the partner and the Tunnel Via Gateway field is hidden If the partner should be reached via an alternate port i e the LAN instead of the WAN the Tunnel Via Gateway field allows this path to be resolved You can specify a Network Name When the tunnel partner is another Netopia router this name may be used to match against a Connection Profile When the partner is an Ascend rout...

Page 163: ...rameters screen appears Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel Allowing VPNs through a Firewall An administrator interested in securing a network will usually combine the use of VPNs with the use of a firewall or some similar mechanism This is because a VPN is not a complete security solution but rather a component of overall security Using a VPN wi...

Page 164: ...dle control and negotiation while PPTP uses TCP Then both ATMP and PPTP use GRE to carry the payload For PPTP negotiation to work TCP packets inbound and outbound destined for port 1723 must be allowed Likewise for ATMP negotiation to work UDP packets inbound and outbound destined for port 5150 must be allowed Source ports are dynamic so if possible make this flexible too Additionally PPTP and ATM...

Page 165: ...Set and from the pop up menu select Basic Firewall Select Display Change Input Filter Display Change Input Filter screen For Input Filter 1 set the Destination Port information as shown below Main Menu System Filter Sets IP Filter Sets Display Change IP Filter Set Configuration Basic Firewall Source IP Addr Dest IP Addr Proto Src Port D Port On Fwd 1 0 0 0 0 0 0 0 0 TCP NC 1723 Yes Yes 2 0 0 0 0 0...

Page 166: ... Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 Protocol Type GRE Source IP Addr Dest IP Addr Proto Src Port D Port On Fwd 1 0 0 0 0 0 0 0 0 TCP NC 1723 Yes Yes 2 0 0 0 0 0 0 0 0 GRE Yes Yes Change Output Filter 1 Enabled Yes Forward Yes Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Ma...

Page 167: ... Output Filter 2 set the Protocol Type to allow GRE as shown below Change Output Filter 2 Enabled Yes Forward Yes Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 Protocol Type GRE ...

Page 168: ...play Change IP Filter Set and from the pop up menu select Basic Firewall Select Display Change Input Filter Display Change Input Filter screen For Input Filter 1 set the Destination Port information as shown below Main Menu System Filter Sets IP Filter Sets Display Change IP Filter Set Configuration Basic Firewall Source IP Addr Dest IP Addr Proto Src Port D Port On Fwd 1 0 0 0 0 0 0 0 0 UDP NC 51...

Page 169: ...ed Yes Forward Yes Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 Protocol Type GRE Source IP Addr Dest IP Addr Proto Src Port D Port On Fwd 1 0 0 0 0 0 0 0 0 UDP NC NC Yes Yes 2 0 0 0 0 0 0 0 0 GRE Yes Yes Change Output Filter 1 Enabled Yes Forward Yes Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 De...

Page 170: ...ut Filter 2 set the Protocol Type to allow GRE as shown below Change Output Filter 2 Enabled Yes Forward Yes Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 Protocol Type GRE ...

Page 171: ... later in this chapter there are other actions you can take to make the Netopia 4753 and your network more secure Change the SNMP community strings or passwords The default community strings are universal and could easily be known to a potential intruder Set the answer profile so it must match incoming calls to a connection profile Leave the Enable Dial in Console Access option set to No When usin...

Page 172: ...ions screen because it controls access to the configuration screens Access to the Security Options screen can be protected with a password Select Password for This Screen in the Security Options screen and enter a password Make sure this password is secure and is different from any of the user account passwords Protecting the configuration screens You can protect the configuration screens with use...

Page 173: ...scape Telnet Access Telnet is a TCP IP service that allows remote terminals to access hosts on an IP network The Netopia 4753 supports Telnet access to its configuration screens CAUTION You should consider password protecting or restricting Telnet access to the Netopia 4753 if you suspect there is a chance of tampering To password protect the configuration screens select Easy Setup from the Main M...

Page 174: ... a filter and what s a filter set A filter is a rule that lets you specify what sort of data can flow in and out of your network A particular filter can be either an input filter one that is used on data packets coming in to your network from the Internet or an output filter one that is used on data packets going out from your network to the Internet A filter set is a group of filters that work to...

Page 175: ...ge arrives from Rome the first inspector sends it along without allowing the second inspector to see it A package from Paris is ignored by the first inspector rejected by the second inspector and never seen by the others A package from London is ignored by the first two inspectors so it s seen by the third inspector In the same way filter sets apply their filters in a particular order The first fi...

Page 176: ...o understand this particular filter look at the parts of a filter Parts of a filter A filter consists of criteria based on packet attributes A typical filter can match a packet on any one of the following attributes The source IP address where the packet was sent from The destination IP address where the packet is going The type of higher layer Internet protocol the packet is carrying such as TCP ...

Page 177: ...s than or equal to the port number specified in the filter Equal For the filter to match the packet s port number must equal the port number specified in the filter Greater Than For the filter to match the packet s port number must be greater than the port number specified in the filter Greater Than or Equal For the filter to match the packet s port number must be greater than or equal to the port...

