Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Netopia Manuals
  4. Gateway
  5. 6.3
  6. Software user's manual

Netopia 6.3 Software User's Manual

Cayman operating system version 6.3
Hide thumbs

Advertisement

Quick Links

Download this manual

Advertisement

loading

Summary of Contents for Netopia 6.3

  • Page 2 Cayman assumes no responsibility with regard to the performance or use of these products. In the interest of improving internal design, operational function, and /or reliability, Netopia, Inc. reserves the right to make changes to the products described in this document without notice.
  • Page 7 Netopia, Inc. provides a suite of technical information for its Cayman-series family of intelligent enterprise and consumer Gateways. It consists of: Software User Guide Hardware and Installation User Guide Dedicated Quickstart booklets Specific White Papers The documents are available in electronic form as Portable Document For- mat (PDF) files.
  • Page 8 This manual uses the following conventions to present information: bold italic monospaced terminal bold terminal Italic dot-dot-dash rounded rect- angle or line solid rounded rectangle with an arrow Syntax conventions for the Cayman gateway command line interface are as follows: straight ([ ]) brackets in cmd line Optional command arguments curly ({ }) brackets, with values separated with vertical bars (|).
  • Page 9 It is used also to denote a Roadmap table. The words “Cayman Gateway” and “Gateway” refer to a standard unit from the Netopia Cayman 3000-Series product families. Pointing to a CLI command, refers to both DSL and Ethernet WAN interfaces...
  • Page 10 The expressions “Release 6.3.0” and “R 6.3.0” refer to the most recent generally available Cayman Operating System: COS 6.3.0R0. This guide consists of six sections, three appendixes including a glossary, and an index. It is organized as follows: the purpose of, the audience for, and structure of this guide. It presents a table of conventions.
  • Page 11 Units from the Netopia Cayman-series Gateway family are supplied in many configurations. This presents end-users with many alternatives for Wide Area Network (WAN) interfaces and Local Area Network (LAN) inter- faces. This is the current product roster that supports COS 6.3: Full-Rate Discrete Multi- Four ports...
  • Page 12 The new features for COS 6.3 are: Not only is the look and feel different, but the database and the web server engine are new and more flexible. The design of the new web server is geared to make navigation easier, pro- viding the most commonly used items first.
  • Page 13 Cayman Gateways support a wide array of features and functionality. This roadmap points you to overview discussions and How To procedures. Software Feature Keys Embedded Web Server Diagnostics DHCP Server DHCP Relay-agent DNS Proxy DHCP Client PPPoE Multiple PPPoE Sessions Static IP Address IPMaps (Multiple Static IP Addresses) Pinholes...
  • Page 14 This section describes the principal features of Cayman Operating System version 6.3. The information is grouped by usage area. Certain functionality in this release is controlled through software feature keys. These keys are proprietary files with the following properties: They are specific to the serial number of the target unit.
  • Page 15 There is no specialized client software required to configure, manage, or maintain your Cayman Gateway. Web pages embedded in the operating system provide access to the following Gateway operations: Setup System and security logs Diagnostics functions Once you have removed your Cayman Gateway from its packing container and powered the unit up, use any LAN attached PC or workstation running a common web browser application to configure and monitor the Gate- way.
  • Page 16 DHCP Server functionality enables the Gateway to assign your LAN com- puter(s) a “private” IP address and other parameters that allow network communication. The default DHCP Server configuration of the Gateway supports up to 253 LAN IP addresses. This feature simplifies network administration because the Gateway main- tains a list of IP address assignments.
  • Page 17 The PPPoE specification, incorporating the PPP and Ethernet standards, allows your computer(s) to connect to your Service Provider’s network through your Ethernet WAN connection. The Netopia Cayman-series Gate- way supports PPPoE, eliminating the need to install PPPoE client software on any LAN computers.
  • Page 18 Your network may change address with each connection making it more difficult to attack. When you configure Instant On access, you can also configure an idle time-out value. Your Gateway monitors traffic over the Internet link and when there has been no traffic for the configured number of seconds, it disconnects the link.
  • Page 19 Access to your Cayman device is controlled through two access control accounts, , or administrative user, performs all configuration, manage- ment or maintenance operations on the Gateway. account provides monitor capability A user may change the configuration, perform upgrades or invoke maintenance functions.
  • Page 20 Internet Ethernet Interface Embedded Admin Services HTTP-Web Server and Telnet Server Port A similar configuration applies to a DSL WAN interface (3220 family). 1. The default setting for NAT is 2. Cayman uses Port Address Translation (PAT) to implement the NAT facility.
  • Page 21 This feature allows you to: Transparently route selected types of network traffic using the port for- warding facility. – FTP requests or HTTP (Web) connections are directed to a specific host on your LAN. Setup multiple pinhole paths. – Up to 32 paths are supported Identify the type(s) of traffic you want to redirect by port number.
  • Page 22 80 for more information about the Security Monitoring Log. COS 6.3 Security Monitor software reports the following eight event types: IP Source Address Spoofing Source Routing Subnet Broadcast Amplification...
  • Page 23 Details on the eight specific event types and the information logged are: The Gateway checks all incoming packets to see if the IP address attached is valid for the interface the packet is received through. If the address of the packet is not valid for the interface the packet is discarded.
  • Page 24 mentation information can also be exploited to create an illegally sized packet. Unwary hosts will often crash when the illegal fragment corrupts data outside of the “normal” packet bounds. The Cayman unit will detect and discard illegal packet fragments, and the Security Monitoring software logs the event.
  • Page 25 The Cayman software provides the means for assigning passwords to the Admin or User accounts to control access to the Gateway. Any attempts to login are given three chances to enter a valid password. The Security Mon- itoring software records instances where the user fails to enter a valid pass- word.
  • Page 26 BreakWater delivers an easily selectable set of pre-configured firewall pro- tection levels. These settings are readily available for simple implementa- tion through Cayman’s embedded web server interface. BreakWater provides you and your network with: Protection for all LAN users. Elimination of firewall management software on individual PC’s. Immediate protection through three pre-configured firewall levels.
  • Page 27 This Cayman service supports your independent VPN client software in a transparent manner. Cayman has implemented an Application Layer Gate- way (ALG) to support multiple PCs running IP Security protocols. This feature has three elements: 1. On power up or reset, the address mapping function (NAT) of the Gateway’s WAN configuration is turned on by default.
  • Page 28 SafeHarbour VPN IPSec Tunnel provides a single, encrypted tunnel to be terminated on the Gateway, making a secure tunnel available for all LAN- connected Users. This implementation offers the following: Eliminates the need for VPN client software on individual PC’s. Reduces the complexity of tunnel configuration.
  • Page 29 Using the embedded Web-based user interface for the Netopia Cayman- series Gateway you can configure, troubleshoot, and monitor the status of your Gateway. For COS Version 6.3 the Web-based UI has been modified: To accomodate multiple new features of COS 6.3.
  • Page 30 The Home page is the “dashboard” for your Cayman Gateway. The toolbar at the top provides links to controlling, configuring, and monitoring pages. Critical configuration and operational status is displayed in the center sec- tion. If you log on as Admin you see this page. This example screen is from the Dual Ethernet Gateway.
  • Page 31 The Home page’s center section contains a summary of the Gateway’s configuration settings and operational status. Hardware Model number and summary specification Serial Number Unique serial number, located on label attached to bottom of unit Software Ver- Release and build number of running Cayman Operating System. sion Product ID Refers to internal circuit board series;...
  • Page 32 The toolbar is the dark blue bar at the top of the page containing the major navigation buttons. These buttons are available from almost every page, allowing you to move freely about the site. The example toolbar shown below is displayed when you log on as User, some buttons will not be shown.
  • Page 33 Button The Restart button on the toolbar allows you to restart the Gateway at any time. You will be prompted to confirm the restart before any action is taken. The Restart Confirmation message explains the consequences of and reasons for restarting the Gateway...
  • Page 34 Link The Alert symbol appears in the upper right corner under one of two cir- cumstances: 1. a database change; one in which a change is made to the Gateway’s configuration. The Alert serves as a reminder that you must changes and the Gateway before the change will take effect.
  • Page 35 Button Context-sensitive Help is provided in Release 6.3. The page shown above is displayed when you are on the Home page or other transitional pages. To see a context help page example, go to , then click...
  • Page 36 Button The Configuration options are presented in the order of likelihood you will need to use them. ware installation and initial configuration phase. system. gaming or small office environments, or where LAN-side servers are involved. This button will not be available if you log on as User. Quickstart is normally used immediately after the new hardware is installed.
  • Page 37 Link This example screen is for a Your Service Provider will instruct you as to whether or not the Other Quickstart Options need to be configured. If they are not needed, you should be ready to access the Internet. If required, click the page.
  • Page 38 Some broadband cable-oriented Service Providers use the an important identification and support parameter. If your Gateway is part of this type of network, do instructed by your Service Provider If you need to change either of these fields, use the following procedure. You can use the default System name or select your own.
  • Page 39 You will be returned to the Home page. A warning is displayed on this page while the Gateway restarts.
  • Page 40 This example screen is the for a gateway authenticates with the Service Provider equipment using the ISP Username and Password. These values are given to you by your Service Provider. This turns on the Alert (“!”) button in the top right corner of the page. You will be returned to the Home page.
  • Page 41 If your service provider supplies you with a static IP address, your Gate- way’s Quickstart page will offer the fields required to enter the appropri- ate information for this type of configuration. The Quickstart page designed for a static IP address offers the following fields for you to supply the required information: The IP address assigned to your Cayman Gateway.
  • Page 42 You will be returned to the Home page. A warning is displayed on this page while the Gateway restarts. Your Cayman Gateway can now use the configured IP parameters Do NOT confuse this procedure that establishes an IP address for the Gate- way’s default IP traffic with configuring multiple static IP addresses used with the IPMaps feature...
  • Page 43 Link : Enables all LAN-connected computers to shared resources and to connect to the WAN. The Interface should always be enabled unless you are instructed to disable it by your Service Provider during troubleshooting. : The LAN IP Address of the Gateway. The IP Address you assign to your LAN interface must not be used by another device on your LAN network.
  • Page 44 Link Your IP interfaces are listed. Click on an interface to configure it. You can configure the Gateway to send packets to a default gateway if it does not know how to reach the destina- tion host. If you have PPPoE enabled, you can specify that packets destined for unknown hosts will be sent to the gateway being used by the remote PPP peer..
  • Page 45 The following are links under Configure -> Advanced: Link Selected Advanced options are discussed in the pages that follow. Many are self-explanatory or are dictated by your service provider. Link A static route identifies a manually configured pathway to a remote net- work.
  • Page 46 Link Your Gateway maintains a dynamic Address Resolution Protocol (ARP) table to map IP addresses to Ethernet (MAC) addresses. It populates this ARP table dynamically, by retrieving IP address/MAC address pairs only when it needs them. Optionally, you can define static ARP entries to map IP addresses to their corresponding Ethernet MAC addresses.
  • Page 47 Determine if any of the service applications that you want to provide on your LAN stations utilize TCP or UDP protocols. If an application does, then you must configure an Internal Server to implement port forwarding. This is accessed from the The procedure on the following pages describes how you set up your NAT- enabled Cayman Gateway to support three separate applications.
  • Page 48 TIPS for making Pinhole Entries 1. If the port forwarding feature is required for Web services, ensure that the embedded Web server’s port number is re-assigned PRIOR to any Pin- hole data entry. 2. Enter data for one Pinhole at a time. 3.
  • Page 49 Use the following steps: Since Port Forwarding is required for this example, the Cayman embedded Web server is configured first. The two text boxes, page refer to the port numbers of the Cayman Gateway’s embedded admin- istration ports. To pass Web traffic through to your LAN station(s), select a Web (HTTP) Port number that is greater than 1024.
  • Page 51 Note the following parameters for the “my-games” Pinhole: 1. The Protocol ID is UDP. 2. The external port is specified as a range. 3. The Internal port is specified as the lower range entry. REMEMBER: When you have re-assigned the port address for the embedded Web server, you can still access this facility.
  • Page 52 Link IPMaps supports one-to-one Network Address Translation (NAT) for IP addresses assigned to servers, hosts, or specific computers on the LAN side of the Cayman Gateway. A single static or dynamic (DHCP) WAN IP address must be assigned to support other devices on the LAN. These devices utilize Cayman’s default NAT/PAT capabilities.
  • Page 53 IPMaps allows a Cayman Gateway to support servers behind the Gateway, for example, web, mail, FTP, or DNS servers. VPN servers are not supported at this time. Yes. IPMaps can be assigned to the WAN interface provided they are on the same subnet.
  • Page 54 The following diagram shows the IPMaps principle in conjunction with existing Cayman NAT operations: 143.137.50.37 143.137.50.36 143.137.50.35 192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.n...
  • Page 55 Link Each NAT Protocol map entry will time-out if there is no traffic of that protocol for the specified number of minutes. For example, UDP entries time-out if there is no UDP traffic after 6 (default) minutes. Link This feature allows you to: * Direct your Gateway to forward all externally initiated IP traffic (TCP and UDP protocols only) to a default host on the LAN.
  • Page 56 This feature allows you to direct unsolicited or non-specific traffic to a des- ignated LAN station. With NAT “On” in the Gateway, these packets nor- mally would be discarded. For instance, this could be application traffic where you don’t know (in advance) the port or protocol that will be utilized.
  • Page 57 A typical network utilizing the NAT Default Server looks like this: Ethernet Interface 210.219.41.20 Embedded Web Server 210.219.41.20 (Port 80 default) Cayman’s NAT security feature allows you to configure a sophisticated LAN layout that uses both the Pinhole and Default Server capabilities. With this topology, you configure the embedded administration ports as a first task, followed by the Pinholes and, finally, the NAT Default Server.
  • Page 58 Link Your Service Provider may maintain a Domain Name server. If you have the information for the DNS servers, enter it on the DNS page. If your Gateway is configured to use DHCP to obtain its WAN IP address, the DNS information is automatically obtained from that same DHCP Server.
  • Page 59 Link Your Gateway can provide network configuration information to com- puters on your LAN, using the Dynamic Host Configuration Protocol (DHCP). If you already have a DHCP server on your LAN, you should turn this service off. If you want the Gateway to provide this service, click the pulldown menu, then configure the range of IP addresses that you would like the Gateway to hand out to your computers.
  • Page 60 Link The Simple Network Management Protocol (SNMP) lets a network administrator monitor problems on a network by retrieving settings on remote network devices. The network administrator typically runs an SNMP management station program on a local host to obtain information from an SNMP agent. In this case, the Cayman Gateway is an SNMP agent.
  • Page 61 Link Bridges let you join two local area networks, so that they appear to be part of the same physical network. As a bridge for protocols other than TCP/IP, your Gateway keeps track of as many as 255 MAC (Media Access Control) addresses, each of which uniquely identifies an individ- ual host on a network.
  • Page 62 Link defaults to your Gateway's factory identifier com- bined with its serial number. Some cable-oriented Service Providers use the System Name as an important identification and support parame- ter. If your Gateway is part of this type of network, do NOT alter the System Name unless specifically instructed by your Service Provider.
  • Page 63 Link Your Gateway ships with an embedded Web server and support for a Telnet session, to allow ease of use for configuration and maintenance. The default ports of for HTTP and for Telnet may be reassigned. This is necessary if a pinhole is created to support applications using port 80 or 23.
  • Page 64 Link You can override your Gateway’s Ethernet MAC address with any neces- sary setting. Some ISPs require your account to be identified by the MAC address, among other things. For information on setting this parameter , see “How to Use the Quickstart Page” on page Link Traffic shaping controls how much traffic can flow through an Ethernet interface by limiting the size of the Ethernet pipe.
  • Page 65 Link To restore the factory configuration of the Gateway, choose . You may want to upload your configuration to a file before performing this function. does not clear feature keys or affect the software image or BootPROM. You must restart the Gateway for to take effect.
  • Page 66 Button The Security features are available by clicking on the Security toolbar button. Some items of this category do not appear when you log on as User. Link Access to your Gateway is controlled through two user accounts, . When you first power up your Gateway, you create a password for the account.
  • Page 67 You can establish different levels of access security to protect your Cay- man Gateway settings from unauthorized display or modification. Admin level privileges let you display and modify all settings in the Cayman Gateway (Read/Write mode). The Admin level password is cre- ated when you first access your Gateway.
  • Page 68 It can have up to eight alphanumeric characters. It is case-sensitive. You confirm the new password to verify that you entered it correctly the first time. Password changes are automatically saved, and take effect immediately.
  • Page 69 Link BreakWater delivers an easily selectable set of pre-configured firewall pro- tection levels. For simple implementation these settings (comprised of three levels) are readily available through Cayman’s embedded web server interface. BreakWater Basic Firewall’s three settings are: ClearSailing, BreakWater's default setting, supports both inbound and out- bound traffic.
  • Page 70 Changing the BreakWater setting does makes it easy to change the setting "on the fly,” as your needs change. Typical Internet usage SilentRunning (browsing, e-mail) Multi-player online gaming ClearSailing Going on vacation LANdLocked Finished online use for the LANdLocked Chatting online or using ClearSailing instant messaging require a restart to take effect.
  • Page 71 As a device on the Internet, a Cayman Gateway requires an IP address in order to send or receive traffic. The IP traffic sent or received have an associated application port which is dependent on the nature of the connection request. In the IP protocol standard the following session types are common applications: ICMP SNMP...
  • Page 72 This table shows how outbound traffic is treated. Outbound means the traf- fic is coming from the LAN-side computers into the LAN side of the Gate- way. ftp data ftp control telnet external telnet Cayman server http external http Cayman server DHCP client DHCP server snmp...
  • Page 73 Link Your Gateway supports two mechanisms for IPSec tunnels: running on LAN-connected computers. Normally, this feature is enabled. However, you can disable it if your LAN-side VPN client includes its own NAT interoperability option. minated VPN support. SafeHarbour VPN IPSec Tunnel provides a single, encrypted tunnel to be terminated on the Gateway, making a secure tunnel available for all LAN- connected Users.
  • Page 74 A typical SafeHarbour configuration is shown below: Use these Best Practices in establishing your SafeHarbour tunnel. 1. Ensure that the configuration information is complete and accurate 2. Use the Worksheet provided on The following table describes SafeHarbour’s parameters that are used for an IPSec VPN tunnel configuration: Auth Protocol Authentication Protocol for IP packet header.
  • Page 75 Peer Internal IP NetmaskThe Peer Internal IP Netmask is the subnet mask of the Peer Internal IP Network. PFS DH Group Perfect Forward Secrecy (PFS) is used during SA renegotiation. When PFS is selected, a Diffie-Hellman key exchange is required. SafeHarbour supports PFS DH Groups 1, 2 and 5.
  • Page 76 Parameter Name Peer External IP Address Peer Internal IP Network Peer Internal IP Netmask Enable Encrypt Protocol Auth Protocol Key Management Pre-Shared Key Type Pre-Shared Key Negotiation Method DH Group SA Encrypt Type SA Hash Type PFS DH Group Soft MBytes Soft Seconds Hard MBytes Hard Seconds...
  • Page 77 Use the following tasks to configure an IPSec VPN tunnel on your Cayman Gateway. SafeHarbour is a keyed feature. See page 93 for information concerning installing Cayman Software Feature Keys. IPSec tunnel configuration requires precise parameter set between VPN devices. The Setup Worksheet facilitates setup and assures that the associ- ated variables are identical.
  • Page 78 Leave the choice as unless your network administrator instructs otherwise. Enter the initial group of tunnel parameters. Refer to your and the as required. Perform the following steps: This is the only parameter that does not have to be identical to the peer/ remote VPN device...
  • Page 79 The Tunnel Details page appears. Use the following steps: Your SafeHarbour IPSec VPN tunnel is fully configured. Tunnel sessions can be initiated from the LAN client side.
  • Page 80 Link Security Monitoring detects security-related events, including common types of malicious attacks, and writes them to the security log file. You can view the Security Log at any time. Use the following steps: An example of the Security Log is shown on the next page. The Security Alert remains until you view the information.
  • Page 82 The capacity of the security log is 100 security alert messages. When the log reaches capacity, subsequent messages are not captured, but they are noted in the log entry count. Remember that the “time stamp” is Universal Coordinated Time (UTC) which is the equivalent of Greenwich Mean Time.
  • Page 83 Button From the toolbar button you can: • Install new Operating System Software • Install new Feature Keys...
  • Page 84 Cayman Operating System Release 6.3 represents significantly expanded functionality for your Cayman Gateway. To deliver these important fea- tures, the COS 6.3 image is larger than earlier versions and the updating process is different from earlier procedures. It requires careful attention to the instruction sequence.
  • Page 85 2E with PID of 06xx 2E or 2E-H with internal memory of 2MBytes or less COS 6.3 provides substantial new flexibility and functionality for your Cayman Gateway. However, once you have upgraded to this version, you to a previous release.
  • Page 86 Upgrading to COS 6.3 requires 1. Documentation - Software Upgrade Instructions PDF file 2. Updater file 3. Cayman Operating System image When you downloaded your operating system upgrade from the Cayman website you downloaded a ZIP file containing these files: Software Upgrade Instructions PDF file (the document you are reading...
  • Page 87 Contact Cayman Technical Support for questions concerning the upgrade process. Contact Cayman Sales for specific advanced features. Use this contact information: http://www.netopia.com/support 510-814-5000 ext 1 510-814-5100 If you are currently running a Cayman Operating System version COS 5.90 or higher,...
  • Page 88 button on the Cayman Gateway Home page. When the Ethernet window appears, click If you have previously saved your Cayman Gateway configuration, you can skip this step. The Install New Cayman Software window opens. The Updater file name starts with the letter “u“ (for “Updater”). a.
  • Page 89 COS version is earlier than 5.9, return to Task 1 and retry the installation. The COS installation process is similar to the Updater installation. To install the COS 6.3 software in your Cayman Gateway from the Home Page use the following steps: The Install New Cayman Software window opens.
  • Page 90 The COS file name starts with the letter “c” (for “COS”). a. Click the Browse button, select the file you want, and click Open. -or- b. Enter the name and path of the software image you want to install in the text field and click The Cayman Gateway copies the image file from your computer and installs it into its memory storage.
  • Page 91 To verify that the COS 6.3 image has loaded successfully, use the following steps: The username (or user) is now a required field for logging onto the web server. In earlier releases, only the password was required. For COS 6.3 you now have a a Cayman 3220-H.
  • Page 92 If your password is not set, you will be prompted to set it before you reach the Home page. This completes the process for COS 6.3.
  • Page 93 They will not be accepted on a platform with another serial number. Once installed, and the Gateway restarted, the new feature’s functionality becomes available. This allows full access to configuration, operation, maintenance and administration of the new enhancement. Software feature keys for COS 6.3 enable these enhancements: Security Monitoring Log...
  • Page 94 BreakWater Basic Firewall BarrierReef Advanced Firewall SafeHarbour IPSec Tunnel at the Gateway Contact your Service Provider to acquire a Software Feature Key. With the appropriate feature key file resident on your LAN PC, use the steps listed below to enable a new function. The Install Key File page appears.
  • Page 95 The Confirmation screen appears.
  • Page 96 The System Status page appears with the information from the features link displayed below. You can check that the feature you just installed is enabled.
  • Page 97 Button This section provides some specific procedures and tips for working with important features of Cayman OS 6.3. There are three major Troubleshooting capabilities you can access via your Cayman Gateway’s web interface. The pro- cedures for using them are discussed here. In the event of a problem with your system, your Service Provider may request this information.
  • Page 98 Each test generates one of the following result codes: PASS The test was successful. FAIL The test was unsuccessful. SKIPPED The test was skipped because a test on which it depended failed, or it was not supported by the service provider equipment to which it is connected.
  • Page 99 Use these steps: Three test tools are available from this page. NSLookup - converts a domain name to its IP address and vice versa. Ping - tests the “reachability” of a particular network destination by sending an ICMP echo request and waiting for a reply. TraceRoute - displays the path to a destination by showing the num- ber of hops and the router addresses of these hops.
  • Page 100 Example: Show the path to the grosso.com site. Result: It took 20 hops to get to the grosso.com web site. Example: Show the IP Address for grosso.com Result: The DNS Server doing the lookup is displayed in the fields. If the Name Server can find your entry in its table, it is displayed in the fields.
  • Page 101 Gateway. Managing the WAN Users is an example of the management tools available. On the Home page your WAN User status is prominently displayed in the center area. To check the user status of the WAN connections when running COS 6.3, use these steps:...
  • Page 102 link provides this information: Number of allowed concurrent WAN users Number of WAN connections currently in use Address and computer name - of current LAN users Timeout - displays status of Idle Timeout Counter. The current user has this amount of time (from an initial 20 minute interval) remaining prior to an automatic disconnect from WAN access.
  • Page 103 You have disconnected all WAN users If your system supports a restricted number of WAN users, web browser users who attempt to access the WAN in excess of the restricted number will receive an “intercept” message on a web page. will be displayed to a user seeking access to other applica- tions requiring WAN connectivity (such as email, instant messaging, remote access, FTP, or telnet).
  • Page 104 The Cayman Gateway operating software includes a command line interface (CLI) that lets you access your Cayman Gateway over a telnet or console connection. You can use the command line interface to enter and update the unit’s configura- tion settings, monitor its performance, and restart it. The CLI has two major command modes: that list the commands are provided below.
  • Page 106 There are two ways to open a CLI session: You initiate a telnet connection by issuing the following command from an IP host that supports telnet, for example, a personal computer running a telnet application such as NCSA Telnet. BOTH You must know the IP address of the Cayman Gateway before you can make a tel- net connection to it.
  • Page 107 When you have logged in successfully, the command line interface lists the user- name and the security level associated with the password you entered in the diag- nostic log. You end a command line interface session by typing quit from the SHELL node of the command line interface hierarchy.
  • Page 108 The only command you cannot truncate is restart. To prevent accidental inter- ruption of communications, you must enter the restart command in its entirety. You can use the Up and Down arrow keys to scroll backward and forward through recent commands you have entered. Alternatively, you can use the !! command to repeat the last command you entered.
  • Page 109 BOTH Puts the command line interface into Configure mode, which lets you configure your Cayman Gateway with Config commands. Config commands are described starting on BOTH Runs a diagnostic utility to conduct a series of internal checks and loopback tests to verify network connectivity over each interface on your Cayman Gateway.
  • Page 110 BOTH Downloads a new version of the Cayman Gateway operating software from a TFTP (Trivial File Transfer Protocol) server, validates the software image, and pro- grams the image into the Cayman Gateway memory. After you install new oper- ating software, you must restart the Cayman Gateway. The TFTP server must be accessible on your Ethernet network.
  • Page 111 BOTH Displays the IP routes stored in your Cayman Gateway. BOTH Performs a domain name system lookup for a specified host. The hostname argument is the name of the host for which you want DNS information; for example, nslookup klaatu. The ip_address argument is the IP address, in dotted decimal notation, of the device for which you want DNS information.
  • Page 112 ENET Releases the DHCP lease the Gateway is currently using to acquire the IP settings for its WAN (Ethernet B) port. Releases the DHCP lease the Cayman 3220-H is currently using to acquire the IP settings for the specified DSL port. The I.
  • Page 113 Resets the point-to-point connection over the specified virtual circuit. This com- mand only applies to virtual circuits that use PPP framing. BOTH Clears the security monitoring log to make room to capture new entries. BOTH This function disconnects the specified WAN User to allow for other users to access the WAN.
  • Page 114 BOTH Displays the DHCP leases stored in NVRAM by your Cayman Gateway. Displays DSL port statistics, such as upstream and downstream connection rates and noise levels. BOTH Displays the Ethernet statistics for your Cayman Gateway. BOTH Show all keyed features and whether or not they are enabled. If the key is not per- manent, it shows the expiration date.
  • Page 115 BOTH Displays memory usage information for your Cayman Gateway. If you include the optional all argument, your Cayman Gateway will display a more detailed set of memory statistics. ENET Displays information about open PPP links. You can display a subset of the PPP statistics by including an optional stats, lcp, ipcp ment for the show ppp command.
  • Page 116 Opens a PPP link on the specified virtual circuit. BOTH Displays the current status of a Cayman Gateway, the device's hardware and soft- ware revision levels, a summary of errors encountered, and the length of time the Cayman Gateway has been running since it was last restarted. Identical to the show status command.
  • Page 117 You reach the configuration mode of the command line interface by typing con- figure (or any truncation of configure, such as c or config) at the CLI SHELL prompt. When you are in CONFIG mode, the CLI prompt consists of the name of the Cay- man Gateway followed by your current brackets (>>).
  • Page 118 to another by entering a partial path that identifies how far back to climb. any subnode to any other subnode by entering a partial path that starts with a top-level CONFIG command. use the Up and Down arrow keys to scroll backward and forward through recent commands you have entered.
  • Page 119 If a command is ambiguous or miskeyed, the CLI prompts you to enter additional information. For example, you must specify which virtual circuit you are configur- ing when you are setting up a Cayman Gateway. You can use the view command to display the current CONFIG settings for your Cayman Gateway.
  • Page 120 Dogzilla (top)>> set system Stepping set mode (press Control-X <Return/Enter> to exit) system name (“Dogzilla”): Mycroft Diagnostic Level (High): medium Stepping mode ended. You can use the validate CONFIG command to make sure that your configura- tion settings have been entered correctly. If you use the validate command, the Cayman Gateway verifies that all required settings for all services are present and that settings are consistent.
  • Page 121 This section describes the keywords and arguments for the various CONFIG com- mands. You can use the CLI to set up each ATM virtual circuit. Enables the WAN interface of 3220-H to be configured using the Asynchronous Transfer Mode (ATM) protocol. Selects the virtual circuit for which further parameters are set.
  • Page 122 Select the number of PPPoE sessions to be configured for VCC n. Up to eight can be configured on the first VCC; one on the other VCCs. The total must be less than or equal to eight. Select the transmission priority for vcc n. The Gateway transmits traffic for high priority VCCs before it transmits traffic for low priority VCCs.
  • Page 123 As a Dynamic Host Control Protocol (DHCP) server, your Cayman Gateway can assign IP addresses and provide configuration information to other devices on your network dynamically. A device that acquires its IP address and other TCP/IP configuration settings from the Cayman Gateway can use the information for a fixed period of time (called the DHCP lease).
  • Page 124 Selects the type of Discrete Multitone (DMT) asynchronous digital subscriber line (ADSL) protocol to use for the WAN interface. Domain Name System (DNS) is an information service for TCP/IP networks that uses a hierarchical naming system to identify network domains and the hosts associated with them.
  • Page 125 You can use the command line interface to specify whether TCP/IP is enabled, identify a default Gateway, and to enter TCP/IP settings for the Cayman Gateway LAN and WAN ports. If PPPoE is turned off, you must specify settings for Ethernet A and B separately.
  • Page 126 Specifies restrictions on the types of traffic the 3220-H accepts over the DSL vir- tual circuit. The admin-disable accepted but that administrative commands are ignored. The argument means that router traffic is ignored by that administrative commands are accepted. The ICMP traffic is still accepted.
  • Page 127 BOTH Specifies the broadcast address for the local Ethernet interface. IP hosts use the broadcast address to send messages to every host on your network simulta- neously. The broadcast address for most networks is the network number followed by 255. For example, the broadcast address for the 192.168.1.0 network would be 192.168.1.255.
  • Page 128 BOTH Specifies whether you want the Cayman Gateway to respond when it receives an address resolution protocol for devices behind it. By default, proxy ARP is turned off. BOTH Specifies whether the Cayman Gateway should use Routing Information Protocol (RIP) broadcasts to advertise its routing tables to other routers on your network. RIP Version 2 (RIP-2) is an extension of the original Routing Information Protocol (RIP-1) that expands the amount of useful information in the RIP packets.
  • Page 129 Specifies whether the Gateway is reached using a fixed IP address or through a PPP virtual circuit. BOTH Specifies the IP address of the default IP Gateway. Use the following command to configure settings for routing between WAN con- nections. BOTH Enables or disables routing between WAN connections.
  • Page 130 The default value for the ip_address argument is 0.0.0.0, which indicates that the virtual PPP interface will use the IP address assigned to it by the remote peer. Note that the remote peer must be configured to supply an IP address to your Cayman Gateway if you enter 0.0.0.0 for the ip_address argument.
  • Page 131 For example, inclusion of subnet masks in RIP packets and implementation of multicasting instead of broadcasting. This last feature reduces the load on hosts which do not support routing protocols. This command is only available when address mapping for the specified virtual circuit is turned “off”.
  • Page 132 A static route identifies a manually configured pathway to a remote network. Unlike dynamic routes, which are acquired and confirmed periodically from other routers, static routes do not time out. Consequently, static routes are useful when working with PPP, since an intermittent PPP link may make maintenance of dynamic routes problematic.
  • Page 133 The remote network is more than one router away but the static route should not be replaced by a dynamic route, even if the dynamic route is more effi- cient. BOTH Deletes a static route. Deleting a static route removes all information associated with that route.
  • Page 134 BOTH Specifies whether an administrator can open a telnet connection to the Cayman Gateway over the WAN Ethernet interface [or specified VCC interface] to monitor and configure the Cayman Gateway. The admin-only argument means that router traffic is ignored but that administrative commands are accepted. The none argument means that all traffic is accepted.
  • Page 135 NAT default settings let you specify whether you want your Cayman Gateway to forward NAT traffic to a default server when it doesn’t know what else to do with it. The NAT default host function is useful in situations where you cannot create a specific NAT pinhole for a traffic stream because you cannot anticipate what port number an application might use.
  • Page 136 BOTH Specifies the type of protocol being redirected. BOTH If you select other, specifies the number of the protocol you want to translate. BOTH Specifies the first port number in the range being translated. BOTH Specifies the last port number in the range being translated. BOTH Specifies the IP address of the internal host to which traffic of the specified type should be transferred.
  • Page 137 BOTH Enables or disables PPP on the Cayman Gateway. BOTH Specifies the Maximum Receive Unit (MRU) for the PPP interface. The integer argument can be any number between 128 and 2048. BOTH Enables or disables LCP magic number negotiation. BOTH Specifies whether you want the Cayman Gateway to compress the PPP Protocol field when it transmits datagrams over the PPP link.
  • Page 138 BOTH Specifies the number of seconds the Cayman Gateway should wait before retrans- mitting a configuration or termination request. The integer argument can be any number between 1 and 30. BOTH Specifies whether a PPP connection is maintained by the Cayman Gateway when it is unused for extended periods.
  • Page 139 BOTH Specifies the name the Cayman Gateway sends in a CHAP response packet. The chap_name argument is 1-64 alphanumeric characters. The information you enter must match the CHAP username configured in the remote PPP peer's authentication database. BOTH Specifies the CHAP secret for CHAP authentication. The secret argument is 1-64 alphanumeric characters.
  • Page 140 You can specify that your Cayman Gateway will use PAP, CHAP, or both to authen- ticate a remote peer as a PPP link is being completed. Perform the following steps to specify how your Cayman Gateway should authenticate remote peers. BOTH Specifies whether the Cayman Gateway will use CHAP to authenticate connec- tions to PPP peers.
  • Page 141 You can set command line interface preferences to customize your environment. BOTH Specifies whether you want command help and prompting information dis- played. By default, the command line interface verbose preference is turned off. If you turn it on, the command line interface displays help for a node when you navigate to that node.
  • Page 142 BOTH Specifies the port number for telnet (CLI) communication with the Cayman Gate- way. Because port numbers in the range 0-1024 are used by other protocols, you should use numbers in the range 2000-32767 when assigning new port numbers to the Cayman Gateway telnet configuration interface. Security settings include the Firewall and IPSec parameters.
  • Page 143 BOTH This enables this particular tunnel. Currently, one tunnel is supported. BOTH Specifies the IP address of the destination gateway. BOTH Specifies the IP address of the destination computer or internal network. BOTH Specifies the subnet mask of the destination computer or internal network. The subnet mask specifies which bits of the 32-bit IP address respresents network information.
  • Page 144 BOTH for details about SafeHarbour IPsec tunnel capability. BOTH for details about SafeHarbour IPsec tunnel capability. BOTH for details about SafeHarbour IPsec tunnel capability. BOTH for details about SafeHarbour IPsec tunnel capability. The following four IPsec parameters configure the rekeying event. BOTH BOTH BOTH...
  • Page 145 The Simple Network Management Protocol (SNMP) lets a network administrator monitor problems on a network by retrieving settings on remote network devices. The network administrator typically runs an SNMP management station program on a local host to obtain information from an SNMP agent such as the Cayman Gateway.
  • Page 146 you have assigned a name to your Cayman Gateway, you can enter that name in the Address text field of your browser to open a connection to your Cayman Gate- way. BOTH Specifies the types of log messages you want the Cayman Gateway to record. All messages with a level number equal to or greater than the level you specify are recorded.
  • Page 147 Traffic shaping lets you control how much traffic can flow through an Ethernet interface by limiting the size of the WAN “pipe.” This function is most suitable for Internet Service Providers or multi-interface routers. When you use the traffic-shaping option to set the maximum speed for a router port, the router will silently discard any packets that exceed the maximum port speed.
  • Page 152 Internet Key Exchange (IKE)
  • Page 154 ASCII DES 3DES CAST Blow- fish MD5 SHA1...
  • Page 155 1 and 1,000,000 MB...
  • Page 161 Cayman 3000 series by Netopia Netopia, Inc. 2470 Mariner Square Loop Alameda, CA 94501 Corporate Headquarters: 510-814-5100 Corporate Fax: 510-814-5020 Customer Service/Tech Support: 510-814-5000 ext 1. Support URL: http://www.netopia.com/support January, 2002...

This manual is also suitable for:

Cayman 3000 series