Download Print this page

Motorola 2200 Administrator's Handbook

Motorola gateways administrator's handbook
Hide thumbs

Advertisement

Quick Links

Administrator's
Handbook
Embedded Software Version 7.7.4
®
Motorola Netopia
2200, 3300 and 7000
Series Gateways

Advertisement

loading

  Related Manuals for Motorola 2200

  Summary of Contents for Motorola 2200

  • Page 1 Administrator’s Handbook Embedded Software Version 7.7.4 ® Motorola Netopia 2200, 3300 and 7000 Series Gateways...
  • Page 2 (such as translation, transformation or adaptation) without written permission from Motorola, Inc. Motorola reserves the right to revise this publication and to make changes in content from time to time without obligation on the part of Motorola to provide notification of such revision or change. Motorola provides this guide without warranty of any kind, either implied or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.
  • Page 3 Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used.
  • Page 4 Administrator’s Handbook RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided “as is” without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. Portions of this software are based in part on the work of the following: Copyright (c) 1989 Carnegie Mellon University.
  • Page 5: Table Of Contents

    PPPoE Quickstart......... 27 Set up the Motorola Netopia® Pocket Gateway....28 Motorola Netopia®...
  • Page 6 Administrator’s Handbook Home Page - Information ........41 Toolbar Navigating the Web Interface Breadcrumb Trail .
  • Page 7 Firewall ..........142 Use a Motorola Netopia® Firewall ..... . . 142 BreakWater Basic Firewall .
  • Page 8 Step 1: Required Files ........183 Step 2: Motorola Netopia® firmware Image File ....184 Install Key.
  • Page 9 Advanced Troubleshooting ..... 207 CHAPTER 5 Home Page ..........208 Expert Mode .
  • Page 10 Administrator’s Handbook IP Settings ..........259 Queue Configuration .
  • Page 11 VoIP settings ......... . . 316 UPnP settings.
  • Page 12 Network Address Translation (NAT) ..... . 354 Motorola Netopia® Advanced Features for NAT ... . 355 Internal Servers.
  • Page 13: Chapter 1 Introduction

    • Wireless Multimedia Mode (WMM) support. See • Firewall: ClearSailing is automatically enabled on all 2200-Series ADSL2+ platforms. (Explicit excep- tions: bonded and VDSL2, 3341, and 3387WG.) See • TR-069 Remote device management is automatically enabled by default for 2200-Series Gateways.
  • Page 14 Administrator’s Handbook • Provide Bandwidth Management using Weighted Fair Queueing. “Queue Configuration” on page • New CLI command for disabling Dying Gasp. See • Ethernet in the First Mile Operations Administration and Maintenance (802.3ah EFM OAM) Support. See “802.3ah Ethernet OAM Settings” on page •...
  • Page 15: About Motorola Netopia® Documentation

    Bridge mode. In Bridge mode, the Gateway acts as a pass-through device and allows the work- stations on your LAN to have public addresses directly on the Internet. Motorola, Inc. provides a suite of technical information for its 2200-, 3300- and 7000-series family of intel- ligent enterprise and consumer Gateways. It consists of: •...
  • Page 16: Internal Web Interface

    Administrator’s Handbook terminal bold terminal Italic Internal Web Interface Convention (Graphics) blue rectangle or line solid rounded rectangle with an arrow Command Line Interface Syntax conventions for the Netopia Gateway command line interface are as follows: Convention straight ([ ]) brackets in cmd line curly ({ }) brackets, with values sep- arated with vertical bars (|).
  • Page 17: Organization

    Chapter 1, “Introduction” — Describes the Motorola Netopia® document suite, the purpose of, the audience for, and structure of this guide. It gives a table of conventions. • Chapter 2, “Basic Mode Setup” — Describes how to get up and running with your Motorola Netopia® Gateway. •...
  • Page 18 Administrator’s Handbook...
  • Page 19: Chapter 2 Basic Mode Setup

    Most users will find that the basic Quickstart configuration is all that they ever need to use. This section may be all that you ever need to configure and use your Motorola Netopia® Gateway. The following instruc- tions cover installation in Router Mode.
  • Page 20: Important Safety Instructions

    Administrator’s Handbook Important Safety Instructions POWER SUPPLY INSTALLATION Connect the power supply cord to the power jack on the Motorola Netopia® Gateway. Plug the power supply into an appropriate electrical outlet. ☛ CAUTION: Depending on the power supply provided with the product, either the direct plug-in power sup- ply blades, power supply cord plug or the appliance coupler serves as the mains power discon- nect.
  • Page 21: Wichtige Sicherheitshinweise

    Wichtige Sicherheitshinweise NETZTEIL INSTALLIEREN Verbinden Sie das Kabel vom Netzteil mit dem Power-Anschluss an dem Motorola Netopia® Gateway. Stecken Sie dann das Netzteil in eine Netzsteckdose. ☛ Achtung: Abhängig von dem mit dem Produkt gelieferten Netzteil, entweder die direkten Stecker- netzgeräte, Stecker vom Netzkabel oder der Gerätekoppler dienen als Hauptspannungsunter-...
  • Page 22: Setting Up The Motorola Netopia® Gateway

    PC or local area network, and your Internet access point, whether it is a dedicated DSL outlet or a DSL or cable modem. Different Motorola Netopia® Gateway models are supplied for any of these con- nections. Be sure to enable Dynamic Addressing on your PC. Perform the following: Microsoft Windows: Step 1.
  • Page 23 c. Windows Vista is set to obtain an IP address automatically by default. You may not need to configure it at all. To check, open the Networking Control Panel and select Internet Protocol Version 4 (TCP/IPv4). Click the Properties button. The Internet Protocol Version 4 (TCP/IPv4) Properties window should appear as shown.
  • Page 24: Macintosh Macos 8 Or Higher Or Mac Os X

    Apple Menu -> System Preferences -> Network a path like this: Then go to Step 2. Step 2. Select Built-in Ethernet Step 3. Select Configure Using DHCP Step 4. Close and Save, if prompted. Proceed to “Configuring the Motorola Netopia® Gateway” on page...
  • Page 25: Configuring The Motorola Netopia® Gateway

    • A user may NOT change the configuration, perform upgrades or invoke maintenance functions. For the security of your connection, an Admin password must be set on the Motorola Netopia® unit. MiAVo VDSL and Ethernet WAN models Quickstart The browser then displays the Quickstart page.
  • Page 26 Administrator’s Handbook Once a connection is established, your browser is redirected to your service provider’s home page or a registration page on the Internet. ☛ NOTE: For MiAVo Series (3397GP) models, skip the rest of this section. Congratulations! Your configuration is complete. You can skip to “Home Page - Basic Mode”...
  • Page 27: Pppoe Quickstart

    Connect to the Internet Once you enter your username and password here, you will no longer need to enter them whenever you access the Internet. The Motorola Netopia® Gateway stores this information and automatically connects you to the Internet. The Gateway displays a message while it configures itself.
  • Page 28: Set Up The Motorola Netopia® Pocket Gateway

    Whether you use the CD (Windows 98) or not (all other Windows versions), on Windows-based PCs, the Motorola Netopia® Installation Wizard will launch automatically. The Motorola Netopia® Installation Wizard will assist you to configure your PC to work with the Motorola Netopia® pocket Gateway. Follow the on-screen instructions.
  • Page 29 The Wizard displays a success message when the settings are configured. The Motorola Netopia® Installation Wizard will then launch your web browser and display the Welcome page where you configure your Motorola Netopia® Pocket Gateway.
  • Page 30: Motorola Netopia® Gateway Status Indicator Lights

    Administrator’s Handbook Motorola Netopia® Gateway Status Indicator Lights Colored LEDs on your Motorola Netopia® Gateway indicate the status of various port activity. Different Gateway models have different ports for your connections and different indicator LEDs. The Quickstart Guide accompanying your Motorola Netopia® Gateway describes the behavior of the various indicator LEDs.
  • Page 31: Home Page - Basic Mode

    Home Page - Basic Mode After you have performed the basic Quickstart configuration, any time you log in to your Motorola Netopia® Gateway you will access the Motorola Netopia® Gateway Home Page. http://192.168.1.254 You access the Home Page by typing in your Web browser’s location box.
  • Page 32 Administrator’s Handbook The Home Page displays the following information in the center section: Item This is the unique serial number of your Gateway. Serial Number This is the version number of the current embedded software in your Gate- Software way. Release This is the date that your Gateway was installed and enabled.
  • Page 33: Manage My Account

    Link: Manage My Account You can change your ISP account information for the Motorola Netopia® Gateway. You can also manage other aspects of your account on your service provider’s account management Web site. Manage My Account Click on the link. The Manage My Account page appears.
  • Page 34: Status Details

    Link: Status Details If you need to diagnose any problems with your Motorola Netopia® Gateway or its connection to the Inter- net, you can run a sophisticated diagnostic tool. It checks several aspects of your physical and electronic connection and reports its results on-screen. This can be useful for troubleshooting, or when speaking with a technical support technician.
  • Page 35: Enable Remote Management

    This link allows you to authorize a remotely-located person, such as a support technician, to directly access your Motorola Netopia® Gateway. This is useful for fixing configuration problems when you need expert help. You can limit the amount of time such a person will have access to your Gateway. This will prevent unauthorized individuals from gaining access after the time limit has expired.
  • Page 36: Expert Mode

    Most users will find that the basic Quickstart configuration is all that they ever need to use. Some users, however, may want to do more advanced configuration. The Motorola Netopia® Gateway has many advanced features that can be accessed and configured through the Expert Mode pages.
  • Page 37: Update Firmware

    Link: Update Firmware ☛ NOTE: (This link is not available on the 3342/3352 models, since firmware updates must be upgraded via the USB host driver. 3342N/3352N models do support this feature.) Periodically, the embedded firmware in your Gateway may be updated to improve the operation or add new features.
  • Page 38: Factory Reset

    Link: Factory Reset In some cases, you may need to clear all the configuration settings and start over again to program the Motorola Netopia® Gateway. You can perform a factory reset to do this. Factory Reset Click on to reset the Gateway back to its original factory default settings.
  • Page 39: Chapter 3 Expert Mode

    CHAPTER 3 Expert Mode Using the Expert Mode Web-based user interface for the Motorola Netopia® 2200-, 3300- and 7000-series Gateway you can configure, troubleshoot, and monitor the status of your Gateway. Accessing the Expert Web Interface Open the Web Connection Once your Gateway is powered up, you can use any recent version of the best-known web browsers such as Netscape Navigator or Microsoft Internet Explorer from any LAN-attached PC or workstation.
  • Page 40 Administrator’s Handbook You are challenged to confirm your choice. Click The Home Page opens in Expert Mode.
  • Page 41: Home Page - Expert Mode

