™ Netopia R310 ISDN Router User’s Reference Guide
Copyright Copyright 2000, Netopia, Inc. v.0300 All rights reserved. Printed in the U.S.A. This manual and any associated artwork, software and product designs are copyrighted with all rights reserved. Under the copyright laws such materials may not be copied, in whole or part, without the prior written consent of Netopia, Inc. Under the law, copying includes translation to another language or format. Netopia, Inc. 2470 Mariner Square Loop Alameda, CA 94501-1010 U.S.A.
Contents Welcome to the Netopia R310 User’s Reference Guide. This guide is designed to be your single source for information about your Netopia R310 ISDN Router. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been deliberately designed to present the maximum information in the minimum space on your screen.
iv User’s Reference Guide Configuring TCP/IP on Macintosh computers ........ 3-12 DNS Proxy and Caching Behavior......................... 3-14 Chapter 4 — Connecting Your Local Area Network .....................4-1 Readying computers on your local network....................... 4-1 Connecting to an Ethernet network.................................. 4-2 Chapter 5 — Console-based Management..................................5-1 About Console-based Management .................................
Contents Filter Sets (Firewalls) .......................................... IP Address Serving ............................................. Date and Time ................................................... Console Configuration......................................... SNMP (Simple Network Management Protocol) ..... Security ............................................................. Upgrade Feature Set .......................................... Logging ...................................................
vi User’s Reference Guide Binding Map Lists and Server Lists ..................... NAT Associations ............................................... MultiNAT Configuration Example .................................... Notes on the example ........................................ IP subnets................................................................... Static routes...................................................... IP address serving .......................................................
Contents vii Status lights ...................................................... 11-3 Statistics & Logs ......................................................... 11-4 General Statistics .............................................. 11-4 Event histories ............................................................ 11-5 Routing tables ............................................................. 11-7 Served IP Addresses.................................................... 11-8 System Information............
viii User’s Reference Guide Filter Basics..................................................... Example Filters ................................................ Token Security Authentication ..................................... Securing network environments......................... Using the SecurID token card............................ Security authentication components .................. Configuring for security authentication ............... Connecting using security authentication ...........
Contents Network problems ................................................ Power outages............................................................... Technical support .......................................................... How to get support .............................................. ix A-2 A-3 A-3 A-3 Appendix B — Setting Up Telco Services ...................................B-1 Obtaining an ISDN line ................................................... B-1 Finding an ISDN service provider ....
x User’s Reference Guide Manually distributing IP addresses ........................ D-8 Using address serving .......................................... D-8 Tips and rules for distributing IP addresses............ D-8 Nested IP subnets ....................................................... D-10 Broadcasts.................................................................. D-12 Packet header types........................................... D-12 Appendix E — Understanding Netopia NAT Behavior ..............
Configuration options for your Netopia R310 ISDN Router The Netopia R310 ISDN Router can be used in different ways depending on your needs. In general, you will probably want to use it in one or more of the following ways: (Click on one of these links) ■ “1. Small Office connection to the Internet” with several computers in your office sharing a single IP address (Network Address Translation enabled) ■ “2.
1. Small Office connection to the Internet For Small Office connections to the Internet, using a single dynamic IP address with Network Address Translation (NAT) enabled, you should use the following configuration option: ■ the SmartStart™ Wizard, included on your Netopia R310 CD. This is the fastest and simplest way to get you up and running with the minimum difficulty. For instructions on this option, see “Setting up your Router with the SmartStart Wizard” on page 3-3.
2. Small Office connection to the Internet For Small Office connections to the Internet, using a block of IP addresses (Network Address Translation disabled), you use both of the following configuration tools: ■ the SmartStart™ Wizard, included on your Netopia R310 CD. This is the fastest and simplest way to get you up and running with the minimum difficulty. For instructions on this option, see “Setting up your Router with the SmartStart Wizard” on page 3-3.
3. Direct Connection to a Corporate Office (Telecommuter) For direct connections to a Corporate Office, you can use either one of two configuration options: ■ the SmartStart™ Wizard, included on your Netopia R310 CD. For instructions on this option, see “Setting up your Router with the SmartStart Wizard” on page 3-3. ■ manual configuration using console-based management. This option allows maximum flexibility for experienced users and administrators.
4. Configured to accept incoming dial-up connections To configure the Netopia R310 to accept incoming dial-up connections, you should use the following configuration option: ■ use the SmartStart™ Wizard, to configure your outbound connection to an ISP. For instructions on this option, see “Setting up your Router with the SmartStart Wizard” on page 3-3. ■ manual configuration using console-based management. You will go to WAN configuration and add one or more dial-in Connection Profiles.
Part I: Getting Started
User’s Reference Guide
Introduction 1-1 Chapter 1 Introduction Overview The Netopia R310 ISDN Router is a full-featured, stand-alone, multiprotocol router for connecting diverse local area networks (LANs) to the Internet and other remote networks. The Netopia R310 ISDN Router uses a high performance telecommunications line to provide your whole network with a high-speed connection to the outside world.
1-2 User’s Reference Guide How to use this guide In addition to the simple documentation contained in the accompanying Getting Started Guide, this guide is designed to be your single source for information about your Netopia R310 ISDN Router. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been deliberately designed to present the maximum information in the minimum space on your screen.
Making the Physical Connections 2-1 Chapter 2 Making the Physical Connections This section tells you how to make the physical connections to your Netopia R310 ISDN Router.
2-2 User’s Reference Guide You will need: ■ A Windows 95, 98, or NT-based PC or a Macintosh with Ethernet connectivity for configuring the Netopia R310. This may be built-in Ethernet or an add-on card, with TCP/IP installed. ■ An ISDN telephone line. Identify the connectors and attach the cables Identify the connectors and switches on the back panel and attach the necessary Netopia Router cables. 1 Ethernet 2 Line 3 Power Ethernet 4 1.
Making the Physical Connections 2-3 Netopia R310 ISDN Router Back Panel Ports The figure below displays the back of the Netopia R310 ISDN Router. Netopia R310 ISDN Router back panel Ethernet 4 3 Uplink 2 1 Line Console 4-port Ethernet hub Line port Console port Power Power port The following table describes all the Netopia R310 ISDN Router back panel ports. Port Description Power port Line port Console port 4-port Ethernet hub A power adapter cable connection.
2-4 User’s Reference Guide Netopia R310 ISDN Router Status Lights The figure below represents the Netopia R310 status light (LED) panel. Netopia R310 LED front panel 8 9 10 11 12 13 14 16 18 20 M a n a g e m C R e h e n C an a t h n d a e y n l n 1 e l 2 T C r o a ll ffi is c io n P o w e r 1 WAN Link/Receive Ethernet The following table summarizes the meaning of the various LED states and colors: When this happens...
Setting up your Router with the SmartStart Wizard 3-1 Chapter 3 Setting up your Router with the SmartStart Wizard Once you’ve connected your router to your computer and your telecommunications line and installed a web browser, you’re ready to run the Netopia SmartStart™ Wizard. The SmartStart Wizard will help you set up the router and share the connection.
3-2 User’s Reference Guide Before running SmartStart Be sure you have connected the cables and power source as described in “Identify the connectors and attach the cables” on page 2-2. Before you launch the SmartStart application, make sure your computer meets the following requirements: PC System software Connectivity software Windows 95, 98, or NT operating system Macintosh MacOS 7.5 or later MacTCP or Open Transport TCP/IP must be installed and properly configured.
Setting up your Router with the SmartStart Wizard 3-3 Setting up your Router with the SmartStart Wizard The SmartStart Wizard is tailored for your platform, but it works the same way on either a PC or a Macintosh. Insert the Netopia CD, and in the desktop navigation screen that appears, launch the SmartStart Wizard application. SmartStart Wizard configuration screens The screens described in this section are the default screens shipped on the Netopia CD. They derive from two initialization (.
3-4 User’s Reference Guide Easy or Advanced options screen. You can choose either Easy or Advanced setup. ■ If you choose Easy, SmartStart automatically uses the preconfigured IP addressing setup built into your router. This is the best choice if you are creating a new network or don’t already have an IP addressing scheme on your new network. If you choose Easy, you will see a “Connection Test screen,” like the one shown below while SmartStart checks the connection to your router.
Setting up your Router with the SmartStart Wizard 3-5 When the test is successful, SmartStart presents you with a different screen, depending on the type of router you are configuring. ■ You may see the “ISDN Switch Type screen,” shown below, displaying the possible switch types available for your region.
3-6 User’s Reference Guide ■ Optionally, an alternate DNS if your ISP provided one If you select Manual Entry, the “Connection Profile screen,” shown below appears. Internet Service Provider Selection screen. Select an ISP from the list of Netopia ISP partners who have provided information for automatic setup. Choose Generic ISP if your ISP is not included on the list. If you don’t already have an account with the selected ISP, call and order service using the listed customer service telephone number.
Setting up your Router with the SmartStart Wizard 3-7 Name and Password screen. Enter the username and password that identifies you to your ISP. Note: Some automated profiles already specify name and password for you. in this case, the screen is filled out for you and automatically skipped. When you have done this, click Next. The SmartStart Wizard then posts your connection profile information to your router. Now the “Connection Profile Test screen,” (shown below) appears.
3-8 User’s Reference Guide Advanced option Router IP Address screen. If you selected the Advanced option in the “Easy or Advanced options screen” on page 3-4, SmartStart asks you to choose between entering the router’s current IP address and assigning an IP address to the router. If the router has already been assigned an IP address, select the first radio button. If you do this, the “Known IP Address screen,” appears (shown below.
Setting up your Router with the SmartStart Wizard 3-9 New IP Address screen. If you want to change the router’s IP address, you enter the new IP address, the subnet mask, and the router’s serial number in this screen. Remember, the serial number is on the bottom of the router. Note: Forcing a new IP address may turn off the Netopia R310’s IP address serving capabilities, if you assign an IP address and subnet mask outside the router’s current IP address serving pool.
3-10 User’s Reference Guide 1. Go to the Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Configuration tab. 2. Select TCP/IP-->Your Network Card. Then select Properties. In the TCP/IP Properties screen (shown below), select the IP Address tab. Click “Obtain an IP Address automatically.” 3. Click on the DNS Configuration tab. Click Disable DNS. DNS will be assigned by the router with DHCP. 4.
Setting up your Router with the SmartStart Wizard 3-11 Static configuration (optional) If you are manually configuring for a fixed or static IP address, perform the following: 1. Go to Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Configuration tab. 2. Select TCP/IP-->Your Network Card. Then select Properties. In the TCP/IP Properties screen (shown below), select the IP Address tab. Click “Specify an IP Address.
3-12 User’s Reference Guide 3. Click on the Gateway tab (shown below). Under “New gateway,” enter 192.168.1.1. Click Add. This is the Netopia R310’s pre-assigned IP address. Click on the DNS Configuration tab. Click Enable DNS. Enter the following information: Host: Type the name you want to give to this computer. Domain: Type your domain name. If you don't have a domain name, type your ISP's domain name; for example, netopia.com.
Setting up your Router with the SmartStart Wizard 3-13 1. Go to the Apple menu. Select Control Panels and then TCP/IP. 2. With the TCP/IP window open, go to the Edit menu and select User Mode. Choose Basic and click OK. 3. In the TCP/IP window, select “Connect via: Ethernet” and “Configure: Using DHCP Server.” Note: You can also use these instructions to configure other computers on your network to accept IP addresses served by the Netopia R310.
3-14 User’s Reference Guide 3. In the TCP/IP window or in the MacTCP/More window, select or type information into the fields as shown in the following table. Option: Connect via: Configure: IP Address: Subnet mask: Router address: Name server address: Implicit Search Path: Starting domain name: Select/Type: Ethernet Manually 192.168.1.2 255.255.255.0, or for 12-user models, 255.255.255.240 192.168.1.
Connecting Your Local Area Network 4-1 Chapter 4 Connecting Your Local Area Network This chapter describes how physically to connect the Netopia R310 ISDN Router to your local area network (LAN). Before you proceed, make sure the Netopia R310 is properly configured. You can customize the Router’s configuration for your particular LAN requirements using Console-based Management (see “Console-based Management” on page 5-1).
4-2 User’s Reference Guide Once the Netopia R310 is properly configured and connected to your LAN, PC and Macintosh computers that have their required components in place will be able to connect to the Internet or other remote IP networks. Connecting to an Ethernet network You can connect the Netopia R310 to an IP network that uses Ethernet. The Netopia R310 supports Ethernet connections through its four Ethernet ports. The Router automatically detects which Ethernet port is in use.
Console-based Management 5-1 Chapter 5 Console-based Management This chapter describes how to use the Console-based management screens on your Netopia R310 ISDN Router. The console screens provide an alternate method for experienced users to configure their router without using SmartStart. After completing the Easy Setup console screens, your router will be ready to connect to the Internet or another remote site.
5-2 User’s Reference Guide Note about screen differences. Netopia R310 models offering different feature sets will have variations in the fields on certain screens. For example, there are switched (dial-up ISDN) and leased (Synchronous/Asynchronous and T1) line models, as well as models that offer feature subsets such as SmartIP (Network Address Translation and DHCP). Your own console screens may look different from those illustrated in this manual.
Console-based Management 5-3 Note: Alternatively, you can have a direct serial console cable connection using the provided console cable for your platform (PC or Macintosh) and the “Console” port on the back of the router. For more information on attaching the console cable, see “Connecting a local terminal console cable to your router,” below.
5-4 User’s Reference Guide with the operating system. ■ If you connect a Macintosh computer, you can use the ZTerm terminal emulation program on the supplied Netopia R310 CD. Launch your terminal emulation software and configure the communications software for the following values. These are the default communication parameters that the Netopia R310 uses.
Console-based Management 5-5 Navigating through the console screens Use your keyboard to navigate the Netopia R310’s configuration screens, enter and edit information, and make choices. The following table lists the keys to use to navigate through the console screens. To... Use These Keys...
5-6 User’s Reference Guide
Easy Setup 6-1 Chapter 6 Easy Setup This chapter describes how to use the Easy Setup console screens on your Netopia R310 ISDN Router. The Easy Setup console screens provide an alternate method for experienced users to set up their router’s Connection Profiles without using SmartStart. After completing the Easy Setup console screens, your router will be ready to connect to the Internet or another remote site.
6-2 User’s Reference Guide A screen similar to the following appears: Netopia R310 v4.6 Easy Setup... WAN Configuration... System Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... Return/Enter goes to Easy Setup -- minimal configuration. You always start from this main screen.
Easy Setup 6-3 Beginning Easy Setup To begin Easy Setup, select Easy Setup in the Main Menu, then press Return. The Easy Setup screen appears. EuroISDN/ETSI ISDN Easy Setup Circuit Type... Switch Type... ISDN, Switched EuroISDN/ETSI Detected Directory Number 1: Directory Number 2: 5088324614 5088324615 Detected Detected PBX Prefix: Data Link Encapsulation... PPP TO MAIN MENU NEXT SCREEN Return/Enter to select ... Enter information supplied to you by your ISDN phone company.
6-4 User’s Reference Guide 2. Select Switch Type and press Return. From the pop-up menu, select the switch protocol your ISDN service provider uses. For European countries other than the United Kingdom, use the EuroISDN/ETSI setting. United Kingdom users select United Kingdom - EuroISDN. 3. Select Directory Number 1. The router attempted to detect your Directory Number(s) when you selected Auto-Detect in Step 1.
Easy Setup 6-5 Easy Setup Profile The Easy Setup Connection Profile screen is where you configure the parameters that control the ISDN Netopia Router’s connection to a specific remote destination, usually another network. Connection Profile 1: Easy Setup Profile Number to Dial: Address Translation Enabled: Yes Local WAN IP Address: 0.0.0.0 Remote IP Address: Remote IP Mask: 127.0.0.2 255.0.0.0 PPP Authentication...
6-6 User’s Reference Guide When using unnumbered interfaces, the Netopia Router will use either its local Ethernet IP address or its NAT address (if so configured) and subnet mask to send packets to the remote router. Neither router has a WAN IP address or subnet mask associated with this connection. Note: If your ISP has not given you their IP or subnet mask addresses, then you may enter an IP address such as 127.0.0.2, and an IP subnet mask such as 255.0.0.0.
Easy Setup 6-7 IP Easy Setup The IP Easy Setup screen is where you enter information about your Netopia Router’s: ■ IP address ■ Subnet mask ■ Default gateway IP address ■ Domain name server IP address ■ IP address serving information, such as the number of client IP addresses and the 1st client address; and You should consult with your network administrator to obtain the information you will need.
6-8 User’s Reference Guide 5. The Default IP Gateway defaults to the remote IP address you entered in the Easy Setup connection profile. If the Netopia Router does not recognize the destination of any IP traffic, it forwards that traffic to this gateway – set to 127.0.0.2 if your ISP does not otherwise specify. Do not confuse the remote IP address and the default gateway’s IP address with the block of local IP addresses you receive from your ISP.
Easy Setup 6-9 Easy Setup Security Configuration It is strongly suggested that you password-protect configuration access to your Netopia. By entering a Name and Password pair here, access via serial, PC Card, Telnet, SNMP and Web Server will be password-protected. Be sure to remember what you have typed here, because you will be prompted for it each time you configure this Netopia.
6-10 User’s Reference Guide
Part II: Advanced Configuration
User’s Reference Guide
WAN and System Configuration 7-1 Chapter 7 WAN and System Configuration This chapter describes how to use the console-based management screens to access and configure advanced features of your Netopia R310 ISDN Router. You can customize these features for your individual setup. These menus provide a powerful method for experienced users to set up their router’s connection profiles and system configuration.
7-2 User’s Reference Guide The Add Connection Profile screen appears. Add Connection Profile Profile Name: Profile Enabled: Profile 02 Yes IP Enabled: IP Profile Parameters... Yes Data Link Encapsulation... Data Link Options... PPP Telco Options... ADD PROFILE NOW CANCEL Return accepts * ESC cancels * Left/Right moves insertion point * Del deletes. Configure a new Conn. Profile. Finished? ADD or CANCEL to exit.
WAN and System Configuration 7-3 4. Toggle or enter any IP Parameters you require and return to the Add Connection Profile screen by pressing Escape. For more information, see “IP Setup and Network Address Translation” on page 9-1. 5. Select Datalink Options and press Return. The Datalink Options screen appears. Datalink (PPP/MP) Options Data Compression... Ascend LZS Send Authentication... PAP Send User Name: Send Password: Receive User Name: Receive Password: Channel Usage...
7-4 User’s Reference Guide 6. Select Telco Options and press return. the Telco Options screen appears. Telco Options Initiate Data Service... 64 kb/sec Dial... Dial In/Out Number to Dial: Alternate Site to Dial: Dial on Demand: Idle Timeout (seconds): Yes 300 CNA Validation Number: Callback: No Maximum connect time (HH:MM): 0:00 Return/Enter to select data rate/class of service. In this Screen you configure options for the ways you will establish a link. Select Dial and press Return.
WAN and System Configuration 7-5 If you want to view the Connection Profiles in your router, return to the WAN Configuration screen, and select Display/Change Connection Profile. The list of Connection Profiles is displayed in a scrolling pop-up screen. WAN Configuration +-Profile Name---------------------IP Address----------------+ +------------------------------------------------------------+ | SmartStart Profile 127.0.0.2 | | Profile 02 0.0.0.
7-6 User’s Reference Guide Customizing the Default Profile The Default Profile screen controls whether or not an ISDN link will come up without an explicitly configured connection profile. See “Creating a new Connection Profile” on page 7-1 for more information. You access the Default Profile screen from the Main Menu by selecting WAN Configuration and then selecting Default Profile. Main Menu WAN Configuration Default Profile The Default Profile screen appears.
WAN and System Configuration 7-7 IP parameters (default profile) screen The IP Parameters (Default Profile) screen allows you to configure various IP parameters for ISDN connections established without an explicitly configured connection profile: IP Parameters (Default Profile) Default Subnet Mask: 0.0.0.0 Filter Set (Firewall)... Remove Filter Set Receive RIP: Transmit RIP: Both v2 (multicast) The Netopia R310 ISDN Router always acts as a DHCP client on the ISDN link when using a Default Profile.
7-8 User’s Reference Guide IP Parameters (Default Profile) Default Subnet Mask: 0.0.0.0 Filter Set (Firewall)... Remove Filter Set Receive RIP: Transmit RIP: TX RIP Policy... +------------------+ +------------------+ | Poison Reverse | | Split Horizon | | No Split Horizon | +------------------+ If you choose to transmit RIP, the TX RIP Policy pop up menu appears. You can select Poison Reverse (the default), Split Horizon, or No Split Horizon.
WAN and System Configuration 7-9 Choose Interface to Configure Configuration Changes Reset WAN Connection: Yes When you toggle Configuration Changes Reset WAN Connection using the Tab key and press Return, a pop-up window asks you to confirm your choice. Choose Interface to Configure +----------------------------------------------------+ +----------------------------------------------------+ | The Router must be restarted to allow this feature | | to function properly.
7-10 User’s Reference Guide System Configuration screens ISDN Line Configuration Circuit Type... Switch Type... ISDN, Switched AT&T 5ESS Pt-to-Pt Directory Number 1: 555-1234 PBX Prefix: Data Link Encapsulation... PPP Data Rate (kbps)... 38.4 Return/Enter to select ... Enter information supplied to you by your ISDN phone company.
WAN and System Configuration 7-11 The console screen will open to the Main Menu, similar to the screen shown below: Netopia R310 v4.6 Easy Setup... WAN Configuration... System Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... Return/Enter goes to Easy Setup -- minimal configuration. You always start from this main screen. System Configuration features SmartStart may be all you need to configure your Netopia R310.
7-12 User’s Reference Guide Layer Category Protocol Layer Datalink Layer Physical Layer Parameter Type IP Parameters PPP/MP Parameters Telco Parameters Options Default settings Filter Sets: Basic Firewall RIP Receive/Transmit options: Off Data Compression: Ascend LZS Send Authentication: PAP Channel Usage: Dynamic Bandwidth Allocation: BAP Maximum Packet Size: 1500 Dial is set to: Dial In/Out Dial On Demand is set to: Yes Callback is set to: No Idle Time-out is set for: 300 sec
WAN and System Configuration 7-13 Network Protocols Setup These screens allow you to configure your network’s use of IP. ■ Details are given in “IP Setup and Network Address Translation” on page 9-1. Filter Sets (Firewalls) These screens allow you to configure security on your network by means of filter sets and a basic firewall. ■ Details are given in “Security” on page 12-1. IP Address Serving These screens allow you to configure IP Address serving on your network by means of DHCP, WANIP, and BootP.
7-14 User’s Reference Guide 3. Select AM or PM and choose AM or PM. Console Configuration You can change the default terminal communications parameters to suit your requirements. To go to the Console Configuration screen, select Console Configuration in the System Configuration screen. Console Configuration Baud Rate... 9600 Hardware Flow Control: No SET CONFIG NOW CANCEL Follow these steps to change a parameter’s value: 1. Select the parameter you want to change. 2.
WAN and System Configuration 7-15 SNMP (Simple Network Management Protocol) These screens allow you to monitor and configure your network by means of a standard Simple Network Management Protocol (SNMP) agent. ■ Details are given in “SNMP” on page 11-10. Security These screens allow you to add users and define passwords on your network. ■ Details are given in “Security” on page 12-1.
7-16 User’s Reference Guide By default, all events are logged in the event history. ■ By toggling each event descriptor either Yes or No, you can determine which ones are logged and which are ignored. ■ You can enable or disable the syslog client dynamically. When enabled, it will report any appropriate and previously unreported events. ■ You can specify the syslog server’s address either in dotted decimal format or as a DNS name up to 63 characters.
Call Accounting and Default Answer Profile 8-1 Chapter 8 Call Accounting and Default Answer Profile You can set a Netopia Router to make scheduled connections using designated connection profiles. This is useful for creating and controlling regularly scheduled periods when the router can be used by hosts on your network. It is also useful for once-only connections that you want to schedule in advance. The Netopia R310 ISDN Router can also answer calls as well as initiate them.
8-2 User’s Reference Guide Call Accounting Configuration Enable Call Accounting: On Day for auto-reset of timers: 12 Maximum Aggregate connect time: 12:00 To enable call accounting, follow these steps: 1. Select Enable Call Accounting and toggle it to On. 2. Select Day for auto-reset of timers and enter the day of the month for the Router to reset the Call Accounting Statistics. 3.
Call Accounting and Default Answer Profile 8-3 The Call Accounting Statistics screen appears. Call Accounting Statistics Aggregate Statistics... Profile Statistics... If you select Aggregate Statistics, the following screen appears. Call Accounting Aggregate Statistics Total First Minutes: Total Additional Time (HH:MM): 0 0:00 Remaining Time (HH:MM): 12:00 RESET AGGREGATE MINUTE COUNTERS Hit Return or Enter to reset Total First/Additional Time.
8-4 User’s Reference Guide ■ You can reset the counters by selecting RESET AGGREGATE MINUTE COUNTERS. A dialog box will ask you to confirm the reset. Select CONTINUE to reset the counters or CANCEL to leave them as is. If you select Profile Statistics, the following screen appears.
Call Accounting and Default Answer Profile 8-5 Scheduled Connections Display/Change Scheduled Connection... Add Scheduled Connection... Delete Scheduled Connection... Navigate from here to add/modify/change/delete Scheduled Connections. Viewing scheduled connections To display a table of view-only scheduled connections, select Display/Change Scheduled Connection in the Scheduled Connections screen. Each scheduled connection occupies one row of the table.
8-6 User’s Reference Guide The other columns show: ■ The time of day that the connection will Begin At ■ The duration of the connection (HH:MM) ■ Whether it’s a recurring Weekly connection or used Once Only ■ Which connection profile (Conn. Prof.) is used to connect ■ Whether the scheduled connection is currently Enabled The router checks the date and time set in scheduled connections against the system date and time.
Call Accounting and Default Answer Profile 8-7 ■ ■ Demand-Allowed, meaning that this schedule will permit a demand call on the line. ■ Demand-Blocked, meaning that this schedule will prevent a demand call on the line. ■ Periodic, meaning that the connection is retried several times during the scheduled time. If How Often is set to Weekly, the item directly below How Often reads Set Weekly Schedule. If How Often is set to Once Only, the item directly below How Often reads Set Once-Only Schedule.
8-8 User’s Reference Guide Set Once-Only Schedule If you set How Often to Once Only, select Set Once-Only Schedule and go to the Set Once-Only Schedule screen. Set Once-Only Schedule ■ Place Call on (MM/DD/YY): 05/07/1998 Scheduled Window Start Time: AM or PM: 11:50 AM Scheduled Window Duration: 00:00 Select Place Call On (Date) and enter a date in the format MM/DD/YY or MM/DD/YYYY (month, day, year). Note: You must enter the date in the format specified. The slashes are mandatory.
Call Accounting and Default Answer Profile 8-9 Modifying a scheduled connection To modify a scheduled connection, select Change Scheduled Connection in the Scheduled Connections screen to display a table of scheduled connections. Select a scheduled connection from the table and go to the Change Scheduled Connection screen. The parameters in this screen are the same as the ones in the Add Scheduled Connection screen (except that ADD SCHEDULED CONNECTION and CANCEL do not appear).
8-10 User’s Reference Guide Customizing the default profile You can customize the Netopia Router’s default profile in the Default Answer Profile screen under the WAN Configuration menu. Main Menu 1. WAN Configuration Default Answer Profile Select Default Answer Profile in the WAN Configuration screen. Press Return. The Default Profile screen appears. Default Answer Profile Calling Number Authentication... Force 56k on Answer: Preferred No Must Match a Defined Profile: Yes PPP Authentication...
Call Accounting and Default Answer Profile 8-11 CNA works by checking the calling number that the Netopia Router receives during the initial setup phase of an incoming call against a set of stored numbers. Each number in the stored set is defined in a specific connection profile. When a match occurs, the incoming call is handled by the connection profile containing the matched number. Using CNA can also provide cost savings because calls are not billed during the CNA phase.
8-12 User’s Reference Guide If a remote network has a non-standard mask (that is, it uses subnetting), the only way for it to successfully connect to the Netopia Router is by matching a connection profile. In other words, you will have to set up a connection profile for that network.
IP Setup and Network Address Translation 9-1 Chapter 9 IP Setup and Network Address Translation The Netopia R310 uses Internet Protocol (IP) to communicate both locally and with remote networks. This chapter shows you how to configure the router to route IP traffic. You also learn how to configure the router to serve IP addresses to hosts on your local network. Netopia’s SmartIP features IP address serving and Network Address Translation.
9-2 User’s Reference Guide Features MultiNAT features can be divided into several categories that can be used simultaneously in different combinations on a per-Connection Profile basis. The following is a general description of these features: Port Address Translation The simplest form of classic Network Address Translation is PAT (Port Address Translation).
IP Setup and Network Address Translation 9-3 Dynamic mapping Dynamic mapping, often referred to as Many-to-Few, offers an extension to the advantages provided by Static mapping. Instead of requiring a one to one association of public addresses and private addresses, as is required in Static mapping, Dynamic mapping uses a group of public IP addresses to dynamically allocate static mappings to private hosts that are communicating with the public network.
9-4 User’s Reference Guide Available for Dynamic NAT Used for Normal NAT 172.16.1.29 172.16.1.28 172.16.1.27 172.16.1.26 172.16.1.25 WAN Network 192.168.1.16 192.168.1.15 192.168.1.14 192.168.1.13 192.168.1.12 192.168.1.11 192.168.1.10 192.168.1.9 192.168.1.8 192.168.1.7 192.168.1.6 192.168.1.5 192.168.1.4 192.168.1.3 LAN Network 192.168.1.
IP Setup and Network Address Translation 9-5 206.1.1.1 206.1.1.2 206.1.1.3 206.1.1.4 206.1.1.5 206.1.1.6 192.168.1.1 Public Addresses 206.1.2.1 – 6 (possible later) } Private Addresses IP Host NAT Type 192.168.1.253 192.168.1.254 Web/FTP Server Email Server 1:1 Static 1:1 Static 192.168.1.1 – 252 LAN Users 1:1 Dynamic 192.168.1.1 – 252 LAN Users 1:Many PAT 192.168.1.1 – 252 LAN Users 1:1 Dynamic In order to support this type of mapping, you define two address ranges.
9-6 User’s Reference Guide Supported traffic MultiNat supports the following IP protocols: ■ PAT: TCP/UDP traffic which does not carry source or destination IP addresses or ports in the data stream (i.e., HTTP, telnet, ‘r’ commands, tftp, NFS, NTP, SMTP, NNTP, etc.). ■ Static NAT: All IP protocol traffic which does not carry or otherwise rely on the source or destination IP addresses in the data stream.
IP Setup and Network Address Translation 9-7 When you exit this screen the two map lists, Easy-PAT List and Easy-Servers, are created by default and NAT configuration becomes effective.This will map all your private addresses (0.0.0.0 through 255.255.255.255) to your public address. These map lists are bound to the Easy Setup Profile. See “Binding Map Lists and Server Lists” on page 9-20. This is all you need to do if you want to continue to use a single PAT, or 1-to-many, NAT configuration.
9-8 User’s Reference Guide IP Setup Ethernet IP Address: Ethernet Subnet Mask: Define Additional Subnets... 192.168.1.1 255.255.255.0 Default IP Gateway: 0.0.0.0 Primary Domain Name Server: 0.0.0.0 Domain Name: isp.com Receive RIP: Transmit RIP: Static Routes... Both Off IP Address Serving Setup Network Address Translation (NAT)... Filter Sets... Enter an IP address in decimal and dot form (xxx.xxx.xxx.xxx). Set up the basic IP attributes of your Netopia in this screen.
IP Setup and Network Address Translation 9-9 NAT rules The following rules apply to assigning NAT ranges and server lists: ■ Static public address ranges must not overlap other static, PAT, public addresses or the public address assigned to the router’s WAN interface. ■ A PAT public address must not overlap any static address ranges. It may be the same as another PAT address or server list address, but the port range must not overlap.
9-10 User’s Reference Guide ■ ■ If you choose static as the range type, a new menu item, First Public Address, becomes visible. Select First Public Address and enter the first exterior IP address in the range you want to assign. Select Last Public Address and enter an IP address at the end of the range. Select ADD NAT PUBLIC RANGE and press Return. The range will be added to your list and you will be returned to the Network Address Translation screen.
IP Setup and Network Address Translation 9-11 ■ Select First and Last Private Address and enter the first and last interior IP addresses you want to assign to this mapping. ■ Select Use NAT Public Range and press Return. A screen appears displaying the public ranges you have defined. Add NAT Map ("my_map") +-Public Address Range------------Type----Name-------------+ +----------------------------------------------------------+ | 0.0.0.0 -pat Easy-PAT | | 206.1.1.6 -pat my_first_range | | 206.1.1.1 206.1.
9-12 User’s Reference Guide ■ Select ADD NAT MAP and press Return. Your mapping is added to your map list. Modifying map lists You can make changes to an existing map list after you have created it. Since there may be more than one map list you must select which one you are modifying. From the Network Address Translation screen select Show/Change Map List and press Return. ■ Select the map list you want to modify from the popup menu.
IP Setup and Network Address Translation 9-13 ■ Add Map allows you to add a new map to the map list. ■ Show/Change Maps allows you to modify the individual maps within the list. ■ Delete Map allows you to delete a map from the list. ■ Move Map allows you to change the priority order in which the map is evaluated within the list. See “Moving maps” on page 9-14. Selecting Show/Change Maps, Delete Map, or Move Map displays the same pop-up menu.
9-14 User’s Reference Guide Make any modifications you need and then select CHANGE NAT MAP and press Return. Your changes will become effective and you will be returned to the Show/Change NAT Map List screen. Moving maps The Move Maps screen permits reordering the priority of maps in a map list. Since the maps are read from top to bottom, those at the top have the highest priority, those at the bottom have the lowest.
IP Setup and Network Address Translation 9-15 Show/Change NAT Map List +---Private Address Range---------Type----Public Address Range------------+ +-------------------------------------------------------------------------+ | 192.168.1.2 192.168.1.252 dynamic 206.1.1.3 206.1.1.252 | | 192.168.1.1 192.168.1.251 pat 206.1.1.6 -| | 192.168.1.252 192.168.1.253 static 206.1.1.1 206.1.1.
9-16 User’s Reference Guide ■ Select Server List Name and type in a descriptive name. A new menu item, Add Server, appears. ■ Select Add Server and press Return. The Add NAT Server screen appears. Add NAT Server ("my_servers") Service... ■ Server Private IP Address: 192.168.1.45 Public IP Address: 206.1.1.1 ADD NAT SERVER CANCEL Select Service and press Return. A pop-up menu appears listing a selection of commonly exported services.
IP Setup and Network Address Translation 9-17 Other Exported Port First Port Number (1..65535): 31337 Last Port Number (1..65535): 31337 OK ■ ■ CANCEL Enter the First and Last Port Number between ports 1 and 65535. Select OK and press Return. You will be returned to the Add NAT Server screen. Enter the Server Private IP Address of the server whose service you are exporting.
9-18 User’s Reference Guide ■ Select the Server List Name you want to modify from the pop-up menu and press Return. Network Address Translation +-NAT Server List Name-+ +----------------------+ A| my_servers | S| |.. D| | | | A| | S| | D| | | | A| | S| |. D| | | | | | | | | | | | +----------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. The Show/Change NAT Server List screen appears. Show/Change NAT Server List Server List Name: my_servers Add Server...
IP Setup and Network Address Translation 9-19 Show/Change NAT Server List +-Private Address--Public Address----Port------------+ +----------------------------------------------------+ Se| 192.168.1.254 206.1.1.6 smtp | | 192.168.1.254 206.1.1.5 smtp | | 192.168.1.254 206.1.1.4 smtp | Ad| 192.168.1.254 206.1.1.3 smtp | | 192.168.1.254 206.1.1.
9-20 User’s Reference Guide A pop-up menu lists your configured servers. Select the one you want to delete and press Return. A dialog box asks you to confirm your choice. Show/Change NAT Server List +-Internal Address-External Address--Port------------+ +----------------------------------------------------+ Se| 192.168.1.254 206.1.1.
IP Setup and Network Address Translation 9-21 IP Profile Parameters Address Translation Enabled: IP Addressing... Yes Unnumbered NAT Map List... NAT Server List... Easy-PAT List Easy-Servers Local WAN IP Address: 206.1.1.6 Remote IP Address: Remote IP Mask: 127.0.0.2 255.255.255.255 Filter Set... Remove Filter Set NetBIOS Filter Receive RIP: Both Return/Enter to select ... Configure IP requirements for a remote network connection here. ■ Select NAT Map List and press Return.
9-22 User’s Reference Guide IP Profile Parameters +-NAT Server List Name-+ +----------------------+ Address Trans| Easy-Servers |s IP Addressing| my_servers |mbered | <> | NAT Map List.| |sy PAT NAT Server Li| | | | Local WAN IP | |0.0.0 Local WAN IP | |0.0.0 Remote IP Add| |7.0.0.2 Remote IP Mas| |5.255.255.255 | | Filter Set...| |tBIOS Filter Remove Filter| | | | Receive RIP: | |th | | +----------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
IP Setup and Network Address Translation 9-23 NAT Associations Profile/Interface Name-------------Nat?-Map List Name-----Server List Name Default Answer Profile On my_first_map my_servers Easy Setup Profile On Easy-PAT my_servers Profile 01 On my_second_map my_servers Profile 02 On my_first_map my_server_list Profile 03 On <> <> ■ You can toggle NAT? On or Off for each Profile/Interface name. You do this by navigating to the NAT? field associated with each profile using the arrow keys.
9-24 User’s Reference Guide MultiNAT Configuration Example To help you understand a typical MultiNAT configuration, this section describes an example of the type of configuration you may want to implement on your site. The values shown are for example purposes only. Make your own appropriate substitutions. A typical SDSL service from an ISP might include five user addresses. Without PAT, you might be able to attach only five IP hosts.
IP Setup and Network Address Translation 9-25 Connection Profile 1: Easy Setup Profile Connection Profile Name: Easy Setup Profile Address Translation Enabled: IP Addressing... Yes Numbered Local WAN IP Address: Local WAN IP Mask: 206.1.1.6 255.255.255.248 PREVIOUS SCREEN NEXT SCREEN Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx). Enter basic information about your WAN connection with this screen. Select NEXT SCREEN and press Return. Your IP values are shown here.
9-26 User’s Reference Guide Select Show/Change Public Range, then Easy-PAT Range, and press Return. Enter the value your ISP assigned for your public address (206.1.1.6, in this example). Toggle Type to pat. Your public address is then mapped to the remaining private IP addresses using PAT. (If you were not using the Easy-PAT Range and Easy-PAT List that is created by default by using Easy Setup, you would have to define a public range and Map List.
IP Setup and Network Address Translation 9-27 Select ADD NAT PUBLIC RANGE and press Return. You are returned to the Network Address Translation screen. Next, select Show/Change Map List and choose Easy-PAT List. Select Add Map. The Add NAT Map screen appears. (Now the name Easy-PAT List is a misnomer since it has a static map included in its list.) Enter in 192.168.1.1 for the First Private Address and 192.168.1.5 for the Last Private Address. Add NAT Map ("Easy-PAT List") First Private Address: 192.168.
9-28 User’s Reference Guide ■ First, navigate to the Show/Change Map List screen, select Easy-PAT List and then Show/Change Maps. Choose the Static Map you created and change the First Private Address from 192.168.1.1 to 192.168.1.4. Now the router, Web, and Mail servers’ IP addresses are no longer included in the range of static mappings and are therefore no longer accessible to the outside world. Users on the Internet will not be able to telnet, web, SNMP or ping to them.
IP Setup and Network Address Translation 9-29 Note: You need not use this screen if you have only a single Ethernet IP subnet. In that case, you can continue to enter or edit the IP address and subnet mask for the single subnet on the IP Setup screen. This screen displays up to eight rows of two editable columns, preceded by a row number between one and eight. If you have eight subnets configured, there will be eight rows on this screen.
9-30 User’s Reference Guide If you have configured multiple Ethernet IP subnets, the IP Setup screen changes slightly: IP Setup Subnet Configuration... Default IP Gateway: 192.128.117.163 Primary Domain Name Server: Secondary Domain Name Server: Domain Name: 0.0.0.0 0.0.0.0 Receive RIP: Transmit RIP: Static Routes... Both v2 (multicast) Address Serving Setup... Exported Services... Filter Sets... The IP address and Subnet mask items are hidden, and the “Define Additional Subnets...
IP Setup and Network Address Translation 9-31 Static Routes Display/Change Static Route... Add Static Route... Delete Static Route... Configure/View/Delete Static Routes from this and the following Screens. Viewing static routes To display a view-only table of static routes, select Display/Change Static Route in the Static Routes screen. +-Dest. Network---Subnet Mask-----Next Gateway----Priority-Enabled-+ +------------------------------------------------------------------+ | 0.0.0.0 0.0.0.0 163.176.8.
9-32 User’s Reference Guide Priority: An indication whether the Netopia R310 will use the static route when it conflicts with information received from RIP packets. Enabled: An indication whether the static route should be installed in the IP routing table. Adding a static route To add a new static route, select Add Static Route in the Static Routes screen and go to the Add Static Route screen. Add Static Route Static Route Enabled: Yes Destination Network IP Address: 0.0.0.
IP Setup and Network Address Translation 9-33 With RIP Metric you set the number of routers, from 1 to 15, between the sending router and the destination router. The maximum number of routers on a packet’s route is 15. Setting RIP Metric to 1 means that a route can involve 15 routers, while setting it to 15 means a route can only involve one router. ■ Select ADD STATIC ROUTE NOW to save the new static route, or select CANCEL to discard it and return to the Static Routes screen.
9-34 User’s Reference Guide IP address serving Main Menu System Configuration IP Address Serving • Serve DHCP Clients • Serve BootP Clients • Serve Dynamic WAN Clients In addition to being a router, the Netopia R310 is also an IP address server. There are three protocols it can use to distribute IP addresses.
IP Setup and Network Address Translation 9-35 Follow these steps to configure IP Address Serving: ■ If you enabled IP Address Serving either by using SmartStart or in Easy Setup, DHCP, BootP clients, and Dynamic WAN clients are automatically enabled. ■ Select Number of Client IP Addresses and enter the total number of contiguous IP addresses that the Netopia R310 will distribute to the client machines on your local area network.
9-36 User’s Reference Guide DHCP NetBios Options Serve NetBios Type: NetBios Type... Yes Type B Serve NetBios Scope: NetBios Scope: No Serve NetBios Name Server: NetBios Name Server IP Addr: No 0.0.0.0 Configure DHCP-served NetBIOS options here. ■ To serve DHCP clients with the type of NetBIOS used on your network, select Serve NetBIOS Type and toggle it to Yes. ■ From the NetBIOS Type pop-up menu, select the type of NetBIOS used on your network.
IP Setup and Network Address Translation 9-37 Select NetBIOS Name Server IP Address and enter the IP address for the NetBIOS name server. You are now finished setting up DHCP NetBIOS Options. To return to the IP Address Serving screen press the Escape key once. ■ To enable BootP’s address serving capability, select Serve BOOTP Clients and toggle to Yes. Note: Addresses assigned through BOOTP are permanently allocated from the IP Address Serving pool until you release them.
9-38 User’s Reference Guide
Virtual Private Networks (VPN) 10-1 Chapter 10 Virtual Private Networks (VPN) The Netopia R310 Router offers both PPTP and ATMP tunneling support for Virtual Private Networks (VPN). Note: VPN is an optional add-on to the Netopia R310. Order TER/VPN2 from the Netopia Web site at www.netopia.com or from your Netopia reseller.
10-2 Firmware Version 4.6 Addendum Tunneling is a process of creating a private path between a remote user or private network and another private network over some intermediate network, such as the IP-based Internet. A VPN allows remote offices or employees access to your internal business LAN through means of encryption allowing the use of the public Internet to look “virtually” like a private secure network.
Virtual Private Networks (VPN) 10-3 In either case, the Netopia R310 wraps, or encapsulates, information that one end of the tunnel exchanges with the other, in a wrapper called General Routing Encapsulation (GRE), at one end of the tunnel, and unwraps, or decapsulates, it at the other end. Configuring the Netopia R310 for use with either of the two protocols is done through the console-based menu screens.
10-4 Firmware Version 4.6 Addendum About PPTP Tunnels To set up a PPTP tunnel, you create a Connection Profile including the IP address and other relevant information for the remote PPTP partner. You use the same procedure to initiate a PPTP tunnel that terminates at a remote PPTP server or to terminate a tunnel initiated by a remote PPTP client.
Virtual Private Networks (VPN) 10-5 When you define a Connection Profile as using PPTP by selecting PPTP as the datalink encapsulation method, and then select Data Link Options, the PPTP Tunnel Options screen appears. PPTP Tunnel Options PPTP Partner IP Address: Tunnel Via Gateway: 173.167.8.134 0.0.0.0 Data Compression... Authentication...
10-6 Firmware Version 4.6 Addendum ■ You can specify a Send Host Name which is used with Send Secret for authenticating with a remote PNS when the profile is used for initiating a tunnel connection. ■ You must specify a Send Secret (the CHAP term for password), used for authenticating the tunnel when initiating a tunnel connection. ■ You can specify a Receive Host Name which is used with the Receive Secret for authenticating a remote PPTP client.
Virtual Private Networks (VPN) 10-7 Ordinarily, Ping is an excellent troubleshooting tool, but it will not be effective in this circumstance. Instead, use another TCP- or UDP-based network service for troubleshooting. Since the Netopia R310 is capable of serving Telnet and HTTP, we recommend using these services instead of Ping. Encryption Support Encryption is a method for altering user data into a form that is unusable by anyone other than the intended recipient.
10-8 Firmware Version 4.6 Addendum VPN Default Answer Profile The WAN Configuration menu offers a VPN Default Answer Profile option. Use this selection when your router is acting as the server for VPN connections, that is, when you are on the answering end of the tunnel establishment. The VPN Default Answer Profile determines the way the attempted tunnel connection is answered. WAN Configuration WAN (Wide Area Network) Setup... Display/Change Connection Profile... Add Connection Profile...
Virtual Private Networks (VPN) 10-9 ■ For PPTP tunnel connections only, you must define what type of authentication these connections will use. Select Receive Authentication and press Return. A pop-up menu offers the following options: PAP (the default), CHAP, or MS-CHAP. ■ If you chose PAP or CHAP authentication, from the Data Compression pop-up menu select either None (the default) or Standard LZS.
10-10 Firmware Version 4.6 Addendum Dial-Up Networking for VPN Microsoft Windows Dial-Up Networking software permits a remote standalone workstation to establish a VPN tunnel to a PPTP server such as a Netopia R310 located at a central site. Dial-Up Networking also allows a mobile user who may not be connected to a PAC to dial into an intermediate ISP and establish a VPN tunnel to, for example, a corporate headquarters, remotely.
Virtual Private Networks (VPN) 10-11 The Communications window appears. 5. In the Communications window, select Dial-Up Networking and click the OK button. This returns you to the Windows Setup screen. Click the OK button. 6. Respond to the prompts to install Dial-Up Networking from the system disks or CDROM. 7. When prompted, reboot your PC.
10-12 Firmware Version 4.6 Addendum Configuring a Dial-Up Networking profile Once you have created your Dial-Up Networking profile, you configure it for TCP/IP networking to allow you to connect to the Internet through your Internet connection device. Do the following: 1. Double-click the My Computer (or whatever you have named it) icon on your desktop. Open the Dial-Up Networking folder. You will see the icon for the profile you created in the previous section. 2.
Virtual Private Networks (VPN) 10-13 4. 5. Click the TCP/IP Settings button. ■ If your ISP uses dynamic IP addressing (DHCP), select the Server assigned IP address radio button. ■ If your ISP uses static IP addressing, select the Specify an IP address radio button and enter your assigned IP address in the fields provided. Also enter the IP address in the Primary and Secondary DNS fields. Click the OK button in this window and the next two windows.
10-14 Firmware Version 4.6 Addendum Installing the VPN Client Before Installing the VPN Client you must have TCP/IP installed and have an established Internet connection. Windows 95 VPN installation 1. From your Internet browser navigate to the following URL: http://www.microsoft.com/NTServer/nts/downloads/recommended/dunl3win95/releasenotes.aso Download the Microsoft Windows 95 VPN patch dun 1.3 to the Windows 95 computer you intend to use as a VPN client with PPTP. Follow the installation instructions.
Virtual Private Networks (VPN) 10-15 3. Click the Windows Setup tab. The Windows Setup screen will be displayed within the top center box. 4. Double-click Communications. This displays a list of possible selections for the communications option. Active components will have a check in the checkboxes to their left. 5. Check Dial Up Networking at the top of the list and Virtual Private Networking at the bottom of the list. 6.
10-16 Firmware Version 4.6 Addendum About ATMP Tunnels To set up an ATMP tunnel, you create a Connection Profile including the IP address and other relevant information for the remote ATMP partner. ATMP uses the terminology of a foreign agent that initiates tunnels and a home agent that terminates them. You use the same procedure to initiate or terminate an ATMP tunnel. Used in this way, the terms initiate and terminate mean the beginning and end of the tunnel; they do not mean activate and deactivate.
Virtual Private Networks (VPN) 10-17 Add Connection Profile Profile Name: Profile Enabled: Data Link Encapsulation... Data Link Options... IP Enabled: IP Profile Parameters... ADD PROFILE NOW Profile 1 +-------------+ +-------------+ | PPP | | ATM FUNI | | ATMP | | PPTP | +-------------+ CANCEL When you define a Connection Profile as using ATMP by selecting ATMP as the datalink encapsulation method, and then select Data Link Options, the ATMP Tunnel Options screen appears.
10-18 Firmware Version 4.6 Addendum ■ When you specify the ATMP Partner IP Address, and the address is in the same subnet as the Remote IP Address you specified in the IP Profile Parameters, you can specify the route (Tunnel Via Gateway) by which the gateway partner is reached. If you do not specify the ATMP Partner IP Address, the router will use the default gateway to reach the partner and the Tunnel Via Gateway field is hidden. If the partner should be reached via an alternate port (i.e.
Virtual Private Networks (VPN) 10-19 IP Profile Parameters Address Translation Enabled: Yes NAT Map List... NAT Server List... Easy-PAT Easy-Servers Local WAN IP Address: 0.0.0.0 Remote IP Address: Remote IP Mask: 173.167.8.10 255.255.0.0 Filter Set... Remove Filter Set Receive RIP: Both Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx). ■ Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel.
10-20 Firmware Version 4.6 Addendum Allowing VPNs through a Firewall An administrator interested in securing a network will usually combine the use of VPNs with the use of a firewall or some similar mechanism. This is because a VPN is not a complete security solution, but rather a component of overall security. Using a VPN will add security to transactions carried over a public network, but a VPN alone will not prevent a public network from infiltrating a private network.
Virtual Private Networks (VPN) 10-21 PPTP example To enable a firewall to allow PPTP traffic, you must provision the firewall to allow inbound and outbound TCP packets specifically destined for port 1723. The source port may be dynamic, so often it is not useful to apply a compare function upon this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets, enabling transport of the tunnel payload.
10-22 Firmware Version 4.6 Addendum For Input Filter 2 set the Protocol Type to allow GRE as shown below. Change Input Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: GRE In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.
Virtual Private Networks (VPN) 10-23 For Output Filter 2 set the Protocol Type to allow GRE as shown below. Change Output Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.
10-24 Firmware Version 4.6 Addendum ATMP example To enable a firewall to allow ATMP traffic, you must provision the firewall to allow inbound and outbound UDP packets specifically destined for port 5150. The source port may be dynamic, so often it is not useful to apply a compare function on this portion of the control/negotiation packets.
Virtual Private Networks (VPN) 10-25 For Input Filter 2 set the Protocol Type to allow GRE as shown below. Change Input Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: GRE In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.
10-26 Firmware Version 4.6 Addendum For Output Filter 2 set the Protocol Type to allow GRE as shown below. Change Output Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.
Monitoring Tools 11-1 Chapter 11 Monitoring Tools This chapter discusses the Netopia R310’s device and network monitoring tools. These tools can provide statistical information, report on current network status, record events, and help in diagnosing and locating problems.
11-2 User’s Reference Guide General status Quick View Default IP Gateway: 163.176.8.1 Domain Name Server: 163.176.4.31 Domain Name: netopia.com CPU Load: 3% Call Acct: 8/13/1998 03:29:57 PM Unused Memory: 646 KB Disabled ----------------MAC Address--------IP Address--------------------------------Ethernet Hub: 00-00-c5-70-03-48 192.168.1.1 Current WAN Connection Status Profile Name----------Rate--%Use-Remote Address-----Est.
Monitoring Tools 11-3 Current status The current status section is a table showing the current status of the WAN. For example: Current WAN Connection Status ---Profile Name------State---%Use-Remote Address----Est.-More Info---------ISP P1 10 IP 92.163.4.1 Lcl NAT 192.163.100.6 Profile Name: Lists the name of the connection profile being used, if any. State: Lists the ports in use for this connection.
11-4 User’s Reference Guide Statistics & Logs Main Menu Statistics & Logs • General Statistics When you are troubleshooting your Netopia R310, the Statistics & Logs screens provide insight into the recent event activities of the router. From the Main Menu go to Statistics & Logs and select one of the options described in the sections below. General Statistics To go to the General Statistics screen, select General Statistics and press Return. The General Statistics screen appears.
Monitoring Tools 11-5 Physical Interface The top left side of the screen lists total packets received and total packets transmitted for the following data ports: ■ Ethernet Hub ■ ISDN B1 Channel ■ ISDN B2 Channel ■ ISDN D Channel Network Interface The bottom left side of the screen lists total packets received and total packets transmitted. The right side of the table lists the total number of occurrences of each of six types of communication statistics: Rx Bytes.
11-6 User’s Reference Guide WAN Event History The WAN Event History screen lists a total of 128 events on the WAN. The most recent events appear at the top.
Monitoring Tools 11-7 Device Event History The Device Event History screen lists a total of 128 port and system events, giving the time and date for each event, as well as a brief description. The most recent events appear at the top. In the Statistics & Logs screen, select Device Event History. The Device Event History screen appears.
11-8 User’s Reference Guide Statistics & Logs WAN Event History... Device Event History... IP Routing Table... Served IP Addresses... General Statistics... System Information... The IP routing table displays all of the IP routes currently known to the Netopia R310. The routing table represents a “snapshot” of the routing table information at the time the screen is first invoked. To take a new snapshot, select Update at the bottom of the screen and press Return.
Monitoring Tools 11-9 From the Statistics & Logs menu, select Served IP Addresses. The Served IP Addresses screen appears. Served IP Addresses -IP Address-------Type----Expires--Client Identifier-----------------------------------------------------------SCROLL UP----------------------------------192.168.1.100 DHCP 00:36 EN: 00-00-c5-4a-1f-ea 192.168.1.101 DHCP 00:58 EN: 08-00-07-16-0c-85 192.168.1.102 192.168.1.103 192.168.1.104 192.168.1.105 192.168.1.106 192.168.1.107 192.168.1.108 192.168.1.109 192.168.
11-10 User’s Reference Guide ■ Reclaim Declined Addresses: Reclaims served leases that have been declined; for example by devices that may no longer be on the network. System Information The System Information screen gives a summary view of the general system level values in the Netopia R310 ISDN Router. From the Statistics & Logs menu select System Information. The System Information screen appears. System Information Serial Number Firmware Version 07-30-44 (8680437) 4.
Monitoring Tools 11-11 The SNMP Setup screen From the Main Menu, select SNMP in the System Configuration screen and press Return. The SNMP Setup screen appears. Main Menu System Configuration SNMP SNMP Setup System Name: System Location: System Contact: Read-Only Community String: Read/Write Community String: public private Authentication Traps Enable: Off IP Trap Receivers... Configure optional SNMP parameters from here. Follow these steps to configure the first three items in the screen: 1.
11-12 User’s Reference Guide By default, the read-only and read/write community strings are set to “public” and “empty,” respectively. You should change the default community strings to values known only to you and trusted system administrators. To change a community string, select it and enter a new value. Caution! Even if you decide not to use SNMP, you should change the community strings. This prevents unauthorized access to the Netopia R310 through SNMP.
Monitoring Tools 11-13 Setting the IP trap receivers 1. Select Add IP Trap Receiver. 2. Select Receiver IP Address or Domain Name. Enter the IP address or domain name of the SNMP manager you want to receive the trap. 3. Select Community String. Enter whatever community string is appropriate for the traps to be sent to the management station whose IP address or domain name you entered on the previous line. 4. Select Add Trap Receiver Now and press Return. You can add up to seven more receivers.
11-14 User’s Reference Guide
Security 12-1 Chapter 12 Security The Netopia R310 provides a number of security features to help protect its configuration screens and your local network from unauthorized access. Although these features are optional, it is strongly recommended that you use them. This section covers the following topics: ■ “Suggested security measures” on page 12-1, lists actions for blocking potential security holes.
12-2 User’s Reference Guide However, by adding user accounts, you can protect the most sensitive screens from unauthorized access. User accounts are composed of name/password combinations that can be given to authorized users. Caution! You are strongly encouraged to add protection to the configuration screens. Unprotected screens could allow an unauthorized user to compromise the operation of your entire network.
Security 12-3 When you enter your password, you are prompted to confirm it by re-entering it in a pop-up window.
12-4 User’s Reference Guide Add Name With Write Access Enter Name: Enter Password (11 characters max): ADD NAME/PASSWORD NOW CANCEL Follow these steps to configure the new account: 1. Select Enter Name and enter a descriptive name (for example, the user’s first name). 2. Select Enter Password and enter a password. 3. To accept the new name/password combination, select ADD NAME/PASSWORD NOW. To exit the Add Name With Write Access screen without saving the new account, select CANCEL.
Security 12-5 Telnet access Telnet is a TCP/IP service that allows remote terminals to access hosts on an IP network. The Netopia R310 supports Telnet access to its configuration screens. Caution! You should consider password-protecting or restricting Telnet access to the Netopia R310 if you suspect there is a chance of tampering. To password-protect the configuration screens, select Easy Setup from the Main Menu, and go to the Easy Setup Security Configuration screen.
12-6 User’s Reference Guide Each inspector has a specific task. One inspector’s task may be to examine the destination address of all outgoing packages. That inspector looks for a certain destination—which could be as specific as a street address or as broad as an entire country—and checks each package’s destination address to see if it matches that destination. TOR INSPEC ED ROV APP FROM: FROM: TO: FROM: TO: TO: A filter inspects data packets like a customs inspector scrutinizing packages.
Security 12-7 If the package does not match the first inspector’s criteria, it goes to the second inspector, and so on. You can see that the order of the inspectors in the line is very important. For example, let’s say the first inspector’s orders are to send along all packages that come from Rome, and the second inspector’s orders are to reject all packages that come from France. If a package arrives from Rome, the first inspector sends it along without allowing the second inspector to see it.
12-8 User’s Reference Guide Parts of a filter A filter consists of criteria based on packet attributes.
Security 12-9 Equal: For the filter to match, the packet’s port number must equal the port number specified in the filter. Greater Than: For the filter to match, the packet’s port number must be greater than the port number specified in the filter. Greater Than or Equal: For the filter to match, the packet’s port number must be greater than or equal to the port number specified in the filter. Other filter attributes There are three other attributes to each filter: ■ The filter’s order (i.e.
12-10 User’s Reference Guide Proto: The protocol to match. This can be entered as a number (see the table below) or as TCP or UDP if using those protocols. Protocol Number to use Full name N/A 0 Ignores protocol type ICMP 1 Internet Control Message Protocol TCP 6 Transmission Control Protocol UDP 17 User Datagram Protocol Src. Port: The source port to match. This is the port on the sending host that originated the packet. D. Port: The destination port to match.
Security 12-11 4. The filter should be enabled and instructed to block the Telnet packets containing the source address shown in step 2: ■ On? = Yes ■ Fwd = No This four-step process is how we produced the following filter from the original rule: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ | 1 192.211.211.17 0.0.0.
12-12 User’s Reference Guide ■ discarded if all the filters are configured to pass (forward). ■ discarded if the set contains a combination of pass and discard filters. Disadvantages of filters Although using filter sets can greatly enhance network security, there are disadvantages: ■ Filters are complex. Combining them in filter sets introduces subtle interactions, increasing the likelihood of implementation errors. ■ Enabling a large number of filters can have a negative impact on performance.
Security 12-13 IP Filter Sets Display/Change IP Filter Set... Add IP Filter Set... Delete IP Filter Set... Return/Enter to configure and add a new Filter Set Set Up IP Filter Sets (Firewalls) from this and the following Menus. The procedure for creating and maintaining filter sets is as follows: 1. Add a new filter set. 2. Create the filters for the new filter set. 3. View, change, or delete individual filters and filter sets. The sections below explain how to execute these steps.
12-14 User’s Reference Guide Add IP Filter Set Filter Set Name: Filter Set 2 Display/Change Input Filter... Add Input Filter... Delete Input Filter... Display/Change Output Filter... Add Output Filter... Delete Output Filter... ADD FILTER SET CANCEL Configure the Filter Set name and its associated Filters. Naming a new filter set All new filter sets have a default name. The first filter set you add will be called Filter Set 1, the next filter will be Filter Set 2, and so on.
Security 12-15 packet WAN input filter LAN packet output filter The Netopia R-series Router Packets in the Netopia R310 pass through an input filter if they originate in the WAN and through an output filter if they’re being sent out to the WAN. The process for adding input and output filters is exactly the same. The main difference between the two involves their reference to source and destination.
12-16 User’s Reference Guide Add Input Filter Enabled: Forward: Yes No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: ICMP Type Compare... ICMP Type: ICMP Code Compare... ICMP Code: ICMP Equal 0 No Compare 0 ADD THIS FILTER NOW CANCEL Enter a type: 'ICMP', 'UDP', 'TCP', 'Any', or a number between 0 and 255. 1. To make the filter active in the filter set, select Enabled and toggle it to Yes.
Security 12-17 Type Description 0 Echo reply 3 Destination unreachable 8 Echo request 10. Select ICMP Code Compare and choose one of the following options from the pop-up menu: No Compare, Not Equal To, Less Than, Less Than or Equal, Equal, Greater Than or Equal, or Greater Than. 11. In addition to the Type, an 8-bit field, Code, gives more information about the Type. Select ICMP Codes and select more information about the type.
12-18 User’s Reference Guide Modifying filters To modify a filter, select Display/Change Input Filter (Display/ Change Output Filter) in the Add IP Filter Set screen to display a table of filters. Select a filter from the table and press Return to go to the Change Filter screen. The parameters in this screen are the same as the ones in the Add Filter screen (see “Adding filters to a filter set” on page 12-15). Change Filter Enabled: Forward: No No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.
Security 12-19 Change IP Filter Set Filter Set Name: Basic Firewall Display/Change Input Filter... Add Input Filter... Delete Input Filter... Display/Change Output Filter... Add Output Filter... Delete Output Filter... Deleting a filter set Note: If you delete a filter set, all of the filters it contains are deleted as well. To reuse any of these filters in another set, you’ll have to note their configuration before deleting the current filter set and then recreate them.
12-20 User’s Reference Guide The five input filters and one output filter that make up Basic Firewall are shown in the table below. Input filter 1 Input filter 2 Input filter 3 Input filter 4 Input filter 5 Enabled Yes Yes Yes Yes Yes Yes Forward No No Yes Yes Yes Yes Source IP address 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Source IP address mask 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Dest. IP address 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.
Security 12-21 Basic Firewall is suitable for a LAN containing only client hosts that wish to access servers on the WAN, not for a LAN containing servers providing services to clients on the WAN. Basic Firewall’s general strategy is to explicitly pass WAN-originated TCP and UDP traffic to ports greater than 1023. Ports lower than 1024 are the service origination ports for various Internet services such as FTP, Telnet, and the World Wide Web (WWW).
12-22 User’s Reference Guide FTP sessions. To allow WAN-originated FTP sessions to a LAN-based FTP server with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243), insert the following input filter ahead of the current input filter 1: ■ Enabled: Yes ■ Forward: Yes ■ Source IP Address: 0.0.0.0 ■ Source IP Address Mask: 0.0.0.0 ■ Dest. IP Address: a.b.c.d ■ Dest. IP Address Mask: 255.255.255.
Security 12-23 Source Port 2541 Destination Port 80 Protocol TCP ACK Bit Yes DATA User Data This header information is what the packet filter uses to make filtering decisions. It is important to note that a packet filter does not look into the IP datastream (the User Data from above) to make filtering decisions. Basic Protocol Types TCP: Transmission Control Protocol. TCP provides reliable packet delivery and has a retransmission mechanism (so packets are not lost).
12-24 User’s Reference Guide Firewall Logic Firewall design is a test of logic, and filter rule ordering is critical. If a packet is passed through a series of filter rules and then the packet matches a rule, the appropriate action is taken. The packet will not pass through the remainder of the filter rules. For example, if you had the following filter set... Allow WWW access; Allow FTP access; Allow SMTP access; Deny all other packets.
Security 12-25 Incoming Packet: IP 163.176.1.15 BINARY: 10100011.10110000.00000001.00001111 AND the incoming packet and subnet mask together, the result is: 10100011.10110000.00000001.00001111 which matches the IP address in the filter rule and the packet is denied. Implied Rules With a given set of filter rules, there is an Implied rule which may or may not be shown to the user. The implied rule tells the filter set what to do with a packet that does not match any of the filter rules.
12-26 User’s Reference Guide Example IP Filter Set Screen This is an example of the Netopia IP filter set screen: Change Filter Enabled: Forward: Yes No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: TCP Source Port Compare... Source Port ID: Dest. Port Compare... Dest. Port ID: Established TCP Conns. Only: No Compare 0 Equal 2000 No Return/Enter accepts * Tab toggles * ESC cancels.
Security 12-27 Example Network Incoming Packet Filter Netopia Internet IP: 200.1.1.?? DATA Example Filters Example 1 Filter Rule: 200.1.1.0 (Source IP Network Address) 255.255.255.128 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.28 IP Address Binary Representation 200.1.1.28 00011100 (Source address in incoming IP packet) 10000000 (Perform the logical AND) 00000000 (Logical AND result) AND 255.255.255.
12-28 User’s Reference Guide Example 2 Filter Rule: 200.1.1.0 (Source IP Network Address) 255.255.255.128 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.184 IP Address Binary Representation 200.1.1.184 10111000 (Source address in incoming IP packet) 10000000 (Perform the logical AND) 10000000 (Logical AND result) AND 255.255.255.
Security 12-29 Example 4 Filter Rule: 200.1.1.96 (Source IP Network Address) 255.255.255.240 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.104 IP Address Binary Representation 200.1.1.104 01101000 (Source address in incoming IP packet) 11110000 (Perform the logical AND) 01100000 (Logical AND result) AND 255.255.255.
12-30 User’s Reference Guide Token Security Authentication This section discusses how to configure and use security authentication on the Netopia R310. Note: The security authentication feature only applies to Netopia R310 models connecting over a dial-up line using the PPP-PAP-TOKEN or PPP-CACHE-TOKEN authentication protocol. Securing network environments Unauthorized tampering or theft of information on internal networks causes serious ramifications, given the reliance on information systems.
Security 12-31 The Netopia R310 supports the following user configurations for security authentication: ■ Single user, calling a single destination (single session) ■ Single user, calling multiple destinations (two simultaneous and separate sessions) ■ Multiple users, calling a single destination (single session) ■ Multiple users, calling multiple destinations (two simultaneous and separate sessions Security authentication components To properly identify and authenticate an authorized user, the foll
12-32 User’s Reference Guide Datalink (PPP/MP) Options Data Compression... Ascend LZS Send Authentication... PAP-TOKEN Send User Name: Receive User Name: Receive Password: Channel Usage... Dynamic Bandwidth Allocation... Auto Maximum Packet Size: 1500 In this Screen you will configure the PPP/MP specific connection params. 2. Select Send Authentication and press Return. From the pop-up menu, highlight PAP-TOKEN or CACHE-TOKEN.
Security 12-33 Utilities & Diagnostics Ping... Trace Route... Call Accounting... Secure Authentication Monitor... Trivial File Transfer Protocol (TFTP)... X-Modem File Transfer... Revert to Factory Defaults... Restart System... 1. Select Secure Authentication Monitor and press Return. The Secure Authentication Monitor screen appears. 2. Wait for the call to initiate. Secure Authentication Monitor Current Connection Status Profile Name---State---%Use---Remote Address---Est.
12-34 User’s Reference Guide Note: When using CACHE-TOKEN, your passcode is valid for a time interval determined by the network administrator. When this time interval expires, you must provide a new passcode for the call negotiation. When using PAP-TOKEN, your passcode is valid for one call negotiation. For a second call negotiation, you must enter the next passcode provided by the security authentication token card every 60 seconds.
Utilities and Diagnostics 13-1 Chapter 13 Utilities and Diagnostics A number of utilities and tests are available for system diagnostic and control purposes: ■ “Ping” on page 13-2 ■ “Telnet client” on page 13-4 ■ “Trace Route” on page 13-5 ■ “Secure Authentication Monitor” on page 13-6 ■ “Disconnect Telnet Console Session” on page 13-7 ■ “Transferring configuration and firmware files with TFTP” on page 13-7 ■ “Transferring configuration and firmware files with XMODEM” on page 13-10 ■ “Factor
13-2 User’s Reference Guide Ping The Netopia R310 includes a standard Ping test utility. A Ping test generates IP packets destined for a particular (Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender. Ping allows you to see whether a particular IP destination is reachable from the Netopia R310. You can also ascertain the quality and reliability of the connection to the desired destination by studying the Ping test’s statistics.
Utilities and Diagnostics 13-3 While the Ping test is running, and when it is over, a status field and a number of statistical items are active on the screen. These are described below. Status: The current status of the Ping test.
13-4 User’s Reference Guide time send Ping packet 1 Netopia receive Ping packet 1 send return Ping packet 1 Netopia Netopia send Ping packet 2 send return Ping packet 2 Netopia send Ping packet 3 host host receive return Ping packet 2 receive Ping packet 3 send return Ping packet 3 Netopia host receive return Ping packet 1 receive Ping packet 2 Netopia host host host receive return Ping packet 3 Packets Lost: The number of packets unaccounted for, shown in total and as a percentage of total
Utilities and Diagnostics 13-5 The Telnet client screen appears. Telnet Host Name or IP Address: Control Character to Suspend: Q START A TELNET SESSION Enter the IP Address/Domain Name of a host. ■ Enter the host name or the IP address in dotted decimal format of the machine you want to telnet into and press Return. ■ Either accept the default control character "Q" used to suspend the Telnet session, or type a different one. ■ START A TELNET SESSION becomes highlighted.
13-6 User’s Reference Guide Trace Route Host Name or IP Address: Maximum Hops: 30 Timeout (seconds): 5 Use Reverse DNS: Yes START TRACE ROUTE Trace route to a network host. To trace a route, follow these steps: 1. Select Host Name or IP Address and enter the name or address of the destination you want to trace. 2. Select Maximum hops (1..64) to set the maximum number of routers to count between the Netopia Router and the destination router, up to the maximum of 64. The default is 30 hops. 3.
Utilities and Diagnostics 13-7 Disconnect Telnet Console Session If you want to close your Telnet Console session, select Disconnect Telnet Console Session and press Return. A dialog box appears asking you to cancel or continue your selection.
13-8 User’s Reference Guide Trivial File Transfer Protocol (TFTP) TFTP Server Name: Firmware File Name: GET ROUTER FIRMWARE FROM SERVER... Config File Name: GET CONFIG FROM SERVER... SEND CONFIG TO SERVER... TFTP Transfer State -- Idle TFTP Current Transfer Bytes -- 0 The sections below describe how to update the Router’s firmware and how to download and upload configuration files.
Utilities and Diagnostics 13-9 Caution! ■ Be sure the firmware update you load onto your router is the correct version for your particular model. Some models do not support all firmware versions. Loading an incorrect firmware version can permanently damage the unit. ■ Do not manually power down or reset the Netopia R310 while it is automatically resetting or it could be damaged. ■ If you choose to download the firmware, the TFTP Transfer State item will change from Idle to Reading Firmware.
13-10 User’s Reference Guide To upload a configuration file, follow these steps: 1. Select TFTP Server Name and enter the server name or IP address of the TFTP server you will use. The server name or IP address is available from the site where the server is located. 2. Select Config File Name and enter a name for the file you will upload. The file will appear with the name you choose on the TFTP server. You may need to enter a file path along with the file name (for example, Mypc/Netopia/myfile). 3.
Utilities and Diagnostics 13-11 +--------------------------------------------------------------------+ +--------------------------------------------------------------------+ | | | Are you sure you want to send a firmware file to your Netopia? | | If so, when you hit Return/Enter on the CONTINUE button, you will | | have 10 seconds to begin the transfer from your terminal program. | | | | CANCEL CONTINUE | | | +--------------------------------------------------------------------+ 3.
13-12 User’s Reference Guide If you choose CONTINUE, you will have ten seconds to use your terminal emulation software to initiate an XMODEM transfer of the configuration file. If you fail to initiate the transfer in that time, the dialog box will disappear and the terminal emulation software will inform you of the transfer’s failure. You can then try again. The system will reset at the end of a successful file transfer to put the new configuration into effect.
Utilities and Diagnostics 13-13 ISDN Switch Loopback Test The ISDN loopback test is designed to confirm the existence of a working ISDN line and the proper configuration of certain Netopia R310 ISDN Router parameters. This test is available only on switched ISDN lines. Using the first B-channel, the test calls the Netopia R310 on the second B-channel, creating a call loop back to the unit.
13-14 User’s Reference Guide If the loopback test fails Follow these suggestions to track down the reason behind the loopback test’s failure: ■ Check that the WAN Ready LED is solid green. ■ Check the ISDN event log and get more information about events that seem relevant to the failure. ■ Check the B-channel usage in the Quick View screen to make sure there were no active calls when the loopback test was performed.
Part III: Appendixes
User’s Reference Guide
Troubleshooting A-1 Appendix A Troubleshooting This appendix is intended to help you troubleshoot problems you may encounter while setting up and using the Netopia R310. It also includes information on how to contact Netopia Technical Support. Important information on these problems may be found in the event histories kept by the Netopia R310. These event histories can be accessed in the Statistics, Utilities, Tests screen.
A-2 User’s Reference Guide SmartStart Troubleshooting The Status field of the SmartStart application will display information and indicate problems as they are detected. Console connection problems Can’t see the configuration screens (nothing appears) ■ Check the cable connection from the Netopia R310’s console port to the computer being used as a console. ■ Check that the terminal emulation software is accessing the correct port on the computer that’s being used as a console.
Troubleshooting A-3 Power outages If you suspect that power was restored after a power outage, and the Netopia R310 is connected to a remote site, you may need to switch the Netopia R310 off and then back on again. After temporary power outages, a connection that still seems to be up may actually be disconnected. Rebooting the router should reestablish the connection. Technical support Netopia, Inc.
A-4 User’s Reference Guide Phone: 1 800-782-6449 Fax: 1 510-814-5023 Netopia, Inc. Customer Service 2470 Mariner Square Loop Alameda, California 94501 USA Netopia Bulletin Board Service: 1 510-865-1321 Online product information Product information can be found in the following: Netopia World Wide Web server via http://www.netopia.com Internet via anonymous FTP to ftp.netopia.
Setting Up Telco Services B-1 Appendix B Setting Up Telco Services This chapter describes how to obtain telco services from your telephone service provider. This section covers the following topics: ■ “Obtaining an ISDN line” on page B-1 ■ “Completing the ISDN worksheet” on page B-2 Obtaining an ISDN line To obtain an ISDN line: 1. Find an ISDN service provider see below. 2. Choose the type of ISDN line you need see “Choosing an ISDN line” on page B-1 3.
B-2 User’s Reference Guide Setup tips Your ISDN service provider may have the Netopia Router on a list of supported products that have been tested with a particular ISDN line configuration. Your ISDN service provider will know how to set up your line if the Netopia Router is on that list. Switch protocol type To configure the Netopia Router, your ISDN service provider must provide you with the switch protocol type used on your ISDN line.
Setting Up Telco Services B-3 ISDN Telco Worksheet 1. ISDN Service Provider (Telephone Company) contact information Name and Address: ____________________________________________________________________________ ____________________________________________________________________________ Telephone/Fax numbers: _______________________________________________________ E-mail address: _______________________________________________________________ 2.
B-4 User’s Reference Guide
Setting Up Internet Services C-1 Appendix C Setting Up Internet Services This chapter describes how to obtain and set up Internet Services. This section covers the following topics: ■ “Finding an Internet service provider” on page C-1 ■ “Deciding on an ISP account” on page C-2 ■ “Obtaining information from the ISP” on page C-3 Note: Some companies act as their own ISP.
C-2 User’s Reference Guide Pricing and support Compare pricing, service, and technical support service among various ISPs. ISP’s Point of presence Check with your ISP for the location of their nearest point of presence (POP) in reference to your site. In some instances, the ISP that you choose may not offer a POP in your local area. If that is the case, you may incur additional fees for long-distance calls. Endorsements Consider recommendations from colleagues and reviews in publications.
Setting Up Internet Services C-3 Obtaining information from the ISP After your account is set up, the ISP should send you the IP parameter information that will help you to configure the Netopia R310. Local LAN IP address information to obtain With Network Address Translation If you are using SmartIP (NAT), you should obtain the following: ■ If you are dialing out to a remote site using Network Address Translation on your router, your provider will not define the IP address information on your local LAN.
C-4 User’s Reference Guide Remote WAN IP address information to obtain ■ The telephone number of the ISP’s local or nearby dial-up POP (point-of-presence). ■ Remote IP address of router at ISP or other remote site ■ Remote IP subnet mask address of router at ISP or other remote site ■ PPP authentication type for router at the ISP, such as PAP.
Understanding IP Addressing D-1 Appendix D Understanding IP Addressing This appendix is a brief general introduction to IP addressing. A basic understanding of IP will help you in configuring the Netopia R310 and using some of its powerful features, such as static routes and packet filtering. In packets, a header is part of the envelope information that surrounds the actual data being transmitted. In e-mail, a header is usually the address and routing information found at the top of messages.
D-2 User’s Reference Guide IP addresses indicate both the identity of the network and the identity of the individual host on the network. The number of bits used for the network number and the number of bits used for the host number can vary, as long as certain rules are followed. The local network manager assigns IP host numbers to individual machines. IP addresses are maintained and assigned by the InterNIC, a quasi-governmental organization now increasingly under the auspices of private industry.
Understanding IP Addressing D-3 Subnet masks To create subnets, the network manager must define a subnet mask, a 32-bit number that indicates which bits in an IP address are used for network and subnetwork addresses, and which are used for host addresses. One subnet mask should apply to all IP networks that are physically connected together and share a single assigned network number.
D-4 User’s Reference Guide Network configuration Below is a diagram of a simple network configuration. The ISP is providing a Class C address to the customer site, and both networks A and B want to gain Internet access through this address. Netopia R310 B connects to Netopia R310 A and is provided Internet access through Routers A and B. Customer Site A PC 1: IP Address: 192.168.1.3 Subnet Mask: 255.255.255.128 Gateway: 192.168.1.1 Router B: ISP Network Router A: IP Address: 10.0.0.1 Subnet Mask: 255.
Understanding IP Addressing D-5 Background The IP Addresses and routing configurations for the devices shown in the diagram are outlined below. In addition, each individual field and its meaning are described. The “IP Address” and “Subnet Mask” fields define the IP Address and Subnet Mask of the device's Ethernet connection to the network while the “Remote IP” and “Remote Sub” fields describe the IP Address and Subnet mask of the remote router.
D-6 User’s Reference Guide There are two schemes for distributing the remaining IP addresses: ■ Manually give each computer an address ■ Let the Netopia R310 automatically distribute the addresses These two methods are not mutually exclusive; you can manually issue some of the addresses while the rest are distributed by the Netopia R310. Using the Router in this way allows it to function as an address server.
Understanding IP Addressing D-7 Number of Devices (other than Netopia R310) on Local Network Largest Possible Ethernet Subnet Mask 30-61 255.255.255.192 62-125 255.255.255.128 125-259 255.255.255.0 Configuration This section describes the specific IP address lease, renew, and release mechanisms for both the Mac and PC, with either DHCP or MacIP address serving. DHCP Address Serving Windows 95 Workstation: ■ The Win95 workstation requests and renews its lease every half hour.
D-8 User’s Reference Guide MacIP Serving Macintosh Workstation (MacTCP or Open Transport): Once the Mac workstation requests and receives a valid address, the Netopia R310 will actively check for the workstation’s existence once every minute. ■ For a DYNAMIC address, the Netopia R310 will release the address back to the address pool after it has lost contact with the Mac workstation for over 2 minutes.
Understanding IP Addressing D-9 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Block of IP host addresses (derived from network IP address + mask issued by ISP) 1 Distributed to the Netopia R310 (Ethernet IP address) 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Manually distributed (static) Pool of Addresses Distributed by MacIP and DHCP The figure above shows an example of a block of IP addresses being distributed correctly.
D-10 User’s Reference Guide Nested IP subnets Under certain situations, you may wish to create remote subnets from the limited number of IP addresses issued by your ISP or other authority. You can do this using connection profiles. These subnets can be nested within the range of IP addresses available to your network. For example, suppose that you obtain the Class C network address a.b.c.0 to be distributed among three networks.
Understanding IP Addressing D-11 Routers B and C (which could also be Netopia R310s) serve the two remote networks that are subnets of a.b.c.0. The subnetting is accomplished by configuring the Netopia R310 with connection profiles for Routers B and C (see the following table). Connection profile Remote IP address Remote IP mask Bits available for host address for Router B a.b.c.128 255.255.255.192 7 for Router C a.b.c.248 255.255.255.
D-12 User’s Reference Guide The following diagram illustrates the IP address space taken up by the two remote IP subnets. You can see from the diagram why the term nested is appropriate for describing these subnets. 1 Address range available to a.b.c.0, less the two nested subnets 129 valid addresses used by a.b.c.128 190 valid addresses used by a.b.c.248 249 254 Broadcasts As mentioned earlier, binary IP host or subnet addresses composed entirely of ones or zeros are reserved for broadcasting.
Understanding Netopia NAT Behavior E-1 Appendix E Understanding Netopia NAT Behavior This appendix describes how Network Address Translation works within the Netopia R310. The Netopia R310 implements a powerful feature called Network Address Translation (NAT) as specified in RFC 1631. NAT is used for IP address conservation and for security purposes since there will only be a single IP “presence” on the WAN.
E-2 User’s Reference Guide When the Netopia R310 establishes a connection over its WAN interface with another router it uses the Point to Point Protocol (PPP). Within PPP there is a Network Control Protocol (NCP) called Internet Protocol Control Protocol (IPCP) which handles the negotiation of IP addresses between the two routers, in this case the Netopia R310 at the customer site above and the Router at the Internet Service Provider (ISP).
Understanding Netopia NAT Behavior E-3 When the Netopia R310 receives this IP packet, it can not simply forward it to the WAN interface and the Internet since the IP addresses on the LAN interface are not valid or globally unique for the Internet. Instead the Netopia R310 has to change the IP packet to reflect the IP address that was acquired on the WAN interface from the ISP.
E-4 User’s Reference Guide Now look at how two hosts on the LAN interface accessing the same WWW Server on the Internet will work: WWW Server 163.176.4.32 ISP Router 200.1.1.1 Netopia Router LAN: 192.168.5.1 WAN: 200.1.1.40 Router Netopia ISP Router to WWW Src IP: 200.1.1.40 Dst IP: 163.176.4.32 Src Port:: 5001 Dst Port:: 80 ISP Router to WWW Src IP: 200.1.1.40 Dst IP: 163.176.4.32 Src Port:: 5002 Dst Port:: 80 WWW to ISP Router Src IP: 163.176.4.32 Dst IP: 200.1.1.
Understanding Netopia NAT Behavior E-5 If you were to look at the internal port mapping table that is maintained by the Netopia R310, it would look similar to the following: Source LAN IP 192.168.5.2 192.168.5.3 Source LAN Port TCP 400 TCP 400 Remapped LAN Port TCP 5001 TCP 5002 With this information the Netopia R310 can determine the appropriate routing for an IP response from the Internet.
E-6 User’s Reference Guide Once the appropriate Exported Services are defined, there can be seamless communication between a host on the Internet and a host on the Netopia R310’s local LAN interface. Important notes Even with the advantages of NAT, there are several things you should note carefully: ■ There is no formally agreed upon method among router vendors to handle an all-zeros IPCP request.
Understanding Netopia NAT Behavior E-7 IP Profile Parameters Remote IP Address: Remote IP Mask: 127.0.0.2 255.255.255.0 Address Translation Enabled: Yes Filter Set... Remove Filter Set Receive RIP: No Enter the remote IP network's IP address (form xxx.xxx.xxx.xxx decimal). Configure IP requirements for a remote network connection here.
E-8 User’s Reference Guide Add Exported Service +-Type------Port--+ +-----------------+ Service... | ftp 21 | | telnet 23 | | smtp 25 | Local Server's IP Address: | tftp 69 | | gopher 70 | | finger 79 | | www-http 80 | | pop2 109 | | pop3 110 | | snmp 161 | | timbuktu 407 | | pptp 1723 | | irc 6667 | | Other...
Event Histories F-1 Appendix F Event Histories This appendix is a list of some of the events that can appear in the Netopia R310’s Event Histories. The text that appears in a history is shown in bold, followed by a brief explanation and the parameters associated with the event. The Event Histories display events for the Device and for the WAN under separate sections. You can display more information about any event by selecting it in the Event History and pressing Return.
F-2 User’s Reference Guide Received Clear Ind. from DN: Received clear indication from switch. Associated parameter: called directory number. Secondary associated parameter: cause code. Connection Confirmed to our DN: Received connect confirmation for Connect Request sent to the switch. Associated parameter: called directory number. Received Connect Ind. for DN: Received connect indication for Call Request sent to the switch. Associated parameter: called directory number. Received Disc. Ind.
Event Histories F-3 Cause No. 16: normal call clearing. This cause indicates that the call is being cleared because one of the users involved in the call has requested that the call be cleared. Under normal situations, the source of this cause is not the network. Cause No. 17: user busy. This cause is used when the called user has indicated the inability to accept another call. It is noted that the user equipment is compatible with call. Cause No. 18: no user responding.
F-4 User’s Reference Guide Cause No. 42: switching equipment congestion. This cause indicates that the switching equipment generating this cause is experiencing a period of high traffic. Cause No. 43: access information discarded. This cause indicates that the network could not deliver access information to the remote user as requested: i.e., user-to-user information, low layer compatibility, high layer compatibility, or a sub-address as indicated in the diagnostic.
Event Histories F-5 Cause No. 83: a suspended call exists, but this call identify does not. This cause indicates that a call resume has been attempted with a call identity which differs from that in use for any presently suspended call(s). Cause No. 84: call identity in use. This cause indicates that the network has received a call suspend request.
F-6 User’s Reference Guide Cause No. 111: protocol error, unspecified. This cause is used to report a protocol error event only when no other cause in the protocol error class applies. Cause No. 127: interworking, unspecified. This cause indicates there has been interworking with a network that does not provide causes for actions it takes; thus, the precise cause for a message being sent cannot be ascertained.
ISDN Configuration Guide G-1 Appendix G ISDN Configuration Guide This appendix contains supplemental ISDN configuration information. This section covers the following topics: ■ “Definitions” on page G-1 ■ “Dynamic B-channel usage” on page G-1 Definitions The following terms are used in this appendix: Directory number: The actual phone number associated with the ISDN line you order.
G-2 User’s Reference Guide
Binary Conversion Table H-1 Appendix H Binary Conversion Table This table is provided to help you choose subnet numbers and host numbers for IP and MacIP networks that use subnetting for IP addresses.
H-2 User’s Reference Guide Decimal Binary Decimal Binary Decimal Binary Decimal Binary 128 10000000 160 10100000 192 11000000 224 11100000 129 10000001 161 10100001 193 11000001 225 11100001 130 10000010 162 10100010 194 11000010 226 11100010 131 10000011 163 10100011 195 11000011 227 11100011 132 10000100 164 10100100 196 11000100 228 11100100 133 10000101 165 10100101 197 11000101 229 11100101 134 10000110 166 10100110 198 11000110 230 111001
Technical Specifications and Safety Information I-1 Appendix I Technical Specifications and Safety Information Description Dimensions: 124.0 cm (w) x 20.0 cm (d) x 5.3 cm (h) 9.4” (w) x 7.9” (d) x 2.1” (h) Communications interfaces: The Netopia R310 ISDN Router has an RJ-45 jack for ISDN connections; a 4-port 10Base-T Ethernet hub for your LAN connection; and a DB-9 Console port. Power requirements ■ 12 VDC input ■ 1.
I-2 User’s Reference Guide Agency approvals North America Safety Approvals: ■ United States – UL: 1950 Third Edition ■ Canada – CSA: CAN/CSA-C22.2 No.
Technical Specifications and Safety Information I-3 United States. This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
I-4 User’s Reference Guide Declaration for Canadian users The Canadian Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation and safety requirements. The Department does not guarantee the equipment will operate to the user’s satisfaction. Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company.
Technical Specifications and Safety Information I-5 Telecommunication installation cautions ■ Never install telephone wiring during a lightning storm. ■ Never install telephone jacks in wet locations unless the jack is specifically designed for wet locations. ■ Never touch uninsulated telephone wires or terminals unless the telephone line has been disconnected at the network interface. ■ Use caution when installing or modifying telephone lines.
I-6 User’s Reference Guide
Glossary 1 Glossary Access Line: A telephone line reaching from the telephone company central office to a point usually on your premises. Beyond this point the wire is considered inside wiring. See also Trunk Line. analog: In telecommunications, telephone transmission and/or switching that is not digital. An analog phone transmission is one that was originally intended to carry speech or voice, but may with appropriate modifications be used to carry data of other types.
2 User’s Reference Guide Class A, B, and C networks: The values assigned to the first few bits in an IP network address determine which class designation the network has. In decimal notation, Class A network addresses range from 1.X.X.X to 126.X.X.X, Class B network addresses range from 128.1.X.X to 191.254.X.X, and Class C addresses range from 192.0.1.X to 223.255.254.X. For more information on IP network address classes, see Appendix D, “Understanding IP Addressing.
Glossary 3 Ethernet address: Sometimes referred to as a hardware address. A 48-bits long number assigned to every Ethernet hardware device. Ethernet addresses are usually expressed as 12-character hexadecimal numbers, where each hexadecimal character (0 through F) represents four binary bits. Do not confuse the Ethernet address of a device with its network address. firmware: System software stored in a device’s memory that controls the device. The Netopia ISDN Router’s firmware can be updated.
4 User’s Reference Guide ISP (Internet service provider): A company that provides Internet-related services. Most importantly, an ISP provides Internet access services and products to other companies and consumers. ITU (International Telecommunication Union): United Nations specialized agency for telecommunications. Successor to CCITT. K56flex: A modem data transmission technology standard created by Lucent Technologies and Rockwell International.
Glossary 5 Parameter: A numerical code that controls an aspect of terminal and/or network operation. Parameters control such aspects as page size, data transmission speed, and timing options. port: A location for passing data in and out of a device, and, in some cases, for attaching other devices or cables. port number: A number that identifies a TCP/IP-based service. Telnet, for example, is identified with TCP port 23.
6 User’s Reference Guide soft seeding: A router setting. In soft seeding, if a router that has just been reset detects a network number or zone name conflict between its configured information for a particular port and the information provided by another router connected to that port, it updates its configuration using the information provided by the other router. See also hard seeding, non-seeding, seeding, and seed router.
Index-7 Index Numerics 10Base-T connecting 4-2 A add static route 9-32 adding a filter set 12-13 advanced configuration features 7-11 answer profile call acceptance scenarios 8-12 defined 8-9 answering calls 8-9 application software 4-1 ATMP 10-7 tunnel options 10-16 authentication and answer profile 8-11 B B channel usage, dynamic G-1 back panel ports 2-3 basic firewall 12-20 BOOTP 9-34 clients 9-37 broadcasts D-12 C call acceptance scenarios 8-12 capabilities 1-1 cause codes, ISDN event F-2 change static
Index-8 default terminal emulation software settings 5-4 delayed configuration 7-8 delete static route 9-33 deleting filters 12-18 designing a new filter set 12-11 DHCP defined D-8 DHCP NetBIOS options 9-35 dial-in configuration 7-4 directory number, defined G-1 disadvantages of filters 12-12 display a filter set 12-9 distributing IP addresses D-5 DNS Proxying 3-14 downloading a configuration file 13-9 downloading configuration files 13-11 with TFTP 13-9 with XMODEM 13-11 Dynamic Host Configuration Protoco
Index-9 IP addresses, distributing D-5 IP addressing D-1 IP setup 9-28 IP trap receivers deleting 11-13 modifying 11-13 setting 11-13 viewing 11-13 ISDN configuration guide G-1 event cause codes F-2 events F-1 loopback test 13-13 obtaining a line B-1 ordering a line B-1 setting up a line B-2 worksheet B-3 ISP account types C-2 finding C-1 L LED status 11-3 LEDs 2-4, 11-3 loopback test 13-13 status reports 13-13 M MacIP defined D-8 MIBs supported 11-11 MPPE 10-7 multiple subnets 9-28 N NAT adding server lis
Index-10 ping test, configuring and initiating 13-2 port number comparisons 12-8 port numbers 12-8 PPTP 10-7 tunnel options 10-4 protecting the configuration screens 12-3 protecting the security options screen 12-2 Q Quick View 11-1 R resetting the system 13-12 restricting telnet access 12-5 RIP 7-7 router to serve IP addresses to hosts 9-1 routing tables IP 9-30, 11-8 S scheduled connections adding 8-6 defined 8-1 deleting 8-9 modifying 8-9 once-only 8-8 viewing 8-5 weekly 8-7 screens, connecting to 7-10
Index-11 event histories 11-5 loopback test 13-13 SmartStart Macintosh A-2 PC A-1 WAN statistics 11-4 trusted host 12-21 trusted subnet 12-21 tunnel options ATMP 10-16 PPTP 10-4 tunneling 10-2 U updating firmware with TFTP 13-8 with XMODEM 13-10 updating router firmware 13-8 uploading a configuration file 13-9 uploading configuration files with TFTP 13-9 with XMODEM 13-12 user accounts 12-1 using filters 12-12 utilities and diagnostics 13-1 V viewing scheduled connections 8-5 Virtual Private Networks (VPN)
Index-12
Limited Warranty and Limitation of Remedies 1 Limited Warranty and Limitation of Remedies Netopia warrants to you, the end user, that the Netopia R310™ ISDN Router (the “Product”) will be free from defects in materials and workmanship under normal use for a period of one (1) year from date of purchase. Netopia’s entire liability and your sole remedy under this warranty during the warranty period is that Netopia shall, at its sole option, either repair or replace the Product.
2 User’s Reference Guide
