Netopia D3100-I Скачать руководство пользователя страница 89 | Manualshive

Страница: 89 / 138

Netopia D3100-I Скачать руководство пользователя страница 89

Security 8-89

The following example fur ther illustrates filter rule chaining, different sized masks and the full 8 bytes of the
Value field.

Create a filter set designed to block telnet access from a given external node (the example below uses
176.163.52.18) to a given internal node (176.163.107.254).

The filter rule summar y (input) should look like this:

■

Filter #1 checks that the IHL has a size of 5. This is a useful security check to verify a potential hacker has
not padded the packet with options that would then throw off following filter rule checks on bytes fur ther
into the packet.

■

Filter #2 checks the incoming packet is IP.

■

Filter #3 checks that the packet is using TCP.

■

Filter #4 simultaneously checks the source IP address is 176.163.52.18 (= B0A33412 in hex) and the
destination IP address is 176.163.107.254 (= B0A3B0FE in hex).

■

Filter #5 checks the TCP por t address is telnet (= 23 decimal = 17 hex).

Note:

This filter set is presented only to illustrate how Generic filtering works. You are strongly advised to

actually use IP filters to block IP only traffic.

+-#----Value-------------Mask--------------Offst-Compare--Chain---On?-Fwd-+
+-------------------------------------------------------------------------+
| 1 0500000000000000 0F00000000000000 14 = No Yes No |
| 2 0800000000000000 FFFF000000000000 12 = Yes Yes |
| 3 0600000000000000 FF00000000000000 23 = Yes Yes |
| 4 B0A33412B0A3B0FE FFFFFFFFFFFFFFFF 26 = Yes Yes |
| 5 0017000000000000 FFFF000000000000 36 = No Yes No |
| |

«
...
87
88
89
90
91
...
»

Содержание D3100-I

Страница 1: ...Netopia D Series DSL DSUs D3100 I IDSL D3232 IDSL D7100 SDSL D7171 SDSL User s Reference Guide ...

Страница 2: ...may not be copied in whole or part without the prior written consent of Netopia Inc Under the law copying includes translation to another language or format Netopia Inc 2470 Mariner Square Loop Alameda CA 94501 1010 U S A Part Number For additional copies of this electronic manual order Netopia part number 6161076 PF 02 Printed Copies For printed copies of this manual order Netopia part number TED...

Страница 3: ...tors and attach the cables 2 14 Filtering Bridge mode 2 14 DSU mode 2 14 Connect Line ports to mutiple DSL lines D3232 only 2 15 Netopia D Series DSL DSU back panel ports 2 15 Netopia D Series DSL DSU status lights 2 16 Chapter 3 Connecting to Your Local Area Network 3 19 Netopia D Series Configuration Modes 3 19 Filtering bridge mode 3 19 DSU mode 3 20 Readying computers on your local network 3 2...

Страница 4: ...creens 5 36 Chapter 6 WAN and System Configuration 6 37 System Configuration screens 6 38 Navigating through the system configuration screens 6 39 System configuration features 6 39 Management IP setup 6 40 Filter sets 6 41 Date and time 6 41 Console configuration 6 41 SNMP Simple Network Management Protocol 6 42 Security 6 42 Upgrade feature set 6 42 Logging 6 42 Installing the Syslog client 6 43...

Страница 5: ...lter and what s a filter set 8 62 How filter sets work 8 62 How individual filters work 8 64 Design guidelines 8 68 Filtering tutorial 8 69 General filtering terms 8 69 Basic IP packet components 8 69 Basic protocol types 8 70 Filter basics 8 72 Example IP filters 8 73 Working with Filters and filter sets 8 75 Adding a filter set 8 76 Adding filters to a filter set 8 78 Viewing filter sets 8 82 Mo...

Страница 6: ... Updating firmware 9 98 Downloading configuration files 9 99 Uploading configuration files 9 99 Restarting the system 9 100 Part III Appendixes Appendix A Troubleshooting A 103 Configuration problems A 103 Console connection problems A 104 Network problems A 104 How to reset the Netopia D Series to factory defaults A 105 Power outages A 105 Technical support A 106 How to reach us A 106 Appendix B ...

Страница 7: ...ion D 120 Power requirements D 120 Environment D 120 Software and protocols D 120 Agency approvals D 120 Regulatory notices D 121 Important safety instructions D 122 Glossary Limited Warranty and Limitation of Remedies Index ...

Страница 8: ...viii User s Reference Guide ...

Страница 9: ...P P P Pa a a ar r r rt t t t I I I I G G G Ge e e et t t tt t t ti i i in n n ng g g g S S S St t t ta a a ar r r rt t t te e e ed d d d ...

Страница 10: ...User s Reference Guide ...

Страница 11: ...ven if they are connected to a central office via a digital loop carrier DLC system or an ISDN repeater The Netopia D3232 and D7171 use DSL bonding technology as available through Copper Mountain DSLAMs to effectively double or quadruple the bandwidth of the DSL link In DSU mode the Auxiliary port functions as a Synchronous serial port supplying a V 35 DCE interface for connection to another route...

Страница 12: ... Security Features Intelligent bridge mode Packet Filters 8 user definable filter sets using up to 255 rules IP and MAC layer packet filtering Filter packets on source or destination address service or protocol filter incoming packets for security or outgoing packets for more efficient use of DSL bandwidth Management Access Password protected access to management tools with up to 4 user names and ...

Страница 13: ...useful information about the procedure you are performing If you prefer to work from hard copy rather than on line documentation you can also print out all of the manual or individual sections The pages are formatted to print on standard 8 1 2 by 11 inch paper We recommend that you print on three hole punched paper so you can put the pages in a binder for future reference For your convenience a pr...

Страница 14: ...1 14 User s Reference Guide ...

Страница 15: ...f the building and how to best use the physical space available for connecting your Netopia D Series to the LAN or router Available wiring and jacks Distance from the point of installation to the next device length of cable or wall wiring Ease of access to the front of the unit for configuration and monitoring Ease of access to the back of the unit for checking and changing cables Cable length and...