    Home Page - Expert Mode The Home Page is the summary page for your Motorola Netopia® Gateway. The toolbar at the top provides links to controlling, configuring, and monitoring pages. Critical configuration and operational status is dis- played in the center section.
  • Page 42 WAN Users Displays the number of users allotted and the total number available for use. IP Address Internal IP address of the Motorola Netopia® Gateway. Netmask Defines the IP subnet for the LAN Default is 255.255.255.0 for a Class C device DHCP Server On or Off.
  • Page 43: Toolbar

    Toolbar The toolbar is the dark blue bar at the top of the page containing the major navigation buttons. These but- tons are available from almost every page, allowing you to move freely about the site. Home Configure Troubleshoot Quickstart System Status Network Tools Diagnostics...
  • Page 44: Restart

    Administrator’s Handbook Restart Button: Restart The Restart button on the toolbar allows you to restart the Gateway at any time. You will be prompted to confirm the restart before any action is taken. The Restart Confirmation message explains the conse- quences of and reasons for restarting the Gateway.
  • Page 45: Alert Symbol

    Link: Alert Symbol The Alert symbol appears in the upper right corner if you make a database change; one in which a change is made to the Gateway’s configuration. The Alert serves as a reminder that you must Save the changes and Restart the Gateway before the change will take effect.
  • Page 46: Help

    Administrator’s Handbook Help Button: Help Context-sensitive Help is provided in your Gateway. The page shown here is displayed when you are on the Security -> Pass- Home page or other transitional pages. To see a context help page example, go to words Help , then click...
  • Page 47: Configure

    Configure Button: Configure The Configuration options are presented in the order of likelihood you will need to use them. Quickstart is typically accessed during the hardware installation and initial configuration phase. Often, these settings should be changed only in accordance with information from your Service Provider. LAN and WAN settings are available to fine-tune your system.
  • Page 48 Administrator’s Handbook A brief message is displayed while the Gateway attempts to establish a connection. When the connection succeeds, your browser will display your Service Provider’s home page. If you encounter any problems connecting, refer to the chapters “Advanced Troubleshooting” on page “Basic Troubleshooting”...
  • Page 49: Lan

    Link: * Enable Interface: Enables all LAN-connected computers to share resources and to connect to the WAN. The Interface should always be enabled unless you are instructed to disable it by your Service Provider dur- ing troubleshooting. * IP Address: The LAN IP Address of the Gateway. The IP Address you assign to your LAN interface must not be used by another device on your LAN network.
  • Page 50 IP address falls outside of the LAN subnet(s) to simply plug in and get online without any manual configuration on either the host or the Motorola Netopia® Gateway. If enabled, statically addressed LAN hosts that have an address outside of LAN subnets will be able to communicate via the Router’s WAN interface to the Internet.
  • Page 51 ☛ Note: You need not use this screen if you have only a single Ethernet IP subnet. This screen displays seven rows of editable columns. All seven row labels are always visible, regardless of the number of subnets configured. • To add an IP subnet, select one of the rows, and click the Check the Enabled checkbox and click the The screen expands to allow you to enter subnet information.
  • Page 52 Administrator’s Handbook • DHCP Server: Your Gateway can provide network configuration information to computers on your LAN, using the Dynamic Host Configuration Protocol (DHCP). use the configuration information; DHCP calls this period the lease time. Your Service Provider may, for certain services, want to provide configuration from its DHCP servers to the computers on your LANs.
  • Page 53: Wireless

    Off - No Privacy. WEP-Manual is also available on the Advanced Configuration Options page. vacy” on page 54. ☛ NOTE: On the 2200-Series Gateways, WEP-Manual privacy is enabled by default. Use the Motorola Netopia® Installation Wizard on the accompanying Motorola Netopia® CD to generate WEP keys for connecting wireless client computers. See “Pri-...
  • Page 54: Privacy

    Administrator’s Handbook Privacy • Off - No Privacy provides no encryption on your wireless LAN data. • WPA-802.1x provides RADIUS server authentication support. • WPA-PSK provides Wireless Protected Access, the most secure option for your wireless network. This mechanism provides the best data protection and access control. The Pre Shared Key is a passphrase shared between the Router and the clients and is used to gener- ate dynamically changing keys.
  • Page 55 You select a single key for encryption of outbound traffic. The WEP-enabled client must have an identical key of the same length, in the identical slot (1 – 4) as the Gateway, in order to successfully receive and decrypt the traffic. Similarly, the client also has a ‘default’ key that it uses to encrypt its transmissions. In order for the Gateway to receive the client’s data, it must likewise have the identical key of the same length, in the same slot.
  • Page 56: Advanced

    Administrator’s Handbook Advanced Advanced If you click the link, the advanced 802.11 Wireless Settings page appears. Note: This page displays different options depending on which form of Privacy or other options you have enabled. You can then configure: Operating Mode: The pull-down menu allows you to select and lock the Gateway into the wireless trans- mission mode you want.
  • Page 57: About Closed System Mode

    Netopia® Gateway. Once the Motorola Netopia® Gateway is located by a client computer, by setting the client to a matching SSID, the client can connect immediately if WEP is not enabled. If WEP is enabled then the client must also have WEP enabled and a matching WEP key.
  • Page 58 Administrator’s Handbook ☛ NOTE: While clients may also have a passphrase feature, these are vendor-specific and may not nec- essarily create the same keys. You can passphrase generate a set of keys on one, and manu- ally enter them on the other to get around this. Block Wireless Bridging: Check the checkbox to block wireless clients from communicating with other wireless clients on the LAN side of the Gateway.
  • Page 59: Wpa Version Allowed

    Encryption Key #1 – #4: The encryption keys. You enter keys using hexadecimal digits. For 40/64bit encryption, you need ten digits; 26 digits for 128bit, and 58 digits for 256bit WEP. Hexadecimal characters are 0 – 9, and a – f. Examples: •...
  • Page 60 Administrator’s Handbook The screen expands to allow you to name each additional Wireless ID, and specify a Privacy mode for each one.
  • Page 61 Privacy modes available from the pull-down menu for the multiple SSIDs are: WPA-PSK, WPA-802.1x, or Off-No Privacy. WEP can also be selected on the additional SSIDs as long as it is not used on the primary SSID. WEP can only be used on one SSID, so any others will not have WEP available. These additional Wireless IDs are “Closed System Mode”...
  • Page 62: Wifi Multimedia

    Administrator’s Handbook WiFi Multimedia WiFi Multimedia is an advanced feature that allows you to prioritize various types of data travelling over the wireless network. Certain types of data that are sensitive to delays, such as voice or video, must be priori- tized ahead of other, less delay-sensitive types, such as email.
  • Page 63: Wireless Mac Authorization

    The screen expands. Router EDCA Parameters (Enhanced Distributed Channel Access) govern wireless data from your Gate- way to the client; Client EDCA Parameters govern wireless data from the client to your Gateway. ☛ NOTE: It is not recommended that you modify these settings without direct knowledge or instructions to do so.
  • Page 64 Administrator’s Handbook be accepted onto the wireless LAN. All unlisted addresses will be blocked, in addition to the listed addresses with Allow disabled. MAC Authorization To enable Wireless MAC Authentication, click the link. When the Wireless MAC Authentication screen appears, check the Enable Wireless MAC Authorization checkbox: The screen expands as follows: Click the...
  • Page 65: Use Radius Server

    are added to the Authorized list. Your entry will be added to a list of up to 32 authorized addresses as shown: Edit Delete You can continue to , or addresses to the list by clicking the respective buttons. After your first entry, the Alert icon will appear in the upper right corner of your screen.
  • Page 66 Administrator’s Handbook • RADIUS Server Addr/Name: The default RADIUS server name or IP address that you want to use. • RADIUS Server Secret: The RADIUS secret key used by this server. The shared secret should have the same characteristics as a normal password. •...
  • Page 67: Wan

    Link: When you click the link, the WAN IP configuration page appears. This page varies depending on the WAN interface of your Motorola Netopia® Gateway. WAN IP Interfaces: Your IP interfaces are listed. PPP over Ethernet interface PPP over Ethernet Click the The WAN IP Interface page appears.
  • Page 68 Administrator’s Handbook Restrictions: This setting determines the types of traffic the Gateway accepts from the WAN. Admin Dis- abled means that Gateway traffic is accepted but administrative commands are ignored. None means that all traffic is accepted. When PPP is enabled, Admin Disabled is the default. DHCP/PPPoE/PPPoA Autosensing: fails to connect after 60 seconds, it switches to DHCP.
  • Page 69: Advanced

    RIP Receive Mode: Routing Information Protocol (RIP) is needed if there are IP routers on other seg- ments of your Ethernet network that the Motorola Netopia® Gateway needs to recognize. Set to Off, Netopia Embedded Software Version 7.7.4 will not accept information from either RIP-1 nor RIP-2 rout- ers.
  • Page 70: Ethernet Wan Interface

    Administrator’s Handbook LCP Settings: Authentication: Select Off, PAP and/or CHAP, PAP only, or CHAP only from the pull-down menu. The settings for port authentication on the Gateway must match the authentication expected by the remote sys- tem. The username and passwords are available on the WAN IP Interfaces page. MRU: Specifies the Maximum Receive Unit for the PPP Interface.
  • Page 71 The WAN IP Interface page appears. Enable Interface: You can disable the interface by unchecking the checkbox. However, doing so will dis- able all ability for your LAN users to connect to the WAN using the Gateway. Obtain IP Address Automatically: Your service provider may tell you that the WAN IP Address for your Gateway is static.
  • Page 72 RIP Receive Mode: Routing Information Protocol (RIP) is needed if there are IP routers on other segments of your Ethernet network that the Motorola Netopia® Gate- way needs to recognize. Set to Off, Netopia Embedded Software Version 7.7.4 will not accept information from either RIP-1 nor RIP-2 routers.
  • Page 73: Wan Ethernet And Vdsl Gateways

    WAN Ethernet and VDSL Gateways To allow for concurrent PPPoE and IPoE support on WAN Ethernet Gateways, including VDSL units, PPPoE with IPoE is available on the PPPoE configuration page. Checking the checkbox will provide this concurrent support. When you enable PPPoE with IPoE, the additional WAN interface becomes available for configuration.
  • Page 74 Administrator’s Handbook Your Motorola Netopia® ADSL Gateway supports VPI/VCI autodetection by default. If VPI/VCI autodetec- tion is enabled, the ATM Circuits page displays VPI/VCI = 0. If you configure a new ATM VPI/VCI pair, upon saving and restarting, autodetection is disabled and only the new VPI/VCI pair configuration will be enabled.
  • Page 75 Once the VCCs have been configured, the WAN IP Interfaces screen displays the additional interface which you can then configure as required.
  • Page 76 Administrator’s Handbook ATM Traffic Shaping: You can prioritize delay-sensitive data by configuring the Quality of Service (QoS) characteristics of the virtual circuit. Click the You can choose UBR (Unspecified Bit Rate), CBR (Constant Bit Rate), or VBR (Variable Bit Rate) from the pull-down menu and set the Peak Cell Rate (PCR) in the editable field.
  • Page 77 Class Transmit Priority Comments PCR is a cap High PCR is a guaranteed rate High PCR > SCR. SCR is a guaranteed rate. PCR is a cap.
  • Page 78: Advanced

