™ Netopia R6000 Series ADSL Routers R6100 R6120 R6131 R6161 ADSL Router ADSL with V.
Copyright ©2000, Netopia, Inc., v.090600 All rights reserved. Printed in the U.S.A. This manual and any associated artwork, software, and product designs are copyrighted with all rights reserved. Under the copyright laws such materials may not be copied, in whole or part, without the prior written consent of Netopia, Inc. Under the law, copying includes translation to another language or format. Netopia, Inc. 2470 Mariner Square Loop Alameda, CA 94501-1010 U.S.A.
Contents Welcome to the Netopia R6000 Series ADSL Router User’s Reference Guide. This guide is designed to be your single source for information about your Netopia R6000 Series ADSL Router: R6100, R6120, R6131, or R6161. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been designed to present the maximum information in the minimum space on your screen.
iv User’s Reference Guide Adding an external modem ............................................. 4-4 Connecting to a LocalTalk network ................................. 4-5 Chapter 5 — Sharing the Connection.........................................5-1 Configuring TCP/IP on Windows 95, 98, or 2000 computers............................................................ 5-2 Dynamic configuration (recommended)................... 5-2 Static configuration (optional)................................
Contents v R6161 Multilink PPP-based Bonded ADSL (WAN Module 2) Setup ......................................... 8-8 Delayed remote configuration change toggle........... 8-9 Creating a New Connection Profile................................. 8-11 RIP Profile Options ....................................................... 8-16 PPP Ethernet LAN Reconfiguration................................. 8-18 Configuration ..................................................... 8-18 Quick View.............................
vi User’s Reference Guide Chapter 10 — IP Setup ...........................................................10-1 IP setup ...................................................................... 10-2 IP subnets ......................................................... 10-5 Static routes...................................................... 10-7 IP address serving ..................................................... 10-11 IP Address Pools ..............................................
Contents vii MultiNAT Configuration Example .................................. 11-30 Firmware Upgrades and NAT ....................................... 11-34 Chapter 12 — IPX Setup .........................................................12-1 IPX features ................................................................ 12-1 IPX definitions ............................................................. 12-1 Internetwork Packet Exchange (IPX) ..................... 12-1 IPX address ............................
viii User’s Reference Guide General Statistics .............................................. 14-4 Event histories ............................................................ 14-5 Routing tables ............................................................. 14-7 Served IP Addresses.................................................. 14-10 System Information.................................................... 14-12 SNMP .......................................................................
Contents ix Allowing VPNs through a Firewall ................................. 15-24 PPTP example .................................................. 15-25 ATMP example ................................................. 15-28 Chapter 16 — Security ...........................................................16-1 Suggested Security Measures....................................... 16-1 User Accounts ............................................................. 16-1 Dial-in Console Access ........................
x User’s Reference Guide Firewall design rules......................................... Filter basics ..................................................... Example filters ................................................. Filtering on the LAN Interface...................................... 16-36 16-39 16-40 16-43 Chapter 17 — Utilities and Diagnostics ...................................17-1 Ping ............................................................................ 17-2 Trace Route................
Contents xi Appendix B — Understanding IP Addressing ..............................B-1 What is IP?.................................................................... B-1 About IP addressing ....................................................... B-1 Subnets and subnet masks .................................. B-2 Example: Using subnets on a Class C IP internet.... B-3 Example: Working with a Class C subnet ................ B-5 Distributing IP addresses ...............................................
xii User’s Reference Guide
Part I: Getting Started
User’s Reference Guide
Introduction 1-1 Chapter 1 Introduction Overview The Netopia R6000 Series ADSL Router is a full-featured, stand-alone, multiprotocol router for connecting diverse local area networks (LANs) to the Internet and other remote networks.
1-2 User’s Reference Guide ■ All digital, continuous-availability networking, eliminating dialing and providing lower, more predictable transmission costs ■ Connectivity to Ethernet LANs via a built-in 8-port 10Base-T hub with uplink port ■ Status lights (LEDs) for easy monitoring and troubleshooting ■ Support for console-based management over Telnet or serial cable connection ■ Support for remote configuration by your reseller, your network administrator, or technicians at Netopia, Inc.
Setting Up Internet Services 2-1 Chapter 2 Setting Up Internet Services This chapter describes how to obtain and set up Internet services. This section covers the following topics: ■ “Finding an Internet service provider” on page 2-1 ■ “Deciding on an ISP account” on page 2-2 ■ “Obtaining information from the ISP” on page 2-3 Note: Some companies act as their own ISP.
2-2 User’s Reference Guide Unique requirements Make sure the ISP can meet any unique requirements you may have, such as: ■ Dynamic or static IP addressing ■ Class C IP address ■ Custom domain name ■ Multiple e-mail addresses ■ Web site hosting Pricing and support Compare pricing, service, and technical support service among various ISPs. Endorsements Consider recommendations from colleagues and reviews in publications. Netopia lists Netopia partner ISPs on our Web site at http://www.netopia.
Setting Up Internet Services 2-3 Obtaining information from the ISP After your account is set up, your ISP may send you IP parameters for you to use on your LAN. While you may determine your own IP addressing scheme using NAT, there are a few key parameters that must come from your ISP.
2-4 User’s Reference Guide
Making the Physical Connections 3-1 Chapter 3 Making the Physical Connections This section tells you how to make the physical connections to your Netopia R6000 Series ADSL Router.
3-2 User’s Reference Guide What you need Locate all items that you need for the installation.
Making the Physical Connections 3-3 Identify the connectors and attach the cables Identify the connectors and switches on the back panel and attach the necessary Netopia Router cables. The figure below displays the back of the Netopia R6000 Series ADSL Router. Netopia R6000 Series back panel Line ports 8 Ethernet 1 Auxiliary Line 2 Normal 1 Console Line 1 Power Uplink Crossover switch Auxiliary port 8 port Ethernet hub Power port Console port 1.
3-4 User’s Reference Guide Netopia R6000 Series ADSL Router back panel ports The following table describes all the Netopia R6000 Series ADSL Router back panel ports. Port Power port Line ports Console port Auxiliary port Crossover switch 8-port Ethernet hub Description A mini-DIN8 power adapter cable connection. Two telephone-style jacks labeled Line 1 and Line 2. Line 1 is for your ADSL connection. If you have an R6120 or R6131 model, the Line 2 port is for your analog or ISDN dial backup connection.
Making the Physical Connections 3-5 Netopia R6000 Series ADSL Router status lights The figure below represents the Netopia R6000 Series status light (LED) panel.
3-6 User’s Reference Guide LEDs start-up sequence The WAN 1 Management status light (LED #2 in the figure above) displays the status of the Netopia R6000 Series’ attempt to connect to the DSLAM. When the router is powered on: ■ Initially the WAN 1 Management LED and the WAN1 Channel 1 LED (LED #4 in the figure above) are dark. ■ The WAN 1 Ready LED (LED #3 in the figure above) begins to blink red as the router attempts to establish communication with the WAN interface.
Connecting to Your Local Area Network 4-1 Chapter 4 Connecting to Your Local Area Network This chapter describes how to physically connect the Netopia R6000 Series to your local area network (LAN). Before you proceed, make sure the Netopia R6000 Series is properly configured. You can customize the router’s configuration for your particular LAN requirements using console-based management (see “Console-Based Management” on page 6-1).
4-2 User’s Reference Guide Application software TCP/IP stack Ethernet/EtherTalk/LocalTalk Driver Your PC or Macintosh computer To the Netopia R6000 Series Application software: This is the software you use to send e-mail, browse the World Wide Web, read newsgroups, etc. These applications may require some configuration. Examples include the Eudora e-mail client and the Web browsers Microsoft Internet Explorer and Netscape Navigator.
Connecting to Your Local Area Network 4-3 Connecting to an Ethernet network The Netopia R6000 Series supports Ethernet connections through its eight Ethernet ports. The router automatically detects which Ethernet port is in use. You can connect a standard 10Base-T Ethernet network to the Netopia R6000 Series using any of its available Ethernet ports.
4-4 User’s Reference Guide If you add devices connected through a hub, connect the hub to Ethernet port number 1 on the Netopia R6000 Series ADSL Router and set the Normal/Uplink crossover switch to Uplink. 8 Ethernet 1 Nor- PC Macintosh PC 10Base-T Hub Adding an external modem You may want to add an external modem to your Auxiliary port. Obtain the special DB-25 external modem cable (TE6/DB25) either from your reseller or directly from Netopia.
Connecting to Your Local Area Network 4-5 Connecting to a LocalTalk network If you have purchased the AppleTalk feature expansion kit, you can also connect the router to an AppleTalk network that uses either Ethernet or LocalTalk. Refer to the accompanying list of optional feature set add-ons for your Netopia R6000 Series. The AppleTalk feature expansion kit includes a dual RJ-11 PhoneNET connector that attaches to the Auxiliary port on the Netopia R6000 Series.
4-6 User’s Reference Guide
Sharing the Connection 5-1 Chapter 5 Sharing the Connection Once you have set up your physical local area network, you will need to configure the TCP/IP stack on each client workstation connected to your Netopia R6000 Series. This chapter describes how to configure TCP/IP for both Windows-based and Macintosh computers.
5-2 User’s Reference Guide Configuring TCP/IP on Windows 95, 98, or 2000 computers Configuring TCP/IP on a Windows computer requires the following: ■ An Ethernet card (also known as a network adapter) ■ The TCP/IP protocol must be “bound” to the adapter or card Dynamic configuration (recommended) To configure your PC for dynamic addressing do the following: 1. Go to the Start Menu/Settings/Control Panels and double click the Network icon.
Sharing the Connection 5-3 Static configuration (optional) If you are manually configuring for a fixed or static IP address, perform the following: 1. Go to Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Configuration tab. 2. Select TCP/IP-->Your Network Card. Then select Properties. In the TCP/IP Properties screen, select the IP Address tab. Click “Specify an IP Address.” Enter the following: IP Address: 192.168.1.2 Subnet Mask: 255.
5-4 User’s Reference Guide 3. Click on the Gateway tab (shown below). Under “New gateway,” enter 192.168.1.1. Click Add. This is the Netopia R6000 Series’s pre-assigned IP address. Click on the DNS Configuration tab. Click Enable DNS. Enter the following information: Host: Type the name you want to give to this computer. Domain: Type your domain name. If you don't have a domain name, type your ISP's domain name; for example, netopia.com.
Sharing the Connection 5-5 Configuring TCP/IP on Macintosh computers The following is a quick guide to configuring TCP/IP for MacOS computers. Configuring TCP/IP in a Macintosh computer requires the following: You must have either Open Transport or Classic Networking (MacTCP) installed.
5-6 User’s Reference Guide Static configuration (optional) If you are manually configuring for a fixed or static IP address, perform the following: 1. Go to the Apple menu. Select Control Panels and then TCP/IP or MacTCP. 2. With the TCP/IP window open, go to the Edit menu and select User Mode. Choose Advanced and click OK. Or, in the MacTCP window, select Ethernet and click the More button. 3.
Sharing the Connection 5-7 Dynamic configuration using MacIP (optional) If you want to use MacIP to dynamically assign IP addresses to the Macintosh computers on your network you must install the optional AppleTalk feature set kit. Note: You cannot use MacIP dynamic configuration to configure your Netopia R6000 Series ADSL Router because you must first configure the router in order to enable AppleTalk. Once the AppleTalk kit is installed, you can configure your Macintoshes for MacIP.
5-8 User’s Reference Guide Using Classic Networking (MacTCP) 1. Go to the Apple Menu. Select Control Panels and then Network. 2. In the Network window, select EtherTalk. 3. Go back to the Apple menu. Select Control Panels and then MacTCP. 4. Select EtherTalk. From the pull-down menu under EtherTalk, select an available zone; then click the More button. In the MacTCP/More window select the Server radio button. If necessary, fill in the Domain Name Server information given to you by your administrator.
Console-Based Management 6-1 Chapter 6 Console-Based Management Console-based management is a menu-driven interface for the capabilities built into the Netopia R6000 Series. Console-based management provides access to a wide variety of features that the router supports. You can customize these features for your individual setup. This chapter describes how to access the console-based management screens.
6-2 User’s Reference Guide ■ The System Configuration menus display and permit changing: ■ Network protocols setup. See “IP Setup” on page 10-1, “IPX Setup” on page 12-1, and “AppleTalk Setup” on page 13-1. ■ Filter sets (firewalls). See “Security” on page 16-1. ■ IP address serving. See “IP address serving” on page 10-11. ■ Date and time. See “Date and time” on page 8-24. ■ Console configuration. See “Connecting a Console Cable to your Router” on page 6-3.
Console-Based Management 6-3 Configuring Telnet software If you are configuring your router using a Telnet session, your computer must be running a Telnet software program. ■ If you connect a PC with Microsoft Windows, you can use a Windows Telnet application or simply run Telnet from the Start menu. ■ If you connect a Macintosh computer, you can use the NCSA Telnet program supplied on the Netopia R6000 Series CD. You install NCSA Telnet by simply dragging the application from the CD to your hard disk.
6-4 User’s Reference Guide Launch your terminal emulation software and configure the communications software for the values shown in the table below. These are the default communication parameters that the Netopia R6000 Series uses. Parameter Suggested Value Terminal type PC: ANSI-BBS Mac: ANSI, VT-100, or VT-200 Data bits 8 Parity None Stop bits 1 Speed 57600 bits per second Flow Control None Note: The router firmware contains an autobaud detection feature.
Console-Based Management 6-5 ■ Through the console port, using a local terminal (see “Connecting a Console Cable to your Router” on page 6-3) You can also retrieve the Netopia R6000 Series’s configuration information and remotely set its parameters using the Simple Network Management Protocol (see “SNMP” on page 14-12). Open a Telnet connection to the router’s IP address; for example, “192.168.1.1.” The console screen will open to the Main Menu, similar to the screen shown below: Netopia R6100 v4.
6-6 User’s Reference Guide
Easy Setup 7-1 Chapter 7 Easy Setup This chapter describes how to use the Easy Setup console screens on your Netopia R6000 Series ADSL Router. After completing the Easy Setup console screens, your router will be ready to connect to the Internet or another remote site.
7-2 User’s Reference Guide A screen similar to the following Main Menu appears: Netopia R6100 v4.8 Easy Setup... WAN Configuration... System Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... Return/Enter goes to Easy Setup -- minimal configuration. You always start from this main screen.
Easy Setup 7-3 Quick Easy Setup connection path Note: ADSL routers are often pre-configured for you by your service provider. If this is the case, you can skip this section. If your service provider has not pre-configured your router, follow these instructions. This section may be all you need to do to configure your Netopia R6000 Series ADSL Router to connect to the Internet. Most ISPs will supply you with several parameter values for you to enter in the router.
7-4 User’s Reference Guide Do the following: 1. Open a Telnet session to 192.168.1.1 to bring up the Main Menu. If you don't know how to do this, see “Connecting through a Telnet Session” on page 6-2. Alternatively, you can connect the console cable and open a direct serial console connection, using a terminal emulator program. See “Connecting a Console Cable to your Router” on page 6-3. The Main Menu appears. Netopia R6100 v4.8 Easy Setup... WAN Configuration... System Configuration...
