manualshive.com logo in svg

Nortel BCM50a, Configuration Manual

The Nortel BCM50a Configuration Manual is a comprehensive guide that provides step-by-step instructions for setting up and customizing your BCM50a system. Download this manual for free from manualshive.com to unlock the full potential of your Nortel BCM50a and seamlessly configure it to meet your business needs.

Share
Download
background image

300

Appendix J Log descriptions

N0115791

Table 75   

Sample IKE key exchange logs

Log Message

Description

Send <Symbol> Mode request to 
<IP>Send <Symbol> Mode 
request to <IP>

The BCM50a Integrated Router has started 

negotiation with the peer.

Recv <Symbol> Mode request 
from <IP>Recv <Symbol> Mode 
request from <IP>

The BCM50a Integrated Router has received an IKE 

negotiation request from the peer.

Recv:<Symbol>

IKE uses the ISAKMP protocol (refer to RFC2408 – 

ISAKMP) to transmit data. Each ISAKMP packet 

contains payloads of different types that show in the 

log (see 

Table 77

).

Phase 1 IKE SA process done

Phase 1 negotiation is finished. 

Start Phase 2: Quick Mode

Phase 2 negotiation is beginning using Quick Mode.

!! IKE Negotiation is in 
process

The BCM50a Integrated Router has begun 

negotiation with the peer for the connection already, 

but the IKE key exchange is not finished yet.

!! Duplicate requests with 
the same cookie

The BCM50a Integrated Router has received 

multiple requests from the same peer but it is still 

processing the first IKE packet from that peer.

!! No proposal chosen

The parameters configured for Phase 1 or Phase 2 

negotiations do not match. Check all protocols and 

settings for these phases. For example, one party is 

using 3DES encryption, but the other party is using 

DES encryption, so the connection fails.

!! Verifying Local ID 
failed!! Verifying Remote ID 
failed

During IKE Phase 2 negotiation, both parties 

exchange policy details, including local and remote 

IP address ranges. If these ranges differ, the 

connection fails.

!! Local / remote IPs of 
incoming request conflict 
with rule <#d>

If the security gateway is 0.0.0.0, the BCM50a 

Integrated Router uses the peer Local Addr as its 

Remote Addr. If this IP (range) conflicts with a 

previously configured rule then the connection is not 

allowed.

!! Invalid IP <IP start>/<IP 
end>

The Local IP Addr range for the peer is invalid.

!! Remote IP <IP start> / <IP 
end> conflicts

If the security gateway is 0.0.0.0, the BCM50a 

Integrated Router uses Local Addr for the peer as its 

Remote Addr. If a peer Local Addr range conflicts 

with other connections, the BCM50a Integrated 

Router does not accept VPN connection requests 

from this peer.

Summary of Contents for BCM50a

Page 1: ...BCM50a BCM50a Integrated Router Document Number N0115791 Document Version 1 0 Date September 2006 BCM50a Integrated Router Configuration Advanced ...

Page 2: ...xpress or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Nortel Trademarks Nortel Nortel Logo the Globemark and This is the way This is Nortel Design mark are trademarks of Nortel Microsoft MS MS DOS Windows and Windows NT are registered trademarks of Microsoft Corporation All...

Page 3: ...N 25 EMEA Europe Middle East Africa 25 Technical Support CTAS 25 CALA Caribbean Latin America 26 Technical Support CTAS 26 APAC Asia Pacific 26 Technical Support GNTS 26 Chapter 1 Getting to know your BCM50a Integrated Router 29 Introducing the BCM50a Integrated Router 29 Features 29 Physical features 30 High speed Internet access 30 ADSL standards 30 Networking compatibility 31 Multiplexing 31 En...

Page 4: ... Play UPnP 34 Call scheduling 34 PPPoE 34 Dynamic DNS support 34 IP Multicast 35 IP Alias 35 Central Network Management 35 SNMP 35 Network Address Translation NAT 35 Traffic Redirect 36 Port Forwarding 36 DHCP Dynamic Host Configuration Protocol 36 Full network management 36 Logging and tracing 36 Upgrade BCM50a Integrated Router Firmware 37 Embedded FTP and TFTP Servers 37 Applications for the BC...

Page 5: ...5 Configuring dynamic DNS 48 Chapter 3 WAN Setup 53 Introduction to WAN setup 53 WAN setup 53 Traffic redirect setup 55 Chapter 4 LAN setup 57 Introduction to LAN setup 57 Accessing the LAN menus 57 LAN port filter setup 57 TCP IP and DHCP ethernet setup menu 58 IP Alias Setup 61 Chapter 5 Internet access 65 Internet access configuration 65 Basic setup complete 67 Chapter 6 Remote Node setup 69 In...

Page 6: ...oute Setup 83 Chapter 8 Dial in User Setup 87 Dial in User Setup 87 Chapter 9 Network Address Translation NAT 89 Using NAT 89 SUA Single User Account Versus NAT 89 Applying NAT 89 NAT setup 92 Address Mapping Sets 92 SUA Address Mapping Set 93 User Defined Address Mapping Sets 95 Ordering your rules 96 Configuring a server behind NAT 99 General NAT examples 103 Internet access only 103 Example 2 I...

Page 7: ...ing a TCP IP Filter Rule 123 Configuring a Generic Filter Rule 128 Example Filter 130 Filter Types and NAT 133 Firewall Versus Filters 134 Applying a Filter 134 Applying LAN Filters 135 Applying Remote Node Filters 135 Chapter 12 SNMP Configuration 137 SNMP Configuration 137 SNMP Traps 139 Chapter 13 System security 141 System security 141 System password 141 Configuring external RADIUS server 142...

Page 8: ...g the FTP command from the command line 163 Example of FTP commands from the command line 164 GUI based FTP clients 164 TFTP and FTP over WAN Management Limitations 164 Backup configuration using TFTP 165 TFTP command example 166 GUI based TFTP clients 166 Restore configuration 167 Restore Using FTP 167 Restore using FTP session example 169 Uploading Firmware and Configuration Files 169 Firmware f...

Page 9: ... setting 181 Resetting the Time 184 Chapter 17 Remote Management 185 Remote Management 185 Remote Management Limitations 187 Chapter 18 Call scheduling 189 Introduction 189 Appendix A Setting up your computer IP address 193 Windows 95 98 Me 193 Installing components 194 Configuring 195 Verifying Settings 196 Windows 2000 NT XP 197 Verifying Settings 201 Macintosh OS 8 9 201 Verifying Settings 202 ...

Page 10: ...ng SSL Client Certificates 215 Using a certificate when accessing the BCM50a Integrated Router example 223 Appendix D PPPoE 225 PPPoE in action 225 Benefits of PPPoE 225 Traditional dial up scenario 225 How PPPoE works 226 BCM50a Integrated Router as a PPPoE client 226 Appendix E Hardware specifications 229 Cable pin assignments 229 Appendix F IP subnetting 231 IP addressing 231 IP classes 231 Sub...

Page 11: ...duction 279 Display NetBIOS filter settings 280 NetBIOS filter configuration 280 Example commands 281 Appendix I Enhanced DHCP option commands 282 Enhanced DHCP option commands introduction 282 Specifying the Nortel BCM50 IP address 282 Nortel BCM50 DHCP server options 283 BCM50 DHCP server settings 283 BCM50 IP sets override setting 284 Nortel i2004 IP phone options 285 VoIP server settings assig...

Page 12: ...ons 289 VPN IPSec logs 297 VPN responder IPSec log 299 Log commands 305 Configuring what you want the BCM50a Integrated Router to log 306 Displaying logs 306 Log command example 307 Appendix K Brute force password guessing protection 309 Index 311 ...

Page 13: ... Ethernet setup 59 Figure 15 Menu 3 2 1 IP Alias setup 62 Figure 16 Menu 4 Internet Access Setup 66 Figure 17 Menu 11 Remote Node Setup 71 Figure 18 Menu 11 1 Remote Node Profile 72 Figure 19 Menu 11 3 Remote Node Network Layer Options 75 Figure 20 Menu 11 1 4 Remote Node Filter Ethernet Encapsulation 78 Figure 21 Menu 11 1 4 Remote Node Filter PPPoE or PPPoA Encapsulation 78 Figure 22 Menu 11 6 f...

Page 14: ...5 2 Specifying an inside server 106 Figure 45 NAT example 3 107 Figure 46 Example 3 Menu 11 3 108 Figure 47 Example 3 Menu 15 1 1 1 109 Figure 48 Example 3 Final Menu 15 1 1 110 Figure 49 Example 3 Menu 15 2 111 Figure 50 Menu 15 3 Trigger Port Setup 112 Figure 51 Menu 21 Filter and Firewall Setup 115 Figure 52 Menu 21 2 Firewall Setup 116 Figure 53 Outgoing packet filtering process 118 Figure 54 ...

Page 15: ...WAN LAN DHCP 159 Figure 80 Menu 24 5 System Maintenance Backup Configuration 163 Figure 81 FTP Session Example 164 Figure 82 Telnet into Menu 24 6 168 Figure 83 Restore using FTP session example 169 Figure 84 Telnet Into Menu 24 7 1 Upload System Firmware 170 Figure 85 Telnet Into Menu 24 7 2 System Maintenance 170 Figure 86 FTP Session Example of Firmware File Upload 172 Figure 87 Command mode in...

Page 16: ...e Import Wizard 1 212 Figure 117 Certificate Import Wizard 2 213 Figure 118 Certificate Import Wizard 3 214 Figure 119 Root Certificate Store 214 Figure 120 Certificate General Information after Import 215 Figure 121 BCM50a Integrated Router Trusted CA screen 216 Figure 122 CA certificate example 217 Figure 123 Personal certificate import wizard 1 218 Figure 124 Personal certificate import wizard ...

Page 17: ... 17 BCM50a Integrated Router Configuration Advanced Figure 135 NetBIOS Display Filter Settings Command Example 280 Figure 136 Example VPN initiator IPSec log 298 Figure 137 Example VPN responder IPSec log 299 ...

Page 18: ...18 Figures N0115791 ...

Page 19: ...ork Layer Options 75 Table 14 Menu 11 8 Advance Setup Options 81 Table 15 IP Static Route Menu Fields 85 Table 16 Menu 14 1 Edit Dial in User 88 Table 17 Applying NAT in Menus 4 11 3 91 Table 18 SUA Address Mapping Rules 94 Table 19 Fields in menu 15 1 1 97 Table 20 Menu 15 1 1 1 Editing or configuring an individual rule in a set 98 Table 21 15 2 1 NAT Server Configuration 101 Table 22 Menu 15 3 T...

Page 20: ...e 41 Menu 26 1 Schedule Set Setup 191 Table 42 General specifications 229 Table 44 Allowed IP address range By class 232 Table 43 Classes of IP addresses 232 Table 45 Natural Masks 233 Table 46 Alternative Subnet Mask Notation 234 Table 47 Subnet 1 235 Table 48 Subnet 2 235 Table 49 Subnet 1 236 Table 50 Subnet 2 236 Table 53 Eight subnets 237 Table 51 Subnet 3 237 Table 52 Subnet 4 237 Table 54 C...

Page 21: ...gs 291 Table 71 Access logs 293 Table 72 ACL setting notes 296 Table 73 ICMP notes 296 Table 74 Sys log 297 Table 75 Sample IKE key exchange logs 300 Table 76 Sample IPSec logs during packet transmission 302 Table 77 RFC 2408 ISAKMP payload types 302 Table 78 PKI logs 303 Table 79 Certificate path verification failure reason codes 304 Table 80 Log categories and available settings 306 Table 81 Bru...

Page 22: ...22 Tables N0115791 ...

Page 23: ...e SMT Text conventions This guide uses the following text conventions Note This guide explains how to use the System Management Terminal SMT or the command interpreter interface to configure your BCM50a Integrated Router See the basic manual for how to use the WebGUI to configure your BCM50a Integrated Router Not all features can be configured through all interfaces Enter means for you to type one...

Page 24: ...e specific category and model or version for your hardware or software product Use Adobe Reader to open the manuals and release notes search for the sections you need and print them on most standard printers Go to Adobe Systems at www adobe com to download a free copy of the Adobe Reader How to get help If you do not see an appropriate number in this list go to www nortel com cs A single keystroke...

Page 25: ...questions and first line support you can enter ERC 338 Web Site www nortel com cs Presales Support CSAN Telephone 1 800 4NORTEL 1 800 466 7835 Use Express Routing Code ERC 1063 EMEA Europe Middle East Africa Technical Support CTAS Telephone European Free phone 00800 800 89009 European Alternative Calls are not free from all countries in Europe Middle East or Africa Fax 44 191 555 7980 E mail emeah...

Page 26: ...sk 61 2 8870 5511 Sydney Technical Support GNTS Telephone 612 8870 8800 Fax 612 8870 5569 E mail asia_support nortel com Australia 1 800 NORTEL 1 800 667 835 China 010 6510 7770 India 011 5154 2210 Indonesia 0018 036 1004 Japan 0120 332 533 Malaysia 1800 805 380 New Zealand 0800 449 716 Philippines 1800 1611 0063 Singapore 800 616 2004 South Korea 0079 8611 2001 Taiwan 0800 810 500 ...

Page 27: ...Preface 27 BCM50a Integrated Router Configuration Advanced Thailand 001 800 611 3007 Service Business Centre Pre Sales Help Desk 61 2 8870 5511 ...

Page 28: ...28 Preface N0115791 ...

Page 29: ...scriber Line Plus ADSL2 port into a single package The BCM50a Integrated Router is ideal for high speed Internet browsing and making LAN to LAN connections to remote networks By integrating Digital Subscriber Line DSL and Network Address Translation NAT the BCM50a Integrated Router provides easy installation and Internet access By integrating firewall and Virtual Private Network VPN capabilities t...

Page 30: ...umber of configurable IPSec VPN IP policies network policies 60 Number of concurrent IKE Internet Key Exchange Phase 1 Security Associations These correspond to the gateway policies 10 Number of concurrent IPSec VPN tunnels Phase 2 Security Associations These correspond to the network policies and are also monitorable and manageable For example 5 IKE gateway policies could each use 12 IPSec tunnel...

Page 31: ... F4 F5 OAM Networking compatibility Your BCM50a Integrated Router is compatible with the major ADSL Digital Subscriber Line Access Multiplexer DSLAM providers making configuration as simple as possible Multiplexing The BCM50a Integrated Router supports VC based and LLC based multiplexing Encapsulation The BCM50a Integrated Router supports PPPoA RFC 2364 PPP over ATM Adaptation Layer 5 RFC 1483 enc...

Page 32: ...nt Manager Administration Utilities Reset page Use this button to restore the factory default password to setup and the IP address to 192 168 1 1 subnet mask 255 255 255 0 and DHCP server enabled with a pool of 126 IP addresses starting at 192 168 1 2 Nonphysical features IPSec VPN capability Establish Virtual Private Network VPN tunnels to connect home or office computers to your company network ...

Page 33: ...pts and decrypts web sessions Use HTTPS for secure WebGUI access to the BCM50a Integrated Router Firewall The BCM50a Integrated Router has a stateful inspection firewall with DoS Denial of Service protection By default when the firewall is activated all incoming traffic from the WAN Wide Area Network to the LAN is blocked unless it is initiated from the LAN The BCM50a Integrated Router firewall su...

Page 34: ...the standard TCP IP protocol the BCM50a Integrated Router and other UPnP enabled devices can dynamically join a network obtain an IP address and convey its capabilities to other devices on the network Call scheduling Configure call time periods to restrict and allow access for users on remote nodes PPPoE PPPoE facilitates the interaction of a host with an Internet modem to achieve access to high s...

Page 35: ...nt With Central Network Management CNM an enterprise or service provider network administrator can manage your BCM50a Integrated Router The enterprise or service provider network administrator can configure your BCM50a Integrated Router perform firmware upgrades and do troubleshooting for you SNMP SNMP Simple Network Management Protocol is a protocol used for exchanging management information betw...

Page 36: ...Integrated Router has built in DHCP server capability enabled by default which means it can assign IP addresses an IP default gateway and DNS servers to all systems that support the DHCP client The BCM50a Integrated Router can also act as a surrogate DHCP server where it relays IP address assignment from another DHCP server to the clients Full network management The embedded web configurator is an...

Page 37: ...restoration Applications for the BCM50a Integrated Router Secure broadband internet access and VPN The BCM50a Integrated Router provides broadband Internet access through ADSL The BCM50a Integrated Router also provides IP address sharing and a firewall protected local network with traffic management The BCM50a Integrated Router VPN is an ideal cost effective way to connect branch offices and busin...

Page 38: ...15791 Figure 1 Secure Internet Access and VPN Application Caution Electro static Discharge can disrupt the router Use appropriate handling precautions to avoid ESD Avoid touching the connectors on the router particularly when it is in use BCM50a Integrated Router ...

Page 39: ...u how to navigate the SMT and how to configure SMT menus Initial screen When you turn on your BCM50a Integrated Router it performs several internal tests as well as line initialization After the tests the BCM50a Integrated Router asks you to press ENTER to continue as shown in Figure 2 Figure 2 Initial screen Logging on to the SMT The logon screen appears after you press ENTER prompting you to ent...

Page 40: ...igating the SMT interface The SMT is an interface that you use to configure your BCM50a Integrated Router Table 2 lists several operations you must be familiar with before attempting to modify the configuration Table 2 Main menu commands Operations Keystrokes Descriptions Move down to another menu ENTER To move forward to a submenu type in the number of the desired submenu and press ENTER Move up ...

Page 41: ... types of fields The first requires you to type in the appropriate information The second allows you to cycle through the available choices by pressing SPACE BAR Required fields All fields with the symbol must be filled in order be able to save the new configuration N A fields N A Some of the fields in the SMT will show a N A This symbol refers to an option that is Not Applicable Save your configu...

Page 42: ...rmation 2 WAN Setup Use this menu to configure the backup WAN connection 3 LAN Setup Use this menu to apply LAN filters configure LAN DHCP and TCP IP settings 4 Internet Access Setup Configure your Internet Access setup Internet address gateway IP address and logon with this menu 11 Remote Node Setup Use this menu to configure detailed remote node settings your ISP is also a remote node as well as...

Page 43: ...s ENTER 5 Retype your new system password in the Retype to confirm field for confirmation and press ENTER Note that as you type a password the screen displays an asterisk for each character you type 23 System Security Use this menu to change your password and enable network user authentication 24 System Maintenance From displaying system status to uploading firmware this menu provides comprehensiv...

Page 44: ...44 Chapter 2 Introducing the SMT N0115791 SMT menus at a glance Figure 6 SMT overview ...

Page 45: ...n Menu 1 general setup The Menu 1 General Setup screen appears as shown in Figure 7 Fill in the required fields Figure 7 Menu 1 General Setup Menu 1 General Setup System Name Domain Name First System DNS Server From ISP IP Address N A Second System DNS Server From ISP IP Address N A Third System DNS Server From ISP IP Address N A Edit Dynamic DNS No Route IP Yes Bridge No Press ENTER to Confirm or...

Page 46: ... up to 30 alphanumeric characters long Spaces dashes and underscores _ are accepted BCM50a Integrated Router Domain name Enter the domain name if you know it here If you leave this field blank the ISP assigns a domain name via DHCP You can go to menu 24 8 and type sys domain name to see the current domain name used by your router The domain name entered by you is given priority over the ISP assign...

Page 47: ...ISP changes to None after you save your changes If you select From ISP for the second or third DNS server but the ISP does not provide a second or third IP address From ISP changes to None after you save your changes Select User Defined if you have the IP address of a DNS server The IP address can be public or a private address on your local LAN Enter the DNS server s IP address in the field to th...

Page 48: ...es must include the LAN IP address of the BCM50a Integrated Router as a local IP address and the IP address of the DNS server as a remote IP address A Private DNS entry with the IP address set to 0 0 0 0 changes to None after you click Apply A duplicate Private DNS entry changes to None after you save your changes Edit dynamic DNS Press SPACE BAR and then ENTER to select Yes or No default Select Y...

Page 49: ...NS menu fields Field Description Example Service Provider This is the name of your Dynamic DNS service provider www dyndns org default Active Press SPACE BAR to select Yes and then press ENTER to make dynamic DNS active Yes DDNS Type Press SPACE BAR and then ENTER to select DynamicDNS if you have a dynamic IP addresses Select StaticDNS if you have a static IP addresses Select CustomDNS to have dyn...

Page 50: ...P address DDNS does not work with a private IP address When both fields are set to No the BCM50a Integrated Router must have a public WAN IP address in order for DDNS to work DDNS Server Auto Detect IP Address Press SPACE BAR to select Yes and then press ENTER to have the DDNS server automatically update the IP address of the host names with the public IP address that the BCM50a Integrated Router ...

Page 51: ...Chapter 2 SMT menu 1 general setup 51 BCM50a Integrated Router Configuration Advanced The IP address updates when you reconfigure menu 1 or perform DHCP client renewal ...

Page 52: ...52 Chapter 2 SMT menu 1 general setup N0115791 ...

Page 53: ...on Advanced Chapter 3 WAN Setup This chapter describes how to configure the WAN using Menu 2 Introduction to WAN setup This chapter explains how to configure the settings for your WAN port WAN setup From the main menu enter 2 to open Menu 2 ...

Page 54: ...ic Dial Backup Metric The BCM50a Integrated Router uses the connection with the lowest metric value first The default WAN connection is 1 as your broadband connection through the WAN port must always be your preferred method of accessing the WAN The default priority of the routes is WAN Traffic Redirect and then Dial Backup dial backup does not apply to all BCM50a Integrated Router models You have...

Page 55: ... No No Port Speed Press SPACE BAR and then press ENTER to select the speed of the connection between the dial backup port and the external device Available speeds are 9600 19200 38400 57600 115200 or 230400 b s 115200 AT Command String Init Enter the AT command string to initialize the WAN device Consult the manual of the WAN device connected to your Dial Backup port for specific AT commands at fs...

Page 56: ...rmine if the WAN connection is down Configuration Backup Gateway IP Address Enter the IP address of your backup gateway in dotted decimal notation The BCM50a Integrated Router automatically forwards traffic to this IP address if the Internet connection of the BCM50a Integrated Router terminates Metric This field sets the priority for this route among the routes the BCM50a Integrated Router uses Th...

Page 57: ...ons Accessing the LAN menus From the main menu enter 3 to open Menu 3 LAN setup Figure 11 Menu 3 LAN setup LAN port filter setup With Menu 3 you can specify the filter sets that you wish to apply to the LAN traffic You seldom need to filter the LAN traffic however the filter sets are useful to block certain packets reduce traffic and prevent security breaches Menu 3 LAN Setup 1 LAN Port Filter Set...

Page 58: ...N Setup From menu 3 select the submenu option TCP IP and DHCP Setup and press ENTER The screen now displays Menu 3 2 TCP IP and DHCP Ethernet Setup as shown in Figure 14 Menu 3 1 LAN Port Filter Setup Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Press ENTER to Confirm or ESC to Cancel Menu 3 LAN Setup 1 LAN Port Filter Setup 2 TCP IP and DHCP...

Page 59: ... None IP Address N A Edit IP Alias No Third DNS Server From ISP IP Address N A DHCP Server Address N A Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Follow the instructions in Table 8 to configure the DHCP fields Table 8 DHCP Ethernet setup menu fields Field Description Example DHCP This field enables and disables the DHCP server If set to Server your BCM50a Integrated Router w...

Page 60: ...eave the IP address set to 0 0 0 0 User Defined changes to None after you save your changes If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None after you save your changes Select DNS Relay to have the BCM50a Integrated Router act as a DNS proxy The BCM50a Integrated Router s LAN IP address displays in the IP Address field below read only...

Page 61: ...you are implementing subnetting use the subnet mask computed by the BCM50a Integrated Router 255 255 255 0 RIP Direction Press SPACE BAR and then ENTER to select the RIP direction Options are Both In Only Out Only or None Both default Version Press SPACE BAR and then ENTER to select the RIP version Options are RIP 1 RIP 2B or RIP 2M RIP 1 default Multicast IGMP Internet Group Multicast Protocol is...

Page 62: ...filters N A Outgoing protocol filters N A Enter here to CONFIRM or ESC to CANCEL Press Space Bar to Toggle Table 10 IP Alias setup menu field Field Description Example IP Alias Choose Yes to configure the LAN network for the BCM50a Integrated Router Yes IP Address Enter the IP address of your BCM50a Integrated Router in dotted decimal notation 192 168 1 1 IP Subnet Mask Your BCM50a Integrated Rout...

Page 63: ...en ENTER to select the RIP version Options are RIP 1 RIP 2B or RIP 2M RIP 1 Incoming Protocol Filters Enter the filter sets you wish to apply to the incoming traffic between this node and the BCM50a Integrated Router 1 Outgoing Protocol Filters Enter the filter sets you wish to apply to the outgoing traffic between this node and the BCM50a Integrated Router 2 Table 10 IP Alias setup menu field Fie...

Page 64: ...64 Chapter 4 LAN setup N0115791 ...

Page 65: ... can access in Menu 11 Before you configure your BCM50a Integrated Router for Internet access you must collect your Internet account information Use your Internet account information from your ISP to fill in this menu Note that if you are using PPPoA or PPPoE encapsulation the only ISP information you need is a logon name and password You only need to know the Ethernet Encapsulation Gateway IP add...

Page 66: ...purposes only ChangeMe Encapsulation Press SPACE BAR to select the method of encapsulation used by your ISP Choices are PPPoE PPPoA RFC 1483 or ENET ENCAP ENET ENCAP Multiplexing Press SPACE BAR to select the method of multiplexing used by your ISP Choices are VC based or LLC based LLC based VPI Enter the Virtual Path Identifier VPI that the telephone company gives you 8 VCI Enter the Virtual Chan...

Page 67: ...dle seconds that elapse before the BCM50a Integrated Router automatically disconnects the PPPoE session 0 IP Address Assignment Press SPACE BAR to select Static or Dynamic address assignment Dynamic IP Address Enter the IP address supplied by your ISP if applicable N A Network Address Translation Press SPACE BAR to select None SUA Only or Full Feature For more details about the single user account...

Page 68: ...68 Chapter 5 Internet access N0115791 ...

Page 69: ... node s profile in menu 11 1 as well as configure specific settings in three submenus edit IP and bridge options in menu 11 3 edit ATM options in menu 11 6 and edit filter sets in menu 11 5 Outgoing Authentication Protocol Generally speaking you should employ the strongest authentication protocol possible for obvious reasons However some vendor s implementation includes a specific authentication p...

Page 70: ...led up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection and the cost is of no concern The following table describes the fields specific to PPPoE encapsulation Remote Node setup This section describes the protocol independent parameters for a remote node Remote Node pro...

Page 71: ...g methods because they cannot be automatically determined What methods you use also depends on how many VCs you have and how many different network protocols you need The extra overhead that ENET ENCAP encapsulation entails makes it a poor choice in a LAN to LAN application Here are some examples of more suitable combinations in such an application Scenario 1 One VC Multiple Protocols PPPoA RFC 23...

Page 72: ...rofile Rem Node Name ChangeMe Route IP Active Yes Bridge No Encapsulation ENET ENCAP Edit IP Bridge No Multiplexing LLC based Edit ATM Options No Service Name N A Edit Advance Options N A Incoming Telco Option Rem Login N A Allocated Budget min N A Rem Password N A Period hr N A Outgoing Schedule Sets N A My Login N A Nailed Up Connection N A My Password N A Session Options Authen N A Edit Filter ...

Page 73: ...Integrated Router Outgoing My Login Type the login name assigned by your ISP when the BCM50a Integrated Router calls this remote node My Password Type the password assigned by your ISP when the BCM50a Integrated Router calls this remote node Authen This field sets the authentication protocol used for outgoing calls Options for this field are CHAP PAP Your BCM50a Integrated Router will accept eithe...

Page 74: ...iod hr is 1 hour Schedule Sets This field is only applicable for PPPoE and PPPoA encapsulation You can apply up to four schedule sets here For more details please refer to the Call scheduling chapter Nailed up Connection This field is only applicable for PPPoE and PPPoA encapsulation This field specifies if you want to make the connection to this remote node a nailed up connection More details are...

Page 75: ...dr 0 0 0 0 Rem Subnet Mask 0 0 0 0 My WAN Addr N A NAT SUA Only Address Mapping Set N A Metric 2 Private No RIP Direction None Version RIP 1 Multicast None Enter here to CONFIRM or ESC to CANCEL Table 13 Menu 11 3 Remote Node Network Layer Options Field Description Example IP Address Assignment Press SPACE BAR and then ENTER to select Dynamic if the remote node is using a dynamically assigned IP a...

Page 76: ...page 89 for details and type that number here When SUA Only is selected in the NAT field the SMT uses NAT server set 1 in menu 15 2 see Chapter 9 Network Address Translation NAT on page 89 for details 2 Metric The metric represents the cost of transmission for routing purposes IP routing uses hop count as the cost measurement with a minimum of 1 for directly connected networks Type a number that a...

Page 77: ...specify up to 4 filter sets separated by commas for example 1 5 9 12 in each filter field Note that spaces are accepted in this field For more information on defining the filters please refer to Chapter 11 Filter configuration For PPPoE or PPPoA encapsulation you have the additional option of specifying remote node call filter sets Multicast IGMP v1 sets IGMP to version 1 IGMP v2 sets IGMP to vers...

Page 78: ...e Traffic redirect setup on page 55 Menu 11 1 4 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL Menu 11 1 4 Remote Node Filter Input Filter Sets protocol filters Device filters Output Filter Sets protocol filters device filters Call Filter Sets protocol filters Device filters Enter here t...

Page 79: ... menu 11 1 VC based Multiplexing non PPP Encapsulation For VC based multiplexing by prior agreement a protocol is assigned a specific virtual circuit for example VC1 will carry IP Separate VPI and VCI numbers must be specified for each protocol Figure 22 Menu 11 6 for VC based Multiplexing LLC based Multiplexing or PPP Encapsulation For LLC based multiplexing or PPP encapsulation one VC carries mu...

Page 80: ...Profile Menu 11 6 Remote Node ATM Layer Options VPI VCI LLC Multiplexing or PPP Encapsulation VPI 8 VCI 35 ATM QoS Type UBR ENTER here to CONFIRM or ESC to CANCEL Menu 11 1 Remote Node Profile Rem Node Name MyISP Route IP Active Yes Bridge No Encapsulation PPPoE Edit IP Bridge No Multiplexing LLC based Edit ATM Options No Service Name Edit Advance Options Yes Incoming Telco Option Rem Login Alloca...

Page 81: ...able PPPoE pass through In addition to the Contivity 251 s built in PPPoE client you can enable PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the Contivity 251 Each host can have a separate account and a public WAN IP address PPPoE pass through is an alternative to NAT for application where NAT is not appropriate Pr...

Page 82: ...82 Chapter 6 Remote Node setup N0115791 ...

Page 83: ... IP Static Route Setup This chapter shows you how to configure static routes with your BCM50a Integrated Router IP Static Route Setup Enter 12 from the main menu Select one of the IP static routes as shown in Figure 26 to configure IP static routes in menu 12 1 ...

Page 84: ...er of the static route that you want to configure The reserved entry is for the WAN interface and you cannot edit it here Menu 12 IP Static Route Setup 1 Reserved 2 ________ 3 ________ 4 ________ 5 ________ 6 ________ 7 ________ 8 ________ 9 ________ 10 ________ 11 ________ 12 ________ Enter selection number ...

Page 85: ...Address This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask for this destination Gateway IP Address Enter the IP address of the ...

Page 86: ...adcasts If set to Yes this route is kept private and not included in RIP broadcast If No the route to this remote node is propagated to other hosts through RIP broadcasts After you complete filling in this menu press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC to cancel Table 15 IP Static Route Menu Fields Field Description ...

Page 87: ...outer From the main menu enter 14 to display Menu 14 Dial in User Setup Figure 28 Menu 14 Dial in User Setup Type a number and press ENTER to edit the user profile Menu 14 Dial in User Setup 1 ________ 9 ________ 17 ________ 25 ________ 2 ________ 10 ________ 18 ________ 26 ________ 3 ________ 11 ________ 19 ________ 27 ________ 4 ________ 12 ________ 20 ________ 28 ________ 5 ________ 13 ________...

Page 88: ... Edit Dial in User Field Description User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive Active Press SPACE BAR to select Yes and press ENTER to enable the user profile Password Enter a password up to 31 characters long for this user profile After you complete this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel...

Page 89: ...re NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types Applying NAT You apply NAT via menus 4 or 11 3 Figure 31 on page 91 Figure 30 shows you how to apply NAT for Internet access in menu 4 Enter 4 from the main menu to go to Menu 4 Internet Access Setup Note You must create a firewall rule in addition to setting up SUA NAT to allo...

Page 90: ...P Bridge field press SPACE BAR to select Yes and then press ENTER to bring up Menu 11 3 Remote Node Network Layer Options Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation ENET ENCAP Multiplexing LLC based VPI 8 VCI 35 My Login N A My Password N A ENET ENCAP Gateway N A IP Address Assignment Dynamic IP Address N A Network Address Translation SUA Only Address Mapping Set N A Press ENTE...

Page 91: ...r ESC to CANCEL Press Space Bar to Toggle Table 17 Applying NAT in Menus 4 11 3 Field Description Options Network Address Translation When you select this option the SMT uses Address Mapping Set 1 menu 15 1 Address Mapping Sets on page 92 for further discussion Choose Full Feature if you have multiple public WAN IP addresses for your BCM50a Integrated Router When you select Full Feature you must c...

Page 92: ... you select SUA Only the SMT uses the pre configured Set 255 read only The server set is a list of LAN servers mapped to external ports To use this set a server rule must be set up inside the NAT address mapping set To configure NAT enter 15 from the main menu to bring up the screen shown in Figure 32 Figure 32 Menu 15 NAT Setup Address Mapping Sets Enter 1 to bring up Menu 15 1 Address Mapping Se...

Page 93: ...Figure 33 Menu 15 1 Address Mapping Sets SUA Address Mapping Set Enter 255 to display the screen shown in Figure 34 see SUA Single User Account Versus NAT on page 89 The fields in this menu cannot be changed Menu 15 1 Address Mapping Sets 1 NAT_SET 255 SUA read only Enter Menu Selection Number ...

Page 94: ...l End IP Type 1 0 0 0 0 255 255 255 255 0 0 0 0 M 1 2 0 0 0 0 Server 3 4 5 6 7 8 9 10 Press ENTER to Confirm or ESC to Cancel Note Menu 15 1 255 is read only Table 18 SUA Address Mapping Rules Field Description Example Set Name This is the name of the set you selected in menu 15 1 or enter the name of a new set you want to create SUA Idx This is the index or rule number 1 Local Start IP Local Star...

Page 95: ... 0 0 and the end IP is 255 255 255 255 255 255 255 255 Global Start IP This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global Start IP 0 0 0 0 Global End IP This is the ending global IP address IGA Type These are the mapping types discussed above With Server you can specify multiple servers of different types behind NAT to this machine Examples is found in ...

Page 96: ...ter takes the corresponding action and the remaining rules are ignored If there are any empty rules before your new configured rule Menu 15 1 1 Address Mapping Rules Set Name NAT_SET Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 2 3 4 5 6 7 8 9 10 Action Edit Select Rule Press ENTER to Confirm or ESC to Cancel Note The Type Local and Global Start End IPs are configured in me...

Page 97: ...t Name Enter a name for this set of rules This is a required field If this field is left blank the entire set is deleted NAT_SET Action The default is Edit Edit means you want to edit a selected rule see following field Insert Before means to insert a rule before the rule selected The rules after the selected rule are then moved down by one rule Delete means to delete the selected rule and all the...

Page 98: ...ype Press SPACE BAR and then ENTER to select from a total of five types If you choose Server you can specify multiple servers of different types behind NAT to this computer See Example 3 Multiple public IP addresses with inside servers on page 106 for an example One to On e Local IP Start Only local IP fields are N A for server Global IP fields must be set for Server Enter the starting local IP ad...

Page 99: ...Enter 2 to go to Menu 15 2 NAT Server Setup Global IP Start Enter the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global IP Start Note that Global IP Start can be set to 0 0 0 0 only if the types are Many to One or Server 0 0 0 0 End Enter the ending global IP address IGA This field is N A for One to One Many to One and Server types N A After you finish configuring...

Page 100: ...ress ENTER to open Menu 15 2 1 NAT Server Configuration see the next figure Menu 15 2 NAT Server Setup Default Server 0 0 0 0 Rule Act Start Port End Port IP Address 001 No 0 0 0 0 0 0 002 No 0 0 0 0 0 0 003 No 0 0 0 0 0 0 004 No 0 0 0 0 0 0 005 No 0 0 0 0 0 0 006 No 0 0 0 0 0 0 007 No 0 0 0 0 0 0 008 No 0 0 0 0 0 0 009 No 0 0 0 0 0 0 010 No 0 0 0 0 0 0 Select Command None Select Rule N A Press EN...

Page 101: ... in the End Port field Table 21 15 2 1 NAT Server Configuration Field Description Index This is the index number of an individual port forwarding server entry Name Enter a name to identify this port forwarding rule Active Press SPACE BAR and then ENTER to select Yes to enable the NAT server entry Start Port Enter a port number in the Start Port field To forward only one port enter it again in the ...

Page 102: ...s ESC at any time to cancel Figure 39 Menu 15 2 NAT Server Setup You assign the private network IP addresses The NAT network appears as a single host on the Internet A is the FTP Telnet SMTP server Menu 15 2 NAT Server Setup Default Server 0 0 0 0 Rule Act Start Port End Port IP Address 001 No 0 0 0 0 0 0 002 Yes 21 25 192 168 1 33 003 No 0 0 0 0 0 0 004 No 0 0 0 0 0 0 005 No 0 0 0 0 0 0 006 No 0 ...

Page 103: ... behind NAT example General NAT examples The following are some examples of NAT configuration Internet access only In the Internet access example shown in Figure 41 you only need one rule where all your ILAs Inside Local addresses map to one dynamic IGA Inside Global Address assigned by your ISP BCM50a Integrated Router ...

Page 104: ...amples on page 103 The SUA Only read only option from the Network Address Translation field in menus 4 and 11 3 is specifically preconfigured to handle this case Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation ENET ENCAP Multiplexing LLC based VPI 8 VCI 35 My Login N A My Password N A ENET ENCAP Gateway N A IP Address Assignment Dynamic IP Address N A Network Address Translation SUA...

Page 105: ...anced Example 2 Internet access with an inside server Figure 43 NAT Example 2 In this case you do exactly as shown in Figure 43 use the convenient pre configured SUA Only set and also go to menu 15 2 to specify the Inside Server behind the NAT as shown in Figure 44 BCM50a Integrated Router ...

Page 106: ...e first inside FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses 2 Map the second IGA to the second internal FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses 3 Map the other outgoing LAN traffic to IGA3 Many 1 mapping 4 You also map your third IGA to the web server and mail server on the LAN If you...

Page 107: ...nter 15 from the main menu 3 Enter 1 to configure the Address Mapping Sets 4 Enter 1 to begin configuring this new set Enter a Set Name choose the Edit Action and then enter 1 for the Select Rule field Press ENTER to confirm 5 Select Type as One to One direct mapping for packets going both ways and enter the local Start IP as 192 168 1 10 the IP address of FTP Server 1 the global Start IP as 10 13...

Page 108: ... Node Network Layer Options IP Options Bridge Options IP Address Assignment Dynamic Ethernet Addr Timeout min N A Rem IP Addr 0 0 0 0 Rem Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 NAT Full Feature Address Mapping Set 1 Metric 15 Private No RIP Direction None Version RIP 1 Multicast None Enter here to CONFIRM or ESC to CANCEL Press Space Bar to Toggle ...

Page 109: ...9 BCM50a Integrated Router Configuration Advanced Figure 47 Example 3 Menu 15 1 1 1 Menu 15 1 1 1 Address Mapping Rule Type One to One Local IP Start 192 168 1 10 End N A Global IP Start 10 132 50 1 End N A Press ENTER to Confirm or ESC to Cancel ...

Page 110: ...5 from the main menu 9 Now enter 2 from this menu and configure it as shown in Example 3 Menu 15 2 Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0 0 0 0 255 255 255 255 10 132 50 3 M 1 4 10 132 50 3 Server 5 6 7 8 9 10 Action Edit Select Rule ...

Page 111: ... Menu 15 2 NAT Server Setup Default Server 0 0 0 0 Rule Act Start Port End Port IP Address 001 Yes 80 80 192 168 1 21 002 Yes 25 25 192 168 1 20 003 No 0 0 0 0 0 0 004 No 0 0 0 0 0 0 005 No 0 0 0 0 0 0 006 No 0 0 0 0 0 0 007 No 0 0 0 0 0 0 008 No 0 0 0 0 0 0 009 No 0 0 0 0 0 0 010 No 0 0 0 0 0 0 Select Command None Select Rule N A Press ENTER to Confirm or ESC to Cancel Note Only one LAN computer ...

Page 112: ...ption Field Description Example Rule This is the rule index number 1 Name Enter a unique name for identification purposes You can enter up to 15 characters in this field All characters are permitted including spaces Real Audio Incoming Incoming is a port or a range of ports that a server on the WAN uses when it sends out a particular service The BCM50a Integrated Router forwards the traffic with t...

Page 113: ...f the LAN computer that sent the traffic to a server on the WAN Start Port Enter a port number or the starting port number in a range of port numbers 7070 End Port Enter a port number or the ending port number in a range of port numbers 7070 Press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC at any time to cancel Table 22 Menu 15 3 Trigger Port setup descript...

Page 114: ...114 Chapter 9 Network Address Translation NAT N0115791 ...

Page 115: ...reen shown in Figure 51 Figure 51 Menu 21 Filter and Firewall Setup Activating the firewall Enter option 2 in this menu to bring up the screen shown in Figure 52 Press SPACE BAR and then ENTER to select Yes in the Active field to activate the firewall The firewall must be active to protect against Denial of Service DoS attacks Use the WebGUI to configure firewall rules Menu 21 Filter and Firewall ...

Page 116: ...vulnerable to attacks when the firewall is turned off Refer to the User s Guide for details about the firewall default policies You may define additional policy rules or modify existing ones but please exercise extreme caution in doing so Active Yes You can use the WebGUI to configure the firewall Press ENTER to Confirm or ESC to Cancel Note Configure the firewall rules using the WebGUI or CLI com...

Page 117: ...subdivided into device and protocol filters Data filtering screens the data to determine if the packet is allowed to pass Data filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the LAN side Call filtering is used to determine if a packet is allowed to trigger a call Remote node ...

Page 118: ...ch filter set having up to six rules you can have a maximum of 24 rules active for a single port Sets of factory default filter rules are configured in menu 21 to prevent NetBIOS traffic from triggering calls and to prevent incoming Telnet sessions A summary of their filter rules is shown in the figures that follow Figure 54 illustrates the logic flow when executing a filter rule Also see Figure 5...

Page 119: ...of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port Start Fetch First Filter Set Fetch First Filter Rule Active Execute Filter Rule Fetch Next Filter Rule Next filter Rule Available Fetch Next Filter Set Next Filter Set Available Accept Packet Drop Packet Yes No Yes No Yes Packet into filter Filter Set Forward Drop No Check Next Rule ...

Page 120: ...for NetBIOS over TCP IP packets by default To configure another filter set follow the procedure below 1 Enter 21 in the main menu to open menu 21 Figure 55 Menu 21 Filter and Firewall Setup 2 Enter 1 to bring up the menu 21 1 Menu 21 Filter and Firewall Setup 1 Filter Setup 2 Firewall Setup Enter Menu Selection Number ...

Page 121: ...e screen shown in Figure 57 shows the summary of the existing rules in the filter set Table 23 and Table 24 contain a brief description of the abbreviations used in the previous menus Menu 21 1 Filter Set Configuration Filter Filter Set Comments Set Comments 1 _______________ 7 _______________ 2 _______________ 8 _______________ 3 _______________ 9 _______________ 4 _______________ 10 ____________...

Page 122: ...n is complete N means there are no more rules to check You can specify an action to be taken for example forward the packet drop the packet or check the next rule For the latter the next rule is independent of the rule just checked m Action Matched F means to forward the packet immediately and skip checking the remaining rules D means to drop the packet N means to check the next rule n Action Not ...

Page 123: ...te When applying the filter sets to a port separate menu fields are provided for protocol and device filter sets If you include a protocol filter set in a device filter field or vice versa the BCM50a Integrated Router warns you and prevents you from saving Configuring a TCP IP Filter Rule This section shows you how to configure a TCP IP filter rule Using TCP IP rules you can base the rule on the f...

Page 124: ... Table 25 TCP IP Filter Rule Menu fields Field Description Options Active Press SPACE BAR and then ENTER to select Yes to activate the filter rule or No to deactivate it Yes No IP Protocol Protocol refers to the upper layer protocol for example TCP is 6 UDP is 17 and ICMP is 1 Type a value between 0 and 255 A value of 0 matches ANY protocol 0 255 IP Source Route Press SPACE BAR and then ENTER to s...

Page 125: ... then ENTER to select the comparison to apply to the source port in the packet against the value given in Source Port None Less Greater Equal Not Equal TCP Estab This field is applicable only when the IP Protocol field is 6 TCP Press SPACE BAR and then ENTER to select Yes to have the rule match packets that want to establish a TCP connection SYN 1 and ACK 0 if No it is ignored Yes No More Press SP...

Page 126: ...op Action Not Matched Press SPACE BAR and then ENTER to select the action for a packet not matching the rule Check Next Rule Forward Drop After you configure Menu 21 1 1 1 TCP IP Filter Rule press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC to cancel This data is displayed on Menu 21 1 1 Filter Rules Summary Table 25 TCP IP Filter Rule Menu fields Field Desc...

Page 127: ...ction Matched Action Not Matched More No Filter Active Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched Check Dest IP Addr Apply DestAddrMask to Dest Addr Not Matched Not Matched Check Src Dest Port Matched Not Matched ...

Page 128: ...acket to check with the Offset from 0 and the Length fields both in bytes The BCM50a Integrated Router applies the Mask using the bit wise AND action to the data portion before comparing the result against the Value to determine a match The Mask and Value are specified in hexadecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either fie...

Page 129: ...nates for example 2 3 refers to the second filter set and the third rule of that set Filter Type Use SPACE BAR and then ENTER to select a rule type Parameters displayed below each type will be different TCP IP filter rules are used to filter IP packets while generic filter rules allow filtering of non IP packets Generic Filter Rule TCP IP Filter Rule Active Select Yes to turn on the filter rule or...

Page 130: ... from the following None No packets are logged Action Matched Only packets that match the rule parameters are logged Action Not Matched Only packets that do not match the rule parameters are logged Both All packets are logged None Action Matched Action Not Matched Both Action Matched Select the action for a packet matching the rule Check Next Rule Forward Drop Action Not Matched Select the action ...

Page 131: ...onfiguration 3 Enter the index of the filter set you wish to configure for example 3 and press ENTER 4 Enter a descriptive name or comment in the Edit Comments field and press ENTER 5 Press ENTER at the message Press ENTER to confirm to open Menu 21 1 3 Filter Rules Summary 6 Enter 1 to configure the first filter rule the only filter rule of this set Make the entries in this menu as shown in Figur...

Page 132: ...ion is to drop the packet m D if the action is matched and to forward the packet immediately n F if the action is not matched whether or not there are more rules to be checked there are none in this example Menu 21 1 3 1 TCP IP Filter Rule Filter 3 1 Filter Type TCP IP Filter Rule Active Yes IP Protocol 6 IP Source Route No Destination IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 23 Port Comp Equal Source...

Page 133: ...gure 65 5 After you enter the set numbers press ENTER to confirm and leave menu 11 1 4 Filter Types and NAT There are two classes of filter rules Generic Filter Device rules and protocol filter TCP IP rules Generic filter rules act on the raw data that s going through between LAN and WAN Protocol filter rules act on the IP packets Generic and TCP IP filter rules are discussed in more detail in the...

Page 134: ...iving and sending the packets for example the interface The interface can be an Ethernet port or any other hardware port as illustrated in Figure 63 Figure 63 Protocol and Device Filter Sets Firewall Versus Filters Firewall configuration is discussed in Chapter 10 Introducing the firewall on page 115 chapters of this manual Further comparisons are also made between filtering NAT and the firewall A...

Page 135: ... BCM50a Integrated Router Figure 64 Filtering LAN Traffic Applying Remote Node Filters Go to menu 11 1 4 shown in Figure 65 note that call filter sets are only present for PPPoE encapsulation and enter the numbers of the filter sets as appropriate You can cascade up to four filter sets by entering their numbers separated by commas The BCM50a Integrated Router already has filters to prevent NetBIOS...

Page 136: ... 65 Filtering Remote Node Traffic Menu 11 1 4 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Call Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL ...

Page 137: ... chapter explains SNMP configuration menu 22 SNMP Configuration To configure SNMP enter 22 from the main menu to display Menu 22 SNMP Configuration as shown next The community for Get Set and Trap fields is SNMP terminology for password Note SNMP is only available if TCP IP is configured ...

Page 138: ...community which is the password for incoming Set requests from the management station this is blank by default Trusted Host If you enter a trusted host your BCM50a Integrated Router will only respond to SNMP messages from this address A blank default field means your BCM50a Integrated Router will respond to all SNMP messages it receives regardless of source 0 0 0 0 Trap Community Type the Trap com...

Page 139: ...re reboot 4 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with the wrong community password 6 whyReboot defined in MIB A trap is sent with the reason of restart before rebooting when the system is going to restart warm start 6a For intentional reboot A trap is sent with the message System reboot by user if reboot is done int...

Page 140: ...140 Chapter 12 SNMP Configuration N0115791 ...

Page 141: ... server and 802 1x in this menu System password Figure 67 Menu 23 System security Nortel recommends you change the default password If you forget your password you have to restore the default configuration file For more information see Restoring the factory default configuration settings in BCM50a Integrated Router Configuration Basics N0115790 Menu 23 System Security 1 Change Password 2 RADIUS Se...

Page 142: ...stem Security RADIUS Server as shown in Figure 69 Figure 69 Menu 23 2 System Security RADIUS server Menu 23 System Security 1 Change Password 2 RADIUS Server 4 IEEE802 1x Enter Menu Selection Number Menu 23 2 System Security RADIUS Server Authentication Server Active No Server Address 0 0 0 0 Port 1812 Shared Secret Accounting Server Active No Server Address 0 0 0 0 Port 1813 Shared Secret Press E...

Page 143: ...ot sent over the network This key must be the same on the external authentication server and BCM50a Integrated Router Accounting Server Active Press SPACE BAR to select Yes and press ENTER to enable user authentication through an external accounting server Server Address Enter the IP address of the external accounting server in dotted decimal notation Port The default port of the RADIUS server for...

Page 144: ...144 Chapter 13 System security N0115791 ...

Page 145: ...menus 24 1 to 24 4 Introduction to System Status This chapter covers the diagnostic tools that help you to maintain your BCM50a Integrated Router These tools include updates on system status port status and log and trace capabilities Select menu 24 in the main menu to open Menu 24 System Maintenance as shown in Figure 70 ...

Page 146: ...ifically it gives you information on your system firmware version number of packets sent and number of packets received To get to the System Status 1 Enter number 24 to go to Menu 24 System Maintenance 2 In this menu enter 1 to open System Maintenance Status Menu 24 System Maintenance 1 System Status 2 System Information and Console Port Speed 3 Log and Trace 4 Diagnostic 5 Backup Configuration 6 ...

Page 147: ... 2006 Node Lnk Status TxPkts RxPkts Errors Tx B s Rx B s Up Time 1 ENET N A 0 0 0 0 0 0 00 00 My WAN IP from ISP 0 0 0 0 Ethernet WAN Status 100M Full Duplex Tx Pkts 608 Line Status Initializing Collisions 0 Rx Pkts 821 Upstream Speed 0 kbps CPU Load 1 19 Downstream Speed 0 kbps Press Command COMMANDS 1 Reset Counters ESC Exit Table 30 Menu 24 1 System Maintenance Status Field Description Node Lnk...

Page 148: ...he IP address of the ISP remote node Ethernet This shows statistics for the LAN Status This shows the current status of the LAN Tx Pkts This is the number of transmitted packets to the LAN Rx Pkts This is the number of received packets from the LAN Collision This is the number of collisions WAN This shows statistics for the WAN Line Status This shows the current status of the xDSL line which can b...

Page 149: ...nsole Port Speed System Information System Information gives you information about your system as shown in Figure 73 More specifically it gives you information on your routing protocol Ethernet address and IP address Menu 24 2 System Information and Console Port Speed 1 System Information 2 Console Port Speed Please enter selection ...

Page 150: ...lays the system name of your BCM50a Integrated Router This information can be changed in Menu 1 General Setup Routing Refers to the routing protocol used Firmware Version Refers to the system firmware version ADSL Chipset Vendor Displays the vendor of the ADSL chipset and DSL version Standard This refers to the operational protocol the BCM50a Integrated Router and the DSLAM Digital Subscriber Line...

Page 151: ...intenance Change Console Port Speed Log and trace The BCM50a Integrated Router has a syslog facility for message logging and a trace function for viewing call triggering packets DHCP This field shows the DHCP setting None Relay or Server of the BCM50a Integrated Router After you complete this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time ...

Page 152: ... Menu 24 3 2 System Maintenance Syslog Logging Configure the syslog parameters described in Table 32 to activate syslog and then choose what you want to log Menu 24 3 System Maintenance Log and Trace 2 Syslog Logging 4 Call Triggering Packet Press ENTER to Confirm or ESC to Cancel Menu 24 3 2 System Maintenance Syslog Logging Syslog Active No Syslog Server IP Address Log Facility Local 1 Press ENT...

Page 153: ...or ESC to cancel CDR Message Format SdcmdSyslogSend SYSLOG_CDR SYSLOG_INFO String String board xx line xx channel xx call xx str board the hardware board ID line the WAN ID in a board Channel channel ID within the WAN call the call reference number which starts from 1 and increments by 1 for each new call str C01 Outgoing Call dev xx ch xx dev device No ch channel No L02 Tunnel Connected L2TP C02 ...

Page 154: ...61626364656 66768696a6b6c6d6e6f7071727374 Jul 19 11 28 56 192 168 102 2 RAS Packet Trigger Protocol 1 Data 4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600 220008cd40000020405b4 Jul 19 11 29 06 192 168 102 2 RAS Packet Trigger Protocol 1 Data 45000028240140001f06ac12c0a86614ca849a7b0427001700195b451d143013500 4000077600000 Filter log Message Format SdcmdSyslogSend SYSLOG_FILLOG ...

Page 155: ...2fnord010080 S05 R01mF Mar 03 12 00 52 202 132 155 97 RAS GEN ffffffffffff0080 S05 R01mF Mar 03 12 00 57 202 132 155 97 RAS GEN 00a0c5f502010080 S05 R01mF Mar 03 12 01 06 202 132 155 97 RAS IP Src 192 168 1 33 Dst 202 132 155 93 TCP spo 01170 dpo 00021 S04 R01mF PPP Log Message Format SdcmdSyslogSend SYSLOG_PPPLOG SYSLOG_NOTICE String String ppp Proto Starting ppp Proto Opening ppp Proto Closing p...

Page 156: ...po Destination port empty means no destination port information prot Protocol TCP UDP ICMP IGMP GRE ESP rule a b where a means set number b means rule number Action nothing N block B forward F 08 01 2000 11 48 41 Local1 Notice 192 168 10 10 RAS FW 172 21 1 80 137 172 21 1 80 137 UDP default permit 2 0 B 08 01 2000 11 48 41 Local1 Notice 192 168 10 10 RAS FW 192 168 77 88 520 192 168 77 88 520 UDP ...

Page 157: ...set 0x00 Time to Live 0xFE 254 Protocol 0x06 TCP Header Checksum 0xFB20 64288 Source IP 0xC0A80101 192 168 1 1 Destination IP 0x00000000 0 0 0 0 TCP Header Source Port 0x0401 1025 Destination Port 0x000D 13 Sequence Number 0x05B8D000 95997952 Ack Number 0x00000000 0 Header Length 24 Flags 0x02 S Window Size 0x2000 8192 Checksum 0xE06A 57450 Urgent Ptr 0x0000 0 Options 0000 02 04 02 00 RAW DATA 000...

Page 158: ... BCM50a Integrated Router Configuration Basics N0115790 The BCM50a Integrated Router can act either as a WAN DHCP client IP Address Assignment field in menu 4 or menu 11 3 is Dynamic and the Encapsulation field in menu 4 or menu 11 is Ethernet or None when you have a static IP Using the WAN Release and Renewal fields in menu 24 4 you can release or renew the assigned WAN IP address subnet mask and...

Page 159: ...se Enter 2 to release your WAN DHCP settings WAN DHCP Renewal Enter 3 to renew your WAN DHCP settings PPPoE PPPoA Setup Test This feature is only available for dial up connections using PPPoE or PPPoA encapsulation Enter 4 to test the Internet setup You can also test the Internet setup in Menu 4 Internet Access Refer to Chapter 5 Internet access on page 65 for more details Reboot System Enter 11 t...

Page 160: ...160 Chapter 14 System information and diagnosis N0115791 ...

Page 161: ... the BCM50a Integrated Router settings they can be saved back to your computer under a filename of your choosing The system firmware sometimes referred to as the ras file has a bin filename extension With many FTP and TFTP clients the filenames are similar to those seen next ftp put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the BCM50a I...

Page 162: ...en prompted in the SMT menu to go into debug mode Backup configuration Using Option 5 from Menu 24 System Maintenance you can back up the current BCM50a Integrated Router configuration to your computer Backup is highly recommended once your BCM50a Integrated Router is functioning properly FTP is the preferred method for backing up your current configuration to your computer since it is faster Note...

Page 163: ...example get rom 0 config rom transfers the configuration file on the BCM50a Integrated Router to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp prompt Menu 24 5 System Maintenance Backup Configuration To transfer the configuration file to your workstation follow the procedure below 1 Launch the FTP clien...

Page 164: ... 226 File received OK ftp 16384 bytes sent in 1 10Seconds 297 89Kbytes sec ftp quit Table 35 General commands for GUI based FTP clients Command Description Host Address Enter the address of the host server Logon Type Anonymous This is when a user ID and password is automatically supplied to the server for anonymous access Anonymous logons will work only if your ISP or service administrator has ena...

Page 165: ...AN although it can work To use TFTP your computer must have both Telnet and TFTP clients To back up the configuration file follow the procedure shown next 1 Use Telnet from your computer to connect to the BCM50a Integrated Router and log on Because TFTP does not have any security checks the BCM50a Integrated Router records the IP address of the Telnet client and accepts TFTP requests only from thi...

Page 166: ... in GUI based TFTP clients Note Telnet connection must be active and the SMT must be in CI mode before and during the TFTP transfer For details on TFTP commands see TFTP command example on page 166 consult the documentation of your TFTP client program For UNIX use get to transfer from the BCM50a Integrated Router to the computer and binary to set binary transfer mode Table 36 General commands for ...

Page 167: ...re unless you have a backup configuration file stored on disk FTP is the preferred method for restoring your current computer configuration to your BCM50a Integrated Router since FTP is faster note that you must wait for the system to automatically restart after the file transfer is complete Restore Using FTP For details about back up using FTP and TFTP refer to Backup configuration on page 162 Bi...

Page 168: ...ut filename conventions 8 Enter quit to exit the ftp prompt The BCM50a Integrated Router automatically restarts after a successful restore process Menu 24 6 System Maintenance Restore Configuration To transfer the firmware and the configuration file follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type nnadmin and SMT passwor...

Page 169: ...67 or by following the instructions in Menu 24 7 2 System Maintenance Upload System Configuration File Firmware file upload FTP is the preferred method for uploading the firmware and configuration To use this feature your computer must have an FTP client When you use Telnet to access the BCM50a Integrated Router the screens for uploading firmware and the configuration file using FTP appear ftp put...

Page 170: ...ation of your FTP client program For details on uploading system firmware using TFTP note that you must remain on this menu to upload system firmware using TFTP please see your manual Press ENTER to Exit Menu 24 7 2 System Maintenance Upload System Configuration File To upload the system configuration file follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the I...

Page 171: ...e to binary 6 Use put to transfer files from the computer to the BCM50a Integrated Router for example put firmware bin ras transfers the firmware on your computer firmware bin to the BCM50a Integrated Router and renames it ras Similarly put config rom rom 0 transfers the configuration file on your computer config rom to the BCM50a Integrated Router and renames it rom 0 Likewise get rom 0 config ro...

Page 172: ...re and the configuration file follow the procedure shown next 2 Use Telnet from your computer to connect to the BCM50a Integrated Router and log on Because TFTP does not have any security checks the BCM50a Integrated Router records the IP address of the Telnet client and accepts TFTP requests only from this address 3 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Mainte...

Page 173: ...d command example on page 173 consult the documentation of your TFTP client program For UNIX use get to transfer from the BCM50a Integrated Router to the computer put to transfer from the computer to the BCM50a Integrated Router and binary to set binary transfer mode TFTP upload command example The following is an example TFTP command tftp i host put firmware bin ras where i specifies binary image...

Page 174: ...174 Chapter 15 Firmware and configuration file maintenance N0115791 ...

Page 175: ...ame functionality as the SMT while adding some low level setup and diagnostic functions Enter the CI from the SMT by selecting menu 24 8 Access can be by Telnet connection although some commands are only available with a serial connection See the included disk or www nortel com for more detailed information about CI commands Enter 8 from Menu 24 System Maintenance Note Use of undocumented commands...

Page 176: ...ed in angle brackets The optional fields in a command are enclosed in square brackets The symbol means or For example sys filter netbios config type on off Menu 24 System Maintenance 1 System Status 2 System Information and Console Port Speed 3 Log and Trace 4 Diagnostic 5 Backup Configuration 6 Restore Configuration 7 Firmware Update 8 Command Interpreter Mode 9 Call Control 10 Time and Date Sett...

Page 177: ...CM50a Integrated Router provides two call control functions budget management and call history Note that this menu is only applicable when Encapsulation is set to PPPoE or PPPoA in menu 4 or menu 11 1 With the budget management function you can set a limit on the total outgoing call time of the BCM50a Integrated Router within certain times When the total outgoing call time exceeds the limit the cu...

Page 178: ...management Menu 24 9 1 shows the budget management statistics for outgoing calls Enter 1 from Menu 24 9 System Maintenance Call Control to bring up the Budget Management menu Figure 89 Menu 24 9 System Maintenance Call Control 1 Budget Management 2 Call History Enter Menu Selection Number ...

Page 179: ...mote node Menu 24 9 1 Budget Management Remote Node 1 ChangeMe 2 GUI Connection Time Total Budget No Budget No Budget Elapsed Time Total Period No Budget No Budget Reset Node 0 to update screen Table 37 Budget management Field Description Example Remote Node Enter the index number of the remote node you want to reset just one in this case 1 Connection Time Total Budget This is the total connection...

Page 180: ...ll Max Min Total Enter Entry to Delete 0 to exit Table 38 Call History Fields Field Description Phone Number The PPPoE service names are shown here Dir This shows whether the call is incoming or outgoing Rate This is the transfer rate of the call call This is the number of calls made to or received from that telephone number Max This is the length of time of the longest telephone call Min This is ...

Page 181: ...Integrated Router error logs and firewall logs Select menu 24 in the main menu to open Menu 24 System Maintenance Figure 91 Menu 24 System Maintenance Enter 10 to go to Menu 24 10 System Maintenance Time and Date Setting to update the time and date settings of your BCM50a Integrated Router as shown in Figure 92 Menu 24 System Maintenance 1 System Status 2 System Information and Console Port Speed ...

Page 182: ...Not all time servers support all protocols so check with your ISP or network administrator or use trial and error to find a protocol that works The main differences between the time protocols are the format Daytime RFC 867 format is the day month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 The default NTP RFC...

Page 183: ... Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 a m GMT or UTC So in the European Union select Mar Last Sun The time you type in the hr field depends on your time zone In Germany for instance type 02 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 End Date mm nth week hr Configure the day and tim...

Page 184: ...e The BCM50a Integrated Router resets the time in three instances After you make changes to and leave menu 24 10 After starting up the BCM50a Integrated Router starts up if a time server configured in menu 24 10 After starting the BCM50a Integrated Router in 24 hour intervals ...

Page 185: ...tegrated Router interface if any from which computers You can manage your BCM50a Integrated Router from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable To disable remote management of a service select Disable in the corresponding Server Access field Enter 11 from menu 24 to bring up Menu 24 11 Remote Management Control Note When you Choose WAN only or ALL LAN WAN y...

Page 186: ...rvice Port 53 Access LAN only Secure Client IP 0 0 0 0 Press ENTER to Confirm or ESC to Cancel Table 40 Menu 24 11 Remote Management control Field Description Telnet Server FTP Server SSH Server HTTPS Server HTTP Server SNMP Service DNS Service Each of these read only labels denotes a service that you can use to remotely manage the BCM50a Integrated Router Port This field shows the port number for...

Page 187: ...session is already running 6 There is a firewall rule that blocks remote management Certificate Press SPACE BAR and then ENTER to select the certificate that the BCM50a Integrated Router uses to identify itself The BCM50a Integrated Router is the SSL server and must always authenticate itself to the SSL client the computer that requests the HTTPS connection with the BCM50a Integrated Router Authen...

Page 188: ...188 Chapter 17 Remote Management N0115791 ...

Page 189: ...o cassette recorder you can specify a time period for the VCR to record You can apply up to 4 schedule sets in Menu 11 1 Remote Node Profile From the main menu enter 26 to access Menu 26 Schedule Setup as shown in Figure 94 Figure 94 Menu 26 Schedule Setup Menu 26 Schedule Setup Schedule Schedule Set Name Set Name 1 AlwaysOn 7 _______________ 2 _______________ 8 _______________ 3 _______________ 9...

Page 190: ...edule sets for a remote node To set up a schedule set select the schedule set you want to setup from menu 26 1 12 and press ENTER to see Menu 26 1 Schedule Set Setup as shown in Figure 95 Figure 95 Menu 26 1 Schedule Set Setup Note To delete a schedule set enter the set number and press SPACE BAR and then ENTER or delete in the Edit Name field Menu 26 1 Schedule Set Setup Active Yes Start Date yyy...

Page 191: ...ow Often field above enter the date the set should activate here in year month date format 2000 01 01 Weekday Day If you selected Weekly in the How Often field above select the days when the set should activate and recur by going to that days and pressing SPACE BAR to select Yes After you complete this menu press ENTER to exit Yes No N A Start Time Enter the start time when you wish the schedule s...

Page 192: ...PPoE You can apply up to four schedule sets separated by commas for one remote node Change the schedule set numbers to your preferences Menu 11 1 Remote Node Profile Rem Node Name ChangeMe Route IP Active Yes Bridge No Encapsulation PPPoA Edit IP Bridge No Multiplexing LLC based Edit ATM Options No Service Name N A Edit Advance Options N A Incoming Telco Option Rem Login Allocated Budget min 0 Rem...

Page 193: ...rchase of a third party TCP IP application package TCP IP is already installed on computers using Windows NT 2000 XP or Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP...

Page 194: ... protocol and Client for Microsoft Networks If you need the adapter a In the Network window click Add b Select Adapter and click Add c Select the manufacturer and model of your network adapter and click OK If you need TCP IP a In the Network window click Add b Select Protocol and click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and clic...

Page 195: ...nges take effect Configuring 1 In the Network window Configuration tab select your network adapter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 98 Windows 95 98 Me TCP IP pr...

Page 196: ...installed gateways If you have a gateway IP address type it in the New gateway field and click Add 5 Click OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your BCM50a Integrated Router and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and click ...

Page 197: ...dvanced Windows 2000 NT XP 1 For Windows XP click Start Control Panel In Windows 2000 NT click Start Settings Control Panel Figure 100 Windows XP Start menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 101 Windows XP Control Panel ...

Page 198: ...ght click Local Area Connection and then click Properties Figure 102 Windows XP Control Panel Network Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 103 Windows XP Local Area Connection Properties ...

Page 199: ... fields Click Advanced Figure 104 Windows XP Advanced TCP IP settings 6 If you do not know your gateway IP address remove any previously installed gateways in the IP Settings tab and click OK Ë Do one or more of the following if you want to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subn...

Page 200: ...Protocol TCP IP Properties window the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP addresses If you know your DNS server IP addresses click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab ...

Page 201: ...ings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 106 Macintosh OS 8 9 Apple Menu ...

Page 202: ...e following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your BCM50a Integrated Router in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your BCM50a Integrated Router and restart your computer if prompted Verifyin...

Page 203: ...ck System Preferences to open the System Preferences window Figure 108 Macintosh OS X Apple menu 2 Click Network in the icon bar Select Automatic from the Location list Select Built in Ethernet from the Show list Click the TCP IP tab 3 For dynamically assigned settings select Using DHCP from the Configure list Figure 109 Macintosh OS X Network ...

Page 204: ...Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your BCM50a Integrated Router in the Router address box 5 Click Apply Now and close the window 6 Turn on your BCM50a Integrated Router and restart your computer if prompted Verifying settings Check your TCP IP properties in the Network window ...

Page 205: ... than one connection to the Internet through one or more ISPs If an alternate gateway is on the LAN and its IP address is in the same subnet as the BCM50a Integrated Router LAN IP address the triangle route also called asymmetrical route problem can occur The steps below describe the triangle route problem A traffic route is a path for sending or receiving data packets between two Ethernet devices...

Page 206: ...owledged Figure 111 Triangle Route Problem The Triangle Route Solutions IP aliasing Using IP alias you can partition your network into logical sections over the same Ethernet interface Your BCM50a Integrated Router supports up to three logical LAN interfaces with the BCM50a Integrated Router being the gateway for each logical network By putting your LAN and Gateway B in different subnets all retur...

Page 207: ...anced 2 The BCM50a Integrated Router reroutes the packet to Gateway B which is in Subnet 2 3 The reply from WAN goes to the BCM50a Integrated Router 4 The BCM50a Integrated Router ends the response to the computer in Subnet 1 Figure 112 IP Alias BCM50a Integrated Router WAN ...

Page 208: ...208 Appendix B Triangle Route N0115791 ...

Page 209: ...Import BCM50a Integrated Router certificates into Netscape Navigator In Netscape Navigator you can permanently trust the BCM50a Integrated Router server certificate by importing it into your operating system as a trusted certification authority Select Accept This Certificate Permanently in Figure 113 to do this Figure 113 Security Certificate ...

Page 210: ...fication authority To have Internet Explorer trust a BCM50a Integrated Router certificate issued by a certificate authority import the certificate authority s certificate into your operating system as a trusted certification authority The following example procedure shows how to import the BCM50a Integrated Router s self signed server certificate into your operating system as a trusted certificati...

Page 211: ...ndix C Importing certificates 211 BCM50a Integrated Router Configuration Advanced 2 Click Install Certificate to open the Install Certificate wizard Figure 115 Certificate General Information before Import ...

Page 212: ...212 Appendix C Importing certificates N0115791 3 Click Next to begin the Install Certificate wizard Figure 116 Certificate Import Wizard 1 ...

Page 213: ...Appendix C Importing certificates 213 BCM50a Integrated Router Configuration Advanced 4 Select where you want to store the certificate and click Next Figure 117 Certificate Import Wizard 2 ...

Page 214: ...ertificates N0115791 5 Click Finish to complete the Import Certificate wizard Figure 118 Certificate Import Wizard 3 6 Click Yes to add the BCM50a Integrated Router certificate to the root store Figure 119 Root Certificate Store ...

Page 215: ...icates is selected on the BCM50a Integrated Router You must have imported at least one trusted CA to the BCM50a Integrated Router in order for the Authenticate Client Certificates to be active see Certificates in BCM50a Integrated Router Configuration Basics N0115790 for details Apply for a certificate from a Certification Authority CA that is trusted by the BCM50a Integrated Router see the BCM50a...

Page 216: ...g certificates N0115791 Figure 121 BCM50a Integrated Router Trusted CA screen The CA sends you a package containing the CA s trusted certificates your personal certificates and a password to install the personal certificates ...

Page 217: ...o the one shown in Figure 122 Figure 122 CA certificate example 2 Click Install Certificate and follow the wizard as shown earlier in this appendix Installing your personal certificates You need a password in advance The CA can issue the password or you can specify it during the enrollment Double click the personal certificate given to you by the CA to produce a screen similar to Figure 123 ...

Page 218: ...218 Appendix C Importing certificates N0115791 1 Click Next to begin the wizard Figure 123 Personal certificate import wizard 1 ...

Page 219: ...ated Router Configuration Advanced 2 The file name and path of the certificate you double clicked automatically appears in the File name text box Click Browse if you wish to import a different certificate Figure 124 Personal certificate import wizard 2 ...

Page 220: ...220 Appendix C Importing certificates N0115791 3 Enter the password given to you by the CA Figure 125 Personal certificate import wizard 3 ...

Page 221: ...ated Router Configuration Advanced 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location Figure 126 Personal certificate import wizard 4 ...

Page 222: ...inish to complete the wizard and begin the import process Figure 127 Personal certificate import wizard 5 6 Figure 128 shows the screen that appears when the certificate is correctly installed on your computer Figure 128 Personal certificate import wizard 6 ...

Page 223: ...1 Enter https BCM50a Integrated Router IP Address in your browser s web address field Figure 129 Access the BCM50a Integrated Router via HTTPS 2 When Authenticate Client Certificates is selected on the BCM50a Integrated Router you are asked to select a personal certificate to send to the BCM50a Integrated Router This screen displays even if you only have a single certificate as shown in Figure 130...

Page 224: ...224 Appendix C Importing certificates N0115791 3 The BCM50a Integrated Router login screen appears Figure 131 BCM50a Integrated Router secure login screen ...

Page 225: ...in a manner similar to dial up services using PPP Benefits of PPPoE PPPoE offers the following benefits It provides you with a familiar dial up networking DUN user interface It lessens the burden on the carriers of provisioning virtual circuits all the way to the ISP on multiple switches for thousands of users For GSTN PSTN and ISDN the switching fabric is already in place It allows the ISP to use...

Page 226: ...unnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and runs between the modem and the AC as opposed to all the way to the ISP However the PPP negotiation is between the PC and the ISP BCM50a Integrated Router as a PPPoE client When using the BCM50a Integrated Router as a PPPoE clien...

Page 227: ...Appendix D PPPoE 227 BCM50a Integrated Router Configuration Advanced Figure 133 BCM50a Integrated Router as a PPPoE Client BCM50a Integrated Router BCM50a Integrated Router ...

Page 228: ...228 Appendix D PPPoE N0115791 ...

Page 229: ... DC 18V 1 1A MTBF 266997 hrs Mean Time Between Failures Operation Temperature 0º C 40º C ADSL Specification for WAN ADSL ADSL2 ADSL2 with TR 067 compliance Ethernet Specification for LAN VPN Ports 10 100Mb s Half Full autonegotiation autosensing WAN LAN Ethernet Cable Pin Layout Straight Through Crossover Switch 1 IRD Adapter 1 OTD Switch 1 IRD Switch 1 IRD 2 IRD 2 OTD 2 IRD 2 IRD 3 OTD 3 IRD 3 OT...

Page 230: ...230 Appendix E Hardware specifications N0115791 ...

Page 231: ...ass A addresses have a 0 in the left most bit In a class A address the first octet is the network number and the remaining three octets make up the host ID Class B addresses have a 1 in the left most bit and a 0 in the next left most bit In a class B address the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the le...

Page 232: ...d range of 128 to 191 The first octet of a class C address begins with 110 and therefore has a range of 192 to 223 Table 43 Classes of IP addresses IP Address Octet 1 Octet 2 Octet 3 Octet 4 Class A 0 Network number Host ID Host ID Host ID Class B 10 Network number Network number Host ID Host ID Class C 110 Network number Network number Network number Host ID Note Host IDs of all zeros or all ones...

Page 233: ...nored For example a class C address no longer has to have 24 bits of network number and 8 bits of host ID With subnetting some of the host ID bits are converted into network number bits By convention subnet masks always consist of a continuous sequence of ones beginning from the left most bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Since the mask is alw...

Page 234: ...octets of the address make up the network number class C You want to have two separate networks Table 46 Alternative Subnet Mask Notation Subnet mask IP address Subnet mask 1 Bits Last octet bit value 255 255 255 0 24 0000 0000 255 255 255 128 25 1000 0000 255 255 255 192 26 1100 0000 255 255 255 224 27 1110 0000 255 255 255 240 28 1111 0000 255 255 255 248 29 1111 1000 255 255 255 252 30 1111 110...

Page 235: ... bit values indicate host ID bits borrowed to form network ID bits The number of borrowed host ID bits determines the number of subnets you can have The remaining number of host ID bits after borrowing determines the number of hosts you can have on each subnet Table 47 Subnet 1 Network number Last Octet bit value IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet M...

Page 236: ...mbinations of 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 26 2 or 62 hosts for each subnet all 0s is the subnet itself all 1s is the broadcast address on the subnet Table 49 Subnet 1 Network number Last octet bit value IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet ...

Page 237: ... 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 52 Subnet 4 Network number Last Octet Bit Value IP Address 192 168 1 192 IP Address Binary 11000000 10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 16...

Page 238: ...y for class B subnet planning 7 192 193 222 223 8 224 225 254 255 Table 54 Class C subnet planning No Borrowed Host Bits Subnet Mask No Subnets No Hosts per Subnet 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 55 Class B subnet planning No Borrowed Host B...

Page 239: ... 23 128 510 8 255 255 255 0 24 256 254 9 255 255 255 128 25 512 126 10 255 255 255 192 26 1 024 62 11 255 255 255 224 27 2 048 30 12 255 255 255 240 28 4 096 14 13 255 255 255 248 29 8 192 6 14 255 255 255 252 30 16 384 2 15 255 255 255 254 31 32 768 1 Table 55 Class B subnet planning No Borrowed Host Bits Subnet Mask No Subnets No Hosts per Subnet ...

Page 240: ...240 Appendix F IP subnetting N0115791 ...

Page 241: ...and keywords exactly as shown Do not abbreviate The required fields in a command are enclosed in angle brackets The optional fields in a command are enclosed in square brackets The symbol means or For example sys filter netbios config type on off means that you must specify the type of netbios filter and whether to turn it on or off Command usage A list of valid commands can be found by typing hel...

Page 242: ...d countrycode countrycode Sets or displays the country code datetime date year month date Sets or displays the system s current date time hour min sec Sets or displays the system time period day Sets how often the BCM50a Integrated Router gets the date and time from the time server sync Gets the date and time from the time server domainname Displays the domain name that the device sends to the LAN...

Page 243: ...e 1 log 2 alert 3 both Records the access control logs javablocked 0 none 1 log Records the java blocked logs mten 0 none 1 log Records the system maintenance logs packetfilter 0 none 1 log Records the packet filter logs ppp 0 none 1 log Records the PPP logs remote 0 none 1 log Records the remote management logs tcpreset 0 none 1 log Records the TCP reset logs upnp 0 none 1 log Records the UPnP lo...

Page 244: ...isplays the mail schedule schedule hour 0 23 Sets the hour to send logs schedule minute 0 59 Sets the minute to send the logs schedule policy 0 full 1 hourly 2 daily 3 weekly 4 none Sets the mail schedule policy schedule week 0 sun 1 mon 2 tue 3 wed 4 thu 5 fri 6 sat Sets the day of the week to send weekly logs server domainName IP Sets the domain name or IP address of the mail server to which the...

Page 245: ...yslog server domain name to an IP address switch bmlog 0 no 1 yes Turns the broadcast or multicast log on or off display Displays switch settings trilog 0 no 1 yes Turns triangle route logging on or off reboot 0 cold boot 1 immediate reboot 2 bootModule debug mode Restarts the device stdio minute Sets or displays the management terminal idle timeout value tos display Shows all runtime Temporarily ...

Page 246: ...l that should be displayed parse displays the most detail and disp displays the least trclog switch on off Enables or disables the system trace log or displays the current setting online on off Enables or disables the trace log onscreen display for example in the Telnet management window level level Sets the level 1 10 of trace logs 1 shows the least to display type bitmap Uses hexadecimal charact...

Page 247: ... nor off is specified disp Displays the trace packets udp Sends the trace packets to another system using UDP udp switch on off Enables or disables the sending of the trace packets to another system using UDP or displays the current setting udp addr addr Sets the target IP address for sending trace packets using UDP udp port port Sets the UDP port should match that of the target IP address for sen...

Page 248: ...the password error blocking timeout value upnp active 0 no 1 yes Activates or deactivates the saved UPnP settings config 0 deny 1 permit Allows users to make configuration changes through UPnP display Displays UPnP information firewall 0 deny 1 pass Allows UPnP to pass through the firewall load Saves UPnP information reserve 0 deny 1 permit save Saves UPnP information m50Enable yes no Turns Nortel...

Page 249: ...S filter modes config 0 Between LAN and WAN 3 IPSec Pass through 4 Trigger Dial on off Sets NetBIOS filters ddns debug level Enables or disables DDNS service display iface name Displays DDNS information restart Restarts DDNS logout This command has no effect cpu display Displays the CPU utilization Table 57 Exit Command Command Description exit Ends the command interpreter session Table 58 Ether C...

Page 250: ...um Transmission Unit accessblock 0 disable 1 enable Blocks Internet access speed auto 10 half 10 full 100 half 100 full Sets the Ethernet data speed and duplex save Saves Ethernet data to the System Parameters Table dynamic Port dump Displays the relationship between physical port and channel set port type Sets physical port to a specific channel spt Displays channel setting stored in SPT Table 59...

Page 251: ...P address name host name Displays the IP address of a domain name system Configures the system DNS server settings display Shows the system DNS server settings edit 0 first 1 second 2 third 0 from ISP 1 usr def 2 n one IP addr ess if choosing 1 Configures the system DNS server settings lan edit 0 first 1 second 2 third 0 from ISP 1 usr def 2 D NS Relay 3 n one IP address if choosing 1 Configures t...

Page 252: ...l t bits gateway metric Adds a private route drop host addr bits Drops a route status Displays IP statistic counters udp status Displays the UDP status rip These are the Routing Information Protocol commands accept gateway Drops an entry from the RIP refuse list activate Enables RIP merge on off Sets the RIP merge flag refuse gateway Adds an entry to the RIP refuse list request addr port Sends a R...

Page 253: ...2 Add iface2 to the iface1 s group break iface Remove the specified interface from the ipxparent group urlfilter enable 0 no 1 yes Enables or disables content filtering exemptZone display Displays content filtering exempt zone information actionFlags type 1 3 enabl e disable Enables or disables content filtering exempt zone action flags that determine to which IP addresses content filtering applie...

Page 254: ...way partner ipaddr Sets the traffic redirect backup gateway IP address target ipaddr Sets the IP address that the device uses to test WAN accessibility timeout timeout Sets the number of seconds the device waits for a response from the target checktime period Sets the number of seconds the device waits between attempts to connect to the target active on off Enables or disables traffic redirect sav...

Page 255: ...ubnet mask Sets a static route s subnet mask gateway IP address Sets a static route s gateway IP address metric metric Sets a static route s metric number private yes no Turns private mode on or off active yes no Enables or disables a static route rule dropIcmp 0 1 Sets whether or not the device allows ICMP fragment packets igmp debug level Sets IGMP debug level forwardall on off Activates or deac...

Page 256: ... threshold Sets the IGMP Time To Live threshold iface v1compat on off Turns on or off IGMP version 1 compatibility on the specified interface robustness num Sets the IGMP robustness variable status Displays the IGMP status alg display Shows whether the Application Layer Gateway is enabled or disabled siptimeout timeout in second or 0 for no timeout Sets the SIP timeout period enable ALG_FTP ALG_H3...

Page 257: ...rmation including type and level switch on off As long as there is one active IPSec rule all packets go into the IPSec process to check against the SPD When this switch is turned on packets are not be put through the IPSec process even if there are active IPSec rules timer chk_conn 0 255 Sets the idle timeout for IPSec connections The system disconnects an IPSec connection with no traffic for the ...

Page 258: ...pecified IPSec rule s IP policies dial rule index policy index Triggers the specified phase two connection route lan on off After IPSec processes a packet and sends it to the LAN side this switch controls whether or not IPSec can be applied to the packet again wan on off After IPSec processes a packet and sends it to the WAN side this switch controls whether or not IPSec can be applied to the pack...

Page 259: ...decimal 0 9 A F characters preceded by 0x zero x which is not counted as part of the 16 to 62 characters p1EncryAlgo 0 DES 1 3DES 2 AES Sets the phase 1 encryption algorithm p1AuthAlgo 0 MD5 1 SHA1 Sets the phase 1 authentication algorithm p1SaLifeTime seconds Sets the phase 1 SA lifetime keyGroup 0 DH1 1 DH2 Sets the key group for phase 1 IKE setup nailUp Yes No Turns nailed up feature on or off ...

Page 260: ...ts which specific services can automatically trigger a VPN connection to the remote Contivity IPSec router groupID group ID Sets the Contivity Client tunnel s user s group ID groupPasswd group password Sets the Contivity Client tunnel s user s group password username name Sets the Contivity Client tunnel s user s username password password Sets the Contivity Client tunnel s user s password exUseMo...

Page 261: ...P address protocol 1 ICMP 6 TCP 17 UDP Sets the IP policy s protocol controlPing Yes No Turns control ping on or off controlPingAddr IP Sets the control ping IP address lcAddrType 0 single 1 range 2 subnet Sets the local address type lcAddrEndMask IP Sets the local ending IP address or subnet mask lcPortStart port Sets the local starting port number lcPortEnd port Sets the local ending port number...

Page 262: ...n contivityState Displays information about the Contivity Client VPN connection contivitySplit contivityTimecnt 0 65535 Sets the Contivity Client keep alive interval in seconds exemptHost Uses the exemptHost commands to configure specific IP addresses that are not to be part of a VPN tunnel display Displays the exempt host settings load index Loads an exempt host active Yes No Enables or disables ...

Page 263: ... on off Enables or disables the Pre Shared Key authentication method for the Local User Database radius on off Enables or disables the RADIUS Server authentication method radius groupId Configures Group ID fields for RADIUS Server authentication method radius groupPwd Configures Group Password fields for RADIUS Server authentication method radius psk on off Enables or disables Pre Shared Key authe...

Page 264: ...status Displays the current runtime IP pool status of Client Termination natt active yes no Enables or disables NAT Traversal portSwitch enable disable Enables or disables Client IKE Source Port Switching portNum Sets the NAT Traversal UDP port valid UDP port 1025 65535 failover 1 2 3 IP Sets the client failover IP address keepalive active yes no Enables or disables client failover tuning keep ali...

Page 265: ...mote users banner on off banner text Sets whether or not the banner appears when a remote user logs on to the gateway Also sets the banner text if specified up to 256 characters password clientStorage on off Sets whether or not the Contivity VPN clients can save their logon passwords instead of always having to manually enter them manage on off Enables or disables the password management facilitie...

Page 266: ... ADSL line defbitmap Displays ADSL defect bitmap status dyinggasp Sends ADSL dyinggasp linedata far Shows ADSL far end noise margin and carrier load information near Shows ADSL near end noise margin and carrier load information open Opens the ADSL line opencmd Opens ADSL line with a specific standard opmode Shows the ADSL operational mode standard perfdata Shows performance information such as the...

Page 267: ...I value to remove the specific entry System will save automatically Active yes no Enables disables VC auto hunting feature display Displays the hunt pool Clear Clears the configuration Save Saves current setting to the ROM file timer Sets the waiting time before checking the hunting table result Send Sends VC hunt pattern again hwsar Displays hwsar packets incoming outgoing information driver Oaml...

Page 268: ...plays the firewall log type and count clear Clears the firewall log count dynamicrule display Displays the firewall s dynamic rules tcprst rst Turns TCP reset sending on or off rst113 Turns TCP reset sending for port 113 on or off display Displays the TCP reset sending settings dos smtp Enables or disables the SMTP DoS defender display Displays the SMTP DoS defender setting ignore Sets if the fire...

Page 269: ...the queueing mechanism to fairness based WRR or priority based PRR efficient Turns on the work conserving feature disable Disables bandwidth management for traffic going out the LAN interface wan enable bandwidth xxx Enables bandwidth management for traffic going out the WAN interface You can also specify the b s of bandwidth wrr prr Sets the queueing mechanism to fairness based WRR or priority ba...

Page 270: ...orrow bandwidth from its parent class when borrowing is turned on and vice versa wan add bandwidth xxx name xxx Adds a class with bandwidth xxx b s in WAN The name is for your information priority x Sets the class priority The range is between 0 the lowest to 7 the highest borrow on off The class can borrow bandwidth from its parent class when borrowing is turned on and vice versa del Deletes the ...

Page 271: ...an add Daddr mask Dmask Dport Saddr mask Smask Sport protocol Adds a filter for class in WAN The filter contains destination address netmask destination port source address netmask source port and protocol Use 0 for items that you do not want the filter to include del Deletes the LAN filter that belongs to the specified WAN class show interface lan Displays the LAN interface settings wan Displays ...

Page 272: ...fy one The first time you use the command turns it on the second time turns it off and so on wan Displays the bandwidth usage of the specified WAN class or all of the WAN classes if you do not specify one The first time you use the command turns it on the second time turns it off and so on moveFilter channName from to Changes the filter order channName LAN WAN from filter index number to filter in...

Page 273: ...required The format is subject name dn ip dns email value If the name contains spaces put it in quotes key size specifies the key size It has to be an integer from 512 to 2 048 The default is 1 024 bits create scep_enroll name CA addr CA cert auth key subject key size Creates a certificate request and enrolls for a certificate immediately online using SCEP protocol name specifies a descriptive nam...

Page 274: ...ate importation to be successful a certification request corresponding to the imported certificate must already exist on BCM50a Integrated Router After the importation the certification request is automatically deleted If a descriptive name is not specified for the imported certificate the certificate adopts the descriptive name of the certification request export name Exports the PEM encoded cert...

Page 275: ...m stdin name specifies the name the imported CA certificate is saved as export name Exports the PEM encoded certificate to stdout for the user to copy and paste name specifies the name of the certificate to be exported view name Views the information of the specified trusted CA certificate name specifies the name of the certificate to be viewed verify name timeout Verifies the certification path o...

Page 276: ...of the specified trusted remote host certificate name specifies the name of the certificate to be viewed verify name timeout Verifies the certification path of the specified trusted remote host certificate name specifies the name of the certificate to be verified timeout specifies the timeout value in seconds optional The default timeout value is 20 seconds delete name Deletes the specified truste...

Page 277: ... the specified directory service name specifies the name of the directory server to be viewed list Lists all directory service names and basic information rename old name new name Renames the specified directory service old name specifies the name of the directory server to be renamed new name specifies the new name the directory server is saved as edit name addr port login pswd Edits the specifie...

Page 278: ...278 Appendix G Command Interpreter N0115791 ...

Page 279: ...at enable a computer to connect to and communicate with a LAN For some dial up services such as PPPoE or PPPoA NetBIOS packets cause unwanted calls You can configure NetBIOS filters to do the following Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN Allow or disallow the sending of NetBIOS packets through VPN connections Allow or disallow NetBIO...

Page 280: ... numbered 0 3 to configure NetBIOS Filter Status Between LAN and WAN Block IPSec Packets Forward Trigger Dial Disabled Table 65 NetBIOS filter default settings Name Description Example Between LAN and WAN This field displays whether NetBIOS packets are blocked or forwarded from the LAN to the WAN or from the WAN to the LAN Forward IPSec Packets This field displays whether NetBIOS packets sent thro...

Page 281: ... to block NetBIOS packets from being sent through a VPN connection Use off to allow NetBIOS packets to be sent through a VPN connection Example commands Command sys filter netbios config 0 on This command blocks LAN to WAN and WAN to LAN NetBIOS packets Command sys filter netbios config 1 off This command forwards WAN to LAN and WAN to LAN NetBIOS packets Command sys filter netbios config 3 on Thi...

Page 282: ...address index index of pool where Use this command to specify the IP address that the BCM50a Integrated Router is to assign to the BCM50 interface Specify an interface on the device Currently you can use this command with the LAN interface enif0 ip IP address This is the IP address that you want to assign to the Nortel BCM50 index index of pool This is the number of an IP address in the BCM50a Int...

Page 283: ... m50ipreserve ip 11 12 13 10 Nortel BCM50 DHCP server options Use these commands to add site specific options to the DHCP server s offer messages that it sends to the BCM50 BCM50 DHCP server settings Syntax ip dhcp interface server m50dhcpmode 0 disable 1 IP phones only 2 All devices 3 automatic range start range end where interface Specify an interface on the device Currently you can use this com...

Page 284: ...rver will assign when enabled You can type the full IP addresses or just the last parts If you type part of an IP address the BCM50a Integrated Router combines it with the IP address assigned to the BCM50 customer LAN interface to form a range of IP addresses that are on the same subnet as the BCM50 customer LAN interface For example the BCM50a Integrated Router assigns the BCM50 an IP address of ...

Page 285: ...nment Syntax ip dhcp interface server voipserver id 1 2 server IP port 1 65535 retry count 0 255 where interface Specify an interface on the device Currently you can use this command with the LAN interface enif0 0 1 Use 1 to have the Nortel BCM50 assign VoIP server DHCP option 128 and VLAN DHCP option 191 settings to Nortel s IP Telephone 2004 Use 0 to not have the Nortel BCM50 assign VoIP server ...

Page 286: ...sends the VoIP server information for both servers when it receives a DHCP request from Nortel s i2004 VoIP telephones VLAN ID assignment Syntax ip dhcp interface server vlanid none vlan id1 vlan id2 vlan id10 where Use this command to assign VLAN IDs to IP Telephone 2004 port 1 65535 This is the VoIP server s listening port 1 65535 retry count 0 255 This sets the number of times 0 255 the i2004 c...

Page 287: ...Nortel WLAN Handsets 2210 2211 TFTP server IP address assignment Syntax ip dhcp interface server tftpserver none serverIP where Use this command to assign a TFTP server IP address to Nortel WLAN Handsets 2210 2211s The following example sets the BCM50a Integrated Router to assign a TFTP server IP address of 11 12 13 15 to WLAN Handsets 2210 2211 ip dhcp interface server tftpserver 11 12 13 15 inte...

Page 288: ...0a Integrated Router to assign a WLAN Telephony Manager 2245 IP address of 11 12 13 16 to WLAN Handsets 2210 2211 ip dhcp interface server wlantelmanager 11 12 13 16 interface Specify an interface on the device Currently you can use this command with the LAN interface enif0 none serverIP Specify the address of a WLAN Telephony Manager 2245 for the Nortel WLAN Handsets 2210 2211 Use none if you do ...

Page 289: ...mation from the time server Time calibration failed The router failed to get information from the time server DHCP client gets s A DHCP client got a new IP address from the DHCP server DHCP client IP expired A DHCP client s IP address has expired DHCP server assigns s The DHCP server assigned an IP address to a client SMT Login Successfully Someone has logged on to the router s SMT interface SMT L...

Page 290: ... Table 69 Content filtering logs Category Log Message Description URLFOR IP Domain Name The BCM50a Integrated Router allows access to this IP address or domain name and forwards traffic to the IP address or domain name URLBLK IP Domain Name The BCM50a Integrated Router blocked access to this IP address or domain name due to a forbidden keyword All web traffic is disabled except for trusted domains...

Page 291: ...tack land OSPF The firewall detected an OSPF land attack land ICMP type d code d The firewall detected an ICMP land attack see the section on ICMP messages for type and code details ip spoofing WAN TCP The firewall detected a TCP IP spoofing attack on the WAN port ip spoofing WAN UDP The firewall detected an UDP IP spoofing attack on the WAN port ip spoofing WAN IGMP The firewall detected an IGMP ...

Page 292: ...P The firewall detected an IGMP IP spoofing attack while the BCM50a Integrated Router did not have a default route ip spoofing no routing entry ESP The firewall detected an ESP IP spoofing attack while the BCM50a Integrated Router did not have a default route ip spoofing no routing entry GRE The firewall detected a GRE IP spoofing attack while the BCM50a Integrated Router did not have a default ro...

Page 293: ...sted ACL set and the BCM50a Integrated Router blocked or forwarded it according to the ACL set s configuration Firewall default policy OSPF set d OSPF access matched the default policy of the listed ACL set and the BCM50a Integrated Router blocked or forwarded it according to the ACL set s configuration Firewall default policy set d Access matched the default policy of the listed ACL set and the B...

Page 294: ... not match the listed firewall rule and the BCM50a Integrated Router logged it Firewall rule NOT match ESP set d rule d ESP access did not match the listed firewall rule and the BCM50a Integrated Router logged it Firewall rule NOT match GRE set d rule d GRE ac access did not match the listed firewall rule and the BCM50a Integrated Router logged it Firewall rule NOT match OSPF set d rule d OSPF acc...

Page 295: ...firewall detected a DoS attack and sent a TCP packet in response Firewall sent TCP reset packets The firewall sent out TCP reset packets Packet without a NAT table entry blocked The router blocked a packet that did not have a corresponding SUA NAT table entry Out of order TCP handshake packet blocked The router blocked a TCP handshake packet that came out of the proper order Drop unsupported out o...

Page 296: ...ter Table 73 ICMP notes Type Code Description 0 Echo Reply 0 Echo reply message 3 Destination Unreachable 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don t Fragment DF 5 Source route failed 4 Source Quench 0 A gateway can discard internet datagrams if it does not have the buffer space needed t...

Page 297: ...t reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 Timestamp 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Table 74 Sys log LOG MESSAGE DESCRIPTION Mon dd hr mm ss hostname src srcIP srcPort dst dstIP dstPort msg msg note note This message i...

Page 298: ... 003 01 Jan 08 02 22 Recv SA 004 01 Jan 08 02 24 Send KE NONCE 005 01 Jan 08 02 24 Recv KE NONCE 006 01 Jan 08 02 26 Send ID HASH 007 01 Jan 08 02 26 Recv ID HASH 008 01 Jan 08 02 26 Phase 1 IKE SA process done 009 01 Jan 08 02 26 Start Phase 2 Quick Mode 010 01 Jan 08 02 26 Send HASH SA NONCE ID ID 011 01 Jan 08 02 26 Recv HASH SA NONCE ID ID 012 01 Jan 08 02 26 Send HASH Clear IPSec Log y n ...

Page 299: ...ain Mode request from 192 168 100 100 002 01 Jan 08 08 07 Recv SA 003 01 Jan 08 08 08 Send SA 004 01 Jan 08 08 08 Recv KE NONCE 005 01 Jan 08 08 10 Send KE NONCE 006 01 Jan 08 08 10 Recv ID HASH 007 01 Jan 08 08 10 Send ID HASH 008 01 Jan 08 08 10 Phase 1 IKE SA process done 009 01 Jan 08 08 10 Recv HASH SA NONCE ID ID 010 01 Jan 08 08 10 Start Phase 2 Quick Mode 011 01 Jan 08 08 10 Send HASH SA N...

Page 300: ...me peer but it is still processing the first IKE packet from that peer No proposal chosen The parameters configured for Phase 1 or Phase 2 negotiations do not match Check all protocols and settings for these phases For example one party is using 3DES encryption but the other party is using DES encryption so the connection fails Verifying Local ID failed Verifying Remote ID failed During IKE Phase ...

Page 301: ...address The IP address type or IP address of an incoming packet does not match the peer IP address type or IP address configured on the local router The log displays the IP address type and IP address of the incoming packet vs My Remote IP address The IP address type or IP address of an incoming packet does not match the peer IP address type or IP address configured on the local router The log dis...

Page 302: ...with the SPI of an inbound packet from the peer the packet is dropped Cannot find outbound SA for rule d The packet matches the rule index number d but Phase 1 or Phase 2 negotiation for outbound from the VPN initiator traffic is not finished yet Discard REPLAY packet If the BCM50a Integrated Router receives a packet with the wrong sequence number it discards it Inbound packet authentication faile...

Page 303: ...estination field records the certification authority server s IP address and port Enrollment failed The CMP online certificate enrollment failed The Destination field records the certification authority server s IP address and port Failed to resolve CMP CA server url The CMP online certificate enrollment failed because the certification authority server s IP address cannot be resolved Rcvd ca cert...

Page 304: ...oo large Max size allowed max size The router received directory data that was too large the size is listed from the LDAP server whose address and port are recorded in the Source field The maximum size of directory data that the router allows is also recorded Cert trusted subject name The router has verified the path of the certificate with the listed subject name Due to reason codes cert not trus...

Page 305: ...handled 13 Certificate issuer was not valid CA specific information missing 14 Not used 15 CRL is too old 16 CRL is not valid 17 CRL signature was not verified correctly 18 CRL was not found anywhere 19 CRL was not added to the cache 20 CRL decoding failed 21 CRL is not currently valid but in the future 22 CRL contains duplicate serial numbers 23 Time interval is not continuous 24 Time information...

Page 306: ...in order to record logs Displaying logs Use the sys logs display command to show all of the logs in the BCM50a Integrated Router s log Use the sys logs category display command to show the log settings for all of the log categories Table 80 Log categories and available settings Log Categories Available Parameters access 0 1 2 3 attack 0 1 2 3 error 0 1 2 3 ike 0 1 2 3 ipsec 0 1 2 3 javablocked 0 1...

Page 307: ...ess 3 ras sys logs save ras sys logs display access time source destination notes message 0 11 11 2002 15 10 12 172 22 3 80 137 172 22 255 255 137 ACCESS BLOCK Firewall default policy UDP set 8 1 11 11 2002 15 10 12 172 21 4 17 138 172 21 255 255 138 ACCESS BLOCK Firewall default policy UDP set 8 2 11 11 2002 15 10 11 172 17 2 1 224 0 1 60 ACCESS BLOCK Firewall default policy IGMP set 8 3 11 11 20...

Page 308: ...308 Appendix J Log descriptions N0115791 ...

Page 309: ... after the third time an incorrect password is entered Table 81 Brute force password guessing protection commands Command Description sys pwderrtm This command displays the brute force guessing password protection settings sys pwderrtm 0 This command turns off the password s protection from brute force guessing The brute force password guessing protection is turned off by default sys pwderrtm N Th...

Page 310: ...310 Appendix K Brute force password guessing protection N0115791 ...

Page 311: ...ling 34 189 Maximum Number of Schedule Sets 189 PPPoE 192 Precedence 190 Precedence Example 190 Call Triggering Packet 156 Central Network Management 35 CHAP 73 CHAP PAP 73 Collision 148 Command Interpreter Mode 175 Community 137 Conditions that prevent TFTP and FTP from working over WAN 164 Console Port 148 149 151 Content Filtering 34 Contivity VPN Client Software 32 conventions text 23 copyrigh...

Page 312: ...ons 164 187 FTP Server 37 107 Full Network Management 36 G Gateway IP Address 85 General Setup 45 H Hidden Menus 40 Hop Count 76 Host 49 Host IDs 232 HTTPS 33 I Idle Timeout 70 IGMP support 77 Incoming Protocol Filters 63 Initial Screen 39 Internet Access 65 66 Internet access 30 Internet Access Configuration 65 Internet Access information 65 Internet Access Setup 90 Introduction to Filters 117 IP...

Page 313: ...g 92 Examples 103 Ordering Rules 96 Network Address Translation 67 Network Address Translation NAT 35 89 O Offline 50 Operation Temperature 229 Outgoing Protocol Filters 63 P Packet Error 147 Received 148 Transmitted 148 Packet Filtering 34 Packets 147 PAP 73 Password 40 43 137 Ping 159 Port Forwarding 36 PPP Encapsulation 79 PPPoA 71 PPPoE 34 225 PPPoE Encapsulation 70 78 Private 76 86 Protocol F...

Page 314: ...ntenance 145 146 147 148 150 151 152 158 159 162 165 172 175 177 178 180 182 System Management Terminal 40 System Name 46 System Status 146 T TCP IP 58 61 123 124 126 129 133 Setup 61 TCP IP and DHCP Setup 58 TCP IP filter rule 123 technical publications 24 text conventions 23 TFTP File Transfer 172 TFTP Restrictions 164 187 Time and Date 32 Time and Date Setting 181 182 Time Zone 183 Trace 151 Tr...

Page 315: ...Index 315 BCM50a Integrated Router Configuration Advanced W WAN DHCP 158 159 WAN Setup 53 54 WebGUI 116 www dyndns org 50 ...

Reviews:

No comments

Related manuals for BCM50a

Rain Bird E-3 Installation, Programming & Operation Manual preview
E-3
Brand: Rain Bird Pages: 17
BSS Audio EC-4B Installation Manual preview
EC-4B
Brand: BSS Audio Pages: 20
Black Box JPM083A Manual preview
JPM083A
Brand: Black Box Pages: 9
ICT Protege PRT-PX16-PCB Installation Manual preview
Protege PRT-PX16-PCB
Brand: ICT Pages: 34
Planet ADSL 2/2+ VPN Firewall Router ADE-4300A/B User Manual preview
ADSL 2/2+ VPN Firewall Router ADE-4300A/B
Brand: Planet Pages: 132
National Instruments FieldPoint cFP-RTD-122 Operating Instructions Manual preview
FieldPoint cFP-RTD-122
Brand: National Instruments Pages: 15
XMOS XC-2 Quick Start Manual preview
XC-2
Brand: XMOS Pages: 6
AOpen 4-Port 10/100Mbps Ethernet Broadband Router User Manual preview
4-Port 10/100Mbps Ethernet Broadband Router
Brand: AOpen Pages: 41
Ubiquiti AmpliFi AFi-G Quick Start Manual preview
AmpliFi AFi-G
Brand: Ubiquiti Pages: 20
AMG Systems AMG9240-C User Manual preview
AMG9240-C
Brand: AMG Systems Pages: 2
NETGEAR WGR614 - Wireless-G Router Wireless Reference Manual preview
WGR614 - Wireless-G Router Wireless
Brand: NETGEAR Pages: 116
ZoneVu ZSI-450-IP Installation Manual & User Manual preview
ZSI-450-IP
Brand: ZoneVu Pages: 15
Hunter Pro-C Series Programming Instructions preview
Pro-C Series
Brand: Hunter Pages: 2
SafeHome NVR903 Manual preview
NVR903
Brand: SafeHome Pages: 24
ALIBI ALI-NVR71128R User Manual preview
ALI-NVR71128R
Brand: ALIBI Pages: 232
Cayman Systems 2E-W User Manual preview
2E-W
Brand: Cayman Systems Pages: 170
Wieland wienet UMS 5-L Installation Instruction preview
wienet UMS 5-L
Brand: Wieland Pages: 2
Draytek Vigor 3200 Series User Manual preview
Vigor 3200 Series
Brand: Draytek Pages: 356

Brands by name

Popular brands

Load more brands