Table of Contents Table of Contents Copyright CHAPTER 1 ..........................................2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 What’s New in 7.7 .................................. About Netopia Documentation . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . 13 15 15 16 General . . . . .
Table of Contents Home Page - Basic Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Manage My Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Status Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Enable Remote Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Expert Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents IP Static Routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 IP Static ARP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Pinholes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Configure Specific Pinholes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Planning for Your Pinholes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Time Zone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Create and Change Passwords . . . . . . . . . . . . . . . . . . . . . . . . . 147 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Port number comparisons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Other filter attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Putting the parts together . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Filtering example #1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Filtering example #2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Design guidelines . . . . . . . . . . . . . . . . . . .
Table of Contents CHAPTER 5 Advanced Troubleshooting . . . . . . . . . . . . . . . . . . . . . . 231 Home Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Expert Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 System Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Ports: Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 DHCP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 DHCP Option Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 DMT Settings. . . . . . . . . . .
Table of Contents Port Renumbering Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 Security Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 Firewall Settings (for BreakWater Firewall) . . . . . . . . . . . . . . . . 316 SafeHarbour IPSec Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 Internet Key Exchange (IKE) Settings . . . . . . . . . . . . . . . . . . . . 321 Stateful Inspection . . . . . . . . . . . . . . .
Table of Contents -----S----- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -----T----- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -----U-----. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -----V----- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -----W----- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents FCC Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Electrical Safety Advisory CHAPTER 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Overview of Major Capabilities . . . . . . . . . . . . . . . . . . . 377 Wide Area Network Termination . . . . . . . . . . . . . . . . . . . . . . . 378 PPPoE/PPPoA (Point-to-Point Protocol over Ethernet/ATM) . . . . . . . 378 Instant-On PPP. . . . . . . . . . . . . . . . . . . . . . . .
What’s New in 7.7 CHAPTER 1 Introduction What’s New in 7.7 New in Netopia Firmware Version 7.7 are the following features: • Internet Group Management Protocol (IGMP) Version 3 support. See “IGMP (Internet Group Management Protocol)” on page 112. • TR-101 Support: • Concurrent support for PPPoE and IPoE connections on the WAN. See “WAN” on page 73. • Multiple LAN IP Subnet support. See “LAN” on page 51. • Additional DHCP range support.
• TR-069 Remote device management is automatically enabled by default for 2200Series Gateways. (Explicit exceptions: bonded and VDSL2, 3341, 3387WG). See “TR069” on page 349. Corresponding commands have been added to the Command Line Interface (CLI). See “Command Line Interface” on page 247. • Reset WAN port counter and CLI command to display individual Ethernet port statistics. See “reset enet [ all ]” on page 257 and “show enet [ all ]” on page 259. • CLI for Netopia ATA Remote Management.
About Netopia Documentation About Netopia Documentation ☛ NOTE: This guide describes the wide variety of features and functionality of the Netopia Gateway, when used in Router mode. The Netopia Gateway may also be delivered in Bridge mode. In Bridge mode, the Gateway acts as a pass-through device and allows the workstations on your LAN to have public addresses directly on the Internet. Netopia, Inc.
Documentation Conventions General This manual uses the following conventions to present information: Convention (Typeface) Description bold italic monospaced Menu commands bold italic sans serif Web GUI page links and button names terminal bold terminal Computer display text Italic Italic type indicates the complete titles of manuals.
Documentation Conventions curly ({ }) brackets, with values sep- Alternative values for an argument are prearated with vertical bars (|). sented in curly ({ }) brackets, with values separated with vertical bars (|).
Organization This guide consists of nine chapters, including a glossary, and an index. It is organized as follows: • Chapter 1, “Introduction” — Describes the Netopia document suite, the purpose of, • • • • • • • • • the audience for, and structure of this guide. It gives a table of conventions. Chapter 2, “Basic Mode Setup” — Describes how to get up and running with your Netopia Gateway. Chapter 3, “Expert Mode” — Focuses on the “Expert Mode” Web-based user interface for advanced users.
Description CHAPTER 8 Technical Specifications and Safety Information Description Dimensions: Smart Modems: 13.5 cm (w) x 13.5 cm (d) x 3.5 cm (h); 5.25” (w) x 5.25” (d) x 1.375” (h) Wireless Models: 19.5 cm (w) x 17.0 cm (d) x 4.0 cm (h); 7.6” (w) x 6.75” (d) x 1.5” (h) 3342/3342N/3352/3352N: 8.5 cm (w) x 4.5 cm (d) x 2 cm (h); 3.375” (w) x 1.75” (d) x .875” (h) 2200-Series Modems: 1.06"(2.69 cm) H, 4.36" (11.07 cm) W, 5.71"(14.50 cm) L 2200-Series Wireless Models: 1.2"(3.0cm) H, 8.7" (22.0 cm) W, 5.
Relative storage humidity: 20 to 80% noncondensing Software and protocols Software media: Software preloaded on internal flash memory; field upgrades done via download to internal flash memory via TFTP or web upload.
Agency approvals Agency approvals North America Safety Approvals: ■ United States – UL 60950, Third Edition ■ Canada – CSA: CAN/CSA-C22.2 No. 60950-00 EMC: ■ United States – FCC Part 15 Class B ■ Canada – ICES-003 Telecom: ■ United States – 47 CFR Part 68 ■ Canada – CS-03 International Safety Approvals: ■ Low Voltage (European directive) 73/23 ■ EN60950 (Europe) EMI Compatibility: ■ 89/336/EEC (European directive) ■ EN55022:1994 ■ EN300 386 V1.2.
The Netopia Firmware Version 7.7 complies with the following EU directives: ■ Low Voltage, 73/23/EEC ■ EMC Compatibility, 89/336/EEC, conforming to EN 55 022 Manufacturer’s Declaration of Conformance ☛ Warnings: This is a Class B product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures. Adequate measures include increasing the physical distance between this product and other electrical devices.
Manufacturer’s Declaration of Conformance ☛ Important This product was tested for FCC compliance under conditions that included the use of shielded cables and connectors between system components. Changes or modifications to this product not authorized by the manufacturer could void your authority to operate the equipment. Canada. This Class B digital apparatus meets all requirements of the Canadian Interference Causing Equipment Regulations.
Important Safety Instructions Australian Safety Information The following safety information is provided in conformance with Australian safety requirements: Caution DO NOT USE BEFORE READING THE INSTRUCTIONS: Do not connect the Ethernet ports to a carrier or carriage service provider’s telecommunications network or facility unless: a) you have the written consent of the network or facility manager, or b) the connection is in accordance with a connection permit or connection rules.
47 CFR Part 68 Information 47 CFR Part 68 Information FCC Requirements 1. The Federal Communications Commission (FCC) has established Rules which permit this device to be directly connected to the telephone network. Standardized jacks are used for these connections. This equipment should not be used on party lines or coin phones. 2.
d) The REN is used to determine the number of devices that may be connected to a telephone line. Excessive RENs on a telephone line may result in the devices not ringing in response to an incoming call. In most but not all areas, the sum of RENs should not exceed five (5.0). To be certain of the number of devices that may be connected to a line, as determined by the total RENs, contact the local telephone company.
CHAPTER 9 Overview of Major Capabilities The Netopia Gateway offers simplified setup and management features as well as advanced broadband router capabilities. The following are some of the main features of the Netopia Gateway: • “Wide Area Network Termination” on page 378 The Gateway combines an ADSL modem with an Internet router. It translates protocols used on the Internet to protocols used by home personal computers and eliminates the need for special desktop software (i.e. PPPoE).
Wide Area Network Termination PPPoE/PPPoA (Point-to-Point Protocol over Ethernet/ATM) The PPPoE specification, incorporating the PPP and Ethernet standards, allows your computer(s) to connect to your Service Provider’s network through your Ethernet WAN connection. The Netopia-series Gateway supports PPPoE, eliminating the need to install PPPoE client software on any LAN computers.
Simplified Local Area Network Setup • Your network may change address with each connection making it more difficult to attack. When you configure Instant On access, you can also configure an idle time-out value. Your Gateway monitors traffic over the Internet link and when there has been no traffic for the configured number of seconds, it disconnects the link. When new traffic that is destined for the Internet arrives at the Gateway, the Gateway will instantly re-establish the link.
☛ NOTE: The Netopia DNS Proxy only proxies UDP DNS queries, not TCP DNS queries. Management Embedded Web Server There is no specialized software to install on your PC to configure, manage, or maintain your Netopia Gateway.
Security TraceRoute - displays the path to a destination by showing the number of hops and the router addresses of these hops. The system log also provides diagnostic information. ☛ NOTE: Your Service Provider may request information that you acquire from these various diagnostic tools. Individual tests may be performed at the command line. (See “Command Line Interface” on page 247.).
from routers on networks connected to its WAN interface. In other words, the end computer stations on your LAN are invisible from the Internet. Only a single WAN IP address is required to provide this security support for your entire LAN. LAN sites that communicate through an Internet Service Provider typically enable NAT, since they usually purchase only one IP address from the ISP.
Security ☛ NOTE: 1. The default setting for NAT is ON. 2. Netopia uses Port Address Translation (PAT) to implement the NAT facility. 3. NAT Pinhole traffic (discussed below) is always initiated from the WAN side. Netopia Advanced Features for NAT Using the NAT facility provides effective LAN security. However, there are user applications that require methods to selectively by-pass this security function for certain types of Internet traffic.
Common TCP/IP protocols and ports are: FTP (TCP 21) SMTP (TCP 25) SNMP (TCP 161, UDP 161) telnet (TCP 23) HTTP (TCP 80) See page 90 for How To instructions. Default Server This feature allows you to: • Direct your Gateway to forward all externally initiated IP traffic (TCP and UDP protocols only) to a default host on the LAN. • Enable it for certain situations: Where you cannot anticipate what port number or packet protocol an in-bound application might use.
Security IP-Passthrough Netopia OS now offers an IP passthrough feature. The IP passthrough feature allows a single PC on the LAN to have the Gateway’s public address assigned to it. It also provides PAT (NAPT) via the same public IP address for all other hosts on the private LAN subnet. VPN IPSec Pass Through This Netopia service supports your independent VPN client software in a transparent manner.
☛ NOTE: Typically, no special configuration is necessary to use the IPSec pass through feature. In the diagram, VPN PC clients are shown behind the Netopia Gateway and the secure server is at Corporate Headquarters across the WAN. You cannot have your secure server behind the Netopia Gateway. When multiple PCs are starting IPSec sessions, they must be started one at a time to allow the associations to be created and mapped.
Security device with the requisite level of QoS and correct feature sets — making it ideal for delivery of triple play voice, video, and data services. VGx was developed to ensure that subscribers receive the quality of voice, video, and data services they expect — to prevent a large data download from causing jittery video or poor voice quality.
388
Index Symbols !! command 252 A Access the GUI 41 Address resolution table 260 Administrative restrictions 290 Administrator password 41, 147, 250 Arguments, CLI 266 ARP Command 252, 263 ATA configuration 269 Authentication 309 Authentication trap 328 auto-channel mode 336 AutoChannel Setting 61, 336 B Bridging 274 Broadcast address 284, 287 C CLI 247 !! command 252 Arguments 266 Command shortcuts 252 Command truncation 265 Configuration mode 265 Keywords 266 Navigating 265 Prompt 251, 265 Restart comman
Domain Name System (DNS) 280 DSL Forum settings 348 E Echo request 308 echo-period 308 Embedded Web Server 380 Ethernet address 274 Ethernet statistics 257 F Feature Keys Obtaining 209 filter parts 181 parts of 181 filter priority 180 filter set adding 188 display 183 filter sets adding 188 defined 179 deleting 194 disadvantages 178 using 188 filtering example #1 184 filters actions a filter can take 180 adding to a filter set 190 defined 179 deleting 194 390 input 189 modifying 194 output 189 using 187
LCP echo request 308 Link Install Software 203 Quickstart 49, 51, 73 Local Area Network 379 Location, SNMP 328 Log 261 Logging in 250 lost echoes 308 M Magic number 308 Memory 261 Metric 304 multi-cast forwarding 285, 312 Multiple SSIDs 65 multiple subnets 53 Multiple Wireless SSIDs Wireless 65, 337 N Nameserver 280 NAT 291, 305, 381 Traffic rules 101 NAT Default Server 384 Netmask 287 Network Address Translation 381 Network Test Tools 380 NSLookup 380 Operating Mode Wireless 60, 337 P PAP 378 Password
R Restart 258 Restart command 252 Restart timer 309 Restrictions 290 RIP 286, 288 Routing Information Protocol (RIP) 286, 288 S Secondary nameserver 280 Secure Sockets Layer 213 Security filters 178 Security log 201 Set bncp command 272, 273, 274 Set bridge commands 274 Set DMT commands 279 Set dns commands 280 Set ip static-routes commands 303 Set ppp module port authentication command 310 Set preference more command 314 Set preference verbose command 314 set security state-insp 322 Set servers command 31
Stateful Inspection 164 stateful inspection 261 Static route 303 Step mode 267 Subnet mask 287 subnets multiple 53 Syslog 135 System contact, SNMP 328 System diagnostics 330 system idle-timeout 330 T Telnet 250, 305 Telnet command 262 Telnet traffic 315 TFTP 305 TFTP server 254 Toolbar 45 TOS bit 181, 197 TraceRoute 242, 381 Trap 328 Trivial File Transfer Protocol 254 Truncation 265 view config 263 VLAN ID 124 VLAN Settings 346 VLANs 121 VPN IPSec Pass Through 385 IPSec Tunnel Termination 386 W Weighted
394
Netopia 2200 and 3300 series by Netopia Netopia, Inc.