Easy Setup 7-5 ADSL Line Configuration ADSL Line Configuration Data Link Encapsulation... RFC1483 TO MAIN MENU NEXT SCREEN Enter Information supplied to you by your telephone company. 1. Select Data Link Encapsulation and press Return. The pop-up menu will offer you the choice of PPP or RFC1483. Your selection depends on which type your ISP uses. The default is RFC1483.
7-6 User’s Reference Guide Connection Profile 1: Easy Setup Profile Address Translation Enabled: IP Addressing... Yes Numbered Local WAN Local WAN Remote IP Remote IP 0.0.0.0 0.0.0.0 127.0.0.2 255.255.255.255 IP Address: IP Mask: Address: Mask: PPP Authentication... Send User Name: Send Password: PAP tonyf ****** PREVIOUS SCREEN NEXT SCREEN Enter basic information about your WAN connection with this screen. 1.
Easy Setup 7-7 IP Easy Setup The IP Easy Setup screen is where you enter information about your Netopia Router’s: ■ Ethernet IP address ■ Ethernet Subnet mask ■ Domain Name ■ Domain Name Server IP address(es) ■ Default gateway IP address If necessary, consult with a network administrator to obtain the information you will need. For more information about setting up IP, see “IP Setup” on page 10-1. IP Easy Setup Ethernet IP Address: Ethernet Subnet Mask: 192.168.1.1 255.255.255.
7-8 User’s Reference Guide Type the Domain Name your ISP gave you. Press Return. The next field, Primary Domain Name Server, will be highlighted. 4. Type the Primary Domain Name Server address your ISP gave you. Press Return. If your ISP gave you a secondary domain name server address, enter it in the next field, Secondary Domain Name Server. Press Return until the next field, Default IP Gateway, is highlighted. 5.
Easy Setup 7-9 2. Select CONTINUE to restart the Netopia Router and have your selections take effect. Note: You can also restart the system at any time by using the Restart System utility (see “Restarting the system” on page 17-13) or by turning the Netopia Router off and on with the power switch. The Router will restart and your configuration settings will be activated. You can then Exit or Quit your Telnet application. Easy Setup is now complete.
7-10 User’s Reference Guide
Part II: Advanced Configuration
User’s Reference Guide
WAN and System Configuration 8-1 Chapter 8 WAN and System Configuration This chapter describes how to use the console-based management screens to access and configure advanced features of your Netopia R6000 Series ADSL Router. You can customize these features for your individual setup. These menus provide a powerful method for experienced users to set up their router’s connection profiles and system configuration.
8-2 User’s Reference Guide WAN Configuration To configure your Wide Area Network (WAN) connection, navigate to the WAN Configuration screen from the Main Menu and select WAN Configuration, then WAN Setup. Main Menu WAN Configuration WAN Setup Choose Interface to Configure ADSL Line Configuration The Choose Interface to Configure screen appears. Choose Interface to Configure ADSL (Wan Module 1) Setup... Auxiliary Serial Port Setup...
WAN and System Configuration 8-3 Line configuration Select ADSL (WAN Module 1) Setup. The ADSL Line Configuration screen appears. ADSL Line Configuration Display/Change Circuit... Add Circuit... Delete Circuit... Data Link Encapsulation... RFC1483 Mode... RFC1483 Bridged 1483 On ADSL WAN interfaces, the ATM connection between the router and the central office equipment (DSLAM) is divided logically into one or more virtual circuits (VCs).
8-4 User’s Reference Guide Choosing Display/Change Circuit (or Delete Circuit) displays a pop-up menu that allows you to select the circuit to be modified or deleted. ADSL Line Configuration Display/Change Circuit... Add Circuit... Delete Circuit... Data Link Encapsulation... RFC1483 Mode...
WAN and System Configuration 8-5 ■ Circuit Enabled allows you to enable or disable the circuit, using the Tab key. The default is enabled. ■ Circuit VPI allows you to specify the Virtual Path Identifier (VPI) value for the circuit. The default VPI value for ADSL is zero (0). ■ Circuit VCI allows you to specify the Virtual Channel Identifier (VCI) value for the circuit. The default VCI value for circuits on ADSL is 35.
8-6 User’s Reference Guide the type your ISP uses. ■ Press Escape to return to the Choose Interface to Configure screen. You can now specify how the Auxiliary Serial Port is to be used by selecting Auxiliary Serial Port and pressing Return. Adding a circuit Choosing Add Circuit displays the Add Circuit screen. Add Circuit Circuit Name: Circuit 2 Circuit Enabled: Yes Circuit VPI (0-255): 0 Circuit VCI (0-65535): 0 Use Connection Profile...
WAN and System Configuration 8-7 Auxiliary Serial Port configuration By default, the Auxiliary Serial Port is enabled for an asynchronous modem. Auxiliary Port Configuration Aux Serial Port... Data Rate (kbps)... Aux Modem Init String: Aux Modem Directory Number: Async Modem 57.6 AT&F&C1&D2E0S0=1 If the AppleTalk feature set is installed, then LocalTalk becomes the default option. You can also specify it to be Unused by selecting it from the Aux Serial Port pop-up menu.
8-8 User’s Reference Guide R6161 Multilink PPP-based Bonded ADSL (WAN Module 2) Setup The Netopia R6000 Series offers Multilink PPP-based DSL Bonding support for R6161 ADSL routers. Multilink PPP-based DSL Bonding allows your ISP to aggregate the speed of two separate DSL lines to create a single virtual pipe of higher speed. It does require two separate DSL lines, each connected to one of the two WAN interfaces on an R6161 Router.
WAN and System Configuration 8-9 Delayed remote configuration change toggle The Netopia R6000 Series supports delaying some configuration changes until after the router is restarted. If your router is preconfigured by your service provider, or if you are not remotely configuring the router, you can leave this setting unchanged. The purpose of this feature is to defer configuration changes only when remotely configuring or reconfiguring the router to prevent premature console disconnection.
8-10 User’s Reference Guide When you toggle Configuration Changes Reset WAN Connection either to Yes or No using the Tab key and press Return, a pop-up window asks you to confirm your choice. Choose Interface to Configure +----------------------------------------------------+ +----------------------------------------------------+ | The Router must be restarted to allow this feature | | to function properly.
WAN and System Configuration 8-11 Creating a New Connection Profile For a Netopia R6000 Series, connection profiles are useful for configuring the connection and authentication settings for negotiating a PPP connection on the ADSL link or on an asynchronous modem attached to the Auxiliary port.
8-12 User’s Reference Guide 3. Select Data Link Encapsulation and press Return. From the pop-up menu select PPP, RFC1483, ATMP, PPTP, or IPsec. If you select PPP, the Data Link Options menu item is displayed; if you select RFC1483, the Data Link Options item is hidden. PPTP, ATMP, and IPsec options are intended for use with Virtual Private Network (VPN) profiles. For more information see “Virtual Private Networks (VPN)” on page 15-1. 4.
WAN and System Configuration 8-13 6. Select IP Profile Parameters and press Return. The IP Profile Parameters screen appears. IP Profile Parameters Address Translation Enabled: IP Addressing... Yes Numbered NAT Map List... NAT Server List... Easy-PAT List Easy-Servers Local WAN Local WAN Remote IP Remote IP 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 IP Address: IP Mask: Address: Mask: Filter Set... Remove Filter Set RIP Profile Options... Configure IP requirements for a remote network connection here. 7.
8-14 User’s Reference Guide IPX Profile Parameters Remote IPX Network: Path Delay: NetBios Packet Forwarding: 00000000 10 Off Incoming Packet Filter Set... Outgoing Packet Filter Set... <> <> Incoming SAP Filter Set... Outgoing SAP Filter Set... <> <> Periodic RIP Timer: Periodic SAP Timer: 60 60 Configure IPX requirements for a remote network connection here. 9.
WAN and System Configuration 8-15 WAN Configuration +-Profile Name---------------------IP Address----IPX Network-+ +------------------------------------------------------------+ | Easy Setup Profile 127.0.0.2 | | Profile 02 0.0.0.0 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | +------------------------------------------------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
8-16 User’s Reference Guide RIP Profile Options The Netopia R6000 Series permits configuring RIP parameters through the IP Profile Parameters RIP Profile Parameters screen for Connection Profiles. The three Routing Information Protocol (RIP) options, Receive RIP, Transmit RIP, and TX RIP Policy, are located in the RIP Profile Parameters screen.
WAN and System Configuration 8-17 RIP Profile Parameters Receive RIP: Both Transmit RIP: TX RIP Policy... v2 (multicast) Poison Reverse ■ Routing Information Protocol (RIP) is needed if there are IP routers on other segments of your Ethernet network that the Netopia R6000 Series needs to recognize. If this is the case select Receive RIP and select v1, v2, or Both from the pop-up menu.
8-18 User’s Reference Guide PPP Ethernet LAN Reconfiguration Netopia R6000 Series Routers offer the ability for PPP to reconfigure the router’s Ethernet LAN when establishing an unnumbered, non-NAT connection. This allows a central site router to supply an entire IP subnet, rather than a single IP address, for use by a Netopia router.
WAN and System Configuration 8-19 Quick View The Quick View screen (as shown below) displays both Primary and Secondary DNS Server addresses. This is useful because both may be served via PPP. Quick View Default IP Gateway: 163.176.12.1 Primary DNS Server: 163.176.4.31 Secondary DNS Server: 163.176.4.10 8/8/2000 10:46:14 AM CPU Load: 6% Unused Memory: 232 KB WAN Interface Group -- EN Domain Name: isp.
8-20 User’s Reference Guide The WAN Default Profile If you are using RFC1483 datalink encapsulation, the Default Profile screen controls whether or not the ADSL link will come up without an explicitly configured connection profile. (PPP datalink encapsulation does not support a default profile, and the corresponding menu item is unavailable.) See “Connection Profiles” on page 10-27 for more information.
WAN and System Configuration 8-21 If Must Match a Defined Profile is set to No, then an IPX Enabled item is visible. Toggling this item to Yes or No (the default) controls whether or not IPX will be supported on the ADSL link. If IPX Enabled is set to Yes, an IPX Parameters item becomes visible. If you select IPX Parameters, the IPX Parameters screen appears (see “IPX parameters (default profile) screen” on page 8-22).
8-22 User’s Reference Guide IPX parameters (default profile) screen If you are using RFC1483 datalink encapsulation, the IPX Parameters (Default Profile) screen allows you to configure various IPX parameters for ADSL connections established without an explicitly configured connection profile: IPX Parameters (Default Profile) NetBios Packet Forwarding: Path Delay: Off 10 Incoming Outgoing Incoming Outgoing <> <> <> <> Packet Filter Set... Packet Filter Set... SAP Filter Set...
WAN and System Configuration 8-23 System Configuration The Netopia R6000 Series ADSL Router’s default settings may be all you need to configure your Netopia R6000 Series. Some users, however, require advanced settings or prefer manual control over the default selections. For these users, the Netopia R6000 Series provides system configuration options. To help you determine whether you need to use the system configuration options, review the following requirements.
8-24 User’s Reference Guide Network protocols setup These screens allow you to configure your network’s use of the standard networking protocols: ■ IP: Details are given in “IP Setup” on page 10-1. ■ IPX: Details are given in “IPX Setup” on page 12-1. ■ AppleTalk: Details are given in “AppleTalk Setup” on page 13-1. Note: AppleTalk requires the optional AppleTalk feature expansion kit.
WAN and System Configuration 8-25 1. Select Current Date and enter the date in the appropriate format. Use one- or two-digit numbers for the month and day and the last two digits of the current year. The date’s numbers must be separated by forward slashes (/). 2. Select Current Time and enter the time in the format HH:MM, where HH is the hour (using either the 12-hour or 24-hour clock) and MM is the minutes. 3. Select AM or PM and choose AM or PM.
8-26 User’s Reference Guide SNMP (Simple Network Management Protocol) These screens allow you to monitor and configure your network by means of a standard Simple Network Management Protocol (SNMP) agent. ■ Details are given in “SNMP” on page 14-12. Security These screens allow you to add users and define passwords on your network. ■ Details are given in “Security” on page 16-1.
WAN and System Configuration 8-27 By default, all events are logged in the event history. ■ By toggling each event descriptor to either Yes or No, you can determine which ones are logged and which are ignored. ■ You can enable or disable the syslog client dynamically. When enabled, it will report any appropriate and previously unreported events. ■ You can specify the syslog server’s address either in dotted decimal format or as a DNS name of up to 63 characters.
8-28 User’s Reference Guide
Dial Backup 9-1 Chapter 9 Dial Backup The Netopia R6000 Series offers dial backup functionality in the event of a line failure on its primary WAN link. The firmware supports backup to an external modem connected to the Auxiliary port or an internal V.90 modem via a V.90 modem WAN module or an ISDN interface via an ISDN WAN interface module in the second WAN slot. R6120 models have integrated V.90 backup built in. R6131 models have integrated ISDN backup built in.
9-2 User’s Reference Guide WAN Configuration To configure Dial Backup, from the Main Menu select WAN Configuration and then WAN Setup. Main Menu WAN Configuration WAN Configuration WAN (Wide Area Network) Setup... Display/Change Connection Profile... Add Connection Profile... Delete Connection Profile... Default Profile... Backup Configuration... Frame Relay Configuration... Frame Relay DLCI Configuration... Establish WAN Connection... Disconnect WAN Connection...
Dial Backup 9-3 The router senses what type of WAN interface modules are installed in the WAN interface slots. For example, if you have an ISDN daughter card installed in slot 2, the screen will say ISDN (Wan Module 2) Setup.... Choose the interface you want to configure for backup, either Motherboard Auxiliary Setup... or (Wan Module 2) Setup.... ■ If you select Motherboard Auxiliary Setup..., the following screen appears: Auxiliary Port Configuration Aux Serial Port... Data Rate (kbps)...
9-4 User’s Reference Guide ■ If you select (Wan Module 2) Setup... and have a V.90 modem card in slot 2, the following screen appears: Internal Modem Setup Modem Dialing Prefix: PBX Dialing Prefix: Answer on Ring Type... Speaker On... Speaker Volume... ATDT Any Until Carrier 2-Medium Enter Information supplied to you by your telephone company.
Dial Backup 9-5 Speaker On... field. Supported options are: Selection: ■ Behavior: Never Turns off all speaker activity and hides the Speaker Volume control. Until Carrier The default. Allows call placement and handshaking tones to be heard. During Answer Same as above, but blocks dialing tones. Always Allows carrier tones to be heard, as well. ■ When the modem speaker is on, you can adjust the volume in the Speaker Volume... field.
9-6 User’s Reference Guide Backup Configuration screen This screen is used to configure the conditions under which backup will occur, if it will recover, and how the Auxiliary port is configured. For an internal V.90 modem or an external modem connected to the Auxiliary port, the Backup Configuration screen appears as follows (variations for ISDN are described below): Backup Configuration Backup Parameters Backup to Auxiliary Port...
Dial Backup 9-7 lished and the router switches back to it from the backup mode. ■ You can toggle Auto-Recovery on loss of Layer 2 to Yes or No (the default). This setting determines whether the router should try to Auto-Recover when the backup is invoked because of a Layer 2 loss, for example, a no valid Connection Profile. (Layer 1 is still available, and this is what recovery checks.) Use this setting with caution. Setting it to Yes may induce alternate switching between Backup and Recovery Mode.
9-8 User’s Reference Guide Connection Profiles The line backup feature allows you to configure a complete Connection Profile for the backup port, just as you do for your primary WAN connection. In this way profiles are associated with a particular interface. The profile should reflect the port it is associated with. It should have switched characteristics for the backup port. Add Connection Profile Profile Name: Profile Enabled: Backup Yes Data Link Encapsulation is Data Link Options...
Dial Backup 9-9 The Scheduled Connections screen appears. Scheduled Connections Display/Change Scheduled Connection... Add Scheduled Connection... Delete Scheduled Connection... Return/Enter to add a Scheduled Connection. Navigate from here to add/modify/change/delete Scheduled Connections. ■ Select Add Scheduled Connection and press Return. The Add Scheduled Connection screen appears. Add Scheduled Connection Scheduled Connection Enable: On How Often... Weekly Schedule Type...
9-10 User’s Reference Guide Set Weekly Schedule Monday: Tuesday: Wednesday: Thursday: Friday: Saturday: Sunday: Yes Yes Yes Yes Yes Yes Yes Scheduled Window Start Time: AM or PM: 11:27 AM Scheduled Window Duration Per Day: 24:00 Return/Enter accepts * Tab toggles * ESC cancels. ■ Toggle all the days of the week to Yes, and set the Scheduled Window Duration Per Day to 24:00. This guarantees a 24X7 connection. Press Escape to return to the Add Scheduled Connection screen.
Dial Backup 9-11 Management/Statistics The Statistics & Logs menu offers a Backup Management/Statistics option. To view the Backup Management/Statistics, from the Main Menu select Statistics & Logs. Main Menu Statistics & Logs Statistics & Logs WAN Event History... Device Event History... IP Routing Table... IPX Routing Table... IPX SAP Bindery Table... ! Served IP Addresses... Backup Management/Statistics... General Statistics... System Information...
9-12 User’s Reference Guide Backup Management/Statistics Current Port: Backup State: Time Since Detection: Auxiliary Port Backup Mode 15 FORCE RECOVERY ■ Current Port is a display-only field that shows which port is currently in operation. ■ Backup State is a display-only field that shows the current state of Backup or Recovery. ■ Time Since Detection is a display-only field that is only visible if backup or recovery is in progress.
Dial Backup 9-13 Event Logs When a backup or recovery occurs an event is logged in the WAN Event History.
9-14 User’s Reference Guide
IP Setup 10-1 Chapter 10 IP Setup The Netopia R6000 Series uses Internet Protocol (IP) to communicate both locally and with remote networks. This chapter shows you how to configure the router to route IP traffic. You also learn how to configure the router to serve IP addresses to hosts on your local network. Netopia’s IP routing features Network Address Translation and IP address serving.
10-2 User’s Reference Guide IP setup Main Menu System Configuration Network Protocols Setup IP Setup The IP Setup options screen is where you configure the Ethernet side of the Netopia R6000 Series. The information you enter here controls how the router routes IP traffic.
IP Setup 10-3 The Netopia R6000 Series ADSL Router supports multiple IP subnets on the Ethernet interface. You may want to configure multiple IP subnets to service more hosts than are possible with your primary subnet. It is not always possible to obtain a larger subnet from your ISP. For example, if you already have a full Class C subnet, your only option is multiple Class C subnets, since it is virtually impossible to justify a Class A or Class B assignment. This assumes that you are not using NAT.
10-4 User’s Reference Guide IP Setup Ethernet IP Address: Ethernet Subnet Mask: Define Additional Subnets... 192.168.1.1 255.255.255.0 Default IP Gateway: 0.0.0.0 Backup IP Gateway: 0.0.0.0 Primary Domain Name Server: 0.0.0.0 Secondary Domain +-----------------------------------+ Domain Name: +-----------------------------------+ | Basic Firewall | Receive RIP... | NetBIOS Filter | Transmit RIP... | Filter Set 3 | | | LAN (EN Hub) Filt| | Remove Filter Set| | | | Static Routes... | |ng...
IP Setup 10-5 IP subnets The IP Subnets screen allows you to configure up to eight Ethernet IP subnets on unlimited-user models, one “primary” subnet and up to seven secondary subnets, by entering IP address/subnet mask pairs: IP Subnets #1: IP Address ---------------192.128.117.162 Subnet Mask --------------255.255.255.0 #2: 0.0.0.0 0.0.0.0 #3: #4: #5: #6: #7: #8: Note: You need not use this screen if you have only a single Ethernet IP subnet.
10-6 User’s Reference Guide For example: IP Subnets #1: IP Address ---------------192.128.117.162 Subnet Mask --------------255.255.255.0 #2: 192.128.152.162 255.255.0.0 #3: 0.0.0.0 0.0.0.0 #4: #5: #6: #7: #8: ■ To delete a configured subnet, set both the IP address and subnet mask values to 0.0.0.0, either explicitly or by clearing each field and pressing Return to commit the change. When a configured subnet is deleted, the values in subsequent rows adjust up to fill the vacant fields.
IP Setup 10-7 If you have configured multiple Ethernet IP subnets, the IP Setup screen changes slightly: IP Setup Subnet Configuration... Default IP Gateway: 192.128.117.163 Primary Domain Name Server: Secondary Domain Name Server: Domain Name: 0.0.0.0 0.0.0.0 Receive RIP: Transmit RIP: Static Routes... Both v2 (multicast) Address Serving Setup... Exported Services... Filter Sets... The IP address and Subnet mask items are hidden, and the Define Additional Subnets...
10-8 User’s Reference Guide The Static Routes screen will appear. Static Routes Display/Change Static Route... Add Static Route... Delete Static Route... Configure/View/Delete Static Routes from this and the following Screens. Viewing static routes To display a view-only table of static routes, select Display/Change Static Route. The table shown below will appear. +-Dest.
IP Setup 10-9 Subnet Mask: The subnet mask associated with the destination network. Next Gateway: The IP address of the router that will be used to reach the destination network. Priority: An indication of whether the Netopia R6000 Series will use the static route when it conflicts with information received from RIP packets. Enabled: An indication of whether the static route should be installed in the IP routing table. To return to the Static Routes screen, press Escape.
10-10 User’s Reference Guide information; Low means that the RIP information takes precedence over the static route. ■ If the static route conflicts with a connection profile, the connection profile will always take precedence. ■ To make sure that the static route is known only to the Netopia R6000 Series, select Advertise Route Via RIP and toggle it to No. To allow other RIP-capable routers to know about the static route, select Advertise Route Via RIP and toggle it to Yes.
IP Setup 10-11 A static route that is already installed in the IP routing table will be removed if any of the conditions listed above become true for that static route. However, an enabled static route is automatically reinstalled once the conditions listed above are no longer true for that static route.
10-12 User’s Reference Guide Go to the System Configuration screen. Select IP Address Serving and press Return. The IP Address Serving screen will appear. IP Address Serving IP Address Serving Mode... DHCP Server Number of Client IP Addresses: 1st Client Address: Client Default Gateway... 5 192.168.1.100 192.168.1.1 Serve DHCP Clients: DHCP Lease Time (Hours): DHCP NetBIOS Options... Yes 1 Serve BOOTP Clients: Yes Serve Dynamic WAN Clients Yes Configure Address Serving (DHCP, BOOTP, etc.) here.
IP Setup 10-13 If you have configured multiple Ethernet IP subnets, the appearance of the IP Address Serving screen is altered slightly: IP Address Serving Configure Address Pools... Serve DHCP Clients: DHCP NetBios Options... Yes Serve BOOTP Clients: Yes Serve Dynamic WAN Clients: Yes Serve MacIP/KIP Clients: MacIP/KIP Static Options... Yes The first three menu items are hidden, and Configure Address Pools... appears instead. If you select Configure Address Pools...
10-14 User’s Reference Guide IP Address Pools The IP Address Pools screen allows you to configure a separate IP address serving pool for each of up to eight configured Ethernet IP subnets: IP Address Pools Subnet (# host addrs) --------------------192.128.117.0 (253) 1st Client Addr --------------192.128.117.196 Clients ------16 Client Gateway -------------192.128.117.162 192.129.117.0 192.129.117.110 8 192.129.117.4 (253) This screen consists of between two and eight rows of four columns each.
IP Setup 10-15 Numerous factors influence the choice of served address. It is difficult to specify the address that will be served to a particular client in all circumstances. However, when the address server has been configured, and the clients involved have no prior address serving interactions, the Netopia R6000 Series will generally serve the first unused address from the first address pool with an available address.
10-16 User’s Reference Guide DHCP NetBIOS Options If your network uses NetBIOS, you can enable the Netopia R6000 Series to use DHCP to distribute NetBIOS information. NetBIOS stands for Network Basic Input/Output System. It is a layer of software originally developed by IBM and Sytek to link a network operating system with specific hardware. NetBIOS has been adopted as an industry standard. It offers LAN applications a variety of “hooks” to carry out inter-application communications and data transfer.
IP Setup 10-17 ■ From the NetBios Type pop-up menu, select the type of NetBIOS used on your network. DHCP NetBios Options Serve NetBios Type: NetBios Type... Serve NetBios Scope: NetBios Scope: Serve NetBios Name Server: NetBios Name Server IP Addr: ■ +--------+ +--------+ | Type B | | Type P | | Type M | | Type H | +--------+ No 0.0.0.0 To serve DHCP clients with the NetBIOS scope, select Serve NetBios Scope and toggle it to Yes. Select NetBios Scope and enter the scope.
10-18 User’s Reference Guide IP Address Lease Management Reset All Leases Release BootP Leases Reclaim Declined Addresses Hit RETURN/ENTER, you will return to the previous screen. Select Release BootP Leases and press Return. MacIP (KIP forwarding) setup When hosts using AppleTalk (typically those using LocalTalk) are not directly connected to an IP network (usually an Ethernet), they must use a MacIP (AppleTalk–IP) gateway.
IP Setup 10-19 The MacIP (KIP) Forwarding Setup screen tells the Netopia R6000 Series how many static addresses to allocate for MacIP/KIP clients. The addresses must fall within the address pool from the previous screen. ■ Enter the number of static MacIP addresses to reserve. Note that the address pool IP range is listed for your referral in this screen. MacIP (KIP) Forwarding Setup This screen tells the Netopia how many static addresses to allocate for MacIP/KIP clients.
10-20 User’s Reference Guide Configuring the IP Address Server options To access the enhanced DHCP server functions, from the Main Menu navigate to Statistics & Logs and then Served IP Addresses. Main Menu Statistics & Logs Served IP Addresses The following example shows the Served IP Addresses screen after three clients have leased IP addresses. The first client did not provide a Host Name in its DHCP messages; the second and third clients did.
IP Setup 10-21 You can select the entries in the Served IP Addresses screen. Use the up and down arrow keys to move the selection to one of the entries in the list of served IP addresses. (You cannot select IP addresses in the MacIP static range, as well as the router’s Ethernet IP address(es) that have been automatically excluded on startup, since you cannot perform any operations on these addresses.
10-22 User’s Reference Guide ■ Details… is displayed if the entry is associated with both a host name and a client identifier. Selecting Details… displays a pop-up menu that provides additional information associated with the IP address. The pop-up menu includes the IP address as well as the host name and client identifier supplied by the client to which the address is leased.
IP Setup 10-23 Served IP Addresses -IP Address------Type----Expires—-Host Name/Client Identifier--------------------------------------------------SCROLL UP----------------------------------192.168.1.100 192.168.1.101 192.1+-------------------------------------------------------------+ 192.1+-------------------------------------------------------------+ 192.1| | 192.1| You are about to make changes that will affect an address | 192.1| that is currently in use. Are you sure you want to do this? | 192.
10-24 User’s Reference Guide Served IP Addresses -IP Address------Type----Expires—-Host Name/Client Identifier--------------------------------------------------SCROLL UP----------------------------------192.168.1.100 192.168.1.101 192.168.1.102 +--------------------------------------+ 192.168.1.103 +--------------------------------------+ 192.168.1.104 | | 192.168.1.105 | IP Address is 192.168.1.108 | 192.168.1.106 | MAC Address: 00-00-c5-45-89-ef | 192.168.1.107 | | 192.168.1.108 | CANCEL OK | 192.168.1.
IP Setup 10-25 DHCP Relay Agent The Netopia R6000 Series offers DHCP Relay Agent functionality, as defined in RFC1542. A DHCP relay agent is a computer system or a router that is configured to forward DHCP requests from clients on the LAN to a remote DHCP server, and to pass the replies back to the requesting client systems. When a DHCP client starts up, it has no IP address, nor does it know the IP address of a DHCP server. Therefore, it uses an IP broadcast to communicate with one or more DHCP servers.
10-26 User’s Reference Guide Select IP Address Serving and press Return. The IP Address Serving screen appears. IP Address Serving +------------------+ +------------------+ IP Address Serving Mode... | Disabled | | DHCP Server | Number of Client IP Addresses: | DHCP Relay Agent | 1st Client Address: +------------------+ Client Default Gateway... 192.168.1.1 Serve DHCP Clients: DHCP NetBIOS Options... Yes Serve BOOTP Clients: Yes Select IP Address Serving Mode.
IP Setup 10-27 Notes: The remote DHCP server(s) to which the Netopia Router is relaying DHCP requests must be capable of servicing relayed requests. Not all DHCP servers support this feature. For example, the DHCP server in the Netopia Router does not. The DHCP server(s) to which the Netopia Router is relaying DHCP requests must be configured with one or more address pools that are within the Netopia Router’s primary Ethernet LAN subnet.
10-28 User’s Reference Guide On a Netopia R6000 Series ADSL Router you can add up to 15 more connection profiles, for a total of 16, although only one can be used at a time. 1. Select Profile Name and enter a name for this connection profile. It can be any name you wish. For example: the name of your ISP. 2. Toggle the Profile Enabled value to Yes or No. The default is Yes. 3. Select IP Profile Parameters and press Return. The IP Profile Parameters screen appears.
IP Setup 10-29 IPX Profile Parameters Remote IPX Network: Path Delay: NetBios Packet Forwarding: 00000000 10 Off Incoming Packet Filter Set... Outgoing Packet Filter Set... <> <> Incoming SAP Filter Set... Outgoing SAP Filter Set... <> <> Periodic RIP Timer: Periodic SAP Timer: 60 60 Configure IPX requirements for a remote network connection here. 6. Toggle or enter any IPX parameters you require and return to the Add Connection Profile screen by pressing Escape.
10-30 User’s Reference Guide
Multiple Network Address Translation (MultiNAT) 11-1 Chapter 11 Multiple Network Address Translation (MultiNAT) The Netopia R6000 Series offers advanced Multiple Network Address Translation functionality. You should read this chapter completely before attempting to configure any of the advanced NAT features.
11-2 User’s Reference Guide Features MultiNAT features can be divided into several categories that can be used simultaneously in different combinations on a per-Connection Profile basis. The following is a general description of these features: Port Address Translation The simplest form of classic Network Address Translation is PAT (Port Address Translation).
Multiple Network Address Translation (MultiNAT) 11-3 Dynamic mapping Beginning with firmware 4.5, Dynamic mapping, often referred to as many-to-few, offers an extension to the advantages provided by static mapping. Instead of requiring a one-to-one association of public addresses and private addresses, as is required in static mapping, dynamic mapping uses a group of public IP addresses to dynamically allocate static mappings to private hosts that are communicating with the public network.
11-4 User’s Reference Guide Available for Dynamic NAT Used for Normal NAT 172.16.1.29 172.16.1.28 172.16.1.27 172.16.1.26 172.16.1.25 WAN Network 192.168.1.16 192.168.1.15 192.168.1.14 192.168.1.13 192.168.1.12 192.168.1.11 192.168.1.10 192.168.1.9 192.168.1.8 192.168.1.7 192.168.1.6 192.168.1.5 192.168.1.4 192.168.1.3 LAN Network 192.168.1.
Multiple Network Address Translation (MultiNAT) 11-5 Complex maps Map lists and server lists are completely independent of each other. A Connection Profile can use one or the other or both. MultiNAT allows complex mapping and requires more complex configuration than in earlier firmware versions. Multiple mapped interior subnets are supported, and the rules for mapping each of the subnets may be different. The figure below illustrates a possible multiNAT configuration. 206.1.1.1 206.1.1.2 206.1.1.3 206.1.1.
11-6 User’s Reference Guide ■ 1-to-1 static NAT mapping. An internal private address is permanently mapped to an external address. TCP and UDP port addresses are not altered. ■ Multiple Many-to-1 PAT mappings on a single interface. PAT addresses may be assigned to specific private address subnets. Unlike pre-4.4 NAT, not all internal machines need to be included on a PAT mapping list. ■ Coexistent mapped and unmapped traffic on a public interface.
Multiple Network Address Translation (MultiNAT) 11-7 MultiNAT Configuration You configure the MultiNAT features through the console menu: ■ For a simple 1-to-many NAT configuration (classic NAT), use the Basic configuration – Easy Setup Profile, described below.
11-8 User’s Reference Guide Advanced configuration – Server Lists and Dynamic NAT You use the advanced NAT feature sets by first defining a series of mapping rules and then grouping them into a list. There are two kinds of lists -- map lists, made up of dynamic, PAT and static mapping rules, and server lists, a list of internal services to be presented to the external world. Creating these lists is a four-step process: 1.
Multiple Network Address Translation (MultiNAT) 11-9 IP setup To access the NAT configuration screens, from the Main Menu navigate to IP Setup: Main Menu System Configuration Network Protocols Setup IP Setup Ethernet IP Address: Ethernet Subnet Mask: Define Additional Subnets... 192.168.1.1 255.255.255.0 Default IP Gateway: 0.0.0.0 Primary Domain Name Server: 0.0.0.0 Domain Name: isp.com Receive RIP: Transmit RIP: Static Routes...
11-10 User’s Reference Guide The Network Address Translation screen appears. Network Address Translation Add Public Range... Show/Change Public Range... Delete Public Range... Add Map List... Show/Change Map List... Delete Map List... Add Server List... Show/Change Server List... Delete Server List... NAT Associations... Return/Enter to configure IP Address redirection. Public Range defines an external address range and indicates what type of mapping to apply when using this range.
Multiple Network Address Translation (MultiNAT) 11-11 The Add NAT Public Range screen appears. Add NAT Public Range Range Name: my_first_range Type... pat Public Address: 206.1.1.6 First Public Port: 49152 Last Public Port: 65535 ADD NAT PUBLIC RANGE CANCEL ■ Select Range Name and give a descriptive name to this range. ■ Select Type and from the pop-up menu, assign its type. Options are static, dynamic, or pat (the default).
11-12 User’s Reference Guide Add NAT Map List Map List Name: my_map Add Map... ■ Select Map List Name and enter a descriptive name for this map list. A new menu item, Add Map, appears. ■ Select Add Map and press Return. The Add NAT Map screen appears. Add NAT Map ("my_map") First Private Address: 192.168.1.1 Last Private Address: 192.168.1.254 Use NAT Public Range...
Multiple Network Address Translation (MultiNAT) 11-13 Add NAT Map ("my_map") +-Public Address Range------------Type----Name-------------+ +----------------------------------------------------------+ | 0.0.0.0 -pat Easy-PAT | | 206.1.1.6 -pat my_first_range | | 206.1.1.1 206.1.1.2 static my_second_range | | <
11-14 User’s Reference Guide Modifying map lists You can make changes to an existing map list after you have created it. Since there may be more than one map list you must select which one you are modifying. From the Network Address Translation screen select Show/Change Map List and press Return. ■ Select the map list you want to modify from the pop-up menu.
Multiple Network Address Translation (MultiNAT) 11-15 ■ Add Map allows you to add a new map to the map list. ■ Show/Change Maps allows you to modify the individual maps within the list. ■ Delete Map allows you to delete a map from the list. ■ Move Map allows you to change the priority order in which the map is evaluated within the list. See Moving maps on page 11-16. Selecting Show/Change Maps, Delete Map, or Move Map displays the same pop-up menu.
11-16 User’s Reference Guide Make any modifications you need and then select CHANGE NAT MAP and press Return. Your changes will become effective and you will be returned to the Show/Change NAT Map List screen. Moving maps The Move Maps screen permits reordering the priority of maps in a map list. Since the maps are read from top to bottom, those at the top have the highest priority and those at the bottom have the lowest.
Multiple Network Address Translation (MultiNAT) 11-17 Show/Change NAT Map List +---Private Address Range---------Type----Public Address Range------------+ +-------------------------------------------------------------------------+ | 192.168.1.2 192.168.1.252 dynamic 206.1.1.3 206.1.1.252 | | 192.168.1.252 192.168.1.253 static 206.1.1.1 206.1.1.2 | | 192.168.1.1 192.168.1.251 pat 206.1.1.
11-18 User’s Reference Guide Adding Server Lists Server lists, also known as Exports, are handled similarly to map lists. If you want to make a particular server’s port accessible (and it isn’t accessible through other means, such as a static mapping), you must create a server list. Select Add Server List from the Network Address Translation screen. The Add NAT Server List screen appears. Add NAT Server List Server List Name: my_servers Add Server...
Multiple Network Address Translation (MultiNAT) 11-19 ■ Select Add Server and press Return. The Add NAT Server screen appears. Add NAT Server ("my_servers") Service... ■ Server Private IP Address: 192.168.1.45 Public IP Address: 206.1.1.1 ADD NAT SERVER CANCEL Select Service and press Return. A pop-up menu appears listing a selection of commonly exported services. Add NAT Server ("my_servers") +-Type------Port(s)-------+ +-------------------------+ Service...
11-20 User’s Reference Guide Other Exported Port First Port Number (1..65535): 31337 Last Port Number (1..65535): 31337 OK ■ ■ CANCEL Enter the First and Last Port Number between ports 1 and 65535. Select OK and press Return. You will be returned to the Add NAT Server screen. Enter the Server Private IP Address of the server whose service you are exporting.
Multiple Network Address Translation (MultiNAT) 11-21 Modifying server lists Once a server list exists, you can select it for modification or deletion. ■ Select Show/Change Server List from the Network Address Translation screen. ■ Select the Server List Name you want to modify from the pop-up menu and press Return. Network Address Translation +-NAT Server List Name-+ +----------------------+ A| my_servers | S| |.. D| | | | A| | S| | D| | | | A| | S| |.
11-22 User’s Reference Guide ■ Selecting Show/Change Server or Delete Server displays the same pop-up menu. Show/Change NAT Server List +-Private Address--Public Address----Port------------+ +----------------------------------------------------+ Se| 192.168.1.254 206.1.1.6 smtp | | 192.168.1.254 206.1.1.5 smtp | | 192.168.1.254 206.1.1.4 smtp | Ad| 192.168.1.254 206.1.1.3 smtp | | 192.168.1.254 206.1.1.
Multiple Network Address Translation (MultiNAT) 11-23 Deleting a server To delete a server from the list, select Delete Server from the Show/Change NAT Server List menu and press Return. A pop-up menu lists your configured servers. Select the one you want to delete and press Return. A dialog box asks you to confirm your choice. Show/Change NAT Server List +-Internal Address-External Address--Port------------+ +----------------------------------------------------+ Se| 192.168.1.254 206.1.1.
11-24 User’s Reference Guide Binding Map Lists and Server Lists Once you have created your map lists and server lists, for most Netopia Router models you must bind them to a profile, either a Connection Profile or the Default Profile.
Multiple Network Address Translation (MultiNAT) 11-25 ■ Select NAT Map List and press Return. A pop-up menu displays a list of your defined map lists. IP Profile Parameters +--NAT Map List Name---+ +----------------------+ Address Trans| Easy-PAT |s IP Addressing| my_map |mbered | <> | NAT Map List.| |sy PAT NAT Server Li| | | | Local WAN IP | | | | Remote IP Add| |7.0.0.2 Remote IP Mas| |5.255.255.255 | | Filter Set...
11-26 User’s Reference Guide IP Parameters (WAN Default Profile) The Netopia R6000 Series Routers support a WAN default profile that permits several parameters to be configured without an explicitly configured Connection Profile. The procedure is similar to the procedure to bind map lists and server lists to a Connection Profile. From the Main Menu go to the WAN Configuration screen, then the Default Profile screen. Select IP Parameters and press Return.
Multiple Network Address Translation (MultiNAT) 11-27 ■ Select NAT Map List and press Return. A pop-up menu displays a list of your defined map lists. IP Parameters (Default Profile) +--NAT Map List Name---+ +----------------------+ | Easy-PAT List | | my_map | Address Trans| <> |s | | NAT Map List.| | NAT Server Li| | | | Filter Set (F| | Remove Filter| | | | Receive RIP: | |th | | | | | | | | | | +----------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
11-28 User’s Reference Guide NAT Associations Configuration of map and server lists alone is not sufficient to enable NAT for a WAN connection because map and server lists must be linked to a profile that controls the WAN interface. This can be a Connection Profile, a WAN Ethernet interface, a default profile, or a default answer profile. Once you have configured your map and server lists, you may want to reassign them to different interface-controlling profiles, for example, Connection Profiles.
Multiple Network Address Translation (MultiNAT) 11-29 keys. Select the item by pressing Return to display a pop-up menu of all of your configured lists.
11-30 User’s Reference Guide MultiNAT Configuration Example To help you understand a typical MultiNAT configuration, this section describes an example of the type of configuration you may want to implement on your site. The values shown are for example purposes only. Make your own appropriate substitutions. A typical SDSL service from an ISP might include five user addresses. Without PAT, you might be able to attach only five IP hosts.
Multiple Network Address Translation (MultiNAT) 11-31 Enter your ISP-supplied values as shown below. Connection Profile 1: Easy Setup Profile Connection Profile Name: Easy Setup Profile Address Translation Enabled: IP Addressing... Yes Numbered Local WAN IP Address: Local WAN IP Mask: 206.1.1.6 255.255.255.248 PREVIOUS SCREEN NEXT SCREEN Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx). Enter basic information about your WAN connection with this screen.
11-32 User’s Reference Guide Select Show/Change Public Range, then Easy-PAT Range, and press Return. Enter the value your ISP assigned for your public address (206.1.1.6, in this example). Toggle Type to pat. Your public address is then mapped to the remaining private IP addresses using PAT. (If you were not using the Easy-PAT Range and Easy-PAT List that are created by default by using Easy Setup, you would have to define a public range and map list.
Multiple Network Address Translation (MultiNAT) 11-33 Select ADD NAT PUBLIC RANGE and press Return. You are returned to the Network Address Translation screen. Next, select Show/Change Map List and choose Easy-PAT List. Select Add Map. The Add NAT Map screen appears. (Now the name Easy-PAT List is a misnomer since it has a static map included in its list.) Enter in 192.168.1.1 for the First Private Address and 192.168.1.5 for the Last Private Address.
11-34 User’s Reference Guide To make these changes, first limit the range of remapped addresses on the Static Map and then edit the default server list called Easy-Servers. ■ First, navigate to the Show/Change Map List screen, select Easy-PAT List and then Show/Change Maps. Choose the Static Map you created and change the First Private Address from 192.168.1.1 to 192.168.1.4.
IPX Setup 12-1 Chapter 12 IPX Setup Internetwork Packet Exchange (IPX) is the network protocol used by Novell NetWare networks. This chapter shows you how to configure the Netopia R6000 Series for routing data using IPX. You also learn how to configure the router to serve IPX network addresses.
12-2 User’s Reference Guide IPX address An IPX address consists of a network number, a node number, and a socket number. An IPX network number is composed of eight hexadecimal digits. The network number must be the same for all nodes on a particular physical network segment. The node number is composed of twelve hexadecimal digits and is usually the hardware address of the interface card. The node number must be unique inside the particular IPX network.
IPX Setup 12-3 The following is a list of common SAP server types: Unknown 0000h Print Queue 0003h File Server 0004h Job Server 0005h Print Server 0007h Archive Server 0009h Remote Bridge Server 0024h Advertising Print Server 0047h Reserved Up To 8000h NetBIOS NetBIOS is a protocol that performs tasks related to the Transport and Session layers of the OSI model. It can operate over IPX using a special broadcast packet known as “IPX Packet type 20” to communicate with IPX NetBIOS servers.
12-4 User’s Reference Guide Before changing any of the settings in this screen, consult your network administrator for the IPX setup information you will need. Changes made in this screen will take effect only after the Netopia R6000 Series is reset. To go to the IPX Setup screen, from the Main Menu select System Configuration and then select Network Protocols Setup and then select IPX Setup.
IPX Setup 12-5 To attach a SAP filter set, first define the filter set using the Filters and Filter Sets option (see step 8 below). Then select the filter set from the Ethernet Incoming SAP Filter Set pop-up menu. To detach the filter set, select Detach Filter Set. 7. Select Default Gateway Address and enter the network address of the IPX network to which all packets of unknown destination address should be routed.
12-6 User’s Reference Guide
AppleTalk Setup 13-1 Chapter 13 AppleTalk Setup This chapter discusses the concept of AppleTalk routing and how to configure AppleTalk setup for a Netopia R6000 Series with the AppleTalk kit installed. AppleTalk support is available as a separate kit for the Netopia R6000 Series ADSL Router. Skip this chapter if you do not have the AppleTalk kit.
13-2 User’s Reference Guide If the cabling of your network were a street system, then a node address would correspond to a building’s street address. But node addresses are not permanent. Each AppleTalk device determines its node address at startup. Although a Macintosh that is starting up will try to use its previous address, the address will often be different upon restart.
AppleTalk Setup 13-3 MacIP When Macintosh computers encapsulate TCP/IP packets in AppleTalk, because they are either on LocalTalk or EtherTalk, they must use the services of a MacIP gateway. This gateway converts network traffic into the correct format for AppleTalk or IP, depending on the traffic’s destination. Setting up MacIP involves enabling the feature and optionally setting up a range of addresses to be static.
13-4 User’s Reference Guide It is important to set the Netopia R6000 Series’s seeding action to work best in your particular network environment. These scenarios may guide you in deciding how to set the router’s seeding: ■ If the Netopia R6000 Series is the only router on your network, you must set it to either hard seeding or soft seeding. The default is soft seeding.
AppleTalk Setup 13-5 Main Menu System Configuration Upgrade Feature Set The Netopia Feature Set Upgrade screen appears. Netopia Feature Set Upgrade You may be able to extend the features of your Netopia by purchasing a 'Software Upgrade'. For a list of available upgrades, please see the release notes that came with your Netopia or visit the Netopia Communications web site at www.netopia.com.
13-6 User’s Reference Guide Configuring AppleTalk AppleTalk setup for Netopia R6000 Seriess consists of configuring EtherTalk, LocalTalk, and AURP. EtherTalk setup In the System Configuration screen, select Network Protocols Setup and then select AppleTalk Setup. Select EtherTalk Phase ll Setup and press Return. EtherTalk Phase II Setup EtherTalk Phase II Enabled: Show Zones... Enter New Zone Name: Delete Zone Name... Set Default Zone... Net Low: Net Hi: Seeding...
AppleTalk Setup 13-7 AppleTalk nodes will appear. If you do not set a default zone, the first zone you create will be the default zone. ■ You can also set the range of EtherTalk Phase II network numbers. Select Net Low and enter the lower limit of the network number range. Select Net High and enter the upper limit of the range. ■ Select the Seeding pop-up menu and choose the seeding method for the Netopia R6000 Series to use. (See “Routers and seeding” on page 13-3).
13-8 User’s Reference Guide If another router is already present on the LocalTalk network that you will be connecting to the Netopia R6000 Series, use the zone name and network number used by that router for that LocalTalk network. Otherwise, your LocalTalk network may experience routing conflicts. As an alternative, you can set LocalTalk seeding to soft seeding and let the Netopia R6000 Series receive the zone name and network number from the other router.
AppleTalk Setup 13-9 Example: Site A has an AURP tunnel to site B. Both sites have multiple zones defined on the EtherTalk port and a unique zone on their LocalTalk ports. If side A has indicated that one of its EtherTalk zones is the Free Trade Zone and has opted to use the Free Trade Zone option for its tunnel to B, then only this Free Trade Zone will show up on side B and only those machines or services in the Free Trade Zone will be accessible to side B. All of side A will be able to see all of side B.
13-10 User’s Reference Guide Change AURP Partner Partner IP Address or Domain Name: 176.163.8.134 Initiate Connection: No Restrict to Free Trade Zone: No The Change AURP Partner screen has all the values you entered when you added that partner. All of these values may be modified in this screen. Deleting an AURP partner ■ To delete an AURP partner, in the AURP Setup screen select Delete Partner and press Return. A table of existing partners appears.
AppleTalk Setup 13-11 AURP Options Tickle Interval (HH:MM:SS): Update Interval (HH:MM:SS): 00:00:00 00:00:30 Enable Network Number Remapping: Yes Remap into Range From: To: 4096 32768 Cluster Remote Networks: No Enable Hop-Count Reduction: No Return accepts * ESC cancels * Left/Right moves insertion point * Del deletes. ■ Select Tickle Interval (HH:MM:SS) and set the timer to indicate how often a tickle or “Are you still there” packet will be sent to the remote AppleTalk network.
13-12 User’s Reference Guide When network number remapping is enabled, you must choose a safe range of network numbers as a destination for the remapping. A safe range of network numbers does not intersect your local AppleTalk network’s range of network numbers. ■ To choose a destination range for the remapping, select From under Remap into Range and enter a starting value. Then select To and enter an ending value.
Monitoring Tools 14-1 Chapter 14 Monitoring Tools This chapter discusses the Netopia R6000 Series’s device and network monitoring tools. These tools can provide statistical information, report on current network status, record events, and help in diagnosing and locating problems.
14-2 User’s Reference Guide General status Quick View Default IP Gateway: 0.0.0.0 Domain Name Server: 0.0.0.0 Domain Name: netopia.com CPU Load: 5% 9/5/2000 02:41:39 PM Unused Memory: 602 KB ----------------MAC Address--------IP Address-------IPX Address--------------Ethernet Hub: 00-00-c5-70-03-48 192.168.1.1 ADSL WAN1: 00-00-c5-70-03-4a 0.0.0.
Monitoring Tools 14-3 Current status The current status section is a table showing the current status of the WAN. For example: Current DSL Status ---Profile Name------State---%Use-Remote Address----Est.-More Info---------ISP P1 10 IP 92.163.4.1 Lcl NAT 192.163.100.6 Profile Name: Lists the name of the connection profile being used, if any. State: Lists the ports in use for this connection. %Use: Indicates the average percent utilization of the maximum capacity of the channels in use for the connection.
14-4 User’s Reference Guide Statistics & Logs Main Menu Statistics & Logs • General Statistics When you are troubleshooting your Netopia R6000 Series, the Statistics & Logs screens provide insight into the recent event activities of the router. From the Main Menu go to Statistics & Logs and select one of the options described in the sections below. General Statistics To go to the General Statistics screen, select General Statistics and press Return. The General Statistics screen appears.
Monitoring Tools 14-5 Physical Interface The top left side of the screen lists total packets received and total packets transmitted for the following data ports: ■ Ethernet Hub ■ Aux Async or LocalTalk (if the optional AppleTalk feature set is installed) ■ ADSL 1 Network Interface The bottom left side of the screen lists total packets received and total packets transmitted for the following protocols: ■ IP (IP packets on the Ethernet) ■ IPX (IPX packets on the Ethernet) if IPX is enabled ■ AppleT
14-6 User’s Reference Guide Main Menu Statistics & Logs • WAN Event History • Device Event History WAN Event History The WAN Event History screen lists a total of 128 events on the WAN. The most recent events appear at the top. WAN Event History Current Date -- 12/3/98 03:02:23 PM -Date-----Time-----Event---------------------------------------------------------------------------------------SCROLL UP----------------------------------07/03/98 13:59:06 DSL: IP up, channel 1, gateway: 173.166.107.
Monitoring Tools 14-7 To clear the event history, select Clear History at the bottom of the history screen and press Return. Device Event History The Device Event History screen lists a total of 128 port and system events, giving the time and date for each event, as well as a brief description. The most recent events appear at the top. In the Statistics & Logs screen, select Device Event History. The Device Event History screen appears.
14-8 User’s Reference Guide Statistics & Logs WAN Event History... Device Event History... IP Routing Table... IPX Routing Table... IPX SAP Bindery Table... AppleTalk Routing Table... Served IP Addresses... General Statistics... System Information... IP routing table In the Statistics & Logs screen, select IP Routing Table and press Return. The IP routing table displays all of the IP routes currently known to the Netopia R6000 Series.
Monitoring Tools 14-9 IPX Sap Bindery table In the Statistics & Logs screen, select IPX Sap Bindery Table and press Return. The IPX Sap Bindery table displays all of the IPX Sap Bindery routes currently known to the Netopia R6000 Series. AppleTalk routing table In the Statistics & Logs screen, select AppleTalk Routing Table and press Return. An AT Routing Table similar to the one shown below will appear.
14-10 User’s Reference Guide Next Rtr Addr.: Displays the DDP or IP address of the next hop for the specified route. A DDP address is displayed if the router shown is on the local AppleTalk network. DDP address means that a connection to the next-hop router is by a native AppleTalk network (e.g., LocalTalk or EtherTalk Phase II). An IP address is displayed if the Netopia R6000 Series is connected to the router shown using AURP. IP address means a connection transports over AURP (AppleTalk encapsulated IP).
Monitoring Tools 14-11 The IP Address Lease Management screen appears. IP Address Lease Management Reset All Leases Release BootP Leases Reclaim Declined Addresses Hit RETURN/ENTER, you will return to the previous screen. This screen has three options: ■ Reset All Leases: Resets all current IP addresses leased through DHCP without waiting for the default one–hour lease period to elapse ■ Release BootP Leases: Releases any BootP leases that may be in place and which may no longer be required.
14-12 User’s Reference Guide System Information The System Information screen gives a summary view of the general system level values in the Netopia R6000 Series ADSL Router. From the Statistics & Logs menu select System Information. The System Information screen appears. System Information Serial Number Firmware Version 70-03-48 (7340872) 4.
Monitoring Tools 14-13 For SNMP management, the latest Netopia MIB is modified so that old leaves have been renamed generically. The following table shows the old and new names.
14-14 User’s Reference Guide 1. Select System Name and enter a descriptive name for the Netopia R6000 Series’s SNMP agent. 2. Select System Location and enter the router’s physical location (room, floor, building, etc.). 3. Select System Contact and enter the name of the person responsible for maintaining the router.
Monitoring Tools 14-15 ■ A cold start trap is generated after the router is reset. ■ An interface down trap (ifDown) is generated when one of the router’s interfaces, such as a port, stops functioning or is disabled. ■ An interface up trap (ifUp) is generated when one of the router’s interfaces, such as a port, begins functioning. The Netopia R6000 Series sends traps using UDP (for IP networks). You can specify which SNMP managers are sent the IP traps generated by the Netopia R6000 Series.
14-16 User’s Reference Guide 2. Select an IP trap receiver from the table and press Return. 3. In the Change IP Trap Receiver screen, edit the information as needed and press Return. Deleting IP trap receivers 1. To delete an IP trap receiver, select Delete IP Trap Receiver in the IP Trap Receivers screen. 2. Select an IP trap receiver from the table and press Return. 3. In the dialog box, select Continue and press Return.
Monitoring Tools 14-17 It displays useful general information about your router: Ethernet Address: The router’s hardware or MAC address Firmware Version: The router’s model number and current firmware revision level Current Date: The current date and time, as you have configured them IP Address: The router’s internal IP address IPX Network Address: The router’s IPX network address, if you have it enabled and are on an IPX network The display contains two frames, a navigation frame on the left and the inform
14-18 User’s Reference Guide WAN Event History page You can refresh the WAN Event History log by clicking the update this page link.
Monitoring Tools 14-19 Device Event History page You can refresh the Device Event History log by clicking the update this page link.
14-20 User’s Reference Guide
Virtual Private Networks (VPN) 15-1 Chapter 15 Virtual Private Networks (VPN) The Netopia R6000 Series offers both PPTP and ATMP tunneling support for Virtual Private Networks (VPN).
15-2 User’s Reference Guide Tunneling is a process of creating a private path between a remote user or private network and another private network over some intermediate network, such as the IP-based Internet. A VPN allows remote offices or employees access to your internal business LAN through means of encryption allowing the use of the public Internet to look “virtually” like a private secure network.
Virtual Private Networks (VPN) 15-3 Profiles. It also accelerates PPTP MMPE, ATMP DES, and PPP LZS. When used to initiate the tunnelled connection, the Netopia Router is called a PPTP Access Concentrator (PAC, in PPTP language) or a foreign agent (in ATMP language). When used to answer the tunnelled connection, the Netopia Router is called a PPTP Network Server (PNS, in PPTP language) or a home agent (in ATMP language).
15-4 User’s Reference Guide About PPTP Tunnels To set up a PPTP tunnel, you create a Connection Profile including the IP address and other relevant information for the remote PPTP partner. You use the same procedure to initiate a PPTP tunnel that terminates at a remote PPTP server or to terminate a tunnel initiated by a remote PPTP client. PPTP configuration To set up the router as a PPTP Network Server (PNS) capable of answering PPTP tunnel requests you must also configure the VPN Default Answer Profile.
Virtual Private Networks (VPN) 15-5 When you define a Connection Profile as using PPTP by selecting PPTP as the datalink encapsulation method, and then select Data Link Options, the PPTP Tunnel Options screen appears. PPTP Tunnel Options PPTP Partner IP Address: Tunnel Via Gateway: 173.167.8.134 0.0.0.0 Data Compression... Authentication...
15-6 User’s Reference Guide itself a compression protocol. Note: The Netopia R6000 Series Routers support 128-bit (“strong”) encryption and MS-CHAP Version 2. Unlike MS-CHAP version 1, which supports one-way authentication, MS-CHAP version 2 supports mutual authentication between connected routers and is incompatible with MS-CHAP version 1 (MS-CHAP-V1). When you choose MS-CHAP as the authentication method for the PPTP tunnel, the Netopia Router will start negotiating MS-CHAP-V2.
Virtual Private Networks (VPN) 15-7 The IP Profile Parameters screen appears. IP Profile Parameters Address Translation Enabled: Yes NAT Map List... NAT Server List... Easy-PAT Easy-Servers Local WAN IP Address: 0.0.0.0 Remote IP Address: Remote IP Mask: 173.167.8.10 255.255.0.0 Filter Set... Remove Filter Set Receive RIP: Both Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx). ■ Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel.
15-8 User’s Reference Guide MS-CHAP V2 and strong encryption Notes: ■ The Netopia R6000 Series supports 128-bit (“strong”) encryption. If the router you are connecting to does not support 128-bit encryption the Netopia Router will default to 40-bit encryption. ■ Unlike MS-CHAP version 1, which supports one-way authentication, MS-CHAP version 2 supports mutual authentication between connected routers and is incompatible with MS-CHAP version 1 (MS-CHAP-V1).
Virtual Private Networks (VPN) 15-9 The Add Connection Profile screen appears. Add Connection Profile Profile Name: Profile Enabled: Data Link Encapsulation... IP Enabled: IP Profile Parameters... Profile 1 +-------------+ +-------------+ | PPP | | RFC1483 | | ATMP | | PPTP | | IPsec | +-------------+ Interface Group... Primary COMMIT CANCEL ■ From the Data Link Encapsulation pop-up menu select IPsec. ■ Then select Data Link Options. The IPsec Encryption & Authentication Options screen appears.
15-10 User’s Reference Guide IPsec Encryption & Authentication Options Encryption Encryption Encryption Encryption Transform... Key 1: Key 2: Key 3: 3DES Authentication Type... ESP Authentication Transform... HMAC-MD5-96 Authentication Key: ******************************** Compression Type... COMMIT None CANCEL ■ You must enter an Encryption Key or keys if the Encryption Transform is DES or 3DES. The key for DES must be a hexadecimal entry of eight bytes (16 bytes of input).
Virtual Private Networks (VPN) 15-11 IP Profile Parameters The following IP Profile Options screen is displayed for an IPsec Connection Profile. IP Profile Options SPI (Security Parameters Index): 123456789 Remote Tunnel Endpoint Address: Remote Members Network: Remote Members Mask: 0.0.0.0 0.0.0.0 0.0.0.0 Address Translation Enabled: NAT Map List... NAT Server List... PAT IP Address: Yes Easy-PAT List Easy-Servers 1.1.1.1 Filter Set... Remove Filter Set <> Advanced IP Profile Options...
15-12 User’s Reference Guide ■ You can remove a Filter Set. ■ You can choose to configure Advanced IP Profile Options (see “Advanced IP Profile Options,” in the following section). Note: The SPI title field above changes to SPI (Security Parameters Index) -- Use Advanced IP Profile Options if any of the SPI values differ from each other.
Virtual Private Networks (VPN) 15-13 VPN Default Answer Profile The WAN Configuration menu offers a VPN Default Answer Profile option. Use this selection when your router is acting as the server for VPN connections, that is, when you are on the answering end of the tunnel establishment. The VPN Default Answer Profile determines the way the attempted tunnel connection is answered. WAN Configuration WAN (Wide Area Network) Setup... Display/Change Connection Profile... Add Connection Profile...
15-14 User’s Reference Guide default) if you do not. This applies to both ATMP and PPTP connections. ■ For PPTP tunnel connections only, you must define what type of authentication these connections will use. Select Receive Authentication and press Return. A pop-up menu offers the following options: PAP (the default), CHAP, or MS-CHAP. ■ If you chose PAP or CHAP authentication, from the Data Compression pop-up menu select either None (the default) or Standard LZS.
Virtual Private Networks (VPN) 15-15 VPN QuickView You can view the status of your VPN connections in the VPN QuickView screen. From the Main Menu select QuickView and then VPN QuickView. Main Menu QuickView VPN QuickView The VPN QuickView screen appears. VPN Quick View Profile Name----------Type--Rx Pckts--Tx Pckts------Est.-Partner Address-----HA <-> FA1 (Jony Fon ATMP 99 99 Rmt 173.166.82.8 HA <-> FA3 (Sleve M. ATMP 13 14 Rmt 63.193.117.91 My IPsec Tunnel IPsec 23 12 123.123.123.
15-16 User’s Reference Guide This section is provided for users who may require the VPN client software for Dial-Up Networking in order to connect to an ISP who provides a PPTP account. Microsoft Windows Dial-Up Networking (DUN) is the means by which you can initiate a VPN tunnel between your individual remote client workstation and a private network such as your corporate LAN via the Internet. DUN is a software adapter that allows you to establish a tunnel.
Virtual Private Networks (VPN) 15-17 This returns you to the Windows Setup screen. Click the OK button. 6. Respond to the prompts to install Dial-Up Networking from the system disks or CD-ROM. 7. When prompted, reboot your PC. Creating a new Dial-Up Networking profile A Dial-Up Networking profile is like an address book entry that contains the information and parameters you need for a secure private connection.
15-18 User’s Reference Guide From the Type of Dial-up Server pull-down menu select the appropriate type of server for your system version: ■ Windows 95 users select PPP: Windows 95, Windows NT 3.5, Internet ■ Windows 98 users select PPP: Windows 98, Windows NT Server, Internet In the Allowed network protocols area check TCP/IP and uncheck all of the other checkboxes. Note: Netopia’s PPTP implementation does not currently support tunnelling of IPX and NetBEUI protocols. 4. 5.
Virtual Private Networks (VPN) 15-19 Installing the VPN Client Before installing the VPN Client you must have TCP/IP installed and have an established Internet connection. Windows 95 VPN installation 1. From your Internet browser navigate to the following URL: http://www.microsoft.com/NTServer/nts/downloads/recommended/dunl3win95/releasenotes.aso Download the Microsoft Windows 95 VPN patch dun 1.3 to the Windows 95 computer you intend to use as a VPN client with PPTP.
15-20 User’s Reference Guide 3. Click the Windows Setup tab. The Windows Setup screen will be displayed within the top center box. 4. Double-click Communications. This displays a list of possible selections for the communications option. Active components will have a check in the checkboxes to their left. 5. Check Dial Up Networking at the top of the list and Virtual Private Networking at the bottom of the list. 6. Click OK at the bottom right on each screen until you return to the Control Panel.
Virtual Private Networks (VPN) 15-21 ATMP configuration ATMP is a Datalink Encapsulation option in Connection Profiles. It is not an option in device or link configuration screens, since ATMP is not a native encapsulation. The Easy Setup Profile does not offer ATMP datalink encapsulation. See “Creating a New Connection Profile” on page 8-11 for information on creating Connection Profiles.
15-22 User’s Reference Guide When you define a Connection Profile as using ATMP by selecting ATMP as the datalink encapsulation method, and then select Data Link Options, the ATMP Tunnel Options screen appears. ATMP Tunnel Options ATMP Partner IP Address: Tunnel Via Gateway: 173.167.8.134 0.0.0.0 Network Name: Password: sam.net **** Data Encryption... Key String: DES Initiate Connections: On Demand: Yes Yes Idle Timeout (seconds): 300 Enter an IP address in decimal and dot form (xxx.xxx.xxx.xxx).
Virtual Private Networks (VPN) 15-23 Note: Ascend does not support DES encryption for ATMP tunnels. ■ You must specify an 8-byte Key String when DES is selected. When encryption is None, this field is invisible. ■ You can specify that this router will Initiate Connections, acting as a foreign agent (Yes), or only answer them, acting as a home agent (No). ■ Tunnels are normally initiated On Demand; however, you can disable this feature.
15-24 User’s Reference Guide Allowing VPNs through a Firewall An administrator interested in securing a network will usually combine the use of VPNs with the use of a firewall or some similar mechanism. This is because a VPN is not a complete security solution, but rather a component of overall security. Using a VPN will add security to transactions carried over a public network, but a VPN alone will not prevent a public network from infiltrating a private network.
Virtual Private Networks (VPN) 15-25 PPTP example To enable a firewall to allow PPTP traffic, you must provision the firewall to allow inbound and outbound TCP packets specifically destined for port 1723. The source port may be dynamic, so often it is not useful to apply a compare function upon this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets, enabling transport of the tunnel payload.
15-26 User’s Reference Guide For Input Filter 2 set the Protocol Type to allow GRE as shown below. Change Input Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: GRE In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.
Virtual Private Networks (VPN) 15-27 For Output Filter 2 set the Protocol Type to allow GRE as shown below. Change Output Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.
15-28 User’s Reference Guide ATMP example To enable a firewall to allow ATMP traffic, you must provision the firewall to allow inbound and outbound UDP packets specifically destined for port 5150. The source port may be dynamic, so often it is not useful to apply a compare function on this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets (Protocol 47, Internet Assigned Numbers Document, RFC 1700), enabling transport of the tunnel payload.
Virtual Private Networks (VPN) 15-29 For Input Filter 2 set the Protocol Type to allow GRE as shown below. Change Input Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: GRE In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.
15-30 User’s Reference Guide For Output Filter 2 set the Protocol Type to allow GRE as shown below. Change Output Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.
Security 16-1 Chapter 16 Security The Netopia R6000 Series provides a number of security features to help protect its configuration screens and your local network from unauthorized access. Although these features are optional, it is strongly recommended that you use them.
16-2 User’s Reference Guide However, by adding user accounts, you can protect the most sensitive screens from unauthorized access. User accounts are composed of name/password combinations that can be given to authorized users. Caution! You are strongly encouraged to add protection to the configuration screens. Unprotected screens could allow an unauthorized user to compromise the operation of your entire network.
Security 16-3 When you enter your password, you are prompted to confirm it by re-entering it in a pop-up window.
16-4 User’s Reference Guide To add a new user account, select Add User in the Security Options screen and press Return. The Add Name With Write Access screen appears. Add Name With Write Access Enter Name: Enter Password (11 characters max): ADD NAME/PASSWORD NOW CANCEL Follow these steps to configure the new account: 1. Select Enter Name and enter a descriptive name (for example, the user’s first name). 2. Select Enter Password and enter a password. 3.
Security 16-5 RADIUS Client Support The Netopia R6000 Series Routers implement a Remote Authentication Dial-In User Service (RADIUS) client (RFC 2138) and adds the ability to authenticate console configuration access using a RADIUS server. This feature is strictly for console menu access authentication only and is not intended for WAN connectivity access authentication. Firmware versions earlier than 4.8 use a local console authentication database consisting of between one and four username/password pairs.
16-6 User’s Reference Guide Security Options Enable Dial-in Console Access: Yes Enable SmartStart/Web Server: Yes Enable Telnet Console Access: Enable Telnet Access to SNMP Screens: Console Access timeout (seconds): Yes Yes 600 Show Users... Add User... Delete User... Advanced Security Options... Password for This Screen (11 chars max): Set up configuration access options here. If you select Advanced Security Options and press Return, the Advanced Security Options screen appears.
Security 16-7 authentication database, and then, if that fails using the configured RADIUS server. Note: In the latter two modes that involve both RADIUS and the local database, if the local database includes no username/password pairs, authentication will succeed only if the RADIUS server authenticates the user. This differs from the Local Only mode where no authentication is performed when the local database is empty.
16-8 User’s Reference Guide Advanced Security Options +---------------------------------------------------------------+ +---------------------------------------------------------------+ | | | You have no local passwords defined. If you continue you will | | be unable to configure this device unless a Radius Server is | | available to authenticate you.
Security 16-9 Telnet Access Telnet is a TCP/IP service that allows remote terminals to access hosts on an IP network. The Netopia R6000 Series supports Telnet access to its configuration screens. Caution! You should consider password-protecting or restricting Telnet access to the Netopia R6000 Series if you suspect there is a chance of tampering. To password-protect the configuration screens, select Easy Setup from the Main Menu, and go to the Easy Setup Security Configuration screen.
16-10 User’s Reference Guide Each inspector has a specific task. One inspector’s task may be to examine the destination address of all outgoing packages. That inspector looks for a certain destination—which could be as specific as a street address or as broad as an entire country—and checks each package’s destination address to see if it matches that destination. TOR INSPEC ED ROV APP FROM: FROM: TO: FROM: TO: TO: A filter inspects data packets like a customs inspector scrutinizing packages.
Security 16-11 If the package does not match the first inspector’s criteria, it goes to the second inspector, and so on. You can see that the order of the inspectors in the line is very important. For example, let’s say the first inspector’s orders are to send along all packages that come from Rome, and the second inspector’s orders are to reject all packages that come from France. If a package arrives from Rome, the first inspector sends it along without allowing the second inspector to see it.
16-12 User’s Reference Guide Parts of a filter A filter consists of criteria based on packet attributes.
Security 16-13 Port number comparisons A filter can also use a comparison option to evaluate a packet’s source or destination port number. The comparison options are: No Compare: No comparison of the port number specified in the filter with the packet’s port number. Not Equal To: For the filter to match, the packet’s port number cannot equal the port number specified in the filter. Less Than: For the filter to match, the packet’s port number must be less than the port number specified in the filter.
16-14 User’s Reference Guide Putting the parts together When you display a filter set, its filters are displayed as rows in a table: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ | 1 192.211.211.17 0.0.0.0 TCP 0 23 Yes No | | 2 0.0.0.0 0.0.0.0 TCP NC =6000 Yes No | | 3 0.0.0.0 0.0.0.0 ICMP --Yes Yes | | 4 0.0.0.0 0.0.0.0 TCP NC >1023 Yes Yes | | 5 0.0.0.0 0.0.0.
Security 16-15 Filtering example #1 Returning to our filtering rule example from above (see page 16-11), look at how a rule is translated into a filter. Start with the rule, then fill in the filter’s attributes: 1. The rule you want to implement as a filter is: Block all Telnet attempts that originate from the remote host 199.211.211.17. 2. The host 199.211.211.17 is the source of the Telnet packets you want to block, while the destination address is any IP address.
16-16 User’s Reference Guide +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ | 1 200.233.14.0 0.0.0.0 0 Yes No | | | +----------------------------------------------------------------------+ This filter blocks any packets coming from a remote network with the IP network address 200.233.14.0. The 0 at the end of the address signifies any host on the class C IP network 200.233.14.0.
Security 16-17 An approach to using filters The ultimate goal of network security is to prevent unauthorized access to the network without compromising authorized access. Using filter sets is part of reaching that goal. Each filter set you design will be based on one of the following approaches: ■ That which is not expressly prohibited is permitted. ■ That which is not expressly permitted is prohibited.
16-18 User’s Reference Guide 3. View, change, or delete individual filters and filter sets. The sections below explain how to execute these steps. Adding a filter set You can create up to eight different custom filter sets. Each filter set can contain up to 16 output filters and up to 16 input filters. To add a new filter set, select Add IP Filter Set in the IP Filter Sets screen and press Return. The Add Filter Set screen appears.
Security 16-19 Input and output filters—source and destination There are two kinds of filters you can add to a filter set: input and output. Input filters check packets received from the Internet, destined for your network. Output filters check packets transmitted from your network to the Internet.
16-20 User’s Reference Guide Add Input Filter Enabled: Forward: No No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: 0 Source Port Compare... Source Port ID: Dest. Port Compare... Dest. Port ID: No Compare 0 No Compare 0 ADD THIS FILTER NOW CANCEL Enter the IP specific information for this filter. 1. To make the filter active in the filter set, select Enabled and toggle it to Yes.
Security 16-21 Type Description 0 Echo reply 3 Destination unreachable 8 Echo request ICMP Code Compare – Select one of the following options from the pop-up menu: No Compare, Not Equal To, Less Than, Less Than or Equal, Equal, Greater Than or Equal, or Greater Than. In addition to the Type, an 8-bit field, Code, gives more information about the Type.
16-22 User’s Reference Guide Select a filter from the table and press Return. The Change Filter screen appears. The parameters in this screen are set in the same way as the ones in the Add Filter screen (see “Adding filters to a filter set” on page 16-19). Change Filter Enabled: Forward: No No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: 0 Source Port Compare... Source Port ID: Dest. Port Compare... Dest.
Security 16-23 Change IP Filter Set Filter Set Name: Basic Firewall Display/Change Input Filter... Add Input Filter... Delete Input Filter... Display/Change Output Filter... Add Output Filter... Delete Output Filter... Deleting a filter set Note: If you delete a filter set, all of the filters it contains are deleted as well. To reuse any of these filters in another set, before deleting the current filter set you’ll have to note their configuration and then recreate them.
16-24 User’s Reference Guide The five input filters and one output filter that make up Basic Firewall are shown in the table below. Input filter 1 Input filter 2 Input filter 3 Input filter 4 Input filter 5 Enabled Yes Yes Yes Yes Yes Yes Forward No No Yes Yes Yes Yes Source IP address 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Source IP address mask 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Dest. IP address 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.
Security 16-25 Basic Firewall is suitable for a LAN containing only client hosts that want to access servers on the WAN, but not for a LAN containing servers providing services to clients on the WAN. Basic Firewall’s general strategy is to explicitly forward WAN-originated TCP and UDP traffic to ports greater than 1023. Ports lower than 1024 are the service origination ports for various Internet services such as FTP, Telnet, and the World Wide Web (WWW).
16-26 User’s Reference Guide FTP sessions. To allow WAN-originated FTP sessions to a LAN-based FTP server with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243), insert the following input filter ahead of the current input filter 1: ■ Enabled: Yes ■ Forward: Yes ■ Source IP Address: 0.0.0.0 ■ Source IP Address Mask: 0.0.0.0 ■ Dest. IP Address: a.b.c.d ■ Dest. IP Address Mask: 255.255.255.
Security 16-27 IPX Filters Main Menu System Configuration Filter Sets (Firewalls) IPX Filters and Filter Sets IPX packet filters work very similarly to IP packet filters. They filter data traffic coming from or going to remote IPX networks. IPX filters can be set up to forward or discard IPX packets based on a number of user-defined criteria. Like IP filters, IPX filters must be grouped in sets that are applied to the answer profile or to connection profiles.
16-28 User’s Reference Guide The items in the IPX Filters and Filter Sets screen are grouped into four areas: ■ IPX packet filters ■ IPX packet filter sets ■ IPX SAP filters ■ IPX SAP filter sets The following sections explain the items in each of these areas. IPX packet filters For each IPX packet filter, you can configure a set of parameters to match on the source or destination attributes of IPX data packets coming from or going to the WAN.
Security 16-29 1. Select Filter Name and enter a descriptive name for the filter. 2. To specify a source network for the filter to match on, select Source Network and enter an IPX network address. 3. To specify a source node for the filter to match on, select Source Node Address and enter an IPX node address. 4. To specify a source socket for the filter to match on, select Source Socket and enter an IPX source socket number. 5.
16-30 User’s Reference Guide Add Packet Filter Set Filter Set Name: Show Filters/Change Action on Match... Append Filter... Remove Filter... ADD FILTER SET NOW CANCEL Return accepts * ESC cancels * Left/Right moves insertion point * Del deletes. Configure an IPX Filter Set here. You must ADD FILTER SET NOW to save. Follow these steps to configure the new packet filter set: 1. Select Filter Set Name and enter a descriptive name for the filter set. 2.
Security 16-31 3. To add a filter to the filter set, select Append Filter to display a table of filters. Select a filter from the table and press Return to add it to the filter set. The default action of newly added filters is to not forward packets that match their criteria. To exit the table without adding the filter, press Escape. 4. To remove a filter from the filter set, select Remove Filter to display a table of appended filters.
16-32 User’s Reference Guide Adding a SAP filter To add a new IPX SAP filter, select Add IPX SAP Filter in the IPX Filters and Filter Sets screen and press Return. The Add SAP Filter screen appears. Add Sap Filter Filter Name: Server Name: Socket: 0000 Type: 0000 IPX Network: IPX Node Address: 00000000 000000000000 ADD FILTER NOW CANCEL Configure a new IPX SAP Filter. Finished? ADD or CANCEL to exit.
Security 16-33 IPX SAP filter sets Before IPX SAP filters can be used, they must be grouped into sets. A SAP filter can be part of more than one filter set. Viewing and modifying SAP filter sets To display a table of IPX SAP filter sets, select Display/Change IPX SAP Filter Sets in the IPX Filters and Filter Sets screen to display a list of filter sets. To modify any of the filter sets in the list, select the desired filter set and go to the Change SAP Filter Set screen.
16-34 User’s Reference Guide Show Filters/Change Actions on Match Filter Name---------------------Forward Filter 1 No Filter 2 No <> Yes Set whether filters forward or drop matching packets here. Select a filter and toggle the entry forwarding action to Yes (forward) or No (discard). 3. To add a filter to the filter set, select Append Filter in the Add SAP Filter Set screen to display a table of filters. Select a filter from the table and press Return to add it to the filter set.
Security 16-35 Firewall Tutorial General firewall terms Filter rule: A filter set is comprised of individual filter rules. Filter set: A grouping of individual filter rules. Firewall: A component or set of components that restricts access between a protected network and the Internet or between two networks. Host: A workstation on the network. Packet: Unit of communication on the Internet.
16-36 User’s Reference Guide Example TCP/UDP Ports TCP Port Service 20/21 FTP 23 Telnet 25 SMTP 80 WWW 144 News UDP Port Service 161 SNMP 69 TFTP 387 AURP Firewall design rules There are two basic rules to firewall design: ■ “What is not explicitly allowed is denied.” and ■ “What is not explicitly denied is allowed.” The first rule is far more secure and is the best approach to firewall design.
Security 16-37 and a packet goes through these rules destined for FTP, the packet would forward through the first rule (WWW), go through the second rule (FTP), and match this rule; the packet is allowed through. If you had this filter set for example.... Allow WWW access; Allow FTP access; Deny FTP access; Deny all other packets.
16-38 User’s Reference Guide Implied rules With a given set of filter rules, there is an implied rule that may or may not be shown to the user. The implied rule tells the filter set what to do with a packet that does not match any of the filter rules. An example of implied rules is as follows: Implied Meaning Y+Y+Y=N If all filter rules are YES, the implied rule is NO. N+N+N=Y If all filter rules are NO, the implied rule is YES. Y+N+Y=N If a mix of YES and NO filters, the implied rule is NO.
Security 16-39 Filter basics In the source or destination IP address fields, the IP address that is entered must be the network address of the subnet. A host address can be entered, but the applied subnet mask must be 32 bits (255.255.255.255). The Netopia R6000 Series has the ability to compare source and destination TCP or UDP ports.
16-40 User’s Reference Guide Example filters Example 1 Filter Rule: 200.1.1.0 (Source IP Network Address) 255.255.255.128 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.28 IP Address Binary Representation 200.1.1.28 00011100 (Source address in incoming IP packet) 10000000 (Perform the logical AND) 00000000 (Logical AND result) AND 255.255.255.
Security 16-41 This incoming IP packet (10000000) has a source IP address that does not match the network address in the Source IP Address field (00000000) in the Netopia R6000 Series. This rule will forward this packet because the packet does not match. Example 3 Filter Rule: 200.1.1.96 (Source IP Network Address) 255.255.255.240 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.184. IP Address Binary Representation 200.1.1.
16-42 User’s Reference Guide Since the Source IP Network Address in the Netopia R6000 Series is 01100000, and the source IP address after the logical AND is 01100000, this rule does match and this packet will not be forwarded. Example 5 Filter Rule: 200.1.1.96 (Source IP Network Address) 255.255.255.255 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.96. IP Address Binary Representation 200.1.1.
Security 16-43 Filtering on the LAN Interface The Netopia R6000 Series offers LAN-side filtering on the Ethernet hub. This permits multiple subnets on the Ethernet LAN to be kept separate from one another and operate as virtual independent networks sharing a single Internet connection. Small- to medium-sized offices can benefit by using a single router to connect to the Internet, with multiple businesses within the office using independent subnets on the network.
16-44 User’s Reference Guide IP Setup Ethernet IP Address: Ethernet Subnet Mask: Define Additional Subnets... 192.168.1.1 255.255.255.0 Default IP Gateway: 0.0.0.0 Backup IP Gateway: 0.0.0.0 Primary Domain Name Server: 0.0.0.0 Secondary Domain +-----------------------------------+ Domain Name: +-----------------------------------+ | Basic Firewall | Receive RIP... | NetBIOS Filter | Transmit RIP...
Utilities and Diagnostics 17-1 Chapter 17 Utilities and Diagnostics A number of utilities and tests are available for system diagnostic and control purposes.
17-2 User’s Reference Guide Ping The Netopia R6000 Series includes a standard Ping test utility. A Ping test generates IP packets destined for a particular (Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender. Ping allows you to see whether a particular IP destination is reachable from the Netopia R6000 Series.
Utilities and Diagnostics 17-3 Status: The current status of the Ping test. This item can display the status messages shown in the able below: Message Description Resolving host name Finding the IP address for the domain name-style address Can’t resolve host name IP address can’t be found for the domain name–style address Pinging Ping test is in progress Complete Ping test was completed Cancelled by user Ping test was cancelled manually Destination unreachable from w.x.y.
17-4 User’s Reference Guide time send Ping packet 1 Netopia receive Ping packet 1 send return Ping packet 1 Netopia Netopia send Ping packet 2 send return Ping packet 2 Netopia send Ping packet 3 host host receive return Ping packet 2 receive Ping packet 3 send return Ping packet 3 Netopia host receive return Ping packet 1 receive Ping packet 2 Netopia host host host receive return Ping packet 3 Packets Lost: The number of packets unaccounted for, shown in total and as a percentage of total
Utilities and Diagnostics 17-5 Trace Route Host Name or IP Address: Maximum Hops: Timeout (seconds): 30 5 Use Reverse DNS: Yes START TRACE ROUTE Enter the IP Address/Domain Name of a host. Trace route to a network host. To trace a route, follow these steps: 1. Select Host Name or IP Address and enter the name or address of the destination you want to trace. 2.
17-6 User’s Reference Guide The Telnet client screen appears. Telnet Host Name or IP Address: Control Character to Suspend: Q START A TELNET SESSION Enter the IP Address/Domain Name of a host. ■ Enter the host name or the IP address in dotted decimal format of the machine you want to Telnet into and press Return. ■ Either accept the default control character “Q” used to suspend the Telnet session, or type a different one. ■ START A TELNET SESSION becomes highlighted.
Utilities and Diagnostics 17-7 Disconnect Telnet console session If you want to close your Telnet console session, select Disconnect Telnet Console Session and press Return. A dialog box appears asking you to cancel or continue your selection.
17-8 User’s Reference Guide Transferring configuration and firmware files with TFTP Trivial File Transfer Protocol (TFTP) is a method of transferring data over an IP network. TFTP is a client-server application, with the router as the client. To use the Netopia R6000 Series as a TFTP client, a TFTP server must be available. Netopia, Inc., has a public access TFTP server on the Internet where you can obtain the latest firmware versions.
Utilities and Diagnostics 17-9 ■ Select GET ROUTER FIRMWARE FROM SERVER or GET WAN MODULE FIRMWARE FROM SERVER and press Return. You will see the following dialog box: +-----------------------------------------------------------+ +-----------------------------------------------------------+ | | | Are you sure you want to read the firmware now? | | The device will reset when the transfer is complete.
17-10 User’s Reference Guide ■ Select GET CONFIG FROM SERVER and press Return. You will see the following dialog box: +-----------------------------------------------------------+ +-----------------------------------------------------------+ | | | Are you sure you want to read the configuration now? | | The device will reset when the transfer is complete.
Utilities and Diagnostics 17-11 X-Modem File Transfer Send Firmware to Netopia... Send Config to Netopia... Receive Config from Netopia... Send Firmware to Netopia WAN module... WAN module Firmware Status: IDLE Updating firmware Firmware updates may be available periodically from Netopia or from a site maintained by your organization’s network administration. The procedure below applies whether you are using the console or the WAN interface module.
17-12 User’s Reference Guide The system will reset at the end of a successful file transfer to put the new firmware into effect. While the system resets, the LEDs will blink on and off. Caution! Do not manually power down or reset the Netopia R6000 Series while it is automatically resetting or it could be damaged. Downloading configuration files The Netopia R6000 Series can be configured by downloading a configuration file. The downloaded file reconfigures all of the Router’s parameters.
Utilities and Diagnostics 17-13 2. Select Receive Config from Netopia and press Return. The following dialog box appears: +--------------------------------------------------------------------+ | | | Are you sure you want to save your current Netopia configuration? | | If so, when you hit Return/Enter on the CONTINUE button, you will | | have 10 seconds to begin the transfer from your terminal program. | | | | CANCEL CONTINUE | | | +--------------------------------------------------------------------+ 3.
17-14 User’s Reference Guide
Part III: Appendixes
User’s Reference Guide
Troubleshooting A-1 Appendix A Troubleshooting This appendix is intended to help you troubleshoot problems you may encounter while setting up and using the Netopia R6000 Series. It also includes information on how to contact Netopia Technical Support. Important information on these problems can be found in the event histories kept by the Netopia R6000 Series. These event histories can be accessed in the Statistics & Logs screen.
A-2 User’s Reference Guide Note: If you are attempting to modify the IP address or subnet mask from a previous, successful configuration attempt, you will need to clear the IP address or reset your Netopia R6000 Series to the factory default before reinitiating the configuration process. For further information on resetting your Netopia R6000 Series to factory default, see “Factory defaults” on page 17-7.
Troubleshooting A-3 How to Telnet or Console to your Router from a Windows 9X Workstation This section details how to setup a connection between your Windows PC and your Netopia R-Series router. Please note, this assumes you already have a 10 BaseT Ethernet adapter installed in your Windows PC, and you have already bound TCP/IP to the adapter.
A-4 User’s Reference Guide 2. Confirm the WAN line is connected. One twisted pair cable (RJ-45 or RJ-11) should be connected between Line 1/Telco 1 port on the router and the wall jack (or the DSL/Cable modem if you have an R9100 Ethernet to Ethernet router). 3. Connect your router to your Ethernet network.
Troubleshooting A-5 2. In the Network window, select the Configuration tab. Scroll down the list of network components provided, highlight TCP/IP bound to your Ethernet Adapter and click on Properties. Your selection will be something similar the one illustrated in Figure 1 below: Figure 1 3. From the TCP/IP window, select the tab labeled IP Address, and enter the same parameters that appear below in Figure 2.
A-6 User’s Reference Guide Note: If you have an limited (12 user) Netopia router, enter either a Subnet Mask of 255.255.255.240, or the subnet mask given by your service provider.
Troubleshooting A-7 4. Next, click on the Gateway tab, remove any installed gateways already configured, and Add the IP address of 192.168.1.1, as Figure 3 illustrates. Again, if your service provider specified a Gateway for you to use on your LAN, enter the IP Address your service provider specified instead. The Gateway and IP Address you enter should appear the same except for the last octet (ex. IP Address: 192.168.1.2, Gateway: 192.168.1.
A-8 User’s Reference Guide 8. You should now be connected to the menu interface of your router, where you have a menu of configuration options as well as the model number of your router and firmware version listed at the top of the screen. The Main Menu of a Netopia router's menu interface will appear like the following Figure 6 below in Step III. 9. If you are unable to connect to your router using telnet, continue onto Step III.
Troubleshooting A-9 7. Port Settings should be set to Bits per second = 9600, Data bits = 8, Parity = None, Stop bits = 1, and Flow control = None, as Figure 5 illustrates: Figure 5 8. Select OK to connect to your router. 9. The Hyperterminal window should be blank with a flashing cursor in the top left corner. Turn on the router. 10.The router Main Menu should appear within a few seconds, and look that the following Figure 6: Figure 6 10.
A-10 User’s Reference Guide 3. If you only want to confirm the Ethernet IP Address or DNS configuration of your router so that you may configure the TCP/IP properties of your workstation appropriately, then from the Main Menu, go to Quick Menus -> IP Setup -> Ethernet IP Address. Once you know your routers Ethernet IP Address, go back to Step II and configure the TCP/IP properties of your workstation appropriately.
Troubleshooting A-11 How to reset the router to factory defaults Lose your password? This section shows how to reset the router so that you can access the console screens once again. Keep in mind that all of your connection profiles and settings will need to be reconfigured. If you don't have a password, the only way to get back into the Netopia R6000 Series is the following: 1. Turn the router upside down. 2. Referring to the diagram below, find the paper clip-sized Reset Switch slot.
A-12 User’s Reference Guide Technical support Netopia, Inc., is committed to providing its customers with reliable products and documentation, backed by excellent technical support. Before contacting Netopia Look in this guide for a solution to your problem. You may find a solution in this troubleshooting appendix or in other sections. Check the index for a reference to the topic of concern. If you cannot find a solution, complete the environment profile below before contacting Netopia Technical Support.
Troubleshooting A-13 Netopia Bulletin Board Service: 1 510-865-1321 Online product information Product information can be found in the following: Netopia World Wide Web server via http://www.netopia.com Internet via anonymous FTP to ftp.netopia.com/pub FAX-Back This service provides technical notes that answer the most commonly asked questions and offers solutions for many common problems encountered with Netopia products.
A-14 User’s Reference Guide
Understanding IP Addressing B-1 Appendix B Understanding IP Addressing This appendix is a brief general introduction to IP addressing. A basic understanding of IP will help you in configuring the Netopia R6000 Series and using some of its powerful features, such as static routes and packet filtering.
B-2 User’s Reference Guide IP addresses are maintained and assigned by the InterNIC, a quasi-governmental organization now increasingly under the auspices of private industry. Note: It’s very common for an organization to obtain an IP address from a third party, usually an Internet service provider (ISP). ISPs usually issue an IP address when they are contracted to provide Internet access services. The InterNIC (the NIC stands for Network Information Center) divides IP addresses into several classes.
Understanding IP Addressing B-3 Subnet masks To create subnets, the network manager must define a subnet mask, a 32-bit number that indicates which bits in an IP address are used for network and subnetwork addresses and which are used for host addresses. One subnet mask should apply to all IP networks that are physically connected together and share a single assigned network number. Subnet masks are often written in decimal notation like IP addresses, but they are most easily understood in binary notation.
B-4 User’s Reference Guide Network configuration Below is a diagram of a simple network configuration. The ISP is providing a Class C address to the customer site, and both networks A and B want to gain Internet access through this address. Netopia R6000 Series B connects to Netopia R6000 Series A and is provided Internet access through Routers A and B. Customer Site A PC 1: IP Address: 192.168.1.3 Subnet Mask: 255.255.255.128 Gateway: 192.168.1.1 Router B: ISP Network Router A: IP Address: 10.0.0.
Understanding IP Addressing B-5 Background The IP addresses and routing configurations for the devices shown in the diagram are outlined below. In addition, each individual field and its meaning are described. The IP Address and Subnet Mask fields define the IP address and subnet mask of the device's Ethernet connection to the network while the Remote IP and Remote Sub fields describe the IP address and subnet mask of the remote router.
B-6 User’s Reference Guide Distributing IP addresses To set up a connection to the Internet, you may have obtained a block of IP host addresses from an ISP. When configuring the Netopia R6000 Series, you gave one of those addresses to its Ethernet port, leaving a number of addresses to distribute to computers on your network.
Understanding IP Addressing B-7 Technical note on subnet masking Note: The IP address supplied by the Netopia R6000 Series will be a unique number. You may want to replace this number with a number that your ISP supplies if you are configuring the router for a static IP address. However, the Netopia R6000 Series and all devices on the same local network must have the same subnet mask. If you require a different class address, you can edit the IP Mask field to enter the correct address.
B-8 User’s Reference Guide Macintosh workstation (Open Transport Version 1.1 or later): ■ The Mac workstation requests and renews its lease every half hour. ■ The Mac workstation relinquishes its address upon shutdown in all but one case. If the TCP/IP control panel is set to initialize at startup, and no IP services are used or the TCP/IP control panel is not opened, the DHCP address will NOT be relinquished upon shutdown.
Understanding IP Addressing B-9 Using address serving The Netopia R6000 Series provides three ways to serve IP addresses to computers on a network. The first, Dynamic Host Configuration Protocol (DHCP), is supported by PCs with Microsoft Windows and a TCP/IP stack. Macintosh computers using Open Transport and computers using the UNIX operating system may also be able to use DHCP. The second way, MacIP, is for Macintosh computers.
B-10 User’s Reference Guide addresses. ■ Note any planned and currently used static addresses before you use DHCP and MacIP. ■ Avoid fragmenting your block of IP addresses. For example, try to use a continuous range for the static addresses you choose.
Understanding IP Addressing B-11 A DHCP example Suppose, for example, that your ISP gave your network the IP address 199.1.1.32 and a 4-bit subnet mask. Address 199.1.1.32 is reserved as the network address. Address 199.1.1.47 is reserved as the broadcast address. This leaves 14 addresses to allocate, from 199.1.1.33 through 199.1.1.46. If you want to allocate a sub-block of 10 addresses using DHCP, enter “10” in the DHCP Setup screen’s Number of Addresses to Allocate item.
B-12 User’s Reference Guide Internet a.b.c.16 a.b.c.1 Router A a.b.c.0 a.b.c.2 Router B Router C a.b.c.128 a.b.c.248 a.b.c.129 a.b.c.249 Routers B and C (which could also be Netopia R6000 Series Routers) serve the two remote networks that are subnets of a.b.c.0. The subnetting is accomplished by configuring the Netopia R6000 Series with connection profiles for Routers B and C (see the following table).
Understanding IP Addressing B-13 IP Routing Table Network Address-Subnet Mask-----via Router------Port--Age--------Type---------------------------------------SCROLL UP-------------------------------0.0.0.0 0.0.0.0 a.b.c.1 WAN 3719 Management 127.0.0.1 255.255.255.255 127.0.0.1 lp1 6423 Local a.b.c.128 255.255.255.192 a.b.c.128 WAN 5157 Local a.b.c.248 255.255.255.248 a.b.c.
B-14 User’s Reference Guide The following diagram illustrates the IP address space taken up by the two remote IP subnets. You can see from the diagram why the term nested is appropriate for describing these subnets. 1 Address range available to a.b.c.0, less the two nested subnets 129 valid addresses used by a.b.c.128 190 valid addresses used by a.b.c.248 249 254 Broadcasts As mentioned earlier, binary IP host or subnet addresses composed entirely of ones or zeros are reserved for broadcasting.
Binary Conversion Table C-1 Appendix C Binary Conversion Table This table is provided to help you choose subnet numbers and host numbers for IP and MacIP networks that use subnetting for IP addresses.
C-2 User’s Reference Guide Decimal Binary Decimal Binary Decimal Binary Decimal Binary 128 10000000 160 10100000 192 11000000 224 11100000 129 10000001 161 10100001 193 11000001 225 11100001 130 10000010 162 10100010 194 11000010 226 11100010 131 10000011 163 10100011 195 11000011 227 11100011 132 10000100 164 10100100 196 11000100 228 11100100 133 10000101 165 10100101 197 11000101 229 11100101 134 10000110 166 10100110 198 11000110 230 111001
Further Reading D-1 Appendix D Further Reading Alexander, S. and R. Droms, DHCP Options and BOOTP Vendor Extensions, RFC 2131, Silicon Graphics, Inc., Bucknell University, PA, 1997. Angell, David, ISDN for Dummies, IDG Books Worldwide, Foster City, CA, 1995. Thorough introduction to ISDN for beginners. Apple Computer, Inc., AppleTalk Network System Overview, Addison-Wesley Publishing Company, Inc., Reading, MA, 1989. Apple Computer, Inc.
D-2 User’s Reference Guide Garcia-Luna-Aceves, J.J., Loop-Free Routing Using Diffusing Computations, IEEE/ACM Transactions on Networking, Vol. 1, No. 1, 1993. Garfinkel, Simson., PGP: Pretty Good Privacy, O’Reilly & Associates, Sebastopol, CA, 1991. A guide to the free data encryption program PGP and the issues surrounding encryption. Green, J.K., Telecommunications, 2nd ed., Business One Irwin, Homewood, IL, 1992. Heinanen, J., Multiprotocol Encapsulation over ATM Adaptation Layer 5, RFC 1483, July 1993.
Further Reading D-3 Sidhu, G.S., R.F. Andrews, and A.B. Oppenheimer, Inside AppleTalk, 2nd ed., Addison-Wesley Publishing Company, Reading, MA, 1990. Siyan, Karanjit, Internet Firewall and Network Security, New Riders Publishing, Indianapolis, IN, 1995. Similar to the Chapman and Zwicky book. Smith, Philip, Frame Relay Principles and Applications, Addison-Wesley Publishing Company, Reading, MA, 1996.
D-4 User’s Reference Guide
Technical Specifications and Safety Information E-1 Appendix E Technical Specifications and Safety Information Pinouts for Auxiliary port modem cable 1300 ohms 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Shield 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Shield BRAID HD-15 DB-25 Pin 1 Ground Pin 1 (not used) Pin 2 TDA Pin 2 TD Pin 3 TDB Pin 3 RD Pin 4 RDA Pin 4 RTS Pin 5 RDB Pin 5 CTS Pin 6 (not used) Pin 6 DCE Ready Pin 7 DTR Pin 7 Ground Pin 8 CTS Pin 8
E-2 User’s Reference Guide HD-15 DB-25 Pin 9 DSR Pin 9 -RSET (EIA-530) Pin 10 DCD Pin 10 (not used) Pin 11 (not used) Pin 11 -TSET (EIA-530) Pin 12 TCA Pin 12 (not used) Pin 13 TCB Pin 13 (not used) Pin 14 RCA Pin 14 -TD (EIA-530) STD (EIA-232) Pin 15 RCB Pin 15 (not used) Pin 16 -RD (EIA-530) SRD (EIA-232) Pin 17 RSET Pin 18 (not used) Pin 19 -RTS (EIA-530) SRTS (EIA-232) Pin 20 DTE Ready Pin 21 (not used) Pin 22 (not used) Pin 23 Ground Pin 24 TSET Pin 25 (
Technical Specifications and Safety Information E-3 Software and protocols Software media: Software preloaded on internal flash memory; field upgrades done via download to internal flash memory via XMODEM or TFTP Routing: TCP/IP Internet Protocol Suite, RIP, AppleTalk*, LocalTalk-to-Ethernet routing*, AURP tunneling*, MacIP*, IPX * Optional add-on feature WAN support: ADSL Security: IP/IPX firewalls, UI password security, PAP, CHAP SNMP network management: SNMPv1, MIB-II (RFC 1213), Interface MIB (RFC 1229
E-4 User’s Reference Guide Agency approvals North America Safety Approvals: ■ United States – UL: 1950 Third Edition ■ Canada – CSA: CAN/CSA-C22.2 No.
Technical Specifications and Safety Information E-5 FCC Requirements, Part 68. The Federal Communications Commission (FCC) has established Rules which permit this device to be directly connected to the telephone network. Standardized jacks are used for these connections. This equipment should not be used on party lines or coin phones.
E-6 User’s Reference Guide Repairs to the certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier. Any repairs or alterations made by the user to this equipment or equipment malfunctions may give the telecommunications company cause to request the user to disconnect the equipment.
Technical Specifications and Safety Information E-7 Important safety instructions Caution ■ The direct plug-in power supply serves as the main power disconnect; locate the direct plug-in power supply near the product for easy access. ■ For use only with CSA Certified Class 2 power supply, rated 12VDC, 1.5A. Telecommunication installation cautions ■ Never install telephone wiring during a lightning storm.
E-8 User’s Reference Guide
About ADSL F-1 Appendix F About ADSL The Netopia R6000 Series ADSL Router (Asymmetric Digital Subscriber Line) technology uses standard copper phone lines to send a digital signal between two points. Because the signal stays digital and does not go through the public switched telephone network. ADSL allows a much faster data connection.
F-2 User’s Reference Guide Like all flavors of DSL, ADSL is distance sensitive. As the distance between the customer premises and the central office increases, the available bandwidth decreases: Distance from Central Office Maximum Downstream Speed 8,000 feet 8 Mbps 12,000 feet 6 Mbps 16,000 feet 2 Mbps 20,000 feet 1.5 Mbps Connection speeds for DSL typically range from 384 Kbps to 1.544 Mbps downstream and 128 Kbps upstream.
Glossary 1 Glossary access line: A telephone line reaching from the telephone company central office to a point usually on your premises. Beyond this point the wire is considered inside wiring. analog: In telecommunications, telephone transmission and/or switching that is not digital. An analog phone transmission is one that was originally intended to carry speech or voice, but may with appropriate modifications be used to carry data of other types.
2 User’s Reference Guide byte: A group of bits, normally eight, which represent one data character. CallerID: See CND. CCITT (Comite Consultatif International Telegraphique et Telephonique): International Consultative Committee for Telegraphy and Telephony, a standards organization that devises and proposes recommendations for international communications. See also ANSI (American National Standards Institute).
Glossary 3 DTE (Data Terminal Equipment): Term defined by standards committees, that applies to communications equipment, typically personal computers or data terminals, as distinct from other devices that attach to the network, typically modems or printers (DCE). The distinction generally refers to which pins in an RS-232-C connection transmit or receive data. Pins 2 and 3 are reversed. Also see DCE. EIA (Electronic Industry Association): A North American standards association.
4 User’s Reference Guide internet: A set of networks connected together by routers. This is a general term, not to be confused with the large, multi-organizational collection of IP networks known as the Internet. An internet is sometimes also known as an internetwork. internet address, IP address: Any computing device that uses the Internet Protocol (IP) must be assigned an internet or IP address.
Glossary 5 network log: A record of the names of devices, location of wire pairs, wall-jack numbers, and other information about the network. network number: A unique number for each network in an internet. AppleTalk network numbers are assigned by seed routers, to which the network is directly connected. An isolated AppleTalk network does not need a network number.
6 User’s Reference Guide router: A device that supports network communications. A router can connect identical network types, such as LocalTalk-to-LocalTalk, or dissimilar network types, such as LocalTalk-to-Ethernet. However—unless a gateway is available—a common protocol, such as TCP/IP, must be used over both networks. Routers may be equipped to provide WAN line support to the LAN devices they serve.
Glossary 7 TFTP (Trivial File Transfer Protocol): A protocol used to transfer files between IP nodes. TFTP is often used to transfer firmware and configuration information from a UNIX computer acting as a TFTP server to an IP networking device, such as the Netopia ISDN Router. thicknet: Industry jargon for 10Base5 coaxial cable, the original Ethernet cabling. thinnet: Industry jargon for 10Base2 coaxial cable, which is thinner (smaller in diameter) than the original Ethernet cabling.
8 User’s Reference Guide
Index-1 Index Numerics 10Base-T, connecting 4-3 A add static route 10-9 ADSL defined F-1 advanced configuration features 8-23 AppleTalk 1-2 configuring LocalTalk 13-7 routing table 14-9 setup 13-1 tunneling (AURP) 13-3, 13-8 zones 13-6, 13-7 AppleTalk Update-Based Routing Protocol, see AURP application software 4-2 ATMP 15-7 tunnel options 15-20 AURP adding a partner 13-9 configuration 13-10 connecting to a partner 13-9 hop-count reduction 13-12 network number remapping 13-11 receiving connections 13-10 se
Index-2 console configuration 8-25 console-based management configuring with 6-1, 7-1, 8-1 D D.
Index-3 FTP sessions 16-26 further reading D-1 G general statistics 14-4 Glossary GL-1 H hard seeding 13-3 hops 14-9 how to reach us A-12 I input filter 3 16-24 input filters 1 and 2 16-24 input filters 4 and 5 16-24 Internet addresses, see IP addresses Internet Protocol (IP) 10-1 Internetwork Packet Exchange (IPX) 12-1 IP address serving 10-11 IP addresses B-1 about B-1 distributing B-6 distribution rules B-10 static B-8 IP setup 10-2 IP trap receivers deleting 14-16 modifying 14-15 setting 14-15 viewing
Index-4 navigating through the configuration screens 65 NCSA Telnet 6-3 nested IP subnets B-11 NetBIOS 10-16, 12-3 NetBIOS scope 10-17 Netopia connecting to Ethernet, rules 4-3 connecting to LocalTalk 4-5 connection profile 7-5 distributing IP addresses 10-11, B-6 IP setup 7-7 IPX setup 7-7 LocalTalk configuration 13-7 monitoring 14-1 security 16-1 system utilities and diagnostics 17-1 Network Address Translation 10-4 see NAT 10-1 network problems A-2 network status overview 14-1 next router address 14-10
Index-5 seeding 13-3 Service Advertising Protocol (SAP) 12-2 Simple Network Management Protocol, see SNMP SNMP community strings 14-14 MIBs supported 14-12 setup screen 14-13 traps 14-14 socket 12-2 soft seeding 13-3 src.
Index-6 WAN event history 14-6 web-based management system information 14-16 X XMODEM 17-10 XMODEM file transfers downloading configuration files 17-12 updating firmware 17-11 uploading configuration files 17-12 Z zone name 14-9
Limited Warranty and Limitation of Remedies 1 Limited Warranty and Limitation of Remedies Netopia warrants to you, the end user, that the Netopia R6000 Series ADSL Router (the “Product”) will be free from defects in materials and workmanship under normal use for a period of one (1) year from date of purchase. Netopia’s entire liability and your sole remedy under this warranty during the warranty period is that Netopia shall, at its option, either repair or replace the Product.
2 User’s Reference Guide
