® Netopia R2020 Dual Analog Router for data communication User’s Reference Guide
Copyright Copyright 1999, Netopia, Inc. v.799 All rights reserved. Printed in the U.S.A. This manual and any associated artwork, software and product designs are copyrighted with all rights reserved. Under the copyright laws such materials may not be copied, in whole or part, without the prior written consent of Netopia, Inc. Under the law, copying includes translation to another language or format. Netopia, Inc. 2470 Mariner Square Loop Alameda, CA 94501-1010 U.S.A.
Contents Welcome to the Netopia R2020 Dual Analog Router User’s Reference Guide. This guide is designed to be your single source for information about your Netopia R2020 Dual Analog Router. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been deliberately designed to present the maximum information in the minimum space on your screen.
ii User’s Reference Guide Sharing the Connection .................................................. 3-9 Configuring TCP/IP on Windows 95, 98, or NT computers ........................................................... 3-9 Configuring TCP/IP on Macintosh computers ........ 3-13 Chapter 4 — Connecting Your Local Area Network .....................4-1 Overview ....................................................................... 4-1 Readying computers on your local network.......................
Contents iii Navigating through the System Configuration screens....... 7-8 System Configuration features ........................................ 7-8 Network Protocols Setup..................................... 7-10 Filter Sets (Firewalls) .......................................... 7-10 IP Address Serving ............................................. 7-11 Date and Time ................................................... 7-11 Console Configuration.........................................
iv User’s Reference Guide Encryption support ........................................................ 9-7 VPN Default Answer Profile ............................................. 9-8 VPN QuickView .............................................................. 9-9 Dial-Up Networking for VPN ........................................... 9-10 Installing Dial-Up Networking ............................... 9-10 Creating a new Dial-Up Networking profile ............ 9-11 Configuring a Dial-Up Networking profile ..
Contents Firmware upgrades and NAT ....................................... IP subnets................................................................. Static routes ............................................................. IP address serving ..................................................... DHCP NetBIOS Options..................................... DHCP Relay Agent ............................................ MacIP (Kip Forwarding) Options.........................
vi User’s Reference Guide Chapter 13 — Monitoring Tools ...............................................13-1 Quick View status overview .......................................... 13-1 General Status................................................... 13-2 Current Status ................................................... 13-3 Status lights ..................................................... 13-3 Statistics & Logs ......................................................... 13-4 General Statistics ...........
Contents IPX packet filters .............................................. IPX packet filter sets ........................................ IPX SAP filters .................................................. IPX SAP filter sets ............................................ Firewall tutorial .......................................................... General Firewall Terms ..................................... Basic IP Packet Components............................. Basic Protocol Types .........................
viii User’s Reference Guide Uploading configuration files ............................. 15-12 Restarting the system................................................ 15-13 Part III: Appendixes 15 Appendix A — Troubleshooting..................................................A-1 Configuration problems .................................................. A-1 SmartStart Troubleshooting .................................. A-2 Console connection problems ............................... A-2 Network problems ........
Contents ix Example: Working with a Class C subnet ................ C-5 Distributing IP addresses ............................................... C-5 Technical note on subnet masking......................... C-6 Configuration ....................................................... C-7 Manually distributing IP addresses ........................ C-8 Using address serving .......................................... C-8 Tips and rules for distributing IP addresses............ C-9 Nested IP subnets ............
x User’s Reference Guide
Configuration options for your Netopia R2020 Dual Analog Router The Netopia R2020 can be used in different ways depending on your needs. In general, you will probably want to use it in one or more of the following ways: (Click on one of these links) ■ “1. Small Office connection to the Internet” with several computers in your office sharing a single IP address (Network Address Translation enabled) ■ “2.
1. Small Office connection to the Internet For Small Office connections to the Internet, using a single dynamic IP address with Network Address Translation (NAT) enabled, you should use the following configuration option: ■ the SmartStart™ Wizard, included on your Netopia R2020 CD. This is the fastest and simplest way to get you up and running with the minimum difficulty. For instructions on this option, see “Setting up your Router with the SmartStart Wizard” on page 3-3.
2. Small Office connection to the Internet For Small Office connections to the Internet, using a block of IP addresses (Network Address Translation disabled), you should use the following configuration tool: ■ Easy Setup configuration using console-based management. This option allows maximum flexibility for experienced users and administrators. For instructions on this option, see “Console-based Management” on page 5-1 and “Easy Setup” on page 6-1.
3. Direct Connection to a Corporate Office (Telecommuter) For direct connections to a Corporate Office, you can use either one of two configuration options: ■ If you will be using Network Address Translation, use the SmartStart™ Wizard, included on your Netopia R2020 CD. For instructions on this option, see “Setting up your Router with the SmartStart Wizard” on page 3-3. ■ If your corporate office assigns you a static IP address, use Easy Setup under console-based management.
4. Configured to accept incoming dial-up connections To configure the Netopia R2020 to accept incoming dial-up connections, you should use the following configuration method: ■ To create one or more dial-in Connection Profiles for each dial-in user, see “Creating a new Connection Profile” on page 7-2. You do this using console-based management.
5. Configured for two onboard and one external modem on the Auxiliary port To configure the Netopia R2020 to use the two onboard modems and a third external modem on the Auxiliary serial port, you should use the following configuration options. This might be done to allow three separate simultaneous dial-in/dial-out connections or one or two aggregated dial-in/dial-out calls using Multilink PPP. ■ Install the special optional modem cable available from your reseller or directly from Netopia.
Part I: Getting Started
User’s Reference Guide
Introduction 1-1 Chapter 1 Introduction Overview The Netopia R2020 Dual Analog Router is a full-featured, stand-alone, multiprotocol router for connecting diverse local area networks (LANs) to the Internet and other remote networks. The Netopia R2020 Dual Analog Router uses two 56Kbps V.90 modems communicating over standard analog telephone lines to provide your whole network with a high-speed connection to the outside world.
1-2 User’s Reference Guide Translation (MultiNAT) adds significant flexibility and security for a wide range of applications. ■ 1-to-1 static NAT mapping ■ Multiple Many-to-1 NAPT mappings on a single interface.
Making the Physical Connections 2-1 Chapter 2 Making the Physical Connections This section tells you how to make the physical connections to your Netopia R2020 Dual Analog Router.
2-2 User’s Reference Guide Windows and Macintosh, ZTerm terminal emulator software and NCSA Telnet 2.6 for Macintosh You will need: ■ A Windows 95-based PC or a Macintosh with Ethernet connectivity for configuring the Netopia R2020. This may be built-in Ethernet or an add-on card, with TCP/IP installed and configured. See “Before running SmartStart” on page 3-1. ■ Two telephone lines, each with its own jack.
Making the Physical Connections 2-3 If you have two phone lines on a single wall outlet, this is the only Telco connection you need to make. The pinout configuration for the lines on the Line 1 port is shown in the following diagram: 1 2 3 4 5 6 7 8 Telco 1 Telco 2 Your first Telco number is carried on the inner pair and the second number on the outer pair. 3.
2-4 User’s Reference Guide Netopia R2020 Dual Analog Router Back Panel Ports The figure below displays the back of the Netopia R2020 Dual Analog Router.
Making the Physical Connections 2-5 The following table describes all the Netopia R2020 Dual Analog Router back panel ports. Port Description Power port a mini-DIN8 power adapter cable connection. Line 1 port a red RJ-11 telephone jack labelled “Line 1". Console port a DE-9 Console port for a direct serial connection to the console screens. You may use this if you are an experienced user and choose not to use SmartStart. See “Connecting a local terminal console cable to your router” on page 5-3.
2-6 User’s Reference Guide Netopia R2020 Dual Analog Router Status Lights The figure below represents the Netopia R2020 status light (LED) panel.
Setting up your Router with the SmartStart Wizard 3-1 Chapter 3 Setting up your Router with the SmartStart Wizard Once you’ve connected your router to your computer and your telecommunications line and installed a web browser, you’re ready to run the Netopia SmartStart™ Wizard. The SmartStart Wizard will help you set up the router and share the connection.
3-2 User’s Reference Guide PC Macintosh Notes: • The computer running SmartStart must be on the same Ethernet cable segment as the Netopia R2020. Repeaters, such as 10Base-T hubs between your computer and the Netopia R2020, are acceptable, but devices such as switches or other routers are not. • SmartStart for the PC will set your TCP/IP control panel to “Obtain an IP address automatically” if it is not already set this way. This will cause your computer to reboot.
Setting up your Router with the SmartStart Wizard 3-3 Setting up your Router with the SmartStart Wizard The SmartStart Wizard is tailored for your platform, but it works the same way on either a PC or a Macintosh. Insert the Netopia CD, and in the desktop navigation screen that appears, launch the SmartStart Wizard application. SmartStart Wizard configuration screens The screens described in this section are the default screens shipped on the Netopia CD. They derive from two initialization (.
3-4 User’s Reference Guide Easy or Advanced options screen. You can choose either Easy or Advanced setup. ■ If you choose Easy, SmartStart automatically uses the preconfigured IP addressing setup built into your router. This is the best choice if you are creating a new network or don’t already have an IP addressing scheme on your new network. If you choose Easy, you will see a “Connection Test screen,” like the one shown below while SmartStart checks the connection to your router.
Setting up your Router with the SmartStart Wizard 3-5 When the test is successful, you will see the “Manual or Automated Connection Profile screen,” shown below. Manual or Automated Connection Profile screen. The SmartStart Wizard asks you to select a method of creating a connection profile. The connection profile tells your router how to communicate with your ISP or other remote site, such as your corporate office. You can select either ISP Automation or Manual Entry. Options are explained below.
3-6 User’s Reference Guide with: ■ Your dial-up number, sometimes referred to as an ISP POP number ■ Your Login name and Password. (These are case-sensitive.) Note: Your ISP may provide you with additional values such as “Remote IP Gateway” or “Subnet Mask.” These entries are not required for the SmartStart Wizard to configure your router. If you have a PBX or Centrex phone system, you may need a dialing prefix (such as “9” for an outside line).
Setting up your Router with the SmartStart Wizard 3-7 Connection Profile Test screen. SmartStart tests your connection profile by attempting to connect to your ISP. To test the connection profile with your ISP, click Next. While the test is running, SmartStart reports its progress in a brief succession of dialog boxes as described below. Available Line Test Progress screen. SmartStart tests to see if the router can place calls on your telephone line.
3-8 User’s Reference Guide Advanced option Router IP Address screen. If you selected the Advanced option in the “Easy or Advanced options screen” on page 3-4, SmartStart asks you to choose between entering the router’s current IP address and assigning an IP address to the router. If the router has already been assigned an IP address, select the first radio button. If you do this, the “Known IP Address screen,” appears (shown below.
Setting up your Router with the SmartStart Wizard 3-9 Sharing the Connection Configuring TCP/IP on Windows 95, 98, or NT computers Configuring TCP/IP on a Windows computer requires the following: ■ An Ethernet card (also known as a network adapter) ■ The TCP/IP protocol must be “bound” to the adapter or card Dynamic configuration (recommended) If you configure your Netopia R2020 using SmartStart, you can accept the dynamic IP address assigned by your router.
3-10 User’s Reference Guide 1. Go to the Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Configuration tab. 2. Select TCP/IP-->Your Network Card. Then select Properties. In the TCP/IP Properties screen (shown below), select the IP Address tab. Click “Obtain an IP Address automatically.” 3. Click on the DNS Configuration tab. Click Disable DNS. DNS will be assigned by the router with DHCP. 4.
Setting up your Router with the SmartStart Wizard 3-11 Static configuration (optional) If you are manually configuring for a fixed or static IP address, perform the following: 1. Go to Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Configuration tab. 2. Select TCP/IP-->Your Network Card. Then select Properties. In the TCP/IP Properties screen (shown below), select the IP Address tab. Click “Specify an IP Address.
3. Click on the Gateway tab (shown below). Under “New gateway,” enter 192.168.1.1. Click Add. This is the Netopia R2020’s pre-assigned IP address. Click on the DNS Configuration tab. Click Enable DNS. Enter the following information: Host: Type the name you want to give to this computer. Domain: Type your domain name. If you don't have a domain name, type your ISP's domain name; for example, netopia.com. DNS Server Search Order: Type the primary DNS IP address given to you by your ISP. Click Add.
Setting up your Router with the SmartStart Wizard 3-13 Configuring TCP/IP on Macintosh computers The following is a quick guide to configuring TCP/IP for MacOS computers. Configuring TCP/IP in a Macintosh computer requires the following: You must have either Open Transport or Classic Networking (MacTCP) installed.
3-14 User’s Reference Guide Static configuration (optional) If you are manually configuring for a fixed or static IP address, perform the following: 1. Go to the Apple menu. Select Control Panels and then TCP/IP or MacTCP. 2. With the TCP/IP window open, go to the Edit menu and select User Mode. Choose Advanced and click OK. Or, in the MacTCP window, select Ethernet and click the More button. 3.
Setting up your Router with the SmartStart Wizard 3-15 Dynamic configuration using MacIP (optional) If you want to use MacIP to dynamically assign IP addresses to the Macintosh computers on your network you must install the optional AppleTalk feature set kit. Note: You cannot use MacIP dynamic configuration to configure your Netopia R2020 Dual Analog Router because you must first configure the router in order to enable AppleTalk.
3-16 User’s Reference Guide Using Classic Networking (MacTCP) 1. Go to the Apple Menu. Select Control Panels and then Network. 2. In the Network window, select EtherTalk. 3. Go back to the Apple menu. Select Control Panels and then MacTCP. 4. Select EtherTalk. From the pull-down menu under EtherTalk, select an available zone; then click the More button. In the MacTCP/More window select the Server radio button.
Connecting Your Local Area Network 4-1 Chapter 4 Connecting Your Local Area Network This chapter describes how physically to connect the Netopia R2020 to your local area network (LAN). Before you proceed, make sure the Netopia R2020 is properly configured. You can customize the Router’s configuration for your particular LAN requirements using Console-based Management (see “Console-based Management” on page 5-1).