    Administrator’s Handbook Link: Advanced Selected Advanced options are discussed in the pages that follow. Many are self-explanatory or are dic- tated by your service provider. The following are typical links under Configure -> Advanced (some models offer other links):...
  • Page 79: Ip Static Routes

    • Gateway: Enter the IP address of the gateway for the static route. The default gateway must be located on a network connected to your Motorola Netopia® Gateway configured interface. • Metric: Specifies the hop count for the static route. Enter a number from 1 to 15 to indicate the number of routes (actual or best guess) a packet must traverse to reach the remote network.
  • Page 80 Administrator’s Handbook • RIP Advertise: From the pull-down menu, choose how the static route should be advertised via RIP: • Split Horizon: Do not advertise route if the gateway is on the same subnet. • Always: Advertise route in all RIP messages. •...
  • Page 81: Ip Static Arp

    Link: IP Static ARP Your Gateway maintains a dynamic Address Resolution Protocol (ARP) table to map IP addresses to Ether- net (MAC) addresses. It populates this ARP table dynamically, by retrieving IP address/MAC address pairs only when it needs them. Optionally, you can define static ARP entries to map IP addresses to their corre- sponding Ethernet MAC addresses.
  • Page 82: Pinholes

    IP traffic through to your LAN. Application 1 : You have a Web server located on your LAN behind your Motorola Netopia® Gateway and would like users on the Internet to have access to it. With NAT “On”, the only externally visible IP address on your network is the Gateway’s WAN IP (supplied by your Service Provider).
  • Page 83 ☛ TIPS for making Pinhole Entries: 1. If the port forwarding feature is required for Web services, ensure that the embedded Web server’s port number is re-assigned PRIOR to any Pinhole data entry. 2. Enter data for one Pinhole at a time. 3.
  • Page 84: Pinhole Configuration Procedure

    Pinhole Configuration Procedure. From the Configure toolbar button -> Since Port Forwarding is required for this example, the Motorola Netopia® embedded Web server is con- figured first. ☛ NOTE: The two text boxes, Web (HTTP) Server Port and Telnet Server Port, on this page refer to the port numbers of the Motorola Netopia®...
  • Page 85 Click on the Add or Edit more Pinholes Type the specific data for the second Pinhole. Click on the Add or Edit more Pinholes Type the specific data for the third Pinhole. ☛ NOTE: Note the following parameters for the “my-games” Pinhole: 1.
  • Page 86 Administrator’s Handbook Click on the Add or Edit more Pinholes rect. Click the Alert icon. Click the Save and Restart that the parameters are properly saved. ☛ NOTE: REMEMBER: When you have re-assigned the port address for the embedded Web server, you can still access this facility.
  • Page 87: Ipmaps

    IPMaps supports one-to-one Network Address Translation (NAT) for IP addresses assigned to servers, hosts, or specific computers on the LAN side of the Motorola Netopia® Gateway. A single static or dynamic (DHCP) WAN IP address must be assigned to support other devices on the LAN.
  • Page 88: Ipmaps Block Diagram

    Administrator’s Handbook IPMaps Block Diagram The following diagram shows the IPMaps principle in conjunction with existing Motorola Netopia® NAT oper- ations: WAN Interface Static IP Addresses for IPMaps Applications 143.137.50.37 143.137.50.36 143.137.50.35 Static IP Addresses DHCP/PPP Served IP Address for Netopia’s default NAT/PAT...
  • Page 89: Default Server

    Link: Default Server This feature allows you to: • Direct your Gateway to forward all externally initiated IP traffic (TCP and UDP protocols only) to a default host on the LAN. Enable it for certain situations: – Where you cannot anticipate what port number or packet protocol an in-bound application might use.
  • Page 90: Nat Combination Application

    The public WAN IP is assigned and reused on a LAN computer. Gateway Ethernet Interface Embedded NAT Default Web Server Server 210.219.41.20 (Port 80 default) Motorola Netopia®’s NAT security feature allows you to configure a LAN STN #3 192.168.1.3 LAN STN #2 192.168.1.2 NAT protected NAT Default Server 192.168.1.1...
  • Page 91: A Restriction

    • DHCP address serving can automatically serve the WAN IP address to a LAN computer. When DHCP is used for addressing the designated passthrough PC, the acquired or configured WAN address is passed to DHCP, which will dynamically configure a single-servable-address subnet, and reserve the address for the configured MAC address.
  • Page 92: Differentiated Services

    Administrator’s Handbook Link: Differentiated Services Differentiated Services When you click the appears. Differentiated Services (Diffserv) allow your Gateway to make Quality of Service (QoS) decisions about what path Internet traffic, such as Voice over IP (VoIP), should travel across your network. For example, you may want streaming video conferencing to use high quality, but more restrictive, connections, or, you might want e-mail to use less restrictive, but less reliable, connections.
  • Page 93 • To define a custom flow, click the The Custom Flow Entry screen appears. will be ignored. • Outside IP Address/Netmask – If you want traffic destined for and originating from a certain WAN IP address to be controlled, enter the IP address and subnet mask here. If you leave the default all-zeroes, the outside address check is ignored.
  • Page 94 Administrator’s Handbook • Quality of Service (QoS) – This is the Quality of Service setting for the flow, based on the TOS bit information. Select Expedite, Assure, or Off (default) from the pull-down menu. The following table out- lines the TOS bit settings and behavior: QoS Setting TOS Bit Value TOS=000...
  • Page 95: Dns

    Link: Your Service Provider may maintain a Domain Name server. If you have the information for the DNS serv- ers, enter it on the DNS page. If your Gateway is configured to use DHCP to obtain its WAN IP address, the DNS information is automatically obtained from that same DHCP Server.
  • Page 96: Dhcp Server

    Administrator’s Handbook Link: DHCP Server Your Gateway can provide network configuration information to computers on your LAN, using the Dynamic Host Configuration Protocol (DHCP). If you already have a DHCP server on your LAN, you should turn this service off. Server Mode If you want the Gateway to provide this service, select Server from the pull-down menu,...
  • Page 97: Radius Server

    Link: RADIUS Server RADIUS servers allow external authentication of users by means of a remote authentication database. The remote authentication database is maintained by a Remote Authentication Dial-In User Service (RADIUS) server. In conjunction with Wireless User Authentication, you can use a RADIUS server database to authen- ticate users seeking access to the wireless services, as well as the authorized user list maintained locally within the Gateway.
  • Page 98: Snmp

    SNMP agent. In this case, the Motorola Netopia® Gateway is an SNMP agent. Your Gateway supports SNMP-V1, with the exception of most sets (read-only and traps), and SNMP-V2. (For certain parts of the resNatParams, resDslParams, resSecParams –...
  • Page 99 The Notification Type pull-down menu allows you to configure the type of SNMP notifications that will be generated: • v1 Trap – This selection will generate notifications containing an SNMPv1 Trap Protocol Data Unit (PDU) • v2 Trap – This selection will generate notifications containing an SNMPv2 Trap PDU •...
  • Page 100: Igmp (Internet Group Management Protocol)

    field, or sending out company newsletters to a distribution list. Since a router should not be used as a passive forwarding device, Motorola Netopia® Gateways use a pro- tocol for forwarding multicasting: Internet Group Management Protocol (IGMP).
  • Page 101 You can set the following options: • IGMP Snooping – checking this checkbox enables the Motorola Netopia® Gateway to “listen in” to IGMP traffic. The Gateway discovers multicast group membership for the purpose of restricting multicast transmissions to only those ports which have requested them. This helps to reduce overall network traffic from streaming media and...
  • Page 102: Upnp

    By default, UPnP is enabled on the Motorola Netopia® Gateway. For Windows XP users, the automatic discovery feature places an icon representing the Motorola Netopia® Gateway automatically in the “My Network Places” folder. Double-clicking this icon opens the Gateway’s web UI.
  • Page 103: Lan Management

    TR-064 is a LAN-side DSL Gateway configuration specification. It is an extension of UPnP. It defines more services to locally manage the Motorola Netopia® Gateway. While UPnP allows open access to configure the Gateway's features, TR-064 requires a password to execute any command that changes the Gateway's configuration.
  • Page 104: Ethernet Bridge

    Ethernet Bridge The Motorola Netopia® Gateway can be used as a bridge, rather than a router. A bridge is a device that joins two networks. As an Internet access device, a bridge connects the home computer directly to the ser- vice provider’s network equipment with no intervening routing functionality, such as Network Address Trans-...
  • Page 105: Configuring For Bridge Mode

    Configuring for Bridge Mode Browse into the Motorola Netopia® Gateway’s web interface. Click on the Configure button in the upper Menu bar. Click on the link. The LAN page appears. In the box titled LAN IP Interface (Ethernet 100BT): Make note of the Ethernet IP Address and subnet mask.
  • Page 106 WAN. You will need to make configurations to your machines on your LAN. These settings must be made in accordance with your ISP. If you ever need to get back into the Motorola Netopia® Gateway again for management reasons, you will need to manually configure your machine to be in the same subnet as the Ethernet interface of the Motorola Netopia®, since DHCP server is not operational in bridge mode.
  • Page 107: Vlan

    (QoS). In effect, a single Motorola gateway acts as separate virtual gateways for each distinct ser- vice being delivered.
  • Page 108: Ethernet Switching/Policy Setup

    Administrator’s Handbook - WAN-side VLAN with Multiple WAN IPoE interface support and IP interface-to-VLAN binding - LAN-side VLAN with IP interface-to-VLAN binding - Inter-VLAN routing • Bridged VLANs - these VLANs are used to bridge traffic from LAN to WAN •...
  • Page 109 An example of multiple VLANs, using a Motorola Netopia® Gateway with VGx managed switch technology, is shown below: A VLAN Model Combining Bridging and Routing To configure VLANs check the Enable checkbox. Edit To create a VLAN select a list item from the main VLAN page and click the...
  • Page 110 Administrator’s Handbook The VLAN Entry page appears. Check the Enable checkbox, and enter a descriptive name for the VLAN. You can create up to 16 VLANs, and you can also restrict any VLAN, and the computers on it, from adminis- tering the Gateway.
  • Page 111 Wireless IDs on page • For Motorola Netopia® VGx technology models, separate Ethernet switch ports are displayed and may be configured. To enable any of them on this VLAN, check the associated Enable checkbox(es). Typically you will choose a physical port, such as an Ethernet port (example: eth0.1) or a wireless SSID (example: ssid1).
  • Page 112 Administrator’s Handbook Tag – Packets transmitted from this port through this VLAN must be tagged with the VLAN VID. Packets received through this port destined for this VLAN must be tagged with the VLAN VID by the source. The Tag option is only available on Global type ports. Priority –...
  • Page 113 • When you select an IP interface, the screen expands to allow you to configure Inter-Vlan-Groups. Inter-VLAN groups allow VLANs in the group to route traffic to the others; ungrouped VLANs cannot route traffic to each other. Submit • Click the button.
  • Page 114 Administrator’s Handbook You can Edit, Clear, Enable, or Disable your VLAN entries by returning to the VLANs page, and selecting the appropriate entry from the displayed list. • When you are finished, click the Alert icon Save and Restart resulting screen, click the To view the settings for each VLAN, select the desired VLAN from the list and click the Details button.
  • Page 115 The screen expands to display the VLAN settings.
  • Page 116: Example

    Administrator’s Handbook Example The following is a simple example of how you might configure some VLANs: You want to configure a 3347NWG-VGx Gateway with two SSIDs (see information) for two VLANs, allowing both access to the Internet. One SSID will be in the same VLAN as the four ports of the Ethernet Switch, so that those two networks can communicate.
  • Page 117 In this case, select all the physical Ethernet ports: eth0.1 through eth0.4, and wireless ssid1. Select ip-eth-a, the IP interface for the group. This will be Inter-Vlan-Group #1. Check the Group-1 checkbox. These ports will be able to communicate with each other. Click the Submit button.
  • Page 118 Administrator’s Handbook Click the Submit button. In the Port Configuration for VLAN: 2 page, you add the Port Interfaces you want asso- ciated with the VLAN. Select the ip-eth-a port interface and check the ssid2 port interface. Make this VLAN a member of Inter-Vlan-Group Group-2.
  • Page 119 Once you have finished with the configuration of the VLANs, click the Alert icon in the upper right hand corner. This will validate that the settings are legal for your network. Click the Save and Restart This will restart the Motorola Netopia® Gateway and retain the VLAN configuration. link.
  • Page 120: Voip

    Session Initiation Protocol (SIP), to transmit sound over a network or the Internet in the form of data packets. Certain Motorola Netopia® Gateway models have two separate voice ports for connecting tele- phone handsets. These models support VoIP. If your Gateway is a VoIP model, you can configure the VoIP features.
  • Page 121 Registration Interval Length of time the VoIP registration will be valid before it will be (in secs) renewed. Default is 1 hour. Registrar Server Registration Server name or IP address. Registrar Port Registration Server port. Default is 5060. Proxy Server Proxy server name or IP address.
  • Page 122 Administrator’s Handbook Proxy Port Outbound Proxy Server Outbound Proxy Port User Display Name SIP User Name SIP User Password Auth User ID DTMF Mode Enable End of Dial Marker Enable Call Fowarding Unconditionally Enable Call Forwarding On Busy Enable Call Forwarding On No Answer Enable Waiting Enable Conferencing...
  • Page 123 The Home page for a VoIP-enabled Gateway with both phone lines registered is shown below.
  • Page 124: System

    Administrator’s Handbook Link: System The System Name defaults to your Gateway's factory identifier combined with its serial number. Some cable-oriented Service Providers use the System Name as an important identification and support parame- ter. The System Name can be 1 – 255 characters long; it can include embedded spaces and special charac- ters.
  • Page 125: Syslog Parameters

    Link: Syslog Parameters You can configure a UNIX-compatible syslog client to report a number of subsets of the events entered in the Gateway’s WAN Event History. Syslog sends log-messages to a host that you specify. To enable syslog logging, click on the Check the Syslog checkbox.
  • Page 126: Log Event Messages

    Administrator’s Handbook Log Event Messages 1. administrative access attempted: 2. administrative access authenticated and allowed: 3. administrative access allowed: 4. administrative access denied - invalid user name: 5. administrative access denied - invalid password: 6. administrative access denied - telnet access not allowed: 7.
  • Page 127 DSL Log Messages (most common): 5. PPP: Channel <ID> This log message is generated when a PPP channel comes up. up Dialout Profile name: <Profile Name> 6. PPP-<WAN This log message is generated when a PPP channel goes down. The Instance>...
  • Page 128 Administrator’s Handbook 13. dropped - reas- sembly timeout: 14. dropped - illegal size: Access-related Log Messages This log-message is generated whenever packets, traversing the router or destined to the router itself, are dropped because of reas- sembly timeout. This log-message is generated whenever packets, traversing the router or destined to the router itself, are dropped during reassembly because of illegal packet size in a fragment.
  • Page 129: Internal Servers

    Web (HTTP) Server Port: To reassign the port number used to access the Motorola Netopia® embedded Web server, change this value to a value greater than 1024. When you next access the embedded Motorola Netopia® Web server, append the IP address with <port number>, (e.g. Point your browser to http:// 210.219.41.20:8080).
  • Page 130: Software Hosting

    Administrator’s Handbook Link: Software Hosting Software Hosting allows you to host internet applications when NAT is enabled. User(PC) specifies the machine on which the selected software is hosted. You can host different games and software on different PCs. To select the games or software that you want to host for a specific PC, highlight the name(s) in the box on the left side of the screen.
  • Page 131: List Of Supported Games And Software

    List of Supported Games and Software Age of Empires, v.1.0 Asheron's Call Buddy Phone Citrix Metaframe/ICA Client Close Combat III: The Russian Front, v 1.0 Dark Reign Diablo II Server Dune 2000 F-16, Mig 29 Half Life Hexen II HTTPS IMAP Client IPSec Kali...
  • Page 132: Rename A User(Pc)

    Administrator’s Handbook Roger Wilco Rogue Spear SMTP SNMP StarCraft Starfleet Command Telnet TFTP Timbuktu Total Annihilation Unreal Tournament Server Urban Assault, v 1.0 Westwood Online, Command Win2000 Terminal Server and Conquer Yahoo Messenger Chat Yahoo Messenger Phone Rename a User(PC) If a PC on your LAN has no assigned host name, you can assign one by clicking the link.
  • Page 133: Backup

    Link: Backup The purpose of Backup is to provide a recovery mechanism in the event that the primary connection fails. A failure can be either line loss, for example by central site switch failure or physical cable breakage, or loss of end-to-end connectivity.
  • Page 134: Automatic Options

    Administrator’s Handbook Once Backup is configured, a new field appears in the Home Page. If your DSL WAN link fails, you can switch to your Backup Gateway by clicking the Automatic options If you select automatic as your Backup option, the screen expands to allow you to enter additional informa- tion.
  • Page 135 • From the pull-down menu, select the Interface Type to which you want to direct the backup connection. If you have defined multiple VCCs, you can choose a secondary one. Otherwise, to backup to an IP device on the LAN, choose IP Address. The screen expands to allow you to enter an IP address of your Backup Gateway.
  • Page 136: Ethernet Mac Override

    Administrator’s Handbook Link: Ethernet MAC Override (Only available on models with Ethernet WAN interfaces, such as the 338X-series or VDSL Gateways.) Your Gateway comes with its own MAC (Media Access Control) address, also called the Hardware Address, a 12 character number unique for each LAN-connected device. Your Service Provider, particularly cable service providers, may instruct you to override the default MAC address.
  • Page 137: Clear Options

    Link: Clear Options To restore the factory configuration of the Gateway, choose Clear Options. You may want to upload your configuration to a file before performing this function. You can do this using the upload command via the command-line interface. See the upload command on page 238.
  • Page 138: Time Zone

    Administrator’s Handbook Link: Time Zone Time Zone link, the Time Zone page appears. When you click the You can set your local time zone by selecting the number of hours your time zone is distant from Greenwich Mean Time (GMT +12 – -12) from the pull-down menu. This allows you to set the time zone for access con- trols and in general.
  • Page 139: Security

    Security Button: Security The Security features are available by clicking on the Security toolbar button. Some items of this category do not appear when you log on as User.
  • Page 140: Passwords

    Motorola Netopia® Gateway settings from unauthorized display or modification. • Admin level privileges let you display and modify all settings in the Motorola Netopia® Gateway (Read/ Write mode). The Admin level password is created when you first access your Gateway.
  • Page 141 Enter your new password again in the You confirm the new password to verify that you entered it correctly the first time. When you are finished, click the the Motorola Netopia® unit’s memory. Password changes are automatically saved, and take effect immediately. Confirm Password field.
  • Page 142: Firewall

    • ClearSailing ClearSailing, BreakWater's default setting, supports both inbound and outbound traffic. It is the only basic firewall setting that fully interoperates with all other Motorola Netopia® software features. • SilentRunning Using this level of firewall protection allows transmission of outbound traffic on pre-configured TCP/UDP ports.
  • Page 143: Tips For Making Your Breakwater Basic Firewall Selection

    Basic Firewall Background As a device on the Internet, a Motorola Netopia® Gateway requires an IP address in order to send or receive traffic. The IP traffic sent or received have an associated application port which is dependent on the nature of the connection request.
  • Page 144 Motorola Netopia® server http external http Motorola Netopia® server Enabled DHCP client DHCP server snmp ping (ICMP) This table shows how outbound traffic is treated. Outbound means the traffic is coming from the LAN-side computers into the LAN side of the Gateway.
  • Page 145 ☛ NOTE: The Gateway’s WAN DHCP client port in SilentRunning mode is enabled. This feature allows end users to continue using DHCP-served IP addresses from their Service Providers, while hav- ing no identifiable presence on the Internet.
  • Page 146: Ipsec

    Administrator’s Handbook Link: IPSec IPSec When you click on the link, the IPSec configuration screen appears. Your Gateway can support two mechanisms for IPSec tunnels: • IPSec PassThrough supports Virtual Private Network (VPN) clients running on LAN-connected comput- ers. Normally, this feature is enabled. You can disable it if your LAN-side VPN client includes its own NAT interoperability option.
  • Page 147: Safeharbour Ipsec Vpn

    SafeHarbour IPSec VPN SafeHarbour VPN IPSec Tunnel provides a single, encrypted tunnel to be terminated on the Gateway, mak- ing a secure tunnel available for all LAN- connected users. This implementation offers the following: • Eliminates the need for VPN client software on individual PCs. •...
  • Page 148: Configuring A Safeharbour Vpn

    Administrator’s Handbook Configuring a SafeHarbour VPN Use the following procedure to configure your SafeHarbour tunnel. Obtain your configuration information from your network administrator. The tables “Parameter Descriptions” on page 151 for your tunnel. Not all of them need to be changed from the defaults for every VPN tunnel. Consult with your network administrator.
  • Page 149 Table 1: IPSec Tunnel Details Parameter Setup Worksheet Motorola Netopia® Parameter Name Peer Internal Network Peer Internal Netmask NAT Enable On/Off PAT Address Negotiation Method Main/Aggressive Local ID Type IP Address Subnet Hostname ASCII Local ID Address/Value Local ID Mask...
  • Page 150 Administrator’s Handbook Be sure that you have SafeHarbour VPN enabled. SafeHarbour is a keyed feature. Motorola Netopia® Software Feature Keys. Check the Enable SafeHarbour IPSec Checking this box will automatically display the SafeHarbour IPSec Tunnel Entry parameters. Enter the initial group of tunnel parameters. Refer to your Setup Worksheet and the “Parameter Descriptions”...
  • Page 151: Parameter Descriptions

    Parameter Descriptions The following tables describe SafeHarbour’s parameters that are used for an IPSec VPN tunnel configura- tion: Table 2: IPSec Configuration page parameters Field Name The Name parameter refers to the name of the configured tunnel. This is mainly used as an identifier for the administrator. The Name parameter is an ASCII value and is limited to 31 characters.
  • Page 152 Invalid SPI Enabling this allows the Gateway to re-establish the tunnel if either the Recovery Motorola Netopia® Gateway or the peer gateway is rebooted. Soft MBytes Setting the Soft MBytes parameter forces the renegotiation of the IPSec Security Associations (SAs) at the configured Soft MByte value. The value can be configured between 1 and 1,000,000 MB and refers to data traffic...
  • Page 153 Extended Authentication (XAuth), an extension to the Internet Key Exchange (IKE) protocol. The Xauth extension provides dual authentication for a remote user’s Motorola Netopia® Gateway to establish a VPN, autho- rizing network access to the user’s central office. IKE establishes the tun- nel, and Xauth authenticates the specific remote user's Gateway.
  • Page 154: Stateful Inspection

    Administrator’s Handbook Link: Stateful Inspection All computer operating systems are vulnerable to attack from outside sources, typically at the operating system or Internet Protocol (IP) layers. Stateful Inspection firewalls intercept and analyze incoming data packets to determine whether they should be admitted to your private LAN, based on multiple criteria, or blocked.
  • Page 155: Exposed Addresses

    • DoS Detect: If you check this checkbox, the Gateway will monitor packets for Denial of Service attacks. • Exposed Addresses: The hosts specified in Exposed Addresses will be allowed to receive inbound traf- fic even if there is no corresponding outbound traffic. This is active only if NAT is disabled on a WAN interface.
  • Page 156 Administrator’s Handbook You can add more exposed addresses by clicking the viously configured exposed addresses appears. Click the button to add a new range of exposed addresses. You can edit a previously configured range by clicking the Delete button. All configuration changes will trigger the Alert Icon. This allows you to validate the configuration and reboot the Gateway.
  • Page 157: Stateful Inspection Options

    Stateful Inspection Options Stateful Inspection Parameters are active on a WAN interface only if you enable them on your Gateway. • Stateful Inspection: To enable stateful inspection on this WAN interface, check the checkbox. • Default Mapping to Router: This is disabled by default. This option will allow the router to respond to traffic received on this interface, for example, ICMP Echo requests.
  • Page 158: Firewall Tutorial

    Administrator’s Handbook Firewall Tutorial General firewall terms ☛ Note: Breakwater Basic Firewall (see use of the packet filter support and can be used in addition to filtersets Filter rule: A filter set is comprised of individual filter rules. Filter set: A grouping of individual filter rules. Firewall: A component or set of components that restrict access between a protected network and the Internet, or between two networks.
  • Page 159: Firewall Design Rules

    UDP: User Datagram Protocol. Unlike TCP, UDP does not guarantee reliable, sequenced packet delivery. If data does not reach its destination, UDP does not retransmit the data. RFC 768 is the specification for UDP. There are many more ports defined in the Assigned Addresses RFC. The table that follows shows some of these port assignments.
  • Page 160: Implied Rules

    N+N+N=Y Y+N+Y=N Example filter set page This is an example of the Motorola Netopia® filter set page: Meaning If all filter rules are YES, the implied rule is NO. If all filter rules are NO, the implied rule is YES.
  • Page 161: Filter Basics

    Filter basics In the source or destination IP address fields, the IP address that is entered must be the network address of the subnet. A host address can be entered, but the applied subnet mask must be 32 bits (255.255.255.255). Netopia Embedded Software Version 7.7.4 has the ability to compare source and destination TCP or UDP ports.
  • Page 162: Example 2

    Administrator’s Handbook This incoming IP packet has a source IP address that matches the network address in the Source IP Address field in Netopia Embedded Software Version 7.7.4. This will not forward this packet. Example 2 Filter Rule: 200.1.1.0 255.255.255.128 Forward = No Incoming packet has the source address of 200.1.1.184.
  • Page 163: Packet Filter

    WARNING: Before attempting to configure filters and filter sets, please read and understand this entire section thoroughly. Motorola Netopia® Gateways incorporating NAT have advanced security features built in. Improperly adding filters and filter sets increases the possibility of loss of communication with the Gateway and the Internet.
  • Page 164: How Filter Sets Work

    Administrator’s Handbook How filter sets work A filter set acts like a team of customs inspectors. Each filter is an inspector through which incoming and outgoing packages must pass. The inspectors work as a team, but each inspects every package individu- ally.
  • Page 165: How Individual Filters Work

    How individual filters work As described above, a filter applies criteria to an IP packet and then takes one of three actions: • Forwards the packet to the local or remote network • Blocks (discards) the packet • Ignores the packet A filter forwards or blocks a packet only if it finds a match after applying its criteria.
  • Page 166: Port Number Comparisons

    Administrator’s Handbook By matching on a port number, a filter can be applied to selected TCP or UDP services, such as Telnet, FTP, and World Wide Web. The following tables show a few common services and their associated port numbers: Internet service Telnet SMTP (mail)
  • Page 167: Putting The Parts Together

    Putting the parts together When you display a filter set, its filters are displayed as rows in a table: The table’s columns correspond to each filter’s attributes: • #: The filter’s priority in the set. Filter number 1, with the highest priority, is first in the table. •...
  • Page 168 Administrator’s Handbook • The host 199.211.211.17 is the source of the Telnet packets you want to block, while the destination address is any IP address. How these IP addresses are masked determines what the final match will be, although the mask is not displayed in the table that displays the filter sets (you set it when you create the filter).
  • Page 169: Filtering Example #2

    Filtering example #2 Suppose a filter is configured to block all incoming IP packets with the source IP address of 200.233.14.0, regardless of the type of connection or its destination. The filter would look like this: This filter blocks any packets coming from a remote network with the IP network address 200.233.14.0. The 0 at the end of the address signifies any host on the class C IP network 200.233.14.0.
  • Page 170: An Approach To Using Filters

    Administrator’s Handbook An approach to using filters The ultimate goal of network security is to prevent unauthorized access to the network without compromis- ing authorized access. Using filter sets is part of reaching that goal. Each filter set you design will be based on one of the following approaches: •...
  • Page 171: Example Filter Set

    Working with IP Filters and Filter Sets To work with filters and filter sets, begin by accessing the filter set pages. ☛ NOTE: Make sure you understand how filters work before attempting to use them. Read the section “Packet Filter” on page The procedure for creating and maintaining filter sets is as follows: Add a new filter set.
  • Page 172: Adding Filters To A Filter Set

    To add a filter, select the Filter Set Name to which you will add a filter, and click the “Associating a Filter Set with an Interface” on page packet input filter packet output filter The Motorola Netopia® Router Source means Destination means The remote network The local network The local network The remote network 176.
  • Page 173 The Filter Set page appears. ☛ Note: There are two section, you’ll learn how to add an input filter to a filter set. Adding an output filter works exactly the same way, providing you keep the different source and destination perspectives in mind.
  • Page 174 Administrator’s Handbook To add a filter, click the The Input Rule Entry page appears. If you want the filter to forward packets that match its criteria to the destination IP Forward address, check the If Forward is unchecked, packets matching the filter’s criteria will be discarded. Enter the Source IP address this filter will match on.
  • Page 175: Viewing Filters

    When you are finished configuring the filter, click the the filter set. Viewing filters To display the table of input or output filters, select the Filter Set Name in the Filter Set page and click the Edit button. The table of filters in the filtersets appears. Modifying filters To modify a filter, select a filter from the table and click the parameters in this page are set in the same way as the ones in the original Rule Entry page (see...
  • Page 176: Associating A Filter Set With An Interface

    Administrator’s Handbook Associating a Filter Set with an Interface Once you have created a filter set, you must associate it with an interface in order for it to be effective. Depending on its application, you can associate it with either the WAN (usually the Internet) interface or the LAN.
  • Page 177: Policy-Based Routing Using Filtersets

    Policy-based Routing using Filtersets Netopia Embedded Software Version 7.7.4 offers the ability to route IP packets using criteria other than the destination IP address. This is called policy-based routing. You specify the routing criteria and routing information by using IP filtersets to determine the forwarding action of a particular filter.
  • Page 178 IP address of the Gateway itself. Example: You want packets with the TOS low latency bit to go through VC 2 (via gateway 127.0.0.3 – the Motorola Netopia® Gateway will use 127.0.0.x, where x is the WAN port + 1) instead of your normal gateway.
  • Page 179: Security Log

    When a new security event is detected, you will see the The Security Alert remains until you view the information. Clicking the Alert button will take you directly to a page showing the log. page 187 for information concerning installing Motorola Neto- Alert button.
  • Page 180 Administrator’s Handbook Your Netopia Gateway has detected and successfully blocked an event that could have Please refer to your customer documentation for a description of the logged event. Number of security log entries Security alert type Protocol type IP source address Time at last attempt Number of ports that were scanned : Highest port...
  • Page 181: Timestamp Background

    The security log is empty. Timestamp Background During bootup, to provide better log information and to support improved troubleshooting, a Motorola Neto- pia® Gateway acquires the National Institute of Standards and Technology (NIST) Universal Coordinated Time (UTC) reference signal, and then adjusts it for your local time zone.
  • Page 182: Install

    Administrator’s Handbook Install Button: Install From the Install toolbar button you can Install new Operating System Software and Feature Keys as updates become available. On selected models, you can install a Secure Sockets Layer (SSL V3.0) certificate from a trusted Certifica- Install Cer- tion Authority (CA) for authentication purposes.
  • Page 183: Install Software

    Install Operating System Software page. For this process, the com- puter you are using to connect to the Motorola Netopia® Gateway must be on the same local area network as the Motorola Netopia® Gateway.
  • Page 184: Step 2: Motorola Netopia® Firmware Image File