Страница 16: ...ri i i id d d dg g g ge e e e m m m mo o o od d d de e e e 1 Connect the mini DIN8 connector from the power adapter to the power port and plug the other end into an electrical outlet 2 Connect one end one of the RJ 45 cables to the Line 1 port and the other end to your SDSL or IDSL wall outlet 3 Connect one end of one of the RJ 45 Ethernet cables to any of the Ethernet ports on the Netopia D Serie...

Страница 17: ... one of your SDSL or IDSL wall outlets 3 Connect one end of another RJ 45 cable to the second port on the double end of the splitter and the other end of the RJ 45 cable to another of your SDSL or IDSL wall outlets 4 Repeat steps 1 3 with the Line 2 port the second splitter and a third and fourth SDSL or IDSL wall outlets N N N Ne e e et t t to o o op p p pi i i ia a a a D D D D S S S Se e e er r ...

Страница 18: ...ect your computer directly to any of the Ethernet ports on the Netopia D Series or connect both your computer and the Netopia D Series to an existing Ethernet hub on your LAN When this happens the LEDs The corresponding line passes supervisory traffic between the Digital Subscriber Line Access Multiplexer DSLAM and the Netopia D Series 2 or 8 flashes yellow The WAN interface is operational 3 or 9 ...

Страница 19: ...mitted or received 6 and 7 flash yellow Data is transmitted or received by the ethernet controller 12 flashes yellow The Ethernet interface detects a collision 13 flashes red Link is detected 14 though 21 are solid green Data are received on their respective ports 14 though 21 flash green Note Console carrier 6 is ignored if the console is not configured for a remote modem When this happens the LE...

Страница 20: ...2 20 User s Reference Guide ...

Страница 21: ...et network on page 3 24 N N N Ne e e et t t to o o op p p pi i i ia a a a D D D D S S S Se e e er r r ri i i ie e e es s s s C C C Co o o on n n nf f f fi i i ig g g gu u u ur r r ra a a at t t ti i i io o o on n n n M M M Mo o o od d d de e e es s s s The Netopia D Series DSL DSU can be used in either of two ways as an intelligent Ethernet filtering bridge for DSL connections or as a Digital Serv...

Страница 22: ...ansmitted over the DSL connection A packet received from the DSL connection will be de encapsulated and its MAC address examined Either it is management traffic for the Netopia D Series or it is encapsulated for Ethernet and transmitted over the hub D D D DS S S SU U U U m m m mo o o od d d de e e e The DSU behavior is similar except that the datalink encapsulation on the WAN is Frame Relay and th...

Страница 23: ... stack This is the software that lets your PC or Macintosh communicate using Internet protocols TCP IP stacks must be configured with some of the same information you used to configure the Netopia D Series There are a number of TCP IP stacks available for PC computers Windows 95 includes a built in TCP IP stack See Configuring TCP IP on Windows 95 or 98 computers on page 4 28 Macintosh computers u...

Страница 24: ...thernet port is in use 1 1 1 10 0 0 0B B B Ba a a as s s se e e e T T T T You can connect a standard 10Base T Ethernet network to the Netopia D Series using any of its available Ethernet ports Netopia D Series back panel The Netopia D Series in a 10Base T network Ethernet Normal Auxiliary Console Power Line 8 1 1 Uplink Ethernet Nor 8 1 To connect your 10Base T network to the Netopia D Series thro...

Страница 25: ...Local Area Network 3 25 If you add devices connected through a hub connect the hub to Ethernet port number 1 on the Netopia D Series and set the Normal Uplink switch to Uplink Macintosh PC PC 10Base T Hub Ethernet Nor 8 1 ...

Страница 26: ...3 26 User s Reference Guide ...

Страница 27: ... your network must have TCP IP installed and configured This chapter tells you how to configure TCP IP on the desktop computers on your network This chapter covers the following topics Configuring TCP IP on Windows 95 or 98 computers on page 28 Configuring TCP IP on Macintosh computers on page 30 Note For information on configuring TCP IP on Windows 2000 or NT computers please see the Microsoft do...

Страница 28: ...manually configuring for a fixed or static IP address perform the following 1 Go to Start Menu Settings Control Panels and double click the Network icon From the Network components list select the Configuration tab 2 Select TCP IP Your Network Card Then select Properties In the TCP IP Properties screen shown below select the IP Address tab Click Specify an IP Address Enter the following IP Address...

Страница 29: ...nter the following information Host Type the name you want to give to this computer Domain Type your domain name If you don t have a domain name type your ISP s domain name for example netopia com DNS Server Search Order Type the primary DNS IP address given to you by your ISP Click Add Repeat this process for the secondary DNS Domain Suffix Search Order Enter the same domain name you entered abov...

Страница 30: ...ciated drivers installed in your Macintosh 3 In the TCP IP window or in the MacTCP More window select or type information into the fields as shown in the following table Option Select Type Connect via Ethernet Configure Manually IP Address 192 168 1 2 Subnet mask 255 255 255 0 or for 12 user models 255 255 255 240 Router or Gateway address 192 168 1 1 Name server address Enter the primary and seco...

Страница 31: ...estart These are the only fields you need to modify in this screen Note You can also use these instructions to configure other computers on your network with manual or static IP addresses Be sure each computer on your network has its own IP address Implicit Search Path Starting domain name Enter your domain name if you do not have a domain name enter the domain name of your ISP Option Select Type ...

Страница 32: ...4 32 User s Reference Guide ...

Страница 33: ...P P P Pa a a ar r r rt t t t I I I II I I I A A A Ad d d dv v v va a a an n n nc c c ce e e ed d d d C C C Co o o on n n nf f f fi i i ig g g gu u u ur r r ra a a at t t ti i i io o o on n n n ...

Страница 34: ...User s Reference Guide ...

Страница 35: ...s on page 5 36 Connecting through a Telnet session on page 5 37 Navigating through the console screens on page 5 38 Console based management screens contain five entry points to the Netopia D Series configuration and monitoring features The entry points are displayed in the Main Menu shown below Note Although it references the Netopia D3232 this screen applies to all Netopia D Series DSL DSUs The ...

Страница 36: ... for detailed information C C C Co o o on n n nn n n ne e e ec c c ct t t ti i i in n n ng g g g a a a a c c c co o o on n n ns s s so o o ol l l le e e e c c c ca a a ab b b bl l l le e e e t t t to o o o y y y yo o o ou u u ur r r r N N N Ne e e et t t to o o op p p pi i i ia a a a D D D D S S S Se e e er r r ri i i ie e e es s s s If you will be assigning an IP address to the Netopia D Series o...

Страница 37: ...Te e e el l l ln n n ne e e et t t t s s s se e e es s s ss s s si i i io o o on n n n Features of the Netopia D Series can be configured through the console screens via Telnet Before you can access the console screens through Telnet you must have A network connection locally to the Netopia D Series or IP access to the Netopia D Series The default IP address of the Netopia D Series is 192 168 1 1 ...

Страница 38: ...omerCare CD You install NCSA Telnet by simply dragging the application from the CD to your hard disk N N N Na a a av v v vi i i ig g g ga a a at t t ti i i in n n ng g g g t t t th h h hr r r ro o o ou u u ug g g gh h h h t t t th h h he e e e c c c co o o on n n ns s s so o o ol l l le e e e s s s sc c c cr r r re e e ee e e en n n ns s s s Use your keyboard to navigate the Netopia D Series s con...

Страница 39: ...of your Netopia D Series DSL DSU You can customize these features for your individual setup These menus provide a powerful method for experienced users to set up their Netopia D Series s connection and system configuration This chapter also describes DSL Bonding or iMux and how to configure your Netopia D Series equipment to use it This section covers the following topics System Configuration scre...

Страница 40: ... a console cable to your Netopia D Series on page 5 36 You can also retrieve the Netopia D Series s configuration information and remotely set its parameters using the Simple Network Management Protocol see SNMP on page 7 57 Open a Telnet connection to the Netopia D Series s IP address for example the default 192 168 1 1 The console screen will open to the Main Menu similar to the screen shown bel...

Страница 41: ...ape key S S S Sy y y ys s s st t t te e e em m m m c c c co o o on n n nf f f fi i i ig g g gu u u ur r r ra a a at t t ti i i io o o on n n n f f f fe e e ea a a at t t tu u u ur r r re e e es s s s The Netopia D Series DSL DSU s default settings may be all you need to configure your Netopia D Series Some users however require advanced settings or prefer manual control over the default selections...

Страница 42: ...w these steps to configure IP Setup for your Netopia D Series Select Ethernet IP Address and enter the IP address for the Netopia D Series s Ethernet port Select Ethernet Subnet Mask and enter the subnet mask for the Ethernet IP address that you entered in the last step Select Default IP Gateway and enter the IP address for a default gateway This can be the address of any major router accessible t...

Страница 43: ... country or locality Options are MM DD YY DD MM YY and YY MM DD 2 Select Current Date and enter the date in the appropriate format Use one or two digit numbers for the month and day and the last two digits of the current year The date s numbers must be separated by forward slashes 3 Select System Time Format A popup allows you to choose either AM PM or 24hr formats 4 Select Current Time and enter ...

Страница 44: ...t t t to o o oc c c co o o ol l l l These screens allow you to monitor and configure your network by means of a standard Simple Network Management Protocol SNMP agent Details are given in SNMP on page 7 57 S S S Se e e ec c c cu u u ur r r ri i i it t t ty y y y These screens allow you to add users and define passwords on your network Details are given in Security on page 8 61 U U U Up p p pg g g ...

Страница 45: ...ecify the UNIX syslog Facility to use by selecting the Facility pop up I I I In n n ns s s st t t ta a a al l l ll l l li i i in n n ng g g g t t t th h h he e e e S S S Sy y y ys s s sl l l lo o o og g g g c c c cl l l li i i ie e e en n n nt t t t The Goodies folder on the CustomerCare CD contains a Syslog client daemon program that can be configured to report the WAN events you specified in the...

Страница 46: ... of multiple DS0 links in a single T1 or E1 circuit DSL Bonding takes a single high speed data stream and spreads it across several lower speed physical links which logically form a single aggregated channel or group Multiple SDSL or IDSL lines are combined to create a single logical data channel that is the aggregate of the individual lines bandwidths minus a small amount used for overhead A pack...

Страница 47: ...pperEdge DSL Access Concentrators Copper Mountain s approach conforms with the Multi link Frame Relay MFR protocol However where DML operates between the CPE and DSLAM MFR would more likely operate between the CPE and Frame Relay terminator potentially the ISP s router Currently the D Series equipment does not support the potential use of more than one ISDN U BRI channel for switched ISDN applicat...

Страница 48: ...s SDSL option These screens show the dual WAN interfaces as a single bonded interface and you configure them together by selecting Wan Module 1 and 2 Setup and pressing Return Choose Interface to Configure ISDN IDSL Wan Module 1 and 2 Setup Auxiliary Serial Port Setup Choose Interface to Configure CMN SDSL Wan Module 1 and 2 Setup Auxiliary Serial Port Setup ...

Страница 49: ... Clock Source Network Internal Bridge Mode Filter Set Filter Set 1 Remove Filter Set Return Enter goes to new screen SDSL Line Configuration Clock Source Network Internal Bridge Mode Filter Set Filter Set 1 Remove Filter Set Return Enter goes to new screen SDSL Line Configuration Clock Source Network Data Link Encapsulation RFC1483 Prioritize Delay Sensitive Data No Enter Information supplied to y...

Страница 50: ...DSL device operating in CPE mode A Data Rate pop up item is available only if the clock source is Internal This item allows you to set the data rate for the DSL link and the attached CPE device A Bridge Mode Filter Set pop up item allows you to select a filter set to make active on the IDSL or SDSL link See About filters and filter sets on page 8 64 for more information You can deactivate any prev...

Страница 51: ...tus overview on page 7 51 Statistics Logs on page 7 53 Event histories on page 7 54 System Information on page 7 57 SNMP on page 7 57 Q Q Q Qu u u ui i i ic c c ck k k k V V V Vi i i ie e e ew w w w s s s st t t ta a a at t t tu u u us s s s o o o ov v v ve e e er r r rv v v vi i i ie e e ew w w w You can get a useful overall status report from the Netopia D Series in the Quick View screen To go t...

Страница 52: ... s l l l li i i ig g g gh h h ht t t ts s s s This section shows the current real time status of the Netopia D Series s status lights LEDs It is useful for remotely monitoring the Netopia D Series s status The Quick View screen s arrangement of LEDs corresponds to the physical arrangement of LEDs on the Netopia D Series Each LED representation can report one of four states A dash means the LED is ...

Страница 53: ... t t ti i i is s s st t t ti i i ic c c cs s s s To go to the General Statistics screen select General Statistics and press Return The General Statistics screen appears The General Statistics screen displays information about data traffic on the Netopia D Series s data ports This information is useful for monitoring and troubleshooting your LAN Note that the counters roll over at their maximum fie...

Страница 54: ...ckets received Tx Err An error occurring when Ethernet packets are transmitted simultaneously by nodes on the LAN E E E Ev v v ve e e en n n nt t t t h h h hi i i is s s st t t to o o or r r ri i i ie e e es s s s The Netopia D Series records certain relevant occurrences in event histories Event histories are useful for diagnosing problems because they list what happened before during and after a ...

Страница 55: ...about any event listed in the WAN Event History select the event and then press Return A dialog box containing more information about the selected event will appear Press Return or Escape to dismiss the dialog box To clear the event history select Clear History at the bottom of the history screen and press Return WAN Event History Current Date 11 5 99 11 48 19 AM Date Time Event SCROLL UP 11 04 99...

Страница 56: ...L DOWN at the bottom of the list and press Return To obtain more information about any event listed in the Device Event History select the event and then press Return A dialog box containing more information about the selected event appears Press Return or Escape to dismiss the dialog box To clear the Device Event History select Clear History and press Return Device Event History Current Date 3 10...

Страница 57: ... monitoring and configuration by a standard SNMP manager The Netopia D Series supports the following management information base MIB documents MIB II RFC 1213 Interface MIB RFC 1229 Ethernet MIB RFC 1643 Netopia MIB These MIBs are on the CustomerCare CD included with the Netopia D Series Load these MIBs into your SNMP management software in the order they are listed here Follow the instructions in...

Страница 58: ...pectively in the MIB II system group Although optional the information you enter in these items can help a system administrator manage the network more efficiently C C C Co o o om m m mm m m mu u u un n n ni i i it t t ty y y y s s s st t t tr r r ri i i in n n ng g g gs s s s The Read Only Community String and the Read Write Community String are like passwords that must be used by an SNMP manager...

Страница 59: ...e SNMP you should change the community strings This prevents unauthorized access to the Netopia D Series through SNMP For more information on security issues see Security on page 8 61 S S S SN N N NM M M MP P P P t t t tr r r ra a a ap p p ps s s s An SNMP trap is an informational message sent from an SNMP agent in this case the Netopia D Series to a manager When a manager receives a trap it may l...

Страница 60: ...Receivers screen M M M Mo o o od d d di i i if f f fy y y yi i i in n n ng g g g I I I IP P P P t t t tr r r ra a a ap p p p r r r re e e ec c c ce e e ei i i iv v v ve e e er r r rs s s s 1 To edit an IP trap receiver select Display Change IP Trap Receiver in the IP Trap Receivers screen 2 Select an IP trap receiver from the table and press Return 3 In the Change IP Trap Receiver screen edit the ...

Страница 61: ...s and your network more secure Change the SNMP community strings or passwords The default community strings are universal and could easily be known to a potential intruder Configure the Netopia D Series through the serial console port to ensure that your communications cannot be intercepted U U U Us s s se e e er r r r a a a ac c c cc c c co o o ou u u un n n nt t t ts s s s When you first set up ...

Страница 62: ...sword Make sure this password is secure and is different from any of the user account passwords P P P Pr r r ro o o ot t t te e e ec c c ct t t ti i i in n n ng g g g t t t th h h he e e e c c c co o o on n n nf f f fi i i ig g g gu u u ur r r ra a a at t t ti i i io o o on n n n s s s sc c c cr r r re e e ee e e en n n ns s s s You can protect the configuration screens with user accounts You can ...

Страница 63: ... it To exit the list without deleting the selected account press Escape T T T Te e e el l l ln n n ne e e et t t t a a a ac c c cc c c ce e e es s s ss s s s Telnet is a TCP IP service that allows remote terminals to access hosts on an IP network The Netopia D Series supports Telnet access to its configuration screens Caution You should consider password protecting or restricting Telnet access to ...

Страница 64: ...ha a a at t t t s s s s a a a a f f f fi i i il l l lt t t te e e er r r r a a a an n n nd d d d w w w wh h h ha a a at t t t s s s s a a a a f f f fi i i il l l lt t t te e e er r r r s s s se e e et t t t A filter is a rule that lets you specify what sort of data can flow in and out of your network A particular filter can be either an input filter one that is used on data packets coming in to yo...

Страница 65: ...ject all packages that come from France If a package arrives from Rome the first inspector sends it along without allowing the second inspector to see it A package from Paris is ignored by the first inspector rejected by the second inspector and never seen by the others A package from London is ignored by the first two inspectors so it s seen by the third inspector In the same way filter sets appl...

Страница 66: ...he IP address 199 211 211 17 If a match occurs the packet is blocked Here is what this rule looks like when implemented as a filter on the Netopia D Series To understand this particular filter look at the parts of an IP filter P P P Pa a a ar r r rt t t ts s s s o o o of f f f a a a an n n n I I I IP P P P f f f fi i i il l l lt t t te e e er r r r There are two types if filters and filter sets IP...

Страница 67: ...the packet s port number must be less than the port number specified in the filter Less Than or Equal For the filter to match the packet s port number must be less than or equal to the port number specified in the filter Equal For the filter to match the packet s port number must equal the port number specified in the filter Greater Than For the filter to match the packet s port number must be gre...

Страница 68: ...s rows in a table The table s columns correspond to each filter s attributes The filter s priority in the set Filter number 1 with the highest priority is first in the table Source IP Addr The packet source IP address to match Dest IP Addr The packet destination IP address to match Proto The protocol to match This can be entered as a number see the table below or as TCP or UDP if those protocols a...

Страница 69: ...any IP address The Source IP Address Mask and Destination IP Address Mask fields indicate how many bits in the corresponding address the filter rule applies to How these IP addresses are masked determines what the final match will be although the mask is not displayed in the table that displays the filter sets you set it when you create the filter In fact since the mask for the destination IP addr...

Страница 70: ...n actually make your network less secure Be sure each individual filter s purpose is clear Determine how filter priority will affect the set s actions Test the set on paper by determining how the filters would respond to a number of different hypothetical packets Consider the combined effect of the filters If every filter in a set fails to match on a particular packet the packet is Passed if all t...

Страница 71: ... n n ng g g g t t t tu u u ut t t to o o or r r ri i i ia a a al l l l G G G Ge e e en n n ne e e er r r ra a a al l l l f f f fi i i il l l lt t t te e e er r r ri i i in n n ng g g g t t t te e e er r r rm m m ms s s s Filter rule A filter set is comprised of individual filter rules Filter set A grouping of individual filter rules Firewall A component or set of components that restrict access be...

Страница 72: ...through the remainder of the filter rules For example if you had the following filter set Allow WWW access Allow FTP access Allow SMTP access Deny all other packets and a packet goes through these rules destined for FTP the packet would pass through the first rule WWW go through the second rule FTP and match this rule the packet is allowed through If you had this filter set for example Allow WWW a...

Страница 73: ... s st t t ta a a ab b b bl l l li i i is s s sh h h he e e ed d d d c c c co o o on n n nn n n ne e e ec c c ct t t ti i i io o o on n n ns s s s The TCP header contains one bit called the ACK bit or TCP Ack bit This ACK bit appears only with TCP not UDP The ACK bit is part of the TCP mechanism that guaranteed the delivery of data The ACK bit is set whenever one side of a connection has received d...

Страница 74: ... subnet A host address can be entered but the applied subnet mask must be 32 bits 255 255 255 255 E E E Ex x x xa a a am m m mp p p pl l l le e e e n n n ne e e et t t tw w w wo o o or r r rk k k k Change Input Filter 1 Enabled Yes Forward No Type IP Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 Protocol Type TCP Source Port Compare N...

Страница 75: ... the Source IP Address field whose last byte is binary 00000000 in the Netopia D Series This will not forward this packet E E E Ex x x xa a a am m m mp p p pl l l le e e e 2 2 2 2 Incoming packet has the source address of 200 1 1 184 Filter Rule 200 1 1 0 Source IP Network Address 255 255 255 128 Source IP Mask Forward No What happens on match IP Address Binary Representation of the last byte of t...

Страница 76: ...oes not match and this packet will be passed E E E Ex x x xa a a am m m mp p p pl l l le e e e 4 4 4 4 Incoming packet has the source address of 200 1 1 104 255 255 255 128 10000000 Perform the logical AND 10000000 Logical AND result Filter Rule 200 1 1 96 Source IP Network Address 255 255 255 240 Source IP Mask Forward No What happens on match IP Address Binary Representation of last byte 200 1 1...

Страница 77: ...t t t th h h h F F F Fi i i il l l lt t t te e e er r r rs s s s a a a an n n nd d d d f f f fi i i il l l lt t t te e e er r r r s s s se e e et t t ts s s s This section covers Filters and filter sets To work with filters and filter sets begin by accessing the filter set screens Note Make sure you understand how filters work before attempting to use them Read the section About filters and filter...

Страница 78: ... n n ng g g g a a a a f f f fi i i il l l lt t t te e e er r r r s s s se e e et t t t You can create up to 255 filter rules You can use them in any combination of input or output in up to eight filter sets To add a new filter set select Add Filter Set in the Filter Sets screen and press Return The Add Filter Set screen appears Filter Sets Add Filter Set Display Change Filter Set Delete Filter Set...

Страница 79: ...nter a new name for the filter set To save the filter set select ADD FILTER SET The saved filter set is empty contains no filters but you can return to it later to add filters see Modifying filter sets on page 8 85 Or you can add filters to your new set before saving it see Adding filters to a filter set on page 8 80 To leave the Add Filter Set screen without saving the new filter set Select CANCE...

Страница 80: ... your local network is the destination of the packets it checks and the remote network is their source From the perspective of an output filter your local network is the source of the packets and the remote network is their destination A A A Ad d d dd d d di i i in n n ng g g g f f f fi i i il l l lt t t te e e er r r rs s s s t t t to o o o a a a a f f f fi i i il l l lt t t te e e er r r r s s s...

Страница 81: ...toggled to No packets matching the filter s criteria will be discarded Display Change Filter Set Filter Set Name Filter Set 1 Add Input Filter to Filter Set Display Change Input Filter Delete Input Filter Move Input Filter Add Output Filter to Filter Set Display Change Output Filter Delete Output Filter Move Output Filter Add Filter Enabled Yes Forward No Type IP Source IP Address 0 0 0 0 Source I...

Страница 82: ...on IP address This allows you to further modify the way the filter will match on the destination address Enter 0 0 0 0 to force the filter to match on all destination IP addresses 8 Select Protocol Type and enter ICMP TCP UDP Any or the number of another IP transport protocol see the table on page 8 68 Note If Protocol Type is set to TCP or UDP the settings for port comparison that you configure i...

Страница 83: ...ew w w wi i i in n n ng g g g f f f fi i i il l l lt t t te e e er r r rs s s s To display a view only table of input output filters select Display Change Input Filter or Display Change Output Filter in the Display Change Filter Set screen M M M Mo o o od d d di i i if f f fy y y yi i i in n n ng g g g f f f fi i i il l l lt t t te e e er r r rs s s s To modify a filter select Display Change Input...

Страница 84: ...e without deleting the filter V V V Vi i i ie e e ew w w wi i i in n n ng g g g f f f fi i i il l l lt t t te e e er r r r s s s se e e et t t ts s s s To display a view only list of filter sets select Display Change Filter Set in the Filter Sets screen Change Filter Enabled No Forward No Source IP Address 0 0 0 0 Source IP Address Mask 0 0 0 0 Dest IP Address 0 0 0 0 Dest IP Address Mask 0 0 0 0 ...

Страница 85: ... lt t t te e e er r r r s s s se e e et t t t Note If you delete a filter set all of the filters it contains are deleted as well To reuse any of these filters in another set before deleting the current filter set you ll have to note their configuration and then recreate them To delete a filter set select Delete Filter Set in the Filter Sets screen to display a list of filter sets Select a filter s...

Страница 86: ... for example a MAC address is 6 bytes 00 00 C5 60 34 74 The Value Mask and Offset are used together to determine if the packet matches the filter The Value is logically ANDed with the Mask the Offset specifies the number of bytes into the packet where the Value ANDed with the Mask must be present If these match the filter matches the packet Several Generic Filters can be ANDed together by toggling...

Страница 87: ...eric filter set that would block all incoming traffic to Mac address 00 00 c8 e3 95 you could create a filter rule like this 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Version IHL Type of Service Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address Options Padding data IP Header Format Note that one ...

Страница 88: ...verify the byte with offset of 12 bytes is less than 600 hex ANDed chained with a filter that verifies the byte offset by 14 is not equal to FFFF The filter set should look like this with the first filter rule s chain field set to Yes because the packet has to match both rules to be qualified as an IPX packet Add Input Filter Enabled Yes Forward No Type Generic Value 0000C8E395000000 Mask FFFFFFFF...

Страница 89: ...rther into the packet Filter 2 checks the incoming packet is IP Filter 3 checks that the packet is using TCP Filter 4 simultaneously checks the source IP address is 176 163 52 18 B0A33412 in hex and the destination IP address is 176 163 107 254 B0A3B0FE in hex Filter 5 checks the TCP port address is telnet 23 decimal 17 hex Note This filter set is presented only to illustrate how Generic filtering...

Страница 90: ...8 90 User s Reference Guide ...

Страница 91: ...sole session on page 9 96 Factory defaults on page 9 96 Transferring configuration and firmware files with TFTP on page 9 96 Transferring configuration and firmware files with XMODEM on page 9 99 Restarting the system on page 9 102 Note These utilities and tests are accessible only through the console based management screens See Chapter 5 Console Based Management for information on accessing the ...

Страница 92: ...1 to 4 294 967 295 3 Select Data Size to change the default setting This is the size in bytes of each Ping packet sent The default setting is adequate in most cases but you can change it to any value from 0 only header data to 1664 4 Select Delay seconds to change the default setting The delay in seconds determines the time between Ping packets sent The default setting is adequate in most cases bu...

Страница 93: ...on time Message Description Resolving host name Finding the IP address for the domain name style address Can t resolve host name IP address can t be found for the domain name style name Pinging Ping test is in progress Complete Ping test was completed Cancelled by user Ping test was cancelled manually Destination unreachable from w x y z Ping test was able to reach the router with IP address w x y...

Страница 94: ...nreachable notification is returned to the sender see the table on the previous page This ensures that no infinite routing loops occur The TTL value can be set and retrieved using the SNMP MIB II ip group s ipDefaultTTL object T T T Tr r r ra a a ac c c ce e e e R R R Ro o o ou u u ut t t te e e e You can count the number of routers between your Netopia D Series and a given destination with the Tr...

Страница 95: ...session To activate the Telnet client select Telnet from the Utilities Diagnostics menu The Telnet client screen appears Enter the host name or the IP address in dotted decimal format of the machine you want to telnet into and press Return Either accept the default control character Q used to suspend the Telnet session or type a different one START A TELNET SESSION becomes highlighted Press Return...

Страница 96: ...emergency See How to reset the Netopia D Series to factory defaults in Appendix A Trouble shooting Note Reset to factory defaults with caution You will need to reconfigure all of your settings in the Netopia D Series T T T Tr r r ra a a an n n ns s s sf f f fe e e er r r rr r r ri i i in n n ng g g g c c c co o o on n n nf f f fi i i ig g g gu u u ur r r ra a a at t t ti i i io o o on n n n a a a ...

Страница 97: ...dates will be available on the Netopia website Router firmware updates are also periodically posted on the Netopia website To update either the Netopia D Series s or the internal WAN module s firmware follow these steps Select TFTP Server Name and enter the server name or IP address of the TFTP server you will use The server name or IP address is available from the site where the server is located...

Страница 98: ... of bytes transferred D D D Do o o ow w w wn n n nl l l lo o o oa a a ad d d di i i in n n ng g g g c c c co o o on n n nf f f fi i i ig g g gu u u ur r r ra a a at t t ti i i io o o on n n n f f f fi i i il l l le e e es s s s The Netopia D Series can be configured by downloading a configuration file using TFTP Once downloaded the file reconfigures all of the Netopia D Series s parameters as if s...

Страница 99: ...w these steps 1 Select TFTP Server Name and enter the server name or IP address of the TFTP server you will use The server name or IP address is available from the site where the server is located 2 Select Config File Name and enter a name for the file you will upload The file will appear with the name you choose on the TFTP server You may need to enter a file path along with the file name for exa...

Страница 100: ...ng dialog box appears 3 Select CANCEL to exit without downloading the file or select CONTINUE to download the file If you choose CONTINUE you will have ten seconds to use your terminal emulation software to initiate an XMODEM transfer of the firmware file If you fail to initiate the transfer in that time the dialog box will disappear and the terminal emulation software will inform you of the trans...

Страница 101: ...EM transfer of the configuration file If you fail to initiate the transfer in that time the dialog box will disappear and the terminal emulation software will inform you of the transfer s failure You can then try again The system will reset at the end of a successful file transfer to put the new configuration into effect U U U Up p p pl l l lo o o oa a a ad d d di i i in n n ng g g g c c c co o o ...

Страница 102: ... s s st t t ta a a ar r r rt t t ti i i in n n ng g g g t t t th h h he e e e s s s sy y y ys s s st t t te e e em m m m You can restart the system by selecting the Restart System item in the Utilities Diagnostics screen You must restart the system whenever you reconfigure the Netopia D Series and want the new parameter values to take effect Under certain circumstances restarting the system may al...

Страница 103: ...P P P Pa a a ar r r rt t t t I I I II I I II I I I A A A Ap p p pp p p pe e e en n n nd d d di i i ix x x xe e e es s s s ...

Страница 104: ...User s Reference Guide ...

Страница 105: ...e four zones to consider when troubleshooting initial configuration 1 The computer s connection to the Netopia D Series 2 The Netopia D Series s connection to the telecommunication line s 3 The telecommunication line s connection to your ISP 4 The ISP s connection to the Internet If the connection from the computer to the Netopia D Series was not successful verify that the following conditions are...

Страница 106: ...f f f fi i i ig g g gu u u ur r r ra a a at t t ti i i io o o on n n n s s s sc c c cr r r re e e ee e e en n n ns s s s Try changing the Netopia D Series s default speed of 9600 bps and setting your terminal emulation software to match the new speed N N N Ne e e et t t tw w w wo o o or r r rk k k k p p p pr r r ro o o ob b b bl l l le e e em m m ms s s s This section contains tips for troubleshoo...

Страница 107: ... following 1 Turn the Netopia D Series upside down 2 Referring to the diagram below find the paper clip size Reset Switch slot 3 Carefully insert the larger end of a standard size paper clip until you contact the internal Reset Switch No need to unwind the paper clip 4 Press this switch 5 This will reset the unit to factory defaults and you will now be able to reprogram the Netopia D Series P P P ...

Страница 108: ...serial number and firmware version The serial number is on the bottom of the Netopia D Series along with the model number The firmware version appears in the Netopia D Series s Main Menu screen Model number Serial number Firmware version What kind of local network s do you have with how many devices Ethernet LocalTalk EtherTalk TCP IP IPX Other H H H Ho o o ow w w w t t t to o o o r r r re e e ea ...

Страница 109: ... ti i i io o o on n n n Product information can be found in the following Netopia World Wide Web server via http www netopia com Internet via anonymous FTP to ftp netopia com pub F F F FA A A AX X X X B B B Ba a a ac c c ck k k k This service provides technical notes that answer the most commonly asked questions and offers solutions for many common problems encountered with Netopia products FAX Ba...

Страница 110: ...A 110 User s Reference Guide ...

Страница 111: ... 99 1100011 4 100 36 100100 68 1000100 100 1100100 5 101 37 100101 69 1000101 101 1100101 6 110 38 100110 70 1000110 102 1100110 7 111 39 100111 71 1000111 103 1100111 8 1000 40 101000 72 1001000 104 1101000 9 1001 41 101001 73 1001001 105 1101001 10 1010 42 101010 74 1001010 106 1101010 11 1011 43 101011 75 1001011 107 1101011 12 1100 44 101100 76 1001100 108 1101100 13 1101 45 101101 77 1001101 ...

Страница 112: ...00011 163 10100011 195 11000011 227 11100011 132 10000100 164 10100100 196 11000100 228 11100100 133 10000101 165 10100101 197 11000101 229 11100101 134 10000110 166 10100110 198 11000110 230 11100110 135 10000111 167 10100111 199 11000111 231 11100111 136 10001000 168 10101000 200 11001000 232 11101000 137 10001001 169 10101001 201 11001001 233 11101001 138 10001010 170 10101010 202 11001010 234 ...

Страница 113: ...111 215 11010111 247 11110111 152 10011000 184 10111000 216 11011000 248 11111000 153 10011001 185 10111001 217 11011001 249 11111001 154 10011010 186 10111010 218 11011010 250 11111010 155 10011011 187 10111011 219 11011011 251 11111011 156 10011100 188 10111100 220 11011100 252 11111100 157 10011101 189 10111101 221 11011101 253 11111101 158 10011110 190 10111110 222 11011110 254 11111110 159 10...

Страница 114: ...B 114 User s Reference Guide ...

Страница 115: ...y T C Brown A Malis Multiprotocol Interconnect over Frame Relay Network Working Group Internet Engineering Task Force RFC 1490 July 1993 Case J D J R Davins M S Fedor and M L Schoffstall Introduction to the Simple Gateway Monitoring Protocol IEEE Network March 1988 Case J D J R Davins M S Fedor and M L Schoffstall Network Management and the Design of SNMP ConneXions The Interoperability Report Vol...

Страница 116: ...l 20 No 14 October 1991 McNamara J E Local Area Networks Digital Press Educational Services Digital Equipment Corporation 12 Crosby Drive Bedford MA 01730 Malamud C Analyzing Novell Networks New York NY Van Nostrand Reinhold 1991 Malamud C Analyzing Sun Networks New York NY Van Nostrand Reinhold 1991 Martin J SNA IBM s Networking Solution Englewood Cliffs NJ Prentice Hall 1987 Martin J with K K Ch...

Страница 117: ...ublishing Company 1991 Stallings W Handbook of Computer Communications Standards Vols 1 3 Carmel IN Howard W Sams 1990 Stallings W Local Networks 3rd ed New York NY Macmillan Publishing Company 1990 Stevens W R TCP IP Illustrated Vol 1 Reading MA Addison Wesley Publishing Company 1994 Sunshine C A ed Computer Network Architectures and Protocols 2nd ed New York NY Plenum Press 1989 Tannenbaum A S C...

Страница 118: ...C 118 User s Reference Guide ...

Страница 119: ... n n nd d d d S S S Sa a a af f f fe e e et t t ty y y y I I I In n n nf f f fo o o or r r rm m m ma a a at t t ti i i io o o on n n n P P P Pi i i in n n no o o ou u u ut t t ts s s s f f f fo o o or r r r V V V V 3 3 3 35 5 5 5 D D D DC C C CE E E E c c c ca a a ab b b bl l l le e e e 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Shield A B C D E F H J K L M N P R S T U V W X Y Z AA BB CC DD EE FF HH JJ K...

Страница 120: ... used Pin 11 Pin M not used Pin 12 Pin N not used Pin 13 Pin P Transmit Data P Pin 14 Pin R Receive Data P Pin 15 Pin S Transmit Data N Pin T Receive Data N Pin U Ext Transmit Clock P Pin V Receive Clock P Pin W Ext Transmit Clock N Pin X Receive Clock N Pin Y Transmit Clock P Pin Z not used Pin AA Transmit Clock N Pin BB not used Pin CC not used Pin DD not used Pin EE not used Pin FF not used Pin...

Страница 121: ... n no o o ou u u ut t t ts s s s f f f fo o o or r r r D D D D3 3 3 32 2 2 23 3 3 32 2 2 2 S S S Sp p p pl l l li i i it t t tt t t te e e er r r r 1 2 3 4 5 6 7 8 B8 B7 B6 B5 B4 B3 B2 B1 A8 A7 A6 A5 A4 A3 A2 A1 TCP2 TCN2 TCP1 RCP1 TIP1 RCN1 RING1 RCP2 TIP2 RCN2 RING2 TCN1 ...

Страница 122: ... t t to o o oc c c co o o ol l l ls s s s Software media Software preloaded on internal flash memory field upgrades done via download to internal flash memory via XMODEM or TFTP Routing TCP IP Internet Protocol Suite RIP AppleTalk LocalTalk to Ethernet routing AURP tunneling MacIP IPX Optional add on feature WAN support IDSL or SDSL Security IP IPX firewalls UI password security SNMP network manag...

Страница 123: ...t This product was tested for FCC compliance under conditions that included the use of shielded cables and connectors between system components Changes or modifications to this product not authorized by the manufacturer could void your authority to operate the equipment Canada This digital apparatus does not exceed the Class A limits for radio noise emission from digital apparatus set out in the R...

Страница 124: ...y near the product for easy access For use only with CSA Certified Class 2 power supply rated 12VDC 1 5A T T T Te e e el l l le e e ec c c co o o om m m mm m m mu u u un n n ni i i ic c c ca a a at t t ti i i io o o on n n n i i i in n n ns s s st t t ta a a al l l ll l l la a a at t t ti i i io o o on n n n c c c ca a a au u u ut t t ti i i io o o on n n ns s s s Never install telephone wiring du...

Страница 125: ...nection points bandwidth The range of frequencies expressed in Kilobits per second that can pass over a given data transmission channel within a network The bandwidth determines the rate at which information can be sent through a channel the greater the bandwidth the more information that can be sent in a given amount of time BAP Bandwidth Allocation Protocol Protocol that manages the dynamic band...

Страница 126: ...sed to allow an SNMP user to gather device information or change device configurations CRC Cyclic Redundancy Check A computational means to ensure the integrity of a block of data The mathematical function is computed before the data is transmitted at the originating device Its numerical value is computed based on the content of the data This value is compared with a recomputed value of the functi...

Страница 127: ...Gateways provide address translation services but do not translate data Gateways must be used in conjunction with special software packages that allow computers to use networking protocols not originally designed for them hard seeding A router setting In hard seeding if a router that has just been reset detects a network number or zone name conflict between its configured information and the infor...

Страница 128: ...ices Most importantly an ISP provides Internet access services and products to other companies and consumers ITU International Telecommunication Union United Nations specialized agency for telecommunications Successor to CCITT LAN local area network A privately owned network that offers high speed communications channels to connect information processing equipment in a limited geographic area Loca...

Страница 129: ...e data call control signals and possible error control information are arranged in a predetermined format Packets do not always travel the same pathway but are arranged in proper sequence at the destination side before forwarding the complete message to an addressee packet switching network A telecommunications network based on packet switching technology wherein a transmission channel is occupied...

Страница 130: ...tely for each router port See also hard seeding non seeding seed router and soft seeding seed router A router that provides network number and zone information to any router that starts up on the same network See also hard seeding non seeding seeding and soft seeding serial port A connector on the back of the workstation through which data flows to and from a serial device server A device or syste...

Страница 131: ... media such as telephone lines WANs can span a state a country or even the world WAN IP In addition to being a router the Netopia ISDN Router is also an IP address server There are four protocols it can use to distribute IP addresses over the WAN which include DHCP BootP IPCP and MacIP WAN IP is a feature for both the Small Office and Corporate Netopia ISDN Router models wiring closet A central lo...

Страница 132: ...132 User s Reference Guide ...

Страница 133: ...hernet network 24 connecting to the configuration screens 40 console configuring 44 connection problems 106 screens connecting to 40 console configuration 44 console based management configuring with 35 39 D D port 69 date and time setting 43 default terminal emulation software settings 37 designing a new filter set 70 downloading configuration files 98 101 with TFTP 98 with XMODEM 101 DSL bonding...

Страница 134: ...status 52 LEDs 18 52 M MIBs supported 57 N navigating Easy Setup 38 NCSA Telnet 38 Netopia connecting to Ethernet rules 24 monitoring 51 security 61 system utilities and diagnostics 91 network problems 106 network status overview 51 O overview 11 21 P password to protect security screen 62 user accounts 61 ping 92 ping test configuring and initiating 92 port number comparisons 67 port numbers 66 Q...

Страница 135: ...ating firmware 97 uploading configuration files 99 Trivial File Transfer Protocol TFTP 96 Trivial File Transfer Protocol see TFTP troubleshooting 105 configuration PC 105 event histories 54 WAN statistics 53 U updating firmware with TFTP 97 with XMODEM 100 updating Netopia s firmware 97 uploading configuration files 99 with TFTP 99 with XMODEM 101 user accounts 61 utilities and diagnostics 91 W WA...

Страница 136: ...Index 136 ...

Страница 137: ...D FITNESS FOR A PARTICULAR PURPOSE REGARDING THE ENCLOSED PRODUCT EXCEPT AS OTHERWISE EXPRESSLY PROVIDED ABOVE NETOPIA AND ITS LICENSOR S DO NOT WARRANT GUARANTEE OR MAKE ANY REPRESENTATION REGARDING THE USE OR THE RESULTS OF THE USE OF THE PRODUCT IN TERMS OF ITS CORRECTNESS ACCURACY RELIABILITY CURRENTNESS OR OTHERWISE THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF THE PRODUCT IS ASSUMED B...

Страница 138: ...138 User s Reference Guide ...

Отзывы:

Нет отзывов