Page 178: ...ighest priority is first in the table Source IP Addr The packet source IP address to match Dest IP Addr The packet destination IP address to match Proto The protocol to match This can be entered as a number see the table below or as TCP or UDP if those protocols are used Protocol Number to use Full name N A 0 Ignores protocol type ICMP 1 Internet Control Message Protocol TCP 6 Transmission Control...

Page 179: ...ddresses are masked determines what the final match will be although the mask is not displayed in the table that displays the filter sets you set it when you create the filter In fact since the mask for the destination IP address is 0 0 0 0 the address for Dest IP Addr could have been anything The mask for Source IP Addr must be 255 255 255 255 since an exact match is desired Source IP Addr 199 21...

Page 180: ...ty set and that can actually make your network less secure Be sure each individual filter s purpose is clear Determine how filter priority will affect the set s actions Test the set on paper by determining how the filters would respond to a number of different hypothetical packets Consider the combined effect of the filters If every filter in a set fails to match on a particular packet the packet ...

Page 181: ...strongly recommended that you take the latter and safer approach to all of your filter set designs Working with IP Filters and Filter Sets This section covers IP filters and filter sets To work with filters and filter sets begin by accessing the filter set screens Note Make sure you understand how filters work before attempting to use them Read the section About Filters and Filter Sets beginning o...

Page 182: ...ming a new filter set All new filter sets have a default name The first filter set you add will be called Filter Set 1 the next filter will be Filter Set 2 and so on To give a new filter set a different name select Filter Set Name and enter a new name for the filter set To save the filter set select ADD FILTER SET The saved filter set is empty contains no filters but you can return to it later to ...

Page 183: ...ur local network is the destination of the packets it checks and the remote network is their source From the perspective of an output filter your local network is the source of the packets and the remote network is their destination Adding filters to a filter set In this section you ll learn how to add an input filter to a filter set Adding an output filter works exactly the same way providing you...

Page 184: ...ss This allows you to further modify the way the filter will match on the destination address Enter 0 0 0 0 to force the filter to match on all destination IP addresses 7 Select Protocol Type and enter ICMP TCP UDP Any or the number of another IP transport protocol see the table on page 13 8 Note If Protocol Type is set to TCP or UDP the settings for port comparison that you configure in steps 8 a...

Page 185: ...meters in this screen are set in the same way as the ones in the Add Filter screen see Adding filters to a filter set on page 13 13 Deleting filters To delete a filter select Delete Input Filter or Delete Output Filter in the Add IP Filter Set screen to display a table of filters Select the filter from the table and press Return to delete it Press Escape to exit the table without deleting the filt...

Page 186: ...r Set in the IP Filter Sets screen to display a list of filter sets Select a filter set from the list and press Return to delete it Press Escape to exit the list without deleting the filter set A sample IP filter set This section contains the settings for a filter set called Basic Firewall which is part of the Netopia 4753 s factory configuration Basic Firewall blocks undesirable traffic originati...

Page 187: ...rd all TCP and UDP traffic respectively when the destination port is greater than 1023 This type of traffic generally does not allow a remote host to connect to the LAN using one of the potentially intrusive Internet services such as Telnet FTP and WWW Output filter 1 This filter forwards all outgoing traffic to make sure that no outgoing connections from the LAN are blocked Setting Input filter 1...

Page 188: ...s to be the only one used with Basic Firewall The results of combining filter set modifications can be difficult to predict It is recommended that you take special care if you are making more than one modification to the sample filter set Trusted host To allow unlimited access by a trusted remote host with the IP address a b c d corresponding to a numbered IP address such as 163 176 8 243 insert t...

Page 189: ...WW Deleting a filter set does not delete the filters in that set However the filters in the deleted set are no longer in effect unless they are part of another set The deleted set will no longer appear in the answer profile or any connection profiles to which it was added Firewall Tutorial General firewall terms Filter rule A filter set is comprised of individual filter rules Filter set A grouping...

Page 190: ...on mechanism so packets are not lost RFC 793 is the specification for TCP UDP User Datagram Protocol Unlike TCP UDP does not guarantee reliable sequenced packet delivery If data does not reach its destination UDP does not retransmit the data RFC 768 is the specification for UDP There are many more ports defined in the Assigned Addresses RFC The table that follows shows some of these port assignmen...

Page 191: ...or example if you had the following filter set Allow WWW access Allow FTP access Allow SMTP access Deny all other packets and a packet goes through these rules destined for FTP the packet would forward through the first rule WWW go through the second rule FTP and match this rule the packet is allowed through If you had this filter set for example Allow WWW access Allow FTP access Deny FTP access D...

Page 192: ... implied rule tells the filter set what to do with a packet that does not match any of the filter rules An example of implied rules is as follows Established connections The TCP header contains one bit called the ACK bit or TCP Ack bit This ACK bit appears only with TCP not UDP The ACK bit is part of the TCP mechanism that guarantees the delivery of data The ACK bit is set whenever one side of a c...

Page 193: ...t Equal To Matches any port other than what is defined Less Than Anything less than the port defined Less Than or Equal Any port less than or equal to the port defined Equal Matches only the port defined Greater Than or Equal Matches the port or any port greater Greater Than Matches anything greater than the port defined Change Filter Enabled Yes Forward No Source IP Address 0 0 0 0 Source IP Addr...

Page 194: ...IP Address field 00000000 in the Netopia 4753 This will not forward this packet Filter Rule 200 1 1 0 Source IP Network Address 255 255 255 128 Source IP Mask Forward No What happens on match IP Address Binary Representation 200 1 1 28 00011100 Source address in incoming IP packet AND 255 255 255 128 10000000 Perform the logical AND 00000000 Logical AND result Netopia Internet IP 200 1 1 DATA Inco...

Page 195: ...s after the logical AND is 1011000 this rule does not match and this packet will be forwarded Filter Rule 200 1 1 0 Source IP Network Address 255 255 255 128 Source IP Mask Forward No What happens on match IP Address Binary Representation 200 1 1 184 10111000 Source address in incoming IP packet AND 255 255 255 128 10000000 Perform the logical AND 10000000 Logical AND result Filter Rule 200 1 1 96...

Page 196: ...0 this rule does match and this packet will not be forwarded This rule masks off a single IP address Filter Rule 200 1 1 96 Source IP Network Address 255 255 255 240 Source IP Mask Forward No What happens on match IP Address Binary Representation 200 1 1 104 01101000 Source address in incoming IP packet AND 255 255 255 240 11110000 Perform the logical AND 01100000 Logical AND result Filter Rule 20...

Page 197: ... to make configuration changes or accessing the Internet via HTTP Companies desiring to limit certain departments from accessing the Internet can use LAN side filtering as well as schools desiring to prevent their student network from downloading files via FTP etc The WAN filtersets Basic Firewall and NetBIOS Filter should never be applied to your internal LAN because they can cut off access from ...

Page 198: ...or subnet Instead create a new filter set in accordance with the standard filtering rules described earlier Advanced Security Options Security Databases Local only RADIUS Server Addr Name RADIUS Server Secret Alt RADIUS Server Addr Name Alt RADIUS Server Secret RADIUS Identifer RADIUS Server Authentication Port 1812 LAN EN Hub IP Filter Set Remove Filter Set Advanced Security Options Security Data...

Page 199: ...e select Remove Filter Set and press Return The filter set will be disconnected from the LAN interface Note Removing the filter set from the LAN does not delete the filter set It is still available to be reassociated with the same or another interface or modified further ...

Page 200: ...curity database modes Local Only RADIUS only RADIUS then Local Local then RADIUS R R R RA A A AD D D DI I I IU U U US S S S c c c cl l l li i i ie e e en n n nt t t t c c c co o o on n n nf f f fi i i ig g g gu u u ur r r ra a a at t t ti i i io o o on n n n To display the Security Options screen from the Main Menu select System Configuration Security then Security Options If you select Advanced S...

Page 201: ...is not contacted Only if the primary RADIUS server fails to respond at all is the alternate RADIUS server contacted Therefore do not attempt to select any of the RADIUS options unless you have a RADIUS server correctly configured for this purpose If you attempt to use RADIUS authentication without a RADIUS server you will lose your configuration access to the router The Advanced Security Options s...

Page 202: ...e either an IP address or an arbitrary string to be used as the identifier in the router s outgoing Access Request packets The RADIUS identifier is limited to 63 characters RADIUS Server Authentication Port specifies the UDP destination port to which the router s RADIUS authentication requests will be sent The default value is 1812 the official IANA assigned UDP port number for the RADIUS authenti...

Page 203: ... RADIUS server database entry that will be used to authenticate users attempting to gain console access to a Netopia device must specify the Administrative service type Service Type 6 Security Options You are about to delete the only local password If you continue you will be unable to configure this device unless a Radius Server is available to authenticate you CONTINUE CANCEL Show Users Add User...

Page 204: ...13 34 Administration Guide ...

Page 205: ...s Quick View Status Overview on page 14 1 Statistics Logs on page 14 4 Event Histories on page 14 4 Voice Logs on page 14 7 IP Routing Table on page 14 9 Served IP Addresses on page 14 10 General Statistics on page 14 11 System Information on page 14 13 SNMP on page 14 13 Quick View Status Overview You can get a useful overall status report from the Netopia 4753 in the Quick View screen To go to t...

Page 206: ...ou have assigned an IP address as your primary domain name server it is shown here Secondary DNS Server If you are using the router s defaults DHCP and NAT this value will be 0 0 0 0 If you have assigned an IP address as a secondary domain name server it is shown here Domain Name The domain name you have assigned typically the name of your ISP MAC Address The Netopia 4753 s hardware address for th...

Page 207: ...is connection or the caller identification if available Status lights This section shows the current real time status of the Netopia 4753 s status lights LEDs It is useful for remotely monitoring the router s status The Quick View screen s arrangement of LEDs corresponds to the physical arrangement of LEDs on the router The active voice ports are also indicated Each LED representation can report o...

