Netopia 3300-ENT Series Скачать руководство пользователя страница 1 | Manualshive

Страница: 1 / 334

background image

N

N

N

Ne

e

e

et

t

t

to

o

o

op

p

p

piii

ia

a

a

a

®

®

®

®

F

F

F

Fiii

ir

r

r

rm

m

m

mw

w

w

wa

a

a

ar

r

r

re

e

e

e U

U

U

Us

s

s

se

e

e

er

r

r

r G

G

G

Gu

u

u

uiii

id

d

d

de

e

e

e

3

3

3

33

3

3

30

0

0

00

0

0

0--

-

-E

E

E

EN

N

N

NT

T

T

T E

E

E

En

n

n

nt

t

t

te

e

e

er

r

r

rp

p

p

pr

r

r

riii

is

s

s

se

e

e

e--

-

-S

S

S

Se

e

e

er

r

r

riii

ie

e

e

es

s

s

s

N

N

N

Ne

e

e

et

t

t

to

o

o

op

p

p

piii

ia

a

a

a F

F

F

Fiii

ir

r

r

rm

m

m

mw

w

w

wa

a

a

ar

r

r

re

e

e

e V

V

V

Ve

e

e

er

r

r

rs

s

s

siii

io

o

o

on

n

n

n 8

8

8

8...

.7

7

7

7

1
2
3
...
»

Содержание 3300-ENT Series

Страница 1: ...id d d de e e e 3 3 3 33 3 3 30 0 0 00 0 0 0 E E E EN N N NT T T T E E E En n n nt t t te e e er r r rp p p pr r r ri i i is s s se e e e S S S Se e e er r r ri i i ie e e es s s s N N N Ne e e et t...

Страница 2: ...3 D Reach are registered trademarks belonging to Netopia Inc registered U S Patent and Trademark Office All other trademarks are the property of their respective owners All rights reserved Netopia Inc...

Страница 3: ...New Connection Profile 2 9 Advanced Connection Options 2 15 Configuration Changes Reset WAN Connection 2 15 Scheduled Connections 2 16 Backup Configuration 2 21 Diffserv Options 2 22 Priority Queuing...

Страница 4: ...otocol 3 36 Security 3 36 Upgrade Feature Set 3 36 Router Bridge Set 3 37 IGMP Internet Group Management Protocol 3 39 Logging 3 42 Log event dispositions 3 43 Procedure for Default Installation for I...

Страница 5: ...PPTP configuration 5 4 About IPsec Tunnels 5 7 About L2TP Tunnels 5 8 L2TP configuration 5 8 About GRE Tunnels 5 11 VPN force all 5 14 About ATMP Tunnels 5 15 ATMP configuration 5 15 Encryption Suppor...

Страница 6: ...nfiguration Screens 6 21 IPsec Manual Key Entry 6 22 VPN Quickview 6 23 WAN Event History Error Reporting 6 24 Chapter 7 IP Setup 7 1 IP Setup 7 2 IP subnets 7 4 Static routes 7 6 RIP Options 7 10 Ove...

Страница 7: ...up Management Statistics 8 17 QuickView 8 18 Chapter 9 Monitoring Tools 9 1 Quick View Status Overview 9 1 General status 9 2 Current status 9 2 Status lights 9 3 Statistics Logs 9 3 Event Histories 9...

Страница 8: ...individual filters work 10 22 Design guidelines 10 27 Working with IP Filters and Filter Sets 10 28 Adding a filter set 10 29 Deleting a filter set 10 33 A sample filter set 10 33 Policy based Routin...

Страница 9: ...firmware 11 7 Downloading configuration files 11 7 Uploading configuration files 11 8 Restarting the System 11 8 Appendix A Troubleshooting A 1 Configuration Problems A 1 Network problems A 2 How to R...

Страница 10: ...x Firmware User Guide...

Страница 11: ...open ports See Open ports in default Stateful Inspection installation on page 3 10 Additional Syslog messages See Log event dispositions on page 3 43 Procedure for Default Installation for ICSA firew...

Страница 12: ...Netopia Telnet Menus Telnet based management screens contain the main entry points to Netopia Firmware Version 8 7 configuration and monitoring features The entry points are displayed in the Main Men...

Страница 13: ...how information about your Router your network and their history See Statistics Logs beginning on page 9 3 The Quick Menus screen is a shortcut entry point to a variety of the most commonly used confi...

Страница 14: ...er Con guring Telnet software If you are configuring your device using a Telnet session your computer must be running a Telnet software program If you connect a PC with Microsoft Windows you can use a...

Страница 15: ...press Return The System Configuration screen appears 2 Select IP Setup and press Return The IP Setup screen appears To go back in this sequence of screens use the Escape key To Use These Keys Move th...

Страница 16: ...1 6 Firmware User Guide...

Страница 17: ...n page 2 4 Creating a New Connection Profile on page 2 9 Advanced Connection Options on page 2 15 Configuration Changes Reset WAN Connection on page 2 15 Scheduled Connections on page 2 16 Backup Conf...

Страница 18: ...s otherwise the router obtains a subnet mask via DHCP The NAT Map List and NAT Server List options are set to the defaults Easy PAT List and Easy Servers These provide standard NAT mappings For more a...

Страница 19: ...ardware address of the Netopia device Some service providers require a specific MAC address as part of their authentication process In such a case you can enter the MAC address that your service provi...

Страница 20: ...d the Netopia Firmware Version 8 7 will generate RIP packets only to other RIP v1 routers With Transmit RIP v2 broadcast selected the Netopia Firmware Version 8 7 will generate RIP packets to all othe...

Страница 21: ...entify the circuit for management purposes as a convenience to aid in selecting circuits from lists The default circuit name is Circuit n where n is some number between one and eight corresponding to...

Страница 22: ...Firmware Version 8 7 supports three ATM classes of ser vice for data connections Unspecified Bit Rate UBR Constant Bit Rate CBR and Variable Bit Rate VBR You can configure these classes of service on...

Страница 23: ...Peak Cell Rate which should be less than or equal to the line rate VBR has two sub classes a VBR non real time VBR nrt Typical applications are non real time traffic such as IP data traffic This clas...

Страница 24: ...efault Profile If you add a second VC it is initialized to the Default Profile and the menu screens display the VC Connection Profile related items allowing you to bind to a specific Connection Profil...

Страница 25: ...ate to the WAN Configuration screen from the Main Menu and select Add Connection Profile The Add Connection Profile screen appears 1 Select Profile Name and enter a name for this connection profile It...

Страница 26: ...ame Profile 1 Profile Enabled Yes Encapsulation Type RFC1483 Mode Bridged 1483 Routed 1483 IP Profile Parameters COMMIT CANCEL Add Connection Profile Profile Name Profile 1 Profile Enabled Yes Encapsu...

Страница 27: ...Line Backup on page 8 1 for more information Datalink PPP MP Options Data Compression Standard LZS Send Authentication PAP Send User Name Send Password Receive User Name Receive Password Dial on Deman...

Страница 28: ...rameters screen IP Profile Parameters Address Translation Enabled Yes IP Addressing Numbered NAT Map List Easy PAT List NAT Server List Easy Servers NAT Options Stateful Inspection Enabled No Local WA...

Страница 29: ...mware Version 8 7 will accept routing information provided by RIP packets from other routers that use different subnet masks For more information on v2 MD5 Authentication see RIP Options on page 7 10...

Страница 30: ...guration screen and select Display Change Connection Profile The list of Connection Profiles is displayed in a scrolling pop up screen You can also delete Connection Profiles by selecting them in the...

Страница 31: ...f this feature is to defer configuration changes only when remotely configuring or reconfiguring the Netopia Router to prevent premature Telnet disconnection When this feature is enabled no changes to...

Страница 32: ...ges are committed and the router comes up using the newly created configuration Scheduled Connections Scheduled connections are useful for PPPoE PPTP and ATMP connection profiles To go to the Schedule...

Страница 33: ...y is capitalized the connection will be activated on that day a lower case letter means that the connection will not be activated on that day If the scheduled connection is configured for a once only...

Страница 34: ...e and toggle it to On You can make the scheduled connection inactive by toggling Scheduled Connection Enable to Off Decide how often the connection should take place by selecting How Often and choosin...

Страница 35: ...w Often reads Set Weekly Schedule If How Often is set to Once Only the item directly below How Often reads Set Once Only Schedule Set Weekly Schedule If you set How Often to Weekly select Set Weekly S...

Страница 36: ...a date in the format MM DD YY or MM DD YYYY month day year Note You must enter the date in the format specified The slashes are mandatory For example the entry 5 7 98 would be accepted as May 7 1998 T...

Страница 37: ...y a scheduled connection select Display Change Scheduled Connection in the Scheduled Connections screen to display a table of scheduled connections Select a scheduled connection from the table and pre...

Страница 38: ...ld travel across your network For example you may want streaming video conferencing to use high quality but more restrictive connections or you might want e mail to use less restrictive but less relia...

Страница 39: ...ld set it to something less than 100 since the low priority traffic might have to wait too long to be passed and consequently be subject to time outs You can then define custom Rules If your applicati...

Страница 40: ...or both from the pop up menu Start Port For TCP or UDP protocols you can optionally specify a range of ports Enter the starting port here End Port Enter the ending port here QoS Setting TOS Bit Value...

Страница 41: ...rned to the Diffserv Options screen and your settings will take effect Priority Queuing TOS bit Netopia Firmware Version 8 7 offers the ability to prioritize delay sensitive data over the WAN link on...

Страница 42: ...the Netopia Router will continuously Ping one or two hosts that you specify to determine when a link fails even if the physical connection remains established If Layer 3 WAN Link Failure Detection is...

Страница 43: ...ction is assumed to be lost and the Virtual Router will relinquish Master status The Delay s field allows you to specify the time in seconds between Pings The default is five 5 seconds The Ping failur...

Страница 44: ...2 28 Firmware User Guide...

Страница 45: ...vanced system configuration options This section covers the following topics To access the system configuration screens select System Configuration in the Main Menu and press Return IP Setup on page 3...

Страница 46: ...ns of DHCP WANIP and BootP Details are given in IP Address Serving on page 7 17 Network Address Translation NAT These screens allow you to configure the Multiple Network Address Translation MultiNAT f...

Страница 47: ...if you toggle this option to Yes the device will monitor packets for Denial of Service DoS attack Offending packets may be discarded if it is determined to be a DoS attack Add Exposed Address List Ac...

Страница 48: ...escriptive name for the list and press Return A new field Add Exposed Address Range appears Stateful Inspection UDP no activity timeout sec 180 TCP no activity timeout sec 14400 Add Exposed Address Li...

Страница 49: ...t for the range of IP addresses you want to expose Add Exposed Address List Exposed Address List Name xposed_list_1 Add Exposed Address Range Return Enter goes to new screen Add Exposed Address Range...

Страница 50: ...e range to be allowed to the host range The acceptable range is from 1 65535 Port End End port of the range to be allowed to the host range The acceptable range is from 1 65535 Add Exposed Address Ran...

Страница 51: ...sed address list for editing or deletion Note Add Edit or Delete exposed addresses options are active only if NAT is disabled on a WAN interface The hosts specified in exposed addresses will be allowe...

Страница 52: ...Address Translation Enabled Yes IP Addressing Numbered NAT Map List Easy PAT List NAT Server List Easy Servers NAT Options Stateful Inspection Enabled No Local WAN IP Address 0 0 0 0 Local WAN IP Mask...

Страница 53: ...s interface for example ICMP Echo requests Note If Stateful Inspection is enabled on a base connection profile for example for PPP RFC1483 bridged routed or PPPoE Enable default mapping to router must...

Страница 54: ...Bootpc Yes No 80 TCP HTTP Yes No 137 UDP Netbios ns Yes No 138 UDP Netbios dgm Yes No 161 UDP SNMP Yes No 500 UDP ISAKMP Yes No 520 UDP Router Yes No 1701 UDP L2TP Yes No 1900 UDP UPnP Yes No 1723 TC...

Страница 55: ...es VLANs very flexible VLANs behave like separate and independent networks Beginning with Firmware Version 8 6 1 your Router supports the following Global Enable Disable of VLANs VLANs of Global type...

Страница 56: ...ion 8 7 and 4094 VLAN Configuration VLAN Enable On Add VLAN Authentication Server Configuration Return Enter to select among between Set Up VLAN from this and the following Menus Add VLAN VLAN ID 0 40...

Страница 57: ...Network From the VLAN Network pop up menu select None Primary LAN or if you have configured an Additional LAN ALAN an Additional LAN See Additional LANs on page 7 37 Note VLAN changes require a reboot...

Страница 58: ...t case Wireless Privacy can be any setting Wireless does not currently support separate privacy modes per SSID When enabling WPA 802 1x wireless will default to the RADIUS configuration specified in A...

Страница 59: ...e server CHAP secret here as above RADIUS Identifier Enter the RADIUS Network Access Server NAS identifier The default NAS identi fier is an ASCII representation of the server s base MAC address RADIU...

Страница 60: ...To make a set of VLANs non routable the Primary LAN port must be included in at least one VLAN and must be excluded from any VLANs that are non routable Note Beginning with Firmware Version 8 5 you c...

Страница 61: ...ee parameters Tag Packets transmitted from this port through this VLAN must be tagged with the VLAN VID Packets received through this port destined for this VLAN must be tagged with the VLAN VID by th...

Страница 62: ...he port you have selected Note VLAN changes require a reboot to take effect See Restarting the System on page 11 8 Changing or Deleting a VLAN You can change or delete a VLAN by returning to the VLAN...

Страница 63: ...CONTINUE the profile will be deleted Authentication Server Configuration Profile Name Display Change Server ATE1 V1 Add Server Profile Delete Server Profile Up Down Arrow Keys to select ESC to dismis...

Страница 64: ...ess Return Select Add Server Profile and press Return VLAN Configuration Display Change VLAN Add VLAN Delete VLAN Authentication Server Configuration Set Up VLAN from this and the following Menus Auth...

Страница 65: ...take effect See Restarting the System on page 11 8 Add Server Profile Profile Name Authentication Profile 2 Remote Server Addr Name Remote Server Secret Alt Remote Server Addr Name Alt Remote Server S...

Страница 66: ...this screen will change to allow you to manually enter the time and date parameters Netopia Firmware Version 8 7 updates timestamps reported in the system logs with new timestamps as these are updated...

Страница 67: ...ay for the change to take effect See Restarting the System on page 11 8 SSID Wireless ID The SSID is preset to a number that is unique to your unit You can either leave it as is or change it by enteri...

Страница 68: ...m a full two to three second scan and switch to the best channel it can find remaining on that channel until the next reboot Continuous performs the at startup scan and will continuously monitor the c...

Страница 69: ...ferent operating systems accomplish connecting to a wireless LAN and enabling WEP in a variety of ways Consult the documentation for your particular wireless card and or operating system Wireless Mult...

Страница 70: ...PSK Pre Shared Key from the pop up menu Wireless LAN Configuration Enable Wireless Yes SSID 0271 1000 Block Wireless Bridging No Channel 6 AutoChannel Closed System Wireless Multimedia WMM Off Enable...

Страница 71: ...iguration on page 3 11 Wireless LAN Configuration Enable Wireless Yes SSID 0271 1000 Block Wireless Bridging No Channel 6 AutoChannel Off Closed System Open Enable Privacy WPA PSK Pre Shared Key Pre S...

Страница 72: ...ersion s selected in order to successfully connect WEP Alternatively you can provide a level of data security by enabling WEP Wired Equivalent Privacy for encryption of network data You can enable 40...

Страница 73: ...rase that you choose in the Passphrase field The passphrase can be any string of words or numbers Note While clients may also have a passphrase feature these are vendor specific and may not necessaril...

Страница 74: ...to break the encryption Examples 40bit 02468ACE02 128bit 0123456789ABCDEF0123456789 256bit 592CA140F0A238B0C61AE162F592CA140F0A238B0C61AE162F21A09C Multiple SSIDs Wireless Multiple SSID Setup This fea...

Страница 75: ...SSIDs are WPA PSK WPA 802 1x or Off Multiple SSID Configuration Enable Multiple SSIDs No Second SSID 0000 0000 Enable Privacy Off Third SSID 0000 0000 Enable Privacy Off Fourth SSID 0000 0000 Enable...

Страница 76: ...ridging on page 3 24 Multiple SSID Configuration Enable Multiple SSIDs On Second SSID GameRoom Enable Privacy WPA Version Key All WPA Version 1 Third SSID WPA Version 2 Enable Privacy Fourth SSID 0000...

Страница 77: ...MAC Address Authentication and press Return The Authorized MAC Addresses screen appears From the MAC Authentication Mode pull down menu select the mode you want to implement Disabled turns MAC Authen...

Страница 78: ...The Add MAC Address screen appears Enter the MAC hardware address of the client PC you want to authorize for access to your wireless LAN MAC Allowed is set to Yes enabled by default Toggling this to...

Страница 79: ...erminal emulator application you can change the default terminal communications parameters to suit your requirements To go to the Console Configuration screen select Console Configuration in the Syste...

Страница 80: ...ils are given in Simple Network Management Protocol SNMP on page 9 9 Security These screens allow you to add users and define passwords on your network Details are given in Security on page 10 1 Upgra...

Страница 81: ...dge Set and form the pop up menu choose the option you want Router retains the full routing features and corresponding menus Bridge the device becomes a simple bridge offering no routing features Corr...

Страница 82: ...lnet menus corresponding configuration items such as Easy Setup will be removed Example of Bridge only mode menus If you decide to return to the previous mode you can repeat the process Remember that...

Страница 83: ...rs reside by noting IGMP general queries used in the querier selection process and by listening to other router protocols From the host point of view the snooping function listens at a port level for...

Страница 84: ...than the query interval Unsolicited Report Interval s the amount of time in seconds between repetitions of a particular computer s initial report of membership in a group The default unsolicited repor...

Страница 85: ...are no members of the host group being queried on this interface The default last member query count is 2 Fast Leave Toggling this option to On enables a non standard expedited leave mechanism The que...

Страница 86: ...appropriate and previously unreported events You can specify the syslog server s address either in dotted decimal format or as a DNS name up to 63 characters You can specify the UNIX syslog Facility...

Страница 87: ...d Clear Confirm for our DN 5108645534 May 5 10 14 06 tsnext netopia com Link 1 down No answer May 5 10 14 06 tsnext netopia com Device restarted May 5 10 14 06 tsnext netopia com Received Speech Setup...

Страница 88: ...ent 10 dropped no route found 11 dropped possible land attack 12 dropped reassembly timeout 13 dropped illegal size 14 dropped invalid IP version 15 TCP SYN flood detected 16 Telnet receive DoS attack...

Страница 89: ...e Local mode mode Remote mode mode 12 PPP sessionID authentication failed Channel channelID Reason reason 13 PPP authentication type remote accepted us Channel ChannelID Remote name name 14 PPP authen...

Страница 90: ...cal addr profile Name spi SPI sg IP Address 50 IPsec rx spi mismatch profile Name spi SPI sg IP Address 51 IPsec rx auth fail profile Name spi SPI sg IP Address 52 IPsec rx crypt fail profile Name spi...

Страница 91: ...ddress profile Name sg IP Address 72 IKE phase 2 complete sg IP Address profile Name sg IP Address 73 IPSEC Dead Peer Detected sg IP Address profile Name sg IP Address 74 L2TP tunnel up rem IP Address...

Страница 92: ...on Profile See Creating a New Connection Profile on page 2 9 2 Go to Easy Setup 3 Set Data Circuit VPI 0 255 to the desired value 4 Set Data Circuit VCI 32 65535 to the desired value 5 Select NEXT SCR...

Страница 93: ...e Idle Timeout seconds to whatever you prefer The default value is 300 seconds g Escape once back to the Add Connection Profile screen h Press Enter on COMMIT to save this profile 10 Select Display Ch...

Страница 94: ...iagnostics h Select Restart System and CONTINUE Set up Syslog See Logging on page 3 42 for more information 1 Go to System Configuration and select Logging 2 Under Syslog Parameters a Set Syslog Enabl...

Страница 95: ...Parameters Set Stateful Inspection Enabled to Yes 7 Select Stateful Inspection Options a Under Stateful Inspection Parameters configure Max TCP Sequence Number Difference if desired b Set Enable defa...

Страница 96: ...3 52 Firmware User Guide...

Страница 97: ...values This mapping serves two functions It allows the addresses of many computers on a LAN to be represented to the public Internet by only one or a few addresses saving you money It can be used as a...

Страница 98: ...ke it possible to provide access from the public network to hosts on the LAN Server lists allow you to define particular services such as Web ftp or e mail which are available via a public IP address...

Страница 99: ...ranslation Netopia s NAT implementation makes it possible to have a static mapping of one public address to one private address thus allowing applications such as NetMeeting to work by assuring that a...

Страница 100: ...applies to the traffic being initiated is used For example if a connection is initiated from the public network and is destined for a public IP address configured on the Netopia Router the following...

Страница 101: ...llowing IP protocols PAT TCP UDP traffic which does not carry source or destination IP addresses or ports in the data stream i e HTTP Telnet r commands tftp NFS NTP SMTP NNTP etc Static NAT All IP pro...

Страница 102: ...elow For the more advanced features such as server lists and dynamic NAT follow the instructions in System Configuration described on page 4 7 IP profile parameters described on page 4 22 Easy Setup P...

Страница 103: ...see 2 Create a List name that will act as a rule or server holder 3 Create a map or rule that specifies the internal range of NATed addresses and the external range they are to be associated with 4 As...

Страница 104: ...d ports so that connections initiated from the outside can access an interior server System Configuration IP Setup Filter Sets IP Address Serving Network Address Translation NAT Stateful Inspection VL...

Страница 105: ...d last exterior ports in the range These are the ports that will be used for traffic initiated from the private LAN to the out side world Note For PAT map lists and server lists if you use the Public...

Страница 106: ...creen Once the public ranges have been assigned the next step is to bind interior addresses to them Because these bindings occur in ordered lists called map lists you must first define the list then a...

Страница 107: ...your preconfigured ranges are suitable for this mapping you can select NEW RANGE and create a new range If you choose NEW RANGE the Add NAT Public Range screen displays and you can create a new public...

Страница 108: ...work Address Translation screen select Show Change Map List and press Return Select the map list you want to modify from the pop up menu Add NAT Map my_map First Private Address 192 168 1 1 Last Priva...

Страница 109: ...e list Selecting Show Change Maps or Delete Map displays the same pop up menu Scroll to the map you want to modify using the arrow keys and press Return Show Change NAT Map List Map List Name my_map A...

Страница 110: ...ges will become effective and you will be returned to the Show Change NAT Map List screen Change NAT Map my_map First Private Address 192 168 1 253 Last Private Address 192 168 1 254 Use NAT Public Ra...

Страница 111: ...essible through other means such as a static mapping you must create a server list Select Add Server List from the Network Address Translation screen The Add NAT Server List screen appears Select Serv...

Страница 112: ...r the port number range for your customized service Add NAT Server my_servers External Service Server Private IP Address 0 0 0 0 Public IP Address 0 0 0 0 Protocol TCP and UDP Internal Port Start 0 AD...

Страница 113: ...ublic addresses your ISP or corporate site s Router must also be configured for static routes to these public addresses on the Netopia Router Enter the Public IP Address to which you are exporting the...

Страница 114: ...7649 In MultiNat you may use a port range export Without the export CUSeeMe will fail to work This is true unless a static mapping is in place for the host using CUSeeMe In that case no server list e...

Страница 115: ...Change Server or Delete Server displays the same pop up menu Network Address Translation NAT Server List Name A my_servers S D A S D A S D Up Down Arrow Keys to select ESC to dismiss Return Enter to E...

Страница 116: ...Change NAT Server List menu and press Return Show Change NAT Server List Private Address Public Address Port Protocol 192 168 1 254 206 1 1 1 smtp TCP and UDP 192 168 1 254 206 1 1 2 ftp TCP and UDP 1...

Страница 117: ...rn A dialog box asks you to confirm your choice Choose CONTINUE and press Return The server is deleted from the list Show Change NAT Server List Private Address Public Address Port Protocol 192 168 1...

Страница 118: ...hange Connection Profile screen From the pop up menu list of your Connection Profiles choose the one you want to bind your map list to Select IP Profile Parameters and press Return The IP Profile Para...

Страница 119: ...dependent only on the IP Addressing type IP Profile Parameters NAT Map List Name Address Trans s IP Addressing Easy PAT List mbered NAT Map List my_map sy PAT List NAT Server Li None sy Servers NAT O...

Страница 120: ...to the WAN Configuration screen then the Default Profile screen Select IP Parameters and press Return The IP Parameters Default Profile screen appears Toggle Address Translation Enabled to Yes Select...

Страница 121: ...le Note There is no interdependency between NAT and IP Addressing Also the Local WAN IP Address and Mask fields visibility are dependent only on the IP Addressing type IP Parameters Default Profile NA...

Страница 122: ...and press Return The NAT Associations screen appears You can toggle NAT On or Off for each Profile Interface name You do this by navigating to the NAT field associated with each profile using the arr...

Страница 123: ...e or interface NAT Associations NAT Map List Name Profile Interface Name Nat Server List Name Easy Setup Profile On Easy PAT List my_servers Profile 01 On my_first_map my_servers Profile 02 On my_seco...

Страница 124: ...sable for example when using PPP or PPPoE the DHCP subnet configuration will default to a class C subnet mask Note Globally only one dynamically configured DHCP subnet is available If you configure mu...

Страница 125: ...Profile Parameters Address Translation Enabled Yes IP Addressing Numbered NAT Map List Easy PAT List NAT Server List Easy Servers NAT Options Stateful Inspection Enabled No Local WAN IP Address 0 0 0...

Страница 126: ...t will get the IP passthrough address Note that there is no way to control which PC has the IP passthrough address without releasing all other DHCP leases on the LAN Note If you specify a non zeroes M...

Страница 127: ...ll be rejected by the router For example suppose you are a teleworker using an IPSec tunnel from the router and from the passthrough host Both tunnels go to the same remote endpoint such as the VPN ac...

Страница 128: ...1 1 6 255 255 255 248 subnet mask Your internal devices have IP addresses of 192 168 1 1 through 192 168 1 254 255 255 255 0 subnet mask In this example you will statically map the first five public I...

Страница 129: ...55 255 255 248 PREVIOUS SCREEN NEXT SCREEN Return Enter takes you back to previous screen Enter basic information about your WAN connection with this screen IP Easy Setup Ethernet IP Address 192 168 1...

Страница 130: ...rn This returns you to the Network Address Translation screen Select Add Public Range and press Return Type a name for this static range as shown below Enter the first and last public addresses your I...

Страница 131: ...the NAT Associations screen or the profile s configuration screens The PAT part of this example setup will allow any user on the Netopia Router s LAN with an IP address in the range of 192 168 1 6 th...

Страница 132: ...1 1 2 and then select ADD NAT SERVER Now return to Add Server choose the smtp port and enter 192 168 1 3 your Mail server s IP address for the Server Private IP Address You can decide if you want to p...

Страница 133: ...he happenings on opposite sides of the state or the continent that you are mutually interested in When your next door neighbor picks up the phone to call her daughter at college at the same time you a...

Страница 134: ...lling Protocol PPTP IP Security IPsec Layer 2 Transport Protocol L2TP Generic Routing Encapsulation GRE and Ascend Tunnel Management Protocol ATMP The Netopia Router can use any of these Point to Poin...

Страница 135: ...e with the different protocols is done through the Telnet based menu screens Each type is described in its own section About PPTP Tunnels on page 5 4 About IPsec Tunnels on page 5 7 About L2TP Tunnels...

Страница 136: ...ion option in Connection Profiles It is not an option in device or link configuration screens as PPTP is not a native encapsulation Consequently the Easy Setup Profile does not offer PPTP datalink enc...

Страница 137: ...WAN the Tunnel Via Gateway field allows this path to be resolved From the pop up menu select an Authentication protocol for the PPP connection Options are PAP CHAP or MS CHAP The default is PAP The au...

Страница 138: ...as a PNS Tunnels are normally initiated On Demand however you can disable this feature When disabled the tunnel must be manually established or may be scheduled using the scheduled connections featur...

Страница 139: ...pia Routers support the more secure Tunnel mode Netopia Firmware Version 8 7 offers IPsec 3DES encryption over the VPN tunnel DES stands for Data Encryption Standard a popular symmetric key encryption...

Страница 140: ...s not a native encapsulation Consequently the Easy Setup Profile does not offer L2TP datalink encapsulation See the Creating a New Connection Profile on page 2 9 for information on creating Connection...

Страница 141: ...l an editable Pass phrase field appears where you can specify a password between eight and 15 characters long From the pop up menu select a PPP Authentication protocol for the PPP connection Options a...

Страница 142: ...econds an inactivity timer whose expiration will terminate the tunnel A value of zero disables the timer Because tunnels are subject to abrupt termination when the underlying datalink is torn down use...

Страница 143: ...with any sensitive data GRE offers no encryption and authentication of data integrity is limited to checksum verification if enabled To set up a GRE tunnel you create a Connection Profile including t...

Страница 144: ...g is mainly needed if compression is being used You can enter a 32 bit Key of up to 10 digits numbers only The receiver can use this key to identify the source of the packet The key is a way to match...

Страница 145: ...ection profile screen select COMMIT and press Return Your GRE Connection Profile will be enabled IP Profile Parameters Address Translation Enabled No IP Addressing Unnumbered Remote IP Address 173 167...

Страница 146: ...sk Data Link Encapsulation 1483 1490 HDLC PPP IP Default Gateway 127 0 0 2 Gateway Static Route Destination Network GRE Remote_Tunnel_End_Point Destination Netmask Remote_Tunnel_End_Point_ netmask Nex...

Страница 147: ...in Generic Routing Encapsulation GRE The GRE data is then routed using standard methods ATMP con guration ATMP is a Datalink Encapsulation option in Connection Profiles It is not an option in device o...

Страница 148: ...and the Tunnel Via Gateway field is hidden If the partner should be reached via an alternate port i e the LAN instead of the WAN the Tunnel Via Gateway field allows this path to be resolved You can s...

Страница 149: ...y making it difficult for any third party to get at the original data Netopia PPTP is fully compatible with Microsoft Point to Point Encryption MPPE data encryption for user data transfer over the PPT...

Страница 150: ...E at all the PPP session will be dropped This is done automatically and transparently ATMP PPTP Default Pro le The WAN Configuration menu offers a ATMP PPTP Default Profile option Use this selection w...

Страница 151: ...uthentication and press Return A pop up menu offers the following options PAP the default CHAP or MS CHAP If you chose PAP or CHAP authentication from the Data Compression pop up menu select either No...

Страница 152: ...Shows the data link encapsulation method PPTP or ATMP Rx Pckts Shows the number of packets received via the VPN tunnel Tx Pckts Shows the number of packets transmitted via the VPN tunnel Rx Discard Sh...

Страница 153: ...ows 95 and comes standard with Windows 98 Windows NT and Windows XP The VPN tunnel behaves as a private network connection unrelated to other traffic on the network Once you have installed Dial Up Net...

Страница 154: ...named it icon on your desktop Open the Dial Up Networking folder and then double click Make New Connection The Make New Connection wizard window appears 2 Type a name for this connection such as the n...

Страница 155: ...or the profile you created in the previous section 2 Right click the icon and from the pop up menu select Properties 3 In the Properties window click the Server Type button From the Type of Dial up Se...

Страница 156: ...onnection Type box that appears select the Connect to the network at my workplace radio button Click Next 4 In the Network Connection box that appears select the Virtual Private Network connection rad...

Страница 157: ...s necessary vary slightly between ATMP and PPTP but both protocols operate on the same basic premise there are control and negotiation operations and there is the tunnelled traffic that carries the pa...

Страница 158: ...ion Basic Firewall Source IP Addr Dest IP Addr Proto Src Port D Port On Fwd 1 0 0 0 0 0 0 0 0 TCP NC 2000 Yes No 2 0 0 0 0 0 0 0 0 TCP NC 6000 Yes No Change Input Filter 1 Enabled Yes Forward Yes Call...

Страница 159: ...shown below Change Input Filter 2 Enabled Yes Forward Yes Call Placement Idle Reset No Change Force Routing No Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP...

Страница 160: ...IP Filter Set and from the pop up menu select Basic Firewall Change Output Filter 1 Enabled Yes Forward Yes Call Placement Idle Reset No Change Force Routing No Source IP Address 0 0 0 0 Source IP Ad...

Страница 161: ...guration Basic Firewall Source IP Addr Dest IP Addr Proto Src Port D Port On Fwd 1 0 0 0 0 0 0 0 0 TCP NC 2000 Yes No 2 0 0 0 0 0 0 0 0 TCP NC 6000 Yes No Change Input Filter 1 Enabled Yes Forward Yes...

Страница 162: ...e Reset No Change Force Routing No Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 TOS 0 TOS Mask 0 Protocol Type GRE Return Enter accepts...

Страница 163: ...ddress Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 TOS 0 TOS Mask 0 Protocol Type UDP Source Port Compare No Compare Source Port ID 0 Dest Port Compare No Compare Dest Port ID 51...

Страница 164: ...router connects directly to the Internet or if it connects via an Ethernet connection through a cable or DSL modem The enabling feature is the same for both Using the Tab key toggle NetBIOS Proxy Ena...

Страница 165: ...Enabled No Stateful Inspection Enabled No Filter Set None Remove Filter Set NetBIOS Proxy Enabled Yes Advanced IP Profile Options COMMIT CANCEL IP Profile Parameters Remote Tunnel Endpoint 192 168 1...

Страница 166: ...traffic Make sure the NetBIOS filter is not enabled in your Internet Connection Profile Netopia includes the NetBIOS Proxy feature as an enhancement and convenience for our customers It has been lab t...

Страница 167: ...nel mode encrypts both the header and the payload On the receiving side an IPsec compliant device decrypts each packet Netopia Routers support Tunnel mode DES stands for Data Encryption Standard a pop...

Страница 168: ...ified in the IPsec tunnel configuration It is not possible to send traffic outside the tunnel by bypassing the tunnel and the remote security gateway Note To fully protect against IP address spoofing...

Страница 169: ...ose Manual skip to IPsec Manual Key Entry on page 6 22 If you choose IKE the default continue below Select IKE Phase 1 Profile and press Return Add Connection Profile Profile Name Profile 1 Profile En...

Страница 170: ...tion Profile all VPN traffic for that profile will be discarded Select ADD PH1 PROFILE The Add IKE Phase 1 Profile screen appears IKE Phase1 Profile ADD PH1 PROFILE NONE Key Management IKE Phase 1 Pro...

Страница 171: ...it count between 0 and 32 OR by a second dotted quad IPv4 Range Two IPv4 addresses in dotted quad notation a b c d separated by a space Host Name A fully qualified domain name FQDN E Mail Address An R...

Страница 172: ...the Router to acquire its IP parameters The NAT PAT IP address can now be left at the default 0 0 0 0 indicating that the address is to be requested from the remote address server and dynamically appl...

Страница 173: ...e database to be used for authentication Local If you choose this option the Gateway will use the locally configured username and password for both concentrator and client modes RADIUS If you choose t...

Страница 174: ...duration of the Phase 2 SA s lifetime but it is convenient because a Delete message may be sent Phase 1 SA Lifetime seconds specifies the duration in seconds for which the SA will remain valid The ra...

Страница 175: ...uring idle periods since tunneled traffic is itself evidence of liveliness Once enabled and negotiated all tunnels established by the IKE phase 1 instance when the peer no longer responds to IKE keepa...

Страница 176: ...o the Add IKE Phase 1 Profile screen shown on page 6 4 Selecting Delete IKE Phase 1 Profile and choosing an IKE phase 1 profile name from the pop up list displays a confirmation alert asking you to co...

Страница 177: ...hat You can access the Key Management menus from the Change Connection Profile menu under the WAN Configuration screen for a Connection Profile you have already created or you can create a new Connect...

Страница 178: ...ng the interface from the Interface Group pop up menu as shown below Example 2 Add Connection Profile menu showing Interface Group pop up From the Encapsulation Type pop up menu select IPsec Then sele...

Страница 179: ...LE item to allow you to define a new IKE Phase 1 Profile directly without first going to the IPsec Configuration screen and a NONE item to allow you to dissociate an existing IKE Phase 1 Profile from...

Страница 180: ...cated using the SA before it expires and becomes invalid The range of permissible values is the set of non negative integer values between 0 and 2 32 1 The default value is 0 Kilobytes The value zero...

Страница 181: ...not arrive within that time the peer is considered dead the current phase 2 SAs are torn down and the IKE SA starts a new phase 1 negotiation followed by the normal phase 2 negotiation thereafter When...

Страница 182: ...pts either an IP address in the familiar dotted quad notation a b c d or a hostname to be resolved using the Domain Name System DNS Note When the Remote Tunnel Endpoint is an IP address it will drop I...

Страница 183: ...combination of remote local network ranges support for sub netting host and network range addressing modes works with manual keying and Internet Key Exchange IKE including Xauth IKE extension see page...

Страница 184: ...meters screen This returns you to the Change Connection Profile screen Select COMMIT and press Return in the Change Connection Profile screen Note Any two IPsec tunnels differ only by the local remote...

Страница 185: ...g list will display When you select one of the networks and press Return a warning screen will ask you to confirm your choice Display Change Network Configuration Local Members Remote Members Net Type...

Страница 186: ...fic does pass through the tunnel the idle timeout interval resets again when the current SAs expire If you set the value to zero the Router will re key the SA whenever the SA Lifetime interval specifi...

Страница 187: ...e 1 Configuration screen appears WAN Configuration Main Menu IKE Phase 1 Configuration WAN Configuration WAN Wide Area Network Setup ATM Circuits Configuration Display Change Connection Profile Add Co...

Страница 188: ...gned layout and additional options for manual key entry If you selected Manual Key Management in the IPsec Tunnel Options screen you will need to enter your encryption keys in the IPsec Manual Keys sc...

Страница 189: ...encryption keys With Manual Keys you must manually configure identical authentication and encryption keys at both ends of the tunnel The authentication keys are either 32 for MD5 or 40 for SHA1 ascii...

Страница 190: ...did not match any of the profiles stored in the local Router IKE no matching proposal An IKE phase 1 request was received and the proposal did not match an allowed parameter or else the remote rejecte...

Страница 191: ...roposal Either the local Router rejected the proposals of the remote or the remote rejected the local Router s IKE ph2 resend timeout The attempt to resend the phase 2 authentication timed out IKE pha...

Страница 192: ...6 26 Firmware User Guide...

Страница 193: ...page 7 23 DHCP Relay Agent on page 7 28 Connection Profiles on page 7 30 Multicast Forwarding on page 7 33 Network Address Translation allows communication between the LAN connected to the Router and...

Страница 194: ...or your Router Select Ethernet IP Address and enter the IP address for the Router s Ethernet port Select Ethernet Subnet Mask and enter the subnet mask for the Ethernet IP address that you entered in...

Страница 195: ...Name and enter your network s domain name for example netopia com Netopia strongly recommends that you enter a domain name Routing Information Protocol RIP is needed if there are IP routers on other...

Страница 196: ...address subnet mask pairs Note You need not use this screen if you have only a single Ethernet IP subnet In that case you can continue to enter or edit the IP address and subnet mask for the single su...

Страница 197: ...fill the vacant fields The subnets configured on this screen are tied to the address serving pools configured on the IP Address Pools screen and changes on this screen may affect the IP Address Pools...

Страница 198: ...ear in the IP routing table which contains all of the routes used by the Router see IP Routing Table on page 9 6 Static routes are helpful in situations where a route to a network must be used and oth...

Страница 199: ...appear The table has the following columns Dest Network The network IP address of the destination network Static Routes Display Change Static Route Add Static Route Delete Static Route Configure View...

Страница 200: ...Rules of static route installation on page 7 9 Select Destination Network IP Address and enter the network IP address of the destination network Select Destination Network Subnet Mask and enter the s...

Страница 201: ...ers in this screen are the same as the ones in the Add Static Route screen see Adding a static route on page 7 8 Deleting a static route To delete a static route in the Static Routes screen select Del...

Страница 202: ...ned as a start date and time and an end date and time or infinite Key management Typically you configure only one key on a given interface and all of the interfaces that interact with that interface R...

Страница 203: ...ateway 0 0 0 0 Backup IP Gateway 0 0 0 0 Primary Domain Name Server 0 0 0 0 Secondary Domain Name Server 0 0 0 0 Domain Name Rip Options Proxy Arp Enabled No Multicast Forwarding None VRRP Options Sta...

Страница 204: ...ion Keys is visible only if v2 MD5 Authentication is enabled for either Receive or Transmit RIP Ethernet LAN RIP Options Receive RIP v2 MD5 Authentication Transmit RIP Off RIP v2 Authentication Keys E...

Страница 205: ...the RIP Receive option to Both v1 and v2 the interface will ignore authenticated RIP packets since authenticated v1 packets do not exist Only v2 packets can be authenticated Select RIP v2 Authenticat...

Страница 206: ...ans that the key begins when it begins but it never expires The acceptable year range is from 1904 2039 When you are satisfied with your entries select COMMIT and press Return This menu will not accep...

Страница 207: ...y menu in the same way as in the Add Key menu see Adding a key on page 13 If you select Delete Key a pop up menu will ask you to confirm your choice RIP v2 Authentication Keys Key ID Start Date Start...

Страница 208: ...Connection Profile screen The connection profile RIP Profile Parameters screen appears Receive RIP is always visible Here you select Off v1 v2 Both v1 and v2 or v2 MD5 Authentication from the pop up m...

Страница 209: ...Dynamic Host Configuration Protocol DHCP is widely supported on PC networks as well as Apple Macintosh computers using Open Transport and computers using the UNIX operating system Addresses assigned v...

Страница 210: ...elect 1st Client Address and enter the first client IP address that you will allocate to your first client machine For instance on your local area network you may want to first figure out which machin...

Страница 211: ...ng from 100 199 with the new IP Address If you configure the gateway with a subnet smaller than a Class C subnet the gateway will serve all available addresses If you explicitly configure the DHCP poo...

Страница 212: ...interface address on the subnet You can edit the remaining columns in each row The 1st Client Addr and Clients columns allow you to specify the base and extent of the address serving pool for a partic...

Страница 213: ...ed to the client Otherwise the Netopia will select the least recently used available address starting from the first address in the first pool and ending with the last address in the last pool Note Th...

Страница 214: ...e scope To serve DHCP clients with the IP address of a NetBIOS name server select Serve NetBIOS Name Server and toggle it to Yes DHCP NetBIOS Options Serve NetBIOS Type Yes NetBIOS Type Type B Serve N...

Страница 215: ...Lease Management Select Release BootP Leases and press Return Back in IP Address Serving the Serve Dynamic WAN Clients toggle More Address Serving Options The Netopia Firmware Version 8 7 includes a n...

Страница 216: ...nt did not provide a Host Name in its DHCP messages the second and third clients did The rightmost column displays the host name supplied by the client if one was provided otherwise it displays the cl...

Страница 217: ...The action popup is context sensitive and lists only those operations that apply to the selected IP address in its current lease state Details is displayed if the entry is associated with both a host...

Страница 218: ...alog asking you to confirm the operation Include is displayed if the entry is either excluded or declined Served IP Addresses IP Address Type Expires Host Name Client Identifier SCROLL UP 192 168 1 10...

Страница 219: ...ss for a client with a particular Ethernet MAC address guarantees that a client with the specified MAC address will be offered or leased the specified IP address Moreover it prevents the specified IP...

Страница 220: ...wards the request to one or more remote DHCP servers These servers process the request assign an address from an address pool configured on the remote server and forward the response back to the Netop...

Страница 221: ...fault and DHCP Relay Agent If you select DHCP Relay Agent and press Return the screen changes as shown below Main Menu System Configuration IP Address Serving IP Address Serving IP Address Serving Mod...

Страница 222: ...the Netopia Router s primary Ethernet LAN subnet There is no mechanism for DHCP clients to receive an address on a secondary subnet via a relayed DHCP request Connection Pro les Since you will probabl...

Страница 223: ...be any name you wish For example the name of your ISP 2 Toggle the Profile Enabled value to Yes or No The default is Yes 3 Select IP Profile Parameters and press Return The IP Profile Parameters scree...

Страница 224: ...want to view the connection profiles in your gateway return to the WAN Configuration screen and select Display Change Connection Profile The list of connection profiles is displayed in a scrolling po...

Страница 225: ...service provider IGMP forwarding is enabled per IP Profile and WAN Connection Profile You configure Multicast Forwarding in two Telnet menu screens First you enable Multicast Forwarding in the IP Set...

Страница 226: ...a software abstraction consisting of a group of two or more hardware routers protecting one or more IP addresses One of the routers is designated as the Master while the others are backups VRRP is a...

Страница 227: ...ve one associated Virtual IP Address The Virtual IP Address VIP must be in the range of IP addresses covered by the IP interface or the subnets must not match the IP address of any other VIP Ethernet...

Страница 228: ...perate in Master mode You can configure only one Virtual Router to be a Master by default priority of 255 for an interface Preempt Mode Toggle Preempt Mode either Yes or No This setting specifies whet...

Страница 229: ...DHCP gateway and server IP instead of the configured DHCP gateway on the interface This behavior only happens if the Virtual Router associated with the configured DHCP gateway address is in Master st...

Страница 230: ...IDs and ATM RFC 1483 bridged VCs to these interfaces on platforms with more than one Ethernet encapsulated interface The additional LAN IP routed interfaces duplicate all the same parameters that appl...

Страница 231: ...face See RIP Options on page 7 10 VRRP Options Same as the primary interface Two Virtual routers can be added to each of the ALANs See Virtual Router Redundancy VRRP on page 7 34 Multicast Forwarding...

Страница 232: ...and select Additional LANs The Additional LAN Configuration screen appears If you select either Show Change ALAN or Delete ALAN a pop up window allows you to choose the ALAN you want to modify or dele...

Страница 233: ...N connection to using a built in V 92 modem Alternatively you can choose backup to an alternate gateway on the Ethernet LAN In the event of a loss of primary connectivity you have the option of switch...

Страница 234: ...u have already created one Connection Profile For the backup modem you create a second Connection Profile and associate it with the backup modem interface Profile Name Give the profile a descriptive n...

Страница 235: ...kup Select Encapsulation Options Add Connection Profile Profile Name Profile 1 Profile Enabled Encapsulation Type PPP RFC1483 ATMP Encapsulation Options PPTP IPsec L2TP IP Profile Parameters COMMIT CA...

Страница 236: ...r a Host Name and Secret Unless otherwise instructed you can leave the other defaults unchanged Press Escape Datalink PPP MP Options Data Compression rd LZS Send Authentication None PAP Send User Name...

Страница 237: ...e Backup for the Interface Group Telco Options became visible Select Telco Options The Telco Options screen allows you to set the parameters for the modem connection IP Profile Parameters Address Tran...

Страница 238: ...of inactivity You can also toggle Callback to No or Yes In most cases since this is a backup connection you can leave this set to the default No In some cases your service provider or corporate office...

Страница 239: ...see Backup Default Gateway on page 8 14 System Configuration Main Menu IP Setup IP Setup Ethernet IP Address 192 168 1 1 Ethernet Subnet Mask 255 255 255 0 Define Additional Subnets Default IP Gateway...

Страница 240: ...on Main Menu Setup WAN Configuration WAN Wide Area Network Setup ATM Circuits Configuration Display Change Connection Profile Add Connection Profile Delete Connection Profile WAN Default Profile ATMP...

Страница 241: ...want to hear dialing and connection tones generated by the modem or you can turn them off from the pop up menu Options are Never Until Carrier During Answer Always Speaker Volume You can set how loud...

Страница 242: ...ost Name or IP Address 1 and 2 and enter IP address es or resolvable DNS name s that the Router will ping These are optional items that are particularly useful for testing if the remote end of a VPN c...

Страница 243: ...nnection fails at layer 1 the Requires Recovery of minutes parameter determines the amount of time the primary layer 1 connec tion must be up recovered before the router will tear down the backup conn...

Страница 244: ...ection entry that will be a permanent forced up connection for the backup modem The backup modem will be activated upon primary WAN link failure and remain active until primary WAN link recovery To co...

Страница 245: ...connection Press Escape to return to the Add Scheduled Connection screen Add Scheduled Connection Scheduled Connection Enable On How Often Weekly Schedule Type Forced Up Set Weekly Schedule Use Conne...

Страница 246: ...nection from your ENT Enterprise Series Router to another gateway that has for example an ISDN or analog modem connection to the Internet and designating the second gateway as the backup gateway Shoul...

Страница 247: ...ng both addresses simultaneously at five second intervals recording the ping responses from each host The Router will proceed into backup mode only if neither of the configured remote hosts responds W...

Страница 248: ...P Gateway field is not filled out as in the case of a DHCP acquired IP address and default gateway on the WAN interface For more information on IP Setup see the IP Setup on page 7 2 Note Backup and Re...

Страница 249: ...ery Reason becomes visible when a failure of or recovery to the Primary interface is in progress During backup the following reasons may appear Loss of Layer 1 Indicates a loss of sync on the Primary...

Страница 250: ...and a recovery condition exists it will display the Requires Recovery of value The displayed value does not change Rather it indicates how high the Time Since Detection must count before the switchove...

Страница 251: ...w on page 9 1 Statistics Logs on page 9 3 Event Histories on page 9 4 IP Routing Table on page 9 6 General Statistics on page 9 6 System Information on page 9 8 Simple Network Management Protocol SNMP...

Страница 252: ...ed typically the name of your ISP MAC Address The Router s hardware address for those interfaces that support DHCP IP Address The Router s IP address entered in the IP Setup screen Current status The...

Страница 253: ...LEDs and the corresponding display in the Telnet menu screen will vary by model Each LED representation can report one of four states The LED is off R The LED is red G The LED is green Y The LED is y...

Страница 254: ...Each entry in the list contains the following information Date Date of the event Time Time of the event Event A brief description of the event Ch The channel involved in the event WAN Event History S...

Страница 255: ...Device Event History screen appears If the event history exceeds the size of the screen you can scroll through it by using SCROLL UP and SCROLL DOWN To scroll up select SCROLL UP at the top of the li...

Страница 256: ...ful for monitoring and troubleshooting your LAN Note that the counters roll over at their maximum field width that is they restart again at 0 Statistics Logs Main Menu IP Routing Table IP Routing Tabl...

Страница 257: ...Bytes The number of bytes received Tx Bytes The number of bytes transmitted Rx Packets The number of packets received Tx Pkts The number of packets transmitted Rx Err The number of bad Ethernet packet...

Страница 258: ...tion screen appears The information display varies by model firmware version feature set and so on You can tell at a glance your particular system configuration System Information Serial Number 00 aa...

Страница 259: ...ety of formats Load this MIB into your SNMP management software Follow the instructions included with your SNMP manager on how to load MIBs Netopia Firmware Version 8 7 supports the following manageme...

Страница 260: ...me SysLocation and SysContact objects respectively in the MIB II system group Although optional the information you enter in these items can help a system administrator manage the network more efficie...

Страница 261: ...revents unauthorized access to the Router through SNMP For more information on security issues see Suggested Security Measures on page 10 1 SNMP traps An SNMP trap is an informational message sent fro...

Страница 262: ...nity String if you enabled one in the SNMP Setup screen and enter the appropriate password IP Trap Receivers Display Change IP Trap Receiver Add IP Trap Receiver Delete IP Trap Receiver Return Enter t...

Страница 263: ...Receiver in the IP Trap Receivers screen Modifying IP trap receivers 1 To edit an IP trap receiver select Display Change IP Trap Receiver in the IP Trap Receivers screen 2 Select an IP trap receiver f...

Страница 264: ...9 14 Firmware User Guide...

Страница 265: ...10 8 Warning alerts on page 10 9 Telnet Access on page 10 20 About Filters and Filter Sets on page 10 21 Working with IP Filters and Filter Sets on page 10 28 Policy based Routing using Filtersets on...

Страница 266: ...u select System Configuration then Security The Security Options screen appears UPnP Support UPnP Enabled Universal Plug and Play UPnP is a set of protocols that allows a PC to automatically discover...

Страница 267: ...iguration and press Return The Superuser Configuration screen appears Assign a Superuser Name It can be up to 19 characters long It is good practice not to use any easily guessed combination such as y...

Страница 268: ...r Configuration screen Select Access Privileges and from the pop up menu choose which access privilege you want this user to have All LAN or WAN If you assign any of these privileges limited users wil...

Страница 269: ...e Default WAN Data Configuration No Connection Profile Configuration No Circuit PVC DLCI Configuration No LAN Data Configuration Yes LAN Subnet Configuration Yes NAT Filters Configuration Yes Preferen...

Страница 270: ...CACS from the pop up menu Configuration information is given in the following sections RADIUS server authentication on page 10 7 TACACS server authentication on page 10 8 Advanced Security Options Rem...

Страница 271: ...Remote then Lcl Ser Only causes the router to attempt to authenticate a user first using a RADIUS server and then if that fails using the local authentication database If RADIUS authentica tion fails...

Страница 272: ...d using the Domain Name System DNS information configured in the router or by using an IP address in dotted quad notation The RADIUS Server Addr Name items are limited to 63 characters In addition to...

Страница 273: ...ting transaction The CLI command is then executed regardless of the return code from the server Warning alerts Certain security related configuration changes cause the router to display a warning aler...

Страница 274: ...to present the following warning alert Advanced Security Options You have no local passwords defined If you continue you will be unable to configure this device unless a Remote Server is available to...

Страница 275: ...mote users the WAN related defaults are preset to Yes Toggle any that should be changed Advanced Security Options Remote Authentication RADIUS Security Databases Local only Remote Server Addr Name Rem...

Страница 276: ...displayed is Change Access Password Selecting this option displays the Change Access Password screen When changing a password you will be challenged to enter it again to be sure you have entered it c...

Страница 277: ...ation access is forbidden are usually hidden The Quick Menus screen reflects the security access level of the user Menus to which configuration access is forbidden are hidden Main Menu The following i...

Страница 278: ...ptions according to the following diagram Netopia Router Easy Setup WAN Configuration System Configuration Utilities Diagnostics Statistics Logs Quick Menus Quick View Return Enter goes to Easy Setup...

Страница 279: ...r accessibility after creating a Connection Profile or a limited user in the Change Connection Profile screen Advanced Connection Options Configuration Changes Reset WAN Connection No Scheduled Connec...

Страница 280: ...non Superusers and provides access to the associated menu described previously IP Setup menu In the IP Setup menu users that do not have LAN Subnet Configuration access will see a screen similar to th...

Страница 281: ...mware Substantial differences exist among screens on a given gateway Here all selection options are shown Based on access level the Statistics Logs menu displays its options according to the following...

Страница 282: ...gs WAN Event History Device Event History IP Routing Table Served IP Addresses Served IP Addresses Backup Management Statistics General Statistics System Information User Access Level Global Global Gl...

Страница 283: ...s Serving Setup Change Connection Profiles Fr Relay DLCI Config IP Filter Sets Delete Connection Profiles Backup Config Static Routes WAN Default Profile Telephone Setup Network Address Translation AT...

Страница 284: ...outer if you suspect there is a chance of tampering To password protect the configuration screens select Easy Setup from the Main Menu and go to the Easy Setup Security Configuration screen By enterin...

Страница 285: ...at sort of data can flow in and out of your network A particular filter can be either an input filter one that is used on data packets coming in to your network from the Internet or an output filter o...

Страница 286: ...d inspector to see it A package from Paris is ignored by the first inspector rejected by the second inspector and never seen by the others A package from London is ignored by the first two inspectors...

Страница 287: ...cket attributes A typical filter can match a packet on any one of the following attributes The source IP address where the packet was sent from The destination IP address where the packet is going The...

Страница 288: ...ilter Equal For the filter to match the packet s port number must equal the port number specified in the filter Greater Than For the filter to match the packet s port number must be greater than the p...

Страница 289: ...This is the port on the sending host that originated the packet D Port The destination port to match This is the port on the receiving host for which the packet is intended On Displays Yes when the f...

Страница 290: ...anything The mask for Source IP Addr must be 255 255 255 255 since an exact match is desired Source IP Addr 199 211 211 17 Source IP address mask 255 255 255 255 Dest IP Addr 0 0 0 0 Destination IP a...

Страница 291: ...packets Consider the combined effect of the filters If every filter in a set fails to match on a particular packet the packet is Forwarded if all the filters are configured to discard not forward Disc...

Страница 292: ...ts begin by accessing the filter set screens Note Make sure you understand how filters work before attempting to use them Read the section About Filters and Filter Sets beginning on page 10 21 The pro...

Страница 293: ...set All new filter sets have a default name The first filter set you add will be called Filter Set 1 the next filter will be Filter Set 2 and so on To give a new filter set a different name select Fil...

Страница 294: ...een the two involves their reference to source and destination From the perspective of an input filter your local network is the destination of the packets it checks and the remote network is their so...

Страница 295: ...t to Yes If Enabled is toggled to No the filter can still exist in the filter set but it will have no effect Display Change Filter Set Filter Set Name Filter Set 3 Add Input Filter to Filter Set Displ...

Страница 296: ...25 Note If Protocol Type is set to TCP or UDP the settings for port comparison that you configure in steps 8 and 9 will appear These settings only take effect if the Protocol Type is TCP or UDP 9 Sele...

Страница 297: ...filter set all of the filters it contains are deleted as well To reuse any of these filters in another set before deleting the current filter set you ll have to note their configuration and then recr...

Страница 298: ...nput filter 3 This filter explicitly forwards all WAN originated ICMP traffic to permit devices on the WAN to ping devices on the LAN Ping is an Internet service that is useful for diagnostic purposes...

Страница 299: ...ons are not intended to be combined Each modification is to be the only one used with Basic Firewall The results of combining filter set modifications can be difficult to predict It is recommended tha...

Страница 300: ...e deleted set will no longer appear in the answer profile or any connection profiles to which it was added Policy based Routing using Filtersets Previous firmware versions routed IP packets only by de...

Страница 301: ...ic not to keep the link up you would create a filter which forwards a ping but with the Call Placement Idle Reset set to Disabled Toggle Force Routing to Yes Enter the Gateway IP Address in standard d...

Страница 302: ...rd then action on a packet matching none of the filters is to block any traffic Therefore if the behavior you want is to force the routing of a certain type of packet and pass all others through the n...

Страница 303: ...information is what the packet filter uses to make filtering decisions It is important to note that a packet filter does not look into the IP data stream the User Data from above to make filtering de...

Страница 304: ...r rule ordering is critical If a packet is forwarded through a series of filter rules and then the packet matches a rule the appropriate action is taken The packet will not forward through the remaind...

Страница 305: ...are as follows 0 AND 0 0 0 AND 1 0 1 AND 0 0 1 AND 1 1 For example Filter rule Deny IP 163 176 1 15BINARY 10100011 10110000 00000001 00001111 Mask 255 255 255 255BINARY 11111111 11111111 11111111 111...

Страница 306: ...he local network Example lter set screen This is an example of the Netopia filter set screen Filter basics In the source or destination IP address fields the IP address that is entered must be the net...

Страница 307: ...ter Than or Equal Matches the port or any port greater Greater Than Matches anything greater than the port defined Filter Rule 200 1 1 0 Source IP Network Address 255 255 255 128 Source IP Mask Forwar...

Страница 308: ...This rule will forward this packet because the packet does not match Example 3 Incoming packet has the source address of 200 1 1 184 00000000 Logical AND result Filter Rule 200 1 1 0 Source IP Networ...

Страница 309: ...ded Example 5 Incoming packet has the source address of 200 1 1 96 255 255 255 240 11110000 Perform the logical AND 10110000 Logical AND result Filter Rule 200 1 1 96 Source IP Network Address 255 255...

Страница 310: ...ot into one of these configurations the copy of which becomes the current configuration You name the saved configurations giving you a reference for identifying each one The naming operation occurs wh...

Страница 311: ...you can select it from a pop up menu If you select Boot from a Configuration and select a different one you can reboot the gateway with your selected configuration Configuration Management Save Curren...

Страница 312: ...figuration pop up menu select the configuration you want to designate as the Factory Default Configuration Management Configuration Name Type Save Current Configuration as Replace Existing Configurati...

Страница 313: ...nus in the TFTP File Transfer screen in the Utilities Diagnostics menu as shown Configuration Management Save Current Configuration as Replace Existing Configuration Boot from a Configuration Delete a...

Страница 314: ...10 50 Firmware User Guide...

Страница 315: ...n and Firmware Files with TFTP on page 11 6 Restarting the System on page 11 8 Note These utilities and tests are accessible only through the Telnet based management screens See the Getting Started Gu...

Страница 316: ...7 295 3 Select Data Size to change the default setting This is the size in bytes of each Ping packet sent The default setting is adequate in most cases but you can change it to any value from 0 only h...

Страница 317: ...e Description Resolving host name Finding the IP address for the domain name style address Can t resolve host name IP address can t be found for the domain name style address Pinging Ping test is in p...

Страница 318: ...traverse Ping packets that reach their TTL value are dropped and a destination unreachable notification is returned to the sender see the table on the previous page This ensures that no infinite rout...

Страница 319: ...can initiate a Telnet client session when using a Telnet console session To activate the Telnet client select Telnet from the Utilities Diagnostics menu The Telnet client screen appears Enter the host...

Страница 320: ...aving to completely reconfigure the Router by saving a Factory Default configuration See Factory Default to a saved configuration on page 10 48 Transferring Con guration and Firmware Files with TFTP T...

Страница 321: ...ET GATEWAY FIRMWARE FROM SERVER and press Return You will see the following dialog box Select CANCEL to exit without downloading the file or select CONTINUE to download the file The system will reset...

Страница 322: ...Router unit to configure its parameters see Downloading configuration files on page 11 7 This is useful for configuring a number of gateways with identical parameters or just for creating configuratio...

Страница 323: ...u reconfigure the Router and want the new parameter values to take effect Under certain circumstances restarting the system may also clear up system or network malfunctions Some configuration processe...

Страница 324: ...11 10 Firmware User Guide...

Страница 325: ...lowing suggestions before calling for technical support There are four zones to consider when troubleshooting initial configuration 1 The computer s connection to the gateway 2 The gateway s connectio...

Страница 326: ...7 s Ping utility in the Utilities Diagnostics screen and try to Ping local and remote hosts See Ping on page 11 2 for instructions on how to use the Ping utility If you can successfully Ping hosts usi...

Страница 327: ...the Gateway will perform a factory reset clear all settings and configurations except those saved as Saved Configuration s See Factory Default to a saved configuration on page 10 48 The Router will t...

Страница 328: ...devices Ethernet TCP IP How to reach us We can help you with your problem more effectively if you have completed the environment profile in the previous section If you contact us by telephone please b...

Страница 329: ...uring terminal emulation software 1 4 configuring the console 3 35 Connection profiles 2 9 console configuring 3 35 console configuration 3 35 console based management configuring with 1 2 2 1 3 1 Con...

Страница 330: ...ing 10 33 disadvantages of 10 27 input 10 30 modifying 10 32 output 10 30 using 10 27 10 28 viewing 10 32 firewall 10 33 firmware files updating with TFTP 11 7 FTP sessions 10 36 G general statistics...

Страница 331: ...Telnet 1 4 NetBIOS 7 21 NetBIOS scope 7 22 Netopia distributing IP addresses 7 17 models 1 3 monitoring 9 1 security 10 1 system utilities and diagnostics 11 1 Network Address Translation see NAT 7 1...

Страница 332: ...te rules of installation 7 9 static routes 7 3 7 6 strong encryption 5 18 subnets multiple 7 4 support technical A 3 syslog 3 42 T technical support A 3 telnet 1 4 access 10 20 terminal emulation soft...

Страница 333: ...y Protocol 7 34 VLAN 3 11 VPN 5 1 allowing through a firewall 5 25 ATMP tunnel options 5 15 default answer profile 5 18 encryption support 5 17 PPTP tunnel options 5 4 VRID 7 35 VRRP 7 34 VRRP Options...

Страница 334: ...Index 6...

Отзывы:

Нет отзывов

Похожие инструкции для 3300-ENT Series

Бренд: Nayar Systems Страницы: 37

SISPM1040-582-LRT

Бренд: Lantronix Страницы: 2

Бренд: Lantronix Страницы: 7

Maestro E220 Series

Бренд: Lantronix Страницы: 25

Бренд: APM Страницы: 3

Бренд: Patton electronics Страницы: 23

Бренд: Oracle Страницы: 112

NVIP- NVRA0104/GO

Бренд: Novus Страницы: 44

HIRESCHMANN IT MAMMUTHUS MTM8003-FAN

Бренд: Belden Страницы: 84

Бренд: PRIZM Страницы: 8

Бренд: FiberHome Страницы: 44

Бренд: Patton electronics Страницы: 93

Бренд: UltrArmor Страницы: 3

Бренд: UfiSpace Страницы: 34

Бренд: ubiquoss Страницы: 46

ICPE2600 Series

Бренд: 3onedata Страницы: 5

Бренд: Westermo Страницы: 22

Бренд: Nokia Страницы: 111

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды