USER MANUAL SHDTU03b G.SHDSL.bis Bridge/Router Modems. CTC Union Technologies Co., Ltd.
CTC Union Technologies Co., Ltd. Far Eastern Vienna Technology Center (Neihu Technology Park) 8F, No. 60, Zhouzi St. Neihu, Taipei, 114 Taiwan Phone: +886-2-2659-1021 FAX: +886-2-2799-1355 SHDTU03b G.SHDSL.bis Bridge/Router Modem Series User Manual Version 1.0 Nov 2007 Release This manual supports the following models: SHDTU03bF-ET10R Single LAN Port, 2 Wire, G.SHDSL Modem with Firewall SHDTU03bF-ET10RS Four Switch Port, 2 Wire, G.SHDSL Modem with Firewall SHDTU03bAF-ET10RS Four Switch Port, 4 Wire, G.
LEGAL The information in this publication has been carefully checked and is believed to be entirely accurate at the time of publication. CTC Union Technologies assumes no responsibility, however, for possible errors or omissions, or for any consequences resulting from the use of the information contained herein.
TABLE OF CONTENTS 1. DESCRIPTIONS ..............................................................................................................9 1.1 1.2 1.3 2 FEATURES ....................................................................................................................9 SPECIFICATION .............................................................................................................9 APPLICATIONS ....................................................................................
7.2.5 8 IPoA or EoA......................................................................................................34 ADVANCED SETUP......................................................................................................36 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 8.9 9 SHDSL.BIS................................................................................................................36 BRIDGE ................................................................................................
14.5 MENU DRIVEN INTERFACE COMMANDS ....................................................................67 14.6 MENU TREE ...............................................................................................................67 14.7 CONFIGURATION ........................................................................................................69 14.8 STATUS ......................................................................................................................70 14.9 SHOW .......
1. Descriptions The SHDSL.bis (Symmetric High Speed Digital Subscriber Loop) routers comply with G.991.2(2004) standard with 10/100 Base-T auto-negotiation. It provides business-class, multi-range from 192Kbps to 5.696Mbps (for 2-wire mode) payload rates over exiting single-pair copper wire. The SHDSL.
Security ¾ ¾ ¾ ¾ ¾ ¾ ¾ DMZ host/Multi-DMZ/Multi-NAT function Virtual server mapping (RFC1631) VPN pass-through for PPTP/L2TP/IPSec tunneling Natural NAT firewall Advanced Stateful packet inspection (SPI) firewall (Firewall Router) Application level gateway for URL and keyword blocking (Firewall Router) User access control: deny certain PCs access to Internet service (Firewall Router) Management ¾ Easy-to-use web-based GUI for quick setup, configuration and management ¾ Menu-driven interface/Command-line i
¾ ¾ LAN: 1, 2, 3, 4 (4-port router) SHDSL.bis: ALM Physical/Electrical ¾ Dimensions: 18.7 x 3.3 x 14.5cm (WxHxD) ¾ Power: 100~240VAC (via power adapter) ¾ Power consumption: 9 watts max ¾ Temperature: 0~45。C ¾ Humidity: 0%~95%RH (non-condensing) Memory ¾ 2MB Flash Memory, 8MB SDRAM Products’ Information G.shdsl.bis 2-wire router/bridge with 1-port LAN G.shdsl.bis 2-wire router/bridge with 1-port LAN VLAN and business class firewall G.shdsl.bis 2-wire router/bridge with 4-port switching hub LAN G.shdsl.
2 Your Firewall A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet.
Level 5: Application Protocol Source/Destination address Source/destination port IP options connection status Level 4: TCP Level 3: IP Level 2: Data Link Level 1: Physical Stateful Inspection Filter remember this information UDP SP=3264 SA=192.168.0.5 DP=1525 DA=172.16.3.4 192.168.0.5 172.16.3.4 Matches outgoing so allows in UDP SP=1525 SA=172.16.3.4 DP=3264 DA=192.168.0.5 Nomatches so disallows in UDP SP=1525 SA=172.168.3.4 DP=2049 DA=192.168.0.5 NAT (Network Address Translation) Firewall 192.168.0.
PAT (Port Address Translation) Firewall 192.120.8.5 192.168.0.10:1025 192.120.8.5:2205 Internet 192.120.8.5:2206 192.168.0.11:4406 Client IP Internal Port External Port 192.168.0.10 1025 2205 192.168.0.11 4406 2206 Internal/Protected Network 2.1.2 External/Unprotected Network Circuit Gateway Also called a "Circuit Level Gateway," this is a firewall approach that validates connections before allowing data to be exchanged.
Level 5: Application Level 4: TCP Telnet FTP Http SMTP Level 3: IP Level 2: Data Link Level 1: Physical Proxy Application Host PC Internal External Interface Interface Proxy Server Public Server Request Page Check URL Request Page Return Page Filter Content Return Page 2.2 Denial of Service Attack Typically, Denial Of Service (DoS) attacks result in two flavors: resource starvation and system overloading.
Normal reassembled Packets bytes from 1~1500 bytes from 1501~3000 bytes from 3000~4500 Reassembled teardrop packets bytes from 1~1700 bytes from 1300~3200 bytes from 2800~4800 SYN Flood- The attacker sends TCP SYN packets, which start connections very fast, leaving the victim waiting to complete a huge number of connections, causing it to run out of resources and dropping legitimate connections. A new defense against this is the “SYN cookies”. Each side of a connection has its own sequence number.
3 Your VLAN (Virtual Local Area Network) Virtual LAN (VLAN) is defined as a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLAN is based on logical instead of physical connections, it is extremely flexible. The IEEE 802.
carry user priority information across bridged LANs in which individual LAN segments may be unable to signal priority information (e.g., 802.3/Ethernet segments). 2) The Canonical Format Indicator (CFI) is used to signal the presence or absence of a Routing Information Field (RIF) field, and, in combination with the Non-canonical Format Indicator (NCFI) carried in the RIF, to signal the bit order of address information carried in the encapsulated frame.
VID 20 WAN 4 WAN 5 WAN 6 WAN 3 VID 10 VID 30 WAN 2 WAN 7 WAN 8 WAN 1 Backbone ATM Switch POW ER F AU LT D A TA LAN 1 SHDSL Router AL AR M LAN 2 LAN 3 LAN 4 VID 30 VID 10 VID 20 19
4 Getting To Know Your Router This section will introduce hardware of the router. 4.1 Front Panel The front panel contains LED which show status of the router. LEDs PWR WAN LNK ACT 1 2 LAN 3 4 ALM Active On On Blink On On Blink On Blink On Blink On Blink On Blink LEDs PWR WAN LNK ACT 10M/ACT LAN 100M/ACT ALM LED status of 4-wire/4-port router Description Power on SHDSL.bis line connection is established SHDSL.bis handshake Transmit or received data over SHDSL.
4.2 Rear Panel The rear panel of SHDSL.bis router is where all of the connections are made. DC-IN LAN orLAN (1,2,3,4) CONSOLE LINE RST DC-IN CONSOLE LINE RST ! Connectors Description of 2-wire/1-port router Power adaptor inlet: Input voltage 9VDC Ethernet 10BaseT for LAN port (RJ-45) 10/100BaseT auto-sensing and auto-MDIX for LAN port (RJ-45) (4-port Router) RS- 232C (DB9) for system configuration and maintenance shdsl.
4.3 SHDSL.bis Line Connector 4.
5 Configuration of the router This guide is designed to lead users through Web Configuration of G.shdsl.bis Router in the easiest and quickest way possible. Please follow the instructions carefully. Note: There are three methods to configure the router: serial console, Telnet and Web Browser. Only one configuration application is used to setup the Router at any given time. Users have to choose one method to configure it. For Web configuration, you can skip step 3.
The difference Protocol need to setup difference WAN parameters. After knowing the Ptorocol provided by ISP, you have to ask the necessary WAN parameters to setup it.
NB PC Cross Over Ethernet Cable Power Adapter DB-9 Cable Wall Jack G.shdsl.bis Direct Connection with PC or NB for 1-port router Connection with Hub/Switch for 1-port router Server File Server Workstation PC NB Mobile Device HUB/Switch Power Adpater Pass Through Ethernet Cable Wireless LAN G.shdsl.
6 Configuration via Web Browser Step. 1 For Win85, 98 and Me, click the start button. Select setting and control panel. Step. 2 Double click the network icon. In the Configuration window, select the TCP/IP protocol line that has been associated with your network card and then click property icon.
Choose IP address tab. Select Obtain IP address automatically. Click OK button. The window will ask you to restart the PC. Click Yes button. After rebooting your PC, open IE or Netscape Browser to connect the Router. Type http://192.168.0.1 The default IP address and sub net-mask of the Router is 192.168.0.1 and 255.255.255.0. Because the router acts as DHCP server in your network, the router will automatically assign IP address for PC or NB in the network.
7 Basic Setup The Basic Setup contains LAN, WAN, Bridge and Route operation mode. User can use it to completely setup the router. After successfully completing it, you can access Internet. This is the easiest and possible way to setup the router. Note: The advanced functions are only for advanced users to setup advanced functions. The uncorrect setting of advanced function will affect the performance or system error, even disconnection. Click Basic for basic installation. 7.1 Bridge Mode IP: 192.168.0.
Enter Parameters in BASIC – STEP2: LAN IP: 192.168.0.1 Subnet Mask: 255.255.255.0 Gateway: 192.168.0.254 (The Gateway IP is provided by ISP.) Host Name: SOHO Some of the ISP requires the Host Name as identification. You may check with ISP to see if your Internet service has been configured with a host name. In most cases, this field can be ignored. WAN1 VPI: 0 VCI: 32 Click LLC, Click Next The screen will prompt the new configured parameters.
7.2 Routing Mode Routing mode contains DHCP server, DHCP client, DHCP relay, Point-to-Point Protocol over ATM and Ethernet and IP over ATM and Ethernet over ATM. You have to clarify which Internet protocol is provided by ISP. Click ROUTE and CPE Side then press Next. This product can be setup as two SHDSL.bis working mode: CO (Central Office) and CPE (Customer Premises Equipment). For connection with DSLAM, the SHDSL.bis working mode is CPE.
then 1. Lease time 72 hours indicates that the DHCP server will reassign IP information in every 72 hours. DNS Server: Your ISP will provide at least one Domain Name Service Server IP. You can type the router IP in this field. The router will act as DNS server relay function. You may assign a fixed IP address to some device while using DHCP, you have to put this device’s MAC address in the Table of Fixed DHCP Host Entries. Press Next to setup WAN1 parameters. 7.2.
7.2.4 PPPoE or PPPoA PPPoA (point-to-point protocol over ATM) and PPPoE (point-to-point protocol over Ethernet) are authentication and connection protocols used by many service providers for broadband Internet access. These are specifications for connecting multiple computer users on an Ethernet local area network to a remote site through common customer premises equipment, which is the telephone company's term for a modem and similar devices. PPPoE and PPPoA can be used to office or building.
IP Type: Dynamics. The default IP type is Dynamic. It means that ISP PPP server will provide IP information including dynamic IP address when SHDSL.bis connection is established. On the other hand, you do not need to type the IP address of WAN1. Some of the ISP will provide fixed IP address over PPP. For fixed IP address: IP Type: Fixed IP Address: 192.168.1.1 Click Next. Note: For safety, the password will be prompt as star symbol. The screen will prompt the parameters that will be written in EPROM.
7.2.5 IPoA or EoA WAN LAN Router IP: 192.168.0.1 Netmask: 255.255.255.0 IP: 10.1.2.1 Netmask: 255.255.255.0 Gateway: 10.1.2.2 DNS: 168.95.1.1 BAS IP: 10.1.2.2 Netmask: 255.255.255.0 DSLAM PC IP: 192.168.0.2~51 Netmask: 255.255.255.0 Gateway: 192.168.0.1 VPI:0, VCI:33 Encapsulation: LLC Before configuration the router, check with your ISP about this information.
The screen will prompt the parameters that will be written in EPROM. Check the parameters before writing in EPROM. Press Restart to restart the router working with new parameters or press continue to setup another parameter.
8 Advanced Setup Advanced setup contains SHDSL.bis, WAN, Bridge, Route, NAT/DMZ, Virtual SERVER and FIREWALL parameters. 8.1 SHDSL.bis You can setup the Annex type, data rate and SNR margin for SHDSL.bis parameters in SHDSL.bis. Click SHDSL.bis Annex Type: There are foure Annex types, Annex A (ANSI), Annex B (ETSI), AnnexAF and Annex BG in SHDSL.bis. Check with your ISP about it. TCPAM Type: the default option is Auto.
The screen will prompt the parameters that will be written in EPROM. Check the parameters before writing in EPROM. Press Restart to restart the router working with new parameters or press continue to setup another parameter. WAN The SHDSL.bis router supports up to 8 PVCs. WAN 1 was configured via BASIC except QoS. If you want to setup another PVCs, 2 to 7, the parameters are setup in the page of WAN under ADVANCED.
IP and video comferencing, that require tightly constrained delays and delay variation. VBR-rt is characterized by a peak cell rate (PCR), substained cell rate (SCR), and maximun burst rate (MBR). VBR-nrt (Varible Bit Rate non-real-time) PCR (Peak Cell Rate) in kbps: The maximum rate at which you expect to transmit data, voice and video. Consider PCR and MBS as a menas of reducing lantency, not increasing bandwidth.
8.2 Bridge If you want to setup advanced filter function while router is working in bridge mode, you can use BRIDGE menu to setup the filter function, blocking function. Click Bridge to setup. Press Add in the bottom of web page to add the static bridge information. If you want to filter the designated MAC address of LAN PC to access Internet, press Add to establish the filtering table. Put the MAC address in MAC Address field and select Filter in LAN field.
8.3 VLAN Virtual LAN (VLAN) is defined as a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLAN is based on logical instead of physical connections, it is extremely flexible. Click VLAN to configure VLAN. The product support two types of VLAN: 802.1Q Tag-Based VLAN Port-Based VLAN. User can configure one of them to the router. For setting 802.
Port-Based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port. Click Port-Based VLAN to configure the router. 8.4 Ethernet This page of function let user configure the media type of Ethernet. Click ETHERNET to configure Ehernet.
8.5 Route If the Router is connected to more than one network, it may be necessary to set up a static route between them. A static route is a pre-determined pathway that network information must travel to reach a specific host or network. With Dynamic Routing, you can enable the Router to automatically adjust to physical changes in the network’s layout. The Router, using the RIP protocol, determines the network packets’ route based on the fewest number of hops between the source and the destination.
RIP Mode: this parameter determines how the product handle RIP (Routing information protocol). RIP allows it to exchange routing information with other router. If set to Disable, the gateway does not participate in any RIP exchange with other router. If set Enable, the router broadcasts the routing table of the router on the LAN and incoporates RIP broadcast by other routers into it’s routing table.
8.6 NAT/DMZ NAT (Network Address Translation) is the translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP addresses and reverse the global IP addresses of incoming packets back into local IP addresses.
Multi-NAT: Some of the virtual IP addresses (eg: 192.168.0.10 ~ 192.168.0.50) collectively use two of the global IP addresses (eg: 69.210.1.9 and 69.210.1.10). The Multi-NAT table will be setup as; Virtual Start IP Address: 192.168.0.10 Count: 40 Global Start IP Address: 69.210.1.9 Count: 2 Press Finish to continue. The screen will prompt the parameters that will be written in EPROM. Check the parameters before writing in EPROM.
8.7 Virtual Server For example: Specific ports on the WAN interface are re-mapped to services inside the LAN. As only 69.210.1.8 (e.g., assigned to WAN from ISP) is visible to the Internet, but does not actually have any services (other than NAT of course) running on gateway, it is said to be a virtual server. Request with TCP made to 69.210.1.8:80 are remapped to the server 1 on 192.168.0.2:80 for working days from Monday to Friday 8 AM to 6PM, other requests with UDP made to 69.210.1.
8.8 Firewall A firewall is a set of related programs that protects the resources of a private network from other networks. It is helpful to users that allow preventing hackers to access its own private data resource accidentally. Click Basic Firewall Security. This level only enables the NAT firewall and the remote management security. The NAT firewall will take effect if NAT function is enabled. The remote management security is default to block any WAN side connection to the device.
Click Automatic Firewall Security. This level enables basic firewall security, all DoS protection, and the SPI filter function. Press Finsih to finish setting firewall. The screen will prompt the parameters, which will be written in EPROM. Check the parameters. Press Restart to restart the router or press Continue to setup another function.
resources to be consumed serving the phony requests. A ping of death attack attempts to crash your system by sending a fragmented packet, when reconstructed is larger than the maximum allowable size. Other known variants of the ping of death include teardrop, bonk and nestea. A land attack is an attempt to slow your network down by sending a packet with identical source and destination addresses originating from your network.
If you want to ban all of the protocol from the IP (e.g.: 200.1.1.1) to access the all PCs (e.g.: 192.168.0.2 ~ 192.168.0.50) in the LAN, key in the parameter as; Protocol: ANY Direction: INBOUND (INBOUND is from WAN to LAN, and OUTBOUND is LAN to WAN.) Description: Hacker Src. IP Address: 200.1.1.1 Dest. IP Address: 192.168.0.2-192.168.0.50 Press OK to finish. The screen will prompt the configured parameters. Check the parameters.
172.16.1.1:1357 192.168.3.4:25 3 Internet 4 Firewall SMTP Client Packet Direction 5 Inbound 6 Outbound Source 10.1.2.3 171.16.3.4 SMTP Server Destination 171.16.3.4 10.1.2.3 Protocol Dest. Port Action (Rule) TCP 6000 Deny (E) TCP 5150 Deny (E) 171.16.3.4:6000 10.1.2.
2 3 4 5 10.1.99.1 10.1.1.1 10.1.1.1 192.168.3.4 172.16.6.1 172.16.6.1 172.16.1.1 172.16.6.1 Permit (A) Permit (A) Deny (C) Deny (C) The rule order will permit 10.1.99.1 to access 172.16.6.1. When the rule is ordered as BAC. Index Source Address Destination Address 1 10.1.99.1 172.16.1.1 2 10.1.99.1 172.16.6.1 3 10.1.1.1 172.16.6.1 4 10.1.1.1 172.16.1.1 5 192.168.3.4 172.16.6.1 The rule order will deny 10.1.99.1 to access 172.6.6.1. Action Deny (B) Deny (B) Permit (A) Deny (C) Deny (C) 8.
Set the policy to action. Description: A brief statement describe this policy Local IP: type IP address of local host in prioritized session. Remote IP: type IP address of remote host in prioritized session. Local Port: type the service port number of local host in prioritized session. Remote Port: type the service port number of remote host in prioritized session. Protocol: identify the transportation layer protocol type you want to prioritize, ex: TCP or UDP. The default is ANY.
9 Administration This session introduces security and simple network management protocol (SNMP) and time synchronous. 9.1 Security For system secutiry, suggest to change the default user name and password in the first setup otherwise unauthorized persons can access the router and change the parameters. There are three ways to configure the router, Web browser, telnet and serial console. Press Security to setup the parameters. For greater security, change the Supervisor ID and password for the gateway.
Configured 0.0.0.0 will allow all hosts on Internet or LAN to access the router. Leaving blank of trust host list will cause blocking all PC from WAN to access the router. On the other hand, only PC in LAN can access the router. If you type the excact IP address in the filed, only the host can access the router. Click Finish to finish the setting. The browser will prompt the configured parameters and check it before writing into EPROM.
SNMP status: Enable Access Right: Deny for deny all access Read for access read only Write for access read and write. Community: it serves as password for access right. After configuring the community pool, press OK. SNMP trap is an informational message sent from an SNMP agent to a manager. Click Modify to modify the trap host pool. Version: select version for trap host. (Version 1 is for SNMPv1; Version 2 for SNMPv2). IP Adress: type the trap host IP adress Community: type the community password.
9.3 Time Sync Time synchronization is an essential element for any business, which relies on the IT system. The reason for this is that these systems all have clock that is the source of timer for their filing or operations. Without time synchronization, these systems’s clocks vary and cause the failure of firewall packet filtering schedule processes, compromised security, or virtual server working in wrong schedule. Click TIME SYNC. Synchronization modes (SYNC method): SNTP v4.0.
10 Utility This section will describe the utility of the product including: SYSTEM INFO: system information, CONFIG TOOL: load the factory default configuration, UPGRADE: upgrade the firmware LOGOUT: logout the system RESTART: restart the router. 10.1 System Info Click System Info for review the information. The browser will prompt the system information. 10.2 Config Tool This configuration tool has three functions: load Factory Default, Restore Configuration, and Backup Configuration. Press CONFIG TOOl.
10.3 Upgrade You can upgrade the gateway using the upgrade function. Press Upgrade in UTILITY. Browse the file and press OK button to upgrade. The system will reboot automatically after finishing. 10.4 Logout To logout the router, press LOGOUT in UTILITY. 10.5 Restart For restarting the router, click the Restart in UTILITY. Press Restart to reboot the router.
11 Status You can monitor the SHDSL.bis status including mode, Tx power and Bitrate and Performance information including SNR margin, atteunation and CRC error count. LAN status will prompt the MAC address, IP address, Subnet mask and DHCP client table. WAN status will display the WAN interface information. You can view the routing table in the status of ROUTE. INTERFACE status inculdes LAN and WAN statistics information. FIREWALL status display DoS protection status and dropped packets statistics.
12 LAN-to-LAN connection with bridge Mode STU-C (CO) STU-R (CPE) Bridge Bridge IP: 192.168.0.1 Netmask: 255.255.255.0 PC IP: 192.168.0.2 Netmask: 255.255.255.0 VPI:0, VCI:32 Encapsulation: LLC IP: 192.168.0.100 Netmask: 255.255.255.0 Gateway: 192.168.0.1 IP: 192.168.0.200 Netmask: 255.255.255.0 Gateway: 192.168.0.2 12.1 CO side Click Bridge and CO Side to setup Bridging mode of the Router and then click Next. Enter LAN Parameters IP: 192.168.0.1 Subnet Mask: 255.255.255.0 Gateway: 192.168.0.
12.2 CPE Side Click Bridge and CO Side to setup Bridging mode of the Router and then click Next. Enter LAN Parameters IP: 192.168.0.2 Subnet Mask: 255.255.255.0 Gateway: 192.168.0.2 Host Name: SOHO Enter WAN1 Parameters VPI: 0 VCI: 32 Click LLC Click Next The screen will prompt the new configured parameters. Check the parameters and Click Restart The router will reboot with the new setting.
13 LAN to LAN Connection with Routing Mode STU-C (CO) STU-R (CPE) Router IP: 192.168.20.1 Netmask: 255.255.255.0 IPoA or EoA VPI:0, VCI:32 Encapsulation: LLC IP: 192.168.30.1 Netmask: 255.255.255.0 Gateway: 192.168.30.2 Router IP: 192.168.10.1 Netmask: 255.255.255.0 IP: 192.168.30.2 Netmask: 255.255.255.0 Gateway: 192.168.30.1 IP: 192.168.20.100 Netmask: 255.255.255.0 Gateway: 192.168.20.1 IP: 192.168.10.200 Netmask: 255.255.255.0 Gateway: 192.168.10.1 13.
IP Address: 192.168.20.1 Subnet Mask: 255.255.255.0 Gateway: 192.169.30.2 Click Next The screen will prompt the parameters that we will write in EPROM. Check the parameters before writing in EPROM. Press Restart to restart the router working with new parameters or press continue to setup another parameter. 13.2 CPE side Click ROUTE and CPE Side then press Next. Type LAN parameters: IP Address: 192.168.10.1 Subnet Mask: 255.255.255.
14 Configuration via Serial Console or Telnet with Menu Driven Interface 14.1 Serial Console Check the connectivity of the RS-232 cable from your computer to the serial port of ROUTER. Start your terminal access program by VT100 terminal emulation with the following parameters: Parameter Value Baudrate Data Bits Parity Check Stop Bits Flow-control 9600 8 No 1 No Press the SPACE key until the login screen appears. When you see the login screen, you can logon to Router.
14.4 Window structure From top to bottom, the window is divided into four parts: 1. Product name 2. Menu field: Menu tree prompts on this field. Symbol “>>” indicates the cursor place. 3. Configuring field: You will configure the parameters in this field. < parameters > indicates the parameters you can choose and < more…> indicates that there have submenu in the title. 4. Operation command for help The following table shows the parameters in the brackets.
14.5 Menu Driven Interface Commands Before changing the configuration, familiarize yourself with the operations list in the following table. The operation list will be shown on the window. Keystroke [UP] or I [DOWN] or K [LEFT] or J [RIGHT] or L [ENTER] [TAB] Ctrl + C Ctrl + Q Menu Driven Interface Commands Description Move to above field in the same level menu. Move to below field in the same level menu. Move back to previous menu. Move forward to submenu. Move forward to submenu.
User Name Password Enable Enable Setup Status Show Write Reboot Ping Admin Utility Exit Status Show Protocol Adress VPI_VCI Encap QoS ISP IP_type List Mode SHDSL WAN Bridge VLAN Route LAN IP_share Firewall DHCP DNS_proxy Hostname Default Mode Modify PVID Link_mode List SHDSL WAN Route Interface Firewall Static RIP System Config Script Mode Link N*64 Type Clear Margin Gateway Static Generic LAN WAN LIst IP_type Address Attrib Level pkt_filter DoS_protect Upgrade Backup Restore System Config
14.7 Configuration To setup the router, move the cursor “ >>” to enable and press enter key. While the screen appears, type the supervisor password. The default supervisor password is root. The password will be prompted as “ * “ symbol for system security. ---------------------------------------------------------------------Command: enable Message: Please input the following information.
14.8 Status You can view running system status of SHDSL.bis, WAN, route and interface via status command. Move cursor “ >> “ to status and press enter. >> shdsl.bis wan route interface firewall Command shdsl.bis wan route interface firewall Show Show Show Show Show SHDSL.bis status WAN interface status routing table interface statistics status firewall status Description The SHDSL.
14.9 Show You can view the system information, configuration and configuration in command script by show command. Move cursor “ >> “ to show and press enter. >> system config script Command system config script Show general information Show all configuration Show all configuration in command script Description The general information of the system will show in system command. Config command can display detail configuration information. Configuration information will prompt in command script.
14.10 Write For any changes of configuration, you must write the new configuration to EPROM using write command and reboot the router to take affect. Move cursor to “ >> “ to write and press enter. ---------------------------------------------------------------------Command: write Message: Please input the following information.
14.11 Reboot To reboot the router, use reboot command. Move cursor to “ >> “ to write and press enter. ---------------------------------------------------------------------Command: reboot Message: Please input the following information.
14.12 Ping Ping command will be used to test the connection of router. Move cursor “ >> “ to ping and press enter. ---------------------------------------------------------------------Command: ping [1~65534|-t] [1~1999] Message: Please input the following information. IP address : 10.0.0.
14.13 Administration You can modify the user profile, telnet access, SNMP (Sample Network Management Protocol), supervisor information and SNTP (Simple Network Time Protocol) in admin. The route is enable Î admin. For configuration the parameters, move the cursor “ >> “ to admin and press enter. >> user security snmp passwd id sntp Manage user profile Setup system security Configure SNMP parameter Change supervisor password Change supervisor ID Configure time synchronization 14.13.
14.13.2 Security Security command can be configured sixteen legal IP address for telnet access and telnet port number. Move the cursor “ >> “ to security and press enter. The default legal address is 0.0.0.0. It means that there is no restriction of IP to access the router via telnet. >> port ip_pool list Configure telent TCP port Legal address IP address pool Show security profile 14.13.
---------------------------------------------------------------------- The screen will prompt as follow: >> edit list Edit trap host parameter Show trap configuration 14.13.4 Supervisor Password and ID The supervisor password and ID are the last door for security but the most important. Users who access the router via web browser have to use the ID and password to configure the router and users who access the router via telnet or console mode have to use the password to configure the router.
time_server2 Configure time server 2 time_server3 Configure time server 3 updaterate Configure update period time_zone Configure GMT time zone offset list Show SNTP configuration To configure SNTP v4 time synchronization, follow the below procedures. move the cursor to method and press enter. ---------------------------------------------------------------------Command: admin sntp method Message: Please input the following information.
Move the cursor to list and review the setting. 14.14 Utility There are three utility tools, upgrade, backup and restore, embedded in the firmware. You can update the new firmware via TFTP upgrade tools and backup the configuration via TFTP backup tool and restore the configuration via TFTP restore tool. For upgrade, TFTP server with the new firmware will be supported by supplier but for backup and restore, you must have your own TFTP server to backup and restore the file.
14.16 Setup All of the setup parameters are located in the subdirectories of setup. Move the cursor “ >> “ to setup and press enter. >> mode shdsl.bis wan bridge vlan route lan ip_share firewall dhcp dns_proxy hostname default Switch system operation mode Configure SHDSL.
Generally, you cannot need to change SNR margin, which range is from 0 to 10. SNR margin is an index of line connection. You can see the actual SNR margin in STATUS SHDSL.bis. The larger is SNR margin; the better is line connection quality. If you set SNR margin in the field as 2, the SHDSL.bis connection will drop and reconnect when the SNR margin is lower than 2. On the other hand, the device will reduce the line rate and reconnect for better line connection. 14.16.
minutes. Most of the ISP use dynamic IP for PPP connection but some of the ISP use static IP. Configure the IP type, dynamic or fixed, via ip_type command. You can review the WAN interface configuration via list command. 14.16.4 Bridge You can setup the bridge parameters in bridge command. If the product is configured as a router, you do not want to setup the bridge parameters. Move the cursor “ >> “ to bridge and press enter.
14.16.5 VLAN Virtual LAN (VLAN) is defined as a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLAN is based on logical instead of physical connections, it is extremely flexible. You can setup the Virtual LAN (VLAN) parameters in vlan command. The router support the implementation of VLAN-to-PVC only for bridge mode operation, i.e.
tagged members. Use PVID command to change the member port to untagged members To assign PVID (Port VID), move the cursor “>>” to PVID and press enter. The port index 1 to 4 represents LAN1 to LAN4 respectively and port index 5 to 12 represents WAN1 to WAN8. VID value is the group at which you want to assign the PVID of the port. PVID is ---------------------------------------------------------------------Command: setup vlan pvid <1~12> <1~4094> Message: Please input the following information.
You can add 20 sets of static route entry by using add command. Type the IP information of the static route including IP address, subnet mask and gateway. You can delete the static route information via delete command. You can review the static route entry by using list command. To configure Routing Information Protocol (RIP), you can use rip command to setup the parameters. Move the cursor “>>” to rip and press enter.
14.16.8 LAN LAN interface parameters can be configured LAN IP address, subnet mask and NAT network type. >> address attrib LAN IP address and subnet mask NAT network type 14.16.9 IP share You can configure Network Address Translation (NAT), Port Address Translation (PAT) and Demilitarized Zone parameters in ip_share menu. Move the cursor “>>” to ip_share then press enter.
Command: setup ip_share nat virtual range <1~5> <1~253> Message: Please input the following information. NAT local address range entry number <1~5>: 1 Base address: 192.168.0.2 Number of address: 49 ---------------------------------------------------------------------- You can delete virtual IP address range- from 1 to 5- by using delete command. You can view the virtual IP address range via list command. To setup global IP address pool, move the cursor “>>” to global command and press enter.
You can create up to 10 fixed NAT mapping entry via range command. ---------------------------------------------------------------------Command: setup ip_share nat fixed modify <1~1o> Message: Please input the following information. Fixed NAT mapping entry number <1~10>: 1 Local address: 192.168.0.250 Global address: 122.22.22.
Set the active interface number via interface command. You can configure the global port number by using port command. The local server, host, IP address and port number are configured via server command. The authorized access protocol is setup via protocol command. Name command can be used to configure the service name of the host server. Begin and end command is used to setup the local server schedule to access. You can view the fixed NAT mapping entry via list command. 14.16.
There are three level of firewall which you can setup in this product. Level one, basic, only enables the NAT firewall and the remote management security. The NAT firewall will take effect if NAT function is enabled. The remote management security is default to block any WAN side connection to the device. Non-empty legal IP pool in ADMIN will block all remote management connection except those IPs specified in the pool.
dos_protection and press enter.
The add parameters of IPQoS can be configured via add command >> Protocol local_ip remote_ip Port description Enable Precedence Configure protocol Configure local IP parameter Configure remote IP parameter Configure port parameter Policy description Enable the policy Configure precedence parameter The port type is configured by protocol command. The local ip range is configured by local_ip command. The remote ip range is configured by remote_ip command. The port range is configured by port command.
>> generic fixed list Configure generic DHCP parameters Configure fixed host IP address list Show DHCP configuration The generic DHCP parameters can be configured via generic command.
14.16.19 Host name Enter local host name via hostname command. Move cursor “ >> “ to hostname and press enter. ---------------------------------------------------------------------Command: setup hostname Message: Please input the following information. Local hostname (ENTER for default) : test ---------------------------------------------------------------------- 14.16.20 Default If you want to restore factory default, first move the cursor “ >> “ to default and then press enter.
Transmission Series CTC Union Technologies Co., Ltd. Far Eastern Vienna Technology Center (Neihu Technology Park) 8F, No.60, Zhouzi Street Neihu District, Taipei, Taiwan Phone:(886) 2.2659.1021 Fax:(886) 2.2799.1355 E-mail: info@ctcu.com Url:http://www.ctcu.