Page 208: ... You can view two different event histories one for the router s system and one for the WAN The Netopia 4753 s built in battery backup prevents loss of event history from a shutdown or reset The router s event histories are structured to display the most recent events first and to make it easy to distinguish error messages from informational messages Error messages are prefixed with an asterisk Bo...

Page 209: ...ry select the event and then press Return A dialog box containing more information about the selected event will appear Press Return or Escape to dismiss the dialog box To clear the event history select Clear History at the bottom of the history screen and press Return WAN Event History Current Date 12 3 98 03 02 23 PM Date Time Event SCROLL UP 07 03 98 13 59 06 DSL IP up channel 1 gateway 173 166...

Page 210: ...list and press Return To obtain more information about any event listed in the Device Event History select the event and then press Return A dialog box containing more information about the selected event appears Press Return or Escape to dismiss the dialog box To clear the Device Event History select Clear History and press Return Device Event History Current Date 1 18 01 10 34 14 AM Date Time Ev...

Page 211: ... listed in the Voice Log select the event and then press Return A dialog box containing more information about the selected event appears Press Return or Escape to dismiss the dialog box To clear the Voice Log select Clear History and press Return Voice Log Current Date 1 5 01 06 00 45 AM Date Time Event SCROLL UP 01 05 01 11 03 27 Voice gateway link yes IP 163 176 232 4 01 05 01 05 26 23 Voice ga...

Page 212: ...top of the list and press Return To scroll down select SCROLL DOWN at the bottom of the list and press Return To obtain more information about any event listed in the Voice Accounting Log select the event and then press Return A dialog box containing more information about the selected event appears Press Return or Escape to dismiss the dialog box To clear the Voice Accounting Log select Clear His...

Page 213: ...istics Logs WAN Event History Device Event History Voice Log Voice Accounting Log Voice Error Log IP Routing Table Served IP Addresses General Statistics System Information IP Routing Table Network Address Subnet Mask via Router Port Type SCROLL UP 0 0 0 0 255 0 0 0 0 0 0 0 Other 127 0 0 1 255 255 255 255 127 0 0 1 Loopback Local 192 168 1 0 255 255 255 240 192 168 1 1 Ethernet Local 192 168 1 1 2...

Page 214: ...he IP Address Lease Management screen appears Served IP Addresses IP Address Type Expires Client Identifier SCROLL UP 192 168 1 100 DHCP 00 36 EN 00 00 c5 4a 1f ea 192 168 1 101 DHCP 00 58 EN 08 00 07 16 0c 85 192 168 1 102 192 168 1 103 192 168 1 104 192 168 1 105 192 168 1 106 192 168 1 107 192 168 1 108 192 168 1 109 192 168 1 110 192 168 1 111 192 168 1 112 192 168 1 113 SCROLL DOWN Lease Mana...

Page 215: ...tistics screen select General Statistics and press Return The General Statistics screen appears The General Statistics screen displays information about data traffic on the Netopia 4753 s data ports This information is useful for monitoring and troubleshooting your LAN Note that the counters roll over at their maximum field width that is they restart again at 0 General Statistics Phys I F Rx Bytes...

Page 216: ... for the following protocols IP IP packets on the Ethernet The right side of the table lists the total number of occurrences of each of six types of communication statistics Rx Bytes The number of bytes received Tx Bytes The number of bytes transmitted Rx Packets The number of packets received Tx Pkts The number of packets transmitted Rx Err The number of bad Ethernet packets received Tx Err The n...

Page 217: ...agent allowing monitoring and configuration of many of the data routing features by a standard SNMP manager The Netopia 4753 supports the following management information base MIB documents MIB II RFC 1213 Interface MIB RFC 1229 Ethernet MIB RFC 1643 Netopia MIB These MIBs are on the Netopia 4753 CD included with the Netopia 4753 Load these MIBs into your SNMP management software in the order they...

Page 218: ...y in the MIB II system group Although optional the information you enter in these items can help a system administrator manage the network more efficiently Community strings The Read Only Community String and the Read Write Community String are like passwords that must be used by an SNMP manager querying or configuring the Netopia 4753 An SNMP manager using the Read Only Community String can exami...

Page 219: ...operations and Set Requests are still allowed using the non empty Read Write community string Even if you decide not to use SNMP you should change the community strings This prevents unauthorized access to the Netopia 4753 through SNMP For more information on security issues see Suggested Security Measures on page 13 1 SNMP traps An SNMP trap is an informational message sent from an SNMP agent in ...

Page 220: ...eceivers screen Modifying IP trap receivers 1 To edit an IP trap receiver select Display Change IP Trap Receiver in the IP Trap Receivers screen 2 Select an IP trap receiver from the table and press Return 3 In the Change IP Trap Receiver screen edit the information as needed and press Return Deleting IP trap receivers 1 To delete an IP trap receiver select Delete IP Trap Receiver in the IP Trap R...

Page 221: ...Console Session on page 15 6 Factory Defaults on page 15 6 Transferring Configuration and Firmware Files with TFTP on page 15 7 Transferring Configuration and Firmware Files with XMODEM on page 15 10 Restarting the System on page 15 12 Note These utilities and tests are accessible only through the console based management screens See Chapter 6 Console Based Management for information on accessing ...

Page 222: ...5 3 Select Data Size to change the default setting This is the size in bytes of each Ping packet sent The default setting is adequate in most cases but you can change it to any value from 0 only header data to 1664 4 Select Delay seconds to change the default setting The delay in seconds determines the time between Ping packets sent The default setting is adequate in most cases but you can change ...

Page 223: ...e Message Description Resolving host name Finding the IP address for the domain name style address Can t resolve host name IP address can t be found for the domain name style address Pinging Ping test is in progress Complete Ping test was completed Cancelled by user Ping test was cancelled manually Destination unreachable from w x y z Ping test was able to reach the router with IP address w x y z ...

Page 224: ...e dropped and a destination unreachable notification is returned to the sender see the table on the previous page This ensures that no infinite routing loops occur The TTL value can be set and retrieved using the SNMP MIB II ip group s ipDefaultTTL object Trace Route You can count the number of routers between your Netopia Router and a given destination with the Trace Route utility In the Statisti...

Page 225: ...et client select Telnet from the Utilities Diagnostics menu The Telnet client screen appears Enter the host name or the IP address in dotted decimal format of the machine you want to Telnet into and press Return Either accept the default control character Q used to suspend the Telnet session or type a different one START A TELNET SESSION becomes highlighted Press Return and the Telnet session will...

Page 226: ...ess Return The Netopia 4753 will reboot and its settings will return to the factory defaults deleting your configurations In an emergency you can also use the Reset switch to return the router to its factory default settings Call Netopia Technical Support for instructions on using the Reset switch Note Reset to factory defaults with caution You will need to reconfigure all of your settings in the ...

Page 227: ...your organization s network administrator The Netopia 4753 G SHDSL Integrated Access Device ships with an embedded operating system referred to as firmware The firmware governs how the device communicates with your network and the WAN or remote site Firmware updates are periodically posted on the Netopia website To update either the device s firmware follow these steps Select TFTP Server Name and ...

Page 228: ... item will change from Idle to Reading Firmware The TFTP Current Transfer Bytes item will reflect the number of bytes transferred Downloading configuration files The Netopia 4753 can be configured by downloading a configuration file using TFTP Once downloaded the file reconfigures all of the router s parameters as if someone had manually done so through the console port To download a configuration...

Page 229: ...rs or just for creating configuration backup files Uploading a file can also be useful for troubleshooting purposes The uploaded configuration file can be tested on a different Netopia 4753 unit by Netopia or your network administrator To upload a configuration file follow these steps 1 Select TFTP Server Name and enter the server name or IP address of the TFTP server you will use The server name ...

Page 230: ...activity on the device or the attached computer This includes WAN traffic such as a DSL connection or screen savers or other automatic programs running on the attached computer Such activity can slow down or interrupt the file transfer requiring you to rerun the upgrade Updating firmware Firmware updates may be available periodically from Netopia or from a site maintained by your organization s ne...

Page 231: ...ownloading a configuration file The downloaded file reconfigures all of the Router s parameters Configuration files are available from a site maintained by your organization s network administrator or from your local site see Uploading configuration files below Follow these steps to download a configuration file 1 Make sure you have the configuration file on disk and know the path to its location ...

Page 232: ...using the console or the WAN interface To upload a configuration file 1 Decide on a name for the file and a path for saving it 2 Select Receive Config from Netopia and press Return The following dialog box appears 3 Select CANCEL to exit without uploading the file or select CONTINUE to upload the file If you choose CONTINUE you will have ten seconds to use your terminal emulation software to initi...

Page 233: ...P P P Pa a a ar r r rt t t t I I I II I I II I I I A A A Ap p p pp p p pe e e en n n nd d d di i i ix x x xe e e es s s s ...

Page 234: ...Administration Guide ...

Page 235: ...uration process review the following suggestions before calling for technical support There are five zones to consider when troubleshooting initial configuration 1 The computer s connection to the Netopia 4753 2 The Netopia 4753 s connection to the telecommunication line s 3 The telecommunication line s connection to your ISP 4 The ISP s connection to the Internet 5 The Netopia 4753 s connection t...

Page 236: ...he default values are 9600 N 8 and 1 Characters are missing from some of the configuration screens Try changing the Netopia 4753 s default speed of 9600 bps and setting your terminal emulation software to match the new speed Network problems Problems communicating with remote IP hosts Verify the accuracy of the default gateway s IP address entered in the IP Setup or Easy Setup screen Use the Netop...

Page 237: ...r clip size Reset Switch slot 3 Carefully insert the larger end of a standard size paper clip until you contact the internal Reset Switch No need to unwind the paper clip 4 Press this switch 5 This will reset the unit to factory defaults and you will now be able to reprogram the Netopia 4753 Power Outages If you suspect that power was restored after a power outage and the Netopia 4753 is connected...

Page 238: ... number Serial number Firmware version What kind of local network s do you have with how many devices Ethernet TCP IP Other What kind of telephone s and or fax machine s or other devices do you have and how many each How to reach us We can help you with your problem more effectively if you have completed the environment profile in the previous section If you contact us by telephone please be ready...

