™ Netopia 4753 G.
Copyright ©2001 Netopia, Inc., v.051601 All rights reserved. Printed in the U.S.A. This manual and any associated artwork, software, and product designs are copyrighted with all rights reserved. Under the copyright laws such materials may not be copied, in whole or part, without the prior written consent of Netopia, Inc. Under the law, copying includes translation to another language or format. Netopia, Inc. 2470 Mariner Square Loop Alameda, CA 94501-1010 U.S.A.
Contents Contents iii Part I: Getting Started Chapter 1 — Introduction..........................................................1-1 Overview ....................................................................... 1-1 Features and Capabilities ............................................... 1-1 How to Use This Guide ................................................... 1-2 Chapter 2 — Setting Up Internet Services .................................2-1 Definition of Terms.......................................
iv Administration Guide Chapter 5 — Connecting to Your Local Network .........................5-1 Readying Computers on Your Local Network..................... 5-2 Connecting to an IP and Telephone Network..................... 5-3 Chapter 6 — Console-Based Management .................................6-1 Connecting through a Telnet Session............................... 6-2 Configuring Telnet software................................... 6-2 Connecting a Console Cable to Your Device .....................
Contents Creating a New Connection Profile................................. The WAN Default Profile................................................ IP Parameters (Default Profile) screen ................. The ATMP/PPTP Default Profile ..................................... System Configuration Screens ..................................... Navigating through the System Configuration screens............................................................. System Configuration Features ............................
vi Administration Guide Supported traffic ............................................... 11-5 MultiNAT Configuration ................................................. 11-6 Easy Setup Profile configuration .......................... 11-6 Server Lists and Dynamic NAT configuration......... 11-6 IP setup ............................................................ 11-7 Modifying map lists .......................................... 11-13 Moving maps...................................................
Contents vii Allowing VPNs through a Firewall ................................. 12-21 PPTP example.................................................. 12-23 ATMP example ................................................. 12-26 Chapter 13 — Security ...........................................................13-1 Suggested Security Measures....................................... 13-1 User Accounts ............................................................. 13-1 Telnet Access .................................
viii Administration Guide Current status ................................................... 14-3 Status lights...................................................... 14-3 Statistics & Logs ......................................................... 14-4 Event Histories ............................................................ 14-4 WAN Event History ............................................. 14-5 Device Event History .......................................... 14-6 Voice Logs............................
Contents ix Part III: Appendixes Appendix A — Troubleshooting..................................................A-1 Configuration Problems .................................................. A-1 Console connection problems ............................... A-2 Network problems................................................ A-2 How to Reset the Netopia 4753 to Factory Defaults ......... A-3 Power Outages .............................................................. A-3 Technical Support .....................
x Administration Guide Agency Approvals........................................................... Regulatory notices ............................................... Important Safety instructions ............................... Netopia 4753 Specifications .......................................... Physical interface ................................................ Data features ...................................................... Hardware specifications .......................................
Part I: Getting Started
Administration Guide
Introduction 1-1 Chapter 1 Introduction Overview The Netopia 4753 Voice/Data Integrated Access Devices (IADs) make it possible for small businesses to take advantage of the advanced communications technologies previously limited to larger organizations. By integrating multiple voice connections and high-speed Internet access on one DSL line, businesses can squeeze the most out of their communications budget. The Netopia 4753 G.
1-2 Administration Guide An IAD combines the voice telephony features of a telephone PBX system with the data routing features of an IP data router. The device uses a single outside line connection to carry all voice and data transmissions. If the device uses a DSL interface, it can carry all of these services over a single existing copper telephone line by using the different frequency ranges available on the copper wire for voice and data traffic. The Netopia 4753 G.
Setting Up Internet Services 2-1 Chapter 2 Setting Up Internet Services This chapter describes how to obtain and set up Internet services. This section covers the following topics: ■ “Definition of Terms” on page 2-1 ■ “Finding an Internet Service Provider” on page 2-2 ■ “Deciding on an ISP Account” on page 2-2 ■ “Obtaining Information from the ISP” on page 2-3 Note: Some companies act as their own ISP.
2-2 Administration Guide Finding an Internet Service Provider The Netopia 4753 G.SHDSL Integrated Access Device provides its high speed symmetric (two-way) digital connection to the Internet through a Competitive Local Exchange Carrier (CLEC) -- a type of mini phone company. The CLEC uses a compatible type of switching equipment known as a Digital Subscriber Line Access Multiplexer (DSLAM). The DSLAM that you connect to with your Netopia Router must be capable of handling these symmetric connections.
Setting Up Internet Services 2-3 Setting up a Netopia 4753 account Check whether your ISP has the Netopia 4753 on its list of supported products that have been tested with a particular configuration. If the ISP does not have the Netopia 4753 on such a list, describe the Netopia 4753 in as much detail as needed, so your ISP account can be optimized. As appropriate, refer your ISP to Netopia’s Web site www.netopia.com for more information.
2-4 Administration Guide not define the IP address information on your local LAN. You can define this information based on an IP configuration that may already be in place for the existing network. Alternatively, you can use the default IP address range used by the router. Without Network Address Translation If you are not using Network Address Translation, you will need to obtain all of the local LAN IP address information from your ISP.
Making the Physical Connections 3-1 Chapter 3 Making the Physical Connections This section tells you how to make the physical connections to your Netopia 4753 G.SHDSL Integrated Access Device.
3-2 Administration Guide What You Need Locate all items that you need for the installation. Included in your package are: ■ The Netopia 4753 G.SHDSL Integrated Access Device ■ A power adapter and cord with a mini-DIN8 connector ■ One 6 ft. RJ45 10/100 Ethernet cable ■ One 6 ft.
Making the Physical Connections 3-3 Important Safety instructions CAUTION: Depending on the power supply provided with the product, either the direct plug-in power supply blades, power supply cord plug or the appliance coupler serves as the main power disconnect. It is important that the direct plug-in power supply, socket-outlet or appliance coupler be located so it is readily accessible.
3-4 Administration Guide Identify the Connectors and Attach the Cables Identify the connectors on the back panel and attach the necessary Netopia cables. The figure below displays the back of the Netopia 4753 G.SHDSL Integrated Access Device. Netopia 4753 back panel 1 2 3 4 5 6 7 Telephone Extension ports 8 Telephone Extensions DSL 10/100 Ethernet DSL Line port Console Power Console port Power port 10/100 Ethernet port The following table describes all the Netopia 4753 G.
Making the Physical Connections 3-5 Netopia 4753 Status Lights The figure below represents the Netopia 4753 status light (LED) panel. Netopia 4753 LED front panel 1 2 3 4 5 6 7 8 9 10 1112 D S L E th e r n e t E r r o r P o w e r Voice The following table summarizes the meaning of the various LED states and colors: When this happens...
3-6 Administration Guide
Sharing the Connection 4-1 Chapter 4 Sharing the Connection Once you have set up your physical local area network, you will need to configure the TCP/IP stack on each client workstation connected to your Netopia 4753. This chapter describes how to configure TCP/IP for both Windows-based and Macintosh computers.
4-2 Administration Guide Configuring TCP/IP on Windows-based Computers Configuring TCP/IP on a Windows computer requires the following: ■ An Ethernet card (also known as a network adapter) ■ The TCP/IP protocol must be “bound” to the adapter or card Dynamic configuration (recommended) To configure your PC for dynamic addressing do the following: 1. Go to the Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Configuration tab. 2.
Sharing the Connection 4-3 Static configuration (optional) If you are manually configuring for a fixed or static IP address, perform the following: 1. Go to Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Configuration tab. 2. Select TCP/IP-->Your Network Card. Then select Properties. In the TCP/IP Properties screen, select the IP Address tab. Click “Specify an IP Address.” Enter the following: IP Address: 192.168.1.2 Subnet Mask: 255.
4-4 Administration Guide 3. Click on the Gateway tab (shown below). Under “New gateway,” enter 192.168.1.1. Click Add. This is the Netopia 4753’s pre-assigned IP address. Click on the DNS Configuration tab. Click Enable DNS. Enter the following information: Host: Type the name you want to give to this computer. Domain: Type your domain name. If you don't have a domain name, type your ISP's domain name; for example, netopia.com.
Sharing the Connection 4-5 Configuring TCP/IP on Macintosh Computers The following is a quick guide to configuring TCP/IP for MacOS computers. Configuring TCP/IP in a Macintosh computer requires the following: You must have either Open Transport or Classic Networking (MacTCP) installed.
4-6 Administration Guide Static configuration (optional) If you are manually configuring for a fixed or static IP address, perform the following: 1. Go to the Apple menu. Select Control Panels and then TCP/IP or MacTCP. 2. With the TCP/IP window open, go to the Edit menu and select User Mode. Choose Advanced and click OK. Or, in the MacTCP window, select Ethernet and click the More button. 3.
Sharing the Connection 4-7 Note: You can also use these instructions to configure other computers on your network with manual or static IP addresses. Be sure each computer on your network has its own IP address. More information about configuring your Macintosh computer for TCP/IP connectivity through a Netopia 4753 can be found in Technote NIR_026, “Open Transport and Netopia Routers,” located on the Netopia Web site.
4-8 Administration Guide
Connecting to Your Local Network 5-1 Chapter 5 Connecting to Your Local Network This chapter describes how to physically connect the Netopia 4753 to your local area network (LAN). Before you proceed, make sure the Netopia 4753 is properly configured. You can customize the device’s configuration for your particular LAN requirements using console-based management (see “Console-Based Management” on page 6-1).
5-2 Administration Guide Readying Computers on Your Local Network PC and Macintosh computers must have certain components installed before they can communicate through the Netopia 4753. The following illustration shows the minimal requirements for a typical PC or Macintosh computer. Application software TCP/IP stack Ethernet Your PC or Macintosh computer To the Netopia 4753 Application software: This is the software you use to send e-mail, browse the World Wide Web, read newsgroups, etc.
Connecting to Your Local Network 5-3 Connecting to an IP and Telephone Network The Netopia 4753 supports Ethernet connections through its Ethernet port. You can connect a standard 10 or 100Base-T Ethernet network to the Netopia 4753 using its Ethernet port.
5-4 Administration Guide
Console-Based Management 6-1 Chapter 6 Console-Based Management Console-based management is a menu-driven interface for the capabilities built into the Netopia 4753. Console-based management provides access to a wide variety of features that the router supports. You can customize these features for your individual setup. This chapter describes how to access the console-based management screens.
6-2 Administration Guide may be using the router to connect to more than one service provider or remote site. ■ The System Configuration menus display and permit changing: ■ Internet protocol setup. See “IP Setup” on page 10-1. ■ Filter sets (firewalls). See “Security” on page 13-1. ■ IP address serving. See “IP Address Serving” on page 10-10. ■ Date and time. See “Date and time (Network Time Protocol)” on page 9-17. ■ Console configuration.
Console-Based Management 6-3 from the Start menu. ■ If you connect a Macintosh computer, you can use the NCSA Telnet program supplied on the Netopia 4753 CD. You install NCSA Telnet by simply dragging the application from the CD to your hard disk.
6-4 Administration Guide Launch your terminal emulation software and configure the communications software for the values shown in the table below. These are the default communication parameters that the Netopia 4753 uses. Parameter Terminal type Suggested Value PC: ANSI-BBS Mac: ANSI, VT-100, or VT-200 Data bits 8 Parity None Stop bits 1 Speed 9600 bits per second (can be set for up to 57600) Flow Control None Note: The router firmware contains an autobaud detection feature.
Console-Based Management 6-5 Navigating through the Console Screens Use your keyboard to navigate the Netopia 4753’s configuration screens, enter and edit information, and make choices. The following table lists the keys to use to navigate through the console screens. To... Use These Keys...
6-6 Administration Guide
Easy Setup 7-1 Chapter 7 Easy Setup This chapter describes how to use the Easy Setup console screens on your Netopia 4753 G.SHDSL Integrated Access Device. After completing the Easy Setup console screens, your device will be ready to connect to the Internet or another remote site.
7-2 Administration Guide A screen similar to the following Main Menu appears: Netopia 4753 v5.1 Easy Setup... WAN Configuration... System Configuration... Voice Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... Return/Enter goes to Easy Setup -- minimal configuration. You always start from this main screen.
Easy Setup 7-3 Quick Easy Setup Connection Path This section may be all you need to do to configure your Netopia 4753 G.SHDSL Integrated Access Device to connect to the Internet. Your service provider must supply you with several parameter values for you to enter in the device.
7-4 Administration Guide Parameter: Password (or Secret) Default value: Your value: n/a IP Easy Setup Screen Ethernet IP Address Ethernet Subnet Mask 192.168.1.1 255.255.255.0 Domain Name n/a Primary Domain Name Server n/a Secondary Domain Name Server n/a Default IP Gateway n/a Easy Setup Security Configuration Screen Write Access Name n/a Write Access Password n/a (If you want to record these values, you can print these pages and use the spaces above.
Easy Setup 7-5 2. Select the first item on the Main Menu list, Easy Setup. Press Return to bring up the DSL Line Configuration menu screen. DSL Line Configuration DSL Line Configuration Regional Setting... Annex A Data Link Encapsulation... RFC1483 Mode... PPP over Ethernet (PPPoE): RFC1483 Bridged 1483 Off Data Circuit VPI (0-255): Data Circuit VCI (0-65535): 8 35 PREVIOUS SCREEN NEXT SCREEN 3. Select Regional Setting and from the pop-up menu select either Annex A or Annex B.
7-6 Administration Guide Voice Easy Setup Voice Easy Setup +------------+ +------------+ Voice Gateway... | CopperCom | | JetStream | Voice VPI (0-255): | TollBridge | Voice VCI (0-65535): | TDSoft | | Zhone | +------------+ PREVIOUS SCREEN NEXT SCREEN 1. Select Voice Gateway and press Return. The pop-up menu will offer you the choice of popular voice gateway devices. Your selection depends on which type your ISP uses: CopperCom, JetStream, TollBridge, TDSoft, or Zhone. 2.
Easy Setup 7-7 Easy Setup Profile The Easy Setup Profile screen is where you configure the parameters that control the Netopia 4753’s connection to a specific remote destination, usually your ISP or a corporate site. On a Netopia 4753 G.SHDSL Integrated Access Device you can add up to 15 more connection profiles, for a total of 16, although, except for Virtual Private Networks, you can only use one at a time. Connection Profile 1: Easy Setup Profile Address Translation Enabled: IP Addressing...
7-8 Administration Guide IP Easy Setup The IP Easy Setup screen is where you enter information about your Netopia Router’s: ■ Ethernet IP address ■ Ethernet Subnet mask ■ Domain Name ■ Domain Name Server IP address ■ Default gateway IP address Consult with your network administrator to obtain the information you will need. For more information about setting up IP, see “IP Setup” on page 10-1. IP Easy Setup Ethernet IP Address: Ethernet Subnet Mask: 192.168.1.1 255.255.255.
Easy Setup 7-9 5. Type the Primary Domain Name Server address your ISP gave you. Press Return. A new field Secondary Domain Name Server will appear. If your ISP gave you a secondary domain name server address, enter it here. Press Return until the next field Default IP Gateway is highlighted. 6. If you do not enter a Default IP Gateway value, the router defaults to the remote IP address you entered in the Easy Setup connection profile.
7-10 Administration Guide Easy Setup Security Configuration It is strongly suggested that you password-protect configuration access to your Netopia. By entering a Name and Password pair here, access via serial, Telnet, and SNMP will be password-protected. Be sure to remember what you have typed here, because you will be prompted for it each time you configure this Netopia. You can remove an existing Name and Password by clearing both fields below.
Voice Configuration 8-1 Chapter 8 Voice Configuration This chapter describes the telephony services and configuration of the Netopia 4753 G.SHDSL Integrated Access Device. For specific details on configuration and use of the Netopia 4753’s Internet connection, refer to Chapter 7, “Easy Setup” and Chapter 9, “WAN and System Configuration.
8-2 Administration Guide distance or local calls. Toll Restriction Operation - PBX/Local Switching Mode: When you pick up the phone, you receive local PBX dial tone. When a 9 (or outside line code) is pressed, the IAD detects the digit and returns busy (locally generated). Incoming calls are allowed. Extension calls (locally switched) are allowed. ■ Speed Dial - Centrex Mode: In Centrex Mode, when you pick up the phone, dial-tone from the central office is present.
Voice Configuration 8-3 Voice Configuration Voice Gateway... CopperCom Ring Cadence... 20 Hz Port Configuration... Voice Coding... mu-law LES Profile Number... Profile 9 ■ Select Voice Gateway and from the pop-up menu, choose the type of voice gateway device to which you will be connected. The choices are: CopperCom, JetStream, TollBridge, TDSoft, or Zhone. ■ Select Ring Cadence and press Return.
8-4 Administration Guide Echo cancellation is set to Yes by default. For ordinary telephone handsets, echo cancellation should be set to Yes (turned on) to eliminate echoes on the voice line. Toggling a port to No allows you to connect a fax machine or modem to the phone port (since fax machines and modems automatically cancel echoes). If you want to disable echo cancellation, toggle this item to No. You can enable or disable echo cancellation for each port on the Netopia 4753.
Part II: Advanced Configuration
Administration Guide
WAN and System Configuration 9-1 Chapter 9 WAN and System Configuration This chapter describes how to use the console-based management screens to access and configure advanced features of your Netopia 4753 G.SHDSL Integrated Access Device. You can customize these features for your individual setup. These menus provide a powerful method for experienced users to set up their device’s connection profiles and system configuration.
9-2 Administration Guide WAN Configuration To configure your Wide Area Network (WAN) connection, navigate to the WAN Configuration screen from the Main Menu and select WAN Configuration, then WAN (Wide Area Network) Setup. WAN Configuration Main Menu WAN Setup The DSL Line Configuration screen appears. DSL Line Configuration Regional Setting... Annex A Clock Source... Cell Format... Unused Cell Format... Network Scrambled Idle Data Link Encapsulation... RFC1483 Mode...
WAN and System Configuration 9-3 need to change it unless your provider specifically tells you to do so. ■ ■ Select Data Link Encapsulation and from the pop-up menu choose your DLE. ■ If you selected RFC1483, the next pop-up menu RFC1483 Mode offers the choice of Bridged 1483 or Routed 1483. If you select Bridged 1483, a new option PPP over Ethernet (PPPoE) appears. You can then toggle PPPoE On or Off. Choosing Routed 1483 hides the PPPoE option.
9-4 Administration Guide Multiple ATM PVC configuration You configure Virtual Circuits in the Add/Change Circuit screen. From the Main Menu, navigate to the DSL Line Configuration screen. Main Menu WAN Configuration WAN Setup DSL Line Configuration WAN DSL Mode... Regional Setting... ATM Annex A Clock Source... Cell Format... Unused Cell Format... Network Scrambled Idle Data Link Encapsulation... RFC1483 Mode... PPP over Ethernet (PPPoE): RFC1483 Bridged 1483 Off Display/Change Circuit...
WAN and System Configuration 9-5 Choosing Display/Change Circuit (or Delete Circuit) displays a pop-up menu that allows you to select the circuit to be modified or deleted. DSL Line Configuration WAN DSL Mode... Regional Setting... ATM Annex A Clock Source... Cell Format... Unused Cell Format... Network Scrambled +---Circuit Name----VPI/VCI---+ +-----------------------------+ | Circuit 1 8/35 | | Voice Circuit 0/0 | | | | | | | | | | | | | +-----------------------------+ Data Link Encapsulation...
9-6 Administration Guide ■ Circuit Enabled allows you to enable or disable the circuit, using the Tab key. The default is enabled. ■ Traffic Type allows you to select which type of traffic will be routed on this circuit, Voice or Data. If you choose Voice, the Connection Profile is field becomes unavailable and does not display. ■ Circuit VPI allows you to specify the Virtual Path Identifier (VPI) value for the circuit. The default VPI value for both ADSL and cell-based DSL is zero (0).
WAN and System Configuration 9-7 Adding a circuit Choosing Add Circuit displays the Add Circuit screen. Add Circuit Circuit Name: Circuit Enabled: Traffic Type... Circuit VPI (0-255): Circuit 3 +---------+ +---------+ | Voice | | Data | +---------+ Circuit VCI (0-65535): 0 Use Connection Profile... Use Default Profile for Circuit Default Profile ADD Circuit NOW CANCEL The fields in the Add Circuit screen are the similar to the fields in the Change Circuit screen described above.
9-8 Administration Guide Monitoring multiple virtual circuits The General Statistics screen adds a selection for ATM VC Statistics. To access the ATM VC Statistics screen navigate from the Main Menu to Statistics & Logs then General Statistics. Main Menu Statistics & Logs General Statistics The General Statistics screen appears.
WAN and System Configuration 9-9 The ATM VC Statistics screen appears. ATM VC Statistics VPI/VCI------Local IP Addr---------Frames Rx--Frames Tx---Bytes Rx---Bytes Tx ----------------------------------SCROLL UP----------------------------------0/39 111.222.333.
9-10 Administration Guide Creating a New Connection Profile For a Netopia 4753, connection profiles are useful for configuring the connection and authentication settings for negotiating a PPP connection on the DSL link. If you are using the PPP data link encapsulation method, you can store your authentication information in the connection profile so that your user name and password (or host name and secret) are transmitted when you attempt to connect.
WAN and System Configuration 9-11 3. Select Data Link Encapsulation and press Return. The pop-up menu offers the possible data link encapsulation methods for connection profiles used for a variety of purposes: PPP, RFC1483, ATMP, PPTP, or IPsec. If you select any data link encapsulation method other than RFC1483, a Data Link Options menu item is displayed; if you select RFC1483, Data Link Options is hidden. 4.
9-12 Administration Guide IP Profile Parameters Address Translation Enabled: Yes Local WAN IP Address: 0.0.0.0 Remote IP Address: Remote IP Mask: 0.0.0.0 0.0.0.0 Filter Set... Remove Filter Set Receive RIP: Off Toggle to Yes if this is a single IP address ISP account. Configure IP requirements for a remote network connection here. 7. Toggle or enter any IP Parameters you require and return to the Add Connection Profile screen by pressing Escape. For more information, see “IP Setup” on page 10-1.
WAN and System Configuration 9-13 The WAN Default Profile If you are using RFC1483 datalink encapsulation, the WAN Default Profile screen controls whether or not the DSL link will come up without an explicitly configured connection profile. (PPP datalink encapsulation does not support a default profile, and the corresponding menu item is unavailable.) See “Creating a New Connection Profile” on page 9-10 for more information.
9-14 Administration Guide IP Parameters (Default Profile) screen If you are using RFC1483 datalink encapsulation, the IP Parameters (Default Profile) screen allows you to configure various IP parameters for DSL connections established without an explicitly configured connection profile: IP Parameters (Default Profile) Address Translation Enabled: No Filter Set (Firewall)... Remove Filter Set Receive RIP: Transmit RIP: Both Off Return/Enter accepts * Tab toggles * ESC cancels.
WAN and System Configuration 9-15 The ATMP/PPTP Default Profile The ATMP/PPTP Default Profile screen controls whether or not your device will answer VPN connection attempts without an explicitly configured connection profile. See “Virtual Private Networks (VPNs)” on page 12-1 for more information.
9-16 Administration Guide Main Menu System Configuration IP Setup This particular path guide shows how to get to the IP Setup screens. The path guide represents these steps: ■ Beginning in the Main Menu, select System Configuration and press Return. The System Configuration screen appears. ■ Select IP Setup and press Return. The IP Setup screen appears. To go back in this sequence of screens, use the Escape key. System Configuration Features The Netopia 4753 G.
WAN and System Configuration 9-17 The System Configuration menu screen appears: System Configuration IP Setup... Filter Sets... IP Address Serving... Date and Time... Console Configuration... SNMP (Simple Network Management Protocol)... Security... Upgrade Feature Set... Logging... Use this screen if you want options beyond Easy Setup. Network protocols setup These screens allow you to configure your network’s use of the standard networking protocols: ■ IP: Details are given in “IP Setup” on page 10-2.
9-18 Administration Guide Set Date and Time NTP (Network Time Prot.) Enabled: Time Server Host Name/IP Address Time Zone... NTP Update Interval (HHHH:MM) On 204.152.184.72 GMT -8:00 Pacific Standard Time 1:00 System Date Format: MM/DD/YY System Time Format: AM/PM The Netopia 4753 uses Network Time Protocol (NTP) by default to set the date and time automatically. You may want to modify the default settings for your own environment. NTP takes effect five minutes after the device boots.
WAN and System Configuration 9-19 DD/MM/YY, or YY/MM/DD. ■ Enter the Current Date in whatever format you have chosen. ■ From the pop-up System Time Format menu select your preferred time notation: AM/PM or 24hr. ■ Enter the Current Time in whatever format you have chosen. ■ From the AM or PM pop-up menu, select AM or PM. Console configuration You can change the default terminal communications parameters to suit your requirements.
9-20 Administration Guide SNMP (Simple Network Management Protocol) These screens allow you to monitor and configure many of the data routing features of your network by means of a standard Simple Network Management Protocol (SNMP) agent. ■ Details are given in “SNMP” on page 14-13. Security These screens allow you to add users and define passwords on your network. ■ Details are given in “Security” on page 13-1.
WAN and System Configuration 9-21 By default, all events are logged in the event history. ■ By toggling each event descriptor to either Yes or No, you can determine which ones are logged and which are ignored. ■ You can enable or disable the syslog client dynamically. When enabled, it will report any appropriate and previously unreported events. ■ You can specify the syslog server’s address either in dotted decimal format or as a DNS name up to 63 characters.
9-22 Administration Guide
IP Setup 10-1 Chapter 10 IP Setup The Netopia 4753 uses Internet Protocol (IP) to communicate both locally and with remote networks. This chapter shows you how to configure the router to route IP traffic. You also learn how to configure the router to serve IP addresses to hosts on your local network. Netopia’s IP routing features Network Address Translation, Virtual Private Networking (VPNs), and IP address serving.
10-2 Administration Guide IP Setup Main Menu System Configuration IP Setup The IP Setup options screen is where you configure the Ethernet side of the Netopia 4753. The information you enter here controls how the router routes IP traffic. Consult your network administrator or ISP to obtain the IP setup information (such as the Ethernet IP address, Ethernet subnet mask, default IP gateway, and Primary Domain Name Server IP address) you will need before changing any of the settings in this screen.
IP Setup 10-3 The Netopia 4753 G.SHDSL Integrated Access Device supports multiple IP subnets on the Ethernet interface. You may want to configure multiple IP subnets to service more hosts than are possible with your primary subnet. It is not always possible to obtain a larger subnet from your ISP. For example, if you already have a full Class C subnet, your only option is multiple Class C subnets, since it is virtually impossible to justify a Class A or Class B assignment.
10-4 Administration Guide IP subnets The IP Subnets screen allows you to configure up to eight Ethernet IP subnets on unlimited-user models, one “primary” subnet and up to seven secondary subnets, by entering IP address/subnet mask pairs: IP Subnets #1: IP Address ---------------192.128.117.162 Subnet Mask --------------255.255.255.0 #2: 0.0.0.0 0.0.0.0 #3: #4: #5: #6: #7: #8: Note: You need not use this screen if you have only a single Ethernet IP subnet.
IP Setup 10-5 For example: IP Subnets #1: IP Address ---------------192.128.117.162 Subnet Mask --------------255.255.255.0 #2: 192.128.152.162 255.255.0.0 #3: 0.0.0.0 0.0.0.0 #4: #5: #6: #7: #8: ■ To delete a configured subnet, set both the IP address and subnet mask values to 0.0.0.0, either explicitly or by clearing each field and pressing Return to commit the change. When a configured subnet is deleted, the values in subsequent rows adjust up to fill the vacant fields.
10-6 Administration Guide If you have configured multiple Ethernet IP subnets, the IP Setup screen changes slightly: IP Setup Subnet Configuration... Default IP Gateway: 192.128.117.163 Primary Domain Name Server: Secondary Domain Name Server: Domain Name: 0.0.0.0 0.0.0.0 Receive RIP... Transmit RIP... Both v2 (multicast) Static Routes... Network Address Translation (NAT)... IP Address Serving... Set up the basic IP attributes of your Netopia in this screen.
IP Setup 10-7 The Static Routes screen will appear. Static Routes Display/Change Static Route... Add Static Route... Delete Static Route... Configure/View/Delete Static Routes from this and the following Screens. Viewing static routes To display a view-only table of static routes, select Display/Change Static Route. The table shown below will appear. +-Dest. Network---Subnet Mask-----Next Gateway----Priority-Enabled-+ +------------------------------------------------------------------+ | 0.0.0.0 0.0.0.
10-8 Administration Guide Subnet Mask: The subnet mask associated with the destination network. Next Gateway: The IP address of the router that will be used to reach the destination network. Priority: An indication of whether the Netopia 4753 will use the static route when it conflicts with information received from RIP packets. Enabled: An indication of whether the static route should be installed in the IP routing table. To return to the Static Routes screen, press Escape.
IP Setup 10-9 information; Low means that the RIP information takes precedence over the static route. ■ If the static route conflicts with a connection profile, the connection profile will always take precedence. ■ To make sure that the static route is known only to the Netopia 4753, select Advertise Route Via RIP and toggle it to No. To allow other RIP-capable routers to know about the static route, select Advertise Route Via RIP and toggle it to Yes.
10-10 Administration Guide IP Address Serving Main Menu System Configuration IP Address Serving • Serve DHCP Clients • Serve BootP Clients • Serve Dynamic WAN Clients In addition to being a router, the Netopia 4753 is also an IP address server. There are three protocols it can use to distribute IP addresses.
IP Setup 10-11 Follow these steps to configure IP Address Serving: ■ If you enabled IP Address Serving, then DHCP, BootP clients and Dynamic WAN clients are automatically enabled. ■ The IP Address Serving Mode pop-up menu allows you to choose the way in which the Netopia 4753 will serve IP addresses. The device can act as either a DHCP Server or a DHCP Relay Agent. (See “DHCP Relay Agent” on page 10-23 for more information.
10-12 Administration Guide If you have configured multiple Ethernet IP subnets, the appearance of the IP Address Serving screen is altered slightly: IP Address Serving Configure Address Pools... Serve DHCP Clients: DHCP NetBios Options... Yes Serve BOOTP Clients: Yes Serve Dynamic WAN Clients: Yes The first three menu items are hidden, and Configure Address Pools... appears instead. If you select Configure Address Pools...
IP Setup 10-13 IP Address Pools The IP Address Pools screen allows you to configure a separate IP address serving pool for each of up to eight configured Ethernet IP subnets: IP Address Pools Subnet (# host addrs) --------------------192.128.117.0 (253) 1st Client Addr --------------192.128.117.196 Clients ------16 Client Gateway -------------192.128.117.162 192.129.117.0 192.129.117.110 8 192.129.117.4 (253) This screen consists of between two and eight rows of four columns each.
10-14 Administration Guide Numerous factors influence the choice of served address. It is difficult to specify the address that will be served to a particular client in all circumstances. However, when the address server has been configured, and the clients involved have no prior address serving interactions, the Netopia 4753 will generally serve the first unused address from the first address pool with an available address.
IP Setup 10-15 DHCP NetBIOS Options If your network uses NetBIOS, you can enable the Netopia 4753 to use DHCP to distribute NetBIOS information. NetBIOS stands for Network Basic Input/Output System. It is a layer of software originally developed by IBM and Sytek to link a network operating system with specific hardware. NetBIOS has been adopted as an industry standard. It offers LAN applications a variety of “hooks” to carry out inter-application communications and data transfer.
10-16 Administration Guide ■ From the NetBios Type pop-up menu, select the type of NetBIOS used on your network. DHCP NetBios Options Serve NetBios Type: NetBios Type... Serve NetBios Scope: NetBios Scope: Serve NetBios Name Server: NetBios Name Server IP Addr: ■ +--------+ +--------+ | Type B | | Type P | | Type M | | Type H | +--------+ No 0.0.0.0 To serve DHCP clients with the NetBIOS scope, select Serve NetBios Scope and toggle it to Yes. Select NetBios Scope and enter the scope.
IP Setup 10-17 IP Address Lease Management Reset All Leases Release BootP Leases Reclaim Declined Addresses Hit RETURN/ENTER, you will return to the previous screen. Select Release BootP Leases and press Return. More Address Serving Options The Netopia 4753 includes a number of enhancements in the built-in DHCP IP address server. These enhancements include: ■ The ability to exclude one or more IP addresses from the address serving pool so the addresses will not be served to clients.
10-18 Administration Guide Configuring the IP Address Server options To access the enhanced DHCP server functions, from the Main Menu navigate to Statistics & Logs and then Served IP Addresses. Main Menu Statistics & Logs Served IP Addresses The following example shows the Served IP Addresses screen after three clients have leased IP addresses. The first client did not provide a Host Name in its DHCP messages; the second and third clients did.
IP Setup 10-19 You can select the entries in the Served IP Addresses screen. Use the up and down arrow keys to move the selection to one of the entries in the list of served IP addresses. Served IP Addresses -IP Address------Type----Expires—-Host Name/Client Identifier--------------------------------------------------SCROLL UP----------------------------------192.168.1.100 192.168.1.101 192.168.1.102 192.168.1.103 192.168.1.104 192.168.1.105 192.168.1.106 +------------+ 192.168.1.107 +------------+ 192.
10-20 Administration Guide ■ Details… is displayed if the entry is associated with both a host name and a client identifier. Selecting Details… displays a pop-up menu that provides additional information associated with the IP address. The pop-up menu includes the IP address as well as the host name and client identifier supplied by the client to which the address is leased.
IP Setup 10-21 Served IP Addresses -IP Address------Type----Expires—-Host Name/Client Identifier--------------------------------------------------SCROLL UP----------------------------------192.168.1.100 192.168.1.101 192.1+-------------------------------------------------------------+ 192.1+-------------------------------------------------------------+ 192.1| | 192.1| You are about to make changes that will affect an address | 192.1| that is currently in use. Are you sure you want to do this? | 192.
10-22 Administration Guide Served IP Addresses -IP Address------Type----Expires—-Host Name/Client Identifier--------------------------------------------------SCROLL UP----------------------------------192.168.1.100 192.168.1.101 192.168.1.102 +--------------------------------------+ 192.168.1.103 +--------------------------------------+ 192.168.1.104 | | 192.168.1.105 | IP Address is 192.168.1.108 | 192.168.1.106 | MAC Address: 00-00-c5-45-89-ef | 192.168.1.107 | | 192.168.1.108 | CANCEL OK | 192.168.1.
IP Setup 10-23 DHCP Relay Agent The Netopia 4753 offers DHCP Relay Agent functionality, as defined in RFC1542. A DHCP relay agent is a computer system or a router that is configured to forward DHCP requests from clients on the LAN to a remote DHCP server, and to pass the replies back to the requesting client systems. When a DHCP client starts up, it has no IP address, nor does it know the IP address of a DHCP server. Therefore, it uses an IP broadcast to communicate with one or more DHCP servers.
10-24 Administration Guide Select IP Address Serving and press Return. The IP Address Serving screen appears. IP Address Serving +------------------+ +------------------+ IP Address Serving Mode... | Disabled | | DHCP Server | Number of Client IP Addresses: | DHCP Relay Agent | 1st Client Address: +------------------+ Client Default Gateway... 192.168.1.1 Serve DHCP Clients: DHCP NetBIOS Options... Yes Serve BOOTP Clients: Yes Select IP Address Serving Mode.
IP Setup 10-25 Note: The remote DHCP server(s) to which the Netopia Router is relaying DHCP requests must be capable of servicing relayed requests. Not all DHCP servers support this feature. For example, the DHCP server in the Netopia Router does not. The DHCP server(s) to which the Netopia Router is relaying DHCP requests must be configured with one or more address pools that are within the Netopia Router’s primary Ethernet LAN subnet.
10-26 Administration Guide 1. Select Profile Name and enter a name for this connection profile. It can be any name you wish. For example: the name of your ISP. 2. Toggle the Profile Enabled value to Yes or No. The default is Yes. 3. Select IP Profile Parameters and press Return. The IP Profile Parameters screen appears. IP Profile Parameters Address Translation Enabled: IP Addressing... Yes Numbered NAT Map List... NAT Server List...
IP Setup 10-27 5. Select ADD PROFILE NOW and press Return. Your new connection profile will be added. If you want to view the connection profiles in your router, return to the WAN Configuration screen, and select Display/Change Connection Profile. The list of connection profiles is displayed in a scrolling pop-up screen. WAN Configuration +-Profile Name---------------------IP Address------+ +--------------------------------------------------+ | Easy Setup Profile 127.0.0.2 | | Profile 1 0.0.0.
10-28 Administration Guide
Multiple Network Address Translation 11-1 Chapter 11 Multiple Network Address Translation The Netopia 4753 offers advanced Multiple Network Address Translation functionality. You should read this chapter completely before attempting to configure any of the advanced NAT features.
11-2 Administration Guide The following is a general description of these features: Port Address Translation The simplest form of classic Network Address Translation is PAT (Port Address Translation). PAT allows a group of computers on a LAN, such as might be found in a home or small office, to share a single Internet connection using one IP address. The computers on the LAN can surf the Web, read e-mail, download files, etc., but their individual IP addresses are never exposed to the public network.
Multiple Network Address Translation 11-3 When addresses are returned to the group of available addresses, they are returned to the head of the group, being the most recently used. If that same host requests a connection an hour later, and the same public address is still available, then it will be mapped to the same private host. If a new host, which has not previously requested a connection, initiates a connection it is allocated the last, or oldest, public address available.
11-4 Administration Guide Exterior addresses are allocated to internal hosts on a demand, or as-needed, basis and then made available when traffic from that host ceases. Once an internal host has been allocated an address, it will use that address for all traffic. Five minutes after all traffic ceases – no pings, all TCP connections closed, no DNS requests, etc. – the address is put at the head of an available list.
Multiple Network Address Translation 11-5 In order to support this type of mapping, you define two address ranges. First, you define a public range which contains the first and last public address to be used and the way in which these addresses should be used (PAT, static, or dynamic). You then configure an address map which defines the private IP address or addresses to be used and which public range they should be mapped to.
11-6 Administration Guide MultiNAT Configuration You configure the MultiNAT features through the console menu: ■ For a simple 1-to-many NAT configuration (classic NAT or PAT), use the Easy Setup Profile configuration, described below. ■ For the more advanced features, such as server lists and dynamic NAT, follow the instructions in: ■ IP setup, described on page 11-7 ■ IP profile parameters, described on page 11-23 Easy Setup Profile configuration The screen below is an example.
Multiple Network Address Translation 11-7 1. Define the public range of addresses that external computers should use to get to the NAT internal machines. These are the addresses that someone on the Internet would see. 2. Create a List name that will act as a rule or server holder. 3. Create a map or rule that specifies the internal range of NATed addresses and the external range they are to be associated with. 4.
11-8 Administration Guide The Network Address Translation screen appears. Network Address Translation Add Public Range... Show/Change Public Range... Delete Public Range... Add Map List... Show/Change Map List... Delete Map List... Add Server List... Show/Change Server List... Delete Server List... NAT Associations... Return/Enter to configure IP Address redirection. Public Range defines an external address range and indicates what type of mapping to apply when using this range.
Multiple Network Address Translation 11-9 The Add NAT Public Range screen appears. Add NAT Public Range Range Name: my_first_range Type... pat Public Address: 206.1.1.6 First Public Port: 49152 Last Public Port: 65535 ADD NAT PUBLIC RANGE CANCEL ■ Select Range Name and give a descriptive name to this range. ■ Select Type and from the pop-up menu, assign its type. Options are static, dynamic, or pat (the default).
11-10 Administration Guide Once the public ranges have been assigned, the next step is to bind interior addresses to them. Because these bindings occur in ordered lists, called map lists, you must first define the list, then add mappings to it. From the Network Address Translation screen select Add Map List and press Return. The Add NAT Map List screen appears. Add NAT Map List Map List Name: my_map Add Map... ■ Select Map List Name and enter a descriptive name for this map list.
Multiple Network Address Translation 11-11 to this mapping. ■ Select Use NAT Public Range and press Return. A screen appears displaying the public ranges you have defined. Add NAT Map ("my_map") +-Public Address Range------------Type----Name-------------+ +----------------------------------------------------------+ | 0.0.0.0 -pat Easy-PAT | | 206.1.1.6 -pat my_first_range | | 206.1.1.1 206.1.1.2 static my_second_range | | <
11-12 Administration Guide mapping and press Return. If none of your preconfigured ranges are suitable for this mapping, you can select <> and create a new range. If you choose <>, the Add NAT Public Range screen displays and you can create a new public range to be used by this map. See Add NAT Public Range on page 11-9. ■ The Add NAT Map screen now displays the range you have assigned. Add NAT Map ("my_map") First Private Address: 192.168.1.1 Last Private Address: 192.168.1.
Multiple Network Address Translation 11-13 Modifying map lists You can make changes to an existing map list after you have created it. Since there may be more than one map list you must select which one you are modifying. From the Network Address Translation screen select Show/Change Map List and press Return. ■ Select the map list you want to modify from the pop-up menu.
11-14 Administration Guide ■ Add Map allows you to add a new map to the map list. ■ Show/Change Maps allows you to modify the individual maps within the list. ■ Delete Map allows you to delete a map from the list. ■ Move Map allows you to change the priority order in which the map is evaluated within the list. See Moving maps on page 11-15. Selecting Show/Change Maps, Delete Map, or Move Map displays the same pop-up menu.
Multiple Network Address Translation 11-15 Make any modifications you need and then select CHANGE NAT MAP and press Return. Your changes will become effective and you will be returned to the Show/Change NAT Map List screen. Moving maps The Move Maps screen permits reordering the priority of maps in a map list. Since the maps are read from top to bottom, those at the top have the highest priority and those at the bottom have the lowest.
11-16 Administration Guide Show/Change NAT Map List +---Private Address Range---------Type----Public Address Range------------+ +-------------------------------------------------------------------------+ | 192.168.1.2 192.168.1.252 dynamic 206.1.1.3 206.1.1.252 | | 192.168.1.252 192.168.1.253 static 206.1.1.1 206.1.1.2 | | 192.168.1.1 192.168.1.251 pat 206.1.1.
Multiple Network Address Translation 11-17 Adding Server Lists Server lists, also known as Exports, are handled similarly to map lists. If you want to make a particular server’s port accessible (and it isn’t accessible through other means, such as a static mapping), you must create a server list, or use the pre-existing Easy Servers list and add your entries to this list (preferred). Select Add Server List from the Network Address Translation screen. The Add NAT Server List screen appears.
11-18 Administration Guide ■ Select Add Server and press Return. The Add NAT Server screen appears. Add NAT Server ("my_servers") Service... ■ Server Private IP Address: 192.168.1.45 Public IP Address: 206.1.1.1 ADD NAT SERVER CANCEL Select Service and press Return. A pop-up menu appears listing a selection of commonly exported services. Add NAT Server ("my_servers") +-Type------Port(s)-------+ +-------------------------+ Service...
Multiple Network Address Translation 11-19 Other Exported Port First Port Number (1..65535): 31337 Last Port Number (1..65535): 31337 OK ■ ■ CANCEL Enter the First and Last Port Number between ports 1 and 65535. Select OK and press Return. You will be returned to the Add NAT Server screen. Enter the Server Private IP Address of the server whose service you are exporting.
11-20 Administration Guide Modifying server lists Once a server list exists, you can select it for modification or deletion. ■ Select Show/Change Server List from the Network Address Translation screen. ■ Select the Server List Name you want to modify from the pop-up menu and press Return. Network Address Translation +-NAT Server List Name-+ +----------------------+ A| my_servers | S| |.. D| | | | A| | S| | D| | | | A| | S| |.
Multiple Network Address Translation 11-21 ■ Selecting Show/Change Server or Delete Server displays the same pop-up menu. Show/Change NAT Server List +-Private Address--Public Address----Port------------+ +----------------------------------------------------+ Se| 192.168.1.254 206.1.1.6 smtp | | 192.168.1.254 206.1.1.5 smtp | | 192.168.1.254 206.1.1.4 smtp | Ad| 192.168.1.254 206.1.1.3 smtp | | 192.168.1.254 206.1.1.
11-22 Administration Guide Deleting a server To delete a server from the list, select Delete Server from the Show/Change NAT Server List menu and press Return. A pop-up menu lists your configured servers. Select the one you want to delete and press Return. A dialog box asks you to confirm your choice. Show/Change NAT Server List +-Internal Address-External Address--Port------------+ +----------------------------------------------------+ Se| 192.168.1.254 206.1.1.
Multiple Network Address Translation 11-23 Binding Map Lists and Server Lists Once you have created your map lists and server lists, for most Netopia Router models you must bind them to a profile, either a Connection Profile or the Default Profile.
11-24 Administration Guide ■ Select NAT Map List and press Return. A pop-up menu displays a list of your defined map lists. IP Profile Parameters +--NAT Map List Name---+ +----------------------+ Address Trans| Easy-PAT |s IP Addressing| my_map |mbered | <> | NAT Map List.| |sy PAT NAT Server Li| | | | Local WAN IP | | | | Remote IP Add| |7.0.0.2 Remote IP Mas| |5.255.255.255 | | Filter Set...
Multiple Network Address Translation 11-25 IP Parameters (WAN Default Profile) The Netopia 4753 in HDLC (Copper Mountain) Operation Mode supports a WAN default profile that permits several parameters to be configured without an explicitly configured Connection Profile. The procedure is similar to the procedure to bind map lists and server lists to a Connection Profile. From the Main Menu go to the WAN Configuration screen, then the Default Profile screen. Select IP Parameters and press Return.
11-26 Administration Guide ■ Select NAT Map List and press Return. A pop-up menu displays a list of your defined map lists. IP Parameters (Default Profile) +--NAT Map List Name---+ +----------------------+ | Easy-PAT List | | my_map | Address Trans| <> |s | | NAT Map List.| | NAT Server Li| | | | Filter Set (F| | Remove Filter| | | | Receive RIP: | |th | | | | | | | | | | +----------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
Multiple Network Address Translation 11-27 NAT Associations Configuration of map and server lists alone is not sufficient to enable NAT for a WAN connection because map and server lists must be linked to a profile that controls the WAN interface. This can be a Connection Profile, a WAN Ethernet interface, a default profile, or a default answer profile.
11-28 Administration Guide keys. Select the item by pressing Return to display a pop-up menu of all of your configured lists.
Multiple Network Address Translation 11-29 MultiNAT Configuration Example To help you understand a typical MultiNAT configuration, this section describes an example of the type of configuration you may want to implement on your site. The values shown are for example purposes only. Make your own appropriate substitutions. A typical DSL service from an ISP might include five user addresses. Without PAT, you might be able to attach only five IP hosts.
11-30 Administration Guide Enter your ISP-supplied values as shown below. Connection Profile 1: Easy Setup Profile Connection Profile Name: Easy Setup Profile Address Translation Enabled: IP Addressing... Yes Numbered Local WAN IP Address: Local WAN IP Mask: 206.1.1.6 255.255.255.248 PREVIOUS SCREEN NEXT SCREEN Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx). Enter basic information about your WAN connection with this screen. Select NEXT SCREEN and press Return.
Multiple Network Address Translation 11-31 Select Show/Change Public Range, then Easy-PAT Range, and press Return. Enter the value your ISP assigned for your public address (206.1.1.6, in this example). Toggle Type to pat. Your public address is then mapped to the remaining private IP addresses using PAT. (If you were not using the Easy-PAT Range and Easy-PAT List that are created by default by using Easy Setup, you would have to define a public range and map list.
11-32 Administration Guide Select ADD NAT PUBLIC RANGE and press Return. You are returned to the Network Address Translation screen. Next, select Show/Change Map List and choose Easy-PAT List. Select Add Map. The Add NAT Map screen appears. (Now the name Easy-PAT List is a misnomer since it has a static map included in its list.) Enter in 192.168.1.1 for the First Private Address and 192.168.1.5 for the Last Private Address. Add NAT Map ("Easy-PAT List") First Private Address: 192.168.1.
Multiple Network Address Translation 11-33 To make these changes, first limit the range of remapped addresses on the Static Map and then edit the default server list called Easy-Servers. ■ First, navigate to the Show/Change Map List screen, select Easy-PAT List and then Show/Change Maps. Choose the Static Map you created and change the First Private Address from 192.168.1.1 to 192.168.1.4.
11-34 Administration Guide
Virtual Private Networks (VPNs) 12-1 Chapter 12 Virtual Private Networks (VPNs) The Netopia 4753 offers IPsec, PPTP, and ATMP tunneling support for Virtual Private Networks (VPN).
12-2 Administration Guide Tunneling is a process of creating a private path between a remote user or private network and another private network over some intermediate network, such as the IP-based Internet. A VPN allows remote offices or employees access to your internal business LAN through means of encryption allowing the use of the public Internet to look “virtually” like a private secure network.
Virtual Private Networks (VPNs) 12-3 In either case, the Netopia Router wraps, or encapsulates, information that one end of the tunnel exchanges with the other, in a wrapper called General Routing Encapsulation (GRE), at one end of the tunnel, and unwraps, or decapsulates, it at the other end. ■ IPsec stands for IP Security, a set of protocols that supports secure exchange of IP packets at the IP layer. IPsec is deployed widely to implement Virtual Private Networks (VPNs).
12-4 Administration Guide PPTP configuration To set up the router as a PPTP Network Server (PNS) capable of answering PPTP tunnel requests you must also configure the VPN Default Answer Profile. See ATMP/PPTP Default Answer Profile on page 12-13 for more information. PPTP is a Datalink Encapsulation option in Connection Profiles. It is not an option in device or link configuration screens, as PPTP is not a native encapsulation.
Virtual Private Networks (VPNs) 12-5 When you define a Connection Profile as using PPTP by selecting PPTP as the datalink encapsulation method, and then select Data Link Options, the PPTP Tunnel Options screen appears. PPTP Tunnel Options PPTP Partner IP Address: Tunnel Via Gateway: 173.167.8.134 0.0.0.0 Data Compression... Authentication...
12-6 Administration Guide itself a compression protocol. Note: The Netopia 4753 supports 128-bit (“strong”) encryption. Unlike MS-CHAP version 1, which supports one-way authentication, MS-CHAP version 2 supports mutual authentication between connected routers and is incompatible with MS-CHAP version 1 (MS-CHAP-V1). When you choose MS-CHAP as the authentication method for the PPTP tunnel, the Netopia router will start negotiating MS-CHAP-V2.
Virtual Private Networks (VPNs) 12-7 The IP Profile Parameters screen appears. IP Profile Parameters Address Translation Enabled: Yes NAT Map List... NAT Server List... Easy-PAT Easy-Servers Local WAN IP Address: 0.0.0.0 Remote IP Address: Remote IP Mask: 173.167.8.10 255.255.0.0 Filter Set... Remove Filter Set Receive RIP: Both Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx). ■ Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel.
12-8 Administration Guide The Add Connection Profile screen appears. Add Connection Profile Profile Name: Profile Enabled: Data Link Encapsulation... Data Link Options... IP Profile Parameters... COMMIT Profile 1 +-------------+ +-------------+ | PPP | | Frame Relay | | RFC1483 | | ATMP | | PPTP | | IPsec | +-------------+ CANCEL ■ From the Data Link Encapsulation pop-up menu select IPsec. ■ Then select Data Link Options. The IPsec Encryption & Authentication Options screen appears.
Virtual Private Networks (VPNs) 12-9 IPsec Encryption & Authentication Options Encryption Transform... Encryption Key: DES Authentication Type... Authentication Transform... Authentication Key: ESP HMAC-MD5-96 COMMIT CANCEL Enter a key of 16 Hex digits, e.g. '1234567890ABCDEF' ■ You must enter an Encryption Key if the Encryption Transform is DES. The key for DES must be a hexadecimal string of 16 characters, using Hex characters only: '0'-'9', 'A'-'F' and 'a' - 'f'.
12-10 Administration Guide IP Profile Parameters The following IP Profile Options screen is displayed for an IPsec Connection Profile. IP Profile Options SPI (Security Parameters Index): 123456789 Remote Tunnel Endpoint Address: Remote Members Network: Remote Members Mask: 0.0.0.0 0.0.0.0 0.0.0.0 Address Translation Enabled: NAT Map List... NAT Server List... PAT IP Address: Yes Easy-PAT List Easy-Servers 1.1.1.1 Filter Set... Remove Filter Set <> Advanced IP Profile Options...
Virtual Private Networks (VPNs) 12-11 ■ You can remove a Filter Set. ■ You can choose to configure Advanced IP Profile Options (see “Advanced IP Profile Options,” in the following section). Note: The SPI title field above changes to SPI (Security Parameters Index) -- Use Advanced IP Profile Options if any of the SPI values differ from each other.
12-12 Administration Guide Interoperation with other features ■ Address serving is not supported through IPsec Tunnels. ■ AH is not supported through an interface that has NAT applied to it. NAT may be applied to the inner payload. ■ AH is not supported through an interface which is either Unnumbered or Numbered with a dynamically assigned address unless the Local Tunnel Endpoint address is specified in the Advanced IP Profile Options screen.
Virtual Private Networks (VPNs) 12-13 ATMP/PPTP Default Answer Profile The WAN Configuration menu offers a ATMP/PPTP Default Answer Profile option. Use this selection when your router is acting as the server for VPN connections, that is, when you are on the answering end of the tunnel establishment. The ATMP/PPTP Default Answer Profile determines the way the attempted tunnel connection is answered. WAN Configuration WAN (Wide Area Network) Setup... Display/Change Connection Profile...
12-14 Administration Guide default) if you do not. This applies to both ATMP and PPTP connections. ■ For PPTP tunnel connections only, you must define what type of authentication these connections will use. Select Receive Authentication and press Return. A pop-up menu offers the following options: PAP (the default), CHAP, or MS-CHAP. ■ If you chose PAP or CHAP authentication, from the Data Compression pop-up menu select either None (the default) or Standard LZS.
Virtual Private Networks (VPNs) 12-15 Dial-Up Networking for VPN Microsoft Windows Dial-Up Networking software permits a remote standalone workstation to establish a VPN tunnel to a PPTP server such as a Netopia Router located at a central site. Dial-Up Networking also allows a mobile user who may not be connected to a PAC to dial into an intermediate ISP and establish a VPN tunnel to, for example, a corporate headquarters, remotely.
12-16 Administration Guide Note: The public IP address is the same as the router's Local WAN IP address if Address Translation (NAT) is enabled on your router, or if your router is configured for a Numbered interface. If NAT is not enabled, and your router is configured for an Unnumbered interface, you will enter the Ethernet IP address of your router. If your Local WAN IP address is assigned to you dynamically, check the Quick View menu of your routers console screen for the current WAN IP address. 8.
Virtual Private Networks (VPNs) 12-17 11. Verify that the TCP/IP option in Dial out Protocols is the only option checked, and then click OK. 12. Click Continue. 13. Close Network, shut down, and then restart your workstation. 14. Once your workstation has completely rebooted, go to the Start Menu, select Accessories, then click-on and select Dial-up Networking. (If this is the first phone book entry, a Dial-up Networking dialog box will appear. Click OK.) 15.
12-18 Administration Guide Note: If the router you are connecting to is not running NAT and has IP Addressing set to Unnumbered, there will be no Local WAN IP Address. In this case, use the Ethernet IP Address instead. 6. In the Connection Availability window, Windows will ask if you want all users to be able to use this VPN or just yourself. Select the choice that meets your network needs. 7. In the Completing the Network Connection Wizard menu, you will be prompted to name the connection.
Virtual Private Networks (VPNs) 12-19 About ATMP Tunnels To set up an ATMP tunnel, you create a Connection Profile including the IP address and other relevant information for the remote ATMP partner. ATMP uses the terminology of a foreign agent that initiates tunnels and a home agent that terminates them. You use the same procedure to initiate or terminate an ATMP tunnel. Used in this way, the terms initiate and terminate mean the beginning and end of the tunnel; they do not mean activate and deactivate.
12-20 Administration Guide When you define a Connection Profile as using ATMP by selecting ATMP as the datalink encapsulation method, and then select Data Link Options, the ATMP Tunnel Options screen appears. ATMP Tunnel Options ATMP Partner IP Address: Tunnel Via Gateway: 173.167.8.134 0.0.0.0 Network Name: Password: sam.net **** Data Encryption... Key String: DES Initiate Connections: On Demand: Yes Yes Idle Timeout (seconds): 300 Enter an IP address in decimal and dot form (xxx.xxx.xxx.xxx).
Virtual Private Networks (VPNs) 12-21 ■ You must specify a Key String of up to (and including) 20 characters when DES is selected. When encryption is None, this field is invisible. ■ You can specify that this router will Initiate Connections, acting as a foreign agent (Yes), or only answer them, acting as a home agent (No). ■ Tunnels are normally initiated On Demand; however, you can disable this feature. When disabled, the tunnel must be manually established through the call management screens.
12-22 Administration Guide A strict firewall may not be provisioned to allow VPN traffic to pass back and forth as needed. In order to ensure that a firewall will allow a VPN, certain attributes must be added to the firewall's provisioning. The provisions necessary vary slightly between ATMP and PPTP, but both protocols operate on the same basic premise: there are control and negotiation operations, and there is the tunnelled traffic that carries the payload of data between the VPN endpoints.
Virtual Private Networks (VPNs) 12-23 PPTP example To enable a firewall to allow PPTP traffic, you must provision the firewall to allow inbound and outbound TCP packets specifically destined for port 1723. The source port may be dynamic, so often it is not useful to apply a compare function upon this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets, enabling transport of the tunnel payload.
12-24 Administration Guide For Input Filter 2 set the Protocol Type to allow GRE as shown below. Change Input Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: GRE In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.
Virtual Private Networks (VPNs) 12-25 For Output Filter 2 set the Protocol Type to allow GRE as shown below. Change Output Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.
12-26 Administration Guide ATMP example To enable a firewall to allow ATMP traffic, you must provision the firewall to allow inbound and outbound UDP packets specifically destined for port 5150. The source port may be dynamic, so often it is not useful to apply a compare function on this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets (Protocol 47, Internet Assigned Numbers Document, RFC 1700), enabling transport of the tunnel payload.
Virtual Private Networks (VPNs) 12-27 For Input Filter 2 set the Protocol Type to allow GRE as shown below. Change Input Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: GRE In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.
12-28 Administration Guide For Output Filter 2 set the Protocol Type to allow GRE as shown below. Change Output Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.
Security 13-1 Chapter 13 Security The Netopia 4753 provides a number of security features to help protect its configuration screens and your local network from unauthorized access. Although these features are optional, it is strongly recommended that you use them.
13-2 Administration Guide CAUTION! You are strongly encouraged to add protection to the configuration screens. Unprotected screens could allow an unauthorized user to compromise the operation of your entire network. Once user accounts are created, users who attempt to access protected screens will be challenged. Users who enter an incorrect name or password are returned to a screen requesting a name/password combination to access the Main Menu.
Security 13-3 To add a new user account, select Add User in the Security Options screen and press Return. The Add Name With Write Access screen appears. Add Name With Write Access Enter Name: Enter Password (11 characters max): ADD NAME/PASSWORD NOW CANCEL Follow these steps to configure the new account: 1. Select Enter Name and enter a descriptive name (for example, the user’s first name). 2. Select Enter Password and enter a password. 3.
13-4 Administration Guide it to No. (See “SNMP traps” on page 14-15.) ■ To restrict Telnet access to all of the configuration screens, select Enable Telnet Console Access and toggle it to No. About Filters and Filter Sets Security should be a high priority for anyone administering a network connected to the Internet. Using packet filters to control network communications can greatly improve your network’s security.
Security 13-5 Filter priority Continuing the customs inspectors analogy, imagine the inspectors lined up to examine a package. If the package matches the first inspector’s criteria, the package is either rejected or passed on to its destination, depending on the first inspector’s particular orders. In this case, the package is never seen by the remaining inspectors.
13-6 Administration Guide How individual filters work As described above, a filter applies criteria to an IP packet and then takes one of three actions: ■ Forwards the packet to the local or remote network ■ Blocks (discards) the packet ■ Ignores the packet A filter forwards or blocks a packet only if it finds a match after applying its criteria. When no match occurs, the filter ignores the packet. A filtering rule The criteria are based on information contained in the packets.
Security 13-7 Internet service FTP TCP port 20/21 Internet service TCP port Finger 79 80 Telnet 23 World Wide Web SMTP (mail) 25 News 144 Gopher 70 rlogin 513 Internet service UDP port Internet service UDP port Who Is 43 AppleTalk Routing Maintenance (at-rtmp) 202 World Wide Web 80 AppleTalk Name Binding (at-nbp) 202 SNMP 161 AURP (AppleTalk) 387 TFTP 69 who 513 Port number comparisons A filter can also use a comparison option to evaluate a packet’s source or destinatio
13-8 Administration Guide Other filter attributes There are three other attributes to each filter: ■ The filter’s order (i.e., priority) in the filter set ■ Whether the filter is currently active ■ Whether the filter is set to forward packets or to block (discard) packets Putting the parts together When you display a filter set, its filters are displayed as rows in a table: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.
Security 13-9 Src. Port: The source port to match. This is the port on the sending host that originated the packet. D. Port: The destination port to match. This is the port on the receiving host for which the packet is intended. On?: Displays Yes when the filter is in effect or No when it is not. Fwd: Shows whether the filter forwards (Yes) a packet or discards (No) it when there’s a match.
13-10 Administration Guide Filtering example #2 Suppose a filter is configured to block all incoming IP packets with the source IP address of 200.233.14.0, regardless of the type of connection or its destination. The filter would look like this: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ | 1 200.233.14.0 0.0.0.
Security 13-11 option in the answer profile, PAP or CHAP in connection profiles, callback, and general awareness of how your network may be vulnerable. An approach to using filters The ultimate goal of network security is to prevent unauthorized access to the network without compromising authorized access. Using filter sets is part of reaching that goal. Each filter set you design will be based on one of the following approaches: ■ That which is not expressly prohibited is permitted.
13-12 Administration Guide 1. Add a new filter set. 2. Create the filters for the new filter set. 3. View, change, or delete individual filters and filter sets. The sections below explain how to execute these steps. Adding a filter set You can create up to eight different custom filter sets. Each filter set can contain up to 256 filters. For more information, refer to Netopia Tech Notes NIR_052 and NIR_066 found on the Netopia website.
Security 13-13 Input and output filters—source and destination There are two kinds of filters you can add to a filter set: input and output. Input filters check packets received from the Internet, destined for your network. Output filters check packets transmitted from your network to the Internet.
13-14 Administration Guide Add Filter Enabled: Forward: No No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: 0 Source Port Compare... Source Port ID: Dest. Port Compare... Dest. Port ID: No Compare 0 No Compare 0 ADD THIS FILTER NOW CANCEL Enter the IP specific information for this filter. 1. To make the filter active in the filter set, select Enabled and toggle it to Yes.
Security 13-15 10. When you are finished configuring the filter, select ADD THIS FILTER NOW to save the filter in the filter set. Select CANCEL to discard the filter and return to the Add IP Filter Set screen. Viewing filters To display a view-only table of input or output filters, select Display/Change Input Filter or Display/Change Output Filter in the Add IP Filter Set screen.
13-16 Administration Guide Modifying filter sets To modify a filter set, select Display/Change IP Filter Set in the IP Filter Sets screen to display a list of filter sets. Select a filter set from the list and press Return. The Change IP Filter Set screen appears. The items in this screen are the same as the ones in the Add Filter screen (see “Adding filters to a filter set” on page 13-13). Change IP Filter Set Filter Set Name: Basic Firewall Display/Change Input Filter... Add Input Filter...
Security 13-17 The five input filters and one output filter that make up Basic Firewall are shown in the table below. Input filter 1 Input filter 2 Input filter 3 Input filter 4 Input filter 5 Enabled Yes Yes Yes Yes Yes Yes Forward No No Yes Yes Yes Yes Source IP address 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Source IP address mask 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Dest. IP address 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Dest.
13-18 Administration Guide Basic Firewall is suitable for a LAN containing only client hosts that want to access servers on the WAN, but not for a LAN containing servers providing services to clients on the WAN. Basic Firewall’s general strategy is to explicitly forward WAN-originated TCP and UDP traffic to ports greater than 1023. Ports lower than 1024 are the service origination ports for various Internet services such as FTP, Telnet, and the World Wide Web (WWW).
Security 13-19 FTP sessions. To allow WAN-originated FTP sessions to a LAN-based FTP server with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243), insert the following input filter ahead of the current input filter 1: ■ Enabled: Yes ■ Forward: Yes ■ Source IP Address: 0.0.0.0 ■ Source IP Address Mask: 0.0.0.0 ■ Dest. IP Address: a.b.c.d ■ Dest. IP Address Mask: 255.255.255.
13-20 Administration Guide Basic IP packet components All IP packets contain the same basic header information, as follows: Source IP Address 163.176.132.18 Destination IP Address 163.176.4.27 Source Port 2541 Destination Port 80 Protocol TCP ACK Bit Yes DATA User Data This header information is what the packet filter uses to make filtering decisions. It is important to note that a packet filter does not look into the IP data stream (the User Data from above) to make filtering decisions.
Security 13-21 UDP Port Service 69 TFTP 387 AURP Firewall design rules There are two basic rules to firewall design: ■ “What is not explicitly allowed is denied.” and ■ “What is not explicitly denied is allowed.” The first rule is far more secure, and is the best approach to firewall design. It is far easier (and more secure) to allow in or out only certain services and deny anything else.
13-22 Administration Guide Logical AND function When a packet is compared (in most cases) a logical AND function is performed. First the IP addresses and subnet masks are converted to binary and then combined with AND. The rules for the logical use of AND are as follows: 0 AND 0 = 0 0 AND 1 = 0 1 AND 0 = 0 1 AND 1 = 1 For example: Filter rule: Deny IP: 163.176.1.15BINARY: 10100011.10110000.00000001.00001111 Mask: 255.255.255.255BINARY:11111111.11111111.11111111.11111111 Incoming Packet: IP 163.176.1.
Security 13-23 Example IP filter set screen This is an example of the Netopia IP filter set screen: Change Filter Enabled: Forward: Yes No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: TCP Source Port Compare... Source Port ID: Dest. Port Compare... Dest. Port ID: Established TCP Conns. Only: No Compare 0 Equal 2000 No Return/Enter accepts * Tab toggles * ESC cancels.
13-24 Administration Guide Example network Incoming Packet Filter Netopia Internet IP: 200.1.1.?? DATA Example filters Example 1 Filter Rule: 200.1.1.0 (Source IP Network Address) 255.255.255.128 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.28 IP Address Binary Representation 200.1.1.28 00011100 (Source address in incoming IP packet) 10000000 (Perform the logical AND) 00000000 (Logical AND result) AND 255.255.255.
Security 13-25 Example 2 Filter Rule: 200.1.1.0 (Source IP Network Address) 255.255.255.128 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.184. IP Address Binary Representation 200.1.1.184 10111000 (Source address in incoming IP packet) 10000000 (Perform the logical AND) 10000000 (Logical AND result) AND 255.255.255.
13-26 Administration Guide Example 4 Filter Rule: 200.1.1.96 (Source IP Network Address) 255.255.255.240 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.104. IP Address Binary Representation 200.1.1.104 01101000 (Source address in incoming IP packet) 11110000 (Perform the logical AND) 01100000 (Logical AND result) AND 255.255.255.
Security 13-27 LAN IP Filtersets The Netopia 4753 offers LAN-side filtering on the Ethernet hub. This permits multiple IP addresses or subnets on the Ethernet LAN to be kept separate from one another and operate as virtual independent networks sharing a single Internet connection. Small- to medium-sized offices can benefit by using a single router to connect to the Internet, with multiple businesses within the office using independent subnets on the network.
13-28 Administration Guide Any customized filter set you create can be associated with the Ethernet hub as shown below: Advanced Security Options Security Databases... Local only RADIUS Server Addr/Name: RADIUS Server Secret: Alt RADIUS Server Addr/Name: Alt RADIUS Server Secret: RADIUS Identifer: RADIUS Server Authentication Port: 1812 LAN (EN Hub) IP Filter Set...
Security 13-29 To remove the filter set from the Ethernet hub interface, select Remove Filter Set and press Return. The filter set will be disconnected from the LAN interface. Note: Removing the filter set from the LAN does not delete the filter set. It is still available to be reassociated with the same or another interface, or modified further.
13-30 Administration Guide RADIUS Client Support The Netopia 4753 implements a Remote Authentication Dial-In User Service (RADIUS) client (RFC 2138) and adds the ability to authenticate console configuration access using a RADIUS server. This feature is strictly for console menu access authentication only and is not intended for WAN connectivity access authentication.
Security 13-31 Advanced Security Options +-------------------+ +-------------------+ Security Databases... | Local only | | RADIUS only | RADIUS Server Addr/Name: | RADIUS then Local | RADIUS Server Secret: | Local then RADIUS | Alt RADIUS Server Addr/Name: +-------------------+ Alt RADIUS Server Secret: RADIUS Identifer: RADIUS Server Authentication Port: 1812 ■ You select your desired mode by using the Security Databases pop-up menu.
13-32 Administration Guide hostname to be resolved using the Domain Name System (DNS) information configured in the router or by using an IP address in dotted-quad notation. The RADIUS Server Addr/Name items are limited to 63 characters. ■ In addition to specifying the server’s hostname or IP address, you must also specify a RADIUS Server Secret and an Alt RADIUS Server Secret (if configured) known to both the router and the RADIUS server. The secret is used to encrypt RADIUS transactions in transit.
Security 13-33 Attempting to delete the last non-URG username/password pair from the local authentication database when the Security Databases pop-up menu is set to either Local then RADIUS or RADIUS then Local causes the router to present the following warning alert: Security Options +-------------------------------------------------------------+ +-------------------------------------------------------------+ | | | You are about to delete the only local password.
13-34 Administration Guide
Monitoring Tools 14-1 Chapter 14 Monitoring Tools This chapter discusses the Netopia 4753’s device and network monitoring tools. These tools can provide statistical information, report on current network status, record events, and help in diagnosing and locating problems.
14-2 Administration Guide General status Quick View Default IP Gateway: 0.0.0.0 Primary DNS Server: 0.0.0.0 Secondary DNS Server: 0.0.0.0 CPU Load: 5% 1/5/2001 02:41:39 PM Unused Memory: 602 KB Domain Name: netopia.com ----------------MAC Address--------IP Address--------------------------------Ethernet Hub: 00-00-c5-70-03-48 192.168.1.1 ATM g.SHDSL: 00-00-c5-70-03-4a 0.0.0.0 Current DSL Status Profile Name----------Rate--%Use-Remote Address-----Est.-More Info-----------ISP 1536 10 IP 92.163.4.
Monitoring Tools 14-3 Current status The current status section is a table showing the current status of the WAN. For example: Current DSL Status Profile Name----------Rate--%Use-Remote Address-----Est.-More Info-----------ISP 1536 10 IP 92.163.4.1 Lcl NAT 192.163.100.6 Profile Name: Lists the name of the connection profile being used, if any. Rate: Shows the line rate for this connection. %Use: Indicates the average percent utilization of the maximum capacity of the channels in use for the connection.
14-4 Administration Guide Statistics & Logs Main Menu Statistics & Logs • General Statistics When you are troubleshooting your Netopia 4753, the Statistics & Logs screens provide insight into the recent event activities of the router. From the Main Menu go to Statistics & Logs and select one of the options described in the sections below. Event Histories The Netopia 4753 records certain relevant occurrences in event histories.
Monitoring Tools 14-5 WAN Event History The WAN Event History screen lists a total of 128 events on the WAN. The most recent events appear at the top. WAN Event History Current Date -- 12/3/98 03:02:23 PM -Date-----Time-----Event---------------------------------------------------------------------------------------SCROLL UP----------------------------------07/03/98 13:59:06 DSL: IP up, channel 1, gateway: 173.166.107.
14-6 Administration Guide Device Event History The Device Event History screen lists a total of 128 port and system events, giving the time and date for each event, as well as a brief description. The most recent events appear at the top. In the Statistics & Logs screen, select Device Event History. The Device Event History screen appears.
Monitoring Tools 14-7 Voice Logs Voice Log The Voice Log screen lists a total of 128 voice-related events, giving the time and date for each event, as well as a brief description. The most recent events appear at the top. In the Statistics & Logs screen, select Voice Log. The Voice Log screen appears.
14-8 Administration Guide Voice Accounting Log The Voice Accounting Log screen lists a total of 128 voice-related events, giving the time and date for each event, as well as a brief description. The most recent events appear at the top. In the Statistics & Logs screen, select Voice Accounting Log. The Voice Accounting Log screen appears.
Monitoring Tools 14-9 IP Routing Table In the Statistics & Logs screen, select IP Routing Table and press Return. Statistics & Logs WAN Event History... Device Event History... Voice Log... Voice Accounting Log... Voice Error Log... IP Routing Table... Served IP Addresses... General Statistics... System Information... The IP routing table displays all of the IP routes currently known to the Netopia 4753.
14-10 Administration Guide Served IP Addresses You can view all of the IP addresses currently being served by the Netopia 4753 G.SHDSL Integrated Access Device from the Served IP Addresses screen. From the Statistics & Logs menu, select Served IP Addresses. The Served IP Addresses screen appears. Served IP Addresses -IP Address-------Type----Expires--Client Identifier-----------------------------------------------------------SCROLL UP----------------------------------192.168.1.
Monitoring Tools 14-11 This screen has three options: ■ Reset All Leases: Resets all current IP addresses leased through DHCP without waiting for the default one–hour lease period to elapse ■ Release BootP Leases: Releases any BootP leases that may be in place and which may no longer be required. ■ Reclaim Declined Addresses: Reclaims served leases that have been declined; for example, by devices that may no longer be on the network.
14-12 Administration Guide Physical Interface The top left side of the screen lists total packets received and total packets transmitted for the following data ports: ■ Ethernet Hub ■ SDSL 1 Network Interface The bottom left side of the screen lists total packets received and total packets transmitted for the following protocols: ■ IP (IP packets on the Ethernet) The right side of the table lists the total number of occurrences of each of six types of communication statistics: Rx Bytes: The number of
Monitoring Tools 14-13 System Information The System Information screen gives a summary view of the general system level values in the Netopia 4753 G.SHDSL Integrated Access Device. From the Statistics & Logs menu select System Information. The System Information screen appears. System Information Serial Number Firmware Version ff-70-00 (16740352) 5.
14-14 Administration Guide The SNMP Setup screen From the Main Menu, select SNMP in the System Configuration screen and press Return. The SNMP Setup screen appears. Main Menu System Configuration SNMP SNMP Setup System Name: System Location: System Contact: Read-Only Community String: Read/Write Community String: public private Authentication Traps Enable: Off IP Trap Receivers... Configure optional SNMP parameters from here. Follow these steps to configure the first three items in the screen: 1.
Monitoring Tools 14-15 By default, the read-only and read/write community strings are set to public and private, respectively. You should change both of the default community strings to values known only to you and trusted system administrators. To change a community string, select it and enter a new value. Starting with the version 4.3 firmware, setting the Read-Only and Read-Write community strings to the empty string will block all SNMP requests to the router.
14-16 Administration Guide IP Trap Receivers Display/Change IP Trap Receiver... Add IP Trap Receiver... Delete IP Trap Receiver... Return/Enter to modify an existing Trap Receiver. Navigate from here to view, add, modify and delete IP Trap Receivers. Setting the IP trap receivers 1. Select Add IP Trap Receiver. 2. Select Receiver IP Address or Domain Name. Enter the IP address or domain name of the SNMP manager you want to receive the trap. 3.
Utilities and Diagnostics 15-1 Chapter 15 Utilities and Diagnostics A number of utilities and tests are available for system diagnostic and control purposes.
15-2 Administration Guide Ping The Netopia 4753 includes a standard Ping test utility. A Ping test generates IP packets destined for a particular (Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender. Ping allows you to see whether a particular IP destination is reachable from the Netopia 4753. You can also ascertain the quality and reliability of the connection to the desired destination by studying the Ping test’s statistics.
Utilities and Diagnostics 15-3 Status: The current status of the Ping test. This item can display the status messages shown in the able below: Message Description Resolving host name Finding the IP address for the domain name-style address Can’t resolve host name IP address can’t be found for the domain name–style address Pinging Ping test is in progress Complete Ping test was completed Cancelled by user Ping test was cancelled manually Destination unreachable from w.x.y.
15-4 Administration Guide Packets Lost: The number of packets unaccounted for, shown in total and as a percentage of total packets sent. This statistic may be updated during the Ping test, and may not be accurate until after the test is over. However, if an escalating one-to-one correspondence is seen between Packets Out and Packets Lost, and Packets In is noticeably lagging behind Packets Out, the destination is probably unreachable. In this case, use STOP PING.
Utilities and Diagnostics 15-5 4. Select Use Reverse DNS to learn the names of the routers between the Netopia Router and the destination router. The default is Yes. 5. Select START TRACE ROUTE and press Return. A scrolling screen will appear that lists the destination, number of hops, IP addresses of each hop, and DNS names, if selected. 6. Cancel the trace by pressing Escape. Return to the Trace Route screen by pressing Escape twice.
15-6 Administration Guide Disconnect Telnet Console Session If you want to close your Telnet console session, select Disconnect Telnet Console Session and press Return. A dialog box appears asking you to cancel or continue your selection.
Utilities and Diagnostics 15-7 Transferring Configuration and Firmware Files with TFTP Trivial File Transfer Protocol (TFTP) is a method of transferring data over an IP network. TFTP is a client-server application, with the router as the client. To use the Netopia 4753 as a TFTP client, a TFTP server must be available. Netopia, Inc., has a public access TFTP server on the Internet where you can obtain the latest firmware versions.
15-8 Administration Guide ■ Select GET ROUTER FIRMWARE FROM SERVER and press Return. You will see the following dialog box: +-----------------------------------------------------------+ +-----------------------------------------------------------+ | | | Are you sure you want to read the firmware now? | | The device will reset when the transfer is complete.
Utilities and Diagnostics 15-9 ■ Select GET CONFIG FROM SERVER and press Return. You will see the following dialog box: +-----------------------------------------------------------+ +-----------------------------------------------------------+ | | | Are you sure you want to read the configuration now? | | The device will reset when the transfer is complete.
15-10 Administration Guide Transferring Configuration and Firmware Files with XMODEM You can transfer configuration and firmware files with XMODEM through the Netopia 4753’s console port. Be sure your terminal emulation program supports XMODEM file transfers. To go to the X-Modem File Transfer screen, select it in the Utilities & Diagnostics menu. Note: The X-Modem File Transfer screen is only available if you are connected via the Console port.
Utilities and Diagnostics 15-11 +--------------------------------------------------------------------+ +--------------------------------------------------------------------+ | | | Are you sure you want to send a firmware file to your Netopia? | | If so, when you hit Return/Enter on the CONTINUE button, you will | | have 10 seconds to begin the transfer from your terminal program. | | | | CANCEL CONTINUE | | | +--------------------------------------------------------------------+ 3.
15-12 Administration Guide If you choose CONTINUE, you will have ten seconds to use your terminal emulation software to initiate an XMODEM transfer of the configuration file. If you fail to initiate the transfer in that time, the dialog box will disappear and the terminal emulation software will inform you of the transfer’s failure. You can then try again. The system will reset at the end of a successful file transfer to put the new configuration into effect.
Part III: Appendixes
Administration Guide
Troubleshooting A-1 Appendix A Troubleshooting This appendix is intended to help you troubleshoot problems you may encounter while setting up and using the Netopia 4753. It also includes information on how to contact Netopia Technical Support. Important information on these problems can be found in the event histories kept by the Netopia 4753. These event histories can be accessed in the Statistics & Logs screen.
A-2 Administration Guide Note: If you are attempting to modify the IP address or subnet mask from a previous, successful configuration attempt, you will need to clear the IP address or reset your Netopia 4753 to the factory default before reinitiating the configuration process. For further information on resetting your Netopia 4753 to factory default, see “Factory Defaults” on page 15-6.
Troubleshooting A-3 How to Reset the Netopia 4753 to Factory Defaults Lose your password? This section shows how to reset the Netopia 4753 so that you can access the console screens once again. Keep in mind that all of your connection profiles and settings will need to be reconfigured. If you don't have a password, the only way to get back into the Netopia 4753 is the following: 1. Turn the Netopia 4753 upside down. 2. Referring to the diagram below, find the paper clip-size Reset Switch slot.
A-4 Administration Guide Technical Support Netopia, Inc. is committed to providing its customers with reliable products and documentation, backed by excellent technical support. Before contacting Netopia Look in this guide for a solution to your problem. You may find a solution in this troubleshooting appendix or in other sections. Check the index for a reference to the topic of concern. If you cannot find a solution, complete the environment profile below before contacting Netopia Technical Support.
Troubleshooting A-5 Online product information Product information can be found in the following: Netopia World Wide Web server via http://www.netopia.com Internet via anonymous FTP to ftp.netopia.com/pub FAX-Back This service provides technical notes that answer the most commonly asked questions and offers solutions for many common problems encountered with Netopia products.
A-6 Administration Guide
Understanding IP Addressing B-1 Appendix B Understanding IP Addressing This appendix is a brief general introduction to IP addressing. A basic understanding of IP will help you in configuring the Netopia 4753 and using some of its powerful features, such as static routes and packet filtering.
B-2 Administration Guide IP addresses are maintained and assigned by the InterNIC, a quasi-governmental organization now increasingly under the auspices of private industry. Note: It’s very common for an organization to obtain an IP address from a third party, usually an Internet service provider (ISP). ISPs usually issue an IP address when they are contracted to provide Internet access services. The InterNIC (the NIC stands for Network Information Center) divides IP addresses into several classes.
Understanding IP Addressing B-3 Subnet masks To create subnets, the network manager must define a subnet mask, a 32-bit number that indicates which bits in an IP address are used for network and subnetwork addresses and which are used for host addresses. One subnet mask should apply to all IP networks that are physically connected together and share a single assigned network number. Subnet masks are often written in decimal notation like IP addresses, but they are most easily understood in binary notation.
B-4 Administration Guide Network configuration Below is a diagram of a simple network configuration. The ISP is providing a Class C address to the customer site, and both networks A and B want to gain Internet access through this address. Netopia 4753 B connects to Netopia 4753 A and is provided Internet access through Routers A and B. Customer Site A PC 1: IP Address: 192.168.1.3 Subnet Mask: 255.255.255.128 Gateway: 192.168.1.1 Router B: ISP Network Router A: IP Address: 10.0.0.1 Subnet Mask: 255.255.
Understanding IP Addressing B-5 Background The IP addresses and routing configurations for the devices shown in the diagram are outlined below. In addition, each individual field and its meaning are described. The IP Address and Subnet Mask fields define the IP address and subnet mask of the device's Ethernet connection to the network while the Remote IP and Remote Sub fields describe the IP address and subnet mask of the remote router.
B-6 Administration Guide There are two schemes for distributing the remaining IP addresses: ■ Manually give each computer an address ■ Let the Netopia 4753 automatically distribute the addresses These two methods are not mutually exclusive; you can manually issue some of the addresses while the rest are distributed by the Netopia 4753. Using the router in this way allows it to function as an address server.
Understanding IP Addressing B-7 Number of Devices (other than Netopia 4753) on Local Network Largest Possible Ethernet Subnet Mask 62-125 255.255.255.128 125-259 255.255.255.0 Configuration This section describes the specific IP address lease, renew, and release mechanisms for both the Mac and PC, with either DHCP or MacIP address serving. DHCP address serving Windows 95 workstation: ■ The Win95 workstation requests and renews its lease every half hour.
B-8 Administration Guide ■ The Netopia 4753 releases the DHCP address back to the available DHCP address pool exactly one hour after the last-heard lease request. Some other DHCP implementations may hold on to the lease for an additional time after the lease expired to act as a buffer for variances in clocks between the client and server.
Understanding IP Addressing B-9 In any situation where a device is dialing into a Netopia router, the router may need to be configured to serve IP via the WAN interface. This is only a requirement if the calling device has not been configured locally to know what its address(es) are. So when a client, dialing into a Netopia router's WAN interface, is expecting addresses to be served by the answering router, you must set the answering Netopia router to serve IP via its WAN interface.
B-10 Administration Guide 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Block of IP host addresses (derived from network IP address + mask issued by ISP) 1 Distributed to the Netopia 4753 (Ethernet IP address) 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Manually distributed (static) Pool of addresses distributed by MacIP and DHCP The figure above shows an example of a block of IP addresses being distributed correctly.
Understanding IP Addressing B-11 Nested IP Subnets Under certain circumstances, you may want to create remote subnets from the limited number of IP addresses issued by your ISP or other authority. You can do this using connection profiles. These subnets can be nested within the range of IP addresses available to your network. For example, suppose that you obtain the Class C network address a.b.c.0 to be distributed among three networks.
B-12 Administration Guide Routers B and C (which could also be Netopia 4753s) serve the two remote networks that are subnets of a.b.c.0. The subnetting is accomplished by configuring the Netopia 4753 with connection profiles for Routers B and C (see the following table). Connection profile Remote IP address Remote IP mask Bits available for host address For Router B a.b.c.128 255.255.255.192 7 For Router C a.b.c.248 255.255.255.
Understanding IP Addressing B-13 The following diagram illustrates the IP address space taken up by the two remote IP subnets. You can see from the diagram why the term nested is appropriate for describing these subnets. 1 Address range available to a.b.c.0, less the two nested subnets 129 valid addresses used by a.b.c.128 190 valid addresses used by a.b.c.248 249 254 Broadcasts As mentioned earlier, binary IP host or subnet addresses composed entirely of ones or zeros are reserved for broadcasting.
B-14 Administration Guide
Binary Conversion Table C-1 Appendix C Binary Conversion Table This table is provided to help you choose subnet numbers and host numbers for IP and MacIP networks that use subnetting for IP addresses.
C-2 Administration Guide Decimal Binary Decimal Binary Decimal Binary Decimal Binary 128 10000000 160 10100000 192 11000000 224 11100000 129 10000001 161 10100001 193 11000001 225 11100001 130 10000010 162 10100010 194 11000010 226 11100010 131 10000011 163 10100011 195 11000011 227 11100011 132 10000100 164 10100100 196 11000100 228 11100100 133 10000101 165 10100101 197 11000101 229 11100101 134 10000110 166 10100110 198 11000110 230 11100110
Further Reading D-1 Appendix D Further Reading Alexander, S. and R. Droms, DHCP Options and BOOTP Vendor Extensions, RFC 2131, Silicon Graphics, Inc., Bucknell University, PA, 1997. Black, U., Data Networks: Concepts, Theory and Practice, Prentice Hall, Englewood Cliffs, NJ, 1989. Black, U., Physical Level Interfaces and Protocols, IEEE Computer Society Press, Los Alamitos, CA, 1988. Black, U., Emerging Communications Technologies, PTR Prentice Hall, Englewood Cliffs, NJ, 1994.
D-2 Administration Guide LaQuey, Tracy, The Internet Companion: A Beginner's Guide to Global Networking, Addison-Wesley Publishing Company, Reading, MA, 1994. Leinwand, A., and K. Fang, Network Management: A Practical Perspective, Addison-Wesley Publishing Company, Reading, MA, 1993. Levine, John R., and Carol Baroudi, The Internet for Dummies, IDG Books Worldwide, Foster City, CA, 1993. Covers all of the most popular Internet services, including e-mail, newsgroups, and the World Wide Web.
Further Reading D-3 Stallings, W. Local Networks, 3rd ed., Macmillan Publishing Company, New York, NY, 1990. Stevens, W.R., TCP/IP Illustrated, Vol 1, Addison-Wesley Publishing Company, Reading, MA, 1994. Sunshine, C.A. (ed.), Computer Network Architectures and Protocols, 2nd ed., Plenum Press, New York, NY, 1989. Tannenbaum, A.S., Computer Networks, 2nd ed., Prentice Hall, Englewood Cliffs, NJ, 1988. Terplan, K., Communication Networks Management, Prentice Hall, Englewood Cliffs, NJ, 1992. Tsuchiya, P.
D-4 Administration Guide
Technical Specifications and Safety Information E-1 Appendix E Technical Specifications and Safety Information Description Dimensions: 130.48 cm (w) x 24.13 cm (d) x 4.445 cm (h) 12” (w) x 9.5” (d) x 1.75” (h) Communications interfaces: The Netopia 4753 G.SHDSL Integrated Access Device has an RJ-45 jack for G.SHDSL line connections; a 10/100Base-T Ethernet port for your LAN connection; 8 telephone extension jacks; and a DB-9 Console port. Power requirements ■ 12 VDC input ■ 1.
E-2 Administration Guide Agency Approvals North America Safety Approvals: ■ United States – UL Standard for Information Technology Equipment, UL 60950, Third Edition, Dated December 1, 2000 ■ Canada – CSA: CAN/CSA-C22.2 No. 950-95 EMI: ■ FCC Part 15 Class B International Safety Approvals: ■ Low Voltage (European directive) 73/23/EEC ■ EN60950 1992 (Europe) ■ AS/NRZ 3260 (Australia) ■ TS001(Australia) EMI Compatibility: ■ European Directive 89/336/EEC ■ EN 300 368.
Technical Specifications and Safety Information E-3 Service requirements. In the event of equipment malfunction, all repairs should be performed by our Company or an authorized agent. Under FCC rules, no customer is authorized to repair this equipment. This restriction applies regardless of whether the equipment is in or our of warranty. It is the responsibility of users requiring service to report the need for service to our Company or to one of our authorized agents.
E-4 Administration Guide Important Safety instructions CAUTIONS CAUTION: Depending on the power supply provided with the product, either the direct plug-in power supply blades, power supply cord plug or the appliance coupler serves as the mains power disconnect. It is important that the direct plug-in power supply, socket-outlet or appliance coupler be located so it is readily accessible.
Technical Specifications and Safety Information E-5 Netopia 4753 Specifications Physical interface WAN interface ■ G.SHDSL port with support for symmetric connections from 64 Kbps to 2.368 Mbps (uses RJ68 connector ■ Interoperable with G.SHDSL equipment from Ericsson and others. LAN interface 10/100BaseT Ethernet port Voice interfaces ■ 8 Analog loopstart telephone interfaces (RJ11) for connection to phone handsets or fax. ■ Supports optional FSK Caller ID and message waiting ■ Supports G.
E-6 Administration Guide Protocols ■ ATM Protocols: ATM Multiprotocol Encapsulation over ATM Adaption Layer 5 (RFC 1483): Logical Link Control (LLC) encapsulation routed modes ■ Support for up to 8 ATM PVCs and 16 Frame Relay PVCs ■ PPP Over ATM, PPP over Ethernet: PAP, CHAP or no authentication (RFC 2364). Compression Control Protocol (RFC 1974) ■ Frame Relay Supports: ANSI T1.617 and ANSI T1.618 Annex D LMI, Annex A and Cisco LMI, (RFC 1490) multiprotocol Interconnect over Frame Relay. FRF.
Technical Specifications and Safety Information E-7 a syslog server ■ SNMPv1: (RFC 1157) and MIB II (RFC 1213), Ethernet MIB and enterprise MIB for remote management using console applications Hardware specifications ■ Memory: 16 MB DRAM memory ■ Environmental Requirement: Operating: 0∞ to +40∞ C. Storage: 0∞ to +70∞ C (20 to 80% non-condensing) ■ Power Requirements: AC 100-240 V; 50/60 Hz; 1.66A ■ Dimensions: 11.8" (299.7 mm) Wide X 1.7" (43.2 mm) High X 9.2" (233.7 mm) Long ■ Weight: 2.25 lb.
E-8 Administration Guide ■ Speed Dialing by dialing a feature code ■ Three Way Calling ■ Custom Ringing ■ Distinctive Ringing
Glossary 1 Glossary access line: A telephone line reaching from the telephone company central office to a point usually on your premises. Beyond this point the wire is considered inside wiring. analog: In telecommunications, telephone transmission and/or switching that is not digital. An analog phone transmission is one that was originally intended to carry speech or voice, but may with appropriate modifications be used to carry data of other types.
2 Administration Guide community strings: Sequences of characters that serve much like passwords for devices using SNMP. Different community strings may be used to allow an SNMP user to gather device information or change device configurations. CRC (Cyclic Redundancy Check): A computational means to ensure the integrity of a block of data. The mathematical function is computed, before the data is transmitted at the originating device. Its numerical value is computed based on the content of the data.
Glossary 3 host computer: A communications device that enables users to run applications programs to perform such functions as text editing, program execution, access to data bases, etc. internet: A set of networks connected together by routers. This is a general term, not to be confused with the large, multi-organizational collection of IP networks known as the Internet. An internet is sometimes also known as an internetwork.
4 Administration Guide packet-switching network: A telecommunications network based on packet-switching technology, wherein a transmission channel is occupied only for the duration of the transmission of the packet. PAP (PPP authentication protocol): A method for ensuring secure network access. parameter: A numerical code that controls an aspect of terminal and/or network operation. Parameters control such aspects as page size, data transmission speed, and timing options.
Glossary 5 subnet mask: A 32-bit number to specify which part of an internet address is the network number, and which part is the host address. When written in binary notation, each bit written as 1 corresponds to 1 bit of network address information. One subnet mask applies to all IP devices on an individual IP network.
6 Administration Guide
Index-1 Index Numerics 10Base-T, connecting 5-3 A add static route 10-8 advanced configuration features 9-16 application software 5-2 ATMP 12-12 tunnel options 12-19 B back panel 3-4 ports 3-4 basic firewall 13-17 BootP 10-10 clients 10-16 broadcasts B-13 C capabilities 1-2 change static route 10-9 community strings 14-14 configuration troubleshooting PC A-1 configuration files downloading with TFTP 15-8 downloading with XMODEM 15-11 uploading with TFTP 15-9 uploading with XMODEM 15-12 configuration screen
Index-2 IP setup 7-8 IPX setup 7-8 navigating 6-5 overview 7-1 quick connection path 7-3 encryption 12-3, 12-7, 12-12 Ethernet 5-2 event history device 14-6 WAN 14-5 F features 1-2 filter parts 13-6 parts of 13-6 filter priority 13-5 filter set adding 13-12 display 13-8 filter sets adding 13-12 defined 13-4 deleting 13-16 disadvantages 13-10 modifying 13-16 sample (Basic Firewall) 13-16 using 13-11 viewing 13-15 filtering example #1 13-9 filters actions a filter can take 13-6 adding to a filter set 13-13 d
Index-3 L LAN-side filtering 13-27 LED status 14-3 LEDs 3-5, 14-3 M MIBs supported 14-13 MPPE 12-12 MS-CHAPv2 12-12 multiple subnets 10-4 N NAT adding server lists 11-17 defined 10-1 Easy Setup Profile 11-6 IP profile parameters 11-23 IP setup 11-7 map lists 11-8 modifying map lists 11-13 moving maps 11-15 outside ranges 11-8 server lists 11-8 navigating Easy Setup 6-5 navigating through the configuration screens 9-15 NCSA Telnet 6-3 nested IP subnets B-11 NetBIOS 10-15 NetBIOS scope 10-16 Netopia connecti
Index-4 security options screen 13-2 protecting 13-2 Simple Network Management Protocol, see SNMP SNMP community strings 14-14 MIBs supported 14-13 setup screen 14-14 traps 14-15 src.
Index-5 WAN event history 14-5 Windows NT Domain Name 12-6 X XMODEM 15-10 XMODEM file transfers downloading configuration files 15-11 updating firmware 15-10 uploading configuration files 15-12
Index-6
Limited Warranty and Limitation of Remedies 1 Limited Warranty and Limitation of Remedies Netopia warrants to you, the end user, that the Netopia 4753 G.SHDSL Integrated Access Device (the “Product”) will be free from defects in materials and workmanship under normal use for a period of one (1) year from date of purchase.
2 Administration Guide