4-2 User’s Reference Guide Application software TCP/IP stack Ethernet/EtherTalk/LocalTalk Driver Your PC or Macintosh computer To the Netopia R2020 Application software: This is the software you use to send e-mail, browse the World Wide Web, read newsgroups, etc. These applications may require some configuration. Examples include the Eudora e-mail client, and the web browsers Microsoft Internet Explorer and Netscape Navigator.
Connecting Your Local Area Network 4-3 Connecting to an Ethernet network The Netopia R2020 supports Ethernet connections through its eight Ethernet ports. The Router automatically detects which Ethernet port is in use. 10Base-T You can connect a standard 10Base-T Ethernet network to the Netopia R2020 using any of its available Ethernet ports.
4-4 User’s Reference Guide If you add devices connected through a hub, connect the hub to Ethernet port number 1 on the Netopia R2020 and set the Normal/Uplink switch to Uplink. 8 Ethernet 1 Nor- PC Macintosh PC 10Base-T Hub Adding an external modem You may wish to add a third (external) modem to gain additional speed for your Internet connection. You will need to obtain the special external modem cable either from your reseller or directly from Netopia.
Connecting Your Local Area Network 4-5 For pinout information on the HD-15 to DB-25 modem cable, see “Pinouts for Auxiliary Port Modem Cable,” in Appendix F, “Technical Specifications and Safety Information.” Connecting to a LocalTalk network If you have purchased the AppleTalk feature expansion kit, you can also connect the Router to an AppleTalk network that uses either Ethernet or LocalTalk. Refer to the sheet of optional feature set add-ons in your Netopia R2020 documentation folio.
4-6 User’s Reference Guide Wiring guidelines for PhoneNET cabling Topology 22 gauge .642 mm 24 gauge .510 mm daisy chain n/a n/a backbone 4500 ft. 1372 m 1125 ft. 343 m 3000 ft. 914 m 3000 ft. 229 m 750 ft. 229 m 2000 ft. 610 m 4-branch passive star* LocalTalk StarController 12-branch active star * distance is per branch For detailed configuration instructions see “AppleTalk Setup” on page 12-1. 26 gauge .403 mm 1800 ft. 549 m 1800 ft. 549 m 450 ft. 137 m 1200 ft.
Console-based Management 5-1 Chapter 5 Console-based Management Console-based management is a menu-driven interface for the capabilities built in to the Netopia R2020. Console-based management provides access to a wide variety of features that the router supports. You can customize these features for your individual setup. This chapter describes how to access and navigate the console-based management screens.
5-2 User’s Reference Guide using the router to connect to more than one service provider or remote site. ■ The System Configuration menus display and permit changing: ■ Network Protocols Setup. See “Multiple Network Address Translation and IP Setup” on page 10-1. ■ Filter Sets. See “Security” on page 14-1. ■ IP Address Serving. See “IP address serving” on page 10-35. ■ Date and Time. See “Date and Time” on page 7-11. ■ Console Configuration.
Console-based Management 5-3 Configuring Telnet software If you are configuring your router using a Telnet session, your computer must be running a Telnet software program. ■ If you connect a PC with Microsoft Windows, you can use a Windows Telnet application or simply run Telnet from the Start menu. ■ If you connect a Macintosh computer, you can use the NCSA Telnet program supplied on the Netopia R2020 CD. You install NCSA Telnet by simply dragging the application from the CD to your hard disk.
5-4 User’s Reference Guide Launch your terminal emulation software and configure the communications software for the following values. These are the default communication parameters that the Netopia R2020 uses. Parameter Suggested Value Terminal type PC: ANSI, VT100 Mac: ANSI, VT-100, or VT-200 Data bits 8 Parity None Stop bits 1 Speed Options are: 9600, 19200, 38400, or 57600 bits per second Flow Control None Note: The router firmware contains an autobaud detection feature.
Easy Setup 6-1 Chapter 6 Easy Setup This chapter describes how to use the Easy Setup console screens on your Netopia R2020 Dual Analog Router. The Easy Setup console screens provide an alternate method for experienced users to set up their router’s Connection Profiles without using SmartStart. After completing the Easy Setup console screens, your router will be ready to connect to the Internet or another remote site.
6-2 User’s Reference Guide A screen similar to the following appears: Netopia R2020 v4.4 Easy Setup... WAN Configuration... System Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... Return/Enter goes to Easy Setup -- minimal configuration. You always start from this main screen.
Easy Setup 6-3 Beginning Easy Setup To begin Easy Setup, select Easy Setup in the Main Menu, then press Return. The Easy Setup Profile screen appears. Connection Profile 1: Easy Setup Profile Number to Dial: 212 555 1212 Address Translation Enabled: IP Addressing... Yes Numbered Local WAN Local WAN Remote IP Remote IP 0.0.0.0 0.0.0.0 127.0.0.2 255.255.255.255 IP Address: IP Mask: Address: Mask: PPP Authentication...
6-4 User’s Reference Guide 4. Select Local WAN IP Address and enter the local WAN address your ISP gave you. The default address is 0.0.0.0, which allows for dynamic addressing, when your ISP assigns an address each time you connect. However, you may enter another address if you want to use static addressing. ■ When using numbered interfaces, the Netopia Router will use its local WAN IP address and subnet mask to send packets to the remote router.
Easy Setup 6-5 IP Easy Setup Ethernet IP Address: Ethernet Subnet Mask: 192.168.1.1 255.255.255.0 Domain Name: Primary Domain Name Server: 0.0.0.0 Default IP Gateway: 127.0.0.2 IP Address Serving: On Number of Client IP Addresses: 1st Client Address: 100 192.168.1.100 PREVIOUS SCREEN NEXT SCREEN Enter an IP address in decimal and dot form (xxx.xxx.xxx.xxx). Set up the basic IP & IPX attributes of your Netopia in this screen. 1.
6-6 User’s Reference Guide 7. If IP Address Serving is On, select Number of Client IP Addresses. Then enter the number of available host addresses for the Netopia R2020 Dual Analog Router to allocate to the client computers on your network. This number defaults to the balance of the subnet addresses above the Netopia Router’s address. 8. If IP Address Serving is On, select 1st Client Address and enter the first IP address in the set of allocated served IP addresses. 9. Press Return.
Part II: Advanced Configuration
User’s Reference Guide
WAN and System Configuration 7-1 Chapter 7 WAN and System Configuration This chapter describes how to use the console-based management screens to access and configure advanced features of your Netopia R2020 Dual Analog Router. You can customize these features for your individual setup. These menus provide a powerful method for experienced users to set up their router’s connection profiles and system configuration.
7-2 User’s Reference Guide Creating a new Connection Profile Connection Profiles define the telephone and networking protocols necessary for the router to make a remote connection. A Connection Profile is like an address book entry describing how the router is to get to a remote site, or how to recognize and authenticate a remote user dialing in to the router. For example, to create a new Connection Profile, you navigate to the WAN Configuration screen from the Main Menu, and select Add Connection Profile.
WAN and System Configuration 7-3 4. Select Datalink Options and press Return. The Datalink Options screen appears. Note: The Datalink Options shown below are for the default Data Link Encapsulation method PPP. (For VPN Data Link Options see “Virtual Private Networks” on page 9-1.) Datalink (PPP/MP) Options Data Compression... Standard LZS Send Authentication...
7-4 User’s Reference Guide IP Profile Parameters Address Translation Enabled: IP Addressing... Yes Numbered NAT Rule List... NAT Server List... Local WAN Local WAN Remote IP Remote IP IP Address: IP Mask: Address: Mask: 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Filter Set... Remove Filter Set Receive RIP: Both Toggle to Yes if this is a single IP address ISP account. Configure IP requirements for a remote network connection here. 6.
WAN and System Configuration 7-5 9. Select Telco Options and press return. the Telco Options screen appears. NOTE: If you are creating a VPN Connection Profile, the Telco Options menu is not used and becomes unavailable. Telco Options Dial... Dial In/Out Dialing Prefix: Number to Dial: Alternate Site to Dial: Dial on Demand: Idle Timeout (seconds): Yes 300 CNA Validation Number: Callback: No Return/Enter to allow dialing out, dialing in, or both.
7-6 User’s Reference Guide WAN Configuration +-Profile Name---------------------IP Address----IPX Network-+ +------------------------------------------------------------+ | Easy Setup Profile 127.0.0.2 | | Profile 02 0.0.0.0 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------------------------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. Select the connection profile you want to view or edit and press Return.
WAN and System Configuration 7-7 Deleting connection profiles You can delete a connection profile by returning to the WAN Configuration menu and selecting Delete Connection Profile. A scrolling pop-up screen appears. Select the profile you want to delete and press Return. When prompted, select CONTINUE, and the connection profile will be deleted.
7-8 User’s Reference Guide The console screen will open to the Main Menu, similar to the screen shown below: Netopia R2020 v4.4 Easy Setup... WAN Configuration... System Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... Return/Enter goes to Easy Setup -- minimal configuration. You always start from this main screen.
WAN and System Configuration 7-9 To help you determine whether you need to use the System Configuration options, review the following requirements. If you have one or more of these needs, use the System Configuration options described in the later chapters. ■ Two or more outgoing connection profiles to connect to more than one remote location (for example, to connect to the Internet and to a network at another office).
7-10 User’s Reference Guide Layer Category Physical Layer Parameter Type Telco Parameters Options Default settings Dial is set to: Dial In/Out Dial On Demand is set to: Yes Callback is set to: No Idle Time-out is set for: 300 seconds To access the System Configuration screens, select System Configuration in the Main Menu, then press Return. The System Configuration Menu screen appears: System Configuration Network Protocols Setup... Filter Sets (Firewalls)... IP Address Serving...
WAN and System Configuration 7-11 IP Address Serving These screens allow you to configure IP Address serving on your network by means of DHCP, WANIP, BootP, and with the optional AppleTalk kit, MacIP. ■ Details are given in “IP address serving” on page 10-35. Date and Time You can set the system’s date and time in the Set Date and Time screen. Select Date and Time in the System Configuration screen and press Return to go to the Set Date and Time screen.
7-12 User’s Reference Guide To go to the Console Configuration screen, select Console Configuration in the System Configuration screen. Console Configuration Baud Rate... 57600 Hardware Flow Control: Yes SET CONFIG NOW CANCEL Follow these steps to change a parameter’s value: 1. Select the parameter you want to change. 2. Select a new value for the parameter. Return to step 1 if you want to configure another parameter. 3. Select SET CONFIG NOW to save the new parameter settings.
WAN and System Configuration 7-13 Logging You can configure a UNIX-compatible syslog client to report a number of subsets of the events entered in the router’s WAN Event History. See “WAN Event History” on page 13-6.The Syslog client (for the PC only) is supplied as a .ZIP file on the Netopia CD. Select Logging from the System Configuration menu. The Logging Configuration screen appears.
7-14 User’s Reference Guide When using syslog with a switched connection, if the host you are logging into is located on the WAN, the act of tearing down the call generates WAN events. This requires the torn down line to come back up, effectively making a call that will go up and down continuously. This will only occur when the router tears down the call. If the call is cleared remotely the redial restriction takes precedence and the packets are transparently aged out of the queue.
Managing Data Calls 8-1 Chapter 8 Managing Data Calls You can set a Netopia Router to make scheduled connections using designated connection profiles. This is useful for creating and controlling regularly scheduled periods when the router can be used by hosts on your network. It is also useful for once-only connections that you want to schedule in advance. The Netopia R2020 Dual Analog Router can answer calls as well as initiate them. To answer calls, the Netopia R2020 uses a Default Answer Profile.
8-2 User’s Reference Guide Internal Modem Configuration Modem Dialing Prefix: PBX Dialing Prefix: ATDT Line 1 Directory Number: Answer on Ring Type... Any Line 2 Directory Number: Answer on Ring Type... Any Speaker On... Speaker Volume... Always 2-Medium Aux Serial Port... Data Rate (kbps)... Aux Modem Init String: Aux Modem Directory Number: Async Modem 57.6 AT&F&C1&D2E0S0=1 Enter the dialing prefix to be sent to all modems. Enter Information supplied to you by your telephone company.
Managing Data Calls 8-3 the line, but uses a different telephone number and ring pattern. Supported options are: Ring Type: ■ Description: Any (the default) any pattern Ring A 2.0 sec ON, 4.0 sec OFF (normal North American ring pattern) Ring B 0.8 sec ON, 0.4 sec OFF, 0.8 sec ON, 4.0 sec OFF Ring C 0.4 sec ON, 0.2 sec OFF, 0.4 sec ON, 0.2 sec OFF, 0.8 sec ON, 4.
8-4 User’s Reference Guide For external modem applications, the Data Rate pop-up offers a variety of clock rates from 9600 to 230 Kbps. The default is 57.6 kbps. You can also specify the Modem Init String for your modem and the Directory Number of the telephone line connected to the third port. Note: If you change the modem init string, you must restart the system. From the Main Menu, go to Utilities & Diagnostics and select Restart System. The router will reboot, and your changes will be in effect.
Managing Data Calls 8-5 1. Select Default Answer Profile in the WAN Configuration screen. Press Return. The Default Profile screen appears. Default Answer Profile Calling Number Authentication... Preferred Must Match a Defined Profile: Yes PPP Authentication... PAP Configure values which may be used when receiving a call in this screen. 2.
8-6 User’s Reference Guide CNA should be available where CallerID services are available. You will need to consult with your telephone service provider to find out if your line is provisioned for CallerID. Also note that if the calling side has instructed the phone company to block delivery of its caller ID, the answering side will not be able to authenticate. If your line does not support the appropriate service, CNA may not work properly. 3.
Managing Data Calls 8-7 Note: The authentication method you choose determines which connection profiles are accessible to callers. For example, if you choose PAP, callers using CHAP or no authentication will be dropped by the answer profile. ■ ■ To allow calls that only match a connection profile’s remote IP and/or IPX address: ■ Toggle Must Match a Defined Profile to Yes, and ■ set Authentication to None.
8-8 User’s Reference Guide Viewing scheduled connections To display a table of view-only scheduled connections, select Display/Change Scheduled Connection in the Scheduled Connections screen. Each scheduled connection occupies one row of the table. Scheduled Connections +-Days----Begin At---HH:MM---When----Conn. Prof.
Managing Data Calls 8-9 Add Scheduled Connection Scheduled Connection Enable: On How Often... Weekly Schedule Type... Forced Up Set Weekly Schedule... Use Connection Profile... ADD SCHEDULED CONNECTION CANCEL Scheduled Connections dial remote Networks on a Weekly or Once-Only basis. Follow these steps to configure the new scheduled connection: ■ To activate the connection, select Scheduled Connection Enable and toggle it to On.
8-10 User’s Reference Guide Often is set to Once Only, the item directly below How Often reads Set Once-Only Schedule. Set Weekly Schedule If you set How Often to Weekly, select Set Weekly Schedule and go to the Set Weekly Schedule screen. ■ Select the days for the scheduled connection to occur and toggle them to Yes.
Managing Data Calls 8-11 Set Once-Only Schedule ■ Place Call on (MM/DD/YY): 05/07/1998 Scheduled Window Start Time: AM or PM: 11:50 AM Scheduled Window Duration: 00:00 Select Place Call On (Date) and enter a date in the format MM/DD/YY or MM/DD/YYYY (month, day, year). Note: You must enter the date in the format specified. The slashes are mandatory. For example, the entry 5/7/98 would be accepted as May 7, 1998. The entry 5/7 would be rejected.
8-12 User’s Reference Guide Select a scheduled connection from the table and go to the Change Scheduled Connection screen. The parameters in this screen are the same as the ones in the Add Scheduled Connection screen (except that ADD SCHEDULED CONNECTION and CANCEL do not appear). To find out how to set them, see “Adding a scheduled connection” on page 8-8.
Managing Data Calls 8-13 System Information page This is the initial page you link to when you connect to the Web-based management pages. It displays useful general information about your router: Ethernet Address. The router’s hardware or MAC address Firmware Version. The router’s model number and current firmware revision level Current Date. The current date and time, as you have configured them IP Address. The router’s internal IP address IPX Network Address.
8-14 User’s Reference Guide of the activity for your Frame relay DLCIs. ■ ■ “Connection Status page” on page 8-15 (for switched interfaces only): displays the current state of your switched connection. ■ “Connect/Disconnect page” on page 8-16 (for switched interfaces only): displays a list of your Connection Profiles, allowing you to initiate connections using any one of them. Accounting (for switched interfaces only) If you have a leased line with an unswitched interface, these options do not appear.
Managing Data Calls 8-15 Connection Status page For switched interface connections, the Connection Status page displays information for your active Connection Profile and, if applicable, any POTS calls currently active. The table gives the following information: Profile. The name you have assigned to the Connection Profile that is currently connected. Rate. The data rate of this connection. % Usage. The average percent use of the maximum capacity of the channels in use for the connection. Established by.
8-16 User’s Reference Guide Connect/Disconnect page The Connect/Disconnect page displays a list of your configured Connection Profiles and allows you to connect or disconnect any of them. To initiate a connection using any of the displayed Connection Profiles, simply click the Connect link. To disconnect from an active Connection Profile, click the Disconnect link.
Managing Data Calls 8-17 Router Budget Configuration page The Router Budget Configuration page allows you to modify the parameters for your overall connection accounting policy. From this page you can: ■ turn Router Budget either On or Off from the pull-down menu ■ change the Reset Date (day) on which the counters begin counting again ■ change the total aggregate Time Limit in minutes covered by all of your budgets If you make any changes in this screen, click the Submit button.
8-18 User’s Reference Guide Connection Budgets page The Connection Budgets page displays information for three budgets or Connection Profiles for tracking and controlling connection usage on a per-Connection Profile basis. The status of your Connection Budgets is summarized on this page. You configure your budgets in the Budget Configuration page. To configure a budget, click the Edit link for that budget. The Connection Budget Configuration page appears. (See page 8-19.
Managing Data Calls 8-19 Connection Budget Configuration page You can configure budgets to be: ■ Enforced, meaning that when you reach the usage limit for the assigned time period, the Connection Profile will allow no more connections. If the budget is not enforced, the system will merely keep track of its usage. To enforce this budget, check the Enforced checkbox. ■ in Override mode.
8-20 User’s Reference Guide schedule, you choose the day of the month to start it. Click the Submit button to enable your entries and be returned to the Connection Budgets page or click the Cancel button to discard all your entries. Click the Reset button to reset all counters and archives to zero. Budget Statistics page You can view statistics for all of your budgets at once or one at a time.
Managing Data Calls 8-21 Event History pages The Netopia R2020 records certain relevant occurrences in event histories. Event histories are useful for diagnosing problems because they list what happened before, during, and after a problem occurs. You can view two different event histories: one for the router’s system and one for the WAN. The Netopia R2020’s built-in battery backup prevents loss of event history from a shutdown or reset.
8-22 User’s Reference Guide Device Event History page You can refresh the Device Event History log by clicking the update this page link.
Managing Data Calls 8-23 Console-based management screens You access the console-based management screens either by running your Telnet application or your terminal emulator to the serial console. For details on how to do this, see Chapter 5, “Console-based Management.” Navigate to the Accounting screens. WAN Configuration Main Menu Accounting Configuration The Accounting Configuration screen appears.
8-24 User’s Reference Guide Connection Budget Setup Name: Budget 1 Use Connection Profile... Easy Setup Profile Enforced: Override: Off Off Units: Limit: Minutes 300 Time Period... 1st Day of Week... Week Sunday Choose the Connection Profile this budget is for. Configuration is similar to the Web-based management configuration screens. ■ Selecting Use Connection Profile displays a pop-up list of all of your Connection Profiles.
Managing Data Calls 8-25 Main Menu Statistics & Logs Accounting Statistics Connection Budget Statistics The Budget Statistics screen appears. Budget Statistics (in HHHH:MM) Budget Budget Budget Budget Name------First Minutes----Additional Minutes-------Cutoff--Expired 1 0:00 0:00 2:00 2 0:00 0:00 5:00 3 0:00 0:00 10:00 You can view statistics for all your budgets at once or one at a time. ■ Budget Name shows the names of your budgets.
8-26 User’s Reference Guide Date and time setting Note: If you have Connection Budgets configured, changing the date setting will reset the Connection Budgets under one of the following conditions: ■ If the new date is greater than the old date and the new date falls outside of the current budget window; or ■ If the new date is in the past and the date is not the current date (i.e., yesterday or earlier). A warning message is displayed in the console window when a budget is reset.
Virtual Private Networks 9-1 Chapter 9 Virtual Private Networks The Netopia R2020 Dual Analog Router offers both PPTP and ATMP Layer 2 tunneling support for Virtual Private Networks (VPN) as a component of a connection profile. Overview When you make a long distance telephone call from your home to a relative far away, you are creating a private network.
9-2 User’s Reference Guide Transit Internetwork Virtual Private Network Logical Equivalent Unlike the phone company, private and public computer networks can use more than one protocol to carry your information over the wires. Two such protocols are in common use for tunnelling, Point-to-Point Tunnelling Protocol (PPTP) and Ascend Tunnel Management Protocol (ATMP). The Netopia Router can use either one.
Virtual Private Networks 9-3 Configuring the Netopia Router for use with either of the two protocols is done through the console-based menu screens. Each type is described in its own section: ■ “About PPTP tunnels” on page 9-4 ■ “About ATMP Tunnels” on page 9-16 Your configuration depends on which protocol you (and the router at the other end of your tunnel) will use, and whether or not you will be using the VPN client software in a standalone remote connection.
9-4 User’s Reference Guide About PPTP tunnels To set up a PPTP tunnel, you create a Connection Profile including the IP address and other relevant information for the remote PPTP partner. You use the same procedure to initiate a PPTP tunnel that terminates at a remote PPTP server or to terminate a tunnel initiated by a remote PPTP client. PPTP Configuration To set up the router as a PPTP Network Server (PNS) capable of answering PPTP tunnel requests you must also configure the VPN Default Answer Profile.
Virtual Private Networks 9-5 PPTP Tunnel Options PPTP Partner IP Address: Tunnel Via Gateway: 173.167.8.134 0.0.0.0 Data Compression... Authentication... None CHAP Send Host name: Send Secret: tony ***** Receive Host name: Receive Secret: kimba ****** Initiate Connections: On Demand: Yes Yes Idle Timeout (seconds): 300 Return accepts * ESC cancels * Left/Right moves insertion point * Del deletes. In this Screen you will configure the GRE/PPTP specific connection params.
9-6 User’s Reference Guide initiating a tunnel connection. ■ You can specify a Receive Host Name which is used with the Receive Secret for authenticating a remote PPTP client. ■ You must specify a Receive Secret, used for authenticating the remote PPTP client. ■ You can specify that this router will Initiate Connections (acting as a PAC) or only answer them (acting as a PNS). ■ Tunnels are normally initiated On Demand; however, you can disable this feature.
Virtual Private Networks 9-7 Ordinarily, Ping is an excellent troubleshooting tool, but it will not be effective in this circumstance. Instead, use another TCP- or UDP-based network service for troubleshooting. Since the Netopia Router is capable of serving Telnet and HTTP, we recommend using these services instead of Ping. Encryption support Encryption is a method for altering user data into a form that is unusable by anyone other than the intended recipient.
9-8 User’s Reference Guide VPN Default Answer Profile The WAN Configuration menu offers a VPN Default Answer Profile option. Use this selection when your router is acting as the server for VPN connections, that is, when you are on the answering end of the tunnel establishment. The VPN Default Answer Profile determines the way the attempted tunnel connection is answered. WAN Configuration WAN (Wide Area Network) Setup... Display/Change Connection Profile... Add Connection Profile...
Virtual Private Networks 9-9 default) if you do not. This applies to both ATMP and PPTP connections. ■ For PPTP tunnel connections only, you must define what type of authentication these connections will use. Select Receive Authentication and press Return. A pop-up menu offers the following options: PAP (the default), CHAP, or MS-CHAP. ■ If you chose PAP or CHAP authentication, from the Data Compression pop-up menu select either None (the default) or Standard LZS.
9-10 User’s Reference Guide Dial-Up Networking for VPN Microsoft Windows Dial-Up Networking software permits a remote stand-alone workstation to establish a VPN tunnel to a PPTP server such as a Netopia Router located at a central site. Dial-Up Networking also allows a mobile user who may not be connected to a PAC to dial into an intermediate ISP and establish a VPN tunnel to, for example, a corporate headquarters, remotely.
Virtual Private Networks 9-11 The Communications window appears. 5. In the Communications window, select Dial-Up Networking and click the OK button. This returns you to the Windows Setup screen. Click the OK button. 6. Respond to the prompts to install Dial-Up Networking from the system disks or CDROM. 7. When prompted, reboot your PC.
9-12 User’s Reference Guide Configuring a Dial-Up Networking profile Once you have created your Dial-Up Networking profile, you configure it for TCP/IP networking to allow you to connect to the Internet through your Internet connection device. Do the following: 1. Double-click the My Computer (or whatever you have named it) icon on your desktop. Open the Dial-Up Networking folder. You will see the icon for the profile you created in the previous section. 2.
Virtual Private Networks 9-13 4. 5. Click the TCP/IP Settings button. ■ If your ISP uses dynamic IP addressing (DHCP), select the Server assigned IP address radio button. ■ If your ISP uses static IP addressing, select the Specify an IP address radio button and enter your assigned IP address in the fields provided. Also enter the IP address in the Primary and Secondary DNS fields. Click the OK button in this window and the next two windows.
9-14 User’s Reference Guide Installing the VPN Client Before Installing the VPN Client you must have TCP/IP installed and have an established Internet connection. Windows 95 VPN installation 1. From your Internet browser navigate to the following URL: http://www.microsoft.com/NTServer/nts/downloads/recommended/dunl3win95/releasenotes.aso Download the Microsoft Windows 95 VPN patch dun 1.3 to the Windows 95 computer you intend to use as a VPN client with PPTP. Follow the installation instructions. 2.
Virtual Private Networks 9-15 3. Click the Windows Setup tab. The Windows Setup screen will be displayed within the top center box. 4. Double-click Communications. This displays a list of possible selections for the communications option. Active components will have a check in the checkboxes to their left. 5. Check Dial Up Networking at the top of the list and Virtual Private Networking at the bottom of the list. 6. Click OK at the bottom right on each screen until you return to the Control Panel.
9-16 User’s Reference Guide About ATMP Tunnels To set up an ATMP tunnel, you create a Connection Profile including the IP address and other relevant information for the remote ATMP partner. ATMP uses the terminology of a foreign agent that initiates tunnels and a home agent that terminates them. You use the same procedure to initiate or terminate an ATMP tunnel. Used in this way, the terms initiate and terminate mean the beginning and end of the tunnel; they do not mean activate and deactivate.
Virtual Private Networks 9-17 When you define a Connection Profile as using ATMP by selecting ATMP as the datalink encapsulation method, and then select Data Link Options, the ATMP Tunnel Options screen appears. ATMP Tunnel Options ATMP Partner IP Address: Tunnel Via Gateway: 173.167.8.134 0.0.0.0 Network Name: Password: sam.net **** Data Encryption... Key String: DES Initiate Connections: On Demand: Yes Yes Idle Timeout (seconds): 300 Enter an IP address in decimal and dot form (xxx.xxx.xxx.
9-18 User’s Reference Guide invisible. ■ You can specify that this router will Initiate Connections, acting as a foreign agent (Yes), or only answer them, acting as a home agent (No). ■ Tunnels are normally initiated On Demand; however, you can disable this feature. When disabled, the tunnel must be manually established through the call management screens. ■ You can specify the Idle Timeout, an inactivity timer, whose expiration will terminate the tunnel. A value of zero disables the timer.
Virtual Private Networks 9-19 Allowing VPNs though a firewall An administrator interested in securing a network will usually combine the use of VPNs with the use of a firewall or some similar mechanism. This is because a VPN is not a complete security solution, but rather a component of overall security. Using a VPN will add security to transactions carried over a public network, but a VPN alone will not prevent a public network from infiltrating a private network.
9-20 User’s Reference Guide Select Display/Change Input Filter. Display/Change Input Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+ | 1 0.0.0.0 0.0.0.0 TCP NC =1723 Yes Yes | | 2 0.0.0.0 0.0.0.0 GRE --Yes Yes | | | For Input Filter 1 set the Destination Port information as shown below. Change Input Filter 1 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.
Virtual Private Networks 9-21 In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+ | 1 0.0.0.0 0.0.0.0 TCP NC =1723 Yes Yes | | 2 0.0.0.0 0.0.0.0 GRE --Yes Yes | For Output Filter 1 set the Protocol Type and Destination Port information as shown below.
9-22 User’s Reference Guide ATMP Example To enable a firewall to allow ATMP traffic, you must provision the firewall to allow inbound and outbound UDP packets specifically destined for port 5150. The source port may be dynamic, so often it is not useful to apply a compare function on this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets (Protocol 47, Internet Assigned Numbers Document, RFC 1700), enabling transport of the tunnel payload.
Virtual Private Networks 9-23 Change Input Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: GRE In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+ | 1 0.0.0.0 0.0.0.
9-24 User’s Reference Guide Change Output Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.
Multiple Network Address Translation and IP Setup 10-1 Chapter 10 Multiple Network Address Translation and IP Setup The Netopia R2020 uses Internet Protocol (IP) to communicate both locally and with remote networks. This chapter shows you how to configure the Router to route IP traffic. You also learn how to configure the Router to serve IP addresses to hosts on your local network. Netopia’s SmartIP features IP address serving and Network Address Translation.
10-2 User’s Reference Guide The terms public and external refer to the Internet side of the Netopia Router's connection. A machine on the public network cannot necessarily access a machine behind a Netopia Router's NAT remapping, unless you specify that it can. Multiple Network Address Translation (MultiNAT) introduces several new NAT-related features. These features can be divided into three categories that can be used simultaneously in different combinations on a per-Connection Profile basis.
Multiple Network Address Translation and IP Setup 10-3 Public Addresses 206.1.1.1 206.1.1.2 206.1.1.3 206.1.1.4 206.1.1.5 206.1.1.6 Private Addresses 192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5 192.168.1.6 - 254 IP Host Router Web Server Mail Server FTP Server #1 FTP Server #2 LAN Users NAT Type 1:1 Static 1:1 Static 1:1 Static 1:1 Static 1:1 Static 1:Many PAT In order to support this type of mapping, the private addresses and public addresses are separated and are assigned to ranges.
10-4 User’s Reference Guide NAT configuration You use the NAT feature sets by defining a series of remapping rules and then grouping them into a list. There are two kinds of lists -- Map Lists, made up of PAT and Static remapping rules, and Server Lists, a list of internal services to be presented to the external world. Creating these lists is a four-step process: 1. Define the public range of addresses that external computers should use to get to the NAT internal machines.
Multiple Network Address Translation and IP Setup 10-5 ■ The Local WAN IP Address is used to configure a NAT public address range consisting of the Local WAN IP Address and all its ports. The public address map list is named Easy-PAT List and the port map list is named Easy-Servers. When you exit this screen the two map lists, Easy-PAT List and Easy-Servers, are created by default and NAT configuration becomes effective.This will map all your private addresses (0.0.0.0 through 255.255.255.
10-6 User’s Reference Guide IP Setup Ethernet IP Address: Ethernet Subnet Mask: Define Additional Subnets... 192.168.1.1 255.255.255.0 Default IP Gateway: 0.0.0.0 Primary Domain Name Server: 0.0.0.0 Domain Name: Receive RIP: Transmit RIP: Static Routes... Both Off IP Address Serving Setup Network Address Translation (NAT)... Filter Sets... Enter an IP address in decimal and dot form (xxx.xxx.xxx.xxx). Set up the basic IP attributes of your Netopia in this screen.
Multiple Network Address Translation and IP Setup 10-7 NAT rules The following rules apply to assigning NAT ranges and server lists: ■ Static public address ranges must not overlap other static, PAT, public addresses or the public address assigned to the router’s WAN interface. ■ A PAT public address must not overlap any static address ranges. It may be the same as another PAT address or server list address, but the port range must not overlap.
10-8 User’s Reference Guide ■ Select ADD NAT PUBLIC RANGE and press Return. The range will be added to your list and you will be returned to the Network Address Translation screen. Once the public ranges have been assigned, the next step is to bind interior addresses to them. Because these bindings occur in ordered lists, called map lists, you must first define the list, then add mappings to it. From the Network Address Translation screen select Add Map List and press Return.
Multiple Network Address Translation and IP Setup 10-9 ■ Select First and Last Private Address and enter the first and last interior IP addresses you want to assign to this mapping. ■ Select Use NAT Public Range and press Return. A screen appears displaying the public ranges you have defined. Add NAT Map ("my_map") +-Public Address Range------------Type----Name-------------+ +----------------------------------------------------------+ | 0.0.0.0 -pat Easy-PAT | | 1.1.1.1 -pat my_first_range | | 2.2.2.
10-10 User’s Reference Guide Add NAT Map ("my_map") First Private Address: 5.5.5.4 Last Private Address: 5.5.5.6 Use NAT Public Range... my_first_range Public Range Type is: Public Range Start Address is: ADD NAT MAP ■ pat 1.1.1.1 CANCEL Select ADD NAT MAP and press Return. Your mapping is added to your map list. Modifying map lists You can make changes to an existing map list after you have created it. Since there may be more than one map list you must select which one you are modifying.
Multiple Network Address Translation and IP Setup 10-11 The Show/Change NAT Map List screen appears. Show/Change NAT Map List Map List Name: my_map Add Map... Show/Change Maps... Delete Map... Move Map... ■ Add Map allows you to add a new map to the map list. ■ Show/Change Maps allows you to modify the individual maps within the list. ■ Delete Map allows you to delete a map from the list. ■ Move Map allows you to change the priority order in which the map is evaluated within the list.
10-12 User’s Reference Guide The Change NAT Map screen appears. Change NAT Map ("my_map") First Private Address: 7.7.7.7 Last Private Address: 7.7.7.9 Use NAT Public Range... my_second_range Public Range Type is: Public Range Start Address is: Public Range End Address is: CHANGE NAT MAP static 2.2.2.2 3.3.3.3 CANCEL Make any modifications you need and then select CHANGE NAT MAP and press Return. Your changes will become effective and you will be returned to the Show/Change NAT Map List screen.
Multiple Network Address Translation and IP Setup 10-13 All operations are done from a single pop-up menu. ■ In the Show/Change Map List screen, select Move Map. A selection mode pop-up menu appears. In this mode you scroll to the map you want to move and press Return to select it for moving. ■ After pressing Return you are in Move mode. Arrow keys move the selected map up or down. When you press Return again the map is put in the new location permanently and the pop-up menu is dismissed.
10-14 User’s Reference Guide Add NAT Server ("my_servers") Service... ■ Server Private IP Address: 0.0.0.0 Public IP Address: 0.0.0.0 ADD NAT SERVER CANCEL Select Service and press Return. A pop-up menu appears listing a selection of commonly exported services. Add NAT Server ("my_servers") +-Type------Port(s)-------+ +-------------------------+ Service...
Multiple Network Address Translation and IP Setup 10-15 Other Exported Port First Port Number (1..65535): 0 Last Port Number (1..65535): 0 OK ■ ■ CANCEL Enter the First and Last Port Number between ports 1 and 65535. Select OK and press Return. You will be returned to the Add NAT Server screen. Enter the Server Private IP Address of the server whose service you are exporting.
10-16 User’s Reference Guide Network Address Translation +-NAT Server List Name-+ +----------------------+ A| my_servers | S| |.. D| | | | A| | S| | D| | | | A| | S| |. D| | | | | | | | | | | | +----------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. The Show/Change NAT Server List screen appears. Show/Change NAT Server List Server List Name: my_servers Add Server... Show/Change Server... Delete Server...
Multiple Network Address Translation and IP Setup 10-17 Show/Change NAT Server List +-Private Address--Public Address----Port------------+ +----------------------------------------------------+ Se| 1.1.1.1 2.2.2.2 www-http 80 | | 3.3.3.3 7.7.7.7 ftp 21 | | 5.5.5.5 6.6.6.6 timbuktu 407 | Ad| | | | Sh| | | | De| | | | | | | | | | | | | | | | | | +----------------------------------------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
10-18 User’s Reference Guide A pop-up menu lists your configured servers. Select the one you want to delete and press Return. A dialog box asks you to confirm your choice. Show/Change NAT Server List +-Internal Address-External Address--Port------------+ +----------------------------------------------------+ Se| 1.1.1.1 2.2.2.2 www-http 80 | | 3.+----------------------------------------------+ | | 5.
Multiple Network Address Translation and IP Setup 10-19 IP Profile Parameters Address Translation Enabled: IP Addressing... Yes Unnumbered NAT Map List... NAT Server List... Easy-PAT List Easy-Servers Local WAN IP Address: 0.0.0.0 Remote IP Address: Remote IP Mask: 127.0.0.2 255.255.255.255 Filter Set... Remove Filter Set NetBIOS Filter Receive RIP: Both Return/Enter to select ... Configure IP requirements for a remote network connection here.
10-20 User’s Reference Guide IP Profile Parameters +-NAT Server List Name-+ +----------------------+ Address Trans| my_server_list |s IP Addressing| my_servers |mbered | <> | NAT Map List.| |sy PAT NAT Server Li| | | | Local WAN IP | |0.0.0 Local WAN IP | |0.0.0 Remote IP Add| |7.0.0.2 Remote IP Mas| |5.255.255.255 | | Filter Set...| |tBIOS Filter Remove Filter| | | | Receive RIP: | |th | | +----------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
Multiple Network Address Translation and IP Setup 10-21 The Default Answer Profile screen appears. Default Answer Profile Must Match a Defined Profile: No IP Enabled: IP Parameters... Yes IPX Enabled: No Data Compression... Max. Receive Packet Size: Standard LZS 1500 Idle Timeout: 300 Return/Enter accepts * Tab toggles * ESC cancels. Configure values which may be used when receiving a call in this screen.
10-22 User’s Reference Guide NAT Associations Configuration of map and server lists alone is not sufficient to enable NAT for a WAN connection because map and server lists must be linked to a profile that controls the WAN interface. This can be a Connection Profile, a WAN Ethernet interface, a default profile, or a default answer profile. Once you have configured your map and server lists, you may want to reassign them to different interface-controlling profiles, for example, Connection Profiles.
Multiple Network Address Translation and IP Setup 10-23 NAT Associations +NAT Map List Name-+ Profile/Interface Name-------------Nat+------------------+Server List Name Easy Setup Profile On | Easy-PAT List |my_servers Profile 01 On | my_first_map |my_servers Profile 02 On | my_second_map |my_server_list Profile 03 On | my_map |<> Profile 04 On | <> |<> | | | | | | | | | | | | | | | | | | | | | | Default Answer Profile On +------------------+my_servers Up/Down Arrow Keys to select, ESC to
10-24 User’s Reference Guide MultiNAT Configuration Example To help you understand a typical MultiNAT configuration, this section describes an example of the type of configuration you may want to implement on your site. The values shown are for example purposes only. Make your own appropriate substitutions. A typical service from an ISP might include five user addresses. Without PAT, you might be able to attach only five IP hosts.
Multiple Network Address Translation and IP Setup 10-25 Enter your ISP-supplied values as shown below. Connection Profile 1: Easy Setup Profile Connection Profile Name: Easy Setup Profile Address Translation Enabled: IP Addressing... Yes Numbered Local WAN IP Address: Local WAN IP Mask: 173.166.100.34 255.255.255.252 PREVIOUS SCREEN NEXT SCREEN Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx). Enter basic information about your WAN connection with this screen.
10-26 User’s Reference Guide Select Show/Change Public Range, then Easy-PAT Range, and press Return. Enter the value your ISP assigned for your public address (206.1.1.6, in this example). Toggle Type to pat. Your public address is then mapped to the remaining private IP addresses using PAT. (If you were not using the Easy-PAT Range and Easy-PAT List that is created by default by using Easy Setup, you would have to define a public range and Map List.
Multiple Network Address Translation and IP Setup 10-27 Select ADD NAT PUBLIC RANGE and press Return. You are returned to the Network Address Translation screen. Next, select Show/Change Map List and choose Easy-PAT List. Select Add Map. The Add NAT Map screen appears. (Now the name Easy-PAT List is a misnomer since it has a static map included in its list.) Enter in 192.168.1.1 for the First Private Address and 192.168.1.5 for the Last Private Address.
10-28 User’s Reference Guide ■ First, navigate to the Show/Change Map List screen, select Easy-PAT List and then Show/Change Maps. Choose the Static Map you created and change the First Private Address from 192.168.1.1 to 192.168.1.4. Now the router, Web, and Mail servers’ IP addresses are no longer included in the range of static remappings and are therefore no longer accessible to the outside world. Users on the Internet will not be able to telnet, web, SNMP or ping to them.
Multiple Network Address Translation and IP Setup 10-29 IP subnets The IP Subnets screen allows you to configure up to eight Ethernet IP subnets, one “primary” subnet and up to seven secondary subnets, by entering IP address/subnet mask pairs: IP Subnets #1: IP Address ---------------192.128.117.162 Subnet Mask --------------255.255.255.0 #2: 0.0.0.0 0.0.0.0 #3: #4: #5: #6: #7: #8: Note: You need not use this screen if you have only a single Ethernet IP subnet.
10-30 User’s Reference Guide For example: IP Subnets #1: IP Address ---------------192.128.117.162 Subnet Mask --------------255.255.255.0 #2: 192.128.152.162 255.255.0.0 #3: 0.0.0.0 0.0.0.0 #4: #5: #6: #7: #8: ■ To delete a configured subnet, set both the IP address and subnet mask values to 0.0.0.0, either explicitly or by clearing each field and pressing Return or Enter to commit the change.
Multiple Network Address Translation and IP Setup 10-31 If you have configured multiple Ethernet IP subnets, the IP Setup screen changes slightly: IP Setup Subnet Configuration... Default IP Gateway: 192.128.117.163 Primary Domain Name Server: Secondary Domain Name Server: Domain Name: 0.0.0.0 0.0.0.0 Receive RIP: Transmit RIP: Static Routes... Both v2 (multicast) Address Serving Setup... Exported Services... Filter Sets...
10-32 User’s Reference Guide Static Routes Display/Change Static Route... Add Static Route... Delete Static Route... Configure/View/Delete Static Routes from this and the following Screens. Viewing static routes To display a view-only table of static routes, select Display/Change Static Route in the Static Routes screen. +-Dest. Network---Subnet Mask-----Next Gateway----Priority-Enabled-+ +------------------------------------------------------------------+ | 0.0.0.0 0.0.0.0 127.0.0.
Multiple Network Address Translation and IP Setup 10-33 Priority: An indication whether the Netopia R2020 will use the static route when it conflicts with information received from RIP packets. Enabled: An indication whether the static route should be installed in the IP routing table. Adding a static route To add a new static route, select Add Static Route in the Static Routes screen and go to the Add Static Route screen. Add Static Route Static Route Enabled: Yes Destination Network IP Address: 0.0.0.
10-34 User’s Reference Guide With RIP Metric you set the number of routers, from 1 to 15, between the sending router and the destination router. The maximum number of routers on a packet’s route is 15. Setting RIP Metric to 1 means that a route can involve 15 routers, while setting it to 15 means a route can only involve one router. ■ Select ADD STATIC ROUTE NOW to save the new static route, or select CANCEL to discard it and return to the Static Routes screen.
Multiple Network Address Translation and IP Setup 10-35 IP address serving Main Menu System Configuration IP Address Serving • • • • Serve Serve Serve Serve DHCP Clients BootP Clients Dynamic WAN Clients Mac IP/KIP Clients In addition to being a router, the Netopia R2020 is also an IP address server. There are four protocols it can use to distribute IP addresses.
10-36 User’s Reference Guide To go to the IP Address Serving screen, select IP Address Serving in the System Configuration screen and press Return. IP Address Serving Number of Client IP Addresses: 1st Client Address: Client Default Gateway... 5 192.168.6.138 192.168.6.137 Serve DHCP Clients: DHCP NetBios Options... Yes Serve BOOTP Clients: Yes Serve Dynamic WAN Clients Yes Serve MacIP/KIP Clients: MacIP/KIP Static Options... Yes Enter the maximum number of dynamic IP clients to support.
Multiple Network Address Translation and IP Setup 10-37 DHCP NetBIOS Options If your network uses NetBIOS, you can enable the Netopia R2020 to use DHCP to distribute NetBIOS information. NetBIOS stands for Network Basic Input/Output System. It is a layer of software originally developed by IBM and Sytek to link a network operating system with specific hardware. NetBIOS has been adopted as an industry standard.
10-38 User’s Reference Guide DHCP NetBios Options Serve NetBios Type: NetBios Type... Serve NetBios Scope: NetBios Scope: Serve NetBios Name Server: NetBios Name Server IP Addr: ■ +--------+ +--------+ | Type B | | Type P | | Type M | | Type H | +--------+ No 0.0.0.0 To serve DHCP clients with the NetBIOS scope, select Serve NetBIOS Scope and toggle it to Yes. Select NetBIOS Scope and enter the scope.
Multiple Network Address Translation and IP Setup 10-39 The Served IP Addresses screen appears. Served IP Addresses -IP Address-------Type----Expires--Client Identifier-----------------------------------------------------------SCROLL UP----------------------------------192.168.1.100 DHCP 00:59 EN: 08-00-07-16-0c-85 192.168.1.101 192.168.1.102 192.168.1.103 192.168.1.104 BOOTP 00:44 EN: 00-00-c5-4a-1f-ea 192.168.1.105 192.168.1.106 192.168.1.107 192.168.1.108 192.168.1.109 192.168.1.110 192.168.1.111 192.
10-40 User’s Reference Guide DHCP Relay Agent The R2020 offers DHCP Relay Agent functionality, as defined in RFC1542. A DHCP relay agent is a computer system or a router that is configured to forward DHCP requests from clients on the LAN to a remote DHCP server, and to pass the replies back to the requesting client systems. When a DHCP client starts up, it has no IP address, nor does it know the IP address of a DHCP server. Therefore, it uses an IP broadcast to communicate with one or more DHCP servers.
Multiple Network Address Translation and IP Setup 10-41 Select IP Address Serving Mode. The pop-up menu offers the choices of Disabled, DHCP Server (the default), and DHCP Relay Agent. If you select DHCP Relay Agent and press Return, the screen changes as shown below. IP Address Serving IP Address Serving Mode... DHCP Relay Agent Relay Server #1: Relay Server #2: Relay Server #3: 10.1.1.1 20.1.1.1 30.1.1.1 Configure Address Serving (DHCP, BOOTP, etc.) here.
10-42 User’s Reference Guide option is automatically enabled if the AppleTalk kit is installed and IP Address Serving is enabled. ■ Select MacIP/KIP Static Options and press Return. The MacIP (KIP) Forwarding Setup screen tells the Netopia R2020 how many static addresses to allocate for MacIP/KIP clients. The addresses must fall within the address pool from the previous screen. You will need to enter the number of static MacIP addresses to reserve in this screen.
IPX Setup 11-1 Chapter 11 IPX Setup Internetwork Packet Exchange (IPX) is the network protocol used by Novell NetWare networks. This chapter shows you how to configure the Netopia R2020 for routing data using IPX. You also learn how to configure the router to serve IPX network addresses.
11-2 User’s Reference Guide IPX address An IPX address consists of a network number, a node number, and a socket number. An IPX network number is composed of eight hexadecimal digits. The network number must be the same for all nodes on a particular physical network segment. The node number is composed of twelve hexadecimal digits and is usually the hardware address of the interface card. The node number must be unique inside the particular IPX network.
IPX Setup 11-3 The following is a list of common SAP server types: Unknown 0000h Print Queue 0003h File Server 0004h Job Server 0005h Print Server 0007h Archive Server 0009h Remote Bridge Server 0024h Advertising Print Server 0047h Reserved Up To 8000h NetBIOS NetBIOS is a protocol that performs tasks related to the Transport and Session layers of the OSI model. It can operate over IPX, using a special broadcast packet known as “IPX Packet type 20” to communicate with IPX NetBIOS servers.
11-4 User’s Reference Guide To go to the IPX Setup screen, from the Main Menu select System Configuration and then select Network Protocols Setup and then select IPX Setup. Note: If you have completed Easy Setup, the information you have already entered will appear in the IP Setup options screen. IPX Setup IPX Routing: On Ethernet Encapsulation... Ethernet Network Address: 802.3 00000000 Ethernet Path Delay: Ethernet NetBios Forwarding: Ethernet Inbound SAP Filter Set...
IPX Setup 11-5 7. Select Default Gateway Address, and enter the network address of the IPX network to which all packets of unknown destination address should be routed. Note: The Default Gateway Address is usually set up to match the IPX Address in your network Connection Profile. 8. To configure filters and filter sets, select Filters and Filter Sets and go to the IPX filters and filter sets screens. For information on how to configure IPX filters and filter sets, see “IPX filters” on page 14-21. 9.
11-6 User’s Reference Guide To configure IPX routing in the answer profile, select IPX Parameters and go to the IPX Parameters (Default Answer Profile) screen. The items in this screen are similar to the IPX Profile Parameters items of the same name (see page 11-5). IPX Parameters (Default Answer Profile) NetBios Packet Forwarding: Incoming Outgoing Incoming Outgoing Off Packet Filter Set... Packet Filter Set... SAP Filter Set... SAP Filter Set... Detach Filter Sets...
IPX Setup 11-7 IPX routing tables Main Menu Statistics & Logs • IPX Routing Table • IPX SAP Bindery Table IPX routing tables provide information on current IPX routes and services. To go to the IPX Routing Table screen, select IPX Routing Table in the Routing Tables screen. This table shows detailed information about current IPX network routes.
11-8 User’s Reference Guide
AppleTalk Setup 12-1 Chapter 12 AppleTalk Setup This chapter discusses the concept of AppleTalk routing and how to configure AppleTalk Setup for a Netopia R2020 with the AppleTalk kit installed. AppleTalk support is available as a separate kit for the Netopia R2020 Dual Analog Router. Skip this chapter if you do not have the AppleTalk kit.
12-2 User’s Reference Guide If the cabling of your network were a street system, then a node address would correspond to a building’s street address. Node addresses are not permanent. Each AppleTalk device determines its node address at startup. Although a Macintosh that is starting up will try to use its previous address, the address will often be different upon restart.
AppleTalk Setup 12-3 MacIP When Macintosh computers encapsulate TCP/IP packets in AppleTalk, either because they are on LocalTalk or they are on EtherTalk for administrative reasons, they must use the services of a MacIP gateway. This gateway converts network traffic into the correct format for AppleTalk or IP, depending on the traffic’s destination. Setting up MacIP involves enabling the feature and optionally setting up a range of addresses to be static.
12-4 User’s Reference Guide You should set the Netopia R2020’s seeding action to work best in your particular network environment. These scenarios may guide you in deciding how to set the router’s seeding: ■ If the Netopia R2020 is the only router on your network, you must set it to either hard seeding or soft seeding. The default is soft seeding.
AppleTalk Setup 12-5 Main Menu System Configuration Upgrade Feature Set The Netopia Feature Set Upgrade screen appears. Netopia Feature Set Upgrade You may be able to extend the features of your Netopia by purchasing a 'Software Upgrade'. For a list of available upgrades, please see the release notes that came with your Netopia or visit the Netopia Communications web site at www.netopia.com.
12-6 User’s Reference Guide Configuring AppleTalk AppleTalk setup for Netopia R2020s consists of configuring EtherTalk, LocalTalk, and AURP. EtherTalk Setup To go to the EtherTalk Setup options screen, select Network Protocols Setup and then select AppleTalk Setup in the System Configuration screen. Select EtherTalk Phase ll Setup and press Return. EtherTalk Phase II Setup EtherTalk Phase II Enabled: Show Zones... Enter New Zone Name: Delete Zone Name... Set Default Zone... Net Low: Net Hi: Seeding...
AppleTalk Setup 12-7 EtherTalk Phase II port is visible to other AppleTalk nodes. The default zone is also where new AppleTalk nodes will appear. If you do not set a default zone, the first zone you create will be the default zone. ■ You can also set the range of EtherTalk Phase II network numbers. Select Net Low and enter the lower limit of the network number range. Select Net High and enter the upper limit of the range.
12-8 User’s Reference Guide As an alternative, you can set LocalTalk seeding to soft seeding and let the Netopia R2020 receive the zone name and network number from the other router. ■ Select LocalTalk Network Number and enter the desired network number. ■ Select Seeding. From the pop-up menu, choose the type of seeding for the Netopia R2020’s LocalTalk port to use (see “Routers and seeding” on page 12-3). You have finished configuring LocalTalk.
AppleTalk Setup 12-9 Site A has an AURP tunnel to site B. Both sides have multiple zones defined on the EtherTalk port and a unique zone on their LocalTalk ports. If side A has indicated one of its EtherTalk zones is the Free Trade Zone and has opted to use the Free Trade Zone option for its tunnel to B, then only this Free Trade Zone will show up on side B and only those machines or services in the Free Trade Zone will be accessible to side B. All of side A will be able to see all of side B.
12-10 User’s Reference Guide Deleting an AURP partner ■ To delete an AURP partner, select Delete Partner in the AURP Setup screen and press Return to display a table of existing partners. Use the Up and Down Arrow keys to select an AURP partner, then press Return to delete it. Press the Escape key to exit without deleting a partner.
AppleTalk Setup 12-11 Raising the tickle packet interval does not ensure that the AURP tunnel is dropped or not brought up. If any application on the local network generates AppleTalk traffic destined for the network at the remote end of the AURP tunnel, the tunnel remains up. For example, if a host on the local network connects to a host on the remote network using remote access software, the AURP tunnel remains up.
12-12 User’s Reference Guide
Monitoring Tools 13-1 Chapter 13 Monitoring Tools This chapter discusses the Netopia R2020’s device and network monitoring tools. These tools can provide statistical information, report on current network status, record events, and help in diagnosing and locating problems.
13-2 User’s Reference Guide General Status Quick View Default IP Gateway: 127.0.0.2 Domain Name Server: 0.0.0.0 Domain Name: netopia.com 6/17/1999 04:40:47 PM CPU Load: 10% Unused Memory: 541 KB Accounting: Router remaining: 60:00 LocalTalk Address: 34448:149 Current WAN Port: Auxiliary Port ----------------------IP Address-------IPX Address---EtherTalk------------------Ethernet Hub: 192.163.1.1 34449: 150 Current WAN Connection Status Profile Name----------State-%Use-Remote Address-----Est.
Monitoring Tools 13-3 Current Status The current status section is a table showing the current status of the WAN. For example: WAN Status Current WAN Connection Status ---Profile Name------State---%Use-Remote Address----Est.-More Info---------ISP P1 10 IP 92.163.4.1 Lcl NAT 192.163.100.6 Profile Name: Lists the name of the connection profile being used, if any. State: Lists the ports in use for this connection.
13-4 User’s Reference Guide Statistics & Logs Main Menu Statistics & Logs General Statistics When you are troubleshooting your Netopia R2020, the Statistics screens provide insight into the recent event activities of the Router. From the Main Menu go to Statistics & Logs and select one of the options described in the sections below. General Statistics To go to the General Statistics screen, select General Statistics in the Statistics & Logs screen.
Monitoring Tools 13-5 The right side of the table lists the total number of occurrences of each of five types of communication statistics: EN Rx Packets: The number of Ethernet packets received. EN Rx Errors: The number of bad Ethernet packets received. EN Collisions: An error occurring when Ethernet packets are transmitted simultaneously by nodes on the LAN.
13-6 User’s Reference Guide WAN Event History The WAN Event History screen lists a total of 128 events on the WAN. The most recent events appear at the top. To go to the WAN Event History screen, select WAN Event History in the Statistics & Logs screen.
Monitoring Tools 13-7 Device Event History The Device Event History screen lists a total of 128 port and system events, giving the time and date for each event, as well as a brief description. The most recent events appear at the top. To go to the Device Event History screen, select Device Event History in the Statistics & Logs screen.
13-8 User’s Reference Guide Statistics & Logs WAN Event History... Device Event History... IP Routing Table... IPX Routing Table... IPX SAP Bindery Table... AppleTalk Routing Table... Served IP Addresses... General Statistics... System Information... IP routing table The IP routing table displays all of the IP routes currently known to the Netopia R2020. To display the IP Routing Table screen, select IP Routing Table in the Statistics & Logs screen and press Return.
Monitoring Tools 13-9 To display the IPX Routing Table screen, select IPX Routing Table in the Statistics & Logs screen and press Return. IPX Sap Bindery table The IPX Sap Bindery table displays all of the IPX Sap Bindery routes currently known to the Netopia R2020. To display the IPX SAP Bindery Table screen, select IPX Sap Bindery Table in the Statistics & Logs screen and press Return.
13-10 User’s Reference Guide (Def) Zone Name: Displays the zone or zones associated with the specified network or network range. The zone name shown is either the only zone or the default zone name for an extended network. To see the complete list of zones for an extended network with multiple zones, select the entry in the table and press the Return key. Press the Return key again to close the list of zones. Hops: Displays the number of routers between the Netopia R2020 and the specified network.
Monitoring Tools 13-11 The IP Address Lease Management screen appears. IP Address Lease Management Reset All Leases Release BootP Leases Reclaim Declined Addresses Hit RETURN/ENTER, you will return to the previous screen.
13-12 User’s Reference Guide System Information The System Information screen gives a summary view of the general system level values in the Netopia R2020 Dual Analog Router. From the Statistics & Logs menu select System Information. The System Information screen appears. System Information Serial Number Firmware Version 70-03-48 (7340872) 4.
Monitoring Tools 13-13 The SNMP Setup screen To go to the SNMP Setup screen from the Main Menu, select SNMP in the System Configuration screen and press Return. Main Menu System Configuration SNMP SNMP Setup System Name: System Location: System Contact: Read-Only Community String: Read/Write Community String: public private Authentication Traps Enable: Off IP Trap Receivers... Configure optional SNMP parameters from here. Follow these steps to configure the first three items in the screen: 1.
13-14 User’s Reference Guide By default, the read-only and read/write community strings are set to “public” and “private,” respectively. You should change both of the default community strings to values known only to you and trusted system administrators. To change a community string, select it and enter a new value. Starting with the version 4.3 firmware, setting the Read-Only and Read-Write community strings to the empty string will block all SNMP requests to the router.
Monitoring Tools 13-15 IP Trap Receivers Display/Change IP Trap Receiver... Add IP Trap Receiver... Delete IP Trap Receiver... Return/Enter to modify an existing Trap Receiver. Navigate from here to view, add, modify and delete IP Trap Receivers. Setting the IP trap receivers 1. Select Add IP Trap Receiver. 2. Select Receiver IP Address or Domain Name. Enter the IP address or domain name of the SNMP manager you want to receive the trap. 3.
13-16 User’s Reference Guide
Security 14-1 Chapter 14 Security The Netopia R2020 provides a number of security features to help protect its configuration screens and your local network from unauthorized access. Although these features are optional, it is strongly recommended that you use them. This section covers the following topics: ■ “Suggested security measures” on page 14-1, lists actions for blocking potential security holes.
14-2 User’s Reference Guide User accounts When you first set up and configure the Netopia R2020, no passwords are required to access the configuration screens. Anyone could tamper with the router’s configuration by simply connecting it to a console. However, by adding user accounts, you can protect the most sensitive screens from unauthorized access. User accounts are composed of name/password combinations that can be given to authorized users.
Security 14-3 To display a view-only list of user accounts, select Show Users in the Security Options screen. To add a new user account, select Add User in the Security Options screen and press Return to go to the Add Name With Write Access screen. Add Name With Write Access Enter Name: Enter Password (11 characters max): ADD NAME/PASSWORD NOW CANCEL Follow these steps to configure the new account: 1. Select Enter Name and enter a descriptive name (for example, the user’s first name). 2.
14-4 User’s Reference Guide Enable SmartStart/Web Server You may wish to restrict access to the web-based screens to prevent inadvertent switching or connecting and disconnecting of Connection Profiles. Since SmartStart can be used to reconfigure the router, you may wish to block inadvertent damage resulting from unauthorized use of SmartStart. To prevent access to these features toggle this option to “No”.
Security 14-5 How filter sets work A filter set acts like a team of customs inspectors. Each filter is an inspector through which incoming and outgoing packages must pass. The inspectors work as a team, but each inspects every package individually. Each inspector has a specific task. One inspector’s task may be to examine the destination address of all outgoing packages.
14-6 User’s Reference Guide packet first filter match? no send to next filter yes pass or discard? discard (delete) pass to network If the package does not match the first inspector’s criteria, it goes to the second inspector, and so on. You can see that the order of the inspectors in the line is very important. For example, let’s say the first inspector’s orders are to send along all packages that come from Rome, and the second inspector’s orders are to reject all packages that come from France.
Security 14-7 How individual filters work As described above, a filter applies criteria to an IP packet and then takes one of three actions: A filter’s actions ■ Passes the packet to the local or remote network ■ Blocks (discards) the packet ■ Ignores the packet A filter passes or blocks a packet only if it finds a match after applying its criteria. When no match occurs, the filter ignores the packet. The criteria are based on information contained in the packets.
14-8 User’s Reference Guide Internet service FTP TCP port 20/21 Internet service TCP port Finger 79 Telnet 23 World Wide Web 80 SMTP (mail) 25 News 144 Gopher 70 rlogin 513 Internet service UDP port Internet service UDP port Who Is 43 AppleTalk Routing Maintenance (at-rtmp) 202 World Wide Web 80 AppleTalk Name Binding (at-nbp) 202 SNMP 161 AURP (AppleTalk) 387 TFTP 69 who 513 Port number comparisons A filter can also use a comparison option to evaluate a packet’s sourc
Security 14-9 Putting the parts together When you display a filter set, its filters are displayed as rows in a table: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ | 1 192.211.211.17 0.0.0.0 TCP 0 23 Yes No | | 2 0.0.0.0 0.0.0.0 TCP NC =6000 Yes No | | 3 0.0.0.0 0.0.0.0 ICMP --Yes Yes | | 4 0.0.0.0 0.0.0.0 TCP NC >1023 Yes Yes | | 5 0.0.0.0 0.0.0.
14-10 User’s Reference Guide Filtering example #1 Returning to our filtering rule example from above (see page 14-7), look at how a rule is translated into a filter. Start with the rule, then fill in the filter’s attributes: 1. The rule you want to implement as a filter is: Block all Telnet attempts that originate from the remote host 199.211.211.17. 2. The host 199.211.211.17 is the source of the Telnet packets you want to block, while the destination address is any IP address.
Security 14-11 +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ | 1 200.233.14.0 0.0.0.0 0 Yes No | | | +----------------------------------------------------------------------+ This filter blocks any packets coming from a remote network with the IP network address 200.233.14.0. The 0 at the end of the address signifies any host on the class C IP network 200.233.14.0.
14-12 User’s Reference Guide An approach to using filters The ultimate goal of network security is to prevent unauthorized access to the network without compromising authorized access. Using filter sets is part of reaching that goal. Each filter set you design will be based on one of the following approaches: ■ That which is not expressly prohibited is permitted. ■ That which is not expressly permitted is prohibited.
Security 14-13 3. View, change, or delete individual filters and filter sets. The sections below explain how to execute these steps. Adding a filter set You can create up to eight different custom filter sets. Each filter set can contain up to 16 output filters and up to 16 input filters. To add a new filter set, select Add IP Filter Set in the IP Filter Sets screen and press Return to go to the Add Filter Set screen.
14-14 User’s Reference Guide Input and output filters—source and destination There are two kinds of filters you can add to a filter set: input and output. Input filters check packets received from the Internet, destined for your network. Output filters check packets transmitted from your network to the Internet.
Security 14-15 Add Filter Enabled: Forward: No No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: 0 Source Port Compare... Source Port ID: Dest. Port Compare... Dest. Port ID: No Compare 0 No Compare 0 ADD THIS FILTER NOW CANCEL Enter the IP specific information for this filter. 1. To make the filter active in the filter set, select Enabled and toggle it to Yes.
14-16 User’s Reference Guide 10. When you are finished configuring the filter, select ADD THIS FILTER NOW to save the filter in the filter set. Select CANCEL to discard the filter. Viewing filters To display a view-only table of input (output) filters, select Display/Change Input Filters (Display/Change Output Filters) in the Add IP Filter Set screen.
Security 14-17 Modifying filter sets To modify a filter set, select Display/Change Filter Set in the Filter Sets screen to display a list of filter sets. Select a filter set from the list and press Return to go to the Change IP Filter Set screen. The items in this screen are the same as the ones in the Add Filter screen (see “Adding filters to a filter set” on page 14-14). Change IP Filter Set Filter Set Name: Basic Firewall Display/Change Input Filter... Add Input Filter... Delete Input Filter...
14-18 User’s Reference Guide The five input filters and one output filter that make up Basic Firewall are shown in the table below. Input filter 1 Input filter 2 Input filter 3 Input filter 4 Input filter 5 Enabled Yes Yes Yes Yes Yes Yes Forward No No Yes Yes Yes Yes Source IP address 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Source IP address mask 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Dest. IP address 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.
Security 14-19 Basic Firewall is suitable for a LAN containing only client hosts that wish to access servers on the WAN, not for a LAN containing servers providing services to clients on the WAN. Basic Firewall’s general strategy is to explicitly pass WAN-originated TCP and UDP traffic to ports greater than 1023. Ports lower than 1024 are the service origination ports for various Internet services such as FTP, Telnet, and the World Wide Web (WWW).
14-20 User’s Reference Guide FTP sessions. To allow WAN-originated FTP sessions to a LAN-based FTP server with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243), insert the following input filter ahead of the current input filter 1: ■ Enabled: Yes ■ Forward: Yes ■ Source IP Address: 0.0.0.0 ■ Source IP Address Mask: 0.0.0.0 ■ Dest. IP Address: a.b.c.d ■ Dest. IP Address Mask: 255.255.255.
Security 14-21 IPX filters Main Menu System Configuration Filter Sets (Firewalls) IPX Filters and Filter Sets IPX packet filters work very similarly to IP packet filters. They filter data traffic coming from or going to remote IPX networks. IPX filters can be set up to pass or discard IPX packets based on a number of user-defined criteria. Like IP filters, IPX filters must be grouped in sets that are applied to the answer profile or to connection profiles.
14-22 User’s Reference Guide The items in the IPX Filters and Filter Sets screen are grouped into four areas: ■ IPX packet filters ■ IPX packet filter sets ■ IPX SAP filters ■ IPX SAP filter sets The following sections explain the items in each of these areas. IPX packet filters For each IPX packet filter, you can configure a set of parameters to match on the source or destination attributes of IPX data packets coming from or going to the WAN.
Security 14-23 1. Select Filter Name and enter a descriptive name for the filter. 2. To specify a source network for the filter to match on, select Source Network and enter an IPX network address. 3. To specify a source node for the filter to match on, select Source Node Address and enter an IPX node address. 4. To specify a source socket for the filter to match on, select Source Socket and enter an IPX source socket number. 5.
14-24 User’s Reference Guide Add Packet Filter Set Filter Set Name: Show Filters/Change Action on Match... Append Filter... Remove Filter... ADD FILTER SET NOW CANCEL Configure an IPX Filter Set here. You must ADD FILTER SET NOW to save. Follow these steps to configure the new packet filter set: 1. Select Filter Set Name and enter a descriptive name for the filter set. 2.
Security 14-25 3. To add a filter to the filter set, select Append Filter to display a table of filters. Select a filter from the table and press Return to add it to the filter set. The default action of newly added filters is to not forward packets that match their criteria. To exit the table without adding the filter, press the Escape key. 4. To remove a filter from the filter set, select Detach Filter to display a table of appended filters.
14-26 User’s Reference Guide Adding a SAP filter To add a new IPX SAP filter, select Add IPX SAP Filter in the IPX Filters and Filter Sets screen and press Return to go to the Add SAP Filter screen. Add Sap Filter Filter Name: Server Name: Socket: 0000 Type: 0000 IPX Network: IPX Node Address: 00000000 000000000000 ADD FILTER NOW CANCEL Configure a new IPX SAP Filter. Finished? ADD or CANCEL to exit.
Security 14-27 Deleting a SAP filter To delete a SAP filter, select Delete IPX SAP filter in the IPX Filters and Filter Sets screen to display a table of filters. Select a filter from the table and press Return to delete it. Press the Escape key to exit the table without deleting the filter. IPX SAP filter sets Before IPX SAP filters can be used, they must be grouped into sets. A SAP filter can be part of more than one filter set.
14-28 User’s Reference Guide Show Filters/Change Actions on Match Filter Name---------------------Forward Filter 1 No Filter 2 No <> Yes Set whether filters forward or drop matching packets here. Select a filter and toggle the entry forwarding action to Yes (pass) or No (discard). 3. To add a filter to the filter set, select Append Filter to display a table of filters. Select a filter from the table and press Return to add it to the filter set.
Security 14-29 Host: A workstation on the Network. Packet: Unit of communication on the Internet. Packet Filter: Packet filters allow or deny packets based on source or destination IP addresses, TCP or UDP ports, or the TCP ACK bit. Port: A number that defines a particular type of service. Filter Rule: A filter set is comprised of individual filter rules. Filter Set: A grouping of individual filter rules.
14-30 User’s Reference Guide 80 WWW 144 News Firewall design rules There are two basic rules to firewall design: ■ “What is not explicitly allowed is denied...” and ■ “What is not explicitly denied is allowed...” The first rule is far more secure, and is the best approach to firewall design. It is far easier (and more secure) to allow in or out only certain services and deny anything else. If the other rule is used, you would have to figure out everything that you want to disallow, now and future.
Security 14-31 Logical ANDing When a packet is compared (in most cases) a logical AND is performed. First the IP addresses and subnet masks are converted to binary and then ANDed together. The rules for logical ANDing are as follows: 0 AND 0 = 0 0 AND 1 = 0 1 AND 0 = 0 1 AND 1 = 1 For example: Filter rule: Deny IP: 163.176.1.15 BINARY: 10100011.10110000.00000001.00001111 Mask: 255.255.255.255 BINARY: 11111111.11111111.11111111.11111111 Incoming Packet: IP 163.176.1.15 BINARY: 10100011.10110000.
14-32 User’s Reference Guide Example IP Filter Set Screen This is an example of the Netopia IP filter set screen: Change Filter Enabled: Forward: Yes No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: TCP Source Port Compare... Source Port ID: Dest. Port Compare... Dest. Port ID: Established TCP Conns. Only: No Compare 0 Equal 2000 No Return/Enter accepts * Tab toggles * ESC cancels.
Security 14-33 Example Network Incoming Packet Filter Netopia Internet IP: 200.1.1.?? DATA Example Filters Example 1 Filter Rule: 200.1.1.0 (Source IP Network Address) 255.255.255.128 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.28 IP Address Binary Representation 200.1.1.28 00011100 (Source address in incoming IP packet) 10000000 (Perform the logical AND) 00000000 (Logical AND result) AND 255.255.255.
14-34 User’s Reference Guide Example 2 Filter Rule: 200.1.1.0 (Source IP Network Address) 255.255.255.128 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.184 IP Address Binary Representation 200.1.1.184 10111000 (Source address in incoming IP packet) 10000000 (Perform the logical AND) 10000000 (Logical AND result) AND 255.255.255.
Security 14-35 Example 4 Filter Rule: 200.1.1.96 (Source IP Network Address) 255.255.255.240 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.104 IP Address Binary Representation 200.1.1.104 01101000 (Source address in incoming IP packet) 11110000 (Perform the logical AND) 01100000 (Logical AND result) AND 255.255.255.
14-36 User’s Reference Guide Token Security Authentication This section discusses how to configure and use security authentication on the Netopia R2020. Note: The security authentication feature only applies to Netopia R2020 models connecting over a dial-up line using the PPP-PAP-TOKEN or PPP-CACHE-TOKEN authentication protocol. Securing network environments Unauthorized tampering or theft of information on internal networks causes serious ramifications, given the reliance on information systems.
Security 14-37 The Netopia R2020 supports the following user configurations for security authentication: ■ Single user, calling a single destination (single session) ■ Single user, calling multiple destinations (two simultaneous and separate sessions) ■ Multiple users, calling a single destination (single session) ■ Multiple users, calling multiple destinations (two simultaneous and separate sessions Security authentication components To properly identify and authenticate an authorized user, the fol
14-38 User’s Reference Guide Datalink (PPP/MP) Options Data Compression... Ascend LZS Send Authentication... PAP-TOKEN Send User Name: Receive User Name: Receive Password: Channel Usage... Dynamic Bandwidth Allocation... Auto Maximum Packet Size: 1500 In this Screen you will configure the PPP/MP specific connection params. 2. Select Send Authentication and press Return. From the pop-up menu, highlight PAP-TOKEN or CACHE-TOKEN.
Security 14-39 Utilities & Diagnostics Ping... Trace Route... Telnet... Secure Authentication Monitor... Trivial File Transfer Protocol (TFTP)... X-Modem File Transfer... Revert to Factory Defaults... Restart System... 1. Select Secure Authentication Monitor and press Return. The Secure Authentication Monitor screen appears. 2. Wait for the call to initiate. Secure Authentication Monitor Current Connection Status Profile Name---State---%Use---Remote Address---Est.
14-40 User’s Reference Guide Note: When using CACHE-TOKEN, your passcode is valid for a time interval determined by the network administrator. When this time interval expires, you must provide a new passcode for the call negotiation. When using PAP-TOKEN, your passcode is valid for one call negotiation. For a second call negotiation, you must enter the next passcode provided by the security authentication token card every 60 seconds.
Utilities and Diagnostics 15-1 Chapter 15 Utilities and Diagnostics A number of utilities and tests are available for system diagnostic and control purposes: ■ “Ping” on page 15-2 ■ “Trace Route” on page 15-5 ■ “Telnet client” on page 15-6 ■ “Secure Authentication Monitor” on page 15-6 ■ “Disconnect Telnet Console Session” on page 15-7 ■ “Transferring configuration and firmware files with TFTP” on page 15-7 ■ “Transferring configuration and firmware files with XMODEM” on page 15-10 ■ “Factor
15-2 User’s Reference Guide Ping The Netopia R2020 includes a standard Ping test utility. A Ping test generates IP packets destined for a particular (Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender. Ping allows you to see whether a particular IP destination is reachable from the Netopia R2020. You can also ascertain the quality and reliability of the connection to the desired destination by studying the Ping test’s statistics.
Utilities and Diagnostics 15-3 While the Ping test is running, and when it is over, a status field and a number of statistical items are active on the screen. These are described below. Status: The current status of the Ping test.
15-4 User’s Reference Guide time send Ping packet 1 Netopia receive Ping packet 1 send return Ping packet 1 Netopia Netopia send Ping packet 2 send return Ping packet 2 Netopia send Ping packet 3 host host receive return Ping packet 2 receive Ping packet 3 send return Ping packet 3 Netopia host receive return Ping packet 1 receive Ping packet 2 Netopia host host host receive return Ping packet 3 Packets Lost: The number of packets unaccounted for, shown in total and as a percentage of total
Utilities and Diagnostics 15-5 Trace Route You can count the number of routers between your Netopia Router and a given destination with the Trace Route utility. Select Trace Route in the Statistics & Diagnostics screen and press Return to go to the Trace Route screen. Trace Route Host Name or IP Address: Maximum Hops: Timeout (seconds): 30 5 Use Reverse DNS: Yes START TRACE ROUTE Enter the IP Address/Domain Name of a host. Trace route to a network host. To trace a route, follow these steps: 1.
15-6 User’s Reference Guide Telnet client The Telnet client mode replaces the normal menu mode. Telnet sessions can be cascaded, that is, you can initiate a Telnet client session when using a Telnet console session. To activate the Telnet client, select Telnet from the Utilities & Diagnostics menu. The Telnet client screen appears. Telnet Host Name or IP Address: Control Character to Suspend: Q START A TELNET SESSION Enter the IP Address/Domain Name of a host.
Utilities and Diagnostics 15-7 Disconnect Telnet Console Session If you want to close your Telnet Console session, select Disconnect Telnet Console Session and press Return. A dialog box appears asking you to cancel or continue your selection.
15-8 User’s Reference Guide Trivial File Transfer Protocol (TFTP) TFTP Server Name: Firmware File Name: GET FIRMWARE FROM SERVER... GET MODEM FIRMWARE FROM SERVER... Config File Name: GET CONFIG FROM SERVER... SEND CONFIG TO SERVER... TFTP Transfer State -- Idle TFTP Current Transfer Bytes -- 0 The sections below describe how to update the Router’s firmware and how to download and upload configuration files.
Utilities and Diagnostics 15-9 name (for example, bigroot/config/myfile). ■ Select Send Firmware to Netopia from TFTP Server and press Return. You will see the following dialog box: +-----------------------------------------------------------+ +-----------------------------------------------------------+ | | | Are you sure you want to read the firmware now? | | The device will reset when the transfer is complete.
15-10 User’s Reference Guide example, bigroot/config/myfile). ■ Select Read Config Now and press Return. You will see the following dialog box: +-----------------------------------------------------------+ +-----------------------------------------------------------+ | | | Are you sure you want to read the configuration now? | | The device will reset when the transfer is complete.
Utilities and Diagnostics 15-11 X-Modem File Transfer Send Firmware to Netopia... Send Config to Netopia... Receive Config from Netopia... Send Firmware to Netopia Internal modem... Modem Firmware Status: IDLE Updating firmware Firmware updates may be available periodically from Netopia or from a site maintained by your organization’s network administration. The procedure below applies whether you are using the console or the built-in modems. Follow these steps to update the Netopia R2020’s firmware: 1.
15-12 User’s Reference Guide The system will reset at the end of a successful file transfer to put the new firmware into effect. While the system resets, the LEDs will blink on and off. Caution! Do not manually power down or reset the Netopia R2020 while it is automatically resetting or it could be damaged. Downloading configuration files The Netopia R2020 can be configured by downloading a configuration file. The downloaded file reconfigures all of the Router’s parameters.
Utilities and Diagnostics 15-13 1. Decide on a name for the file and a path for saving it. 2. Select Receive Config from Netopia and press Return. The following dialog box appears: +--------------------------------------------------------------------+ | | | Are you sure you want to save your current Netopia configuration? | | If so, when you hit Return/Enter on the CONTINUE button, you will | | have 10 seconds to begin the transfer from your terminal program.
15-14 User’s Reference Guide
Part III: Appendixes
User’s Reference Guide
Troubleshooting A-1 Appendix A Troubleshooting This appendix is intended to help you troubleshoot problems you may encounter while setting up and using the Netopia R2020. It also includes information on how to contact Netopia Technical Support. Important information on these problems may be found in the event histories kept by the Netopia R2020. These event histories can be accessed in the Statistics, Utilities, Tests screen.
A-2 User’s Reference Guide SmartStart Troubleshooting The Status field of the SmartStart application will display information and indicate problems as they are detected. Console connection problems Can’t see the configuration screens (nothing appears) ■ Check the cable connection from the Netopia R2020’s console port to the computer being used as a console. ■ Check that the terminal emulation software is accessing the correct port on the computer that’s being used as a console.
Troubleshooting A-3 Power outages If you suspect that power was restored after a power outage, and the Netopia R2020 is connected to a remote site, you may need to switch the Netopia R2020 off and then back on again. After temporary power outages, a connection that still seems to be up may actually be disconnected. Rebooting the Router should reestablish the connection. Technical support Netopia, Inc.
A-4 User’s Reference Guide Phone: 1 800-782-6449 Fax: 1 510-814-5023 Netopia, Inc. Customer Service 2470 Mariner Square Loop Alameda, California 94501 USA Netopia Bulletin Board Service: 1 510-865-1321 Online product information Product information can be found in the following: Netopia World Wide Web server via http://www.netopia.com Internet via anonymous FTP to ftp.netopia.
Setting Up Internet Services B-1 Appendix B Setting Up Internet Services This chapter describes how to obtain and set up Internet Services. This section covers the following topics: ■ “Finding an Internet service provider” on page B-1 ■ “Deciding on an ISP account” on page B-2 ■ “Obtaining information from the ISP” on page B-3 Note: Some companies act as their own ISP.
B-2 User’s Reference Guide Unique requirements Make sure the ISP can meet any unique requirements you may have. Potential requirements include: ■ Dynamic or static IP addressing ■ Class C IP address ■ Custom domain name ■ Multiple email addresses ■ Web site hosting ■ Call back for web site hosting at your site Pricing and support Compare pricing, service, and technical support service among various ISPs.
Setting Up Internet Services B-3 Consider expected growth in your network when deciding on the number of addresses to obtain. Alternatively, you may use the Network Address Translation feature of SmartIP. SmartIP™ The Netopia R2020 with Dual Analog supports the SmartIP™ feature which includes Network Address Translation. Network Address Translation provides Internet access to the network connected to the Netopia R2020 using only a single IP address.
B-4 User’s Reference Guide in the address block ■ The Ethernet IP address for your Netopia R2020 ■ The Ethernet IP subnet mask address for your Netopia R2020 ■ The Default Gateway IP Address (same as Remote IP Address in most cases) ■ Primary and Secondary Domain Name Server IP Addresses ■ Domain Name (usually the same as the ISP’s domain name unless you have registered for your own individual domain name) Note: If you are not using Network Address Translation, you will need to obtain all of the L
Understanding IP Addressing C-1 Appendix C Understanding IP Addressing This appendix is a brief general introduction to IP addressing. A basic understanding of IP will help you in configuring the Netopia R2020 and using some of its powerful features, such as static routes and packet filtering. In packets, a header is part of the envelope information that surrounds the actual data being transmitted. In e-mail, a header is usually the address and routing information found at the top of messages.
C-2 User’s Reference Guide IP addresses indicate both the identity of the network and the identity of the individual host on the network. The number of bits used for the network number and the number of bits used for the host number can vary, as long as certain rules are followed. The local network manager assigns IP host numbers to individual machines. IP addresses are maintained and assigned by the InterNIC, a quasi-governmental organization now increasingly under the auspices of private industry.
Understanding IP Addressing C-3 Subnet masks To create subnets, the network manager must define a subnet mask, a 32-bit number that indicates which bits in an IP address are used for network and subnetwork addresses, and which are used for host addresses. One subnet mask should apply to all IP networks that are physically connected together and share a single assigned network number.
C-4 User’s Reference Guide Network configuration Below is a diagram of a simple network configuration. The ISP is providing a Class C address to the customer site, and both networks A and B want to gain Internet access through this address. Netopia R2020 B connects to Netopia R2020 A and is provided Internet access through Routers A and B. Customer Site A PC 1: IP Address: 192.168.1.3 Subnet Mask: 255.255.255.128 Gateway: 192.168.1.1 Router B: ISP Network Router A: IP Address: 10.0.0.1 Subnet Mask: 255.
Understanding IP Addressing C-5 Background The IP Addresses and routing configurations for the devices shown in the diagram are outlined below. In addition, each individual field and its meaning are described. The “IP Address” and “Subnet Mask” fields define the IP Address and Subnet Mask of the device's Ethernet connection to the network while the “Remote IP” and “Remote Sub” fields describe the IP Address and Subnet mask of the remote router.
C-6 User’s Reference Guide There are two schemes for distributing the remaining IP addresses: ■ Manually give each computer an address ■ Let the Netopia R2020 automatically distribute the addresses These two methods are not mutually exclusive; you can manually issue some of the addresses while the rest are distributed by the Netopia R2020. Using the Router in this way allows it to function as an address server.
Understanding IP Addressing C-7 Number of Devices (other than Netopia R2020) on Local Network Largest Possible Ethernet Subnet Mask 30-61 255.255.255.192 62-125 255.255.255.128 125-259 255.255.255.0 Configuration This section describes the specific IP address lease, renew, and release mechanisms for both the Mac and PC, with either DHCP or MacIP address serving. DHCP Address Serving Windows 95 Workstation: ■ The Win95 workstation requests and renews its lease every half hour.
C-8 User’s Reference Guide one hour after the last heard lease request as some other DHCP implementations may hold on to the lease for an additional time after the lease expired, to act as a buffer for variances in clocks between the client and server. MacIP Serving Macintosh Workstation (MacTCP or Open Transport): Once the Mac workstation requests and receives a valid address, the Netopia R2020 will actively check for the workstation’s existence once every minute.
Understanding IP Addressing C-9 In any situation where a device is dialing into a Netopia router, the router may need to be configured to serve IP via the WAN interface. This is only a requirement if the calling device has not been configured locally to know what its address(es) are. So when a client, dialing into a Netopia router's WAN interface, is expecting addresses to be served by the answering router, you must set the answering Netopia router to serve IP via its WAN interface.
C-10 User’s Reference Guide 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Block of IP host addresses (derived from network IP address + mask issued by ISP) 1 Distributed to the Netopia R2020 (Ethernet IP address) 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Manually distributed (static) Pool of Addresses Distributed by MacIP and DHCP The figure above shows an example of a block of IP addresses being distributed correctly.
Understanding IP Addressing C-11 Nested IP subnets Under certain situations, you may wish to create remote subnets from the limited number of IP addresses issued by your ISP or other authority. You can do this using connection profiles. These subnets can be nested within the range of IP addresses available to your network. For example, suppose that you obtain the Class C network address a.b.c.0 to be distributed among three networks.
C-12 User’s Reference Guide Routers B and C (which could also be Netopia R2020s) serve the two remote networks that are subnets of a.b.c.0. The subnetting is accomplished by configuring the Netopia R2020 with connection profiles for Routers B and C (see the following table). Connection profile Remote IP address Remote IP mask Bits available for host address for Router B a.b.c.128 255.255.255.192 7 for Router C a.b.c.248 255.255.255.
Understanding IP Addressing C-13 The following diagram illustrates the IP address space taken up by the two remote IP subnets. You can see from the diagram why the term nested is appropriate for describing these subnets. 1 Address range available to a.b.c.0, less the two nested subnets 129 valid addresses used by a.b.c.128 190 valid addresses used by a.b.c.248 249 254 Broadcasts As mentioned earlier, binary IP host or subnet addresses composed entirely of ones or zeros are reserved for broadcasting.
C-14 User’s Reference Guide
Binary Conversion Table D-1 Appendix D Binary Conversion Table This table is provided to help you choose subnet numbers and host numbers for IP and MacIP networks that use subnetting for IP addresses.
D-2 User’s Reference Guide Decimal Binary Decimal Binary Decimal Binary Decimal Binary 128 10000000 160 10100000 192 11000000 224 11100000 129 10000001 161 10100001 193 11000001 225 11100001 130 10000010 162 10100010 194 11000010 226 11100010 131 10000011 163 10100011 195 11000011 227 11100011 132 10000100 164 10100100 196 11000100 228 11100100 133 10000101 165 10100101 197 11000101 229 11100101 134 10000110 166 10100110 198 11000110 230 111001
Further Reading E-1 Appendix E Further Reading Angell, David. ISDN for Dummies, Foster City, CA: IDG Books Worldwide, 1995. Thorough introduction to ISDN for beginners. Apple Computer, Inc. AppleTalk Network System Overview. Reading, Massachusetts: Addison-Wesley Publishing Company, Inc.; 1989. Apple Computer, Inc. Planning and Managing AppleTalk Networks. Reading, Massachusetts: Addison-Wesley Publishing Company, Inc.; 1991. Black, U. Data Networks: Concepts, Theory and Practice.
E-2 User’s Reference Guide Hares, S. "Components of OSI: Inter-Domain Routing Protocol (IDRP)." ConneXions: The Interoperability Report, Vol. 6, No. 5: May 1992. Jones, N.E.H. and D. Kosiur. Macworld Networking Handbook. San Mateo, California: IDG Books Worldwide, Inc.; 1992. Joyce, S.T. and J.Q. Walker II. "Advanced Peer-to-Peer Networking (APPN): An Overview." ConneXions: The Interoperability Report, Vol. 6, No. 10: October 1992. Kousky, K. "Bridging the Network Gap." LAN Technology, Vol. 6, No.
Further Reading E-3 Rose, M.T. The Open Book: A Practical Perspective on OSI. Englewood Cliffs, New Jersey: Prentice Hall; 1990. Rose, M.T. The Simple Book: An Introduction to Management of TCP/IP-based Internets. Englewood Cliffs, New Jersey: Prentice Hall; 1991. Ross, F.E. "FDDI--A Tutorial." IEEE Communications Magazine, Vol. 24, No. 5: May 1986. Schlar, S.K. Inside X.25: A Manager's Guide. New York, New York: McGraw-Hill, Inc.; 1990. Schwartz, M.
E-4 User’s Reference Guide
Technical Specifications and Safety Information F-1 Appendix F Technical Specifications and Safety Information Pinouts for Auxiliary Port Modem Cable 1300 ohms 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Shield 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Shield BRAID HD-15 DB-25 Pin 1 Ground Pin 1 (not used) Pin 2 TDA Pin 2 TD Pin 3 TDB Pin 3 RD Pin 4 RDA Pin 4 RTS Pin 5 RDB Pin 5 CTS Pin 6 (not used) Pin 6 DCE Ready Pin 7 DTR Pin 7 Ground Pin 8 CTS Pin 8
F-2 User’s Reference Guide HD-15 DB-25 Pin 9 DSR Pin 9 -RSET (EIA-530) Pin 10 DCD Pin 10 (not used) Pin 11 (not used) Pin 11 -TSET (EIA-530) Pin 12 TCA Pin 12 (not used) Pin 13 TCB Pin 13 (not used) Pin 14 RCA Pin 14 -TD (EIA-530) STD (EIA-232) Pin 15 RCB Pin 15 (not used) Pin 16 -RD (EIA-530) SRD (EIA-232) Pin 17 RSET Pin 18 (not used) Pin 19 -RTS (EIA-530) SRTS (EIA-232) Pin 20 DTE Ready Pin 21 (not used) Pin 22 (not used) Pin 23 Ground Pin 24 TSET Pin 25 (
Technical Specifications and Safety Information F-3 Software and protocols Software media: Software preloaded on internal flash memory; field upgrades done via download to internal flash memory via XMODEM or TFTP Routing: TCP/IP Internet Protocol Suite, RIP, AppleTalk*, LocalTalk-to-Ethernet routing*, AURP tunneling*, MacIP*, IPX * optional add-on feature WAN support: PPP, MP, HDLC Security: PAP, CHAP, PAP-TOKEN, CACHE-TOKEN, callback, SecurID, IP/IPX firewalls, UI password security, and CallerID SNMP netw
F-4 User’s Reference Guide If this device is malfunctioning, it may also be causing harm to the telephone network; this device should be disconnected until the source of the problem can be determined and until repair has been made. If this is not done, the telephone company may temporarily disconnect service.
Technical Specifications and Safety Information F-5 Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas. Caution Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate.
F-6 User’s Reference Guide
About 56K Line Access G-1 Appendix G About 56K Line Access The Netopia R2020 is capable of 56Kbps per line connections. This means that if you use both onboard modems, you can achieve inbound data transfer rates of up to 112Kbps. Using a third modem bumps the theoretical speed limit to 168Kbps. This section describes some practical limitations on the previous statements. A current FCC limitation will only permit a maximum speed of 52Kbps over analog phone lines using combined analog/digital technology.
G-2 User’s Reference Guide These new techniques treat the phone system as a mostly digital network that just happens to have an analog portion. There are several consequences to the reliance on a half-digital connection. Your Internet Service Provider must have digital phone lines to the public switched telephone network (PSTN). That's the easy part: if your ISP offers 56Kbps, they have the digital lines.
Glossary 1 Glossary Access Line: A telephone line reaching from the telephone company central office to a point usually on your premises. Beyond this point the wire is considered inside wiring. See also Trunk Line. analog: In telecommunications, telephone transmission and/or switching that is not digital. An analog phone transmission is one that was originally intended to carry speech or voice, but may with appropriate modifications be used to carry data of other types.
2 User’s Reference Guide byte: A group of bits, normally eight, which represent one data character. CallerID: See CND. CCITT (Comite Consultatif International Telegraphique et Telephonique): International Consultative Committee for Telegraphy and Telephony, a standards organization that devises and proposes recommendations for international communications. See also ANSI (American National Standards Institute).
Glossary 3 DNS (Domain Name Service): A TCP/IP protocol for discovering and maintaining network resource information distributed among different servers. download: The process of transferring a file from a server to a client. EIA (Electronic Industry Association): A North American standards association. Ethernet: A networking protocol that defines a type of LAN characterized by a 10 Mbps (megabits per second) data rate. Ethernet is used in many mainframe, PC, and UNIX networks, as well as for EtherTalk.
4 User’s Reference Guide internet: A set of networks connected together by routers. This is a general term, not to be confused with the large, multi-organizational collection of IP networks known as the Internet. An internet is sometimes also known as an internetwork. internet address, IP address: Any computing device that uses the Internet Protocol (IP) must be assigned an internet or IP address.
Glossary 5 NAT (Network Address Translation): A feature that allows communication between the LAN connected to the Netopia ISDN Router and the Internet using a single IP address, instead of having a separate IP address for each computer on the network. NetBIOS: A network communications protocol used on PC LANs. network: A group of computer systems and other computer devices that communicate with one another.
6 User’s Reference Guide RFC (Request for Comment): A series of documents used to exchange information and standards about the Internet. RIP (Routing Information Protocol): A protocol used for the transmission of IP routing information. RJ-11: A telephone-industry standard connector type, usually containing four pins. RJ-45: A telephone-industry standard connector type usually containing eight pins. router: A device that supports network communications.
Glossary 7 TCP/IP (Transmission Control Protocol/Internet Protocol): An open network standard that defines how devices from different manufacturers communicate with each other over one or more interconnected networks. TCP/IP protocols are the foundation of the Internet, a worldwide network of networks connecting businesses, governments, researchers, and educators. telephone wall cable: 2-pair, 4-pair, or 8-pair, 22- or 24-gauge solid copper wire cable.
8 User’s Reference Guide
Index-1 Index Numerics 10Base-T 4-3 10Base-T, connecting 4-3 56k, about G-1 A accounting configuration 8-23 add static route 10-33 adding a filter set 14-13 advanced configuration features 7-8 answer profile call acceptance scenarios 8-6 defined 8-4 answering calls 8-4 AppleTalk 1-2 configuring LocalTalk 12-7 routing table 13-9 tunneling (AURP) 12-3, 12-8 zones 12-6, 12-7 AppleTalk routing table 13-9 AppleTalk setup 12-1 AppleTalk Update-Based Routing Protocol, see AURP application software 4-2 ATMP 9-7 tu
Index-2 configuring profiles for incoming calls. 8-6 configuring terminal emulation software 5-3 configuring the console 7-11 connecting to an Ethernet network 4-3 connecting to the configuration screens 7-7 connection metering 8-12 connection profiles defined 6-3 scheduling 8-1, 8-7 console configuring 7-11 screens, connecting to 7-7 console configuration 7-12 console connection problems A-2 console-based management configuring with 5-1, 6-1, 7-1 D D.
Index-3 output 14-14 parts of 14-7 priority 14-5 using 14-12 viewing 14-16 finding an ISP B-1 firewall 14-17 firmware files updating with TFTP 15-8 updating with XMODEM 15-11 FTP sessions 14-20 further reading E-1 G General Statistics 13-4 Glossary GL-1 H hard seeding 12-3 hops 13-10 how to reach us A-3 I input filter 3 14-18 input filters 1 and 2 14-18 Input filters 4 and 5 14-18 Internet addresses, see IP addresses Internet Protocol (IP) 10-1 Internetwork Packet Exchange (IPX) 11-1 IP address serving 10-
Index-4 outside ranges 10-6 server lists 10-6 navigating configuration screens 7-8 Easy Setup 5-4 NCSA Telnet 5-3 nested IP subnets C-11 NetBIOS 10-37, 11-3 NetBIOS scope 10-38 Netopia answering calls 8-4 connecting to Ethernet, rules 4-3 connecting to LocalTalk 4-5 connection profile 6-3 distributing IP addresses 10-35, C-5 IP setup 6-4 IPX setup 6-4 LocalTalk configuration 12-7 monitoring 13-1 security 14-1 system utilities and tests 15-1 Network Address Translation see NAT 10-1 network problems A-2 netw
Index-5 Security Options screen 14-2 seeding 12-3 Service Advertising Protocol (SAP) 11-2 setting the IP trap receivers 13-15 show static soutes 10-32 Simple Network Management Protocol, see SNMP SmartIP 10-1 SmartPhone configuring 8-1 SmartStart before launching 3-1 requirements Macintosh 3-1 PC 3-1 troubleshooting Macintosh A-2 PC A-1 Windows 95 3-3 SNMP community strings 13-13 MIBs supported 13-12 traps 13-14 SNMP Setup screen 13-13 SNMP traps 13-14 socket 11-2 soft seeding 12-3 specifications technical
Index-6 user accounts 14-2 using filters 14-12 utilities and tests 15-1 V viewing and modifying packet filters 14-23 viewing and modifying SAP filter sets 14-28 viewing IP trap receivers 13-15 viewing scheduled connections 8-8 Virtual Private Networks (VPN) 9-1 VPN 9-1 allowing through a firewall 9-19 ATMP tunnel options 9-16 default answer profile 9-8 encryption support 9-7 PPTP tunnel options 9-4 W WAN event history 13-6 statistics 13-4 WAN configuration 8-1 WAN event history 13-6 WAN statistics 13-4, 13
Limited Warranty and Limitation of Remedies 1 Limited Warranty and Limitation of Remedies Netopia warrants to you, the end user, that the Netopia R2020 Dual Analog Router (the “Product”) will be free from defects in materials and workmanship under normal use for a period of one (1) year from date of purchase.
2 User’s Reference Guide