Page 239: ...etopia World Wide Web server via http www netopia com Internet via anonymous FTP to ftp netopia com pub FAX Back This service provides technical notes that answer the most commonly asked questions and offers solutions for many common problems encountered with Netopia products FAX Back 1 510 814 5040 ...

Page 240: ...A 6 Administration Guide ...

Page 241: ...s the term IP in a very general and inclusive way to identify all of the following Networks that use the Internet Protocol along with accompanying protocols such as TCP UDP and ICMP Packets that include an IP header within their structure Devices that send IP packets About IP Addressing Every networking protocol uses some form of addressing in order to ensure that packets are delivered correctly I...

Page 242: ...e organizations that have very large numbers of IP hosts while smaller organizations with fewer hosts get Class B or Class C addresses You can tell the various classes apart by the value of the first or high order byte Class A networks use values from 1 to 127 Class B networks use values from 128 to 191 and Class C networks use values from 192 to 223 The following table summarizes some of the diff...

Page 243: ... determine this information simply from an IP address Subnet mask information is configured as part of the process of setting up IP routers and gateways such as the Netopia 4753 Note If you receive a routed account from an ISP there must be a mask associated with your network IP address By using the IP address with the mask you can discover exactly how many IP host addresses you actually have To c...

Page 244: ...255 128 mask 192 168 1 2 via router Usable IP Addresses available to Customer Site A 192 168 1 1 192 168 1 126 Netopia 4753 A IP Address 192 168 1 2 Subnet Mask 255 255 255 128 Remote IP 192 168 1 129 Remote Sub 255 255 255 128 Gateway 192 168 1 1 Usable IP Addresses avail able to Customer Site A 192 168 1 1 192 168 1 126 PC 1 IP Address 192 168 1 3 Subnet Mask 255 255 255 128 Gateway 192 168 1 1 ...

Page 245: ...ble to access Customer Site A but not the Internet If it is not possible to define a static route on Router B RIP could be enabled to serve the same purpose To use RIP instead of a static route enable Transmit RIP on Netopia 4753 A and Transmit and Receive RIP on Router B This will allow the route from Customer Site B to propagate on Router B and Customer Site A Example Working with a Class C subn...

Page 246: ...information is helpful in determining dynamic address allocation for a network The term lease describes the action of a workstation requesting and using an IP address The address is dynamic and can be returned to the address pool at a later time The term renew refers to what the workstations do to keep their leased IP address At certain intervals the workstation talks to the DHCP or MacIP server a...

Page 247: ...workstation requests and renews its lease every half hour The Mac workstation relinquishes its address upon shutdown in all but one case If the TCP IP control panel is set to initialize at startup and no IP services are used or the TCP IP control panel is not opened the DHCP address will NOT be relinquished upon shutdown However if the TCP IP control panel is opened or if an IP application is used...

Page 248: ... why manually distributed addresses are called static addresses Static addresses are useful in cases when you want to make sure that a host on your network cannot have its address taken away by the address server Appropriate candidates for a static address include a network administrator s computer a computer dedicated to communicating with the Internet and routers Using address serving The Netopi...

Page 249: ...e s IP Setup screen This method requires a static value to be used Thus any user dialing in can obtain the same IP address for every connection to the profile If you want to serve addresses statically define the address in the Connection Profile Notes The addresses that are to be served cannot be used elsewhere For example you wouldn t want to define a static address in a Connection Profile to be ...

Page 250: ... the network address Address 199 1 1 47 is reserved as the broadcast address This leaves 14 addresses to allocate from 199 1 1 33 through 199 1 1 46 If you want to allocate a sub block of 10 addresses using DHCP enter 10 in the DHCP Setup screen s Number of Addresses to Allocate item Then in the same screen s First Address item enter the first address in the sub block to allocate so that all 10 ad...

Page 251: ...etwork address can be used on your main network while portions of it can be subnetted to the two remaining networks Note The IP address a b c 0 has letters in place of the first three numbers to generalize it for this example The figure shows a possible network configuration following this scheme The main network is set up with the Class C address a b c 0 and contains Router A which could be a Net...

Page 252: ...ion IP address The Netopia 4753 compares the packet s destination IP address with the routes in its IP routing table It begins with the route at the bottom of the list and works up until there s a match or the route to the default gateway is reached When a b c 249 is masked by the first route s subnet mask it yields a b c 248 which matches the network address in the route The Netopia 4753 uses the...

Page 253: ...ckets as well as to packets addressed to their specific individual host addresses Depending on the age and type of IP equipment you use broadcasts will be addressed using either all zeros or all ones but not both If your network requires zeros broadcasting you must configure this through SNMP Packet header types As previously mentioned IP works with other protocols to allow communication over IP n...

Page 254: ...B 14 Administration Guide ...

