manualshive.com logo in svg

Motorola Netopia 7000, Руководство администратора

Поделиться
Скачать
Motorola Netopia 7000 Скачать руководство пользователя страница 1

 

Administrator’s 
Handbook

 

Embedded Software Version 7.7.4

Motorola Netopia

 

® 

 

2200, 3300 and 7000 

Series Gateways

Содержание Netopia 7000

Страница 1: ...Administrator s Handbook Embedded Software Version 7 7 4 Motorola Netopia 2200 3300 and 7000 Series Gateways ...

Страница 2: ...ng materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org 4 The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote products derived from this software without prior written permission For written permission please...

Страница 3: ...opyright C 1995 1996 1997 and 1998 WIDE Project All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright...

Страница 4: ...ND FITNESS FOR A PARTICULAR PURPOSE Portions of this software are based in part on the work of the following Copyright 2000 2001 Shane Kerr All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and ...

Страница 5: ...eise 21 NETZTEIL INSTALLIEREN 21 INSTALLATION DER TELEKOMMUNIKATION 21 Setting up the Motorola Netopia Gateway 22 Microsoft Windows 22 Macintosh MacOS 8 or higher or Mac OS X 24 Configuring the Motorola Netopia Gateway 25 MiAVo VDSL and Ethernet WAN models Quickstart 25 PPPoE Quickstart 27 Set up the Motorola Netopia Pocket Gateway 28 Motorola Netopia Gateway Status Indicator Lights 30 Home Page B...

Страница 6: ...DSL Gateways 73 Advanced 78 IP Static Routes 79 IP Static ARP 81 Pinholes 82 Configure Specific Pinholes 82 Planning for Your Pinholes 82 Example A LAN Requiring Three Pinholes 82 Pinhole Configuration Procedure 84 IPMaps 87 Configure the IPMaps Feature 87 FAQs for the IPMaps Feature 87 What are IPMaps and how are they used 87 What types of servers are supported by IPMaps 87 Can I use IPMaps with ...

Страница 7: ...Motorola Netopia Firewall 142 BreakWater Basic Firewall 142 Configuring for a BreakWater Setting 142 TIPS for making your BreakWater Basic Firewall Selection 143 Basic Firewall Background 143 IPSec 146 SafeHarbour IPSec VPN 147 Configuring a SafeHarbour VPN 148 Parameter Descriptions 151 Stateful Inspection 154 Stateful Inspection Firewall installation procedure 154 Exposed Addresses 155 Stateful ...

Страница 8: ...175 Modifying filters 175 Deleting filters 175 Moving filters 175 Deleting a filter set 175 Associating a Filter Set with an Interface 176 Policy based Routing using Filtersets 177 TOS field matching 177 Security Log 179 Using the Security Monitoring Log 179 Timestamp Background 181 Install 182 Install Software 183 Updating Your Gateway s Motorola Netopia Firmware Version 183 Step 1 Required Files...

Страница 9: ...ommands 228 Common Commands 228 WAN Commands 239 About CONFIG Commands 240 CONFIG Mode Prompt 240 Navigating the CONFIG Hierarchy 240 Entering Commands in CONFIG Mode 241 Guidelines CONFIG Commands 241 Displaying Current Gateway Settings 242 Step Mode A CLI Configuration Technique 242 Validating Your Configuration 242 CONFIG Commands 243 Remote ATA Configuration Commands 243 DSL Commands 245 ATM S...

Страница 10: ...hole Settings 278 PPPoE PPPoA Settings 279 Configuring Basic PPP Settings 279 Configuring Port Authentication 281 PPPoE with IPoE Settings 282 Ethernet WAN platforms 282 ADSL platforms 283 Ethernet Port Settings 283 802 3ah Ethernet OAM Settings 284 Command Line Interface Preference Settings 285 Port Renumbering Settings 286 Security Settings 287 Firewall Settings for BreakWater Firewall 287 SafeH...

Страница 11: ...5 I 336 K 336 L 336 M 337 N 337 P 338 Q 338 R 339 S 339 T 340 U 341 V 341 W 341 X 341 CHAPTER 8 Technical Specifications and Safety Information 343 Description 343 Dimensions 343 Communications interfaces 343 Power requirements 343 Environment 343 Operating temperature 343 Storage temperature 343 Relative storage humidity 343 Software and protocols 343 Software media 343 Routing 343 WAN support 34...

Страница 12: ... 348 CHAPTER 9 Overview of Major Capabilities 351 Wide Area Network Termination 351 PPPoE PPPoA Point to Point Protocol over Ethernet ATM 351 Instant On PPP 352 Simplified Local Area Network Setup 352 DHCP Dynamic Host Configuration Protocol Server 352 DNS Proxy 353 Management 353 Embedded Web Server 353 Diagnostics 353 Security 354 Remote Access Control 354 Password Protection 354 Network Address...

Страница 13: ... page 67 Wireless Multimedia Mode WMM support See WiFi Multimedia on page 62 Firewall ClearSailing is automatically enabled on all 2200 Series ADSL2 platforms Explicit excep tions bonded and VDSL2 3341 and 3387WG See Firewall on page 142 TR 069 Remote device management is automatically enabled by default for 2200 Series Gateways Explicit exceptions bonded and VDSL2 3341 3387WG See TR 069 on page 3...

Страница 14: ...ng Gasp See DMT Settings on page 254 Ethernet in the First Mile Operations Administration and Maintenance 802 3ah EFM OAM Support See 802 3ah Ethernet OAM Settings on page 284 IP multicast to layer 2 unicast mapping See IGMP Settings on page 257 Real Time Streaming Protocol RTSP ALG support for Video on Demand VoD Services See RTSP Passthrough on page 276 ...

Страница 15: ...start guides Specific White Papers The documents are available in electronic form as Portable Document Format PDF files They are viewed and printed from Adobe Acrobat Reader Exchange or any other application that supports PDF files They are downloadable from Motorola s Netopia website http www netopia com Intended Audience This guide is targeted primarily to residential service subscribers Expert ...

Страница 16: ...xcerpt from a Web page or the visual truncation of a Web page Denotes an area of emphasis on a Web page Convention Description straight brackets in cmd line Optional command arguments curly brackets with values sep arated with vertical bars Alternative values for an argument are presented in curly brackets with values separated with vertical bars bold terminal type face User entered text italic te...

Страница 17: ...hapter 5 AdvancedTroubleshooting Gives suggestions and descriptions of expert tools to use to troubleshoot your Gateway s configuration Chapter 6 Command Line Interface Describes all the current text based commands for both the SHELL and CONFIG modes A summary table and individual command examples for each mode is pro vided Chapter 7 Glossary Chapter 8 Technical Specifications and Safety Informatio...

Страница 18: ...Administrator s Handbook 18 ...

Страница 19: ...ur Motorola Netopia Gateway The following instruc tions cover installation in Router Mode This section covers Important Safety Instructions on page 20 Wichtige Sicherheitshinweise on page 21 German Setting up the Motorola Netopia Gateway on page 22 Configuring the Motorola Netopia Gateway on page 25 Motorola Netopia Gateway Status Indicator Lights on page 30 Home Page Basic Mode on page 31 ...

Страница 20: ...e equipment basic safety precautions should always be followed to reduce the risk of fire electric shock and injury to persons including the following Do not use this product near water for example near a bathtub wash bowl kitchen sink or laundry tub in a wet basement or near a swimming pool Avoid using a telephone other than a cordless type during an electrical storm There may be a remote risk of...

Страница 21: ...et stikkontakt USB powered models For Use with Listed I T E Only INSTALLATION DER TELEKOMMUNIKATION Wenn Ihre Telefonausrüstung verwendet wird sollten grundlegende Sicherheitsanweisungen immer befolgt werden um die Gefahr eines Feuers eines elektrischen Schlages und die Verletzung von Personen zu ver ringern Beachten Sie diese weiteren Hinweise Benutzen Sie dieses Produkt nicht in Wassernähe wie z...

Страница 22: ...on nections Be sure to enable Dynamic Addressing on your PC Perform the following Microsoft Windows Step 1 Navigate to the TCP IP Properties Control Panel a Some Windows versions follow a path like this Start menu Settings Control Panel Network or Network and Dial up Connections Local Area Connection Properties TCP IP your_network_card or Internet Protocol TCP IP Properties b Some Windows versions...

Страница 23: ... to configure it at all To check open the Networking Control Panel and select Internet Protocol Version 4 TCP IPv4 Click the Properties button The Internet Protocol Version 4 TCP IPv4 Properties window should appear as shown If not select the radio buttons shown above and click the OK button ...

Страница 24: ...to Step 2 Step 2 Select Built in Ethernet Step 3 Select Configure Using DHCP Step 4 Close and Save if prompted Proceed to Configuring the Motorola Netopia Gateway on page 25 a MacOS follows a path like this Apple Menu Control Pan els TCP IP Control Panel b Mac OS X follows a path like this Apple Menu System Preferences Network ...

Страница 25: ...rough two access control accounts Admin or User The Admin or administrative user performs all configuration management or maintenance operations on the Gateway The User account provides monitor capability only A user may NOT change the configuration perform upgrades or invoke maintenance functions For the security of your connection an Admin password must be set on the Motorola Netopia unit MiAVo ...

Страница 26: ...your browser is redirected to your service provider s home page or a registration page on the Internet NOTE For MiAVo Series 3397GP models skip the rest of this section Congratulations Your configuration is complete You can skip to Home Page Basic Mode on page 31 ...

Страница 27: ...he Internet The Motorola Netopia Gateway stores this information and automatically connects you to the Internet The Gateway displays a message while it configures itself 4 When the connection succeeds your browser will display a success message Once a connection is established your browser is redirected to your service provider s home page or a registration page on the Internet 5 Congratulations Y...

Страница 28: ...onfigure your PC to work with the Motorola Netopia pocket Gateway Follow the on screen instructions To proceed click the Next button The Motorola Netopia Installation Wizard performs a series of checks on your system and then will install USB drivers for your connection 3 Place the Motorola Netopia Pocket Gateway near your PC so you can see it easily Make sure any cables are kept away from power c...

Страница 29: ...plays a success message when the settings are configured 5 The Motorola Netopia Installation Wizard will then launch your web browser and display the Welcome page where you configure your Motorola Netopia Pocket Gateway ...

Страница 30: ...cate the status of various port activity Different Gateway models have different ports for your connections and different indicator LEDs The Quickstart Guide accompanying your Motorola Netopia Gateway describes the behavior of the various indicator LEDs Example status indicator lights n e t o p i a Status Indicator Lights LEDs ...

Страница 31: ...ime you log in to your Motorola Netopia Gateway you will access the Motorola Netopia Gateway Home Page You access the Home Page by typing http 192 168 1 254 in your Web browser s location box The Basic Mode Home Page appears VoIP enabled Gateways also display VoIP phone information as well ...

Страница 32: ...yed when the ADSL line is synched and the PPPoE session is established Down indicates inability to establish a connection possible line failure Local WAN IP Address This is the negotiated address of the Gateway s WAN interface This address is usually dynamically assigned Remote Gateway Address This is the negotiated address of the remote router to which this Gateway is connected Primary DNS Second...

Страница 33: ...The Manage My Account page appears If you have a PPPoE account enter your username and then your new password Confirm your new pass word For security your actual passwords are not displayed on the screen as you type You must enter the new password twice to be sure you have typed it correctly Click the Submit button If you have a non PPPoE account click the OK button You will be taken to your servi...

Страница 34: ... tool It checks several aspects of your physical and electronic connection and reports its results on screen This can be useful for troubleshooting or when speaking with a technical support technician Click on the Status Details link The Diagnostics page appears Click the Run Diagnostics button to run your diagnostic tests For a detailed description of these tests see Diagnostics on page 217 ...

Страница 35: ...Mgmt link The Enable Remote Management page appears Since you ve already has entered an Admin password you can use that Admin password or enter a new password If you enter a new password it becomes the temporary Admin password After the time out period has expired the Admin password reverts to the original Admin password you entered Enter a temporary password for the person you want to authorize a...

Страница 36: ... and configured through the Expert Mode pages Click the Expert Mode link to display the Expert Mode Confirmation page You should carefully consider any configuration changes you want to make and be sure that your service provider supports them Once you click the OK button you will be taken to the Expert Mode Home Page The Expert Mode Home Page is the main access point for configuring and managing ...

Страница 37: ...n or add new features Your gateway includes its own onboard installation capability Your service provider may inform you when new firmware is available or you can check for yourself Click the Update Firmware link The Firmware Update Confirmation page appears If you click the Continue button the Gateway will check a remote Firmware Server for the latest firmware revision If a newer version is found...

Страница 38: ...n to program the Motorola Netopia Gateway You can perform a factory reset to do this Click on Factory Reset to reset the Gateway back to its original factory default settings NOTE Exercise caution before performing a Factory Reset This will erase any configuration changes that you may have made and allow you to reprogram your Gateway ...

Страница 39: ...b browsers such as Netscape Navigator or Microsoft Internet Explorer from any LAN attached PC or workstation The procedure is 1 Enter the name or IP address of your Motorola Netopia Gateway in the Web browser s window and press Return For example you would enter http 192 168 1 254 2 If an administrator or user password has been assigned to the Motorola Netopia Gate way enter Admin or User as the u...

Страница 40: ...Administrator s Handbook 40 You are challenged to confirm your choice Click OK The Home Page opens in Expert Mode ...

Страница 41: ...mber and summary specification Serial Number Unique serial number located on label attached to bottom of unit Software Version Release and build number of running Motorola Netopia Operating System Product ID Refers to internal circuit board series useful in determining which software upgrade applies to your hardware type Date Time This is the current UTC time blank if this is not available due to ...

Страница 42: ...Address Translation to share the IP address across many LAN users WAN Users Displays the number of users allotted and the total number available for use LAN IP Address Internal IP address of the Motorola Netopia Gateway Netmask Defines the IP subnet for the LAN Default is 255 255 255 0 for a Class C device DHCP Server On or Off ON if using DHCP to get IP addresses for your LAN client machines DHCP...

Страница 43: ...b trail is built in the light brown area beneath the toolbar As you navigate down a path within the site the trail is built from left to right To return anywhere along the path from which you came click on one of the links Home Configure Troubleshoot Security Install Restart Help Quickstart System Status Passwords Install Certificate LAN Network Tools Firewall Install Key WAN Diagnostics IPSec Inst...

Страница 44: ...The Restart button on the toolbar allows you to restart the Gateway at any time You will be prompted to confirm the restart before any action is taken The Restart Confirmation message explains the conse quences of and reasons for restarting the Gateway ...

Страница 45: ...the change will take effect You can make many changes on various pages and even leave the browser for up to 5 minutes but if the Gateway is restarted before the changes are applied they will be lost When you click on the Alert symbol the Save Changes page appears Here you can select various options to save or discard these changes If more than one Alert is triggered you will need to take action to...

Страница 46: ...p Button Help Context sensitive Help is provided in your Gateway The page shown here is displayed when you are on the Home page or other transitional pages To see a context help page example go to Security Pass words then click Help ...

Страница 47: ...n will not be available if you log on as User Link Quickstart How to Use the Quickstart Page Quickstart is normally used immediately after the new hardware is installed When you are first configuring your Gateway Quickstart appears first Once you have configured your Gateway logging on displays the Home page Thereafter if you need to use Quickstart choose it from the Expert Mode Configure menu Set...

Страница 48: ...ateway attempts to establish a connection 3 When the connection succeeds your browser will display your Service Provider s home page If you encounter any problems connecting refer to the chapters Basic Troubleshooting on page 193 or Advanced Troubleshooting on page 207 ...

Страница 49: ...ircuit The sub net mask specifies which bits of the 32 bit binary IP address represent network information The default subnet mask for most networks is 255 255 255 0 Class C subnet mask Restrictions Specifies whether an administrator can open a Web Administrator or Telnet connection to the Gateway over the LAN interface in order to monitor and configure the Gateway On the LAN Interface you can ena...

Страница 50: ...ret password when using RIP 2 with MD5 RIP Receive Mode Specifies whether the Gateway should use Routing Information Protocol RIP broadcasts to update its routing tables with information received from other routers on your network The protocol choices are the same as for the RIP send mode Proxy ARP Specifies whether you want the Gateway to respond when it receives an address resolution protocol fo...

Страница 51: ...pear Enter the Router s IP address on the subnet in the IP Address field and the subnet mask for the subnet in the Netmask field Enter the DHCP Start Address and End Address of the subnet range in their respective fields Ranges cannot overlap and there may be only one range per subnet Click the Submit button When you are finished adding subnets click the Alert icon at the upper right and in the re...

Страница 52: ...r computers You can also specify the length of time the computers can use the configuration information DHCP calls this period the lease time Your Service Provider may for certain services want to provide configuration from its DHCP servers to the computers on your LANs In this case the Gateway will relay the DHCP requests from your computers to a DHCP server in the Service Provider s network Clic...

Страница 53: ...twork Name The SSID is used to identify this particular wire less LAN Depending on their operating system or client wireless card users must either select from a list of available wireless LANs that appear in a scanned list on their client or if you are in Closed System Mode see Enable Closed System Mode below enter this name on their clients in order to join this wireless LAN The pull down menu f...

Страница 54: ...ents and is used to gener ate dynamically changing keys The passphrase can be 8 63 characters or up to 64 hex characters It is recommended to use at least 20 characters for best security WEP Automatic is a passphrase generator You enter a passphrase that you choose in the Pass phrase field The passphrase can be any string of words or numbers You can provide a level of data security by enabling WEP...

Страница 55: ...t the traffic Similarly the client also has a default key that it uses to encrypt its transmissions In order for the Gateway to receive the client s data it must likewise have the identical key of the same length in the same slot For simplicity a Gateway and its clients need only enter share and use the first key Click the Submit button The Alert icon appears Click the Alert icon and then the Save...

Страница 56: ...02 11b up to 11 Mbps transmission and 802 11g up to 20 Mbps select Normal 802 11b g To limit your wireless LAN to one mode or the other select 802 11b Only or 802 11g Only NOTE If you choose to limit the operating mode to 802 11b or 802 11g only clients using the mode you excluded will not be able to connect Default Channel on which the network will broadcast This is a frequency range within the 2...

Страница 57: ...s clients and the Router share the same SSID in Closed System mode the Router s wireless LAN will not appear as an available network when scanned for by wireless enabled computers Members of the Closed System WLAN must log onto the Router s wireless network with the identical SSID as that configured in the router Closed System mode is an ideal way to increase wireless security and to prevent casua...

Страница 58: ... Bridging Check the checkbox to block wireless clients from communicating with other wireless clients on the LAN side of the Gateway WEP Manual allows you to enter your own encryption keys manually This is a difficult process but only needs to be done once Avoid the temptation to enter all the same characters Encryption Key Size 1 4 Selects the length of each encryption key The longer the key the ...

Страница 59: ...Restart link WPA Version Allowed If you select either WPA 802 1x or WPA PSK as your privacy setting the WPA Version Allowed pull down menu appears to allow you to select the WPA version s that will be required for client connections Choices are WPA Version 1 and 2 for maximum interoperability WPA Version 1 Only for backward compatibility WPA Version 2 Only for maximum security All clients must sup...

Страница 60: ...Administrator s Handbook 60 The screen expands to allow you to name each additional Wireless ID and specify a Privacy mode for each one ...

Страница 61: ... These additional Wireless IDs are Closed System Mode Wireless IDs that will not be shown by a client scan and therefore must be manually configured at the client In addition wireless bridging between clients is disabled for all members of these additional network IDs Click the Submit button After your first entry the Alert icon will appear in the upper right corner of your screen When you are fin...

Страница 62: ...ng data depending on Diffserv priority settings These priorities are mapped into four Access Categories AC in increasing order of priority Background BK Best Effort BE Video VI and Voice VO It requires WiFi Multimedia WMM capable clients usually a separate feature enabled at the client network settings and client PC software that makes use of Differentiated Services Diffserv Refer to your operat i...

Страница 63: ...tention Window upper limit in milliseconds of the range for determining initial ran dom backoff The value you choose must be lower than cwMax cwMax Maximum Contention Window upper limit in milliseconds of the range of determining final ran dom backoff The value you choose must be higher than cwMin TXOP Limit Time interval in microseconds that clients may initiate transmissions When Operating Mode ...

Страница 64: ...able Wireless MAC Authorization checkbox The screen expands as follows Click the Add button The Authorized Wireless MAC Address Entry screen appears Enter the MAC hardware address of the client PC you want to authorize for access to your wireless LAN The Allow Access checkbox is enabled by default Unchecking this checkbox specifically denies access from this MAC address Click the Submit button Not...

Страница 65: ...r changes and restart the Gate way Use RADIUS Server RADIUS servers allow external authentication of users by means of a remote authentication database The remote authentication database is maintained by a Remote Authentication Dial In User Service RADIUS server In conjunction with Wireless User Authentication you can use a RADIUS server database to authen ticate users seeking access to the wirele...

Страница 66: ...a normal password RADIUS Server Port The port on which the RADIUS server is listening typically the default 1812 Click the Submit button You can also configure alternate RADIUS servers from the Advanced Network Configuration page by clicking the Advanced link The Advanced Network Configuration page appears You access the RADIUS Server configuration screen from the Advanced Network Configuration web...

Страница 67: ...k to configure it The WAN IP Interface page appears Enable Interface You can disable the interface by unchecking the checkbox However doing so will dis able all ability for your LAN users to connect to the WAN using the Gateway Address Mapping NAT Specifies whether you want the Gateway to use network address translation NAT when communicating with remote routers NAT lets you conceal details of you...

Страница 68: ...cting PPPoE PPPoA causes the Gateway to attempt to con nect by trying these protocols in parallel and using the first one that is successful If you choose to disable the feature select Off ISP Username This is the username used to authenticate your Gateway with the Service Provider s net work This value is given to you by your Service Provider ISP Password This is the password used to authenticate...

Страница 69: ... information provided by RIP packets from other rout ers that use different subnet masks From the pull down menu choose Off RIP 1 RIP 2 RIP 1 compatibility or RIP 2 with MD5 RIP Receive MD5 Key Only appears if RIP 2 with MD5 RIP Receive Mode is selected The purpose of MD5 authentication is to provide an additional level of confidence that a RIP packet received was generated by a reliable source In...

Страница 70: ...pecifies whether you want your Gateway to send LCP echo requests You should turn off LCP echoing if you do not want the Gateway to drop a PPP link to a nonresponsive peer Max Failures Specifies the maximum number of Configure NAK messages the PPP module can send with out having sent a Configure ACK message Max Configures Specifies the maximum number of unacknowledged configuration requests that you...

Страница 71: ...way is static In this case disable this checkbox and enter the IP Address and IP Netmask from your Service Provider in the appropriate fields IP Address This is the IP Address from your Service Provider when using static IP addressing IP Netmask This is the Netmask from your Service Provider when using static IP addressing NOTE Beginning with Firmware Version 7 7 you can now run an IPoE interface ...

Страница 72: ...nt subnet masks From the pull down menu choose Off RIP 1 RIP 2 RIP 1 compatibility or RIP 2 with MD5 Enable Proxy ARP Checking the checkbox will enable the Gateway to respond when it receives an Address Resolution Protocol message for devices behind it Multicast Forward If you check this checkbox this interface acts as an IGMP proxy host and IGMP pack ets are transmitted and received on this inter...

Страница 73: ...h IPoE the additional WAN interface becomes available for configuration NOTE Enabling pppoe with ipoe disables support for multiple PPPoE sessions ADSL Gateways ATM Circuits You can configure the ATM circuits and the number of Sessions The IP Interface s should be reconfigured after making changes here Available Encapsulation types Available Multiplexing types PPP over Ethernet PPPoE LLC SNAP PPP ...

Страница 74: ...air configurations These are 0 35 8 35 0 32 8 32 1 35 1 1 1 32 2 32 These eight VPI VCI pairs will be created if the Gateway is configured for autodetection the Gateway does not establish a circuit using any of these preconfigured VPI VCI pairs then you can manually enter a VPI VCI pair in the ATM Circuits page PPPoE with IPoE For ADSL Gateways you must configure two VCCs with the same VPI VCI set...

Страница 75: ...75 Once the VCCs have been configured the WAN IP Interfaces screen displays the additional interface which you can then configure as required ...

Страница 76: ...aracterizes CBR CBR is most suited for real time applications such as real time voice video although it can be used for other applications VBR Variable Bit Rate This class is characterized by a Peak Cell Rate PCR which is a temporary burst not a sustained rate and a Sustained Cell Rate SCR a Burst Tolerance BT specified in terms of Maximum Burst Size MBS The MBS is the maximum number of cells that...

Страница 77: ...77 Class PCR SCR MBS Transmit Priority Comments UBR X N A N A Low PCR is a cap CBR X N A N A High PCR is a guaranteed rate VBR X X X High PCR SCR SCR is a guaranteed rate PCR is a cap ...

Страница 78: ...nk Advanced Selected Advanced options are discussed in the pages that follow Many are self explanatory or are dic tated by your service provider The following are typical links under Configure Advanced some models offer other links ...

Страница 79: ...ion network must represent the same network class A B or C or a lower class such as a class C subnet mask or class B network number to be valid InterfaceType Choose PPP vcc1 depending on the interface typically vcc1 for DSL or IP Address from the pull down menu to specify whether the static route is accessible through PPP or IP address Gateway Enter the IP address of the gateway for the static rou...

Страница 80: ...l RIP messages Never Do not advertise route Click the Submit button The Alert icon will appear so that you can switch to the Save Changes page when you are finished Once you save your changes you will be returned to the IP Static Routes entry screen You can continue to Add Edit or Delete Static Routes from this screen When you are finished click the Alert icon switch to the Save Changes page and c...

Страница 81: ...ynamically by retrieving IP address MAC address pairs only when it needs them Optionally you can define static ARP entries to map IP addresses to their corre sponding Ethernet MAC addresses Unlike dynamic ARP table entries static ARP table entries do not time out The IP address cannot be 0 0 0 0 The Ethernet MAC address entry is in nn nn nn nn nn nn hexadeci mal format ...

Страница 82: ...a Gateway to support three separate applications This requires passing three kinds of specific IP traffic through to your LAN Application 1 You have a Web server located on your LAN behind your Motorola Netopia Gateway and would like users on the Internet to have access to it With NAT On the only externally visible IP address on your network is the Gateway s WAN IP supplied by your Service Provide...

Страница 83: ...hole If you choose a duplicate name it will overwrite the previous information without warning A diagram of this LAN example is You can also use the LAN side address of the Gateway 192 168 1 x 8100 to access the web and 192 168 1 x 23 to access the telnet server WAN LAN Ethernet Interface 192 168 1 1 192 168 1 2 192 168 1 3 my webserver my mailserver my games Gateway NAT NAT Pinholes Embedded Web ...

Страница 84: ... Server Port and Telnet Server Port on this page refer to the port numbers of the Motorola Netopia Gateway s embedded administration ports To pass Web traffic through to your LAN station s select a Web HTTP Port number that is greater than 1024 In this example you choose 8100 2 Type 8100 in the Web HTTP Server Port text box 3 Click the Submit button 4 Click Advanced Select the Pinholes link to go ...

Страница 85: ...d Pinhole 7 Click on the Add or Edit more Pinholes link Click the Add button Add the next Pinhole Type the specific data for the third Pinhole NOTE Note the following parameters for the my games Pinhole 1 The Protocol ID is UDP 2 The external port is specified as a range 3 The Internal port is specified as the lower range entry ...

Страница 86: ... the parameters are properly saved NOTE REMEMBER When you have re assigned the port address for the embedded Web server you can still access this facility Use the Gateway s WAN address plus the new port number In this example it would be WAN Gateway address new port number or in this case 210 219 41 20 8100 You can also use the LAN side address of the Gateway 192 168 1 x 8100 to access the web and...

Страница 87: ...eway intended for the static IP address is transferred to the internal device All outbound traffic from the internal device appears to originate from the static IP address Locally hosted servers are supported by a public IP address while LAN users behind the NAT enabled IP address are protected IPMaps is compatible with the use of NAT with either a statically assigned IP address or DHCP PPP served...

Страница 88: ...68 1 2 Motorola Netopia Gateway Static IP Addresses for IPMaps Applications 143 137 50 37 143 137 50 36 143 137 50 35 Static IP Addresses or DHCP PPP Served IP Address for Netopia s default NAT PAT Capabilities IPMaps One to One Multiple Address Mapping LAN stations with WAN IP traffic forwarded by Netopia s IPMaps LAN stations with WAN IP traffic forwarded by Netopia s NAT function WAN Interface LA...

Страница 89: ...h NAT On in the Gateway these packets normally would be discarded For instance this could be application traffic where you don t know in advance the port or protocol that will be used Some game applications fit this profile Use the following steps to setup a NAT default server to receive this information 1 Select the Configure toolbar button then Advanced then the Default Server link 2 From the pul...

Страница 90: ...N PC forward to that station 2 If not check for a match with a pinhole configuration and if one is found forward the packet according to the pinhole rule 3 If there s no pinhole the packet is forwarded to the Default Server IP Passthrough Your Gateway offers an IP passthrough feature The IP passthrough feature allows a single PC on the LAN to have the Gateway s public address assigned to it It also...

Страница 91: ... LAN host s address to the config ured or acquired WAN IP address The MAC address must be six colon delimited or dash delimited sets of hex digits 0 FF If you leave the MAC address as zeros then the first DHCP client will be assigned the WAN address Once configured the passthrough host s DHCP leases will be shortened to two minutes This allows for timely updates of the host s IP address which will...

Страница 92: ... displayed on VDSL and Bonded ADSL models Enter a value from 60 to 100 percent in the Low High Priority Ratio field The default is 92 Differentiated Services uses the low to high priority queue ratio to regulate traffic flow For example to provide the least possible latency and highest possible throughput for high priority traffic you could set the ratio to 100 This would cause the gateway to forw...

Страница 93: ...s Netmask For outbound flows specify an IP address netmask on your LAN For inbound flows this setting is ignored This setting marks packets from this LAN IP host network based on the address and netmask information For outbound flows the Inside IP Address Netmask is the source address If you enter a zero IP address 0 0 0 0 the IP address netmask fields will be ignored Outside IP Address Netmask If...

Страница 94: ...lue Behavior Off TOS 000 This custom flow is disabled You can activate it by selecting one of the two settings below This setting allows you to pre define flows without actually activating them Assure TOS 001 Use normal queuing and throughput rules but do not drop pack ets if possible Appropriate for applications with no guaranteed delivery mechanism Expedite TOS 101 Use minimum delay Appropriate ...

Страница 95: ...tain a Domain Name server If you have the information for the DNS serv ers enter it on the DNS page If your Gateway is configured to use DHCP to obtain its WAN IP address the DNS information is automatically obtained from that same DHCP Server ...

Страница 96: ...your computers You can also specify the length of time the computers can use the configuration information DHCP calls this period the lease time Your Service Provider may for certain services want to provide configuration from its DHCP servers to the computers on your LANs In this case the Gateway will relay the DHCP requests from your computers to a DHCP server in the Service Provider s network S...

Страница 97: ...ized user list maintained locally within the Gateway If you click the RADIUS link the RADIUS Servers screen appears RADIUS Server Addr Name The default RADIUS server name or IP address that you want to use RADIUS Server Secret The RADIUS secret key used by this server The shared secret should have the same characteristics as a normal password RADIUS Server Port The port on which the RADIUS server ...

Страница 98: ...he exception of most sets read only and traps and SNMP V2 For certain parts of the NPAV2TRAP MIB parameters under resNatParams resDslParams resSecParams set is supported You enter SNMP configuration information on this page Your network administrator furnishes the SNMP parameters WARNING SNMP presents you with a security issue The community facility of SNMP behaves somewhat like a password The com...

Страница 99: ...n SNMPv2 Trap PDU Inform This selection will generate notifications containing an SNMPv2 InformRequest PDU To send SNMP traps you must add IP addresses for each trap receiver you want to have Click the Add button The IP Trap Entry screen appears Enter an IP Trap Entry IP address This is the destination for SNMP trap messages the IP address of the host acting as an SNMP console Click the Submit but...

Страница 100: ... noting IGMP general queries used in the querier selection process and by listening to other router protocols From the host point of view the snooping function listens at a port level for an IGMP report The switch then processes the IGMP report and starts forwarding the relevant multicast stream onto the host s port When the switch receives an IGMP leave message it processes the leave message and ...

Страница 101: ...the amount of time in tenths of a second that the IGMP gateway waits to receive a response to a Group Specific Query message The last member query interval is also the amount of time in seconds between successive Group Specific Query messages The default last mem ber query interval is 1 second 10 deci seconds Last Member Query Count the number of Group Specific Query messages sent before the gatew...

Страница 102: ...topia Gateway automatically in the My Network Places folder Double clicking this icon opens the Gateway s web UI PCs using UPnP can retrieve the Gateway s WAN IP address and automatically cre ate NAT port maps This means that applications that support UPnP and are used with a UPnP enabled Motorola Netopia Gateway will not need application layer gateway support on the Motorola Netopia Gateway to wo...

Страница 103: ... UPnP allows open access to configure the Gateway s features TR 064 requires a password to execute any command that changes the Gateway s configuration TR 064 is enabled by default To disable it Uncheck the Enabled checkbox and click the Submit button The Alert icon will appear in the upper right corner of the web page Click the Alert icon and when prompted click the Save and Restart link ...

Страница 104: ... many as 512 MAC Media Access Control addresses each of which uniquely identifies an individual host on a network Your Gateway uses this bridg ing table to identify which hosts are accessible through which of its network interfaces The bridging table contains the MAC address of each packet it sees along with the interface over which it received the packet Over time the Gateway learns which hosts a...

Страница 105: ...nd links toolbar 6 Under the heading of Services click on the Ether net Bridge link The Ethernet Bridge page appears The appearance of this page varies depending on your Gateway s interfaces 7 If available a Check the Enable Bridging on Port selection This may be Always On b Click Submit 8 If you want the Gateway to do both bridging and routing check the Enable Concurrent Bridging Routing checkbox...

Страница 106: ...ick Save and Restart in the Save Database box to Apply changes and restart Gateway You have now configured your Motorola Netopia Gateway for bridging and it will bridge all traffic across the WAN You will need to make configurations to your machines on your LAN These settings must be made in accordance with your ISP If you ever need to get back into the Motorola Netopia Gateway again for managemen...

Страница 107: ...ch allows individual port based VLANs to be treated as separate and distinct channels When data is passed to a Motorola Netopia VGx enabled broadband gateway specific policies routing and prioritization parameters can be applied to each individ ual service delivering that service to the appropriate peripheral device with the required level of quality of service QoS In effect a single Motorola gate...

Страница 108: ...on the same VLAN or on VLANs that have an Inter VLAN routing group enabled in common When configuring VLANs you must define how traffic needs to be forwarded If traffic needs to be bridged between LAN and WAN you can create a single VLAN that encompasses the WAN port and LAN ports If traffic needs to be routed then you must define four elements LAN side VLANs WAN side VLANs Associate IP Interfaces...

Страница 109: ...orola Netopia Gateway with VGx managed switch technology is shown below A VLAN Model Combining Bridging and Routing To configure VLANs check the Enable checkbox To create a VLAN select a list item from the main VLAN page and click the Edit button ...

Страница 110: ...e designation as follows By Port indicates that the VLAN is port based Traffic sent to this port will be treated as belonging to the VLAN and will not be forwarded to other ports that are not within a common VLAN segment Global indicates that the ports joining this VLAN are part of a global 802 1q Ethernet VLAN This VLAN includes ports on this Router and may include ports within other devices thro...

Страница 111: ...ppears Port interfaces available for this VLAN are listed in the left hand column Displayed port interfaces vary depending on the kinds of physical ports on your Gateway for example Ethernet USB and or wireless Also if you have multiple wireless SSIDs defined these may be displayed as well See Enable Multiple Wireless IDs on page 59 For Motorola Netopia VGx technology models separate Ethernet swit...

Страница 112: ...ts into the 802 1p priority bit field for tagged IP packets transmitted from this port for this VLAN All mappings between Ethernet 802 1p and IP TOS are made according to a pre defined QoS mapping policy The pre defined mapping can now be set in the CLI See Queue Configuration on page 271 See also Differentiated Services on page 92 for more information 802 1p Priority Bit If you set this field to ...

Страница 113: ...others ungrouped VLANs cannot route traffic to each other Click the Submit button When you are finished click the Alert icon in the upper right hand corner of the screen and in the resulting screen click the Save link If you want to create more VLANs click the Advanced link in the left hand toolbar and then the VLAN link in the resulting page and repeat the process ...

Страница 114: ...age and selecting the appropriate entry from the displayed list When you are finished click the Alert icon in the upper right hand corner of the screen and in the resulting screen click the Save and Restart link To view the settings for each VLAN select the desired VLAN from the list and click the Details button ...

Страница 115: ...115 The screen expands to display the VLAN settings ...

Страница 116: ...3347NWG VGx web interface and tel net interface This setup might be useful if you have a doctor s office or a coffee shop and you want to keep your customers separated from the rest of the network 1 In the VLANs page check the Enable checkbox select VLAN 1 in the VLANs list and click the Edit button 2 Check the Enable checkbox and in the VLAN Name box enter the name you would like For example call...

Страница 117: ...k the Group 1 checkbox These ports will be able to communicate with each other 5 Click the Submit button 6 In the VLAN page select VLAN 2 in the VLANs list and click the Edit button The VLAN Name must be given another unique name For example call it Network B Since this is for the second SSID that we don t want to be given access to the Gateway check the Admin Restricted checkbox ...

Страница 118: ... Port Interfaces you want asso ciated with the VLAN Select the ip eth a port interface and check the ssid2 port interface Make this VLAN a member of Inter Vlan Group Group 2 9 Click the Submit button 10 Next create a VLAN to provide the Inter Vlan Groups access to the Internet WAN For example call it WAN VLAN ...

Страница 119: ...e able to communicate with the Internet WAN but not with each other 11 Once you have finished with the configuration of the VLANs click the Alert icon in the upper right hand corner This will validate that the settings are legal for your network 12 Click the Save and Restart link This will restart the Motorola Netopia Gateway and retain the VLAN configuration ...

Страница 120: ... data packets Certain Motorola Netopia Gateway models have two separate voice ports for connecting tele phone handsets These models support VoIP If your Gateway is a VoIP model you can configure the VoIP features When you click the VoIP link the SIP Line Entry page appears To enable a VoIP line select one of the lines from the SIP Line Entry menu that corresponds to the port on the Gateway to whic...

Страница 121: ...Length of time the VoIP registration will be valid before it will be renewed Default is 1 hour Registrar Server Registration Server name or IP address Registrar Port Registration Server port Default is 5060 Proxy Server Proxy server name or IP address ...

Страница 122: ...as an event as part of the RTP packet header information Info Sends the DTMF digits in the SIP INFO message Enable End of Dial Marker If you check this checkbox the Gateway will generate an end of dial signal that indicates that the dialed number is complete Enable Call Fowarding Unconditionally If you check this checkbox all calls will be forwarded to a speci fied number The Unconditional Call Fo...

Страница 123: ...123 The Home page for a VoIP enabled Gateway with both phone lines registered is shown below ...

Страница 124: ...ce Providers use the System Name as an important identification and support parame ter The System Name can be 1 255 characters long it can include embedded spaces and special charac ters The Log Message Level alters the severity at which messages are collected in the Gateway s system log Do not alter this field unless instructed by your Support representative ...

Страница 125: ...ons If you check this checkbox the Gateway will generate messages whenever a packet is discarded because it violates the router s security policy Log Access Attempts If you check this checkbox the Gateway will generate messages whenever a packet attempts to access the router or tries to pass through the router This option is disabled by default Log Accepted Packets If you check this checkbox the G...

Страница 126: ...tion fails due to incor rect password 6 administrative access denied telnet access not allowed This log message is generated whenever the user tries to access the router s Telnet management interface from a Public interface and is not permitted since Remote Management is disabled 7 administrative access denied web access not allowed This log message is generated whenever the user tries to access t...

Страница 127: ... traversing the router is dropped because it is fragmented stateful inspection is turned ON on the packet s transmit or receive interface and deny fragment option is enabled 7 dropped cannot fragment This log message is generated whenever a packet traversing the router is dropped because the packet cannot be sent without frag mentation but the do not fragment bit is set 8 dropped no route found Th...

Страница 128: ...g the router or destined to the router itself are dropped because of reas sembly timeout 14 dropped illegal size This log message is generated whenever packets traversing the router or destined to the router itself are dropped during reassembly because of illegal packet size in a fragment Access related Log Messages ...

Страница 129: ...ded Motorola Netopia Web server append the IP address with port number e g Point your browser to http 210 219 41 20 8080 Telnet Server Port To reassign the port number used to access your Motorola Netopia embedded Telnet server change this value to a value greater than 1024 When you next access the Motorola Netopia embedded Telnet server append the IP address with port number e g telnet 210 219 41...

Страница 130: ... hosted You can host different games and software on different PCs To select the games or software that you want to host for a specific PC highlight the name s in the box on the left side of the screen Click the Add button to select the software that will be hosted To remove a game or software from the hosted list highlight the game or software you want to remove and click the Remove button ...

Страница 131: ...ant Netmeeting CUSeeME Half Life Hellbender for Windows v 1 0 Heretic II Hexen II Hotline Server HTTP HTTPS ICQ 2001b ICQ Old IMAP Client IMAP Client v 3 Internet Phone IPSec IPSec IKE Jedi Knight II Jedi Outcast Kali KazaA LimeWire Links LS 2000 Mech Warrior 3 Mech Warrior 4 Vengeance Medal of Honor Allied Assault Microsoft Flight Simulator 98 Microsoft Flight Simulator 2000 Microsoft Golf 1998 E...

Страница 132: ... name given to a server is only known to Software Hosting It is not used as an identi fier in other network functions such as DNS or DHCP Roger Wilco Rogue Spear ShoutCast Server SMTP SNMP SSH server StarCraft Starfleet Command StarLancer v 1 0 Telnet TFTP Tiberian Sun Command and Conquer Timbuktu Total Annihilation Ultima Online Unreal Tournament Server Urban Assault v 1 0 VNC Virtual Network Com...

Страница 133: ...rnet connectivity When you click the Backup link the Backup Options page appears Select either manual or automatic from the pull down menu If you choose manual you will have to switch manually to your alternate gateway in the event of a connection failure For fail over purposes choose automatic Manual options If you choose manual you can also choose Auto Recovery If you chose Auto Recovery enter t...

Страница 134: ... will ping The Gateway will ping both addresses simulta neously at five second intervals recording the ping responses from each host The Gateway will proceed into backup mode only if neither of the configured remote hosts responds Note For best results enter an IP address and not a host name If a host name is used it may not be resolvable and may keep the interface down While the Gateway is in bac...

Страница 135: ...se IP Address The screen expands to allow you to enter an IP address of your Backup Gateway Click the Submit button click the Alert icon and in the resulting page click the Save and Restart link Once Backup is configured a new field appears in the Home Page For automatic mode it should not be necessary to switch to Backup manually However you can force a switch to your Backup Gateway by clicking t...

Страница 136: ... Gateway comes with its own MAC Media Access Control address also called the Hardware Address a 12 character number unique for each LAN connected device Your Service Provider particularly cable service providers may instruct you to override the default MAC address If so check the Enable Override checkbox and enter the new MAC address in the field provided ...

Страница 137: ...to upload your configuration to a file before performing this function You can do this using the upload command via the command line interface See the upload command on page 238 Clear Options does not clear feature keys or affect the software image You must restart the Gateway for Clear Options to take effect ...

Страница 138: ...Time Zone link the Time Zone page appears You can set your local time zone by selecting the number of hours your time zone is distant from Greenwich Mean Time GMT 12 12 from the pull down menu This allows you to set the time zone for access con trols and in general ...

Страница 139: ...139 Security Button Security The Security features are available by clicking on the Security toolbar button Some items of this category do not appear when you log on as User ...

Страница 140: ...te mode The Admin level password is created when you first access your Gateway User level privileges let you display but not change settings of the Motorola Netopia Gateway Read Only mode To prevent anyone from observing the password you enter characters in the old and new password fields are not displayed as you type them To display the Passwords window click the Security toolbar button on the Ho...

Страница 141: ...in in the Confirm Password field You confirm the new password to verify that you entered it correctly the first time 5 When you are finished click the Submit button to store your modified configuration in the Motorola Netopia unit s memory Password changes are automatically saved and take effect immediately ...

Страница 142: ... of firewall protection allows transmission of outbound traffic on pre configured TCP UDP ports It disables any attempt for inbound traffic to identify the Gateway This is the Internet equivalent of having an unlisted number LANdLocked The third option available turns off all inbound and outbound traffic isolating the LAN and disabling all WAN traffic NOTE BreakWater Basic Firewall operates indepe...

Страница 143: ...nse to a scan from a port or series of ports which is the expected behavior according to the IP standard hackers can identify an existing device and gain a potential opening for access to an internet connected device Application Select this Level Other Considerations Typical Internet usage browsing e mail SilentRunning Multi player online gaming ClearSailing Set Pinholes once defined pinholes will...

Страница 144: ...telnet external Enabled Disabled Disabled 23 telnet Motorola Netopia server Enabled Disabled Disabled 80 http external Enabled Disabled Disabled 80 http Motorola Netopia server Enabled Disabled Disabled 67 DHCP client Enabled Enabled Disabled 68 DHCP server Not Applicable Not Applicable Not Applicable 161 snmp Enabled Disabled Disabled ping ICMP Enabled Disabled Disabled Gateway LAN Side BreakWate...

Страница 145: ...eway s WAN DHCP client port in SilentRunning mode is enabled This feature allows end users to continue using DHCP served IP addresses from their Service Providers while hav ing no identifiable presence on the Internet ...

Страница 146: ...h supports Virtual Private Network VPN clients running on LAN connected comput ers Normally this feature is enabled You can disable it if your LAN side VPN client includes its own NAT interoperability option Uncheck the Enable IPSec Passthrough checkbox SafeHarbour VPN IPSec is a keyed feature that you must purchase See Install Key on page 187 It enables Gateway terminated VPN support ...

Страница 147: ...users This implementation offers the following Eliminates the need for VPN client software on individual PCs Reduces the complexity of tunnel configuration Simplifies the ongoing maintenance for secure remote access If you have purchased the SafeHarbour IPSec feature key the IPSec configuration screen offers additional options A typical SafeHarbour configuration is shown below ...

Страница 148: ...Not all of them need to be changed from the defaults for every VPN tunnel Consult with your network administrator 2 Complete the Parameter Setup worksheet IPSec Tunnel Details Parameter Setup Work sheet on page 149 The worksheet provides spaces for you to enter your own specific values You can print the page for easy reference IPSec tunnel configuration requires precise parameter setup between VPN...

Страница 149: ...tname ASCII Local ID Address Value Local ID Mask Remote ID Type IP Address Subnet Hostname ASCII Remote ID Address Value Remote ID Mask Pre Shared Key Type HEX ASCII Pre Shared Key DH Group 1 2 5 PFS Enable Off On SA Encrypt Type DES 3DES SA Hash Type MD5 SHA1 Invalid SPI Recovery Off On Soft MBytes 1 1000000 Soft Seconds 60 1000000 Hard MBytes 1 1000000 Hard Seconds 60 1000000 IPSec MTU 100 1500 ...

Страница 150: ...ter the tunnel Name This parameter does not have to match the peer remote VPN device 6 Enter the Peer External IP Address 7 Select the Encryption Protocol from the pull down menu 8 Select the Authentication Protocol from the pull down menu 9 Click Add The Tunnel Details page appears 10 Make the Tunnel Details entries Enter or select the required settings Soft MBytes Soft Seconds Hard MBytes and Ha...

Страница 151: ...tunnel This is mainly used as an identifier for the administrator The Name parameter is an ASCII value and is limited to 31 characters The tunnel name does not need to match the peer gateway Peer Internal Network The Peer Internal IP Network is the private or Local Area Network LAN address of the remote gateway or VPN Server you are communicating with Peer Internal Netmask The Peer Internal IP Net...

Страница 152: ...algorithm will be used to encrypt each data packet SA Encryption Type values supported include DES and 3DES SA Hash Type SA Hash Type refers to the Authentication Hash algorithm used during SA negotiation Values supported include MD5 and SHA1 N A will display if NONE is chosen for Auth Protocol Invalid SPI Recovery Enabling this allows the Gateway to re establish the tunnel if either the Motorola ...

Страница 153: ...ormally the MTU only requires manual configuration if the ICMP error messages are blocked or otherwise not received by the router Xauth Enable Extended Authentication XAuth an extension to the Internet Key Exchange IKE protocol The Xauth extension provides dual authentication for a remote user s Motorola Netopia Gateway to establish a VPN autho rizing network access to the user s central office IK...

Страница 154: ...ul Inspection parameters are active on a WAN interface only if enabled on your Gateway Stateful inspection can be enabled on a WAN interface whether NAT is enabled or not Stateful Inspection Firewall installation procedure NOTE Installing Stateful Inspection Firewall is mandatory to comply with Required Services Security Policy Residential Category module Version 4 1 specified by ICSA Labs For mor...

Страница 155: ...addresses link Add Edit or delete exposed addresses options are active only if NAT is disabled on a WAN interface The hosts specified in exposed addresses will be allowed to receive inbound traffic even if there is no corre sponding outbound traffic Start Address Start IP Address of the exposed host range End Address End IP Address of the exposed host range Protocol Select the Protocol of the traf...

Страница 156: ...osed addresses You can edit a previously configured range by clicking the Edit button or delete the entry entirely by clicking the Delete button All configuration changes will trigger the Alert Icon Click on the Alert icon This allows you to validate the configuration and reboot the Gateway Click the Save and Restart link You will be asked to confirm your choice and the Gateway will reboot with th...

Страница 157: ...P Sequence Number Difference Enter a value in this field This value represents the maximum sequence number difference allowed between subsequent TCP packets If this number is exceeded the packet is dropped The acceptable range is 0 65535 A value of 0 zero disables this check Deny Fragments To enable this option which causes the router to discard fragmented packets on this interface check the check...

Страница 158: ...ers allow or deny packets based on source or destination IP addresses TCP or UDP ports Port A number that defines a particular type of service Basic IP packet components All IP packets contain the same basic header information as follows This header information is what the packet filter uses to make filtering decisions It is important to note that a packet filter does not look into the IP data str...

Страница 159: ...nything else If the other rule is used you would have to figure out everything that you want to disallow now and in the future Firewall Logic Firewall design is a test of logic and filter rule ordering is critical If a packet is forwarded through a series of filter rules and then the packet matches a rule the appropriate action is taken The packet will not for ward through the remainder of the fil...

Страница 160: ...this rule Implied rules With a given set of filter rules there is an Implied rule that may or may not be shown to the user The implied rule tells the filter set what to do with a packet that does not match any of the filter rules An exam ple of implied rules is as follows Example filter set page This is an example of the Motorola Netopia filter set page Implied Meaning Y Y Y N If all filter rules a...

Страница 161: ...le 1 Incoming packet has the source address of 200 1 1 28 Item What it means No Compare Does not compare TCP or UDP port Not Equal To Matches any port other than what is defined Less Than Anything less than the port defined Less Than or Equal Any port less than or equal to the port defined Equal Matches only the port defined Greater Than or Equal Matches the port or any port greater Greater Than M...

Страница 162: ...e does not match and this packet will be forwarded Example 4 Incoming packet has the source address of 200 1 1 104 This rule does match and this packet will not be forwarded Example 5 Incoming packet has the source address of 200 1 1 96 This rule does match and this packet will not be forwarded This rule masks off a single IP address Filter Rule 200 1 1 0 Source IP Network Address 255 255 255 128 ...

Страница 163: ...through many checkpoints in addition to NAT Too much reliance on packet filters can cause too little reliance on other security methods Filter sets are not a substitute for password protection effective safeguarding of passwords and general awareness of how your network may be vulnerable Netopia Embedded Software Version 7 7 4 s packet filters are designed to provide security for the Internet conn...

Страница 164: ...es to the second inspector and so on You can see that the order of the inspectors in the line is very important For example let s say the first inspector s orders are to send along all pack ages that come from Rome and the second inspector s orders are to reject all packages that come from France If a package arrives from Rome the first inspector sends it along without allowing the second inspecto...

Страница 165: ...ilter look at the parts of a filter Parts of a filter A filter consists of criteria based on packet attributes A typical filter can match a packet on any one of the following attributes The source IP address and subnet mask where the packet was sent from The destination IP address and subnet mask where the packet is going The TOS bit setting of the packet Certain types of IP packets such as voice o...

Страница 166: ...atch the packet s port number must be less than or equal to the port number specified in the filter Equal For the filter to match the packet s port number must equal the port number specified in the fil ter Greater Than For the filter to match the packet s port number must be greater than the port number specified in the filter Greater Than or Equal For the filter to match the packet s port number...

Страница 167: ...a number see the table below or as TCP or UDP if those protocols are used Src Port The source port to match This is the port on the sending host that originated the packet Dst Port The destination port to match This is the port on the receiving host for which the packet is intended NC Indicates No Compare where specified Filtering example 1 Returning to our filtering rule example from above see pa...

Страница 168: ...stination IP address could have been anything The mask for Source IP address must be 255 255 255 255 since an exact match is desired Source IP Address 199 211 211 17 Source IP address mask 255 255 255 255 Destination IP Address 0 0 0 0 Destination IP address mask 0 0 0 0 Using the tables on page 166 find the destination port and protocol numbers the local Telnet port Protocol TCP or 6 Destination ...

Страница 169: ...or this filter is Any by default This tells the filter to ignore the IP protocol or type of IP packet Design guidelines Careful thought must go into designing a new filter set You should consider the following guidelines Be sure the filter set s overall purpose is clear from the beginning A vague purpose can lead to a faulty set and that can actually make your network less secure Be sure each indi...

Страница 170: ...omis ing authorized access Using filter sets is part of reaching that goal Each filter set you design will be based on one of the following approaches That which is not expressly prohibited is permitted That which is not expressly permitted is prohibited It is strongly recommended that you take the latter and safer approach to all of your filter set designs ...

Страница 171: ...r Set with an Interface on page 176 The sections below explain how to execute these steps Adding a filter set You can create up to eight different custom filter sets Each filter set can contain up to 16 output filters and up to 16 input filters There can be a maximum of 32 filter rules in the system To add a new filter set click the Add button in the Filter Sets page The Add Filter Set page appears...

Страница 172: ...riginate from the WAN and through an output filter if they re being sent out to the WAN The process for adding input and output filters is exactly the same The main difference between the two involves their reference to source and destination From the perspective of an input filter your local network is the destination of the packets it checks and the remote network is their source From the perspe...

Страница 173: ...s in this page one for input filters and one for output filters In this section you ll learn how to add an input filter to a filter set Adding an output filter works exactly the same way providing you keep the different source and destination perspectives in mind ...

Страница 174: ...s This allows you to further modify the way the filter will match on the destination address Enter 0 0 0 0 to force the filter to match on all destination IP addresses 7 If desired you can enter a TOS and TOS Mask value See Policy based Routing using Filtersets on page 177 for more information 8 Select Protocol from the pull down menu ICMP TCP UDP Any or the number of another IP transport protocol...

Страница 175: ... original Rule Entry page see Adding fil ters to a filter set on page 172 Deleting filters To delete a filter select a filter from the table and click the Delete button Moving filters To reorganize the filters in a filter set select a filter from the table and click the Move Up or Move Down button to place the filter in the desired priority position Deleting a filter set If you delete a filter set al...

Страница 176: ...AN return to the Filter Sets page Click the Ethernet 100BT link The Ethernet 100BT page appears From the pull down menu select the filter set to associate with this interface Click the Submit button The Alert icon will appear in the upper right corner of the page Click the Alert icon to go to the validation page where you can save your configuration You can repeat this process for both the WAN and...

Страница 177: ...tination Port ID s for the filter if desired TOS field matching Netopia Embedded Software Version 7 7 4 includes two parameters for an IP filter TOS and TOS Mask Both fields accept values in the range 0 255 Certain types of IP packets such as voice or multimedia packets are sensitive to latency introduced by the network A delay sensitive packet is one that has the low latency bit set in the TOS fie...

Страница 178: ...e filters is to block any traffic Therefore if the behavior you want is to force the routing of a certain type of packet and pass all others through the normal routing mechanism you must configure one filter to match the first type of packet and apply Force Routing A subsequent filter is required to match and for ward all other packets Management IP traffic If the Force Routing filter is applied t...

Страница 179: ...file Using the Security Monitoring Log You can view the Security Log at any time Use the following steps 1 Click the Security toolbar button 2 Click the Security Log link 3 Click the Show link from the Security Log tool bar 4 An example of the Security Log is shown on the next page 5 When a new security event is detected you will see the Alert button The Security Alert remains until you view the i...

Страница 180: ...64 Security alert type Excessive Pings IP source address 143 137 137 92 IP destination address 143 137 199 8 Number of attempts 90 Time at last attempt Fri May 21 17 52 22 2004 UTC Security alert type Port Scan Protocol type TCP IP source address 143 137 50 2 Time at last attempt Fri May 21 17 51 37 2004 UTC Number of ports that were scanned 241 Highest port 5302 Lowest port 73 111 473 602 863 817...

Страница 181: ... and then adjusts it for your local time zone Once per hour the Gateway attempts to re acquire the NIST reference for re synchronization or initial acqui sition of the UTC information Once acquired all subsequent log entries display this date and time informa tion UTC provides the equivalent of Greenwich Mean Time GMT information If the WAN connection is not enabled or NTP has been disabled the in...

Страница 182: ... Feature Keys as updates become available On selected models you can install a Secure Sockets Layer SSL V3 0 certificate from a trusted Certifica tion Authority CA for authentication purposes If this feature is available on your Gateway the Install Cer tificate link will appear in the Install page as shown Otherwise it will not appear ...

Страница 183: ...ou are using to connect to the Motorola Netopia Gateway must be on the same local area network as the Motorola Netopia Gateway Step 1 Required Files Upgrading Netopia Embedded Software Version 7 7 4 requires a Motorola Netopia firmware image file Background Firmware upgrade image files are posted periodically on the Motorola Netopia website You can download the latest operating system software for...

Страница 184: ... Motorola Netopia Gateway from the Home Page use the following steps 1 Open a web connection to your Motorola Netopia Gateway from the computer on your LAN 2 Click the Install Software button on the Motorola Netopia Gateway Home page The Install Operating System Software window opens 3 Enter the filename into the text box by using one of these techniques The Motorola Netopia firmware file name begi...

Страница 185: ...start when you are prompted Your Motorola Netopia Gateway restarts with its new image Verify the Motorola Netopia Firmware Release To verify that the Motorola Netopia firmware image has loaded successfully use the following steps 1 Open a web connection to your Motorola Netopia Gateway from the computer on your LAN and return to the Home page ...

Страница 186: ...Administrator s Handbook 186 2 Verify your Motorola Netopia firmware release as shown on the Home Page This completes the upgrade process ...

Страница 187: ...it Software feature key properties are specific to a unit s serial number they will not be accepted on a plat form with another serial number Once installed and the Gateway restarted the new feature s functionality becomes available This allows full access to configuration operation maintenance and administration of the new enhancement Obtaining Software Feature Keys Contact Motorola or your Servi...

Страница 188: ...Administrator s Handbook 188 4 Click the Install Key button 5 Click the Restart toolbar button The Confirmation screen appears ...

Страница 189: ...To check your installed features 7 Click the Install toolbar button 8 Click the list of features link The System Status page appears with the information from the features link displayed below You can check that the feature you just installed is enabled ...

Страница 190: ...client contains a list of trusted CAs When an SSL handshake between a server and your Gateway occurs the client verifies that the server certificate was issued by a trusted CA If the CA is not trusted a warning will appear Certificates installed in your Gateway and servers to which it connects verify to each other that communications between them are encrypted and private Certificates are purchase...

Страница 191: ...91 The Install Certificate page appears 2 Browse to the location where you have saved your certificate and select the file or type the full path 3 Click the Install Certificate button 4 Restart your Gateway ...

Страница 192: ...Administrator s Handbook 192 ...

Страница 193: ...mple suggestions for troubleshooting problems with your Gateway s initial config uration Before troubleshooting make sure you have read the Quickstart Guide plugged in all the necessary cables and set your PC s TCP IP controls to obtain an IP address automatically ...

Страница 194: ... on Red if device malfunctions Flashes Red when new embedded software is being installed Ethernet Solid green when connected Flash green when there is activity on the LAN DSL Solid green when trained Blinking green when no line is attached or when training Internet Solid green when Broadband device is connected Flashes green for activity on the WAN port If the physical link comes up but PPP or DHC...

Страница 195: ... Flash green when there is activity on the LAN USB Model 2241N only Solid green when connected Flash green when there is activity on the LAN DSL Solid green when trained Blinking green when no line is attached or when training Internet Solid green when Broadband device is connected Flashes green for activity on the WAN port If the physical link comes up but PPP or DHCP fail the LED turns red Power...

Страница 196: ...being installed Ethernet 1 2 3 4 Solid green when connected Flash green when there is activity on the LAN DSL Solid green when trained Blinking green when no line is attached or when training Internet Solid green when Broadband device is connected Flashes green for activity on the WAN port If the physical link comes up but PPP or DHCP fail the LED turns red Power Ethernet 1 2 3 4 DSL Internet ...

Страница 197: ...re is activity on the LAN Wireless Flashes green when there is activity on the wireless LAN Off if driver fails to initialize or if wireless is disabled DSL Solid green when trained Blinking green when no line is attached or when training Internet Solid green when Broadband device is connected Flashes green for activity on the WAN port If the physical link comes up but PPP or DHCP fail the LED tur...

Страница 198: ...eceived over the WAN DSL Sync Blinking green with no line attached or training solid green when trained with the DSL line USB Active Model 3341N only Solid green when connected otherwise not lit PPPoE Active Model 3340N only Solid green when PPPoE is negotiated otherwise not lit Power Green when power is on Red if device malfunctions Flashes Red when new embedded software is being installed Power ...

Страница 199: ...eboot When the 3342 3352 successfully boots up both LEDs flash green once Both LEDs are off when the Host OS suspends the device e g Windows standby reboot device disabled driver uninstalled etc USB Solid green when USB is connected DSL Blinking green with no line attached or training otherwise not lit solid green when trained with the DSL line ...

Страница 200: ... when power is on Red if device malfunctions Flashes Red when new embedded software is being installed DSL Sync Blinking green with no line attached or training solid green when trained with the DSL line LAN 1 2 3 4 Solid green when connected Flash green when there is activity on the LAN Power DSL Sync LAN 1 2 3 4 ...

Страница 201: ...alled DSL Sync Solid green when trained Blinking green when no line is attached or when training Flashes green for DSL traffic Ethernet 1 2 3 4 Solid green when connected Flash green when there is activity on the LAN Wireless Link Flashes green when there is activity on the wireless LAN Off if driver fails to initialize or if wireless is disabled Power LAN 1 2 3 4 DSL Sync Wireless Link ...

Страница 202: ...stalled DSL DSL 1 2 ADSL2 models only Solid green when trained Blinking green when no line is attached or when training Flashes green for DSL traffic Ethernet 1 2 3 4 Solid green when connected Flash green when there is activity on the LAN Wireless Flashes green when there is activity on the wireless LAN Off if driver fails to initialize or if wireless is disabled Power DSL Ethernet 1 2 3 4 Wirele...

Страница 203: ...ed if device malfunctions Flashes Red when new embedded software is being installed Ethernet 1 2 3 4 Solid green when connected Flash green when there is activity on the LAN DSL Solid green when trained Blinking green when no line is attached or when training Flashes green for DSL traffic Power DSL Ethernet 1 2 3 4 ...

Страница 204: ...into the 2200 3300 or 7000 series DSL Gate way properly 3 Try a known good wall outlet 4 Replace the power supply and or unit DSL Sync Unlit 1 Make sure the you are using the correct cable The DSL cable is the thinner standard tele phone cable 2 Make sure the DSL cable is plugged into the correct wall jack 3 Make sure the DSL cable is plugged into the DSL port on the 2200 3300 or 7000 series DSL G...

Страница 205: ...the PC s TCP IP Properties for the USB Network Control Panel is set to obtain an IP address via DHCP 3 Make sure the PC has obtained an address in the 192 168 1 x range You may have changed the subnet addressing 4 Make sure the PC is configured to access the Internet over a LAN 5 Disable any installed network devices Ethernet HomePNA wireless that are not being used to connect to the 2200 3300 or ...

Страница 206: ... unit will continue to run as nor mal If you press the factory default button for 1 second when you release it the Gateway will perform a fac tory reset clear all settings and configurations and reboot Do not hold the button down too long 5 10 seconds This will destroy any saved default settings as well DSL POWER 4 3 ETHERNET 2 1 RESET ON OFF Power Off On LAN DSL 4 1 2 3 Factory Reset Switch 3347W...

Страница 207: ...ting can be accessed from the Gateway s Web UI Point your browser to http 192 168 1 254 The main page displays the device status If this does not make the Web UI appear then do a release and renew in Windows networking to see what the Gateway address really is ...

Страница 208: ...ure an RJ 11 cable is used the Gateway is connected to the correct wall jack and the Gateway is not plugged into a micro filter No Connection is displayed if the Gateway has trained but failed the PPPoE login This usually means an invalid user name or password Go to Expert Mode and change the PPPoE name and password Up is displayed when the ADSL line is synched and the PPPoE or other connection me...

Страница 209: ...3342 3342N 3352 3352N This is the status of your Ethernet connection If you are connecting via Ether net it should be Up USB Status This is the status of your USB connection if equipped If you are con necting via USB it should be Up Software Release This is the version number of the current embedded software in your Gateway Warranty Date This is the date that your Gateway was installed and enabled...

Страница 210: ...rce of a problem Clicking the Troubleshoot tab displays a page with links to System Status Network Tools and Diagnostics System Status Displays an overall view of the system and its condition Network Tools Includes NSLookup Ping and TraceRoute Diagnostics Runs a multi layer diagnostic test that checks the LAN WAN PPPoE and other connection issues ...

Страница 211: ...211 Link System Status In the system status screen there are several utilities that are useful for troubleshooting Some examples are given in the following pages ...

Страница 212: ...rrors 0 Rx CRC Errors 0 Rx Frame Errors 0 Upper Layers Rx No Handler 0 Rx No Message 0 Rx Octets 975576 Rx Unicast Pkts 4156 Rx Multicast Pkts 203 Tx Discards 0 Tx Octets 2117992 Tx Unicast Pkts 3789 Tx Multicast Pkts 4073 Ethernet driver statistics USB Port Status Link down General Transmit OK 0 Receive OK 0 Tx Errors 0 Rx Errors 0 Tx Octets 0 Rx Octets 0 Ethernet driver statistics 10 100 Etherne...

Страница 213: ... configuration If it is not check the DSL cable and make sure it is plugged in correctly and not connected to a micro filter Below is an example ADSL Line State Up ADSL Startup Attempts 5 ADSL Modulation DMT Datapump Version 3 22 Downstream Upstream SNR Margin 18 6 14 0 dB Line Attenuation 0 4 4 0 dB Errored Seconds 14 3 Loss of Signal 4 4 Loss of Frame 0 0 CRC Errors 0 0 Data Rate 8000 800 ...

Страница 214: ...interfaces Ethernet 100BT up broadcast default rip send v1 rip receive v1 inet 192 168 1 1 netmask 255 255 255 0 broadcast 192 168 1 255 physical address 00 16 cb 39 a9 78 mtu 1500 PPP over Ethernet vcc1 up address mapping broadcast default admin disabled rip send v1 rip receive v1 inet 10 1 2 34 netmask 255 255 255 0 broadcast 10 1 2 1 physical address 00 15 bc 28 b8 67 mtu 1500 ...

Страница 215: ...correct PVC is listed which should be 0 35 some providers use other values such as 8 35 Check with your pro vider If not go to the WAN setup and change the VPI VCI to its correct value Below is an example ATM port status Up Rx data rate bps 8000 Tx data rate bps 800 ATM Virtual Circuits VCC Type VPI VCI Encapsulation 1 PVC 8 35 PPP over Ethernet LLC SNAP encapsulation ATM Circuit Statistics Rx Fra...

Страница 216: ... 2007 L3 IP Initialization complete Mon Apr 16 10 48 22 2007 L3 IPSec initializing service Mon Apr 16 10 48 22 2007 L3 IPSec No feature key available service disabled Mon Apr 16 10 48 22 2007 L3 PPP PPP over Ethernet vcc1 binding to PPPoE Mon Apr 16 10 48 22 2007 L3 PPP PPP over Ethernet vcc1 Port listening for incoming PPP connection requests Mon Apr 16 10 48 22 2007 L4 RFC1483 1 up Mon Apr 16 10...

Страница 217: ...quipment your Gateway connects to may not support this test Checking LAN Interfaces Check Ethernet LAN connect PASS Check IP connect to Ethernet LAN PASS Pinging Gateway PASS Check MAC Bridge connect to Ethernet LAN PASS Checking DSL WAN Interfaces Check DSL Synchronization PASS Check ATM Cell Delineation PASS ATM OAM Segment Ping through vcc1 WARNING Don t worry your service provider may not supp...

Страница 218: ...click the NSLookup button Example Show the IP Address for grosso com Result The DNS Server doing the lookup is displayed in the Server and Address fields If the Name Server can find your entry in its table it is displayed in the Name and Address fields PING The network tools section sends a PING from the Gateway to either the LAN or WAN to verify connec tivity A PING could be either an IP address ...

Страница 219: ...43 137 199 8 timer gran 100 ms Ping size 100 Ping count 5 ICMP echo reply from 192 150 14 120 200 ms ICMP echo reply from 192 150 14 120 100 ms No ping response ICMP echo reply from 192 150 14 120 100 ms ICMP echo reply from 192 150 14 120 100 ms 192 150 14 120 ping statistics 5 packets transmitted 4 packets received 20 packet loss ...

Страница 220: ...t Gateway s sub net mask is incorrect site is down Ping an internet site by name DNS is not properly configured on the Gateway config ured DNS servers are down site is down From a LAN PC Ping the Gateway s LAN IP address IP address and subnet mask of PC are not on the same scheme as the Gateway cabling or other connectivity issue Ping the Gateway s WAN IP address Default gateway on PC is incorrect...

Страница 221: ... ms 0 ms 100 ms 5 141 154 8 13 0 ms 100 ms 0 ms 6 4 24 92 97 0 ms 100 ms 0 ms 7 4 24 4 225 100 ms 0 ms 100 ms 8 4 24 7 121 0 ms 0 ms 100 ms 9 4 24 7 113 0 ms 100 ms 0 ms 10 4 24 6 50 100 ms 0 ms 100 ms 11 4 24 10 86 0 ms 100 ms 100 ms 12 4 24 6 234 0 ms 100 ms 0 ms 13 192 205 32 153 100 ms 0 ms 100 ms 14 12 123 1 122 100 ms 0 ms 100 ms 15 12 122 2 173 100 ms 100 ms 100 ms 16 12 122 2 153 100 ms 10...

Страница 222: ...Administrator s Handbook 222 ...

Страница 223: ...on page 282 DSL Commands on page 245 Ethernet Port Settings on page 283 Bridging Settings on page 246 802 3ah Ethernet OAM Settings on page 284 DHCP Settings on page 248 Command Line Interface Preference Settings on page 285 DMT Settings on page 254 Port Renumbering Settings on page 286 Domain Name System Settings on page 255 Security Settings on page 287 IGMP Settings on page 257 System Settings ...

Страница 224: ...load config file etheroam to show Ethernet OAM info exit to quit this shell help to get more help all or help help install to download and program an image into flash license to enter an upgrade key to add a feature log to add a message to the diagnostic log loglevel to report or change diagnostic log level netstat to show IP information nslookup to send DNS query for host ping to send ICMP Echo requ...

Страница 225: ...c dns Dynamic DNS client options ethernet Ethernet options ethernet MAC override Ethernet options igmp IGMP configuration options ip TCP IP protocol options ip maps IPmaps options nat default Network Address Translation default options pinhole Pinhole options ppp Peer to Peer Protocol options wan over ether PPP over Ethernet options preferences Shell environment settings queue bandwidth queueing op...

Страница 226: ...a Netopia Gateway set tings Entering a user password lets you display but not update Motorola Netopia Gateway settings When you have logged in successfully the command line interface lists the username and the security level associated with the password you entered in the diagnostic log Ending a CLI Session You end a command line interface session by typing quit from the SHELL node of the command ...

Страница 227: ...uld see Netopia 3000 9437188 as your CLI prompt SHELL Command Shortcuts You can truncate most commands in the CLI to their shortest unique string For example you can use the truncated command q in place of the full quit command to exit the CLI However you would need to enter rese for the reset command since the first characters of reset are common to the restart command The only commands you canno...

Страница 228: ...erify network connec tivity over each interface on your Motorola Netopia Gateway The console displays the results of each test as the diagnostic utility runs If one test is dependent on another the diagnostic utility indents its entry in the console window For example the diagnostic utility indents the Check IP connect to Ethernet LAN entry since that test will not run if the Check Ethernet LAN Co...

Страница 229: ... argument identifies the IP address of the TFTP server on which your Motorola Neto pia Gateway operating software is stored The filename argument identifies the path and name of the operating software file on the TFTP server If you include the optional keyword confirm you will not be prompted to confirm whether or not you want to perform the operation license key This command installs a software u...

Страница 230: ...laatu The ip_address argument is the IP address in dotted decimal notation of the device for which you want DNS information ping s size c count hostname ip_address Causes the Motorola Netopia Gateway to issue a series of ICMP Echo requests for the device with the specified name or IP address The hostname argument is the name of the device you want to ping for example ping ftp neto pia com The ip_a...

Страница 231: ...ifies the contents of the Motorola Netopia Gateway registers at the point of system malfunction reset dhcp server Clears the DHCP lease table in the Motorola Netopia Gateway reset diffserv Resets the Differentiated Services diffserv statistics reset enet all Resets Ethernet statistics to zero Resets individual LAN switch port statistics as well as wireless and WAN Ethernet statistics where applica...

Страница 232: ...ys are based on the serial number This allows you to get back those default settings if you have changed them without the need to reset the entire config uration of the unit restart seconds Restarts your Motorola Netopia Gateway If you include the optional seconds argument your Motorola Netopia Gateway will restart when the specified number of seconds have elapsed You must enter the complete resta...

Страница 233: ...R111 Gateway requirement It displays IP Address Manufac ture OUI and Serial number show enet all Displays Ethernet interface statistics maintained by the Motorola Netopia Gateway Beginning with Firm ware Version 7 7 supports display of individual LAN switch port statistics as well as WAN Ethernet statis tics where applicable Example show enet status all 10 100 Ethernet 1 Port Status Link down Tran...

Страница 234: ...ate configurations events and OAM statistics show features Displays standard and keyed features installed in the Motorola Netopia Gateway show group mgmt Displays the IGMP Snooping Table See IGMP Internet Group Management Protocol on page 100 for detailed explanation show ip arp Displays the Ethernet address resolution table stored in your Motorola Netopia Gateway show ip igmp Displays the content...

Страница 235: ...ap table NAT show log Displays blocks of information from the Motorola Netopia Gateway diagnostic log To see the entire log you can repeat the show log command or you can enter show log all show memory all Displays memory usage information for your Motorola Netopia Gateway If you include the optional all argument your Motorola Netopia Gateway will display a more detailed set of memory statistics s...

Страница 236: ...lobalPort 00000000 00000000 SumPort 00000000 00000000 segment 1 port masks PortPort 00001006 00000001 GlobalPort 00000000 00000000 SumPort 00001006 00000001 segment 2 port masks PortPort 0000003c 00000000 GlobalPort 00000000 00000000 SumPort 0000003c 00000000 segment 3 port masks PortPort 00000000 00000000 GlobalPort 00000000 00000000 SumPort 00000000 00000000 segment 4 port masks PortPort 0000000...

Страница 237: ...ctive segment Type 1 Index 1 Vid 1 PortMask 00001006 00000001 SwitchMask 00000004 WirelessMask 00001000 vlan active link namePtr eth lan uplink portType 1 portIndex 1 ifId 45 vlan active link namePtr ethernet0 0 portType 3 portIndex 2 ifId 46 vlan active link namePtr ssid1 portType 5 portIndex 12 ifId 56 vlan active link namePtr eth ip0 portType 7 portIndex 32 ifId 76 vlan active segment Type 1 In...

Страница 238: ...in dotted decimal notation of the device to which you want to connect The port argument is the number of t he port over which you want to open a telnet session traceroute ip_address hostname Traces the routing path to an IP destination upload server_address filename confirm Copies the current configuration settings of the Motorola Netopia Gateway to a TFTP Trivial File Transfer Protocol server The T...

Страница 239: ...the reset dhcp client release command without the variable to see the letter assigned to each virtual circuit reset dhcp client renew vcc id Releases the DHCP lease the Motorola Netopia Gateway is currently using to acquire the IP settings for the specified DSL port The vcc id identifier is an index letter in the range B I and does not directly map to the VCC in use Enter the reset dhcp client rel...

Страница 240: ... conditions are met For example you must enable IP for an interface before you can enter IP settings for that interface Navigating the CONFIG Hierarchy Moving from CONFIG to SHELL You can navigate from anywhere in the CONFIG hierarchy back to the SHELL level by entering quit at the CONFIG prompt and pressing RETURN Netopia 3000 9437188 top quit Netopia 3000 9437188 Moving from top to a subnode You...

Страница 241: ...te For example set ip ethernet A 192 31 222 57 Guidelines CONFIG Commands The following table provides guidelines for entering and formatting CONFIG commands If a command is ambiguous or miskeyed the CLI prompts you to enter additional information For example you must specify which virtual circuit you are configuring when you are setting up a Motorola Netopia Gateway Command component Rules for en...

Страница 242: ...presented in brackets with each value separated by a vertical line For example the following CLI step command indicates that the default value is off and that valid entries are limited to on and off option off on off on You can accept the default value for a field by pressing the Return key To use a different value enter it and press Return You can enter the CONFIG step mode by entering set from t...

Страница 243: ...ified ATA configuration profile to be stored in the Gateway set ata profile 0 3 ata mac addr MAC_addr Specifies the MAC address of the ATA for the specified configuration profile set ata profile 0 3 ata qos enable on off Enables or disables QoS for the specified profile set ata profile 0 3 ata dhcpc enable on off Enables or disables DHCP client service for the specified profile set ata profile 0 3 ata...

Страница 244: ...t port Specifies a registrar server port typically 5060 for the specified profile set ata profile 0 3 ata outproxy server ip_addr Specifies an outbound proxy server hostname or IP address for the specified profile set ata profile 0 3 ata outproxy port port Specifies an outbound proxy server port typically 5060 for the specified profile set ata profile 0 3 ata auth id value Specifies an authorization ...

Страница 245: ...ell Rate and the Maximum Burst Size that apply to the VC You set these values according to specifications defined by your service provider set atm vcc n qos peak cell rate 1 n If QoS class is set to cbr or vbr then specify the peak cell rate that should apply to the specified virtual circuit This value should be between 1 and the line rate The Peak Cell Rate PCR should be set to the maximum rate a...

Страница 246: ...be less than or equal to eight Bridging Settings Bridging lets the Motorola Netopia Gateway use MAC Ethernet hardware addresses to forward non TCP IP traffic from one network to another When bridging is enabled the Motorola Netopia Gateway maintains a table of up to 512 MAC addresses Entries that are not used within 30 seconds are dropped If the bridg ing table fills up the oldest table entries ar...

Страница 247: ... enabled set bridge ethernet option on off Enables or disables bridging services for the specified virtual circuit using Ethernet framing set bridge dsl vccn option on off Enables or disables bridging services for the specified interface Specified interface must be part of a VLAN if bridge is turned on Only RFC 1483 Bridged encapsulation is supported currently show log command will show that WAN B...

Страница 248: ...t beginning with the specified address for dynamic assignment set dhcp end address ip_address If you selected server specifies the last address in the DHCP address range set dhcp lease time lease time If you selected server specifies the default length for DHCP leases issued by the Motorola Netopia Gateway Enter lease time in dd hh mm ss day hour minute second format set dhcp option group name Spe...

Страница 249: ...cular option numbers set dhcp gen option name name Specifies a DHCP generic option set named name of one to 15 characters You can specify up to 20 gen options Each can contain up to 100 bytes of data up to a maximum of 912 bytes of options data total An option will be served only if the client requests it set dhcp gen option option 1 255 Specifies the DHCP option by number 1 255 The following tabl...

Страница 250: ...IP address list Multiples of 4 Yes 46 Unsigned 1 byte integer 1 Yes 47 String up to 100 characters N Yes 48 49 IP address list Multiples of 4 Yes 50 IP address 4 No 51 Unsigned 4 byte integer 4 No 52 Unsigned 1 byte integer 1 No 53 Unsigned 1 byte integer 1 Yes 54 IP address 4 Yes 55 String up to 100 characters N No 56 String up to 100 characters N Yes 57 Unsigned 2 byte integer 2 Yes 58 59 Unsign...

Страница 251: ...79 Complex N No 80 Empty 0 No 81 Complex N No 82 Sub option list N Yes 83 Complex N No 84 Undefined Yes 85 IP address list Multiples of 4 Yes 86 87 Unicode String Multiples of 2 Yes 88 Encoded DN list N Yes 89 IP address list Multiples of 4 Yes 90 Complex N No 91 97 Undefined Weakly defined Yes 98 String up to 100 characters N Yes 99 115 Undefined Weakly defined Yes 116 Flag 1 Yes 117 Unsigned 2 b...

Страница 252: ...e but an addi tional filterset is available for use when bridging to block undesired DHCP traffic Up to 8 rules can be cre ated in the filterset which are evaluated in order dhcp option determines which DHCP option should be compared A typical value would be to use option 60 data for comparison but allowing this value to be configured permits more flexibility set dhcp filterset name settopbox rule...

Страница 253: ...f the option in the DHCP packet is not present The value 0 0 0 0 means regular processing 255 255 255 255 means discard Example Netopia 3000 9450000 dhcp sc set dhcp option server set dhcp start address 192 168 1 33 set dhcp end address 192 168 1 63 set dhcp lease time 01 00 00 00 set dhcp filterset name settopbox rule 1 dhcp option 60 set dhcp filterset name settopbox rule 1 match str STB set dhc...

Страница 254: ...ine Entering a value for the VPI or VCI setting will disable this feature set dmt dmt dying gasp default off on Enables or disables Gateway dying gasp behavior in cases of power failure Default is off set dmt wiringMode auto tip_ring A_A1 not supported on all models This command configures the wiring mode setting for your ADSL line Select ing auto the default causes the Gateway to detect which pai...

Страница 255: ... of the primary DNS name server set dns proxy enable This allows you to disable the default behavior of acting as a DNS proxy The default is on set dns secondary address ip_address Specifies the IP address of the secondary DNS name server Enter 0 0 0 0 if your network does not have a secondary DNS name server set dns configured dns priority 0 255 Sets the configured DNS priority relative to acquire...

Страница 256: ... your actual IP address may change as a result of a PPPoE connection to the Internet set dynamic dns option off dyndns org set dynamic dns ddns host name myhostname dyndns org set dynamic dns ddns user name myusername set dynamic dns ddns user password myuserpassword Enables or disables dynamic DNS services The default is off If you specify dyndns org you must supply your hostname username for the...

Страница 257: ...only if the router is configured for IGMP forwarding If any IGMP v1 routers are present on the subnet the querier must use IGMP v1 The use of IGMP v1 must be administratively configured since there is no reliable way of dynamically determining whether IGMP v1 routers are present on a network IGMP forwarding is enabled per IP Profile and WAN Connection Profile Last Member Query Interval the amount ...

Страница 258: ...e limited to v1 for backward compatibility select 1 otherwise allow the default 3 set igmp last member query intvl value Sets the last member query interval the amount of time in tenths of a second that the IGMP gateway waits to receive a response to a Group Specific Query message The last member query interval is also the amount of time in seconds between successive Group Specific Query messages ...

Страница 259: ...ther TCP IP settings for the Motorola Netopia Gateway If you turn off TCP IP ser vices and save the new configuration the Motorola Netopia Gateway clears its TCP IP settings ARP Timeout Settings set ip arp timeout 60 6000 Sets the timeout value for ARP timeout Default 600 secs 10 mins range 60 secs 6000 secs 1 100 mins DSL Settings set ip dsl vccn address ip_address Assigns an IP address to the vi...

Страница 260: ...conds it switches to DHCP As soon as it can connect via DHCP the Gateway chooses and sets DHCP as its default Otherwise after attempting to connect via DHCP for 60 seconds the Gateway switches back to PPPoE The Gateway will continue to switch back and forth in this manner until it successfully connects Similarly selecting PPPoE PPPoA causes the Gateway to attempt to connect by trying these protoco...

Страница 261: ... receive off v1 v2 v1 compat v2 MD5 Specifies whether the Motorola Netopia Gateway should use Routing Information Protocol RIP broad casts to update its routing tables with information received from other routers If you specify v2 MD5 you must also specify a rip receive key Keys are ASCII strings with a maximum of 31 characters and must match the other router s keys for proper operation of MD5 sup...

Страница 262: ...le RIP 1 and RIP 2 share the same basic algorithms RIP 2 supports several additional fea tures including inclusion of subnet masks in RIP packets and implementation of multicasting instead of broadcasting which reduces the load on hosts which do not support routing protocols RIP 2 with MD5 authentication is an extension of RIP 2 that increases security by requiring an authentication key when route...

Страница 263: ...routing IP over a virtual PPP interface NOTE For a DSL platform you must identify the virtual PPP interface vccn a number from 1 to 8 set ip ip ppp vccn option on off Enables or disables IP routing through the virtual PPP interface By default IP routing is turned on If you turn off IP routing and save the new configuration the Motorola Netopia Gateway clears IP routing set tings set ip ip ppp vccn...

Страница 264: ...etting this to DHCP PPPoE enables automatic sensing of your WAN connection type PPPoE or DHCP The gateway attempts to connect using PPPoE first If the Gateway fails to connect after 60 seconds it switches to DHCP As soon as it can connect via DHCP the Gateway chooses and sets DHCP as its default Otherwise after attempting to connect via DHCP for 60 seconds the Gateway switches back to PPPoE The Ga...

Страница 265: ...ether you want the Motorola Netopia Gateway to identify the source IP address of every IGMP packet transmitted from this interface as 0 0 0 0 when mcast fwd is set to on This complies with the requirements of TR 101 and removes the need for a publicly advertised IP address on the WAN interface set ip ip ppp vccn mcast fwd on off Specifies whether you want the Motorola Netopia Gateway interface to ...

Страница 266: ...c ARP entries to the Motorola Netopia Gateway static ARP table set ip static arp ip address ip_address Specifies the IP address for the static ARP entry Enter an IP address in the ip_address argument in dot ted decimal format The ip_address argument cannot be 0 0 0 0 set ip static arp ip address ip_address hardware address MAC_address Specifies the Ethernet hardware address for the static ARP entr...

Страница 267: ...ot override TOS bit settings made by the endpoints Support for source provided IP TOS priorities within the Gateway is achieved simply by turning the Diff Serve option on and by setting the lohi asymmetry to adjust the behavior of the Gateway s internal queues set diffserv lohi ratio 60 100 percent Sets a percentage between 60 and 100 used to regulate the level of packets allowed to be pending in ...

Страница 268: ... the address equal to zero this check is ignored for out bound packets The check is always ignored for inbound packets The DiffServe queuing function must be applied ahead of NAT and before NAT re maps the inbound packets all inbound packets are des tined for the Gateway s WAN IP address outside ip mask If you want packets destined for and originating from a certain WAN IP address to be marked ent...

Страница 269: ...serv qos dscp map 1 best effort assured expedite network control set diffserv qos dscp map 31 best effort assured expedite network control By default the following settings are used in custom mode set diffserv qos dscp map 0 best effort set diffserv qos dscp map 1 best effort set diffserv qos dscp map 2 best effort set diffserv qos dscp map 3 best effort set diffserv qos dscp map 4 best effort set...

Страница 270: ...map 23 expedite set diffserv qos dscp map 24 network control set diffserv qos dscp map 25 network control set diffserv qos dscp map 26 network control set diffserv qos dscp map 27 network control set diffserv qos dscp map 28 network control set diffserv qos dscp map 29 network control set diffserv qos dscp map 30 network control set diffserv qos dscp map 31 network control ...

Страница 271: ...llows create and configure one or more queues which can be a basic queue or a priority queue comprising a group of basic queues a weighted fair queue comprising a group of basic queues or a funnel compris ing a group of basic queues assign a queue instance to the Ethernet WAN interface map packet attributes to a queue The same queue name can be assigned to multiple interfaces which require identic...

Страница 272: ...y Queue funnel Funnel Queue Basic Queue set queue name basic_queue_name option on off set queue name basic_queue_name type basic Specifies the Basic Queue named basic_queue_name attributes Basic queues have one input and one output The basic queue is assigned an ID with the following attribute when the queue is full discard By default the following Basic Queues are created basic_q0 basic_q1 basic_...

Страница 273: ...ueue_name name of input queue weight_value numeric relative weight of queue share bw if enabled the bandwidth for this queue can be shared between other queues when idle default input specifies the default input queue name The default special queuing configuration shapes the rate of a custom flow toward the Remote Manage ment Server By default the following WFQ is created set queue name wfq option...

Страница 274: ...rity_queue_name name of priority queue input_queue_name name of input queue priority_value numeric relative priority of queue The higher the number the higher the priority of the queue default input specifies the default input queue name By default the following priority queue is created set queue name pq option on set queue name pq type priority set queue name pq entry 1 input basic_q0 set queue ...

Страница 275: ...nel queues are created Rate limiting priority queue to 100Kbps set queue name pq 100kbps option on set queue name pq 100kbps type funnel set queue name pq 100kbps input pq set queue name pq 100kbps bps 100000 Rate limiting weighted fair queue to 100Kbps set queue name wfq 100kbps option on set queue name wfq 100kbps type funnel set queue name wfq 100kbps input wfq set queue name wfq 100kbps bps 10...

Страница 276: ...riodically from other routers static routes do not time out Consequently static routes are useful when working with PPP since an intermittent PPP link may make maintenance of dynamic routes problematic You can configure as many as 32 static IP routes for a Motorola Netopia Gateway Use the following com mands to maintain static routes to the Motorola Netopia Gateway routing table set ip static rout...

Страница 277: ...e remote network is one router away and the static route is the best way to reach it The remote network is more than one router away but the static route should not be replaced by a dynamic route even if the dynamic route is more efficient set ip static routes destination network net_address rip advertise splitHorizon always never Specifies whether the gateway should use Routing Information Protoc...

Страница 278: ... passthrough host to acquire its IP address via DHCP if ip passthrough is enabled set nat default address ip_address Specifies the IP address of the NAT default server set nat default host hardware address MAC_address Specifies the hardware MAC address of the IP passthrough host If the MAC address is specified as all zeroes the first DHCP client that requests an IP address gets the passthrough add...

Страница 279: ...u would use the same number for the external and internal port PPPoE PPPoA Settings You can use the following commands to configure basic settings port authentication settings and peer authentication settings for PPP interfaces on your Motorola Netopia Gateway Configuring Basic PPP Settings NOTE For the DSL platform you must identify the virtual PPP interface vccn a number from 1 to 8 set ppp modul...

Страница 280: ... lost echoes the Motorola Netopia Gateway should tolerate before bringing down the PPP connection The integer argument can be any number from between 1 and 20 set ppp module vccn failures max integer Specifies the maximum number of Configure NAK messages the PPP module can send without having sent a Configure ACK message The integer argument can be any number between 1 and 20 set ppp module vccn c...

Страница 281: ...r The settings for port authentication on the local Motorola Netopia Gateway must match the authentica tion that is expected by the remote peer For example if the remote peer requires CHAP authentication and has a name and CHAP secret for the Motorola Netopia Gateway you must enable CHAP and specify the same name and secret on the Motorola Netopia Gateway before the link can be established set ppp...

Страница 282: ... C address 0 0 0 0 set ip ethernet C broadcast 0 0 0 255 set ip ethernet C netmask 255 255 255 0 set ip ethernet C restrictions admin disabled set ip ethernet C addr mapping on set ip ethernet C dns acquired dns priority 20 set ip ethernet C mcast fwd on set ip ethernet C igmp null source addr off set ip ethernet C tx queue none set ip ethernet C unnumbered off set ip ethernet C rip receive off se...

Страница 283: ...ing on the specified interface If set to on this interface acts as an IGMP proxy host and IGMP packets are transmitted and received on this interface on behalf of IGMP hosts on the LAN interface See IGMP Internet Group Management Protocol on page 100 for more informa tion set ip ip ppp vcc1 igmp null source addr off on Enables or disables IGMP null source address if mcast fwd is set to on If enabl...

Страница 284: ...scovers and keeps alive the Link connectivity and reports faults if the link goes down Supported OAM request and response types are remote loopback enable remote loop back disable variable request variable response set ethernet oam ah option off on Enables or disables Ethernet OAM Default is off set ethernet oam ah pass through off on Enable or disable Ethernet OAM pass through mode Default is off...

Страница 285: ...lays help for a node when you navigate to that node set preference more lines Specifies how many lines of information you want the command line interface to display at one time The lines argument specifies the number of lines you want to see at one time The range is 1 65535 By default the command line interface shows you 22 lines of text before displaying the prompt More y n If you enter 1000 for ...

Страница 286: ...e Motorola Netopia Gateway graphical user interface Similarly you would have to configure your telnet application to use the appropriate port when opening a configuration connection to your Motorola Netopia Gateway set servers web http 1 65534 Specifies the port number for HTTP web communication with the Motorola Netopia Gateway Because port numbers in the range 0 1024 are used by other protocols ...

Страница 287: ...e implementation is built to these standards the other side of the tunnel can be either another Motorola Netopia unit or another IPsec IKE based security product For VPN you can choose to have traffic authenticated encrypted or both When connecting the Motorola Netopia unit in a telecommuting scenario the corporate VPN settings will dictate the settings to be used in the Motorola Netopia unit If a...

Страница 288: ... set security ipsec tunnels name 123 auth protocol ESP AH ESP none See page 146 for details about SafeHarbour IPsec tunnel capability set security ipsec tunnels name 123 IKE mode pre shared key type hex ascii hex See page 146 for details about SafeHarbour IPsec tunnel capability set security ipsec tunnels name 123 IKE mode pre shared key hex string See page 146 for details about SafeHarbour IPsec ...

Страница 289: ...Psec tunnel capability set security ipsec tunnels name 123 IKE mode invalid spi recovery off on Enables the Gateway to re establish the tunnel if either the Motorola Netopia Gateway or the peer gateway is rebooted set security ipsec tunnels name 123 xauth enable off on Enables or disables Xauth extensions to IPsec when IKE mode neg method is set to aggressive Default is off set security ipsec tunn...

Страница 290: ...urity ipsec tunnels name 123 local id addr ip address set security ipsec tunnels name 123 local id mask ip mask set security ipsec tunnels name 123 remote id type IP address Subnet Hostname ASCII Specifies the NAT remote ID type for the specified IPsec tunnel when Aggressive Mode is set set security ipsec tunnels name 123 remote id id_value Specifies the NAT remote ID value as specified in the rem...

Страница 291: ...00 The soft parameters designate when the system begins to negotiate a new key For example after 82800 seconds 23 hours or 1 Gbyte has been transferred whichever comes first the key will begin to be renegotiated The hard parameters indicate that the renegotiation must be complete or the tunnel will be disabled For example 86400 seconds 24 hours means that the renegotiation must be complete within ...

Страница 292: ...cp seq diff 0 65535 Sets the acceptable TCP sequence difference on the specified interface The TCP sequence number differ ence maximum allowed value is 65535 If the value of tcp seq diff is 0 it means that this check is dis abled set security state insp ip ppp dsl vccn deny fragments off on set security state insp ethernet A B deny fragments off on Sets whether fragmented packets are allowed to be...

Страница 293: ...arting IP address in dotted quad format set security state insp xposed addr exposed address n end ip ip_address Sets the exposed list range ending IP address in dotted quad format 32 exposed addresses can be created The range for exposed address numbers are from 1 through 32 set security state insp xposed addr exposed address n protocol tcp udp both any Sets the protocol for the stateful inspectio...

Страница 294: ... idle reset on or off for the specified filter rule A match on this rule resets idle timeout status and keeps the WAN connection alive The default is off For idle reset to be displayed forward must be enabled on a filter rule set security pkt filter filterset filterset name input_filter output_filter index frc rte on off Turns forced routing on or off for the specified filter rule A match on this rule ...

Страница 295: ...filter output_filter index tos mask value Specifies the TOS Type Of Service mask to match packets The value for tos mask can be from 0 255 set security pkt filter filterset filterset name input_filter output_filter index protocol value Specifies the protocol value to match packets the type of higher layer Internet protocol the packet is carry ing such as TCP or UDP The value for protocol can be from 0 25...

Страница 296: ...rc port does not display if nc is set for src compare or dst com pare set security pkt filter filterset filterset name input_filter output_filter index dst port value Specifies the destination IP port to match packets the port on the receiving host that the packet is des tined for if the underlying protocol is TCP or UDP dst port does not display if nc is set for src compare or dst compare set security...

Страница 297: ...ument is the IP address of the host acting as an SNMP console set snmp sysgroup contact contact_info Identifies the system contact such as the name phone number beeper number or email address of the person responsible for the Motorola Netopia Gateway You can enter up to 255 characters for the contact_info argument You must put the contact_info argument in double quotes if it contains embedded spac...

Страница 298: ...y is part of this type of network do NOT alter the System Name unless specifically instructed by your Service Provider set system diagnostic level off low medium high alerts failures Specifies the types of log messages you want the Motorola Netopia Gateway to record All messages with a level equal to or greater than the level you specify are recorded For example if you specify set system diagnosti...

Страница 299: ...ssword admin user Specifies the administrator or user password for a Motorola Netopia Gateway When you enter the set system password command you are prompted to enter the old password if any and new password You are prompted to repeat the new password to verify that you entered it correctly the first time To prevent anyone from observing the password you enter characters in the old and new passwor...

Страница 300: ...is is 20 in the above layout each heartbeat sequence will send out a total 20 heartbeats spaced at 30 second intervals and then sleep for 30 minutes So to have the Gateway send out packets forever this number can be set very high If it is 1440 and the interval is 1 minute say the heartbeat will go out every minute for 1440 minutes or one day before sleeping The sleep setting is part of sequence co...

Страница 301: ...e OR IP address optionalPath https domain name OR IP address optionalPath port https domain name OR IP address optionalPath domain name OR IP address optionalPath port domain name OR IP address optionalPath If the port number is omitted port 80 will be assumed Syslog set system syslog option off on Enables or disables system syslog feature If syslog option is on the following commands are availabl...

Страница 302: ...option on Set the IP Address of the syslog host set system syslog host nameip ip addr example set system syslog host nameip 10 3 1 1 Enable change the options you require set system syslog log facility local1 set system syslog log violations on set system syslog log accepted on set system syslog log attempts on 4 Set NTP parameters Type config Set the time zone Default is 0 or GMT set system ntp t...

Страница 303: ...ignificant impact on performance depending on other wireless activity in proximity to this AP Channel selection is not necessary at the clients clients will scan the available channels and look for APs using the same ssid as the client set wireless network id closed system on off When this setting is enabled a client must know the ssid in order to connect or even see the wireless access point When...

Страница 304: ...th ssid wpa ver all WPA1 only WPA2 only Specifies the type of WPA version enabled on multiple SSIDs when multi ssid option is set to on and pri vacy is set tp WPA PSK See Wireless Privacy Settings on page 308 for more information set wireless multi ssid second ssid psk string set wireless multi ssid third ssid psk string set wireless multi ssid fourth ssid psk string Specifies a WPA passphrase for...

Страница 305: ... to on this will block wireless clients from communicating with other wireless clients on the LAN side of the Gateway set wireless tx power full medium fair low minimal Sets the wireless transmit power scaling down the router s wireless transmit coverage by lowering its radio power output Default is full power Transmit power settings are useful in large venues with multiple wire less routers where...

Страница 306: ...be lower than cwmax Valid values are 1 3 7 15 31 63 127 255 or 511 cwmax Maximum Contention Window upper limit in milliseconds of the range of determining final ran dom backoff The value you choose must be higher than cwmin Valid values are 3 7 15 31 63 127 255 511 or 1023 txoplimit Time interval in microseconds that clients may initiate transmissions Valid values are 0 9999 NOTE It is not recomme...

Страница 307: ... wmm client edca video cwmin value set wireless wmm client edca video cwmax value set wireless wmm client edca video txoplimit 0 9999 Sets values for client WMM video parameters set wireless wmm client edca best effort aifs 1 255 set wireless wmm client edca best effort cwmin value set wireless wmm client edca best effort cwmax value set wireless wmm client edca best effort txoplimit 0 9999 Sets v...

Страница 308: ...ive the client s data it must likewise have the identical key of the same length in the same slot For simplicity a wireless Gate way and its clients need only enter share and use the first key set wireless network id privacy pre shared key string The Pre Shared Key is a passphrase shared between the Router and the clients and is used to generate dynamically changing keys when WPA PSK is selected o...

Страница 309: ...F21A09C You must set at least one of these keys indicated by the default keyid Wireless MAC Address Authorization Settings set wireless mac auth option on off Enabling this feature limits the MAC addresses that are allowed to access the LAN as well as the WAN to specified MAC hardware addresses set wireless mac auth wrlss MAC list mac address MAC address_string Enters a new MAC address into the MA...

Страница 310: ...shared secret should have the same characteris tics as a normal password set radius alt radius name server_name_string Specifies an alternate RADIUS server name or IP address to be used if the primary server is unreachable set radius alt radius secret shared_secret Specifies the secret key used by the alternate RADIUS server set radius radius port port_number Specifies the port on which the RADIUS...

Страница 311: ...this to a value greater than 0 all packets of this VLAN with unmarked priority bits pbits will be re marked to this priority set vlan name name ports port option off on Enables or disables the Gateway s physical Ethernet USB or VCC port or wireless SSID for the specified VLAN set vlan name name ports port tag off on If set to on packets transmitted from this port through this VLAN must be tagged w...

Страница 312: ...nter vlan routing allows VLANs in the specified group to route traffic to the others ungrouped VLANs cannot route traffic to each other You must save the changes exit out of configuration mode and restart the Gateway for the changes to take effect Example 1 A simple example using the Step method Navigate to the VLAN item Netopia 3000 9437188 top vlan Netopia 3000 9437188 vlan set vlan vlan node li...

Страница 313: ...t vlan name LanPorts ports ssid1 port pbits 0 set vlan name LanPorts ports eth1 option off set vlan name LanPorts ip interfaces ip ppp a option off set vlan name LanPorts ip interfaces ip eth b option off set vlan name LanPorts ip interfaces ip eth c option off set vlan name LanPorts ip interfaces ip eth a option on set vlan name LanPorts inter vlan routing group 1 on set vlan name LanPorts inter ...

Страница 314: ...7 set vlan name Mgmt_2017 admin restricted off set vlan name Mgmt_2017 seg pbits 3 set vlan name Mgmt_2017 ports eth0 1 option off set vlan name Mgmt_2017 ports eth0 2 option off set vlan name Mgmt_2017 ports eth0 3 option off set vlan name Mgmt_2017 ports eth0 4 option off set vlan name Mgmt_2017 ports ssid1 option off set vlan name Mgmt_2017 ports eth1 option on set vlan name Mgmt_2017 ports eth...

Страница 315: ...nterfaces ip eth b option off set vlan name Video_31 ip interfaces ip eth c option off set vlan name Video_31 ip interfaces ip eth a option off set vlan name Video_31 inter vlan routing group 1 off set vlan name Video_31 inter vlan routing group 2 off set vlan name Video_31 inter vlan routing group 3 off set vlan name Video_31 inter vlan routing group 4 off You must save the changes exit out of co...

Страница 316: ...me or IP address set voip phone 0 1 sip proxy server domain domain_name Specifies the SIP proxy server domain name or IP address for the specified phone set voip phone 0 1 sip proxy server transport UDP TCP TLS Specifies the SIP proxy server transport protocol for the specified phone Default is UDP set voip phone 0 1 sip registrar setting sip registrar server server_name ip_address Specifies the S...

Страница 317: ... priority to the alaw codec the common analog voice encoding method used outside North Amer ica set voip phone 0 1 codec G711U priority 1 2 3 4 5 6 7 none Assigns a priority to the ulaw codec the common analog voice encoding method used in North America set voip phone 0 1 codec G729A priority 1 2 3 4 5 6 7 none Assigns a priority to the G729 annex A codec the common analog voice compression implem...

Страница 318: ...eature call forwarding all option off on call forwarding all option turns unconditional call forwarding on or off set voip phone 0 1 sip advanced setting call feature call forwarding all number phone_number call forwarding all number specifies the number to which calls are to be forwarded when call forward ing all option is on set voip phone 0 1 sip advanced setting call feature call forwarding on...

Страница 319: ... echo off echo on echo on nlp echo on cng nlp echo option specifies under what conditions the system invokes or disables echo cancellation Default is echo on cng nlp Comfort Noise Generation with non linear processor set voip phone 0 1 sip advanced setting dsp settings echo start attenuation 0 65535 echo start attenuation specifies the minimum attenuation level at which to invoke echo cancellation...

Страница 320: ... sip dtmf mode rfc2833 set voip phone 0 sip advanced setting sip end of dial marker off set voip phone 0 sip advanced setting call feature call forwarding all option off set voip phone 0 sip advanced setting call feature call forwarding on busy option off set voip phone 0 sip advanced setting call feature call forwarding on no answer option off set voip phone 0 sip advanced setting call feature ca...

Страница 321: ...tenuation 8192 set voip phone 1 sip advanced setting dsp settings echo max attenuation 16384 set voip phone 1 sip advanced setting dsp settings echo tail length 0 set voip phone 1 sip advanced setting dsp settings vad option off UPnP settings set upnp option on off PCs using UPnP can retrieve the Gateway s WAN IP address and automatically create NAT port maps This means that applications that supp...

Страница 322: ... cpewan option off on set dslf cpewan acs url acs_url port_number set dslf cpewan acs user name acs_username set dslf cpewan acs user password acs_password Turns TR 069 WAN side management services on or off For 3300 Series Gateways the default is off for 2200 Series Gateways the default is on If TR 069 WAN side management services are enabled specifies the auto config server URL and port number A...

Страница 323: ...items that are particularly useful for testing if the remote end of a VPN connection has gone down The Gateway will ping both addresses simultaneously at five second intervals recording the ping responses from each host The Gateway will proceed into backup mode only if neither of the configured remote hosts responds set backup ping host 1 2 name hostname ip address ip_address Specifies an IP addre...

Страница 324: ...Administrator s Handbook 324 set ip backup gateway default ip_address Specifies the ip address of the default gateway ...

Страница 325: ...e margin 0x0000 0xffff min noise margin 0x0000 0xffff port bandplan 0x00 xff framing mode 0x00 0xff band mod 0x00 0xff port option 0x00 0xff power mode 0x00 0xff tx filter 0x00 0xff rx filter 0x00 0xff dying gasp off on VDSL Parameter Defaults Parameter Default Meaning sys option 0x00 VDSL system option bit0 ntr 1 margin 2 ini 3 pbo 4 tlan 5 pbo sys bandplan 0x02 VDSL system bandplan bp_3_998_4 2 bp...

Страница 326: ...se margin 0x0C VDSL port downstream target noise margin min noise margin 0x0A VDSL port minimum noise margin port bandplan 0x02 VDSL port bandplan framing mode 0x90 DSL port frame mode 0 ATM 0x80 PTM 0x90 Auto EFM PTM band mod 0x11 VDSL port band mod port option 0x0A Annex B 0x06 Annex A VDSL port portoption bit0 I43 bit1 v43 bit2 a43 bit3 b43 power mode 0x01 VDSL port power mode tx filter 0x02 VDS...

Страница 327: ...t higher rates but less stable line sys bandplan BP1_998_3 0x00 BP2_998_3 0x01 BP998_3B_8_5M 0x01 BP3_998_4 0x02 BP998_4B_12M 0x02 BP4_997_3 0x03 BP997_3B_7_1M 0x03 BP5_997_3 0x04 BP6_997_4 0x05 BP997_4B_7_1M 0x05 BP7_MXU_3 0x06 FLEX_3B_8_5M 0x06 BP8_MXU_2 0x07 BP9_998_2 0x08 BP10_998_2 0x09 BP998_2B_3_8M 0x09 BP11_998_2 0x0A BP12_998_2 0x0B BP13_MXU_3 0x0C BP14_MXU_3 0x0D BP15_MXU_3 0x0E BP16_997...

Страница 328: ... each upstream band in the PSD Upstream Band 0 or Optional band Upstream band 1 Upstream band 2 and Upstream Band 3 Setting all K2 parameters to 0 and all K1 to a high power level ie low number will essentially disable UPBO pbo k1_2 pbo k1_3 pbo k2_1 pbo k2_2 pbo k2_3 line type VDSL_AUTO_DETECT 0x80 VDSL 0x81 VDSL_ETSI 0x82 us max inter delay Maximum upstream interleave delay Provisioned in steps ...

Страница 329: ...B_3_8M 0x09 BP11_998_2 0x0A BP12_998_2 0x0B BP13_MXU_3 0x0C BP14_MXU_3 0x0D BP15_MXU_3 0x0E BP16_997_4B_4P 0x0F BP17_998_138_4400 0x10 BP18_997_138_4400 0x11 BP19_997_32_4400 0x12 BP20_998_138_4400_opBand 0x15 BP21_997_138_4400_opBand 0x16 BP22_998_138_4400_opBand 0x16 BP23_998_138_16000 0x17 BP24_998_3B_8KHZ 0x18 BP25_998_138_17600 0x19 BP26_CH1_3 0x1A BP27_CH1_4 0x1B framing mode HDLC 0x80 AUTO ...

Страница 330: ...ower mode 0 8 5dBm power output 1 11 5 dBm power output tx filter 0 using internal filter in Tx path 1 using K1 external filter in Tx path for Korea VLR Application 2 using U1 external filter in Tx path for US Korea VLR Application 3 using H1 external filter in Tx path for 100 100 Application rx filter 0 using internal filter in Rx path 1 using K1 external filter in Rx path for Korea VLR Application 2 usi...

Страница 331: ...computer system address mask See subnet mask ADSL Asymmetric Digital Subscriber Line Modems attached to twisted pair copper wiring that transmit 1 5 9 Mbps downstream to the subscriber and 16 640 kbps upstream depending on line distance Downstream rates are usually lower that 1 5Mbps in practice AH The Authentication Header provides data origin authentication connectionless integrity and anti repl...

Страница 332: ... channel 16 kbps over a single wire pair bridge Device that passes packets between two network segments according to the packets destination address broadcast Message sent to all nodes on a network broadcast address Special IP address reserved for simultaneous broadcast to all network nodes buffer Storage area used to hold data until it can be forwarded C carrier Signal suitable for transmission o...

Страница 333: ... Digital Communication Equipment Device that connects the communication circuit to the network end node DTE A modem and a CSU DSU are examples of a DCE dedicated line Communication circuit that is used exclusively to connect two network devices Compare dial on demand DES Data Encryption Standard is a 56 bit encryption algorithm developed by the U S National Bureau of Standards now the National Ins...

Страница 334: ...close information formatted for one protocol such as AppleTalk within a packet formatted for a different protocol such as TCP IP Encrypt Protocol Encryption protocol for the tunnel session Parameter values supported include NONE or ESP encryption The application of a specific algorithm to a data set so that anyone without the encryption key cannot understand the information ESP Encapsulation Secur...

Страница 335: ...figured between 1 and 1 000 000 MB and refers to data traffic passed Hard Seconds Setting the Hard Seconds parameter forces the renegotiation of the IPSec Security Associ ations SAs at the configured Hard Seconds value The value can be configured between 60 and 1 000 000 seconds A tunnel will start the process of renegotiation at the soft threshold and renegotiation must happen by the hard limit o...

Страница 336: ...f the 32 bit number are presented as a decimal number with the four octets separated by periods IPCP Internet Protocol Control Protocol A network control protocol in PPP specifying how IP communica tions will be configured and operated over a PPP link IPSEC A protocol suite defined by the Internet Engineering Task Force to protect IP traffic at packet level It can be used for protecting the data t...

Страница 337: ...connection that act as passwords when wireless devices try to join wireless networks An SSID differentiates one wireless net work from another so all access points and all devices attempting to connect to a specific network must use the same SSID Netopia Gateways support up to four SSIDs SSIDs are also sometimes referred to as Network Names because they are names that identify wireless networks MT...

Страница 338: ... other keying material that material must not be used to derive any more keys PING Packet INternet Groper Utility program that uses an ICMP echo message and its reply to verify that one network node can reach another Often used to verify that two hosts can communicate over a network PPP Point to Point Protocol Provides a method for transmitting datagrams over serial router to router or host to net...

Страница 339: ...hentication Hash algorithm used during SA negotiation Val ues supported include MD5 SHA1 N A will display if NONE is chose for Auth Protocol Security Association From the IPSEC point of view an SA is a data structure that describes which trans formation is to be applied to a datagram and how The SA specifies The authentication algorithm for AH and ESP The encryption algorithm for ESP The encryptio...

Страница 340: ...ia Gateway analyzes the con tinuous conversation stream preventing session hijacking and denial of service attacks static route Route entered manually in a routing table subnet mask A 32 bit address mask that identifies which bits of an IP address represent network address information and which bits represent node identifier information synchronous communication Method of data communication requir...

Страница 341: ...at use the Public Switched Telephone Network PSTN VoIP calls use an Inter net protocol Session Initiation Protocol SIP to transmit sound over a network or the Internet in the form of data packets W WAN Wide Area Network Private network facilities usually offered by public telephone companies but increasingly available from alternative access providers sometimes called Competitive Access Providers ...

Страница 342: ...Administrator s Handbook 342 ...

Страница 343: ...rt 10 100Base T Ethernet switch for your LAN connections Some models have a USB port that can be used to connect to your PC in some cases the USB port also serves as the power source Some models contain an 802 11b or 802 11g wireless LAN transmitter Power requirements 12 VDC input USB powered models only For Use with Listed I T E Only Environment Operating temperature 0 to 40 C Storage temperature...

Страница 344: ...0 Europe EMI Compatibility 89 336 EEC European directive EN55022 1994 CISPR22 Class B EN300 386 V1 2 1 non wireless products EN 301 489 wireless products Regulatory notices European Community This Motorola Netopia product conforms to the European Community CE Mark standard for the design and manufacturing of information technology equipment This standard covers a broad area of product design inclu...

Страница 345: ...of users requiring service to report the need for service to our Company or to one of our authorized agents Service can be obtained at Motorola Inc 6001 Shellmound Street Emeryville California 94608 Telephone 510 597 5400 Important This product was tested for FCC compliance under conditions that included the use of shielded cables and connectors between system components Changes or modifications t...

Страница 346: ... Ethernet ports to a carrier or carriage service provider s telecommunications network or facility unless a you have the written consent of the network or facility manager or b the connection is in accordance with a connection permit or connection rules Connection of the Ethernet ports may cause a hazard or damage to the telecommunication network or facility or persons with consequential liability...

Страница 347: ...quipment to the premises wiring and telephone network must comply with the applicable FCC Part 68 rules and requirements adopted by the ACTA A compliant telephone cord and modular plug is provided with this product It is designed to be connected to a compatible modular jack that is also compliant See installation instructions for details d The REN is used to determine the number of devices that ma...

Страница 348: ...ource code must retain the above copyright notice this list of conditions and the following dis claimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the foll...

Страница 349: ...AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCURE MENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR B...

Страница 350: ...d Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation advertising materials and other materials related to such distribution and use acknowledge that the software was developed by Carnegie Mellon University The name of the University may not be used to endorse or prom...

Страница 351: ...y on page 354 Network Address Translation NAT password protection Stateful Inspection firewall and other built in security features prevent unauthorized remote access to your network Pinholes default server and other features permit access to computers on your home network that you can specify Wide Area Network Termination PPPoE PPPoA Point to Point Protocol over Ethernet ATM The PPPoE specificati...

Страница 352: ...When you configure Instant On access you can also configure an idle time out value Your Gateway moni tors traffic over the Internet link and when there has been no traffic for the configured number of seconds it disconnects the link When new traffic that is destined for the Internet arrives at the Gateway the Gateway will instantly re estab lish the link Your service provider may be using a system...

Страница 353: ...Neto pia Gateway Web pages embedded in the operating system provide access to the following Gateway oper ations Setup System and security logs Diagnostics functions Once you have removed your Motorola Netopia Gateway from its packing container and powered the unit up use any LAN attached PC or workstation running a common web browser application to configure and monitor the Gateway Diagnostics In ...

Страница 354: ...invoke maintenance functions Account usernames can now be changed for the Admin and User accounts Network Address Translation NAT The Motorola Netopia Gateway Network Address Translation NAT security feature lets you conceal the topology of a hard wired Ethernet or wireless network connected to its LAN interface from routers on net works connected to its WAN interface In other words the end comput...

Страница 355: ...types of Internet traffic Motorola Netopia Gateways provide special pinhole configuration rules that enable users to establish NAT protected LAN layouts that still provide flexible by pass capabilities Some of these rules require coordination with the unit s embedded administration services the internal Web HTTP Port TCP 80 and the internal Telnet Server Port TCP 23 Internal Servers The internal s...

Страница 356: ...r or packet protocol an in bound application might use For example some network games select arbitrary port numbers when a connection is opened When you want all unsolicited traffic to go to a specific LAN host Combination NAT Bypass Configuration Specific pinholes and Default Server settings each directed to different LAN devices can be used together WARNING Creating a pinhole or enabling a Defaul...

Страница 357: ...e encrypted IPSec tunnel is established through the Gateway A typical VPN IPSec Tunnel pass through is diagrammed below NOTE Typically no special configuration is necessary to use the IPSec pass through feature In the diagram VPN PC clients are shown behind the Motorola Netopia Gateway and the secure server is at Corporate Headquarters across the WAN You cannot have your secure server behind the M...

Страница 358: ...VGx enabled gateway applies specific policies routing and prioritization parameters to each service chan nel ensuring delivery of that service to the appropriate peripheral device with the requisite level of QoS and correct feature sets making it ideal for delivery of triple play voice video and data services VGx was developed to ensure that subscribers receive the quality of voice video and data ...

Страница 359: ...hentication 281 Authentication trap 297 auto channel mode 303 AutoChannel Setting 57 303 B Backup 133 Bridging 246 Broadcast address 259 261 C CLI 223 command 227 Arguments 241 Command shortcuts 227 Command truncation 240 Configuration mode 240 Keywords 241 Navigating 240 Prompt 227 240 Restart command 227 SHELL mode 227 View command 242 Command ARP 228 239 Ping 230 Telnet 238 Command line interfa...

Страница 360: ...ltering 252 DHCP lease table 231 DHCP option filtering 252 DHCP PPPoE PPPoA Autosensing 68 Diagnostic log 231 235 Level 298 Diagnostics 353 DNS 255 DNS Proxy 353 Documentation conventions 15 Domain Name System DNS 255 DSL Forum settings 321 E Echo request 280 echo period 280 Embedded Web Server 353 Ethernet address 246 Ethernet statistics 231 F Feature Keys Obtaining 187 filter parts 165 parts of ...

Страница 361: ... 163 deleting 175 input 172 modifying 175 output 172 using 170 171 viewing 175 firewall 235 FTP 278 H Hardware address 246 hijacking 340 Hop count 277 HTTP traffic 286 I ICMP Echo 230 IGMP 100 IGMP Snooping 101 257 Install 182 Install Certificate 190 IP address 259 261 Default 39 IP interfaces 234 IP routes 235 IP Subnets 50 IPMap table 235 IPSec Tunnel 234 K Keywords CLI 241 ...

Страница 362: ... M Magic number 280 Memory 235 Metric 277 multi cast forwarding 260 283 Multiple SSIDs 59 multiple subnets 50 Multiple Wireless SSIDs Wireless 59 303 N Nameserver 255 NAT 264 278 354 Traffic rules 90 NAT Default Server 356 Netmask 262 Network Address Translation 354 Network Test Tools 353 NSLookup 353 O set upnp option 321 Operating Mode Wireless 56 303 P PAP 351 Password 140 Administrator 39 140 ...

Страница 363: ... 240 Protocol compression 280 Q qos max burst size 245 qos peak cell rate 245 qos service class 245 qos sustained cell rate 245 quality of service 165 177 R Restart 232 Restart command 227 Restart timer 280 Restrictions 264 RIP 261 262 Routing Information Protocol RIP 261 262 rtsp passthrough 276 S Secondary nameserver 255 Secure Sockets Layer 190 Security filters 163 Security log 180 Session Init...

Страница 364: ...mand 298 Set system heartbeat command 300 Set system name command 298 Set system NTP command 300 Set system password command 299 set system syslog 301 Set wireless option command 303 Set wireless user auth option command 309 SHELL Command Shortcuts 227 Commands 227 Prompt 227 SHELL level 240 SHELL mode 227 show config 232 Show ppp 240 Simple Network Management Protocol SNMP 297 SIP 120 316 sip pas...

Страница 365: ...8 354 Trap 297 Trivial File Transfer Protocol 229 Truncation 240 U UPnP 102 User name 226 User password 39 140 226 V set atm 245 View command 242 view config 238 VLAN ID 111 VLAN Settings 311 VLANs 107 Voice over IP 120 316 VoIP 120 316 VPN IPSec Pass Through 357 IPSec Tunnel Termination 357 W Weighted Fair Queue 273 weighted fair queuing 271 Wide Area Network 351 WiFi Multimedia 62 Wireless 53 ...

Страница 366: ...Administrator s Handbook 366 Z Zero Touch 301 ...

Страница 367: ...367 Motorola Netopia 2200 3300 or 7000 series Motorola Inc 6001 Shellmound Street Emeryville CA 94608 August 2 2007 ...

Страница 368: ...Administrator s Handbook 368 ...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды