manualshive.com logo in svg

Nortel BCM50a, Руководство по настройке

Nortel BCM50a - бизнес-коммуникационная платформа с множеством функций. Руководство по настройке и конфигурации доступно для скачивания бесплатно на manualshive.com. Инструкция поможет вам оптимизировать работу вашей системы и использовать все ее возможности. Не упустите шанс скачать его сейчас!

Поделиться
Скачать
background image

118

Chapter 11 Filter configuration

N0115791

Figure 53   

Outgoing packet filtering process

For incoming packets, your BCM50a Integrated Router applies data filters only. 
Packets are processed depending upon whether a match is found. The following 
sections describe how to configure filter sets.

Filter Structure

A filter set consists of one or more filter rules. Usually, you group related rules, 
for example, all the rules for NetBIOS, into a single set and give it a descriptive 
name. With the BCM50a Integrated Router, you can configure up to twelve filter 
sets with six rules in each set, for a total of 72 filter rules in the system. You 
cannot mix device filter rules and protocol filter rules within the same set. You 
can apply up to four filter sets to a particular port to block multiple types of 
packets. With each filter set having up to six rules, you can have a maximum of 24 
rules active for a single port.

Sets of factory default filter rules are configured in menu 21 to prevent NetBIOS 
traffic from triggering calls and to prevent incoming Telnet sessions. A summary 
of their filter rules is shown in the figures that follow.

Figure 54

 illustrates the logic flow when executing a filter rule. Also see 

Figure 58

 for the logic flow when executing an IP filter.

Data 
Filtering

 

O

utgoing

Packet

D

rop

packet

Built-in

default

C

all Filters

U

ser-defined

Call Filters

(if applicable)

Initiate call

if line not up

Active Data

Send packet

and reset

Idle Tim

er

O

r

O

r

Drop packet
if line not up

D

rop packet

if line not up

Send packet

but do not reset

Idle Tim

er

Send packet

but do not reset

Idle Tim

er

M

atch

M

atch

M

atch

No

m

atch

N

o

m

atch

N

o

m

atch

C

all Filtering

Содержание BCM50a

Страница 1: ...BCM50a BCM50a Integrated Router Document Number N0115791 Document Version 1 0 Date September 2006 BCM50a Integrated Router Configuration Advanced ...

Страница 2: ...xpress or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Nortel Trademarks Nortel Nortel Logo the Globemark and This is the way This is Nortel Design mark are trademarks of Nortel Microsoft MS MS DOS Windows and Windows NT are registered trademarks of Microsoft Corporation All...

Страница 3: ...N 25 EMEA Europe Middle East Africa 25 Technical Support CTAS 25 CALA Caribbean Latin America 26 Technical Support CTAS 26 APAC Asia Pacific 26 Technical Support GNTS 26 Chapter 1 Getting to know your BCM50a Integrated Router 29 Introducing the BCM50a Integrated Router 29 Features 29 Physical features 30 High speed Internet access 30 ADSL standards 30 Networking compatibility 31 Multiplexing 31 En...

Страница 4: ... Play UPnP 34 Call scheduling 34 PPPoE 34 Dynamic DNS support 34 IP Multicast 35 IP Alias 35 Central Network Management 35 SNMP 35 Network Address Translation NAT 35 Traffic Redirect 36 Port Forwarding 36 DHCP Dynamic Host Configuration Protocol 36 Full network management 36 Logging and tracing 36 Upgrade BCM50a Integrated Router Firmware 37 Embedded FTP and TFTP Servers 37 Applications for the BC...

Страница 5: ...5 Configuring dynamic DNS 48 Chapter 3 WAN Setup 53 Introduction to WAN setup 53 WAN setup 53 Traffic redirect setup 55 Chapter 4 LAN setup 57 Introduction to LAN setup 57 Accessing the LAN menus 57 LAN port filter setup 57 TCP IP and DHCP ethernet setup menu 58 IP Alias Setup 61 Chapter 5 Internet access 65 Internet access configuration 65 Basic setup complete 67 Chapter 6 Remote Node setup 69 In...

Страница 6: ...oute Setup 83 Chapter 8 Dial in User Setup 87 Dial in User Setup 87 Chapter 9 Network Address Translation NAT 89 Using NAT 89 SUA Single User Account Versus NAT 89 Applying NAT 89 NAT setup 92 Address Mapping Sets 92 SUA Address Mapping Set 93 User Defined Address Mapping Sets 95 Ordering your rules 96 Configuring a server behind NAT 99 General NAT examples 103 Internet access only 103 Example 2 I...

Страница 7: ...ing a TCP IP Filter Rule 123 Configuring a Generic Filter Rule 128 Example Filter 130 Filter Types and NAT 133 Firewall Versus Filters 134 Applying a Filter 134 Applying LAN Filters 135 Applying Remote Node Filters 135 Chapter 12 SNMP Configuration 137 SNMP Configuration 137 SNMP Traps 139 Chapter 13 System security 141 System security 141 System password 141 Configuring external RADIUS server 142...

Страница 8: ...g the FTP command from the command line 163 Example of FTP commands from the command line 164 GUI based FTP clients 164 TFTP and FTP over WAN Management Limitations 164 Backup configuration using TFTP 165 TFTP command example 166 GUI based TFTP clients 166 Restore configuration 167 Restore Using FTP 167 Restore using FTP session example 169 Uploading Firmware and Configuration Files 169 Firmware f...

Страница 9: ... setting 181 Resetting the Time 184 Chapter 17 Remote Management 185 Remote Management 185 Remote Management Limitations 187 Chapter 18 Call scheduling 189 Introduction 189 Appendix A Setting up your computer IP address 193 Windows 95 98 Me 193 Installing components 194 Configuring 195 Verifying Settings 196 Windows 2000 NT XP 197 Verifying Settings 201 Macintosh OS 8 9 201 Verifying Settings 202 ...

Страница 10: ...ng SSL Client Certificates 215 Using a certificate when accessing the BCM50a Integrated Router example 223 Appendix D PPPoE 225 PPPoE in action 225 Benefits of PPPoE 225 Traditional dial up scenario 225 How PPPoE works 226 BCM50a Integrated Router as a PPPoE client 226 Appendix E Hardware specifications 229 Cable pin assignments 229 Appendix F IP subnetting 231 IP addressing 231 IP classes 231 Sub...

Страница 11: ...duction 279 Display NetBIOS filter settings 280 NetBIOS filter configuration 280 Example commands 281 Appendix I Enhanced DHCP option commands 282 Enhanced DHCP option commands introduction 282 Specifying the Nortel BCM50 IP address 282 Nortel BCM50 DHCP server options 283 BCM50 DHCP server settings 283 BCM50 IP sets override setting 284 Nortel i2004 IP phone options 285 VoIP server settings assig...

Страница 12: ...ons 289 VPN IPSec logs 297 VPN responder IPSec log 299 Log commands 305 Configuring what you want the BCM50a Integrated Router to log 306 Displaying logs 306 Log command example 307 Appendix K Brute force password guessing protection 309 Index 311 ...

Страница 13: ... Ethernet setup 59 Figure 15 Menu 3 2 1 IP Alias setup 62 Figure 16 Menu 4 Internet Access Setup 66 Figure 17 Menu 11 Remote Node Setup 71 Figure 18 Menu 11 1 Remote Node Profile 72 Figure 19 Menu 11 3 Remote Node Network Layer Options 75 Figure 20 Menu 11 1 4 Remote Node Filter Ethernet Encapsulation 78 Figure 21 Menu 11 1 4 Remote Node Filter PPPoE or PPPoA Encapsulation 78 Figure 22 Menu 11 6 f...

Страница 14: ...5 2 Specifying an inside server 106 Figure 45 NAT example 3 107 Figure 46 Example 3 Menu 11 3 108 Figure 47 Example 3 Menu 15 1 1 1 109 Figure 48 Example 3 Final Menu 15 1 1 110 Figure 49 Example 3 Menu 15 2 111 Figure 50 Menu 15 3 Trigger Port Setup 112 Figure 51 Menu 21 Filter and Firewall Setup 115 Figure 52 Menu 21 2 Firewall Setup 116 Figure 53 Outgoing packet filtering process 118 Figure 54 ...

Страница 15: ...WAN LAN DHCP 159 Figure 80 Menu 24 5 System Maintenance Backup Configuration 163 Figure 81 FTP Session Example 164 Figure 82 Telnet into Menu 24 6 168 Figure 83 Restore using FTP session example 169 Figure 84 Telnet Into Menu 24 7 1 Upload System Firmware 170 Figure 85 Telnet Into Menu 24 7 2 System Maintenance 170 Figure 86 FTP Session Example of Firmware File Upload 172 Figure 87 Command mode in...

Страница 16: ...e Import Wizard 1 212 Figure 117 Certificate Import Wizard 2 213 Figure 118 Certificate Import Wizard 3 214 Figure 119 Root Certificate Store 214 Figure 120 Certificate General Information after Import 215 Figure 121 BCM50a Integrated Router Trusted CA screen 216 Figure 122 CA certificate example 217 Figure 123 Personal certificate import wizard 1 218 Figure 124 Personal certificate import wizard ...

Страница 17: ... 17 BCM50a Integrated Router Configuration Advanced Figure 135 NetBIOS Display Filter Settings Command Example 280 Figure 136 Example VPN initiator IPSec log 298 Figure 137 Example VPN responder IPSec log 299 ...

Страница 18: ...18 Figures N0115791 ...

Страница 19: ...ork Layer Options 75 Table 14 Menu 11 8 Advance Setup Options 81 Table 15 IP Static Route Menu Fields 85 Table 16 Menu 14 1 Edit Dial in User 88 Table 17 Applying NAT in Menus 4 11 3 91 Table 18 SUA Address Mapping Rules 94 Table 19 Fields in menu 15 1 1 97 Table 20 Menu 15 1 1 1 Editing or configuring an individual rule in a set 98 Table 21 15 2 1 NAT Server Configuration 101 Table 22 Menu 15 3 T...

Страница 20: ...e 41 Menu 26 1 Schedule Set Setup 191 Table 42 General specifications 229 Table 44 Allowed IP address range By class 232 Table 43 Classes of IP addresses 232 Table 45 Natural Masks 233 Table 46 Alternative Subnet Mask Notation 234 Table 47 Subnet 1 235 Table 48 Subnet 2 235 Table 49 Subnet 1 236 Table 50 Subnet 2 236 Table 53 Eight subnets 237 Table 51 Subnet 3 237 Table 52 Subnet 4 237 Table 54 C...

Страница 21: ...gs 291 Table 71 Access logs 293 Table 72 ACL setting notes 296 Table 73 ICMP notes 296 Table 74 Sys log 297 Table 75 Sample IKE key exchange logs 300 Table 76 Sample IPSec logs during packet transmission 302 Table 77 RFC 2408 ISAKMP payload types 302 Table 78 PKI logs 303 Table 79 Certificate path verification failure reason codes 304 Table 80 Log categories and available settings 306 Table 81 Bru...

Страница 22: ...22 Tables N0115791 ...

Страница 23: ...e SMT Text conventions This guide uses the following text conventions Note This guide explains how to use the System Management Terminal SMT or the command interpreter interface to configure your BCM50a Integrated Router See the basic manual for how to use the WebGUI to configure your BCM50a Integrated Router Not all features can be configured through all interfaces Enter means for you to type one...

Страница 24: ...e specific category and model or version for your hardware or software product Use Adobe Reader to open the manuals and release notes search for the sections you need and print them on most standard printers Go to Adobe Systems at www adobe com to download a free copy of the Adobe Reader How to get help If you do not see an appropriate number in this list go to www nortel com cs A single keystroke...

Страница 25: ...questions and first line support you can enter ERC 338 Web Site www nortel com cs Presales Support CSAN Telephone 1 800 4NORTEL 1 800 466 7835 Use Express Routing Code ERC 1063 EMEA Europe Middle East Africa Technical Support CTAS Telephone European Free phone 00800 800 89009 European Alternative Calls are not free from all countries in Europe Middle East or Africa Fax 44 191 555 7980 E mail emeah...

Страница 26: ...sk 61 2 8870 5511 Sydney Technical Support GNTS Telephone 612 8870 8800 Fax 612 8870 5569 E mail asia_support nortel com Australia 1 800 NORTEL 1 800 667 835 China 010 6510 7770 India 011 5154 2210 Indonesia 0018 036 1004 Japan 0120 332 533 Malaysia 1800 805 380 New Zealand 0800 449 716 Philippines 1800 1611 0063 Singapore 800 616 2004 South Korea 0079 8611 2001 Taiwan 0800 810 500 ...

Страница 27: ...Preface 27 BCM50a Integrated Router Configuration Advanced Thailand 001 800 611 3007 Service Business Centre Pre Sales Help Desk 61 2 8870 5511 ...

Страница 28: ...28 Preface N0115791 ...

Страница 29: ...scriber Line Plus ADSL2 port into a single package The BCM50a Integrated Router is ideal for high speed Internet browsing and making LAN to LAN connections to remote networks By integrating Digital Subscriber Line DSL and Network Address Translation NAT the BCM50a Integrated Router provides easy installation and Internet access By integrating firewall and Virtual Private Network VPN capabilities t...

Страница 30: ...umber of configurable IPSec VPN IP policies network policies 60 Number of concurrent IKE Internet Key Exchange Phase 1 Security Associations These correspond to the gateway policies 10 Number of concurrent IPSec VPN tunnels Phase 2 Security Associations These correspond to the network policies and are also monitorable and manageable For example 5 IKE gateway policies could each use 12 IPSec tunnel...

Страница 31: ... F4 F5 OAM Networking compatibility Your BCM50a Integrated Router is compatible with the major ADSL Digital Subscriber Line Access Multiplexer DSLAM providers making configuration as simple as possible Multiplexing The BCM50a Integrated Router supports VC based and LLC based multiplexing Encapsulation The BCM50a Integrated Router supports PPPoA RFC 2364 PPP over ATM Adaptation Layer 5 RFC 1483 enc...

Страница 32: ...nt Manager Administration Utilities Reset page Use this button to restore the factory default password to setup and the IP address to 192 168 1 1 subnet mask 255 255 255 0 and DHCP server enabled with a pool of 126 IP addresses starting at 192 168 1 2 Nonphysical features IPSec VPN capability Establish Virtual Private Network VPN tunnels to connect home or office computers to your company network ...

Страница 33: ...pts and decrypts web sessions Use HTTPS for secure WebGUI access to the BCM50a Integrated Router Firewall The BCM50a Integrated Router has a stateful inspection firewall with DoS Denial of Service protection By default when the firewall is activated all incoming traffic from the WAN Wide Area Network to the LAN is blocked unless it is initiated from the LAN The BCM50a Integrated Router firewall su...

Страница 34: ...the standard TCP IP protocol the BCM50a Integrated Router and other UPnP enabled devices can dynamically join a network obtain an IP address and convey its capabilities to other devices on the network Call scheduling Configure call time periods to restrict and allow access for users on remote nodes PPPoE PPPoE facilitates the interaction of a host with an Internet modem to achieve access to high s...

Страница 35: ...nt With Central Network Management CNM an enterprise or service provider network administrator can manage your BCM50a Integrated Router The enterprise or service provider network administrator can configure your BCM50a Integrated Router perform firmware upgrades and do troubleshooting for you SNMP SNMP Simple Network Management Protocol is a protocol used for exchanging management information betw...

Страница 36: ...Integrated Router has built in DHCP server capability enabled by default which means it can assign IP addresses an IP default gateway and DNS servers to all systems that support the DHCP client The BCM50a Integrated Router can also act as a surrogate DHCP server where it relays IP address assignment from another DHCP server to the clients Full network management The embedded web configurator is an...

Страница 37: ...restoration Applications for the BCM50a Integrated Router Secure broadband internet access and VPN The BCM50a Integrated Router provides broadband Internet access through ADSL The BCM50a Integrated Router also provides IP address sharing and a firewall protected local network with traffic management The BCM50a Integrated Router VPN is an ideal cost effective way to connect branch offices and busin...

Страница 38: ...15791 Figure 1 Secure Internet Access and VPN Application Caution Electro static Discharge can disrupt the router Use appropriate handling precautions to avoid ESD Avoid touching the connectors on the router particularly when it is in use BCM50a Integrated Router ...

Страница 39: ...u how to navigate the SMT and how to configure SMT menus Initial screen When you turn on your BCM50a Integrated Router it performs several internal tests as well as line initialization After the tests the BCM50a Integrated Router asks you to press ENTER to continue as shown in Figure 2 Figure 2 Initial screen Logging on to the SMT The logon screen appears after you press ENTER prompting you to ent...

Страница 40: ...igating the SMT interface The SMT is an interface that you use to configure your BCM50a Integrated Router Table 2 lists several operations you must be familiar with before attempting to modify the configuration Table 2 Main menu commands Operations Keystrokes Descriptions Move down to another menu ENTER To move forward to a submenu type in the number of the desired submenu and press ENTER Move up ...

Страница 41: ... types of fields The first requires you to type in the appropriate information The second allows you to cycle through the available choices by pressing SPACE BAR Required fields All fields with the symbol must be filled in order be able to save the new configuration N A fields N A Some of the fields in the SMT will show a N A This symbol refers to an option that is Not Applicable Save your configu...

Страница 42: ...rmation 2 WAN Setup Use this menu to configure the backup WAN connection 3 LAN Setup Use this menu to apply LAN filters configure LAN DHCP and TCP IP settings 4 Internet Access Setup Configure your Internet Access setup Internet address gateway IP address and logon with this menu 11 Remote Node Setup Use this menu to configure detailed remote node settings your ISP is also a remote node as well as...

Страница 43: ...s ENTER 5 Retype your new system password in the Retype to confirm field for confirmation and press ENTER Note that as you type a password the screen displays an asterisk for each character you type 23 System Security Use this menu to change your password and enable network user authentication 24 System Maintenance From displaying system status to uploading firmware this menu provides comprehensiv...

Страница 44: ...44 Chapter 2 Introducing the SMT N0115791 SMT menus at a glance Figure 6 SMT overview ...

Страница 45: ...n Menu 1 general setup The Menu 1 General Setup screen appears as shown in Figure 7 Fill in the required fields Figure 7 Menu 1 General Setup Menu 1 General Setup System Name Domain Name First System DNS Server From ISP IP Address N A Second System DNS Server From ISP IP Address N A Third System DNS Server From ISP IP Address N A Edit Dynamic DNS No Route IP Yes Bridge No Press ENTER to Confirm or...

Страница 46: ... up to 30 alphanumeric characters long Spaces dashes and underscores _ are accepted BCM50a Integrated Router Domain name Enter the domain name if you know it here If you leave this field blank the ISP assigns a domain name via DHCP You can go to menu 24 8 and type sys domain name to see the current domain name used by your router The domain name entered by you is given priority over the ISP assign...

Страница 47: ...ISP changes to None after you save your changes If you select From ISP for the second or third DNS server but the ISP does not provide a second or third IP address From ISP changes to None after you save your changes Select User Defined if you have the IP address of a DNS server The IP address can be public or a private address on your local LAN Enter the DNS server s IP address in the field to th...

Страница 48: ...es must include the LAN IP address of the BCM50a Integrated Router as a local IP address and the IP address of the DNS server as a remote IP address A Private DNS entry with the IP address set to 0 0 0 0 changes to None after you click Apply A duplicate Private DNS entry changes to None after you save your changes Edit dynamic DNS Press SPACE BAR and then ENTER to select Yes or No default Select Y...

Страница 49: ...NS menu fields Field Description Example Service Provider This is the name of your Dynamic DNS service provider www dyndns org default Active Press SPACE BAR to select Yes and then press ENTER to make dynamic DNS active Yes DDNS Type Press SPACE BAR and then ENTER to select DynamicDNS if you have a dynamic IP addresses Select StaticDNS if you have a static IP addresses Select CustomDNS to have dyn...

Страница 50: ...P address DDNS does not work with a private IP address When both fields are set to No the BCM50a Integrated Router must have a public WAN IP address in order for DDNS to work DDNS Server Auto Detect IP Address Press SPACE BAR to select Yes and then press ENTER to have the DDNS server automatically update the IP address of the host names with the public IP address that the BCM50a Integrated Router ...

Страница 51: ...Chapter 2 SMT menu 1 general setup 51 BCM50a Integrated Router Configuration Advanced The IP address updates when you reconfigure menu 1 or perform DHCP client renewal ...

Страница 52: ...52 Chapter 2 SMT menu 1 general setup N0115791 ...

Страница 53: ...on Advanced Chapter 3 WAN Setup This chapter describes how to configure the WAN using Menu 2 Introduction to WAN setup This chapter explains how to configure the settings for your WAN port WAN setup From the main menu enter 2 to open Menu 2 ...

Страница 54: ...ic Dial Backup Metric The BCM50a Integrated Router uses the connection with the lowest metric value first The default WAN connection is 1 as your broadband connection through the WAN port must always be your preferred method of accessing the WAN The default priority of the routes is WAN Traffic Redirect and then Dial Backup dial backup does not apply to all BCM50a Integrated Router models You have...

Страница 55: ... No No Port Speed Press SPACE BAR and then press ENTER to select the speed of the connection between the dial backup port and the external device Available speeds are 9600 19200 38400 57600 115200 or 230400 b s 115200 AT Command String Init Enter the AT command string to initialize the WAN device Consult the manual of the WAN device connected to your Dial Backup port for specific AT commands at fs...

Страница 56: ...rmine if the WAN connection is down Configuration Backup Gateway IP Address Enter the IP address of your backup gateway in dotted decimal notation The BCM50a Integrated Router automatically forwards traffic to this IP address if the Internet connection of the BCM50a Integrated Router terminates Metric This field sets the priority for this route among the routes the BCM50a Integrated Router uses Th...

Страница 57: ...ons Accessing the LAN menus From the main menu enter 3 to open Menu 3 LAN setup Figure 11 Menu 3 LAN setup LAN port filter setup With Menu 3 you can specify the filter sets that you wish to apply to the LAN traffic You seldom need to filter the LAN traffic however the filter sets are useful to block certain packets reduce traffic and prevent security breaches Menu 3 LAN Setup 1 LAN Port Filter Set...

Страница 58: ...N Setup From menu 3 select the submenu option TCP IP and DHCP Setup and press ENTER The screen now displays Menu 3 2 TCP IP and DHCP Ethernet Setup as shown in Figure 14 Menu 3 1 LAN Port Filter Setup Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Press ENTER to Confirm or ESC to Cancel Menu 3 LAN Setup 1 LAN Port Filter Setup 2 TCP IP and DHCP...

Страница 59: ... None IP Address N A Edit IP Alias No Third DNS Server From ISP IP Address N A DHCP Server Address N A Press ENTER to Confirm or ESC to Cancel Press Space Bar to Toggle Follow the instructions in Table 8 to configure the DHCP fields Table 8 DHCP Ethernet setup menu fields Field Description Example DHCP This field enables and disables the DHCP server If set to Server your BCM50a Integrated Router w...

Страница 60: ...eave the IP address set to 0 0 0 0 User Defined changes to None after you save your changes If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None after you save your changes Select DNS Relay to have the BCM50a Integrated Router act as a DNS proxy The BCM50a Integrated Router s LAN IP address displays in the IP Address field below read only...

Страница 61: ...you are implementing subnetting use the subnet mask computed by the BCM50a Integrated Router 255 255 255 0 RIP Direction Press SPACE BAR and then ENTER to select the RIP direction Options are Both In Only Out Only or None Both default Version Press SPACE BAR and then ENTER to select the RIP version Options are RIP 1 RIP 2B or RIP 2M RIP 1 default Multicast IGMP Internet Group Multicast Protocol is...

Страница 62: ...filters N A Outgoing protocol filters N A Enter here to CONFIRM or ESC to CANCEL Press Space Bar to Toggle Table 10 IP Alias setup menu field Field Description Example IP Alias Choose Yes to configure the LAN network for the BCM50a Integrated Router Yes IP Address Enter the IP address of your BCM50a Integrated Router in dotted decimal notation 192 168 1 1 IP Subnet Mask Your BCM50a Integrated Rout...

Страница 63: ...en ENTER to select the RIP version Options are RIP 1 RIP 2B or RIP 2M RIP 1 Incoming Protocol Filters Enter the filter sets you wish to apply to the incoming traffic between this node and the BCM50a Integrated Router 1 Outgoing Protocol Filters Enter the filter sets you wish to apply to the outgoing traffic between this node and the BCM50a Integrated Router 2 Table 10 IP Alias setup menu field Fie...

Страница 64: ...64 Chapter 4 LAN setup N0115791 ...

Страница 65: ... can access in Menu 11 Before you configure your BCM50a Integrated Router for Internet access you must collect your Internet account information Use your Internet account information from your ISP to fill in this menu Note that if you are using PPPoA or PPPoE encapsulation the only ISP information you need is a logon name and password You only need to know the Ethernet Encapsulation Gateway IP add...

Страница 66: ...purposes only ChangeMe Encapsulation Press SPACE BAR to select the method of encapsulation used by your ISP Choices are PPPoE PPPoA RFC 1483 or ENET ENCAP ENET ENCAP Multiplexing Press SPACE BAR to select the method of multiplexing used by your ISP Choices are VC based or LLC based LLC based VPI Enter the Virtual Path Identifier VPI that the telephone company gives you 8 VCI Enter the Virtual Chan...

Страница 67: ...dle seconds that elapse before the BCM50a Integrated Router automatically disconnects the PPPoE session 0 IP Address Assignment Press SPACE BAR to select Static or Dynamic address assignment Dynamic IP Address Enter the IP address supplied by your ISP if applicable N A Network Address Translation Press SPACE BAR to select None SUA Only or Full Feature For more details about the single user account...

Страница 68: ...68 Chapter 5 Internet access N0115791 ...

Страница 69: ... node s profile in menu 11 1 as well as configure specific settings in three submenus edit IP and bridge options in menu 11 3 edit ATM options in menu 11 6 and edit filter sets in menu 11 5 Outgoing Authentication Protocol Generally speaking you should employ the strongest authentication protocol possible for obvious reasons However some vendor s implementation includes a specific authentication p...

Страница 70: ...led up connection can be very expensive for obvious reasons Do not specify a nailed up connection unless your telephone company offers flat rate service or you need a constant connection and the cost is of no concern The following table describes the fields specific to PPPoE encapsulation Remote Node setup This section describes the protocol independent parameters for a remote node Remote Node pro...

Страница 71: ...g methods because they cannot be automatically determined What methods you use also depends on how many VCs you have and how many different network protocols you need The extra overhead that ENET ENCAP encapsulation entails makes it a poor choice in a LAN to LAN application Here are some examples of more suitable combinations in such an application Scenario 1 One VC Multiple Protocols PPPoA RFC 23...

Страница 72: ...rofile Rem Node Name ChangeMe Route IP Active Yes Bridge No Encapsulation ENET ENCAP Edit IP Bridge No Multiplexing LLC based Edit ATM Options No Service Name N A Edit Advance Options N A Incoming Telco Option Rem Login N A Allocated Budget min N A Rem Password N A Period hr N A Outgoing Schedule Sets N A My Login N A Nailed Up Connection N A My Password N A Session Options Authen N A Edit Filter ...

Страница 73: ...Integrated Router Outgoing My Login Type the login name assigned by your ISP when the BCM50a Integrated Router calls this remote node My Password Type the password assigned by your ISP when the BCM50a Integrated Router calls this remote node Authen This field sets the authentication protocol used for outgoing calls Options for this field are CHAP PAP Your BCM50a Integrated Router will accept eithe...

Страница 74: ...iod hr is 1 hour Schedule Sets This field is only applicable for PPPoE and PPPoA encapsulation You can apply up to four schedule sets here For more details please refer to the Call scheduling chapter Nailed up Connection This field is only applicable for PPPoE and PPPoA encapsulation This field specifies if you want to make the connection to this remote node a nailed up connection More details are...

Страница 75: ...dr 0 0 0 0 Rem Subnet Mask 0 0 0 0 My WAN Addr N A NAT SUA Only Address Mapping Set N A Metric 2 Private No RIP Direction None Version RIP 1 Multicast None Enter here to CONFIRM or ESC to CANCEL Table 13 Menu 11 3 Remote Node Network Layer Options Field Description Example IP Address Assignment Press SPACE BAR and then ENTER to select Dynamic if the remote node is using a dynamically assigned IP a...

Страница 76: ...page 89 for details and type that number here When SUA Only is selected in the NAT field the SMT uses NAT server set 1 in menu 15 2 see Chapter 9 Network Address Translation NAT on page 89 for details 2 Metric The metric represents the cost of transmission for routing purposes IP routing uses hop count as the cost measurement with a minimum of 1 for directly connected networks Type a number that a...

Страница 77: ...specify up to 4 filter sets separated by commas for example 1 5 9 12 in each filter field Note that spaces are accepted in this field For more information on defining the filters please refer to Chapter 11 Filter configuration For PPPoE or PPPoA encapsulation you have the additional option of specifying remote node call filter sets Multicast IGMP v1 sets IGMP to version 1 IGMP v2 sets IGMP to vers...

Страница 78: ...e Traffic redirect setup on page 55 Menu 11 1 4 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL Menu 11 1 4 Remote Node Filter Input Filter Sets protocol filters Device filters Output Filter Sets protocol filters device filters Call Filter Sets protocol filters Device filters Enter here t...

Страница 79: ... menu 11 1 VC based Multiplexing non PPP Encapsulation For VC based multiplexing by prior agreement a protocol is assigned a specific virtual circuit for example VC1 will carry IP Separate VPI and VCI numbers must be specified for each protocol Figure 22 Menu 11 6 for VC based Multiplexing LLC based Multiplexing or PPP Encapsulation For LLC based multiplexing or PPP encapsulation one VC carries mu...

Страница 80: ...Profile Menu 11 6 Remote Node ATM Layer Options VPI VCI LLC Multiplexing or PPP Encapsulation VPI 8 VCI 35 ATM QoS Type UBR ENTER here to CONFIRM or ESC to CANCEL Menu 11 1 Remote Node Profile Rem Node Name MyISP Route IP Active Yes Bridge No Encapsulation PPPoE Edit IP Bridge No Multiplexing LLC based Edit ATM Options No Service Name Edit Advance Options Yes Incoming Telco Option Rem Login Alloca...

Страница 81: ...able PPPoE pass through In addition to the Contivity 251 s built in PPPoE client you can enable PPPoE pass through to allow up to ten hosts on the LAN to use PPPoE client software on their computers to connect to the ISP via the Contivity 251 Each host can have a separate account and a public WAN IP address PPPoE pass through is an alternative to NAT for application where NAT is not appropriate Pr...

Страница 82: ...82 Chapter 6 Remote Node setup N0115791 ...

Страница 83: ... IP Static Route Setup This chapter shows you how to configure static routes with your BCM50a Integrated Router IP Static Route Setup Enter 12 from the main menu Select one of the IP static routes as shown in Figure 26 to configure IP static routes in menu 12 1 ...

Страница 84: ...er of the static route that you want to configure The reserved entry is for the WAN interface and you cannot edit it here Menu 12 IP Static Route Setup 1 Reserved 2 ________ 3 ________ 4 ________ 5 ________ 6 ________ 7 ________ 8 ________ 9 ________ 10 ________ 11 ________ 12 ________ Enter selection number ...

Страница 85: ...Address This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID IP Subnet Mask Enter the IP subnet mask for this destination Gateway IP Address Enter the IP address of the ...

Страница 86: ...adcasts If set to Yes this route is kept private and not included in RIP broadcast If No the route to this remote node is propagated to other hosts through RIP broadcasts After you complete filling in this menu press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC to cancel Table 15 IP Static Route Menu Fields Field Description ...

Страница 87: ...outer From the main menu enter 14 to display Menu 14 Dial in User Setup Figure 28 Menu 14 Dial in User Setup Type a number and press ENTER to edit the user profile Menu 14 Dial in User Setup 1 ________ 9 ________ 17 ________ 25 ________ 2 ________ 10 ________ 18 ________ 26 ________ 3 ________ 11 ________ 19 ________ 27 ________ 4 ________ 12 ________ 20 ________ 28 ________ 5 ________ 13 ________...

Страница 88: ... Edit Dial in User Field Description User Name Enter a username up to 31 alphanumeric characters long for this user profile This field is case sensitive Active Press SPACE BAR to select Yes and press ENTER to enable the user profile Password Enter a password up to 31 characters long for this user profile After you complete this menu press ENTER at the prompt Press ENTER to confirm or ESC to cancel...

Страница 89: ...re NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types Applying NAT You apply NAT via menus 4 or 11 3 Figure 31 on page 91 Figure 30 shows you how to apply NAT for Internet access in menu 4 Enter 4 from the main menu to go to Menu 4 Internet Access Setup Note You must create a firewall rule in addition to setting up SUA NAT to allo...

Страница 90: ...P Bridge field press SPACE BAR to select Yes and then press ENTER to bring up Menu 11 3 Remote Node Network Layer Options Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation ENET ENCAP Multiplexing LLC based VPI 8 VCI 35 My Login N A My Password N A ENET ENCAP Gateway N A IP Address Assignment Dynamic IP Address N A Network Address Translation SUA Only Address Mapping Set N A Press ENTE...

Страница 91: ...r ESC to CANCEL Press Space Bar to Toggle Table 17 Applying NAT in Menus 4 11 3 Field Description Options Network Address Translation When you select this option the SMT uses Address Mapping Set 1 menu 15 1 Address Mapping Sets on page 92 for further discussion Choose Full Feature if you have multiple public WAN IP addresses for your BCM50a Integrated Router When you select Full Feature you must c...

Страница 92: ... you select SUA Only the SMT uses the pre configured Set 255 read only The server set is a list of LAN servers mapped to external ports To use this set a server rule must be set up inside the NAT address mapping set To configure NAT enter 15 from the main menu to bring up the screen shown in Figure 32 Figure 32 Menu 15 NAT Setup Address Mapping Sets Enter 1 to bring up Menu 15 1 Address Mapping Se...

Страница 93: ...Figure 33 Menu 15 1 Address Mapping Sets SUA Address Mapping Set Enter 255 to display the screen shown in Figure 34 see SUA Single User Account Versus NAT on page 89 The fields in this menu cannot be changed Menu 15 1 Address Mapping Sets 1 NAT_SET 255 SUA read only Enter Menu Selection Number ...

Страница 94: ...l End IP Type 1 0 0 0 0 255 255 255 255 0 0 0 0 M 1 2 0 0 0 0 Server 3 4 5 6 7 8 9 10 Press ENTER to Confirm or ESC to Cancel Note Menu 15 1 255 is read only Table 18 SUA Address Mapping Rules Field Description Example Set Name This is the name of the set you selected in menu 15 1 or enter the name of a new set you want to create SUA Idx This is the index or rule number 1 Local Start IP Local Star...

Страница 95: ... 0 0 and the end IP is 255 255 255 255 255 255 255 255 Global Start IP This is the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global Start IP 0 0 0 0 Global End IP This is the ending global IP address IGA Type These are the mapping types discussed above With Server you can specify multiple servers of different types behind NAT to this machine Examples is found in ...

Страница 96: ...ter takes the corresponding action and the remaining rules are ignored If there are any empty rules before your new configured rule Menu 15 1 1 Address Mapping Rules Set Name NAT_SET Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 2 3 4 5 6 7 8 9 10 Action Edit Select Rule Press ENTER to Confirm or ESC to Cancel Note The Type Local and Global Start End IPs are configured in me...

Страница 97: ...t Name Enter a name for this set of rules This is a required field If this field is left blank the entire set is deleted NAT_SET Action The default is Edit Edit means you want to edit a selected rule see following field Insert Before means to insert a rule before the rule selected The rules after the selected rule are then moved down by one rule Delete means to delete the selected rule and all the...

Страница 98: ...ype Press SPACE BAR and then ENTER to select from a total of five types If you choose Server you can specify multiple servers of different types behind NAT to this computer See Example 3 Multiple public IP addresses with inside servers on page 106 for an example One to On e Local IP Start Only local IP fields are N A for server Global IP fields must be set for Server Enter the starting local IP ad...

Страница 99: ...Enter 2 to go to Menu 15 2 NAT Server Setup Global IP Start Enter the starting global IP address IGA If you have a dynamic IP enter 0 0 0 0 as the Global IP Start Note that Global IP Start can be set to 0 0 0 0 only if the types are Many to One or Server 0 0 0 0 End Enter the ending global IP address IGA This field is N A for One to One Many to One and Server types N A After you finish configuring...

Страница 100: ...ress ENTER to open Menu 15 2 1 NAT Server Configuration see the next figure Menu 15 2 NAT Server Setup Default Server 0 0 0 0 Rule Act Start Port End Port IP Address 001 No 0 0 0 0 0 0 002 No 0 0 0 0 0 0 003 No 0 0 0 0 0 0 004 No 0 0 0 0 0 0 005 No 0 0 0 0 0 0 006 No 0 0 0 0 0 0 007 No 0 0 0 0 0 0 008 No 0 0 0 0 0 0 009 No 0 0 0 0 0 0 010 No 0 0 0 0 0 0 Select Command None Select Rule N A Press EN...

Страница 101: ... in the End Port field Table 21 15 2 1 NAT Server Configuration Field Description Index This is the index number of an individual port forwarding server entry Name Enter a name to identify this port forwarding rule Active Press SPACE BAR and then ENTER to select Yes to enable the NAT server entry Start Port Enter a port number in the Start Port field To forward only one port enter it again in the ...

Страница 102: ...s ESC at any time to cancel Figure 39 Menu 15 2 NAT Server Setup You assign the private network IP addresses The NAT network appears as a single host on the Internet A is the FTP Telnet SMTP server Menu 15 2 NAT Server Setup Default Server 0 0 0 0 Rule Act Start Port End Port IP Address 001 No 0 0 0 0 0 0 002 Yes 21 25 192 168 1 33 003 No 0 0 0 0 0 0 004 No 0 0 0 0 0 0 005 No 0 0 0 0 0 0 006 No 0 ...

Страница 103: ... behind NAT example General NAT examples The following are some examples of NAT configuration Internet access only In the Internet access example shown in Figure 41 you only need one rule where all your ILAs Inside Local addresses map to one dynamic IGA Inside Global Address assigned by your ISP BCM50a Integrated Router ...

Страница 104: ...amples on page 103 The SUA Only read only option from the Network Address Translation field in menus 4 and 11 3 is specifically preconfigured to handle this case Menu 4 Internet Access Setup ISP s Name ChangeMe Encapsulation ENET ENCAP Multiplexing LLC based VPI 8 VCI 35 My Login N A My Password N A ENET ENCAP Gateway N A IP Address Assignment Dynamic IP Address N A Network Address Translation SUA...

Страница 105: ...anced Example 2 Internet access with an inside server Figure 43 NAT Example 2 In this case you do exactly as shown in Figure 43 use the convenient pre configured SUA Only set and also go to menu 15 2 to specify the Inside Server behind the NAT as shown in Figure 44 BCM50a Integrated Router ...

Страница 106: ...e first inside FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses 2 Map the second IGA to the second internal FTP server for FTP traffic in both directions 1 1 mapping giving both local and global IP addresses 3 Map the other outgoing LAN traffic to IGA3 Many 1 mapping 4 You also map your third IGA to the web server and mail server on the LAN If you...

Страница 107: ...nter 15 from the main menu 3 Enter 1 to configure the Address Mapping Sets 4 Enter 1 to begin configuring this new set Enter a Set Name choose the Edit Action and then enter 1 for the Select Rule field Press ENTER to confirm 5 Select Type as One to One direct mapping for packets going both ways and enter the local Start IP as 192 168 1 10 the IP address of FTP Server 1 the global Start IP as 10 13...

Страница 108: ... Node Network Layer Options IP Options Bridge Options IP Address Assignment Dynamic Ethernet Addr Timeout min N A Rem IP Addr 0 0 0 0 Rem Subnet Mask 0 0 0 0 My WAN Addr 0 0 0 0 NAT Full Feature Address Mapping Set 1 Metric 15 Private No RIP Direction None Version RIP 1 Multicast None Enter here to CONFIRM or ESC to CANCEL Press Space Bar to Toggle ...

Страница 109: ...9 BCM50a Integrated Router Configuration Advanced Figure 47 Example 3 Menu 15 1 1 1 Menu 15 1 1 1 Address Mapping Rule Type One to One Local IP Start 192 168 1 10 End N A Global IP Start 10 132 50 1 End N A Press ENTER to Confirm or ESC to Cancel ...

Страница 110: ...5 from the main menu 9 Now enter 2 from this menu and configure it as shown in Example 3 Menu 15 2 Menu 15 1 1 Address Mapping Rules Set Name Example3 Idx Local Start IP Local End IP Global Start IP Global End IP Type 1 192 168 1 10 10 132 50 1 1 1 2 192 168 1 11 10 132 50 2 1 1 3 0 0 0 0 255 255 255 255 10 132 50 3 M 1 4 10 132 50 3 Server 5 6 7 8 9 10 Action Edit Select Rule ...

Страница 111: ... Menu 15 2 NAT Server Setup Default Server 0 0 0 0 Rule Act Start Port End Port IP Address 001 Yes 80 80 192 168 1 21 002 Yes 25 25 192 168 1 20 003 No 0 0 0 0 0 0 004 No 0 0 0 0 0 0 005 No 0 0 0 0 0 0 006 No 0 0 0 0 0 0 007 No 0 0 0 0 0 0 008 No 0 0 0 0 0 0 009 No 0 0 0 0 0 0 010 No 0 0 0 0 0 0 Select Command None Select Rule N A Press ENTER to Confirm or ESC to Cancel Note Only one LAN computer ...

Страница 112: ...ption Field Description Example Rule This is the rule index number 1 Name Enter a unique name for identification purposes You can enter up to 15 characters in this field All characters are permitted including spaces Real Audio Incoming Incoming is a port or a range of ports that a server on the WAN uses when it sends out a particular service The BCM50a Integrated Router forwards the traffic with t...

Страница 113: ...f the LAN computer that sent the traffic to a server on the WAN Start Port Enter a port number or the starting port number in a range of port numbers 7070 End Port Enter a port number or the ending port number in a range of port numbers 7070 Press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC at any time to cancel Table 22 Menu 15 3 Trigger Port setup descript...

Страница 114: ...114 Chapter 9 Network Address Translation NAT N0115791 ...

Страница 115: ...reen shown in Figure 51 Figure 51 Menu 21 Filter and Firewall Setup Activating the firewall Enter option 2 in this menu to bring up the screen shown in Figure 52 Press SPACE BAR and then ENTER to select Yes in the Active field to activate the firewall The firewall must be active to protect against Denial of Service DoS attacks Use the WebGUI to configure firewall rules Menu 21 Filter and Firewall ...

Страница 116: ...vulnerable to attacks when the firewall is turned off Refer to the User s Guide for details about the firewall default policies You may define additional policy rules or modify existing ones but please exercise extreme caution in doing so Active Yes You can use the WebGUI to configure the firewall Press ENTER to Confirm or ESC to Cancel Note Configure the firewall rules using the WebGUI or CLI com...

Страница 117: ...subdivided into device and protocol filters Data filtering screens the data to determine if the packet is allowed to pass Data filters are divided into incoming and outgoing filters depending on the direction of the packet relative to a port Data filtering can be applied on either the WAN side or the LAN side Call filtering is used to determine if a packet is allowed to trigger a call Remote node ...

Страница 118: ...ch filter set having up to six rules you can have a maximum of 24 rules active for a single port Sets of factory default filter rules are configured in menu 21 to prevent NetBIOS traffic from triggering calls and to prevent incoming Telnet sessions A summary of their filter rules is shown in the figures that follow Figure 54 illustrates the logic flow when executing a filter rule Also see Figure 5...

Страница 119: ...of packets With each filter set having up to six rules you can have a maximum of 24 rules active for a single port Start Fetch First Filter Set Fetch First Filter Rule Active Execute Filter Rule Fetch Next Filter Rule Next filter Rule Available Fetch Next Filter Set Next Filter Set Available Accept Packet Drop Packet Yes No Yes No Yes Packet into filter Filter Set Forward Drop No Check Next Rule ...

Страница 120: ...for NetBIOS over TCP IP packets by default To configure another filter set follow the procedure below 1 Enter 21 in the main menu to open menu 21 Figure 55 Menu 21 Filter and Firewall Setup 2 Enter 1 to bring up the menu 21 1 Menu 21 Filter and Firewall Setup 1 Filter Setup 2 Firewall Setup Enter Menu Selection Number ...

Страница 121: ...e screen shown in Figure 57 shows the summary of the existing rules in the filter set Table 23 and Table 24 contain a brief description of the abbreviations used in the previous menus Menu 21 1 Filter Set Configuration Filter Filter Set Comments Set Comments 1 _______________ 7 _______________ 2 _______________ 8 _______________ 3 _______________ 9 _______________ 4 _______________ 10 ____________...

Страница 122: ...n is complete N means there are no more rules to check You can specify an action to be taken for example forward the packet drop the packet or check the next rule For the latter the next rule is independent of the rule just checked m Action Matched F means to forward the packet immediately and skip checking the remaining rules D means to drop the packet N means to check the next rule n Action Not ...

Страница 123: ...te When applying the filter sets to a port separate menu fields are provided for protocol and device filter sets If you include a protocol filter set in a device filter field or vice versa the BCM50a Integrated Router warns you and prevents you from saving Configuring a TCP IP Filter Rule This section shows you how to configure a TCP IP filter rule Using TCP IP rules you can base the rule on the f...

Страница 124: ... Table 25 TCP IP Filter Rule Menu fields Field Description Options Active Press SPACE BAR and then ENTER to select Yes to activate the filter rule or No to deactivate it Yes No IP Protocol Protocol refers to the upper layer protocol for example TCP is 6 UDP is 17 and ICMP is 1 Type a value between 0 and 255 A value of 0 matches ANY protocol 0 255 IP Source Route Press SPACE BAR and then ENTER to s...

Страница 125: ... then ENTER to select the comparison to apply to the source port in the packet against the value given in Source Port None Less Greater Equal Not Equal TCP Estab This field is applicable only when the IP Protocol field is 6 TCP Press SPACE BAR and then ENTER to select Yes to have the rule match packets that want to establish a TCP connection SYN 1 and ACK 0 if No it is ignored Yes No More Press SP...

Страница 126: ...op Action Not Matched Press SPACE BAR and then ENTER to select the action for a packet not matching the rule Check Next Rule Forward Drop After you configure Menu 21 1 1 1 TCP IP Filter Rule press ENTER at the message Press ENTER to Confirm to save your configuration or press ESC to cancel This data is displayed on Menu 21 1 1 Filter Rules Summary Table 25 TCP IP Filter Rule Menu fields Field Desc...

Страница 127: ...ction Matched Action Not Matched More No Filter Active Check IP Protocol Drop Drop Packet Accept Packet Drop Forward Check Next Rule Check Next Rule Check Next Rule Forward Not Matched Yes No Check Src IP Addr Apply SrcAddrMask to Src Addr Matched Check Dest IP Addr Apply DestAddrMask to Dest Addr Not Matched Not Matched Check Src Dest Port Matched Not Matched ...

Страница 128: ...acket to check with the Offset from 0 and the Length fields both in bytes The BCM50a Integrated Router applies the Mask using the bit wise AND action to the data portion before comparing the result against the Value to determine a match The Mask and Value are specified in hexadecimal numbers Note that it takes two hexadecimal digits to represent a byte so if the length is 4 the value in either fie...

Страница 129: ...nates for example 2 3 refers to the second filter set and the third rule of that set Filter Type Use SPACE BAR and then ENTER to select a rule type Parameters displayed below each type will be different TCP IP filter rules are used to filter IP packets while generic filter rules allow filtering of non IP packets Generic Filter Rule TCP IP Filter Rule Active Select Yes to turn on the filter rule or...

Страница 130: ... from the following None No packets are logged Action Matched Only packets that match the rule parameters are logged Action Not Matched Only packets that do not match the rule parameters are logged Both All packets are logged None Action Matched Action Not Matched Both Action Matched Select the action for a packet matching the rule Check Next Rule Forward Drop Action Not Matched Select the action ...

Страница 131: ...onfiguration 3 Enter the index of the filter set you wish to configure for example 3 and press ENTER 4 Enter a descriptive name or comment in the Edit Comments field and press ENTER 5 Press ENTER at the message Press ENTER to confirm to open Menu 21 1 3 Filter Rules Summary 6 Enter 1 to configure the first filter rule the only filter rule of this set Make the entries in this menu as shown in Figur...

Страница 132: ...ion is to drop the packet m D if the action is matched and to forward the packet immediately n F if the action is not matched whether or not there are more rules to be checked there are none in this example Menu 21 1 3 1 TCP IP Filter Rule Filter 3 1 Filter Type TCP IP Filter Rule Active Yes IP Protocol 6 IP Source Route No Destination IP Addr 0 0 0 0 IP Mask 0 0 0 0 Port 23 Port Comp Equal Source...

Страница 133: ...gure 65 5 After you enter the set numbers press ENTER to confirm and leave menu 11 1 4 Filter Types and NAT There are two classes of filter rules Generic Filter Device rules and protocol filter TCP IP rules Generic filter rules act on the raw data that s going through between LAN and WAN Protocol filter rules act on the IP packets Generic and TCP IP filter rules are discussed in more detail in the...

Страница 134: ...iving and sending the packets for example the interface The interface can be an Ethernet port or any other hardware port as illustrated in Figure 63 Figure 63 Protocol and Device Filter Sets Firewall Versus Filters Firewall configuration is discussed in Chapter 10 Introducing the firewall on page 115 chapters of this manual Further comparisons are also made between filtering NAT and the firewall A...

Страница 135: ... BCM50a Integrated Router Figure 64 Filtering LAN Traffic Applying Remote Node Filters Go to menu 11 1 4 shown in Figure 65 note that call filter sets are only present for PPPoE encapsulation and enter the numbers of the filter sets as appropriate You can cascade up to four filter sets by entering their numbers separated by commas The BCM50a Integrated Router already has filters to prevent NetBIOS...

Страница 136: ... 65 Filtering Remote Node Traffic Menu 11 1 4 Remote Node Filter Input Filter Sets protocol filters device filters Output Filter Sets protocol filters device filters Call Filter Sets protocol filters device filters Enter here to CONFIRM or ESC to CANCEL ...

Страница 137: ... chapter explains SNMP configuration menu 22 SNMP Configuration To configure SNMP enter 22 from the main menu to display Menu 22 SNMP Configuration as shown next The community for Get Set and Trap fields is SNMP terminology for password Note SNMP is only available if TCP IP is configured ...

Страница 138: ...community which is the password for incoming Set requests from the management station this is blank by default Trusted Host If you enter a trusted host your BCM50a Integrated Router will only respond to SNMP messages from this address A blank default field means your BCM50a Integrated Router will respond to all SNMP messages it receives regardless of source 0 0 0 0 Trap Community Type the Trap com...

Страница 139: ...re reboot 4 authenticationFailure defined in RFC 1215 A trap is sent to the manager when receiving any SNMP get or set requirements with the wrong community password 6 whyReboot defined in MIB A trap is sent with the reason of restart before rebooting when the system is going to restart warm start 6a For intentional reboot A trap is sent with the message System reboot by user if reboot is done int...

Страница 140: ...140 Chapter 12 SNMP Configuration N0115791 ...

Страница 141: ... server and 802 1x in this menu System password Figure 67 Menu 23 System security Nortel recommends you change the default password If you forget your password you have to restore the default configuration file For more information see Restoring the factory default configuration settings in BCM50a Integrated Router Configuration Basics N0115790 Menu 23 System Security 1 Change Password 2 RADIUS Se...

Страница 142: ...stem Security RADIUS Server as shown in Figure 69 Figure 69 Menu 23 2 System Security RADIUS server Menu 23 System Security 1 Change Password 2 RADIUS Server 4 IEEE802 1x Enter Menu Selection Number Menu 23 2 System Security RADIUS Server Authentication Server Active No Server Address 0 0 0 0 Port 1812 Shared Secret Accounting Server Active No Server Address 0 0 0 0 Port 1813 Shared Secret Press E...

Страница 143: ...ot sent over the network This key must be the same on the external authentication server and BCM50a Integrated Router Accounting Server Active Press SPACE BAR to select Yes and press ENTER to enable user authentication through an external accounting server Server Address Enter the IP address of the external accounting server in dotted decimal notation Port The default port of the RADIUS server for...

Страница 144: ...144 Chapter 13 System security N0115791 ...

Страница 145: ...menus 24 1 to 24 4 Introduction to System Status This chapter covers the diagnostic tools that help you to maintain your BCM50a Integrated Router These tools include updates on system status port status and log and trace capabilities Select menu 24 in the main menu to open Menu 24 System Maintenance as shown in Figure 70 ...

Страница 146: ...ifically it gives you information on your system firmware version number of packets sent and number of packets received To get to the System Status 1 Enter number 24 to go to Menu 24 System Maintenance 2 In this menu enter 1 to open System Maintenance Status Menu 24 System Maintenance 1 System Status 2 System Information and Console Port Speed 3 Log and Trace 4 Diagnostic 5 Backup Configuration 6 ...

Страница 147: ... 2006 Node Lnk Status TxPkts RxPkts Errors Tx B s Rx B s Up Time 1 ENET N A 0 0 0 0 0 0 00 00 My WAN IP from ISP 0 0 0 0 Ethernet WAN Status 100M Full Duplex Tx Pkts 608 Line Status Initializing Collisions 0 Rx Pkts 821 Upstream Speed 0 kbps CPU Load 1 19 Downstream Speed 0 kbps Press Command COMMANDS 1 Reset Counters ESC Exit Table 30 Menu 24 1 System Maintenance Status Field Description Node Lnk...

Страница 148: ...he IP address of the ISP remote node Ethernet This shows statistics for the LAN Status This shows the current status of the LAN Tx Pkts This is the number of transmitted packets to the LAN Rx Pkts This is the number of received packets from the LAN Collision This is the number of collisions WAN This shows statistics for the WAN Line Status This shows the current status of the xDSL line which can b...

Страница 149: ...nsole Port Speed System Information System Information gives you information about your system as shown in Figure 73 More specifically it gives you information on your routing protocol Ethernet address and IP address Menu 24 2 System Information and Console Port Speed 1 System Information 2 Console Port Speed Please enter selection ...

Страница 150: ...lays the system name of your BCM50a Integrated Router This information can be changed in Menu 1 General Setup Routing Refers to the routing protocol used Firmware Version Refers to the system firmware version ADSL Chipset Vendor Displays the vendor of the ADSL chipset and DSL version Standard This refers to the operational protocol the BCM50a Integrated Router and the DSLAM Digital Subscriber Line...

Страница 151: ...intenance Change Console Port Speed Log and trace The BCM50a Integrated Router has a syslog facility for message logging and a trace function for viewing call triggering packets DHCP This field shows the DHCP setting None Relay or Server of the BCM50a Integrated Router After you complete this menu press ENTER at the prompt Press ENTER to Confirm to save your configuration or press ESC at any time ...

Страница 152: ... Menu 24 3 2 System Maintenance Syslog Logging Configure the syslog parameters described in Table 32 to activate syslog and then choose what you want to log Menu 24 3 System Maintenance Log and Trace 2 Syslog Logging 4 Call Triggering Packet Press ENTER to Confirm or ESC to Cancel Menu 24 3 2 System Maintenance Syslog Logging Syslog Active No Syslog Server IP Address Log Facility Local 1 Press ENT...

Страница 153: ...or ESC to cancel CDR Message Format SdcmdSyslogSend SYSLOG_CDR SYSLOG_INFO String String board xx line xx channel xx call xx str board the hardware board ID line the WAN ID in a board Channel channel ID within the WAN call the call reference number which starts from 1 and increments by 1 for each new call str C01 Outgoing Call dev xx ch xx dev device No ch channel No L02 Tunnel Connected L2TP C02 ...

Страница 154: ...61626364656 66768696a6b6c6d6e6f7071727374 Jul 19 11 28 56 192 168 102 2 RAS Packet Trigger Protocol 1 Data 4500002c1b0140001f06b50ec0a86614ca849a7b0427001700195b3e00000000600 220008cd40000020405b4 Jul 19 11 29 06 192 168 102 2 RAS Packet Trigger Protocol 1 Data 45000028240140001f06ac12c0a86614ca849a7b0427001700195b451d143013500 4000077600000 Filter log Message Format SdcmdSyslogSend SYSLOG_FILLOG ...

Страница 155: ...2fnord010080 S05 R01mF Mar 03 12 00 52 202 132 155 97 RAS GEN ffffffffffff0080 S05 R01mF Mar 03 12 00 57 202 132 155 97 RAS GEN 00a0c5f502010080 S05 R01mF Mar 03 12 01 06 202 132 155 97 RAS IP Src 192 168 1 33 Dst 202 132 155 93 TCP spo 01170 dpo 00021 S04 R01mF PPP Log Message Format SdcmdSyslogSend SYSLOG_PPPLOG SYSLOG_NOTICE String String ppp Proto Starting ppp Proto Opening ppp Proto Closing p...

Страница 156: ...po Destination port empty means no destination port information prot Protocol TCP UDP ICMP IGMP GRE ESP rule a b where a means set number b means rule number Action nothing N block B forward F 08 01 2000 11 48 41 Local1 Notice 192 168 10 10 RAS FW 172 21 1 80 137 172 21 1 80 137 UDP default permit 2 0 B 08 01 2000 11 48 41 Local1 Notice 192 168 10 10 RAS FW 192 168 77 88 520 192 168 77 88 520 UDP ...

Страница 157: ...set 0x00 Time to Live 0xFE 254 Protocol 0x06 TCP Header Checksum 0xFB20 64288 Source IP 0xC0A80101 192 168 1 1 Destination IP 0x00000000 0 0 0 0 TCP Header Source Port 0x0401 1025 Destination Port 0x000D 13 Sequence Number 0x05B8D000 95997952 Ack Number 0x00000000 0 Header Length 24 Flags 0x02 S Window Size 0x2000 8192 Checksum 0xE06A 57450 Urgent Ptr 0x0000 0 Options 0000 02 04 02 00 RAW DATA 000...

Страница 158: ... BCM50a Integrated Router Configuration Basics N0115790 The BCM50a Integrated Router can act either as a WAN DHCP client IP Address Assignment field in menu 4 or menu 11 3 is Dynamic and the Encapsulation field in menu 4 or menu 11 is Ethernet or None when you have a static IP Using the WAN Release and Renewal fields in menu 24 4 you can release or renew the assigned WAN IP address subnet mask and...

Страница 159: ...se Enter 2 to release your WAN DHCP settings WAN DHCP Renewal Enter 3 to renew your WAN DHCP settings PPPoE PPPoA Setup Test This feature is only available for dial up connections using PPPoE or PPPoA encapsulation Enter 4 to test the Internet setup You can also test the Internet setup in Menu 4 Internet Access Refer to Chapter 5 Internet access on page 65 for more details Reboot System Enter 11 t...

Страница 160: ...160 Chapter 14 System information and diagnosis N0115791 ...

Страница 161: ... the BCM50a Integrated Router settings they can be saved back to your computer under a filename of your choosing The system firmware sometimes referred to as the ras file has a bin filename extension With many FTP and TFTP clients the filenames are similar to those seen next ftp put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the BCM50a I...

Страница 162: ...en prompted in the SMT menu to go into debug mode Backup configuration Using Option 5 from Menu 24 System Maintenance you can back up the current BCM50a Integrated Router configuration to your computer Backup is highly recommended once your BCM50a Integrated Router is functioning properly FTP is the preferred method for backing up your current configuration to your computer since it is faster Note...

Страница 163: ...example get rom 0 config rom transfers the configuration file on the BCM50a Integrated Router to your computer and renames it config rom See earlier in this chapter for more information on filename conventions 7 Enter quit to exit the ftp prompt Menu 24 5 System Maintenance Backup Configuration To transfer the configuration file to your workstation follow the procedure below 1 Launch the FTP clien...

Страница 164: ... 226 File received OK ftp 16384 bytes sent in 1 10Seconds 297 89Kbytes sec ftp quit Table 35 General commands for GUI based FTP clients Command Description Host Address Enter the address of the host server Logon Type Anonymous This is when a user ID and password is automatically supplied to the server for anonymous access Anonymous logons will work only if your ISP or service administrator has ena...

Страница 165: ...AN although it can work To use TFTP your computer must have both Telnet and TFTP clients To back up the configuration file follow the procedure shown next 1 Use Telnet from your computer to connect to the BCM50a Integrated Router and log on Because TFTP does not have any security checks the BCM50a Integrated Router records the IP address of the Telnet client and accepts TFTP requests only from thi...

Страница 166: ... in GUI based TFTP clients Note Telnet connection must be active and the SMT must be in CI mode before and during the TFTP transfer For details on TFTP commands see TFTP command example on page 166 consult the documentation of your TFTP client program For UNIX use get to transfer from the BCM50a Integrated Router to the computer and binary to set binary transfer mode Table 36 General commands for ...

Страница 167: ...re unless you have a backup configuration file stored on disk FTP is the preferred method for restoring your current computer configuration to your BCM50a Integrated Router since FTP is faster note that you must wait for the system to automatically restart after the file transfer is complete Restore Using FTP For details about back up using FTP and TFTP refer to Backup configuration on page 162 Bi...

Страница 168: ...ut filename conventions 8 Enter quit to exit the ftp prompt The BCM50a Integrated Router automatically restarts after a successful restore process Menu 24 6 System Maintenance Restore Configuration To transfer the firmware and the configuration file follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the IP address of your router Then type nnadmin and SMT passwor...

Страница 169: ...67 or by following the instructions in Menu 24 7 2 System Maintenance Upload System Configuration File Firmware file upload FTP is the preferred method for uploading the firmware and configuration To use this feature your computer must have an FTP client When you use Telnet to access the BCM50a Integrated Router the screens for uploading firmware and the configuration file using FTP appear ftp put...

Страница 170: ...ation of your FTP client program For details on uploading system firmware using TFTP note that you must remain on this menu to upload system firmware using TFTP please see your manual Press ENTER to Exit Menu 24 7 2 System Maintenance Upload System Configuration File To upload the system configuration file follow the procedure below 1 Launch the FTP client on your workstation 2 Type open and the I...

Страница 171: ...e to binary 6 Use put to transfer files from the computer to the BCM50a Integrated Router for example put firmware bin ras transfers the firmware on your computer firmware bin to the BCM50a Integrated Router and renames it ras Similarly put config rom rom 0 transfers the configuration file on your computer config rom to the BCM50a Integrated Router and renames it rom 0 Likewise get rom 0 config ro...

Страница 172: ...re and the configuration file follow the procedure shown next 2 Use Telnet from your computer to connect to the BCM50a Integrated Router and log on Because TFTP does not have any security checks the BCM50a Integrated Router records the IP address of the Telnet client and accepts TFTP requests only from this address 3 Put the SMT in command interpreter CI mode by entering 8 in Menu 24 System Mainte...

Страница 173: ...d command example on page 173 consult the documentation of your TFTP client program For UNIX use get to transfer from the BCM50a Integrated Router to the computer put to transfer from the computer to the BCM50a Integrated Router and binary to set binary transfer mode TFTP upload command example The following is an example TFTP command tftp i host put firmware bin ras where i specifies binary image...

Страница 174: ...174 Chapter 15 Firmware and configuration file maintenance N0115791 ...

Страница 175: ...ame functionality as the SMT while adding some low level setup and diagnostic functions Enter the CI from the SMT by selecting menu 24 8 Access can be by Telnet connection although some commands are only available with a serial connection See the included disk or www nortel com for more detailed information about CI commands Enter 8 from Menu 24 System Maintenance Note Use of undocumented commands...

Страница 176: ...ed in angle brackets The optional fields in a command are enclosed in square brackets The symbol means or For example sys filter netbios config type on off Menu 24 System Maintenance 1 System Status 2 System Information and Console Port Speed 3 Log and Trace 4 Diagnostic 5 Backup Configuration 6 Restore Configuration 7 Firmware Update 8 Command Interpreter Mode 9 Call Control 10 Time and Date Sett...

Страница 177: ...CM50a Integrated Router provides two call control functions budget management and call history Note that this menu is only applicable when Encapsulation is set to PPPoE or PPPoA in menu 4 or menu 11 1 With the budget management function you can set a limit on the total outgoing call time of the BCM50a Integrated Router within certain times When the total outgoing call time exceeds the limit the cu...

Страница 178: ...management Menu 24 9 1 shows the budget management statistics for outgoing calls Enter 1 from Menu 24 9 System Maintenance Call Control to bring up the Budget Management menu Figure 89 Menu 24 9 System Maintenance Call Control 1 Budget Management 2 Call History Enter Menu Selection Number ...

Страница 179: ...mote node Menu 24 9 1 Budget Management Remote Node 1 ChangeMe 2 GUI Connection Time Total Budget No Budget No Budget Elapsed Time Total Period No Budget No Budget Reset Node 0 to update screen Table 37 Budget management Field Description Example Remote Node Enter the index number of the remote node you want to reset just one in this case 1 Connection Time Total Budget This is the total connection...

Страница 180: ...ll Max Min Total Enter Entry to Delete 0 to exit Table 38 Call History Fields Field Description Phone Number The PPPoE service names are shown here Dir This shows whether the call is incoming or outgoing Rate This is the transfer rate of the call call This is the number of calls made to or received from that telephone number Max This is the length of time of the longest telephone call Min This is ...

Страница 181: ...Integrated Router error logs and firewall logs Select menu 24 in the main menu to open Menu 24 System Maintenance Figure 91 Menu 24 System Maintenance Enter 10 to go to Menu 24 10 System Maintenance Time and Date Setting to update the time and date settings of your BCM50a Integrated Router as shown in Figure 92 Menu 24 System Maintenance 1 System Status 2 System Information and Console Port Speed ...

Страница 182: ...Not all time servers support all protocols so check with your ISP or network administrator or use trial and error to find a protocol that works The main differences between the time protocols are the format Daytime RFC 867 format is the day month year time zone of the server Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 The default NTP RFC...

Страница 183: ... Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 a m GMT or UTC So in the European Union select Mar Last Sun The time you type in the hr field depends on your time zone In Germany for instance type 02 because Germany s time zone is one hour ahead of GMT or UTC GMT 1 End Date mm nth week hr Configure the day and tim...

Страница 184: ...e The BCM50a Integrated Router resets the time in three instances After you make changes to and leave menu 24 10 After starting up the BCM50a Integrated Router starts up if a time server configured in menu 24 10 After starting the BCM50a Integrated Router in 24 hour intervals ...

Страница 185: ...tegrated Router interface if any from which computers You can manage your BCM50a Integrated Router from a remote location via Internet WAN only ALL LAN and WAN LAN only Neither Disable To disable remote management of a service select Disable in the corresponding Server Access field Enter 11 from menu 24 to bring up Menu 24 11 Remote Management Control Note When you Choose WAN only or ALL LAN WAN y...

Страница 186: ...rvice Port 53 Access LAN only Secure Client IP 0 0 0 0 Press ENTER to Confirm or ESC to Cancel Table 40 Menu 24 11 Remote Management control Field Description Telnet Server FTP Server SSH Server HTTPS Server HTTP Server SNMP Service DNS Service Each of these read only labels denotes a service that you can use to remotely manage the BCM50a Integrated Router Port This field shows the port number for...

Страница 187: ...session is already running 6 There is a firewall rule that blocks remote management Certificate Press SPACE BAR and then ENTER to select the certificate that the BCM50a Integrated Router uses to identify itself The BCM50a Integrated Router is the SSL server and must always authenticate itself to the SSL client the computer that requests the HTTPS connection with the BCM50a Integrated Router Authen...

Страница 188: ...188 Chapter 17 Remote Management N0115791 ...

Страница 189: ...o cassette recorder you can specify a time period for the VCR to record You can apply up to 4 schedule sets in Menu 11 1 Remote Node Profile From the main menu enter 26 to access Menu 26 Schedule Setup as shown in Figure 94 Figure 94 Menu 26 Schedule Setup Menu 26 Schedule Setup Schedule Schedule Set Name Set Name 1 AlwaysOn 7 _______________ 2 _______________ 8 _______________ 3 _______________ 9...

Страница 190: ...edule sets for a remote node To set up a schedule set select the schedule set you want to setup from menu 26 1 12 and press ENTER to see Menu 26 1 Schedule Set Setup as shown in Figure 95 Figure 95 Menu 26 1 Schedule Set Setup Note To delete a schedule set enter the set number and press SPACE BAR and then ENTER or delete in the Edit Name field Menu 26 1 Schedule Set Setup Active Yes Start Date yyy...

Страница 191: ...ow Often field above enter the date the set should activate here in year month date format 2000 01 01 Weekday Day If you selected Weekly in the How Often field above select the days when the set should activate and recur by going to that days and pressing SPACE BAR to select Yes After you complete this menu press ENTER to exit Yes No N A Start Time Enter the start time when you wish the schedule s...

Страница 192: ...PPoE You can apply up to four schedule sets separated by commas for one remote node Change the schedule set numbers to your preferences Menu 11 1 Remote Node Profile Rem Node Name ChangeMe Route IP Active Yes Bridge No Encapsulation PPPoA Edit IP Bridge No Multiplexing LLC based Edit ATM Options No Service Name N A Edit Advance Options N A Incoming Telco Option Rem Login Allocated Budget min 0 Rem...

Страница 193: ...rchase of a third party TCP IP application package TCP IP is already installed on computers using Windows NT 2000 XP or Macintosh OS 7 and later operating systems After the appropriate TCP IP components are installed configure the TCP IP settings in order to communicate with your network If you manually assign IP information instead of using dynamic assignment make sure that your computers have IP...

Страница 194: ... protocol and Client for Microsoft Networks If you need the adapter a In the Network window click Add b Select Adapter and click Add c Select the manufacturer and model of your network adapter and click OK If you need TCP IP a In the Network window click Add b Select Protocol and click Add c Select Microsoft from the list of manufacturers d Select TCP IP from the list of network protocols and clic...

Страница 195: ...nges take effect Configuring 1 In the Network window Configuration tab select your network adapter s TCP IP entry and click Properties 2 Click the IP Address tab If your IP address is dynamic select Obtain an IP address automatically If you have a static IP address select Specify an IP address and type your information into the IP Address and Subnet Mask fields Figure 98 Windows 95 98 Me TCP IP pr...

Страница 196: ...installed gateways If you have a gateway IP address type it in the New gateway field and click Add 5 Click OK to save and close the TCP IP Properties window 6 Click OK to close the Network window Insert the Windows CD if prompted 7 Turn on your BCM50a Integrated Router and restart your computer when prompted Verifying Settings 1 Click Start and then Run 2 In the Run window type winipcfg and click ...

Страница 197: ...dvanced Windows 2000 NT XP 1 For Windows XP click Start Control Panel In Windows 2000 NT click Start Settings Control Panel Figure 100 Windows XP Start menu 2 For Windows XP click Network Connections For Windows 2000 NT click Network and Dial up Connections Figure 101 Windows XP Control Panel ...

Страница 198: ...ght click Local Area Connection and then click Properties Figure 102 Windows XP Control Panel Network Connections Properties 4 Select Internet Protocol TCP IP under the General tab in Win XP and click Properties Figure 103 Windows XP Local Area Connection Properties ...

Страница 199: ... fields Click Advanced Figure 104 Windows XP Advanced TCP IP settings 6 If you do not know your gateway IP address remove any previously installed gateways in the IP Settings tab and click OK Ë Do one or more of the following if you want to configure additional IP addresses In the IP Settings tab in IP addresses click Add In TCP IP Address type an IP address in IP address and a subnet mask in Subn...

Страница 200: ...Protocol TCP IP Properties window the General tab in Windows XP Click Obtain DNS server address automatically if you do not know your DNS server IP addresses If you know your DNS server IP addresses click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields If you have previously configured DNS servers click Advanced and then the DNS tab ...

Страница 201: ...ings 1 Click Start All Programs Accessories and then Command Prompt 2 In the Command Prompt window type ipconfig and press ENTER You can also open Network Connections right click a network connection click Status and then click the Support tab Macintosh OS 8 9 1 Click the Apple menu Control Panel and double click TCP IP to open the TCP IP Control Panel Figure 106 Macintosh OS 8 9 Apple Menu ...

Страница 202: ...e following From the Configure box select Manually Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your BCM50a Integrated Router in the Router address box 5 Close the TCP IP Control Panel 6 Click Save if prompted to save changes to your configuration 7 Turn on your BCM50a Integrated Router and restart your computer if prompted Verifyin...

Страница 203: ...ck System Preferences to open the System Preferences window Figure 108 Macintosh OS X Apple menu 2 Click Network in the icon bar Select Automatic from the Location list Select Built in Ethernet from the Show list Click the TCP IP tab 3 For dynamically assigned settings select Using DHCP from the Configure list Figure 109 Macintosh OS X Network ...

Страница 204: ...Type your IP address in the IP Address box Type your subnet mask in the Subnet mask box Type the IP address of your BCM50a Integrated Router in the Router address box 5 Click Apply Now and close the window 6 Turn on your BCM50a Integrated Router and restart your computer if prompted Verifying settings Check your TCP IP properties in the Network window ...

Страница 205: ... than one connection to the Internet through one or more ISPs If an alternate gateway is on the LAN and its IP address is in the same subnet as the BCM50a Integrated Router LAN IP address the triangle route also called asymmetrical route problem can occur The steps below describe the triangle route problem A traffic route is a path for sending or receiving data packets between two Ethernet devices...

Страница 206: ...owledged Figure 111 Triangle Route Problem The Triangle Route Solutions IP aliasing Using IP alias you can partition your network into logical sections over the same Ethernet interface Your BCM50a Integrated Router supports up to three logical LAN interfaces with the BCM50a Integrated Router being the gateway for each logical network By putting your LAN and Gateway B in different subnets all retur...

Страница 207: ...anced 2 The BCM50a Integrated Router reroutes the packet to Gateway B which is in Subnet 2 3 The reply from WAN goes to the BCM50a Integrated Router 4 The BCM50a Integrated Router ends the response to the computer in Subnet 1 Figure 112 IP Alias BCM50a Integrated Router WAN ...

Страница 208: ...208 Appendix B Triangle Route N0115791 ...

Страница 209: ...Import BCM50a Integrated Router certificates into Netscape Navigator In Netscape Navigator you can permanently trust the BCM50a Integrated Router server certificate by importing it into your operating system as a trusted certification authority Select Accept This Certificate Permanently in Figure 113 to do this Figure 113 Security Certificate ...

Страница 210: ...fication authority To have Internet Explorer trust a BCM50a Integrated Router certificate issued by a certificate authority import the certificate authority s certificate into your operating system as a trusted certification authority The following example procedure shows how to import the BCM50a Integrated Router s self signed server certificate into your operating system as a trusted certificati...

Страница 211: ...ndix C Importing certificates 211 BCM50a Integrated Router Configuration Advanced 2 Click Install Certificate to open the Install Certificate wizard Figure 115 Certificate General Information before Import ...

Страница 212: ...212 Appendix C Importing certificates N0115791 3 Click Next to begin the Install Certificate wizard Figure 116 Certificate Import Wizard 1 ...

Страница 213: ...Appendix C Importing certificates 213 BCM50a Integrated Router Configuration Advanced 4 Select where you want to store the certificate and click Next Figure 117 Certificate Import Wizard 2 ...

Страница 214: ...ertificates N0115791 5 Click Finish to complete the Import Certificate wizard Figure 118 Certificate Import Wizard 3 6 Click Yes to add the BCM50a Integrated Router certificate to the root store Figure 119 Root Certificate Store ...

Страница 215: ...icates is selected on the BCM50a Integrated Router You must have imported at least one trusted CA to the BCM50a Integrated Router in order for the Authenticate Client Certificates to be active see Certificates in BCM50a Integrated Router Configuration Basics N0115790 for details Apply for a certificate from a Certification Authority CA that is trusted by the BCM50a Integrated Router see the BCM50a...

Страница 216: ...g certificates N0115791 Figure 121 BCM50a Integrated Router Trusted CA screen The CA sends you a package containing the CA s trusted certificates your personal certificates and a password to install the personal certificates ...

Страница 217: ...o the one shown in Figure 122 Figure 122 CA certificate example 2 Click Install Certificate and follow the wizard as shown earlier in this appendix Installing your personal certificates You need a password in advance The CA can issue the password or you can specify it during the enrollment Double click the personal certificate given to you by the CA to produce a screen similar to Figure 123 ...

Страница 218: ...218 Appendix C Importing certificates N0115791 1 Click Next to begin the wizard Figure 123 Personal certificate import wizard 1 ...

Страница 219: ...ated Router Configuration Advanced 2 The file name and path of the certificate you double clicked automatically appears in the File name text box Click Browse if you wish to import a different certificate Figure 124 Personal certificate import wizard 2 ...

Страница 220: ...220 Appendix C Importing certificates N0115791 3 Enter the password given to you by the CA Figure 125 Personal certificate import wizard 3 ...

Страница 221: ...ated Router Configuration Advanced 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location Figure 126 Personal certificate import wizard 4 ...

Страница 222: ...inish to complete the wizard and begin the import process Figure 127 Personal certificate import wizard 5 6 Figure 128 shows the screen that appears when the certificate is correctly installed on your computer Figure 128 Personal certificate import wizard 6 ...

Страница 223: ...1 Enter https BCM50a Integrated Router IP Address in your browser s web address field Figure 129 Access the BCM50a Integrated Router via HTTPS 2 When Authenticate Client Certificates is selected on the BCM50a Integrated Router you are asked to select a personal certificate to send to the BCM50a Integrated Router This screen displays even if you only have a single certificate as shown in Figure 130...

Страница 224: ...224 Appendix C Importing certificates N0115791 3 The BCM50a Integrated Router login screen appears Figure 131 BCM50a Integrated Router secure login screen ...

Страница 225: ...in a manner similar to dial up services using PPP Benefits of PPPoE PPPoE offers the following benefits It provides you with a familiar dial up networking DUN user interface It lessens the burden on the carriers of provisioning virtual circuits all the way to the ISP on multiple switches for thousands of users For GSTN PSTN and ISDN the switching fabric is already in place It allows the ISP to use...

Страница 226: ...unnels the PPP frames to the ISP The L2TP tunnel is capable of carrying multiple PPP sessions With PPPoE the VC Virtual Circuit is equivalent to the dial up connection and runs between the modem and the AC as opposed to all the way to the ISP However the PPP negotiation is between the PC and the ISP BCM50a Integrated Router as a PPPoE client When using the BCM50a Integrated Router as a PPPoE clien...

Страница 227: ...Appendix D PPPoE 227 BCM50a Integrated Router Configuration Advanced Figure 133 BCM50a Integrated Router as a PPPoE Client BCM50a Integrated Router BCM50a Integrated Router ...

Страница 228: ...228 Appendix D PPPoE N0115791 ...

Страница 229: ... DC 18V 1 1A MTBF 266997 hrs Mean Time Between Failures Operation Temperature 0º C 40º C ADSL Specification for WAN ADSL ADSL2 ADSL2 with TR 067 compliance Ethernet Specification for LAN VPN Ports 10 100Mb s Half Full autonegotiation autosensing WAN LAN Ethernet Cable Pin Layout Straight Through Crossover Switch 1 IRD Adapter 1 OTD Switch 1 IRD Switch 1 IRD 2 IRD 2 OTD 2 IRD 2 IRD 3 OTD 3 IRD 3 OT...

Страница 230: ...230 Appendix E Hardware specifications N0115791 ...

Страница 231: ...ass A addresses have a 0 in the left most bit In a class A address the first octet is the network number and the remaining three octets make up the host ID Class B addresses have a 1 in the left most bit and a 0 in the next left most bit In a class B address the first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the le...

Страница 232: ...d range of 128 to 191 The first octet of a class C address begins with 110 and therefore has a range of 192 to 223 Table 43 Classes of IP addresses IP Address Octet 1 Octet 2 Octet 3 Octet 4 Class A 0 Network number Host ID Host ID Host ID Class B 10 Network number Network number Host ID Host ID Class C 110 Network number Network number Network number Host ID Note Host IDs of all zeros or all ones...

Страница 233: ...nored For example a class C address no longer has to have 24 bits of network number and 8 bits of host ID With subnetting some of the host ID bits are converted into network number bits By convention subnet masks always consist of a continuous sequence of ones beginning from the left most bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Since the mask is alw...

Страница 234: ...octets of the address make up the network number class C You want to have two separate networks Table 46 Alternative Subnet Mask Notation Subnet mask IP address Subnet mask 1 Bits Last octet bit value 255 255 255 0 24 0000 0000 255 255 255 128 25 1000 0000 255 255 255 192 26 1100 0000 255 255 255 224 27 1110 0000 255 255 255 240 28 1111 0000 255 255 255 248 29 1111 1000 255 255 255 252 30 1111 110...

Страница 235: ... bit values indicate host ID bits borrowed to form network ID bits The number of borrowed host ID bits determines the number of subnets you can have The remaining number of host ID bits after borrowing determines the number of hosts you can have on each subnet Table 47 Subnet 1 Network number Last Octet bit value IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet M...

Страница 236: ...mbinations of 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 26 2 or 62 hosts for each subnet all 0s is the subnet itself all 1s is the broadcast address on the subnet Table 49 Subnet 1 Network number Last octet bit value IP Address 192 168 1 0 IP Address Binary 11000000 10101000 00000001 00000000 Subnet ...

Страница 237: ... 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 52 Subnet 4 Network number Last Octet Bit Value IP Address 192 168 1 192 IP Address Binary 11000000 10101000 00000001 11000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 16...

Страница 238: ...y for class B subnet planning 7 192 193 222 223 8 224 225 254 255 Table 54 Class C subnet planning No Borrowed Host Bits Subnet Mask No Subnets No Hosts per Subnet 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 55 Class B subnet planning No Borrowed Host B...

Страница 239: ... 23 128 510 8 255 255 255 0 24 256 254 9 255 255 255 128 25 512 126 10 255 255 255 192 26 1 024 62 11 255 255 255 224 27 2 048 30 12 255 255 255 240 28 4 096 14 13 255 255 255 248 29 8 192 6 14 255 255 255 252 30 16 384 2 15 255 255 255 254 31 32 768 1 Table 55 Class B subnet planning No Borrowed Host Bits Subnet Mask No Subnets No Hosts per Subnet ...

Страница 240: ...240 Appendix F IP subnetting N0115791 ...

Страница 241: ...and keywords exactly as shown Do not abbreviate The required fields in a command are enclosed in angle brackets The optional fields in a command are enclosed in square brackets The symbol means or For example sys filter netbios config type on off means that you must specify the type of netbios filter and whether to turn it on or off Command usage A list of valid commands can be found by typing hel...

Страница 242: ...d countrycode countrycode Sets or displays the country code datetime date year month date Sets or displays the system s current date time hour min sec Sets or displays the system time period day Sets how often the BCM50a Integrated Router gets the date and time from the time server sync Gets the date and time from the time server domainname Displays the domain name that the device sends to the LAN...

Страница 243: ...e 1 log 2 alert 3 both Records the access control logs javablocked 0 none 1 log Records the java blocked logs mten 0 none 1 log Records the system maintenance logs packetfilter 0 none 1 log Records the packet filter logs ppp 0 none 1 log Records the PPP logs remote 0 none 1 log Records the remote management logs tcpreset 0 none 1 log Records the TCP reset logs upnp 0 none 1 log Records the UPnP lo...

Страница 244: ...isplays the mail schedule schedule hour 0 23 Sets the hour to send logs schedule minute 0 59 Sets the minute to send the logs schedule policy 0 full 1 hourly 2 daily 3 weekly 4 none Sets the mail schedule policy schedule week 0 sun 1 mon 2 tue 3 wed 4 thu 5 fri 6 sat Sets the day of the week to send weekly logs server domainName IP Sets the domain name or IP address of the mail server to which the...

Страница 245: ...yslog server domain name to an IP address switch bmlog 0 no 1 yes Turns the broadcast or multicast log on or off display Displays switch settings trilog 0 no 1 yes Turns triangle route logging on or off reboot 0 cold boot 1 immediate reboot 2 bootModule debug mode Restarts the device stdio minute Sets or displays the management terminal idle timeout value tos display Shows all runtime Temporarily ...

Страница 246: ...l that should be displayed parse displays the most detail and disp displays the least trclog switch on off Enables or disables the system trace log or displays the current setting online on off Enables or disables the trace log onscreen display for example in the Telnet management window level level Sets the level 1 10 of trace logs 1 shows the least to display type bitmap Uses hexadecimal charact...

Страница 247: ... nor off is specified disp Displays the trace packets udp Sends the trace packets to another system using UDP udp switch on off Enables or disables the sending of the trace packets to another system using UDP or displays the current setting udp addr addr Sets the target IP address for sending trace packets using UDP udp port port Sets the UDP port should match that of the target IP address for sen...

Страница 248: ...the password error blocking timeout value upnp active 0 no 1 yes Activates or deactivates the saved UPnP settings config 0 deny 1 permit Allows users to make configuration changes through UPnP display Displays UPnP information firewall 0 deny 1 pass Allows UPnP to pass through the firewall load Saves UPnP information reserve 0 deny 1 permit save Saves UPnP information m50Enable yes no Turns Nortel...

Страница 249: ...S filter modes config 0 Between LAN and WAN 3 IPSec Pass through 4 Trigger Dial on off Sets NetBIOS filters ddns debug level Enables or disables DDNS service display iface name Displays DDNS information restart Restarts DDNS logout This command has no effect cpu display Displays the CPU utilization Table 57 Exit Command Command Description exit Ends the command interpreter session Table 58 Ether C...

Страница 250: ...um Transmission Unit accessblock 0 disable 1 enable Blocks Internet access speed auto 10 half 10 full 100 half 100 full Sets the Ethernet data speed and duplex save Saves Ethernet data to the System Parameters Table dynamic Port dump Displays the relationship between physical port and channel set port type Sets physical port to a specific channel spt Displays channel setting stored in SPT Table 59...

Страница 251: ...P address name host name Displays the IP address of a domain name system Configures the system DNS server settings display Shows the system DNS server settings edit 0 first 1 second 2 third 0 from ISP 1 usr def 2 n one IP addr ess if choosing 1 Configures the system DNS server settings lan edit 0 first 1 second 2 third 0 from ISP 1 usr def 2 D NS Relay 3 n one IP address if choosing 1 Configures t...

Страница 252: ...l t bits gateway metric Adds a private route drop host addr bits Drops a route status Displays IP statistic counters udp status Displays the UDP status rip These are the Routing Information Protocol commands accept gateway Drops an entry from the RIP refuse list activate Enables RIP merge on off Sets the RIP merge flag refuse gateway Adds an entry to the RIP refuse list request addr port Sends a R...

Страница 253: ...2 Add iface2 to the iface1 s group break iface Remove the specified interface from the ipxparent group urlfilter enable 0 no 1 yes Enables or disables content filtering exemptZone display Displays content filtering exempt zone information actionFlags type 1 3 enabl e disable Enables or disables content filtering exempt zone action flags that determine to which IP addresses content filtering applie...

Страница 254: ...way partner ipaddr Sets the traffic redirect backup gateway IP address target ipaddr Sets the IP address that the device uses to test WAN accessibility timeout timeout Sets the number of seconds the device waits for a response from the target checktime period Sets the number of seconds the device waits between attempts to connect to the target active on off Enables or disables traffic redirect sav...

Страница 255: ...ubnet mask Sets a static route s subnet mask gateway IP address Sets a static route s gateway IP address metric metric Sets a static route s metric number private yes no Turns private mode on or off active yes no Enables or disables a static route rule dropIcmp 0 1 Sets whether or not the device allows ICMP fragment packets igmp debug level Sets IGMP debug level forwardall on off Activates or deac...

Страница 256: ... threshold Sets the IGMP Time To Live threshold iface v1compat on off Turns on or off IGMP version 1 compatibility on the specified interface robustness num Sets the IGMP robustness variable status Displays the IGMP status alg display Shows whether the Application Layer Gateway is enabled or disabled siptimeout timeout in second or 0 for no timeout Sets the SIP timeout period enable ALG_FTP ALG_H3...

Страница 257: ...rmation including type and level switch on off As long as there is one active IPSec rule all packets go into the IPSec process to check against the SPD When this switch is turned on packets are not be put through the IPSec process even if there are active IPSec rules timer chk_conn 0 255 Sets the idle timeout for IPSec connections The system disconnects an IPSec connection with no traffic for the ...

Страница 258: ...pecified IPSec rule s IP policies dial rule index policy index Triggers the specified phase two connection route lan on off After IPSec processes a packet and sends it to the LAN side this switch controls whether or not IPSec can be applied to the packet again wan on off After IPSec processes a packet and sends it to the WAN side this switch controls whether or not IPSec can be applied to the pack...

Страница 259: ...decimal 0 9 A F characters preceded by 0x zero x which is not counted as part of the 16 to 62 characters p1EncryAlgo 0 DES 1 3DES 2 AES Sets the phase 1 encryption algorithm p1AuthAlgo 0 MD5 1 SHA1 Sets the phase 1 authentication algorithm p1SaLifeTime seconds Sets the phase 1 SA lifetime keyGroup 0 DH1 1 DH2 Sets the key group for phase 1 IKE setup nailUp Yes No Turns nailed up feature on or off ...

Страница 260: ...ts which specific services can automatically trigger a VPN connection to the remote Contivity IPSec router groupID group ID Sets the Contivity Client tunnel s user s group ID groupPasswd group password Sets the Contivity Client tunnel s user s group password username name Sets the Contivity Client tunnel s user s username password password Sets the Contivity Client tunnel s user s password exUseMo...

Страница 261: ...P address protocol 1 ICMP 6 TCP 17 UDP Sets the IP policy s protocol controlPing Yes No Turns control ping on or off controlPingAddr IP Sets the control ping IP address lcAddrType 0 single 1 range 2 subnet Sets the local address type lcAddrEndMask IP Sets the local ending IP address or subnet mask lcPortStart port Sets the local starting port number lcPortEnd port Sets the local ending port number...

Страница 262: ...n contivityState Displays information about the Contivity Client VPN connection contivitySplit contivityTimecnt 0 65535 Sets the Contivity Client keep alive interval in seconds exemptHost Uses the exemptHost commands to configure specific IP addresses that are not to be part of a VPN tunnel display Displays the exempt host settings load index Loads an exempt host active Yes No Enables or disables ...

Страница 263: ... on off Enables or disables the Pre Shared Key authentication method for the Local User Database radius on off Enables or disables the RADIUS Server authentication method radius groupId Configures Group ID fields for RADIUS Server authentication method radius groupPwd Configures Group Password fields for RADIUS Server authentication method radius psk on off Enables or disables Pre Shared Key authe...

Страница 264: ...status Displays the current runtime IP pool status of Client Termination natt active yes no Enables or disables NAT Traversal portSwitch enable disable Enables or disables Client IKE Source Port Switching portNum Sets the NAT Traversal UDP port valid UDP port 1025 65535 failover 1 2 3 IP Sets the client failover IP address keepalive active yes no Enables or disables client failover tuning keep ali...

Страница 265: ...mote users banner on off banner text Sets whether or not the banner appears when a remote user logs on to the gateway Also sets the banner text if specified up to 256 characters password clientStorage on off Sets whether or not the Contivity VPN clients can save their logon passwords instead of always having to manually enter them manage on off Enables or disables the password management facilitie...

Страница 266: ... ADSL line defbitmap Displays ADSL defect bitmap status dyinggasp Sends ADSL dyinggasp linedata far Shows ADSL far end noise margin and carrier load information near Shows ADSL near end noise margin and carrier load information open Opens the ADSL line opencmd Opens ADSL line with a specific standard opmode Shows the ADSL operational mode standard perfdata Shows performance information such as the...

Страница 267: ...I value to remove the specific entry System will save automatically Active yes no Enables disables VC auto hunting feature display Displays the hunt pool Clear Clears the configuration Save Saves current setting to the ROM file timer Sets the waiting time before checking the hunting table result Send Sends VC hunt pattern again hwsar Displays hwsar packets incoming outgoing information driver Oaml...

Страница 268: ...plays the firewall log type and count clear Clears the firewall log count dynamicrule display Displays the firewall s dynamic rules tcprst rst Turns TCP reset sending on or off rst113 Turns TCP reset sending for port 113 on or off display Displays the TCP reset sending settings dos smtp Enables or disables the SMTP DoS defender display Displays the SMTP DoS defender setting ignore Sets if the fire...

Страница 269: ...the queueing mechanism to fairness based WRR or priority based PRR efficient Turns on the work conserving feature disable Disables bandwidth management for traffic going out the LAN interface wan enable bandwidth xxx Enables bandwidth management for traffic going out the WAN interface You can also specify the b s of bandwidth wrr prr Sets the queueing mechanism to fairness based WRR or priority ba...

Страница 270: ...orrow bandwidth from its parent class when borrowing is turned on and vice versa wan add bandwidth xxx name xxx Adds a class with bandwidth xxx b s in WAN The name is for your information priority x Sets the class priority The range is between 0 the lowest to 7 the highest borrow on off The class can borrow bandwidth from its parent class when borrowing is turned on and vice versa del Deletes the ...

Страница 271: ...an add Daddr mask Dmask Dport Saddr mask Smask Sport protocol Adds a filter for class in WAN The filter contains destination address netmask destination port source address netmask source port and protocol Use 0 for items that you do not want the filter to include del Deletes the LAN filter that belongs to the specified WAN class show interface lan Displays the LAN interface settings wan Displays ...

Страница 272: ...fy one The first time you use the command turns it on the second time turns it off and so on wan Displays the bandwidth usage of the specified WAN class or all of the WAN classes if you do not specify one The first time you use the command turns it on the second time turns it off and so on moveFilter channName from to Changes the filter order channName LAN WAN from filter index number to filter in...

Страница 273: ...required The format is subject name dn ip dns email value If the name contains spaces put it in quotes key size specifies the key size It has to be an integer from 512 to 2 048 The default is 1 024 bits create scep_enroll name CA addr CA cert auth key subject key size Creates a certificate request and enrolls for a certificate immediately online using SCEP protocol name specifies a descriptive nam...

Страница 274: ...ate importation to be successful a certification request corresponding to the imported certificate must already exist on BCM50a Integrated Router After the importation the certification request is automatically deleted If a descriptive name is not specified for the imported certificate the certificate adopts the descriptive name of the certification request export name Exports the PEM encoded cert...

Страница 275: ...m stdin name specifies the name the imported CA certificate is saved as export name Exports the PEM encoded certificate to stdout for the user to copy and paste name specifies the name of the certificate to be exported view name Views the information of the specified trusted CA certificate name specifies the name of the certificate to be viewed verify name timeout Verifies the certification path o...

Страница 276: ...of the specified trusted remote host certificate name specifies the name of the certificate to be viewed verify name timeout Verifies the certification path of the specified trusted remote host certificate name specifies the name of the certificate to be verified timeout specifies the timeout value in seconds optional The default timeout value is 20 seconds delete name Deletes the specified truste...

Страница 277: ... the specified directory service name specifies the name of the directory server to be viewed list Lists all directory service names and basic information rename old name new name Renames the specified directory service old name specifies the name of the directory server to be renamed new name specifies the new name the directory server is saved as edit name addr port login pswd Edits the specifie...

Страница 278: ...278 Appendix G Command Interpreter N0115791 ...

Страница 279: ...at enable a computer to connect to and communicate with a LAN For some dial up services such as PPPoE or PPPoA NetBIOS packets cause unwanted calls You can configure NetBIOS filters to do the following Allow or disallow the sending of NetBIOS packets from the LAN to the WAN and from the WAN to the LAN Allow or disallow the sending of NetBIOS packets through VPN connections Allow or disallow NetBIO...

Страница 280: ... numbered 0 3 to configure NetBIOS Filter Status Between LAN and WAN Block IPSec Packets Forward Trigger Dial Disabled Table 65 NetBIOS filter default settings Name Description Example Between LAN and WAN This field displays whether NetBIOS packets are blocked or forwarded from the LAN to the WAN or from the WAN to the LAN Forward IPSec Packets This field displays whether NetBIOS packets sent thro...

Страница 281: ... to block NetBIOS packets from being sent through a VPN connection Use off to allow NetBIOS packets to be sent through a VPN connection Example commands Command sys filter netbios config 0 on This command blocks LAN to WAN and WAN to LAN NetBIOS packets Command sys filter netbios config 1 off This command forwards WAN to LAN and WAN to LAN NetBIOS packets Command sys filter netbios config 3 on Thi...

Страница 282: ...address index index of pool where Use this command to specify the IP address that the BCM50a Integrated Router is to assign to the BCM50 interface Specify an interface on the device Currently you can use this command with the LAN interface enif0 ip IP address This is the IP address that you want to assign to the Nortel BCM50 index index of pool This is the number of an IP address in the BCM50a Int...

Страница 283: ... m50ipreserve ip 11 12 13 10 Nortel BCM50 DHCP server options Use these commands to add site specific options to the DHCP server s offer messages that it sends to the BCM50 BCM50 DHCP server settings Syntax ip dhcp interface server m50dhcpmode 0 disable 1 IP phones only 2 All devices 3 automatic range start range end where interface Specify an interface on the device Currently you can use this com...

Страница 284: ...rver will assign when enabled You can type the full IP addresses or just the last parts If you type part of an IP address the BCM50a Integrated Router combines it with the IP address assigned to the BCM50 customer LAN interface to form a range of IP addresses that are on the same subnet as the BCM50 customer LAN interface For example the BCM50a Integrated Router assigns the BCM50 an IP address of ...

Страница 285: ...nment Syntax ip dhcp interface server voipserver id 1 2 server IP port 1 65535 retry count 0 255 where interface Specify an interface on the device Currently you can use this command with the LAN interface enif0 0 1 Use 1 to have the Nortel BCM50 assign VoIP server DHCP option 128 and VLAN DHCP option 191 settings to Nortel s IP Telephone 2004 Use 0 to not have the Nortel BCM50 assign VoIP server ...

Страница 286: ...sends the VoIP server information for both servers when it receives a DHCP request from Nortel s i2004 VoIP telephones VLAN ID assignment Syntax ip dhcp interface server vlanid none vlan id1 vlan id2 vlan id10 where Use this command to assign VLAN IDs to IP Telephone 2004 port 1 65535 This is the VoIP server s listening port 1 65535 retry count 0 255 This sets the number of times 0 255 the i2004 c...

Страница 287: ...Nortel WLAN Handsets 2210 2211 TFTP server IP address assignment Syntax ip dhcp interface server tftpserver none serverIP where Use this command to assign a TFTP server IP address to Nortel WLAN Handsets 2210 2211s The following example sets the BCM50a Integrated Router to assign a TFTP server IP address of 11 12 13 15 to WLAN Handsets 2210 2211 ip dhcp interface server tftpserver 11 12 13 15 inte...

Страница 288: ...0a Integrated Router to assign a WLAN Telephony Manager 2245 IP address of 11 12 13 16 to WLAN Handsets 2210 2211 ip dhcp interface server wlantelmanager 11 12 13 16 interface Specify an interface on the device Currently you can use this command with the LAN interface enif0 none serverIP Specify the address of a WLAN Telephony Manager 2245 for the Nortel WLAN Handsets 2210 2211 Use none if you do ...

Страница 289: ...mation from the time server Time calibration failed The router failed to get information from the time server DHCP client gets s A DHCP client got a new IP address from the DHCP server DHCP client IP expired A DHCP client s IP address has expired DHCP server assigns s The DHCP server assigned an IP address to a client SMT Login Successfully Someone has logged on to the router s SMT interface SMT L...

Страница 290: ... Table 69 Content filtering logs Category Log Message Description URLFOR IP Domain Name The BCM50a Integrated Router allows access to this IP address or domain name and forwards traffic to the IP address or domain name URLBLK IP Domain Name The BCM50a Integrated Router blocked access to this IP address or domain name due to a forbidden keyword All web traffic is disabled except for trusted domains...

Страница 291: ...tack land OSPF The firewall detected an OSPF land attack land ICMP type d code d The firewall detected an ICMP land attack see the section on ICMP messages for type and code details ip spoofing WAN TCP The firewall detected a TCP IP spoofing attack on the WAN port ip spoofing WAN UDP The firewall detected an UDP IP spoofing attack on the WAN port ip spoofing WAN IGMP The firewall detected an IGMP ...

Страница 292: ...P The firewall detected an IGMP IP spoofing attack while the BCM50a Integrated Router did not have a default route ip spoofing no routing entry ESP The firewall detected an ESP IP spoofing attack while the BCM50a Integrated Router did not have a default route ip spoofing no routing entry GRE The firewall detected a GRE IP spoofing attack while the BCM50a Integrated Router did not have a default ro...

Страница 293: ...sted ACL set and the BCM50a Integrated Router blocked or forwarded it according to the ACL set s configuration Firewall default policy OSPF set d OSPF access matched the default policy of the listed ACL set and the BCM50a Integrated Router blocked or forwarded it according to the ACL set s configuration Firewall default policy set d Access matched the default policy of the listed ACL set and the B...

Страница 294: ... not match the listed firewall rule and the BCM50a Integrated Router logged it Firewall rule NOT match ESP set d rule d ESP access did not match the listed firewall rule and the BCM50a Integrated Router logged it Firewall rule NOT match GRE set d rule d GRE ac access did not match the listed firewall rule and the BCM50a Integrated Router logged it Firewall rule NOT match OSPF set d rule d OSPF acc...

Страница 295: ...firewall detected a DoS attack and sent a TCP packet in response Firewall sent TCP reset packets The firewall sent out TCP reset packets Packet without a NAT table entry blocked The router blocked a packet that did not have a corresponding SUA NAT table entry Out of order TCP handshake packet blocked The router blocked a TCP handshake packet that came out of the proper order Drop unsupported out o...

Страница 296: ...ter Table 73 ICMP notes Type Code Description 0 Echo Reply 0 Echo reply message 3 Destination Unreachable 0 Net unreachable 1 Host unreachable 2 Protocol unreachable 3 Port unreachable 4 A packet that needed fragmentation was dropped because it was set to Don t Fragment DF 5 Source route failed 4 Source Quench 0 A gateway can discard internet datagrams if it does not have the buffer space needed t...

Страница 297: ...t reassembly time exceeded 12 Parameter Problem 0 Pointer indicates the error 13 Timestamp 0 Timestamp request message 14 Timestamp Reply 0 Timestamp reply message 15 Information Request 0 Information request message 16 Information Reply 0 Information reply message Table 74 Sys log LOG MESSAGE DESCRIPTION Mon dd hr mm ss hostname src srcIP srcPort dst dstIP dstPort msg msg note note This message i...

Страница 298: ... 003 01 Jan 08 02 22 Recv SA 004 01 Jan 08 02 24 Send KE NONCE 005 01 Jan 08 02 24 Recv KE NONCE 006 01 Jan 08 02 26 Send ID HASH 007 01 Jan 08 02 26 Recv ID HASH 008 01 Jan 08 02 26 Phase 1 IKE SA process done 009 01 Jan 08 02 26 Start Phase 2 Quick Mode 010 01 Jan 08 02 26 Send HASH SA NONCE ID ID 011 01 Jan 08 02 26 Recv HASH SA NONCE ID ID 012 01 Jan 08 02 26 Send HASH Clear IPSec Log y n ...

Страница 299: ...ain Mode request from 192 168 100 100 002 01 Jan 08 08 07 Recv SA 003 01 Jan 08 08 08 Send SA 004 01 Jan 08 08 08 Recv KE NONCE 005 01 Jan 08 08 10 Send KE NONCE 006 01 Jan 08 08 10 Recv ID HASH 007 01 Jan 08 08 10 Send ID HASH 008 01 Jan 08 08 10 Phase 1 IKE SA process done 009 01 Jan 08 08 10 Recv HASH SA NONCE ID ID 010 01 Jan 08 08 10 Start Phase 2 Quick Mode 011 01 Jan 08 08 10 Send HASH SA N...

Страница 300: ...me peer but it is still processing the first IKE packet from that peer No proposal chosen The parameters configured for Phase 1 or Phase 2 negotiations do not match Check all protocols and settings for these phases For example one party is using 3DES encryption but the other party is using DES encryption so the connection fails Verifying Local ID failed Verifying Remote ID failed During IKE Phase ...

Страница 301: ...address The IP address type or IP address of an incoming packet does not match the peer IP address type or IP address configured on the local router The log displays the IP address type and IP address of the incoming packet vs My Remote IP address The IP address type or IP address of an incoming packet does not match the peer IP address type or IP address configured on the local router The log dis...

Страница 302: ...with the SPI of an inbound packet from the peer the packet is dropped Cannot find outbound SA for rule d The packet matches the rule index number d but Phase 1 or Phase 2 negotiation for outbound from the VPN initiator traffic is not finished yet Discard REPLAY packet If the BCM50a Integrated Router receives a packet with the wrong sequence number it discards it Inbound packet authentication faile...

Страница 303: ...estination field records the certification authority server s IP address and port Enrollment failed The CMP online certificate enrollment failed The Destination field records the certification authority server s IP address and port Failed to resolve CMP CA server url The CMP online certificate enrollment failed because the certification authority server s IP address cannot be resolved Rcvd ca cert...

Страница 304: ...oo large Max size allowed max size The router received directory data that was too large the size is listed from the LDAP server whose address and port are recorded in the Source field The maximum size of directory data that the router allows is also recorded Cert trusted subject name The router has verified the path of the certificate with the listed subject name Due to reason codes cert not trus...

Страница 305: ...handled 13 Certificate issuer was not valid CA specific information missing 14 Not used 15 CRL is too old 16 CRL is not valid 17 CRL signature was not verified correctly 18 CRL was not found anywhere 19 CRL was not added to the cache 20 CRL decoding failed 21 CRL is not currently valid but in the future 22 CRL contains duplicate serial numbers 23 Time interval is not continuous 24 Time information...

Страница 306: ...in order to record logs Displaying logs Use the sys logs display command to show all of the logs in the BCM50a Integrated Router s log Use the sys logs category display command to show the log settings for all of the log categories Table 80 Log categories and available settings Log Categories Available Parameters access 0 1 2 3 attack 0 1 2 3 error 0 1 2 3 ike 0 1 2 3 ipsec 0 1 2 3 javablocked 0 1...

Страница 307: ...ess 3 ras sys logs save ras sys logs display access time source destination notes message 0 11 11 2002 15 10 12 172 22 3 80 137 172 22 255 255 137 ACCESS BLOCK Firewall default policy UDP set 8 1 11 11 2002 15 10 12 172 21 4 17 138 172 21 255 255 138 ACCESS BLOCK Firewall default policy UDP set 8 2 11 11 2002 15 10 11 172 17 2 1 224 0 1 60 ACCESS BLOCK Firewall default policy IGMP set 8 3 11 11 20...

Страница 308: ...308 Appendix J Log descriptions N0115791 ...

Страница 309: ... after the third time an incorrect password is entered Table 81 Brute force password guessing protection commands Command Description sys pwderrtm This command displays the brute force guessing password protection settings sys pwderrtm 0 This command turns off the password s protection from brute force guessing The brute force password guessing protection is turned off by default sys pwderrtm N Th...

Страница 310: ...310 Appendix K Brute force password guessing protection N0115791 ...

Страница 311: ...ling 34 189 Maximum Number of Schedule Sets 189 PPPoE 192 Precedence 190 Precedence Example 190 Call Triggering Packet 156 Central Network Management 35 CHAP 73 CHAP PAP 73 Collision 148 Command Interpreter Mode 175 Community 137 Conditions that prevent TFTP and FTP from working over WAN 164 Console Port 148 149 151 Content Filtering 34 Contivity VPN Client Software 32 conventions text 23 copyrigh...

Страница 312: ...ons 164 187 FTP Server 37 107 Full Network Management 36 G Gateway IP Address 85 General Setup 45 H Hidden Menus 40 Hop Count 76 Host 49 Host IDs 232 HTTPS 33 I Idle Timeout 70 IGMP support 77 Incoming Protocol Filters 63 Initial Screen 39 Internet Access 65 66 Internet access 30 Internet Access Configuration 65 Internet Access information 65 Internet Access Setup 90 Introduction to Filters 117 IP...

Страница 313: ...g 92 Examples 103 Ordering Rules 96 Network Address Translation 67 Network Address Translation NAT 35 89 O Offline 50 Operation Temperature 229 Outgoing Protocol Filters 63 P Packet Error 147 Received 148 Transmitted 148 Packet Filtering 34 Packets 147 PAP 73 Password 40 43 137 Ping 159 Port Forwarding 36 PPP Encapsulation 79 PPPoA 71 PPPoE 34 225 PPPoE Encapsulation 70 78 Private 76 86 Protocol F...

Страница 314: ...ntenance 145 146 147 148 150 151 152 158 159 162 165 172 175 177 178 180 182 System Management Terminal 40 System Name 46 System Status 146 T TCP IP 58 61 123 124 126 129 133 Setup 61 TCP IP and DHCP Setup 58 TCP IP filter rule 123 technical publications 24 text conventions 23 TFTP File Transfer 172 TFTP Restrictions 164 187 Time and Date 32 Time and Date Setting 181 182 Time Zone 183 Trace 151 Tr...

Страница 315: ...Index 315 BCM50a Integrated Router Configuration Advanced W WAN DHCP 158 159 WAN Setup 53 54 WebGUI 116 www dyndns org 50 ...

Отзывы:

Нет отзывов

Похожие инструкции для BCM50a

Watchguard Wireless Router Quick Start Manual preview
Wireless Router
Бренд: Watchguard Страницы: 11
D-Link DWR-712 Quick Installation Manual preview
DWR-712
Бренд: D-Link Страницы: 32
D-Link DIR-456 Quick Installation Manual preview
DIR-456
Бренд: D-Link Страницы: 28
D-Link DIR-820 Quick Installation Manual preview
DIR-820
Бренд: D-Link Страницы: 48
D-Link EXO DIR-2660 Quick Installation Manual preview
EXO DIR-2660
Бренд: D-Link Страницы: 83
D-Link DIR-508L User Manual preview
DIR-508L
Бренд: D-Link Страницы: 155
Panasonic WJ-NV200K Quick Reference Manual preview
WJ-NV200K
Бренд: Panasonic Страницы: 4
Patton electronics 2888 Getting Started Manual preview
2888
Бренд: Patton electronics Страницы: 51
Icidu NI-707533 Manual Manual preview
NI-707533
Бренд: Icidu Страницы: 10
Paradyne Hotwire 5446 Notice preview
Hotwire 5446
Бренд: Paradyne Страницы: 2
Paradyne Hotwire 6381 Installation Instructions Manual preview
Hotwire 6381
Бренд: Paradyne Страницы: 20
Paradyne Hotwire 6381 Upgrade Instructions preview
Hotwire 6381
Бренд: Paradyne Страницы: 2
Zhone Hotwire 6381 Quick Installation Instructions preview
Hotwire 6381
Бренд: Zhone Страницы: 2
Paradyne COMSPHERE 6800 Series Multiplexer Management And Configuration Manual preview
COMSPHERE 6800 Series
Бренд: Paradyne Страницы: 155
Paradyne COMSPHERE 6800 Series Communications Products Support Configuration Manual preview
COMSPHERE 6800 Series
Бренд: Paradyne Страницы: 44
Vanguard 342 Quick Reference Manual preview
342
Бренд: Vanguard Страницы: 4
Lanner NCA-1526 User Manual preview
NCA-1526
Бренд: Lanner Страницы: 78
Juniper ACX2000 Hardware Manual preview
ACX2000
Бренд: Juniper Страницы: 190

Бренды по названию

Популярные бренды

Загрузить еще бренды