Page 255: ...0 104 1101000 9 1001 41 101001 73 1001001 105 1101001 10 1010 42 101010 74 1001010 106 1101010 11 1011 43 101011 75 1001011 107 1101011 12 1100 44 101100 76 1001100 108 1101100 13 1101 45 101101 77 1001101 109 1101101 14 1110 46 101110 78 1001110 110 1101110 15 1111 47 101111 79 1001111 111 1101111 16 10000 48 110000 80 1010000 112 1110000 17 10001 49 110001 81 1010001 113 1110001 18 10010 50 1100...

Page 256: ... 173 10101101 205 11001101 237 11101101 142 10001110 174 10101110 206 11001110 238 11101110 143 10001111 175 10101111 207 11001111 239 11101111 144 10010000 176 10110000 208 11010000 240 11110000 145 10010001 177 10110001 209 11010001 241 11110001 146 10010010 178 10110010 210 11010010 242 11110010 147 10010011 179 10110011 211 11010011 243 11110011 148 10010100 180 10110100 212 11010100 244 11110...

Page 257: ...ring Great Circle Associates Mountain View CA Chapman D Brent and Elizabeth D Zwicky Building Internet Firewalls O Reilly Associates Sebastopol CA 1995 Dense and technical but Chapter 6 provides a basic introduction to packet filtering Clark W SNA Internetworking ConneXions The Interoperability Report Vol 6 No 3 March 1992 Comer D E Internetworking with TCP IP Principles Protocols and Architecture...

Page 258: ... San Mateo CA 1992 Miller M A LAN Protocol Handbook M T Books San Mateo CA 1990 Miller M A LAN Troubleshooting Handbook M T Books San Mateo CA 1989 Perlman R Interconnections Bridges and Routers Addison Wesley Publishing Company Reading MA 1992 Rose M T The Open Book A Practical Perspective on OSI Prentice Hall Englewood Cliffs NJ 1990 Rose M T The Simple Book An Introduction to Management of TCP ...

Page 259: ...rks 2nd ed Prentice Hall Englewood Cliffs NJ 1988 Terplan K Communication Networks Management Prentice Hall Englewood Cliffs NJ 1992 Tsuchiya P Components of OSI IS IS Intra Domain Routing ConneXions The Interoperability Report Vol 3 No 8 August 1989 Tsuchiya P Components of OSI Routing An Overview ConneXions The Interoperability Report Vol 3 No 8 August 1989 Zimmerman H OSI Reference Model The IS...

Page 260: ...D 4 Administration Guide ...

Page 261: ...tions a 10 100Base T Ethernet port for your LAN connection 8 telephone extension jacks and a DB 9 Console port Power requirements 12 VDC input 1 5 amps Environment Operating temperature 0 to 40 C Storage temperature 0 to 70 C Relative storage humidity 20 to 80 noncondensing Software and protocols Software media Software preloaded on internal flash memory field upgrades done via download to interna...

Page 262: ... this product and other electrical devices United States This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency e...

Page 263: ... requirements The Department does not guarantee the equipment will operate to the user s satisfaction Before installing this equipment users should ensure that it is permissible to be connected to the facilities of the local telecommunications company The equipment must also be installed using an acceptable method of connection In some cases the company s inside wiring associated with a single lin...

Page 264: ...rated 12Vdc 1 5A CAUTION Europe Only For use only with a GS approved Limited Power Source rated 12Vdc 1 5A TELECOMMUNICATION INSTALLATION CAUTIONS When using your telephone equipment basic safety precautions should always be followed to reduce the risk of fire electric shock and injury to persons including the following 1 Do not use this product near water for example near a bathtub wash bowl kitc...

Page 265: ...eens CLI also SNMP Data features Routing Network Protocols IP routing Dynamic Host Configuration Protocol DHCP Server RFC 2131 Client RFC 2131 and Relay Agent RFC 1542 NAT NAPT Network Address and Network Address Port Translation RFC 1631 Port Translation allows mail Web PPTP IPsec and other servers on the LAN to be accessible from the Internet MultiNAT Sophisticated NAT extension that provides se...

Page 266: ...subnet IP Addressing Dynamic Host Configuration Protocol DHCP and BootP servers Supports up to 8 different pools of IP addresses one per subnet with a maximum of 512 addresses WAN IP Interface Numbered or Unnumbered Interface Quality of service TOS Bit Type of Service or application based queuing Frame Relay FRF 12 support ATM UBR CBR VBR rt support Management with G HSDSLAMs Automatically hunts t...

Page 267: ...al tone for outside calling to any connected extension CallerID support with connected CallerID equipment delivers name and telephone number during call waiting Selective Compression Each port configurable for either 64 Kbps PCM or 32 Kbps ADPCM Voice quality G 168 echo cancellation 16 millisecond fixed tail length Crosstalk of no more than 40 db Time slips corrected on hold times of up to 15 minu...

Page 268: ...E 8 Administration Guide Speed Dialing by dialing a feature code Three Way Calling Custom Ringing Distinctive Ringing ...

Page 269: ...e center of the star to a wall jack broadcast A network transaction that sends data to all hosts connected to the network burstiness Data that uses bandwidth only sporadically that is information that does not use the total bandwidth of a circuit 100 percent of the time During pauses channels are idle and no traffic flows across them in either direction Interactive and LAN to LAN data is bursty in...

Page 270: ...n A North American standards association Ethernet A networking protocol that defines a type of LAN characterized by a 10 Mbps megabits per second data rate Ethernet is used in many mainframe PC and UNIX networks as well as for EtherTalk Ethernet address Sometimes referred to as a hardware address A 48 bits long number assigned to every Ethernet hardware device Ethernet addresses are usually expres...

Page 271: ...ccess services and products to other companies and consumers ITU International Telecommunication Union United Nations specialized agency for telecommunications Successor to CCITT LAN local area network A privately owned network that offers high speed communications channels to connect information processing equipment in a limited geographic area MIB management information base A standardized struc...

Page 272: ...standard connector type usually containing eight pins router A device that supports network communications A router can connect identical network types such as LocalTalk to LocalTalk or dissimilar network types such as LocalTalk to Ethernet However unless a gateway is available a common protocol such as TCP IP must be used over both networks Routers may be equipped to provide WAN line support to t...

Page 273: ... as a TFTP server to an IP networking device such as the Netopia ISDN Router thicknet Industry jargon for 10Base5 coaxial cable the original Ethernet cabling thinnet Industry jargon for 10Base2 coaxial cable which is thinner smaller in diameter than the original Ethernet cabling UDP User Datagram Protocol A TCP IP protocol describing how packets reach applications in destination nodes wall jack A ...

Page 274: ...6 Administration Guide ...

Page 275: ...9 connecting to an Ethernet network 5 3 connecting to the configuration screens 9 15 connection profiles defined 7 7 console configuring 9 19 connection problems A 2 screens connecting to 9 15 console configuration 9 19 console based management configuring with 6 1 7 1 9 1 D D port 13 9 Data Encryption Standard DES 12 12 date and time setting 9 17 deciding on an ISP account 2 2 default profile 9 1...

Page 276: ...3 13 defined 13 4 deleting 13 15 disadvantages of 13 10 input 13 13 modifying 13 15 output 13 13 using 13 11 viewing 13 15 firewall 13 16 firmware files updating with TFTP 15 7 updating with XMODEM 15 10 FTP sessions 13 19 further reading D 1 G general statistics 14 11 Glossary 1 H how to reach us A 4 I input filter 3 13 17 input filters 1 and 2 13 17 input filters 4 and 5 13 17 Internet addresses...

Page 277: ...B 5 IP setup 7 8 IPX setup 7 8 monitoring 14 1 security 13 1 system utilities and diagnostics 15 1 Network Address Translation 10 3 see NAT 10 1 network problems A 2 network status overview 14 1 O output filter 1 13 17 P packet header B 13 password to protect security screen 13 2 user accounts 13 1 PAT Port Address Translation 11 2 permanent virtual circuit 9 3 ping 15 2 ping test configuring and ...

Page 278: ... firmware 15 7 uploading configuration files 15 9 TFTP transferring files 15 7 Trivial File Transfer Protocol TFTP 15 7 Trivial File Transfer Protocol see TFTP troubleshooting A 1 configuration PC A 1 console based management 7 2 event histories 14 4 WAN statistics 14 11 trusted host 13 18 trusted subnet 13 18 tunnel options ATMP 12 19 PPTP 12 3 tunneling 12 2 U updating firmware with TFTP 15 7 wi...

Page 279: ...Index 5 WAN event history 14 5 Windows NT Domain Name 12 6 X XMODEM 15 10 XMODEM file transfers downloading configuration files 15 11 updating firmware 15 10 uploading configuration files 15 12 ...

Page 280: ...Index 6 ...

Page 281: ...ES OF MER CHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE REGARDING THE ENCLOSED PRODUCT EXCEPT AS OTHERWISE EXPRESSLY PROVIDED ABOVE NETOPIA AND ITS LICENSOR S DO NOT WARRANT GUARANTEE OR MAKE ANY REPRESENTATION REGARDING THE USE OR THE RESULTS OF THE USE OF THE PRODUCT IN TERMS OF ITS CORRECTNESS ACCURACY RELIABILITY CURRENTNESS OR OTHERWISE THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF...

Page 282: ...2 Administration Guide ...

Reviews:

No comments

Related manuals for 4753

Brand: Profile Pages: 6

Brand: Speedtouch Pages: 124

Brand: Jøtul Pages: 20

LBON320AC Series

Brand: Lindsay Broadband Pages: 4

Brand: Paradyne Pages: 6

Brand: Maipu Pages: 26

Brand: Valcom Pages: 4

Brand: Tripp Lite Pages: 2

Brand: Altimium Pages: 12

Security Router X-PeditionTM

Brand: Enterasys Pages: 466

Brand: Perle Pages: 4

FiberTwist XGS2420

Brand: Genexis Pages: 7

Brand: Patton electronics Pages: 8

WRT330N - Wireless-N Gigabit Gaming Router Wireless

Brand: Linksys Pages: 92

Brand: Tripp Lite Pages: 2

Brand: Acer Pages: 22

Aspire EASYSTORE H341

Brand: Acer Pages: 59

Brand: Acer Pages: 58

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands