™ Netopia R910 Ethernet Router for DSL and Cable Modems User’s Reference Guide
Copyright ©2000, Netopia, Inc., v.0800 All rights reserved. Printed in the U.S.A. This manual and any associated artwork, software, and product designs are copyrighted with all rights reserved. Under the copyright laws such materials may not be copied, in whole or part, without the prior written consent of Netopia, Inc. Under the law, copying includes translation to another language or format. Netopia, Inc. 2470 Mariner Square Loop Alameda, CA 94501-1010 U.S.A.
Contents Chapter 1 — Introduction..........................................................1-9 Overview ........................................................................ 1-9 Features and capabilities ................................................ 1-9 How to use this guide ................................................... 1-10 Chapter 2 — Setting Up Internet Services ...............................2-11 Deciding on an ISP account ...........................................
iv User’s Reference Guide Connecting a console cable to your router ...................... 6-33 Navigating through the console screens ......................... 6-34 Chapter 7 — Easy Setup .........................................................7-35 Easy Setup console screens.......................................... 7-35 Accessing the Easy Setup console screens ........... 7-35 Quick Easy Setup connection path ................................. 7-37 If your ISP supports DHCP .............................
Contents v Static routes....................................................... 9-62 IP address serving ........................................................ 9-66 IP Address Pools ................................................. 9-68 DHCP NetBIOS Options........................................ 9-70 Chapter 10 — Virtual Private Networks (VPN) .......................10-73 Overview .................................................................... 10-73 About PPTP Tunnels ..............................
vi User’s Reference Guide Chapter 12 — Monitoring Tools ...........................................12-109 Quick View status overview ....................................... 12-109 General status ................................................ 12-110 Status lights ................................................... 12-110 Statistics & Logs ...................................................... 12-111 General Statistics ........................................... 12-111 Event histories ....................
Contents vii Example filters ................................................ 13-147 RADIUS Client Support.............................................. 13-151 RADIUS client configuration.............................. 13-151 Chapter 14 — Utilities and Diagnostics ...............................14-155 Ping ......................................................................... 14-156 Trace Route.............................................................. 14-158 Telnet client............................
viii User’s Reference Guide Example: Working with a Class C subnet .............B-177 Distributing IP addresses ............................................B-177 Technical note on subnet masking......................B-178 Configuration ....................................................B-179 Manually distributing IP addresses .....................B-180 Using address serving .......................................B-180 Tips and rules for distributing IP addresses.........B-180 Nested IP subnets ..........
Introduction 1-9 Chapter 1 Introduction Overview The Netopia R910 Ethernet Router is a stand-alone, multiprotocol broadband router for connecting diverse local area networks (LANs) to the Internet and other remote networks. Combining the Netopia R910 with a cable or DSL modem provides businesses with a low-cost connection to the Internet while retaining the power of a router.
1-10 User’s Reference Guide How to use this guide This guide is designed to be your single source for information about your Netopia R910 Ethernet Router. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been deliberately designed to present the maximum information in the minimum space on your screen.
Setting Up Internet Services 2-11 Chapter 2 Setting Up Internet Services This chapter describes how to obtain and set up Internet services. This section covers the following topics: ■ “Deciding on an ISP account” on page -11 ■ “Obtaining information from the ISP” on page -11 Deciding on an ISP account Your ISP may offer various Internet access account plans. Typically, these plans vary by usage charges and the number of host IP addresses supplied.
2-12 User’s Reference Guide Local LAN IP address information to obtain Your ISP will need to provide you with the following information: ■ The default gateway IP address ■ Remote IP address ■ Local IP address or addresses and subnet mask Note: In a single IP address service, your ISP will refer to your computer’s IP address. However, when your connection is configured with a router, this becomes the router’s WAN IP address.
Making the Physical Connections 3-13 Chapter 3 Making the Physical Connections This section tells you how to make the physical connections to your Netopia R910 Ethernet Router.
3-14 User’s Reference Guide What you need Locate all items that you need for the installation.
Making the Physical Connections 3-15 2. Connect one end of one of the RJ-45 cables to the Line 1 port and the other end to your Internet modem’s Ethernet port. DO NOT CONNECT IT DIRECTLY TO A TELCO LINE OUTLET. 3. Connect one end of one of the RJ-45 cables to any of the Ethernet hub ports on the router, and the other end to the Ethernet port of your PC. If you are connecting the router to an existing Ethernet hub, use a cross-over cable.
3-16 User’s Reference Guide Netopia R910 Ethernet Router status lights The figure below represents the Netopia R910 status light (LED) panel. Netopia R910 LED front panel 8 9 10 12 13 14 15 1617 WAN C Tr o a ll ffi is c io n M a n a g e m C R e h e n a a t n d n y e l 1 P o w e r 1 Link/ Receive Ethernet The following table summarizes the meaning of the various LED states and colors: When this happens... the LEDs... Power is on 1 is green. Data is transmitted or received 8 flashes orange.
Connecting to Your Local Area Network 4-17 Chapter 4 Connecting to Your Local Area Network This chapter describes how to physically connect the Netopia R910 to your local area network (LAN). Before you proceed, make sure the Netopia R910 is properly configured. You can customize the router’s configuration for your particular LAN requirements using console-based management (see “Console-Based Management” on page 6-31).
4-18 User’s Reference Guide After Using the Netopia R910 Ethernet Router, you can connect multiple computers to the Internet with a single user account. using a DSL modem with a Netopia R910 using a cable modem with a Netopia R910 While this network model is typical, other network models are possible. For example, you may choose to attach the Ethernet WAN port to an external Ethernet hub connected to a number of workstations.
Connecting to Your Local Area Network 4-19 Application software TCP/IP stack Ethernet/EtherTalk Driver Your PC or Macintosh computer To the Netopia R910 Application software: This is the software you use to send e-mail, browse the World Wide Web, read newsgroups, etc. These applications may require some configuration. Examples include the Eudora e-mail client and the Web browsers Microsoft Internet Explorer and Netscape Navigator.
4-20 User’s Reference Guide Connecting to an Ethernet network The Netopia R910 supports Ethernet connections through its four Ethernet ports. The router automatically detects which Ethernet port is in use. You can connect 10Base-T networks to the Netopia R910. The following table displays some important attributes of these connections. Attribute 10Base-T Max.
Connecting to Your Local Area Network 4-21 The Netopia R910 in a 10Base-T network Ethernet To connect your 10Base-T network to the Netopia R910 through an Ethernet port, use a 10Base-T cable with RJ-45 connectors. If you have more than four devices to connect, you can attach additional devices using a 10Base-T hub, using a cross-over cable.
4-22 User’s Reference Guide
Configuring TCP/IP 5-23 Chapter 5 Configuring TCP/IP Be sure the computer you use to configure your Netopia R910 has TCP/IP software and hardware properly configured to work with a router and the network service provider you will be using. Typically, this means that you will have your computer set up to accept a dynamically assigned IP address from the router, although other options are possible. This chapter is a general guide to configuring TCP/IP connectivity for your PC or Macintosh.
5-24 User’s Reference Guide Configuring TCP/IP on Windows 95 or 98 Be sure TCP/IP is installed and configured on your Windows computer. The following is a quick guide to configuring TCP/IP for Windows machines.
Configuring TCP/IP 5-25 Static configuration (optional) If you are manually configuring from a fixed or static IP address, perform the following: 1. Go to Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Configuration tab. 2. Select TCP/IP-->Your Network Card. Then select Properties. In the TCP/IP Properties screen (shown at right), select the IP Address tab. Click “Specify an IP Address.” Enter the following: IP Address: 192.168.1.
5-26 User’s Reference Guide Configuring TCP/IP on a Macintosh Computer The following is a quick guide to configuring TCP/IP for MacOS computers. Configuring TCP/IP on a Macintosh computer requires the following: ■ You must have either Open Transport or MacTCP installed. Note: If you want to use the Dynamic Host Configuration Protocol (DHCP) server built into your Netopia R910 to assign IP addresses to your Macintoshes, you must be running Open Transport.
Configuring TCP/IP 5-27 Static configuration (optional) If you are manually configuring from a fixed or static IP address, then perform the following: 1. 2. 3. Go to the Apple menu. Select Control Panels and then TCP/IP or MacTCP. With the TCP/IP window open, go to the Edit menu and select User Mode. Choose Advanced and click OK. In the MacTCP window, select Ethernet and click the More button.
5-28 User’s Reference Guide Dynamic configuration using MacIP (optional) If you want to use MacIP to dynamically assign IP addresses to the Macintosh computers on your network you must install the optional AppleTalk feature set kit. Note: You cannot use MacIP dynamic configuration to configure your Netopia R910 Ethernet to Ethernet Router because you must first configure the router in order to enable AppleTalk. Once the AppleTalk kit is installed, you can configure your Macintoshes for MacIP.
Configuring TCP/IP 5-29 Using Classic Networking (MacTCP) 1. Go to the Apple Menu. Select Control Panels and then Network. 2. In the Network window, select EtherTalk. 3. Go back to the Apple menu. Select Control Panels and then MacTCP. 4. Select EtherTalk. From the pull-down menu under EtherTalk, select an available zone; then click the More button. In the MacTCP/More window select the Server radio button. If necessary, fill in the Domain Name Server Information given to you by your administrator.
5-30 User’s Reference Guide
Console-Based Management 6-31 Chapter 6 Console-Based Management Console-based management is a menu-driven interface for the capabilities built in to the Netopia R910. Console-based management provides access to a wide variety of features that the router supports. You can customize these features for your individual setup. This chapter describes how to access the console-based management screens.
6-32 User’s Reference Guide more than one service provider or remote site. ■ The System Configuration menus display and permit changing: ■ Network protocols setup. See Chapter 9, “IP Setup and Network Address Translation.” ■ Filter sets (firewalls). See “About filters and filter sets” on page 13-126. ■ IP address serving. See “IP address serving” on page 9-66. ■ Date and time. See “Date and time” on page 8-47. ■ Console configuration. See “Connecting a console cable to your router” on page 6-33.
Console-Based Management 6-33 Configuring Telnet software If you are configuring your router using a Telnet session, your computer must be running a Telnet software program. ■ If you connect a PC with Microsoft Windows, you can use a Windows Telnet application or simply run Telnet from the Start menu. ■ If you connect a Macintosh computer, you can use the NCSA Telnet program supplied on the Netopia R910 CD. You install NCSA Telnet by simply dragging the application from the CD to your hard disk.
6-34 User’s Reference Guide Launch your terminal emulation software and configure the communications software for the values shown in the table below. These are the default communication parameters that the Netopia R910 uses. Parameter Suggested Value Terminal type PC: ANSI-BBS Mac: ANSI, VT-100, or VT-200 Data bits 8 Parity None Stop bits 1 Speed Options are: 9600, 19200, or 38400 bits per second Flow Control None Note: The router firmware contains an autobaud detection feature.
Easy Setup 7-35 Chapter 7 Easy Setup This chapter describes how to use the Easy Setup console screens on your Netopia R910 Ethernet Router. After completing the Easy Setup console screens, your router will be ready to connect to the Internet or another remote site.
7-36 User’s Reference Guide A screen similar to the following Main Menu appears: Netopia R910 v4.8 Easy Setup... WAN Configuration... System Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... Your Baud Rate has been changed to 38400 You always start from this main screen.
Easy Setup 7-37 Quick Easy Setup connection path This section may be all you need to do to configure your Netopia R910 Ethernet Router to connect to the Internet. If your ISP supports DHCP Your Netopia R910 Ethernet Router comes preconfigured with the ability to accept an IP address dynamically assigned by your ISP. To do this, it acts as a Dynamic Host Configuration Protocol client to your ISP's DHCP server.
7-38 User’s Reference Guide The Main Menu appears. Netopia R910 v4.8 Easy Setup... WAN Configuration... System Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... Your Baud Rate has been changed to 38400 You always start from this main screen. 2. Select the first item on the Main Menu list, Easy Setup. Press Return to bring up the Easy Setup menu screen. 3. Press the Down arrow key until the editable field labelled Local WAN IP Address is highlighted. 4.
Easy Setup 7-39 More Easy Setup options You always begin Easy Setup by selecting Easy Setup in the Main Menu, then pressing Return. The WAN Ethernet Configuration screen appears. WAN Ethernet Configuration PPOE: Address Translation Enabled: Local WAN IP Address: Yes Yes 0.0.0.0 TO MAIN MENU NEXT SCREEN Set up the basic IP attributes of your Ethernet Module in this screen.
7-40 User’s Reference Guide IP Easy Setup The IP Easy Setup screen is where you enter information about your Netopia Router’s: ■ Ethernet IP address ■ Ethernet Subnet mask ■ Domain Name ■ Domain Name Server IP address ■ Default gateway IP address ■ Whether to serve IP addresses or not Consult with your network administrator to obtain the information you will need. For more information about setting up IP, see “IP Setup and Network Address Translation” on page 9-51.
Easy Setup 7-41 Note: If the Netopia R910’s WAN interface is acting as a DHCP client, do not change the default settings for Steps 3, 4, and 5. 4. Select Primary Domain Name Server and enter the IP address your ISP has given you. An alternate or Secondary Domain Name Server field will appear, where you can enter a secondary DNS IP address if your ISP has given you one. 5. If you do not enter a Default IP Gateway value, the router defaults to the remote IP address you entered in Easy Setup.
7-42 User’s Reference Guide 1. Select RESTART DEVICE. A prompt asks you to confirm your choice. 2. Select CONTINUE to restart the Netopia Router and have your selections take effect. Note: You can also restart the system at any time by using the Restart System utility (see “Restarting the system” on page 14-166) or by turning the Netopia Router off and on with the power switch. Easy Setup is now complete.
WAN and System Configuration 8-43 Chapter 8 WAN and System Configuration Console-based management is a menu-driven interface for the capabilities built in to the Netopia R910. Console-based management provides access to a wide variety of features that the router supports. You can customize these features for your individual setup. This chapter describes how to access the console-based management screens.
8-44 User’s Reference Guide ■ Address Translation Enabled allows you to specify whether or not the router performs Network Address Translation (NAT) on the Ethernet WAN port. NAT is enabled by default. ■ Local WAN IP Address allows you to manually configure an IP address for use on the Ethernet WAN port. The value 0.0.0.0 indicates that the device will act as a DHCP client on the Ethernet WAN port and attempt to acquire an address from a DHCP server.
WAN and System Configuration 8-45 The console screen will open to the Main Menu, similar to the screen shown below: Netopia R910 v4.8 Easy Setup... WAN Configuration... System Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... You always start from this main screen.
8-46 User’s Reference Guide System configuration features The Netopia R910 Ethernet Router’s default settings may be all you need to configure your Netopia R910. Some users, however, require advanced settings or prefer manual control over the default selections. For these users, the Netopia R910 provides system configuration options. To help you determine whether you need to use the system configuration options, review the following requirements.
WAN and System Configuration 8-47 IP setup These screens allow you to configure your network’s use of IP. ■ Details are given in Chapter 9, “IP Setup and Network Address Translation.” Filter sets (firewalls) These screens allow you to configure security on your network by means of filter sets and a basic firewall. ■ Details are given in Chapter 13, “Security.” IP address serving These screens allow you to configure IP address serving on your network by means of DHCP, WANIP, and BootP.
8-48 User’s Reference Guide 3. Select AM or PM and choose AM or PM. Console configuration You can change the default terminal communications parameters to suit your requirements. To go to the Console Configuration screen, select Console Configuration in the System Configuration screen. Console Configuration Baud Rate... 38400 SET CONFIG NOW CANCEL Follow these steps to change a parameter’s value: 1. Select the parameter you want to change. 2. Select a new value for the parameter.
WAN and System Configuration 8-49 See the release notes that came with your router or feature set upgrade, or visit the Netopia Web site at www.netopia.com for information on new feature sets, how to obtain them, and how to install them on your Netopia R910. Logging You can configure a UNIX-compatible syslog client to report a number of subsets of the events entered in the router’s WAN Event History. See “WAN Event History” on page 12-113.The Syslog client (for the PC only) is supplied as a .
8-50 User’s Reference Guide Installing the Syslog client The Goodies folder on the Netopia CD contains a Syslog client daemon program that can be configured to report the WAN events you specified in the Logging Configuration screen. To install the Syslog client daemon, exit from the graphical Netopia CD program and locate the CD directory structure through your Windows desktop, or through Windows Explorer. Go to the Goodies directory on the CD and locate the Sds15000.exe program.
IP Setup and Network Address Translation 9-51 Chapter 9 IP Setup and Network Address Translation The Netopia R910 uses Internet Protocol (IP) to communicate both locally and with remote networks. This chapter shows you how to configure the Router to route IP traffic. You also learn how to configure the router to serve IP addresses to hosts on your local network. The Netopia R910 features IP address serving and Network Address Translation.
9-52 User’s Reference Guide Network Address Translation works by remapping the source IP address of traffic from the LAN to a single static or dynamically assigned IP address shown to the remote side of the router. HOW NAT WORKS With NAT 192.168.1.100 ISP* 192.168.1.102 192.168.1.103 163.167.132.1 192.168.1.104 192.168.1.105 192.168.1.106 Without NAT 163.167.132.1 163.167.132.1 163.167.132.2 163.167.132.3 163.167.132.4 163.167.132.5 163.167.132.6 163.167.132.2 163.167.132.3 163.167.132.4 163.167.132.
IP Setup and Network Address Translation 9-53 Using Network Address Translation The following procedure describes how to use Network Address Translation. 1. Pick a network number for your local network (referred to as the internal network). This can be any IP address range you want. The Netopia R910 Router has a default IP address of 192.168.1.1. You may choose to change this address to match a pre-existing addressing scheme. For this example, we will use 10.0.0.0.
9-54 User’s Reference Guide Or, from the Main Menu, select Easy Setup. The Easy Setup WAN Ethernet Configuration screen appears. WAN Ethernet Configuration Address Translation Enabled: Local WAN IP Address: Yes 0.0.0.0 TO MAIN MENU NEXT SCREEN Set up the basic IP attributes of your Ethernet Module in this screen. Toggle Address Translation Enabled to Yes or No (Yes to enable NAT) and press Return.
IP Setup and Network Address Translation 9-55 Associating port numbers with nodes When an IP client such as a Netscape Navigator or Microsoft Internet Explorer, wants to establish a session with an IP server such as a Web server, the client machine must know the IP address to use and the TCP service port where the traffic is to be directed. For example, a Web browser locates a Web server by using a combination of the IP address and TCP port that the client machine has set up.
9-56 User’s Reference Guide IP setup Main Menu Network Protocols Setup System Configuration IP Setup The IP Setup options screen is where you configure the Ethernet side of the Netopia R910. The information you enter here controls how the router routes IP traffic.
IP Setup and Network Address Translation 9-57 The Netopia R910 Router supports multiple IP subnets on the Ethernet interface. You may want to configure multiple IP subnets to service more hosts that are possible with your primary subnet. It is not always possible to obtain a larger subnet from your ISP. For example, if you already have a full Class C subnet, your only option is multiple Class C subnets, since it is virtually impossible to justify a Class A or Class B assignment.
9-58 User’s Reference Guide Exports, Add Export, and Delete Export. Exported Services (Local Port to IP Address Remapping) Show/Change Exports... Add Export... Delete Export... Return/Enter to configure UDP/TCP Port-to-IP Address redirection. ■ Select Add Export. The Add Exported Service screen appears. Add Exported Service Service... Local Server's IP Address: ADD EXPORT NOW 0.0.0.
IP Setup and Network Address Translation 9-59 ■ Select Service. A pop-up menu of services and ports appears. Add Exported Service +-Type------Port--+ +-----------------+ Service... | ftp 21 | | telnet 23 | | smtp 25 | Local Server's IP Address: | tftp 69 | | gopher 70 | | finger 79 | | www-http 80 | | pop2 109 | | pop3 110 | | snmp 161 | | timbuktu 407 | | pptp 1723 | | irc 6667 | | Other... | +-----------------+ ADD EXPORT NOW 5.
9-60 User’s Reference Guide Press Escape when you are finished configuring exported services. You are returned to the IP Setup screen. IP Setup Ethernet IP Address: Ethernet Subnet Mask: Define Additional Subnets... 192.128.117.162 255.255.255.0 Default IP Gateway: 192.128.117.163 Primary Domain Name Server: Secondary Domain Name Server: Domain Name: 0.0.0.0 0.0.0.0 Receive RIP: Transmit RIP: Static Routes... Both v2 (multicast) Address Serving Setup... Exported Services... Filter Sets...
IP Setup and Network Address Translation 9-61 Note: You need not use this screen if you have only a single Ethernet IP subnet. In that case, you can continue to enter or edit the IP address and subnet mask for the single subnet on the IP Setup screen. This screen displays up to eight rows of two editable columns, preceded by a row number between one and eight. If you have eight subnets configured, there will be eight rows on this screen.
9-62 User’s Reference Guide If you have configured multiple Ethernet IP subnets, the IP Setup screen changes slightly: IP Setup Subnet Configuration... Default IP Gateway: 192.128.117.163 Primary Domain Name Server: Secondary Domain Name Server: Domain Name: 0.0.0.0 0.0.0.0 Receive RIP: Transmit RIP: Static Routes... Both v2 (multicast) Address Serving Setup... Exported Services... Filter Sets... The IP address and Subnet mask items are hidden, and the “Define Additional Subnets...
IP Setup and Network Address Translation 9-63 The Static Routes screen will appear. Static Routes Display/Change Static Route... Add Static Route... Delete Static Route... Configure/View/Delete Static Routes from this and the following Screens. Viewing static routes To display a view-only table of static routes, select Display/Change Static Route. The table shown below will appear. +-Dest.
9-64 User’s Reference Guide Subnet Mask: The subnet mask associated with the destination network. Next Gateway: The IP address of the router that will be used to reach the destination network. Priority: An indication of whether the Netopia R910 will use the static route when it conflicts with information received from RIP packets. Enabled: An indication of whether the static route should be installed in the IP routing table. To return to the Static Routes screen, press Escape.
IP Setup and Network Address Translation 9-65 Via RIP and toggle it to Yes. When Advertise Route Via RIP is toggled to Yes, a new item called RIP Metric appears below Advertise Route Via RIP. With RIP Metric you set the number of routers, from 1 to 15, between the sending router and the destination router. The maximum number of routers on a packet’s route is 15. Setting RIP Metric to 1 means that a route can involve 15 routers, while setting it to 15 means a route can only involve one router.
9-66 User’s Reference Guide IP address serving Main Menu System Configuration IP Address Serving • Serve DHCP Clients • Serve BootP Clients • Serve Dynamic WAN Clients In addition to being a router, the Netopia R910 is also an IP address server. There are three protocols it can use to distribute IP addresses.
IP Setup and Network Address Translation 9-67 Follow these steps to configure IP Address Serving: ■ If you enabled IP Address Serving, DHCP, BootP clients, Dynamic WAN clients, and MacIP/KIP clients (if you have the AppleTalk kit installed) are automatically enabled. ■ Select Number of Client IP Addresses and enter the total number of contiguous IP addresses that the Netopia R910 will distribute to the client machines on your local area network. 12-user models are limited to twelve IP addresses.
9-68 User’s Reference Guide IP Address Pools The IP Address Pools screen allows you to configure a separate IP address serving pool for each of up to eight configured Ethernet IP subnets: IP Address Pools Subnet (# host addrs) --------------------192.128.117.0 (253) 1st Client Addr --------------192.128.117.196 Clients ------16 Client Gateway -------------192.128.117.162 192.129.117.0 192.129.117.110 8 192.129.117.4 (253) This screen consists of between two and eight rows of four columns each.
IP Setup and Network Address Translation 9-69 Numerous factors influence the choice of served address. It is difficult to specify the address that will be served to a particular client in all circumstances. However, when the address server has been configured, and the clients involved have no prior address serving interactions, the Netopia R910 will generally serve the first unused address from the first address pool with an available address.
9-70 User’s Reference Guide DHCP NetBIOS Options If your network uses NetBIOS, you can enable the Netopia R910 to use DHCP to distribute NetBIOS information. NetBIOS stands for Network Basic Input/Output System. It is a layer of software originally developed by IBM and Sytek to link a network operating system with specific hardware. NetBIOS has been adopted as an industry standard. It offers LAN applications a variety of “hooks” to carry out inter-application communications and data transfer.
IP Setup and Network Address Translation 9-71 ■ From the NetBios Type pop-up menu, select the type of NetBIOS used on your network. DHCP NetBios Options Serve NetBios Type: NetBios Type... Serve NetBios Scope: NetBios Scope: Serve NetBios Name Server: NetBios Name Server IP Addr: ■ +--------+ +--------+ | Type B | | Type P | | Type M | | Type H | +--------+ No 0.0.0.0 To serve DHCP clients with the NetBIOS scope, select Serve NetBios Scope and toggle it to Yes. Select NetBios Scope and enter the scope.
9-72 User’s Reference Guide IP Address Lease Management Reset All Leases Release BootP Leases Reclaim Declined Addresses Hit RETURN/ENTER, you will return to the previous screen. Select Release BootP Leases and press Return. You have finished your IP setup.
Virtual Private Networks (VPN) 10-73 Chapter 10 Virtual Private Networks (VPN) The Netopia R910 Router offers both PPTP and ATMP tunneling support for Virtual Private Networks (VPN).
10-74 User’s Reference Guide Tunneling is a process of creating a private path between a remote user or private network and another private network over some intermediate network, such as the IP-based Internet. A VPN allows remote offices or employees access to your internal business LAN through means of encryption allowing the use of the public Internet to look “virtually” like a private secure network.
Virtual Private Networks (VPN) 10-75 When used to initiate the tunnelled connection, the Netopia Router is called a PPTP Access Concentrator (PAC, in PPTP language), or a foreign agent (in ATMP language). When used to answer the tunnelled connection, the Netopia Router is called a PPTP Network Server (PNS, in PPTP language) or a home agent (in ATMP language).
10-76 User’s Reference Guide About PPTP Tunnels To set up a PPTP tunnel, you create a Connection Profile including the IP address and other relevant information for the remote PPTP partner. You use the same procedure to initiate a PPTP tunnel that terminates at a remote PPTP server or to terminate a tunnel initiated by a remote PPTP client.
Virtual Private Networks (VPN) 10-77 When you define a Connection Profile as using PPTP by selecting PPTP as the datalink encapsulation method, and then select Data Link Options, the PPTP Tunnel Options screen appears. PPTP Tunnel Options PPTP Partner IP Address: Tunnel Via Gateway: 173.167.8.134 0.0.0.0 Data Compression... Authentication...
10-78 User’s Reference Guide Note: The Netopia R910 Router supports 128-bit (“strong”) encryption and MS-CHAP Version 2. Unlike MS-CHAP version 1, which supports one-way authentication, MS-CHAP version 2 supports mutual authentication between connected routers and is incompatible with MS-CHAP version 1 (MS-CHAP-V1). When you choose MS-CHAP as the authentication method for the PPTP tunnel, the Netopia router will start negotiating MS-CHAP-V2.
Virtual Private Networks (VPN) 10-79 The IP Profile Parameters screen appears. IP Profile Parameters Address Translation Enabled: Yes NAT Map List... NAT Server List... Easy-PAT Easy-Servers Local WAN IP Address: 0.0.0.0 Remote IP Address: Remote IP Mask: 173.167.8.10 255.255.0.0 Filter Set... Remove Filter Set Receive RIP: Both Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx). ■ Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel.
10-80 User’s Reference Guide ■ The Netopia R910 Router supports 128-bit (“strong”) encryption. If the router you are connecting to does not support 128-bit encryption, the Netopia router will default to 40-bit encryption. US encryption regulations changed mid-February, 2000, making it possible to include this new encryption feature as a standard part of the firmware.
Virtual Private Networks (VPN) 10-81 The Add Connection Profile screen appears. Add Connection Profile Profile Name: Profile Enabled: Data Link Encapsulation... IP Enabled: IP Profile Parameters... Profile 1 +-------------+ +-------------+ | PPP | | RFC1483 | | ATMP | | PPTP | | IPsec | +-------------+ Interface Group... Primary COMMIT CANCEL ■ From the Data Link Encapsulation pop-up menu select IPsec. ■ Then select Data Link Options. The IPsec Encryption & Authentication Options screen appears.
10-82 User’s Reference Guide IPsec Encryption & Authentication Options Encryption Encryption Encryption Encryption Transform... Key 1: Key 2: Key 3: DES Authentication Type... ESP Authentication Transform... HMAC-MD5-96 Authentication Key: ******************************** Compression Type... COMMIT None CANCEL ■ You must enter an Encryption Key or keys if the Encryption Transform is DES. The key must be a hexadecimal entry of eight bytes (16 bytes of input).
Virtual Private Networks (VPN) 10-83 IP Profile Parameters The following IP Profile Options screen is displayed for an IPsec Connection Profile. IP Profile Options SPI (Security Parameters Index): 123456789 Remote Tunnel Endpoint Address: Remote Members Network: Remote Members Mask: 0.0.0.0 0.0.0.0 0.0.0.0 Address Translation Enabled: NAT Map List... NAT Server List... PAT IP Address: Yes Easy-PAT List Easy-Servers 1.1.1.1 Filter Set... Remove Filter Set <> Advanced IP Profile Options...
10-84 User’s Reference Guide following section). Note: The SPI title field above changes to SPI (Security Parameters Index) -- Use Advanced IP Profile Options if any of the SPI values differ from each other. Advanced IP Profile Options Advanced IP Profile Options ESP Receive SPI: ESP Transmit SPI: AH Receive SPI: AH Transmit SPI: 123456789 123456789 123456789 123456789 Local Tunnel Endpoint Address: Next Hop Gateway: 0.0.0.0 0.0.0.0 ■ You can specify an ESP Receive SPI.
Virtual Private Networks (VPN) 10-85 VPN Default Answer Profile The WAN Configuration menu offers a VPN Default Answer Profile option. Use this selection when your router is acting as the server for VPN connections, that is, when you are on the answering end of the tunnel establishment. The VPN Default Answer Profile determines the way the attempted tunnel connection is answered. WAN Configuration WAN (Wide Area Network) Setup... Display/Change Connection Profile... Add Connection Profile...
10-86 User’s Reference Guide ■ For PPTP tunnel connections only, you must define what type of authentication these connections will use. Select Receive Authentication and press Return. A pop-up menu offers the following options: PAP (the default), CHAP, or MS-CHAP. ■ If you chose PAP or CHAP authentication, from the Data Compression pop-up menu select either None (the default) or Standard LZS.
Virtual Private Networks (VPN) 10-87 Profile Name: Lists the name of the Connection Profile being used, if any. Type: Shows the data link encapsulation method (PPTP or ATMP). Rx Pckts: Shows the number of packets received via the VPN tunnel. Tx Pckts: Shows the number of packets transmitted via the VPN tunnel. Est: Indicates whether the connection was locally (“Lcl”) or remotely (“Rmt”) established. Partner Address: Shows the tunnel partner’s IP address.
10-88 User’s Reference Guide Dial-Up Networking for VPN Microsoft Windows Dial-Up Networking software permits a remote standalone workstation to establish a VPN tunnel to a PPTP server such as a Netopia Router located at a central site. Dial-Up Networking also allows a mobile user who may not be connected to a PAC to dial into an intermediate ISP and establish a VPN tunnel to, for example, a corporate headquarters, remotely.
Virtual Private Networks (VPN) 10-89 The Communications window appears. 5. In the Communications window, select Dial-Up Networking and click the OK button. This returns you to the Windows Setup screen. Click the OK button. 6. Respond to the prompts to install Dial-Up Networking from the system disks or CD-ROM. 7. When prompted, reboot your PC.
10-90 User’s Reference Guide Configuring a Dial-Up Networking profile Once you have created your Dial-Up Networking profile, you configure it for TCP/IP networking to allow you to connect to the Internet through your Internet connection device. Do the following: 1. Double-click the My Computer (or whatever you have named it) icon on your desktop. Open the Dial-Up Networking folder. You will see the icon for the profile you created in the previous section. 2.
Virtual Private Networks (VPN) 10-91 4. 5. Click the TCP/IP Settings button. ■ If your ISP uses dynamic IP addressing (DHCP), select the Server assigned IP address radio button. ■ If your ISP uses static IP addressing, select the Specify an IP address radio button and enter your assigned IP address in the fields provided. Also enter the IP address in the Primary and Secondary DNS fields. Click the OK button in this window and the next two windows.
10-92 User’s Reference Guide Installing the VPN Client Before installing the VPN Client you must have TCP/IP installed and have an established Internet connection. Windows 95 VPN installation 1. From your Internet browser navigate to the following URL: http://www.microsoft.com/NTServer/nts/downloads/recommended/dunl3win95/releasenotes.aso Download the Microsoft Windows 95 VPN patch dun 1.3 to the Windows 95 computer you intend to use as a VPN client with PPTP. Follow the installation instructions. 2.
Virtual Private Networks (VPN) 10-93 3. Click the Windows Setup tab. The Windows Setup screen will be displayed within the top center box. 4. Double-click Communications. This displays a list of possible selections for the communications option. Active components will have a check in the checkboxes to their left. 5. Check Dial Up Networking at the top of the list and Virtual Private Networking at the bottom of the list. 6.
10-94 User’s Reference Guide About ATMP Tunnels To set up an ATMP tunnel, you create a Connection Profile including the IP address and other relevant information for the remote ATMP partner. ATMP uses the terminology of a foreign agent that initiates tunnels and a home agent that terminates them. You use the same procedure to initiate or terminate an ATMP tunnel. Used in this way, the terms initiate and terminate mean the beginning and end of the tunnel; they do not mean activate and deactivate.
Virtual Private Networks (VPN) 10-95 Add Connection Profile Profile Name: Profile Enabled: Data Link Encapsulation... Data Link Options... IP Enabled: IP Profile Parameters... COMMIT Profile 1 +-------------+ +-------------+ | PPP | | Frame Relay | | ATM FUNI | | ATMP | | PPTP | +-------------+ CANCEL When you define a Connection Profile as using ATMP by selecting ATMP as the datalink encapsulation method, and then select Data Link Options, the ATMP Tunnel Options screen appears.
10-96 User’s Reference Guide ■ When you specify the ATMP Partner IP Address, and the address is in the same subnet as the Remote IP Address you specified in the IP Profile Parameters, you can specify the route (Tunnel Via Gateway) by which the gateway partner is reached. If you do not specify the ATMP Partner IP Address, the router will use the default gateway to reach the partner and the Tunnel Via Gateway field is hidden. If the partner should be reached via an alternate port (i.e.
Virtual Private Networks (VPN) 10-97 IP Profile Parameters Address Translation Enabled: Yes NAT Map List... NAT Server List... Easy-PAT Easy-Servers Local WAN IP Address: 0.0.0.0 Remote IP Address: Remote IP Mask: 173.167.8.10 255.255.0.0 Filter Set... Remove Filter Set Receive RIP: Both Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx). ■ Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel.
10-98 User’s Reference Guide Allowing VPNs through a Firewall An administrator interested in securing a network will usually combine the use of VPNs with the use of a firewall or some similar mechanism. This is because a VPN is not a complete security solution, but rather a component of overall security. Using a VPN will add security to transactions carried over a public network, but a VPN alone will not prevent a public network from infiltrating a private network.
Virtual Private Networks (VPN) 10-99 PPTP example To enable a firewall to allow PPTP traffic, you must provision the firewall to allow inbound and outbound TCP packets specifically destined for port 1723. The source port may be dynamic, so often it is not useful to apply a compare function upon this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets, enabling transport of the tunnel payload.
10-100 User’s Reference Guide For Input Filter 2 set the Protocol Type to allow GRE as shown below. Change Input Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: GRE In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.
Virtual Private Networks (VPN) 10-101 For Output Filter 2 set the Protocol Type to allow GRE as shown below. Change Output Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.
10-102 User’s Reference Guide ATMP example To enable a firewall to allow ATMP traffic, you must provision the firewall to allow inbound and outbound UDP packets specifically destined for port 5150. The source port may be dynamic, so often it is not useful to apply a compare function on this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets (Protocol 47, Internet Assigned Numbers Document, RFC 1700), enabling transport of the tunnel payload.
Virtual Private Networks (VPN) 10-103 For Input Filter 2 set the Protocol Type to allow GRE as shown below. Change Input Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: GRE In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.
10-104 User’s Reference Guide For Output Filter 2 set the Protocol Type to allow GRE as shown below. Change Output Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.
PPP over Ethernet 11-105 Chapter 11 PPP over Ethernet The Netopia R910 Router supports the Point-to-Point protocol over Ethernet (PPPoE) for use of PPP to connect through a DSL or cable modem. Some ISPs require user name and password authentication to connect you with their DSL or cable service. PPPoE allows user name and password authentication to the ISP via your R910’s Ethernet interface to your DSL or cable modem.
11-106 User’s Reference Guide Add Connection Profile Profile Name: Profile Enabled: My_ISP Yes Data Link Encapsulation... Data Link Options... PPP IP Enabled: IP Profile Parameters... Yes Interface Group... Primary COMMIT CANCEL Configure a new Conn. Profile. Finished? ADD or CANCEL to exit. From the Data Link Encapsulation pop-up menu, select PPP. Select Data Link Options and press Return. The Datalink (PPP/MP) Options screen appears. Datalink (PPP/MP) Options Data Compression...
PPP over Ethernet 11-107 PPP Ethernet LAN Reconfiguration The Netopia R910 offers the ability for PPP to reconfigure the router’s Ethernet LAN when establishing an unnumbered, non-NAT connection. The Netopia R910 allows a central site router to supply an entire IP subnet, rather than a single IP address, for use by a Netopia router.
11-108 User’s Reference Guide Quick View The Quick View screen (as shown below) displays both Primary and Secondary DNS Server addresses. This is useful because both may be served via PPP. Quick View Default IP Gateway: 163.176.12.1 Primary DNS Server: 163.176.4.31 Secondary DNS Server: 163.176.4.10 8/8/2000 10:46:14 AM CPU Load: 6% Unused Memory: 232 KB WAN Interface Group -- EN Domain Name: isp.
Monitoring Tools 12-109 Chapter 12 Monitoring Tools This chapter discusses the Netopia R910’s device and network monitoring tools. These tools can provide statistical information, report on current network status, record events, and help in diagnosing and locating problems.
12-110 User’s Reference Guide General status Quick View Default IP Gateway: 0.0.0.0 Domain Name Server: 0.0.0.0 Domain Name: netopia.com CPU Load: 5% 12/14/1998 01:13:52 PM Unused Memory: 1017 KB ----------------MAC Address--------IP Address--------------------------------Ethernet Hub: 00-00-c5-70-03-48 192.168.1.1 Ethernet WAN1: 00-00-c5-70-03-4a 0.0.0.
Monitoring Tools 12-111 Each LED representation can report one of four states: –: A dash means the LED is off. R: The letter “R” means the LED is red. G: The letter “G” means the LED is green. Y: The letter “Y” means the LED is yellow. The section “Netopia R910 Ethernet Router status lights” on page 3-16 describes the meanings of the colors for each LED. Note: Although the Quick VIew LED Status section lists the Channel 2 (CH2) LED, it is not used on the R910.
12-112 User’s Reference Guide Physical Interface The top left side of the screen lists total packets received and total packets transmitted for the following data ports: ■ Ethernet Hub ■ Ethernet WAN Network Interface The bottom left side of the screen lists total packets received and total packets transmitted for the IP protocol (IP packets on the Ethernet) The right side of the table lists the total number of occurrences of each of six types of communication statistics: Rx Bytes.
Monitoring Tools 12-113 WAN Event History The WAN Event History screen lists a total of 128 events on the WAN. The most recent events appear at the top.
12-114 User’s Reference Guide Device Event History Current Date -- 12/11/98 12:26:39 PM -Date-----Time-----Event---------------------------------------------------------------------------------------SCROLL UP----------------------------------08/11/98 12:25:28 Telnet connection up, address 163.176.8.134 08/11/98 12:25:05 * IP address server configuration error; server disabled 08/11/98 12:25:05 * IP: Route 0.0.0.0/0.0.0.0 not installed 08/11/98 12:25:05 --BOOT: Warm start v4.
Monitoring Tools 12-115 Statistics & Logs WAN Event History... Device Event History... IP Routing Table... Served IP Addresses... General Statistics... System Information... IP routing table In the Statistics & Logs screen, select IP Routing Table and press Return. The IP routing table displays all of the IP routes currently known to the Netopia R910.
12-116 User’s Reference Guide Served IP Addresses You can view all of the IP addresses currently being served by the Netopia R910 Ethernet Router from the Served IP Addresses screen. From the Statistics & Logs menu, select Served IP Addresses. The Served IP Addresses screen appears. Served IP Addresses -IP Address-------Type----Expires--Client Identifier-----------------------------------------------------------SCROLL UP----------------------------------192.168.1.100 DHCP 00:36 EN: 00-00-c5-4a-1f-ea 192.
Monitoring Tools 12-117 This screen has three options: ■ Reset All Leases: Resets all current IP addresses leased through DHCP without waiting for the default one–hour lease period to elapse ■ Release BootP Leases: Releases any BootP leases that may be in place, and which may no longer be required. ■ Reclaim Declined Addresses: Reclaims served leases that have been declined; for example by devices that may no longer be on the network.
12-118 User’s Reference Guide SNMP The Netopia R910 includes a Simple Network Management Protocol (SNMP) agent, allowing monitoring and configuration by a standard SNMP manager. The Netopia R910 supports the following management information base (MIB) documents: ■ MIB II (RFC 1213) ■ Interface MIB (RFC 1229) ■ Ethernet MIB (RFC 1643) ■ Netopia MIB These MIBs are on the Netopia R910 CD included with the Netopia R910.
Monitoring Tools 12-119 2. Select System Location and enter the router’s physical location (room, floor, building, etc.). 3. Select System Contact and enter the name of the person responsible for maintaining the router. System Name, System Location, and System Contact set the values returned by the Netopia R910 SNMP agent for the SysName, SysLocation, and SysContact objects, respectively, in the MIB II system group.
12-120 User’s Reference Guide ■ A cold start trap is generated after the router is reset. ■ An interface down trap (ifDown) is generated when one of the router’s interfaces, such as a port, stops functioning or is disabled. ■ An interface up trap (ifUp) is generated when one of the router’s interfaces, such as a port, begins functioning. The Netopia R910 sends traps using UDP (for IP networks). You can specify which SNMP managers are sent the IP traps generated by the Netopia R910.
Monitoring Tools 12-121 2. Select an IP trap receiver from the table and press Return. 3. In the Change IP Trap Receiver screen, edit the information as needed and press Return. Deleting IP trap receivers 1. To delete an IP trap receiver, select Delete IP Trap Receiver in the IP Trap Receivers screen. 2. Select an IP trap receiver from the table and press Return. 3. In the dialog box, select Continue and press Return.
12-122 User’s Reference Guide
Security 13-123 Chapter 13 Security The Netopia R910 provides a number of security features to help protect its configuration screens and your local network from unauthorized access. Although these features are optional, it is strongly recommended that you use them.
13-124 User’s Reference Guide Once user accounts are created, users who attempt to access protected screens will be challenged. Users who enter an incorrect name or password are returned to a screen requesting a name/password combination to access the Main Menu. To set up user accounts, in the System Configuration screen select Security and press Return. The Security Options screen appears.
Security 13-125 To add a new user account, select Add User in the Security Options screen and press Return. The Add Name With Write Access screen appears. Add Name With Write Access Enter Name: Enter Password (11 characters max): ADD NAME/PASSWORD NOW CANCEL Follow these steps to configure the new account: 1. Select Enter Name and enter a descriptive name (for example, the user’s first name). 2. Select Enter Password and enter a password. 3.
13-126 User’s Reference Guide To restrict Telnet access to the SNMP screens, select Enable Telnet Access to SNMP Screens and toggle it to No. (See “SNMP traps” on page 12-119.) To restrict Telnet access to all of the configuration screens, select Enable Telnet Console Access and toggle it to No. About filters and filter sets Security should be a high priority for anyone administering a network connected to the Internet.
Security 13-127 Each inspector has a specific task. One inspector’s task may be to examine the destination address of all outgoing packages. That inspector looks for a certain destination—which could be as specific as a street address or as broad as an entire country—and checks each package’s destination address to see if it matches that destination. TOR INSPEC ED FROM: FROM: ROV APP TO: FROM: TO: TO: A filter inspects data packets like a customs inspector scrutinizing packages.
13-128 User’s Reference Guide If the package does not match the first inspector’s criteria, it goes to the second inspector, and so on. You can see that the order of the inspectors in the line is very important. For example, let’s say the first inspector’s orders are to send along all packages that come from Rome, and the second inspector’s orders are to reject all packages that come from France.
Security 13-129 Parts of a filter A filter consists of criteria based on packet attributes.
13-130 User’s Reference Guide Less Than: For the filter to match, the packet’s port number must be less than the port number specified in the filter. Less Than or Equal: For the filter to match, the packet’s port number must be less than or equal to the port number specified in the filter. Equal: For the filter to match, the packet’s port number must equal the port number specified in the filter.
Security 13-131 Proto: The protocol to match. This can be entered as a number (see the table below) or as TCP or UDP if those protocols are used. Protocol Number to use Full name N/A 0 Ignores protocol type ICMP 1 Internet Control Message Protocol TCP 6 Transmission Control Protocol UDP 17 User Datagram Protocol Src. Port: The source port to match. This is the port on the sending host that originated the packet. D. Port: The destination port to match.
13-132 User’s Reference Guide 4. The filter should be enabled and instructed to block the Telnet packets containing the source address shown in step 2: ■ On? = Yes ■ Fwd = No This four-step process is how we produced the following filter from the original rule: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ | 1 192.211.211.17 0.0.0.
Security 13-133 ■ Discarded if all the filters are configured to pass (forward) ■ Discarded if the set contains a combination of pass and discard filters Disadvantages of filters Although using filter sets can greatly enhance network security, there are disadvantages: ■ Filters are complex. Combining them in filter sets introduces subtle interactions, increasing the likelihood of implementation errors. ■ Enabling a large number of filters can have a negative impact on performance.
13-134 User’s Reference Guide IP Filter Sets Display/Change IP Filter Set... Add IP Filter Set... Delete IP Filter Set... Return/Enter to configure and add a new Filter Set Set Up IP Filter Sets (Firewalls) from this and the following Menus. The procedure for creating and maintaining filter sets is as follows: 1. Add a new filter set. 2. Create the filters for the new filter set. 3. View, change, or delete individual filters and filter sets. The sections below explain how to execute these steps.
Security 13-135 Add IP Filter Set Filter Set Name: Filter Set 2 Display/Change Input Filter... Add Input Filter... Delete Input Filter... Display/Change Output Filter... Add Output Filter... Delete Output Filter... ADD FILTER SET CANCEL Configure the Filter Set name and its associated Filters. Naming a new filter set All new filter sets have a default name. The first filter set you add will be called Filter Set 1, the next filter will be Filter Set 2, and so on.
13-136 User’s Reference Guide Input and output filters—source and destination There are two kinds of filters you can add to a filter set: input and output. Input filters check packets received from the Internet, destined for your network. Output filters check packets transmitted from your network to the Internet.
Security 13-137 Add Filter Enabled: Forward: No No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: 0 Source Port Compare... Source Port ID: Dest. Port Compare... Dest. Port ID: No Compare 0 No Compare 0 ADD THIS FILTER NOW CANCEL Enter the IP specific information for this filter. 1. To make the filter active in the filter set, select Enabled and toggle it to Yes.
13-138 User’s Reference Guide 10. When you are finished configuring the filter, select ADD THIS FILTER NOW to save the filter in the filter set. Select CANCEL to discard the filter and return to the Add IP Filter Set screen. Viewing filters To display a view-only table of input (output) filters, select Display/Change Input Filter or Display/Change Output Filter in the Add IP Filter Set screen.
Security 13-139 Modifying filter sets To modify a filter set, select Display/Change IP Filter Set in the IP Filter Sets screen to display a list of filter sets. Select a filter set from the list and press Return. The Change IP Filter Set screen appears. The items in this screen are the same as the ones in the Add Filter screen (see “Adding filters to a filter set” on page 13-136). Change IP Filter Set Filter Set Name: Basic Firewall Display/Change Input Filter... Add Input Filter... Delete Input Filter.
13-140 User’s Reference Guide The five input filters and one output filter that make up Basic Firewall are shown in the table below. Input filter 1 Input filter 2 Input filter 3 Input filter 4 Input filter 5 Enabled Yes Yes Yes Yes Yes Yes Forward No No Yes Yes Yes Yes Source IP address 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Source IP address mask 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Dest. IP address 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.
Security 13-141 Basic Firewall is suitable for a LAN containing only client hosts that want to access servers on the WAN, but not for a LAN containing servers providing services to clients on the WAN. Basic Firewall’s general strategy is to explicitly pass WAN-originated TCP and UDP traffic to ports greater than 1023. Ports lower than 1024 are the service origination ports for various Internet services such as FTP, Telnet, and the World Wide Web (WWW).
13-142 User’s Reference Guide FTP sessions. To allow WAN-originated FTP sessions to a LAN-based FTP server with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243), insert the following input filter ahead of the current input filter 1: ■ Enabled: Yes ■ Forward: Yes ■ Source IP Address: 0.0.0.0 ■ Source IP Address Mask: 0.0.0.0 ■ Dest. IP Address: a.b.c.d ■ Dest. IP Address Mask: 255.255.255.
Security 13-143 Firewall tutorial General firewall terms Filter rule: A filter set is comprised of individual filter rules. Filter set: A grouping of individual filter rules. Firewall: A component or set of components that restrict access between a protected network and the Internet, or between two networks. Host: A workstation on the network. Packet: Unit of communication on the Internet.
13-144 User’s Reference Guide Example TCP/UDP Ports TCP Port Service UDP Port Service 20/21 FTP 161 SNMP 23 Telnet 69 TFTP 25 SMTP 387 AURP 80 WWW 144 News Firewall design rules There are two basic rules to firewall design: ■ “What is not explicitly allowed is denied.” and ■ “What is not explicitly denied is allowed.” The first rule is far more secure, and is the best approach to firewall design.
Security 13-145 and a packet goes through these rules destined for FTP, the packet would pass through the first filter rule (WWW), match the second rule (FTP), and the packet is allowed through. Even though the next rule is to deny all FTP traffic, the FTP packet will never make it to this rule. Binary representation It is easiest when doing filtering to convert the IP address and mask in question to binary. This will allow you to perform the logical AND to determine whether a packet matches a filter rule.
13-146 User’s Reference Guide Established connections The TCP header contains one bit called the ACK bit (or TCP Ack bit). This ACK bit appears only with TCP, not UDP. The ACK bit is part of the TCP mechanism that guaranteed the delivery of data. The ACK bit is set whenever one side of a connection has received data from the other side. Only the first TCP packet will not have the ACK bit set; once the TCP connection is in place, the remainder of the TCP packets with have the ACK bit set.
Security 13-147 Less Than or Equal Any port less than or equal to the port defined Equal Matches only the port defined Greater Than or Equal Matches the port or any port greater Greater Than Matches anything greater than the port defined Example network Incoming Packet Filter Netopia Internet IP: 200.1.1.?? DATA Example filters Example 1 Filter Rule: 200.1.1.0 (Source IP Network Address) 255.255.255.
13-148 User’s Reference Guide This incoming IP packet has a source IP address that matches the network address in the Source IP Address field (00000000) in the Netopia R910. This will not forward this packet. Example 2 Filter Rule: 200.1.1.0 (Source IP Network Address) 255.255.255.128 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.184. IP Address Binary Representation 200.1.1.
Security 13-149 Since the Source IP Network Address in the Netopia R910 is 01100000, and the source IP address after the logical AND is 1011000, this rule does not match and this packet will be passed. Example 4 Filter Rule: 200.1.1.96 (Source IP Network Address) 255.255.255.240 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.104. IP Address Binary Representation 200.1.1.
13-150 User’s Reference Guide Since the Source IP Network Address in the Netopia R910 is 01100000, and the source IP address after the logical AND is 01100000, this rule does match and this packet will NOT be passed. This rule masks off a single IP address.
Security 13-151 RADIUS Client Support TheNetopia R910 implements a Remote Authentication Dial-In User Service (RADIUS) client (RFC 2138) and adds the ability to authenticate console configuration access using a RADIUS server. This feature is strictly for console menu access authentication only, and is not intended for WAN connectivity access authentication. Earlier routers use a local console authentication database consisting of between one and four username/password pairs.
13-152 User’s Reference Guide If you select Advanced Security Options and press Return, the Advanced Security Options screen appears. Advanced Security Options +-------------------+ +-------------------+ Security Databases...
Security 13-153 hostname to be resolved using the Domain Name System (DNS) information configured in the router, or by using an IP address in dotted-quad notation. The RADIUS Server Addr/Name items are limited to 63 characters. ■ In addition to specifying the server’s hostname or IP address, you must also specify a RADIUS Server Secret and an Alt RADIUS Server Secret (if configured) known to both the router and the RADIUS server. The secret is used to encrypt RADIUS transactions in transit.
13-154 User’s Reference Guide Security Options +-------------------------------------------------------------+ +-------------------------------------------------------------+ | | | You are about to delete the only local password. If you | | continue you will be unable to configure this device unless | | a Radius Server is available to authenticate you. | | | | CONTINUE CANCEL | | | +-------------------------------------------------------------+ Show Users... +-------------+ Add User...
Utilities and Diagnostics 14-155 Chapter 14 Utilities and Diagnostics A number of utilities and tests are available for system diagnostic and control purposes.
14-156 User’s Reference Guide Ping The Netopia R910 includes a standard Ping test utility. A Ping test generates IP packets destined for a particular (Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender. Ping allows you to see whether a particular IP destination is reachable from the Netopia R910. You can also ascertain the quality and reliability of the connection to the desired destination by studying the Ping test’s statistics.
Utilities and Diagnostics 14-157 Status: The current status of the Ping test. This item can display the status messages shown in the able below: Message Description Resolving host name Finding the IP address for the domain name-style address Can’t resolve host name IP address can’t be found for the domain name–style name Pinging Ping test is in progress Complete Ping test was completed Cancelled by user Ping test was cancelled manually Destination unreachable from w.x.y.
14-158 User’s Reference Guide Packets Lost: The number of packets unaccounted for, shown in total and as a percentage of total packets sent. This statistic may be updated during the Ping test, and may not be accurate until after the test is over. However, if an escalating one-to-one correspondence is seen between Packets Out and Packets Lost, and Packets In is noticeably lagging behind Packets Out, the destination is probably unreachable. In this case, use STOP PING.
Utilities and Diagnostics 14-159 4. Select Use Reverse DNS to learn the names of the routers between the Netopia Router and the destination router. The default is Yes. 5. Select START TRACE ROUTE and press Return. A scrolling screen will appear that lists the destination, number of hops, IP addresses of each hop, and DNS names, if selected. 6. Cancel the trace by pressing Escape. Return to the Trace Route screen by pressing Escape twice.
14-160 User’s Reference Guide Disconnect Telnet console session If you want to close your Telnet Console session, select Disconnect Telnet Console Session and press Return. A dialog box appears asking you to cancel or continue your selection.
Utilities and Diagnostics 14-161 Trivial File Transfer Protocol (TFTP) TFTP Server Name: Firmware File Name: GET ROUTER FIRMWARE FROM SERVER... GET WAN MODULE FIRMWARE FROM SERVER... Config File Name: GET CONFIG FROM SERVER... SEND CONFIG TO SERVER... TFTP Transfer State -- Idle TFTP Current Transfer Bytes -- 0 The sections below describe how to update the Netopia R910’s firmware and how to download and upload configuration files.
14-162 User’s Reference Guide press Return. You will see the following dialog box: +-----------------------------------------------------------+ +-----------------------------------------------------------+ | | | Are you sure you want to read the firmware now? | | The device will reset when the transfer is complete. | | | | CANCEL CONTINUE | | | +-----------------------------------------------------------+ ■ Select CANCEL to exit without downloading the file, or select CONTINUE to download the file.
Utilities and Diagnostics 14-163 ■ Select GET CONFIG FROM SERVER and press Return. You will see the following dialog box: +-----------------------------------------------------------+ +-----------------------------------------------------------+ | | | Are you sure you want to read the configuration now? | | The device will reset when the transfer is complete.
14-164 User’s Reference Guide X-Modem File Transfer Send Firmware to Netopia... Send Config to Netopia... Receive Config from Netopia... Send Firmware to Netopia WAN module... WAN module Firmware Status: IDLE Updating firmware Firmware updates may be available periodically from Netopia or from a site maintained by your organization’s network administration. The procedure below applies whether you are using the console or the WAN interface module.
Utilities and Diagnostics 14-165 The system will reset at the end of a successful file transfer to put the new firmware into effect. While the system resets, the LEDs will blink on and off. Caution! Do not manually power down or reset the Netopia R910 while it is automatically resetting or it could be damaged. Downloading configuration files The Netopia R910 can be configured by downloading a configuration file. The downloaded file reconfigures all of the Router’s parameters.
14-166 User’s Reference Guide The procedure below applies whether you are using the console or the WAN interface. To upload a configuration file: 1. Decide on a name for the file and a path for saving it. 2. Select Receive Config from Netopia and press Return.
Troubleshooting A-167 Appendix A Troubleshooting This appendix is intended to help you troubleshoot problems you may encounter while setting up and using the Netopia R910. It also includes information on how to contact Netopia Technical Support. Important information on these problems can be found in the event histories kept by the Netopia R910. These event histories can be accessed in the Statistics & Logs screen.
A-168 User’s Reference Guide Console connection problems Can’t see the configuration screens (nothing appears) ■ Make sure the cable connection from the Netopia R910’s console port to the computer being used as a console is securely connected. ■ Make sure the terminal emulation software is accessing the correct port on the computer that’s being used as a console. ■ Try pressing Ctrl-L or Return or the ▲ up or down▼ key several times to refresh the terminal screen.
Troubleshooting A-169 How to reset the router to factory defaults Lose your password? This section shows how to reset the router so that you can access the console screens once again. Keep in mind that all of your connection profiles and settings will need to be reconfigured. If you don't have a password, the only way to get back into the Netopia R910 is the following: 1. Turn the router upside down. 2. Referring to the diagram below, find the paper clip size Reset Switch slot. Reset Switch Slot 3.
A-170 User’s Reference Guide Technical support Netopia, Inc. is committed to providing its customers with reliable products and documentation, backed by excellent technical support. Before contacting Netopia Look in this guide for a solution to your problem. You may find a solution in this troubleshooting appendix or in other sections. Check the index for a reference to the topic of concern. If you cannot find a solution, complete the environment profile below before contacting Netopia technical support.
Troubleshooting A-171 Online product information Product information can be found in the following: Netopia World Wide Web server via http://www.netopia.com Internet via anonymous FTP to ftp.netopia.com/pub Online Technical Support Technical notes and Frequently Asked Questions which answer the most commonly asked questions and offer solutions for many common problems are available 24 hours a day on our Company Web site at http://www.netopia.com/support/.
A-172 User’s Reference Guide
Understanding IP Addressing B-173 Appendix B Understanding IP Addressing This appendix is a brief general introduction to IP addressing. A basic understanding of IP will help you in configuring the Netopia R910 and using some of its powerful features, such as static routes and packet filtering. In packets, a header is part of the envelope information that surrounds the actual data being transmitted. In e-mail, a header is usually the address and routing information found at the top of messages.
B-174 User’s Reference Guide IP addresses indicate both the identity of the network and the identity of the individual host on the network. The number of bits used for the network number and the number of bits used for the host number can vary, as long as certain rules are followed. The local network manager assigns IP host numbers to individual machines. IP addresses are maintained and assigned by the InterNIC, a quasi-governmental organization now increasingly under the auspices of private industry.
Understanding IP Addressing B-175 Subnet masks To create subnets, the network manager must define a subnet mask, a 32-bit number that indicates which bits in an IP address are used for network and subnetwork addresses and which are used for host addresses. One subnet mask should apply to all IP networks that are physically connected together and share a single assigned network number.
B-176 User’s Reference Guide Network configuration Below is a diagram of a simple network configuration. The ISP is providing a Class C address to the customer site, and both networks A and B want to gain Internet access through this address. Netopia R910 B connects to Netopia R910 A and is provided Internet access through Routers A and B. Customer Site A PC 1: IP Address: 192.168.1.3 Subnet Mask: 255.255.255.128 Gateway: 192.168.1.1 Router B: ISP Network Router A: IP Address: 10.0.0.1 Subnet Mask: 255.
Understanding IP Addressing B-177 Background The IP addresses and routing configurations for the devices shown in the diagram are outlined below. In addition, each individual field and its meaning are described. The IP Address and Subnet Mask fields define the IP address and subnet mask of the device's Ethernet connection to the network while the Remote IP and Remote Sub fields describe the IP address and subnet mask of the remote router.
B-178 User’s Reference Guide There are two schemes for distributing the remaining IP addresses: ■ Manually give each computer an address ■ Let the Netopia R910 automatically distribute the addresses These two methods are not mutually exclusive; you can manually issue some of the addresses while the rest are distributed by the Netopia R910. Using the router in this way allows it to function as an address server.
Understanding IP Addressing B-179 Number of Devices (other than Netopia R910) on Local Network Largest Possible Ethernet Subnet Mask 30-61 255.255.255.192 62-125 255.255.255.128 125-259 255.255.255.0 Configuration This section describes the specific IP address lease, renew, and release mechanisms for both the Mac and PC, with either DHCP or MacIP address serving. DHCP address serving Windows 95 workstation: ■ The Win95 workstation requests and renews its lease every half hour.
B-180 User’s Reference Guide ■ The Netopia R910 does release the DHCP address back to the available DHCP address pool precisely one hour after the last-heard lease request as some other DHCP implementations may hold on to the lease for an additional time after the lease expired, to act as a buffer for variances in clocks between the client and server.
Understanding IP Addressing B-181 addresses. ■ Note any planned and currently used static addresses before you use DHCP and MacIP. ■ Avoid fragmenting your block of IP addresses. For example, try to use a continuous range for the static addresses you choose.
B-182 User’s Reference Guide A DHCP example Suppose, for example, that your ISP gave your network the IP address 199.1.1.32 and a 4-bit subnet mask. Address 199.1.1.32 is reserved as the network address. Address 199.1.1.47 is reserved as the broadcast address. This leaves 14 addresses to allocate, from 199.1.1.33 through 199.1.1.46. If you want to allocate a sub-block of 10 addresses using DHCP, enter “10” in the DHCP Setup screen’s Number of Addresses to Allocate item.
Understanding IP Addressing B-183 Internet a.b.c.16 a.b.c.1 Router A a.b.c.0 a.b.c.2 Router B Router C a.b.c.128 a.b.c.248 a.b.c.129 a.b.c.249 Routers B and C (which could also be Netopia R910s) serve the two remote networks that are subnets of a.b.c.0. The subnetting is accomplished by configuring the Netopia R910 with connection profiles for Routers B and C (see the following table). Connection profile Remote IP address Remote IP mask Bits available for host address For Router B a.b.c.
B-184 User’s Reference Guide IP Routing Table Network Address-Subnet Mask-----via Router------Port--Age--------Type---------------------------------------SCROLL UP-------------------------------0.0.0.0 0.0.0.0 a.b.c.1 WAN 3719 Management 127.0.0.1 255.255.255.255 127.0.0.1 lp1 6423 Local a.b.c.128 255.255.255.192 a.b.c.128 WAN 5157 Local a.b.c.248 255.255.255.248 a.b.c.
Understanding IP Addressing B-185 The following diagram illustrates the IP address space taken up by the two remote IP subnets. You can see from the diagram why the term nested is appropriate for describing these subnets. 1 Address range available to a.b.c.0, less the two nested subnets 129 valid addresses used by a.b.c.128 190 valid addresses used by a.b.c.248 249 254 Broadcasts As mentioned earlier, binary IP host or subnet addresses composed entirely of ones or zeros are reserved for broadcasting.
B-186 User’s Reference Guide
Understanding Netopia NAT Behavior C-187 Appendix C Understanding Netopia NAT Behavior This appendix describes how Network Address Translation (NAT) works within the Netopia R910. The Netopia R910 implements a powerful feature called Network Address Translation as specified in RFC 1631. NAT is used for IP address conservation and for security purposes since there will only be a single IP “presence” on the WAN.
C-188 User’s Reference Guide When the Netopia R910 establishes a connection over its WAN interface with another router it uses the Point-to-Point Protocol (PPP). Within PPP there is a Network Control Protocol (NCP) called Internet Protocol Control Protocol (IPCP), which handles the negotiation of IP addresses between the two routers, in this case the Netopia R910 at the customer site above and the router at the Internet service provider (ISP).
Understanding Netopia NAT Behavior C-189 When the Netopia R910 receives this IP packet, it cannot simply forward it to the WAN interface and the Internet since the IP addresses on the LAN interface are not valid or globally unique for the Internet. Instead, the Netopia R910 has to change the IP packet to reflect the IP address that was acquired on the WAN interface from the ISP.
C-190 User’s Reference Guide The reasons for the IP address changes are obvious from the preceding diagram, but what is not so obvious is why the TCP or UDP source ports need to be changed as well. These are changed and maintained in an internal table so the Netopia R910 can determine which host on the local LAN interface sent the IP packet and what host the response from the WAN interface is going to go to on the LAN interface.
Understanding Netopia NAT Behavior C-191 Now both IP packets have the exact same source IP address (200.1.1.40) and source ports (400). The Netopia R910 is then able to distinguish between the two IP packets by changing the source TCP or UDP ports and keeping this information in an internal table. As seen above, the source port for Workstation A has been changed to 5001 and the source port for Workstation B has been changed to 5002.
C-192 User’s Reference Guide If the WWW server on the Internet then tries to open a connection to the IP address of 200.1.1.40 with the appropriate Exported Service defined, the Netopia R910 will look at the destination port and will find that it is destined for port 21 (FTP). The Netopia R910 then looks at the internal user-defined exported services table and finds that any incoming IP traffic from the WAN port with a destination of port 21 (FTP) should be redirected to the IP address of 192.168.5.
Understanding Netopia NAT Behavior C-193 Configuration You can toggle Address Translation Enabled to No or Yes in the WAN Ethernet Configuration screen in WAN Configuration under the Main Menu. An example of enabling NAT is as follows: WAN Ethernet Configuration Address Translation Enabled: Local WAN IP Address: Yes 0.0.0.0 Filter Set... Remove Filter Set Receive RIP: Both Set up the basic IP attributes of your Ethernet Module in this screen.
C-194 User’s Reference Guide Exported services are configured under IP Setup in System Configuration. This is where a particular type of TCP or UDP service originating from the Internet is redirected to a host on the Netopia R910’s LAN interface. An example of this screen follows: Add Exported Service +-Type------Port--+ +-----------------+ Service...
Binary Conversion Table D-195 Appendix D Binary Conversion Table This table is provided to help you choose subnet numbers and host numbers for IP and MacIP networks that use subnetting for IP addresses.
D-196 User’s Reference Guide Decimal Binary Decimal Binary Decimal Binary Decimal Binary 128 10000000 160 10100000 192 11000000 224 11100000 129 10000001 161 10100001 193 11000001 225 11100001 130 10000010 162 10100010 194 11000010 226 11100010 131 10000011 163 10100011 195 11000011 227 11100011 132 10000100 164 10100100 196 11000100 228 11100100 133 10000101 165 10100101 197 11000101 229 11100101 134 10000110 166 10100110 198 11000110 230 1110
Further Reading E-197 Appendix E Further Reading Alexander, S. & R. Droms, DHCP Options and BOOTP Vendor Extensions, RFC 2131, Silicon Graphics, Inc., Bucknell University, March 1997. Angell, David. ISDN for Dummies Foster City, CA: IDG Books Worldwide, 1995. Thorough introduction to ISDN for beginners. Apple Computer, Inc. AppleTalk Network System Overview. Reading, MA: Addison-Wesley Publishing Company, Inc., 1989. Apple Computer, Inc. Planning and Managing AppleTalk Networks.
E-198 User’s Reference Guide Garcia-Luna-Aceves, J.J. "Loop-Free Routing Using Diffusing Computations." Publication pending in IEEE/ACM Transactions on Networking, Vol. 1, No. 1, 1993. Garfinkel, Simson. PGP: Pretty Good Privacy Sebastopol, CA: O’Reilly & Associates, 1991. A guide to the free data encryption program PGP and the issues surrounding encryption. Green, J.K. Telecommunications, 2nd ed. Homewood, IL: Business One Irwin, 1992. Heinanen, J.
Further Reading E-199 Sidhu, G.S., R.F. Andrews, and A.B. Oppenheimer. Inside AppleTalk, 2nd ed. Reading, MA: Addison-Wesley Publishing Company, 1990. Siyan, Karanjit. Internet Firewall and Network Security Indianapolis, IN: New Riders Publishing, 1995. Similar to the Chapman and Zwicky book. Smith, Philip. Frame Relay Principles and Applications Reading, MA: Addison-Wesley Publishing Company, 1996.
E-200 User’s Reference Guide
Technical Specifications and Safety Information F-201 Appendix F Technical Specifications and Safety Information Description Dimensions: 124.0 cm (w) x 20.0 cm (d) x 5.3 cm (h) 9.4” (w) x 7.9” (d) x 2.1” (h) Communications interfaces: The Netopia R910 Ethernet Router has an RJ-45 jack for Ethernet line connections; a 4–port 10Base-T Ethernet hub for your LAN connection; and a DB-9 Console port. Power requirements ■ 12 VDC input ■ 1.
F-202 User’s Reference Guide The Netopia R910 Ethernet Router has met the safety standards (per UL-1950) of the Underwriters Laboratories for the United States. Regulatory notices Warning This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures. Adequate measures include increasing the physical distance between this product and other electrical devices. United States.
Technical Specifications and Safety Information F-203 Repairs to the certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment.
F-204 User’s Reference Guide
Index-205 Index Numerics 10Base-T 4-20 10Base-T, connecting 4-20 A add static route 9-64 advanced configuration features 8-46 application software 4-19 ATMP 10-79 tunnel options 10-94 AURP tunnel 13-142 B back panel 3-14 ports 3-15 basic firewall 13-140 BootP 9-66 clients 9-71 broadcasts B-185 C capabilities 1-9 change static route 9-65 community strings 12-119 configuration troubleshooting PC A-167 configuration files downloading with TFTP 14-162 downloading with XMODEM 14-165 uploading with TFTP 14-163 u
Index-206 DHCP NetBIOS options 9-70 display static routes 9-63 distributing IP addresses B-177 downloading configuration files 14-162, 14-165 with TFTP 14-162 with XMODEM 14-165 Dynamic Host Configuration Protocol (DHCP) 966 Dynamic Host Configuration Protocol, see DHCP Dynamic WAN 9-66 E Easy Setup connection profile 7-39 IP setup 7-40 IPX setup 7-40 navigating 6-34 overview 7-35 quick connection path 7-37 encryption 10-79, 10-80 Ethernet 4-19 Ethernet address 12-110 EtherTalk 4-19 event history device 12
Index-207 IP setup 9-56 IP trap receivers deleting 12-121 modifying 12-120 setting 12-120 viewing 12-120 IPsec 10-74, 10-80 ISP account types 2-11 information to obtain 2-11 L LED status 12-110 LEDs 3-16, 12-110 M MacIP defined B-180 MIBs supported 12-118 MPPE 10-79 MS-CHAPv2 10-80 multiple subnets 9-60 N NAT defined 9-51 features 9-52 guidelines 9-55 using 9-53 navigating Easy Setup 6-34 through the configuration screens 8-45 NCSA Telnet 6-33 nested IP subnets B-182 NetBIOS 9-70 NetBIOS scope 9-71 Netopia
Index-208 S screens, connecting to 8-44 security filters 13-126–142 measures to increase 13-123 telnet 13-125 user accounts (passwords) 13-123 security options screen 13-124 protecting 13-124 Simple Network Management Protocol, see SNMP SmartIP 9-51 SNMP community strings 12-119 MIBs supported 12-118 setup screen 12-118 traps 12-119 src.
Index-209 V Virtual Private Networks (VPN) 10-73 VPN 10-73 allowing through a firewall 10-98 ATMP tunnel options 10-94 default answer profile 10-85 encryption support 10-79 PPTP tunnel options 10-76 W WAN configuration 9-53 event history 12-113 statistics 12-111 WAN event history 12-113 X XMODEM 14-163 XMODEM file transfers downloading configuration files 14-165 updating firmware 14-164 uploading configuration files 14-165