    Administrator’s Handbook When you download your firmware upgrade from the Motorola Netopia® website, be sure to download the latest User Guide PDF files. These are also posted on the Motorola Netopia® website in the Documentation Center. Confirm Motorola Netopia® Firmware Image Files The Motorola Netopia®...
  • Page 185 Your Motorola Netopia® Gateway restarts with its new image. Verify the Motorola Netopia® Firmware Release To verify that the Motorola Netopia® firmware image has loaded successfully, use the following steps: Open a web connection to your Motorola Netopia® Gateway from the computer on your...
  • Page 186 Administrator’s Handbook Verify your Motorola Netopia® firmware release, as shown on the Home Page. This completes the upgrade process.
  • Page 187: Install Key

    Use Motorola Netopia® Software Feature Keys Motorola Netopia® Gateway users obtain advanced product functionality by installing a software feature key. This concept utilizes a specially constructed and distributed keycode (referred to as a feature key) to enable additional capability within the unit.
  • Page 188 Administrator’s Handbook Click the Install Key button. Click the Restart toolbar button. The Confirmation screen appears.
  • Page 189: To Check Your Installed Features

    Click the Restart the Gateway To check your installed features: Click the Install toolbar button. Click the list of features The System Status page appears with the information from the features link displayed below. You can check that the feature you just installed is enabled. link to confirm.
  • Page 190: Install Certificate

    Administrator’s Handbook Link: Install Certificate Secure Sockets Layer (SSL) is a protocol for transmitting private information over the Internet. SSL uses two keys to encrypt data: a public key known to everyone and a private or secret key known only to the recipient of the message.
  • Page 191 The Install Certificate page appears. Browse to the location where you have saved your certificate and select the file, or type the full path. Click the Install Certificate Restart your Gateway. button.
  • Page 192 Administrator’s Handbook...
  • Page 193: Chapter 4 Basic Troubleshooting

    CHAPTER 4 Basic Troubleshooting This section gives some simple suggestions for troubleshooting problems with your Gateway’s initial config- uration. Before troubleshooting, make sure you have • read the Quickstart Guide; • plugged in all the necessary cables; and • set your PC’s TCP/IP controls to obtain an IP address automatically.
  • Page 194: Status Indicator Lights

    Administrator’s Handbook Status Indicator Lights The first step in troubleshooting is to check the status indicator lights (LEDs) in the order outlined below. Motorola Netopia® Gateway 2210 status indicator lights Power Power Ethernet Internet Ethernet Internet Action Green when power is on.
  • Page 195 Motorola Netopia® Gateway 2240N/2241N status indicator lights Power Ethernet Green when power is on. Power when new embedded software is being installed. Solid green Ethernet the LAN. Solid green the LAN. (Model 2241N only) Solid green when training. Solid green Internet activity on the WAN port.
  • Page 196 Administrator’s Handbook Motorola Netopia® Gateway 2246N status indicator lights Power Power Ethernet 1, 2, 3, 4 Internet Ethernet 1, 2, 3, 4 Action Green when power is on. if device malfunctions. Flashes when new embedded software is being installed. Solid green when connected.
  • Page 197 Motorola Netopia® Gateway 2247NWG status indicator lights Power Ethernet 1, 2, 3, 4 Green when power is on. Power when new embedded software is being installed. Solid green Ethernet 1, 2, 3, 4 the LAN. Flashes Wireless fails to initialize, or if wireless is disabled.
  • Page 198 Administrator’s Handbook Motorola Netopia® Gateway 3340(N), 3341(N), 3351(N) status indicator lights Ethernet Link Ethernet Traffic Ethernet Link Ethernet Traffic DSL Traffic DSL Sync USB Active (Model 3341N only) PPPoE Active (Model 3340N only) Power DSL Traffic DSL Sync Action Solid green when connected.
  • Page 199 Motorola Netopia® Gateway 3342/3342N, 3352/3352N status indicator lights USB: Solid green otherwise, not lit ☛ Special patterns: • Both LEDs are off during boot (power on boot or warm reboot). • When the 3342/3352 successfully boots up, both LEDs flash green once.
  • Page 200 Administrator’s Handbook Motorola Netopia® Gateway 3346(N), 3356(N) status indicator lights Power DSL Sync LAN 1, 2, 3, 4 LAN 1, 2, 3, 4 DSL Sync Action Green when power is on. if device malfunctions. Flashes when new embedded software is being installed.
  • Page 201 Motorola Netopia® Gateway 3347W, 3347(N)WG status indicator lights Wireless Link Green when power is on. Power when new embedded software is being installed. Solid green DSL Sync when training. Flashes Solid green Ethernet 1, 2, 3, 4 the LAN. Flashes Wireless Link fails to initialize, or if wireless is disabled.
  • Page 202 Administrator’s Handbook Motorola Netopia® Gateway MiAVo status indicator lights Power (DSL 1 & 2: ADSL2+ models only) Ethernet 1, 2, 3, 4 Wireless Wireless Ethernet 1, 2, 3, 4 Action Green when power is on. if device malfunctions. Flashes when new embedded software is being installed.
  • Page 203 Motorola Netopia® Gateway 7346/56-series MiAVo status indicator lights Green when power is on. Power when new embedded software is being installed. Solid green Ethernet 1, 2, 3, 4 the LAN. Solid green when training. Flashes Power Ethernet 1, 2, 3, 4 Action if device malfunctions.
  • Page 204: Led Function Summary Matrix

    Make sure the DSL cable is plugged into the correct wall jack. Unlit Make sure the DSL cable is plugged into the DSL port on the 2200-, 3300- or 7000-series Sync DSL Gateway. Make sure the DSL line has been activated at the central office DSLAM.
  • Page 205 Make sure the PC is configured to access the Internet over a LAN. Disable any installed network devices (Ethernet, HomePNA, wireless) that are not being used to connect to the 2200-, 3300- or 7000-series DSL Gateway. Note: USB Active light is inactive if only using Ethernet.
  • Page 206: Factory Reset Switch

    Keep in mind that all of your settings will need to be reconfigured. If you don't have a password, the only way to access the Motorola Netopia® Gateway is the following: Referring to the following diagram, find the round Reset Switch opening.
  • Page 207: Chapter 5 Advanced Troubleshooting

    CHAPTER 5 Advanced Troubleshooting Advanced Troubleshooting can be accessed from the Gateway’s Web UI. Point your browser to http://192.168.1.254 . The main page displays the device status. (If this does not make the Web UI appear, then do a release and renew in Windows networking to see what the Gateway address really is.)
  • Page 208: Home Page

    Administrator’s Handbook Home Page The home page displays basic information about the Gateway. This includes the ISP Username, Connection Status, Device Address, Remote Gateway Address, DNS-1, and DNS-2. If you are not able to connect to the Internet, verify the following: Item Local WAN IP Address Remote Gateway...
  • Page 209 Item Device Gateway This is the negotiated address of the remote router. Make sure this is a valid address. If this is not the correct address, go to Expert Mode and verify the address has not been manually assigned. Primary DNS/ These are the negotiated DNS addresses.
  • Page 210: Expert Mode

    Administrator’s Handbook Button: Troubleshoot Expert Mode Expert Mode has advanced troubleshooting tools that are used to pinpoint the exact source of a problem. Clicking the Troubleshoot tab displays a page with links to System Status, Network Tools, and Diagnostics. • System Status: Displays an overall view of the system and its condition.
  • Page 211: System Status

    Link: System Status In the system status screen, there are several utilities that are useful for troubleshooting. Some examples are given in the following pages.
  • Page 212: Ports: Ethernet

    Administrator’s Handbook Link: Ports: Ethernet The Ethernet port selection shows the traffic sent and received on the Ethernet interface. There should be frames and bytes on both the upstream and downstream sides. If there are not, this could indicate a bad Ethernet cable or no Ethernet connection.
  • Page 213: Ports: Dsl

    Link: Ports: DSL The DSL port selection shows the state of the DSL line, whether it is up or down and how many times the Gateway attempted to train. The state should indicate ‘up’ for a working configuration. If it is not, check the DSL cable and make sure it is plugged in correctly and not connected to a micro filter.
  • Page 214: Ip Interfaces

    Administrator’s Handbook Link: IP: Interfaces The IP interfaces selection shows the state and configuration information for your IP LAN and WAN inter- faces. Below is an example: IP interfaces: Ethernet 100BT: ( up broadcast default rip-send v1 rip-receive v1 ) inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 physical address 00-16-cb-39-a9-78 mtu 1500 PPP over Ethernet vcc1: ( up address-mapping broadcast default admin-disabled...
  • Page 215: Dsl: Circuit Configuration

    Link: DSL: Circuit Configuration The DSL Circuit Configuration screen shows the traffic sent and received over the DSL line as well as the trained rate (upstream and downstream) and the VPI/VCI. Verify traffic is being sent over the DSL line. If not, check the cabling and make sure the Gateway is not connected to a micro filter.
  • Page 216: System Log: Entire

    Administrator’s Handbook Link: System Log: Entire The system log shows the state of the WAN connection as well as the PPPoE session. Verify that the PPPoE session has been correctly established and there are no failures. If there are error messages, go to the WAN configuration and verify the settings.
  • Page 217: Diagnostics

    Link: Diagnostics The diagnostics section tests a number of different things at the same time, including the DSL line, the Ethernet interface and the PPPoE session. ==== Checking LAN Interfaces Check Ethernet LAN connect Check IP connect to Ethernet (LAN) Pinging Gateway Check MAC-Bridge connect to Ethernet ==== Checking DSL (WAN) Interfaces...
  • Page 218: Network Tools

    Administrator’s Handbook Link: Network Tools Three test tools are available from this page. • NSLookup - converts a domain name to its IP address and vice versa. Ping - tests the “reachability” of a particular network destination by sending an ICMP echo request and •...
  • Page 219 ping www.grosso.com Pinging 192.150.14.120 from local address 143.137.199.8 (timer gran. 100 ms)... Ping size: 100 Ping count: 5 ICMP echo reply from 192.150.14.120, 200 ms ICMP echo reply from 192.150.14.120, 100 ms No ping response. ICMP echo reply from 192.150.14.120, 100 ms ICMP echo reply from 192.150.14.120, 100 ms --- 192.150.14.120 ping statistics --- 5 packets transmitted, 4 packets received, 20% packet loss...
  • Page 220 Administrator’s Handbook Below are some specific tests: Action From the Gateway's Network Tools page: Ping the internet default gateway IP address Ping an internet site by IP address Ping an internet site by name From a LAN PC: Ping the Gateway’s LAN IP address Ping the Gateway’s WAN IP address Ping the Gateway’s internet default gateway IP address...
  • Page 221 Example: Show the path to the grosso.com site. traceroute www.grosso.com Traceroute to 192.150.14.120 from address 143.137.199.8 (timer gran. 100 ms)... 30 hops max, 56 byte packets 1 143.137.199.254 100 ms 100 ms 0 ms 2 143.137.50.254 100 ms 0 ms 0 ms 3 143.137.137.254 100 ms 0 ms 100 ms 4 141.154.96.161 0 ms 0 ms 100 ms 5 141.154.8.13 0 ms 100 ms 0 ms...
  • Page 222 Administrator’s Handbook...
  • Page 223: Chapter 6 Command Line Interface

    The Motorola Netopia® Gateway operating software includes a command line interface (CLI) that lets you access your Motorola Netopia® Gateway over a telnet connection. You can use the command line interface to enter and update the unit’s configuration settings, monitor its performance, and restart it.
  • Page 224: Overview

    Administrator’s Handbook Overview The CLI has two major command modes: SHELL and CONFIG. Summary tables that list the commands are provided below. Details of the entire command set follow in this section. Command atmping clear clear_certificate clear_log configure diagnose download etheroam exit help...
  • Page 225 CONFIG Commands Command Verbs delete Delete configuration list data help Help command option save Save configuration data script Print configuration data Set configuration data validate Validate configuration settings view View configuration data Keywords ATA remote config options ATM options (DSL only) backup Backup gateway options bridge...
  • Page 226: Starting And Ending A Cli Session

    NCSA Telnet. telnet <ip_address> You must know the IP address of the Motorola Netopia® Gateway before you can make a telnet connection to it. By default, your Motorola Netopia® Gateway uses 192.168.1.254 as the IP address for its LAN inter- face.
  • Page 227: About Shell Commands

    SHELL Prompt When you are in SHELL mode, the CLI prompt is the name of the Motorola Netopia® Gateway followed by a right angle bracket (>). For example, if you open a CLI connection to the Motorola Netopia® Gateway named “Netopia-3000/9437188,”...
  • Page 228: Shell Commands

    Runs a diagnostic utility to conduct a series of internal checks and loopback tests to verify network connec- tivity over each interface on your Motorola Netopia® Gateway. The console displays the results of each test as the diagnostic utility runs. If one test is dependent on another, the diagnostic utility indents its entry in the console window.
  • Page 229 Adds the message in the message_string argument to the Motorola Netopia® Gateway diagnostic log. loglevel [ level ] Displays or modifies the types of log messages you want the Motorola Netopia® Gateway to record. If you enter the loglevel command without the optional level argument, the command line interface dis- plays the current log level setting.
  • Page 230 The ip_address argument is the IP address, in dotted decimal notation, of the device for which you want DNS information. ping [-s size ] [-c count ]{ hostname | ip_address } Causes the Motorola Netopia® Gateway to issue a series of ICMP Echo requests for the device with the specified name or IP address. •...
  • Page 231: Reset Log

    Restarts the heartbeat sequence. reset ipmap Clears the IPMap table (NAT). reset log Rewinds the diagnostic log display to the top of the existing Motorola Netopia® Gateway diagnostic log. The reset log command does not clear the diagnostic log. The next show log command will display infor- mation from the beginning of the log file.
  • Page 232 [ seconds ] Restarts your Motorola Netopia® Gateway. If you include the optional seconds argument, your Motorola Netopia® Gateway will restart when the specified number of seconds have elapsed. You must enter the complete restart command to initiate a restart.
  • Page 233 Displays the most recent crash information, if any, for your Motorola Netopia® Gateway. show dhcp agent Displays DHCP relay-agent leases. show dhcp server leases Displays the DHCP leases stored in RAM by your Motorola Netopia® Gateway. show diffserv Displays the Differentiated Services and QoS values configured in the Motorola Netopia®...
  • Page 234 Displays the IGMP Snooping Table. See detailed explanation. show ip arp Displays the Ethernet address resolution table stored in your Motorola Netopia® Gateway. show ip igmp Displays the contents of the IGMP Group Address table and the IGMP Report table maintained by your Motorola Netopia®...
  • Page 235 Displays IPMap table (NAT). show log Displays blocks of information from the Motorola Netopia® Gateway diagnostic log. To see the entire log, you can repeat the show log command or you can enter show log all.
  • Page 236 Displays the current status of a Motorola Netopia® Gateway, the device's hardware and software revision levels, a summary of errors encountered, and the length of time the Motorola Netopia® Gateway has been running since it was last restarted. Identical to the show summary Displays a summary of WAN, LAN, and Gateway information.
  • Page 237 SumPort : 00000000-00000000 ==== segment 8 port masks ==== PortPort : 00000000-00000000 GlobalPort : 00000000-00000000 SumPort : 00000000-00000000 ==== segment 9 port masks ==== PortPort : 00000000-00000000 GlobalPort : 00000000-00000000 SumPort : 00000000-00000000 ==== segment 10 port masks ==== PortPort : 00000000-00000000 GlobalPort : 00000000-00000000 SumPort...
  • Page 238 Protocol) server. The TFTP server must be accessible on your Ethernet network. The server_address argument identifies the IP address of the TFTP server on which you want to store the Motorola Netopia® Gateway settings. The filename argument identifies the path and name of the configuration file on the TFTP server.
  • Page 239: Wan Commands

    Use the end-to-end argument to ping a remote end node. reset dhcp client release [ vcc-id ] Releases the DHCP lease the Motorola Netopia® Gateway is currently using to acquire the IP settings for vcc-id the specified DSL port. The map to the VCC in use.
  • Page 240: About Config Commands

    CONFIG Mode Prompt When you are in CONFIG mode, the CLI prompt consists of the name of the Motorola Netopia® Gateway fol- lowed by your current node in the hierarchy and two right angle brackets (>>). For example, when you enter config...
  • Page 241: Entering Commands In Config Mode

    Enter IP addresses in dotted decimal notation (0 to 255). If a command is ambiguous or miskeyed, the CLI prompts you to enter additional information. For example, you must specify which virtual circuit you are configuring when you are setting up a Motorola Netopia® Gateway.
  • Page 242: Displaying Current Gateway Settings

    Step Mode: A CLI Configuration Technique The Motorola Netopia® Gateway command line interface includes a step mode to automate the process of entering configuration settings. When you use the CONFIG step mode, the command line interface prompts you for all required and optional information.
  • Page 243: Config Commands

    Gateway compares the MAC address of the ATA with one of the existing profiles stored in the database. If there is a match, the configuration is downloaded to the Motorola Netopia® ATA, and the ATA is restarted. Once the Motorola Netopia® ATA is restarted, it comes up with the newly downloaded configuration.
  • Page 244 Administrator’s Handbook set ata profile [ 0... 3 ] ata-static-wan-gateway ip_addr Specifies a static gateway WAN IP address for the specified profile. set ata profile [ 0... 3 ] ata-proxy-server ip_addr Specifies a SIP proxy server hostname or IP address for the specified profile. set ata profile [ 0...
  • Page 245: Dsl Commands

    [vcc n ] option {on | off } Selects the virtual circuit for which further parameters are set. Up to eight VCCs are supported; the maxi- mum number is dependent on your Motorola Netopia® Operating System tier and the capabilities that your Service Provider offers.
  • Page 246: Bridging Settings

    Bridging lets the Motorola Netopia® Gateway use MAC (Ethernet hardware) addresses to forward non-TCP/ IP traffic from one network to another. When bridging is enabled, the Motorola Netopia® Gateway maintains a table of up to 512 MAC addresses. Entries that are not used within 30 seconds are dropped. If the bridg- ing table fills up, the oldest table entries are dropped to make room for new entries.
  • Page 247: Common Commands

    Common Commands set bridge sys-bridge {on | off } Enables or disables bridging services in the Motorola Netopia® Gateway. You must enable bridging ser- vices within the Motorola Netopia® Gateway before you can enable bridging for a specific interface. set bridge concurrent-bridging-routing {on | off } Enables or disables Concurrent Bridging/Routing.
  • Page 248: Dhcp Settings

    Enables or disables DHCP services in the Motorola Netopia® Gateway. You must enable DHCP services before you can enter other DHCP settings for the Motorola Netopia® Gateway. If you turn off DHCP services and save the new configuration, the Motorola Netopia® Gateway clears its DHCP settings.
  • Page 249: Dhcp Generic Options

    set dhcp range [ 2... 8 ] start-address ip_address Specifies the starting IP address of DHCP range n when subnet n option is on. See on page 262. set dhcp range [ 2... 8 ] end-address ip_address Specifies the ending IP address of DHCP range n when subnet n option is on. See on page 262.
  • Page 250 Administrator’s Handbook Option Data Format Unsigned 1 byte integer Unsigned 4 byte integer Unsigned 2 byte integer list Unsigned 2 byte integer Flag IP address 29 - 31 Flag IP address IP address and mask list Flag Unsigned 4 byte integer Flag Unsigned 1 byte integer Unsigned 4 byte integer...
  • Page 251 Option Data Format Pascal string list (length byte + data) 78 - 79 Complex Empty Complex Sub-option list Complex Undefined IP address list 86 - 87 Unicode String Encoded DN list IP address list Complex 91 - 97 Undefined/Weakly defined String (up to 100 characters) 99 - 115 Undefined/Weakly defined...
  • Page 252: Dhcp Option Filtering

    Administrator’s Handbook DHCP Option Filtering Beginning with Firmware Version 7.7, support for DHCP option filtering is provided via the filterset settings. set dhcp filterset name " string " rule n type [ dhcp-option | hw-address | requested-option ] Specifies a DHCP filterset named string as one of three possible types: The rule can either specify an option and option contents, dhcp-option;...
  • Page 253: Example

    set dhcp filterset name " string " rule n match-pool ip_address Specifies the start IP address of the range within a DHCP pool where that range will be used to allocate an address if the wildcard matches. The value 0.0.0.0 means regular processing; 255.255.255.255 means discard. set dhcp filterset name "...
  • Page 254: Dmt Settings

    ☛ NOTE: Some dmt type settings are now supported for many Annex B (335xN) platforms. 2200 Series and 33xxN Series models are supported. Currently, adsl2anxm and adsl2+anxm are not sup- ported in Annex B. set dmt autoConfig [ off | on ] Enables support for automatic VPI/VCI detection and configuration.
  • Page 255: Domain Name System Settings

    Domain Name System Settings Domain Name System (DNS) is an information service for TCP/IP networks that uses a hierarchical naming system to identify network domains and the hosts associated with them. You can identify a primary DNS server and one secondary server. Common Commands set dns domain-name domain-name Specifies the default domain name for your network.
  • Page 256: Dynamic Dns Settings

    Administrator’s Handbook Dynamic DNS Settings Dynamic DNS support allows you to use the free services of www.dyndns.org. Dynamic DNS automatically directs any public Internet request for your computer's name to your current dynamically-assigned IP address. This allows you to get to the IP address assigned to your Gateway, even though your actual IP address may change as a result of a PPPoE connection to the Internet.
  • Page 257: Igmp Settings

    You can set the following options: • IGMP Snooping – enables the Motorola Netopia® Gateway to “listen in” to IGMP traffic. The Gateway discovers multicast group membership for the purpose of restricting multicast transmissions to only those ports which have requested them. This helps to reduce overall network traffic from streaming media and other bandwidth-intensive IP multicast applications.
  • Page 258 Administrator’s Handbook determines that only a single wireless client is interested in the stream, it will once again unicast the stream. set igmp snooping [ off | on ] Enables IGMP Snooping. set igmp robustness value Sets IGMP robustness range: from 2 – 255. The default is 2. set igmp query-intvl value Sets the query-interval range: from 10 seconds –...
  • Page 259: Ip Settings

    Enables or disables TCP/IP services in the Motorola Netopia® Gateway. You must enable TCP/IP services before you can enter other TCP/IP settings for the Motorola Netopia® Gateway. If you turn off TCP/IP ser- vices and save the new configuration, the Motorola Netopia® Gateway clears its TCP/IP settings.
  • Page 260 { on | off } Specifies whether you want the Motorola Netopia® Gateway to identify the source IP address of every IGMP packet transmitted from this interface as 0.0.0.0 when mcast-fwd is set to on. This complies with the requirements of TR-101, and removes the need for a publicly advertised IP address on the WAN interface.
  • Page 261: Ethernet Lan Settings

    A address ip_address Assigns an IP address to the Motorola Netopia® Gateway on the local area network. The IP address you assign to the local Ethernet interface must be unique on your network. By default, the Motorola Netopia®...
  • Page 262: Additional Subnets

    255.255.255.0 (Class C subnet mask). set ip ethernet A restrictions { none | admin-disabled } Specifies whether an administrator can open a telnet connection to a Motorola Netopia® Gateway over an Ethernet interface (A = the LAN) to monitor and configure the unit.
  • Page 263: Default Ip Gateway Settings

    Assigns an IP address to the virtual PPP interface. If you specify an IP address other than 0.0.0.0, your Motorola Netopia® Gateway will not negotiate its IP address with the remote peer. If the remote peer does not accept the IP address specified in the ip_address argument as valid, the link will not come up.
  • Page 264 Specifies the IP address of the peer on the other end of the PPP link. If you specify an IP address other than 0.0.0.0, your Motorola Netopia® Gateway will not negotiate the remote peer's IP address. If the remote peer does not accept the address in the ip_address argument as its IP address (typically because it has been configured with another IP address), the link will not come up.
  • Page 265 [ on | off ] Specifies whether you want the Motorola Netopia® Gateway to identify the source IP address of every IGMP packet transmitted from this interface as 0.0.0.0 when mcast-fwd is set to on. This complies with the requirements of TR-101, and removes the need for a publicly advertised IP address on the WAN interface.
  • Page 266: Static Arp Settings

    ARP table entries do not time out. You can configure as many as 16 static ARP table entries for a Motorola Netopia® Gateway. Use the follow- ing commands to add static ARP entries to the Motorola Netopia® Gateway static ARP table:...
  • Page 267: Differentiated Services (Diffserv)

    Differentiated Services (DiffServ) set diffserv option [ off | on ] Turns the DiffServ option off (default) or on. on enables the service and IP TOS bits are used, even if no flows are defined. Consequently, if the end-point nodes provide TOS settings from an application that can be interpreted as one of the supported states, the Gateway will handle it as if it actively marked the TOS field itself.
  • Page 268 Administrator’s Handbook set diffserv custom-flows name name protocol [ TCP | UDP | ICMP | other ] direction [ outbound | inbound | both ] start-port [ 0 - 65535 ] end-port [ 0 - 65535 ] inside-ip inside-ip-addr inside-ip-mask inside-ip-netmask outside-ip outside-ip-addr outside-ip-mask outside-ip-netmask qos [ off | assure | expedite | network-control ]...
  • Page 269: Packet Mapping Configuration

    Packet Mapping Configuration set diffserv qos [ network-control-queue | expedite-queue | assured-queue | best-effort-queue ] queue_name Specifies the Diffserv QoS queue mapping associations. • queue_name - the basic queue name to which classified packets are directed. By default the following mappings are created: set diffserv qos network-control-queue basic_q0 set diffserv qos expedite-queue basic_q1 set diffserv qos assured-queue basic_q2...
  • Page 270 Administrator’s Handbook set diffserv qos dscp-map-20 best-effort set diffserv qos dscp-map-21 best-effort set diffserv qos dscp-map-22 best-effort set diffserv qos dscp-map-23 expedite set diffserv qos dscp-map-24 network-control set diffserv qos dscp-map-25 network-control set diffserv qos dscp-map-26 network-control set diffserv qos dscp-map-27 network-control set diffserv qos dscp-map-28 network-control set diffserv qos dscp-map-29 network-control set diffserv qos dscp-map-30 network-control...
  • Page 271: Queue Configuration

    Queue Configuration Beginning with Firmware Version 7.7.4, the queuing characteristics of all “N” and “-02” model Gateway’s WAN interface can now be configured for: • strict priority queuing (as currently) • weighted fair queuing • rate-limiting funnel ☛ Note: The configuration mechanism is designed to be flexible enough to accommodate complex queuing requirements.
  • Page 272: Basic Queue

    Administrator’s Handbook set queue name queue_name option [ on | off ] type [ basic | wfq | priority | funnel ] Creates a queue named queue_name and assigns a type: • basic – Basic Queue • wfq – Weighted Fair Queue •...
  • Page 273: Weighted Fair Queue

    Weighted Fair Queue set queue name wfq option [ on | off ] set queue name wf_queue_name type wfq set queue name wf_queue_name weight-type [ relative | bps ] set queue name wf_queue_name entry n input input_queue_name set queue name wf_queue_name entry n weight weight set queue name wf_queue_name entry n share-bw [ on | off ] set queue name wf_queue_name entry n default-input queue_name Specifies the attributes of the Weighted Fair Queue named wf_queue_name .
  • Page 274: Priority Queue

    Administrator’s Handbook Priority Queue set queue name priority_queue_name option [ off | on ] set queue name priority_queue_name type priority set queue name priority_queue_name default-input queue_name A priority queue can contain up to 8 input queues. For each input queue, the following is configured: set queue name priority_queue_name entry n input input_queue_name set queue name priority_queue_name entry n priority priority_value...
  • Page 275: Funnel Queue

    Funnel Queue A funnel queue is used to limit the rate of the transmission below the actual line rate: set queue name funnel_queue_name option [ on | off ] set queue name funnel_queue_name type funnel set queue name funnel_queue_name input input_queue_name set queue name funnel_queue_name bps bps Specifies the Funnel Queue named funnel_queue_name attributes.
  • Page 276: Sip Passthrough

    PPP, since an intermittent PPP link may make maintenance of dynamic routes problematic. You can configure as many as 32 static IP routes for a Motorola Netopia® Gateway. Use the following com- mands to maintain static routes to the Motorola Netopia® Gateway routing table:...
  • Page 277: Ipmaps Settings

    Specifies the IP address of the Gateway for the static route. The default Gateway must be located on a net- work connected to the Motorola Netopia® Gateway configured interface. set ip static-routes destination-network net_address metric integer Specifies the metric (hop count) for the static route.
  • Page 278: Network Address Translation (Nat) Default Settings

    By identifying your computer (or another host on your network) as a NAT default server, you can specify that NAT traffic that would otherwise be discarded by the Motorola Netopia® Gateway should be directed to a specific hosts.
  • Page 279: Pppoe /Pppoa Settings

    [ 0 - 65535 ] Specifies the port number your Motorola Netopia® Gateway should use when forwarding traffic of the spec- ified type. Under most circumstances, you would use the same number for the external and internal port.
  • Page 280 [vccn] lcp-echo-requests { on | off } Specifies whether you want your Motorola Netopia® Gateway to send LCP echo requests. You should turn off LCP echoing if you do not want the Motorola Netopia® Gateway to drop a PPP link to a nonresponsive peer.
  • Page 281: Configuring Port Authentication

    For example, if the remote peer requires CHAP authentication and has a name and CHAP secret for the Motorola Netopia® Gateway, you must enable CHAP and specify the same name and secret on the Motorola Netopia® Gateway before the link can be established.
  • Page 282: Pppoe With Ipoe Settings

    Administrator’s Handbook PPPoE with IPoE Settings Ethernet WAN platforms set wan-over-ether pppoe [ on | off ] Enables or disables PPPoE on the Ethernet WAN interface. set wan-over-ether pppoe-with-ipoe [ on | off ] Enables or disables the PPPoE with IPoE support on Ethernet WAN, including VDSL, platforms when pppoe option is set to on.
  • Page 283: Adsl Platforms

    ADSL platforms You must configure two VCCs with the same VPI/VCI to enable concurrent PPPoE and IPoE support, and you will need to configure the individual settings for each interface for proper operation. set atm vcc n encap pppoe-llc Specifies that the VCC will allow a second VCC with the same VPI/VCI values as the first. pppoe-llc denotes this special case.
  • Page 284: 802.3Ah Ethernet Oam Settings

    Ethernet OAM frames. These are exchanged between your Gateway and service provider Access Node (AN) devices for network fault management, performance analysis and fault isolation. All VDSL and Ethernet WAN Motorola Netopia Gateways support Ethernet OAM options. More Ethernet Packet-Transfer-Mode (PTM) enabled xDSL Motorola Netopia Gateways will support 802.3ah Ethernet OAM options in future releases.
  • Page 285: Command Line Interface Preference Settings

    Command Line Interface Preference Settings You can set command line interface preferences to customize your environment. set preference verbose { on | off } Specifies whether you want command help and prompting information displayed. By default, the command line interface verbose preference is turned off. If you turn it on, the command line interface displays help for a node when you navigate to that node.
  • Page 286: Port Renumbering Settings

    Administrator’s Handbook Port Renumbering Settings If you use NAT pinholes to forward HTTP or telnet traffic through your Motorola Netopia® Gateway to an internal host, you must change the port numbers the Motorola Netopia® Gateway uses for its own configu- ration traffic.
  • Page 287: Security Settings

    When connecting the Motorola Netopia® unit in a telecommuting scenario, the corporate VPN settings will dictate the settings to be used in the Motorola Netopia® unit. If a parameter has not been specified from the other end of the tunnel, choose the default unless you fully understand the ramifications of your param- eter choice.
  • Page 288 Administrator’s Handbook set security ipsec tunnels name "123" dest-int-network ip-address Specifies the IP address of the destination computer or internal network. set security ipsec tunnels name "123" dest-int-netmask netmask Specifies the subnet mask of the destination computer or internal network. The subnet mask specifies which bits of the 32-bit IP address represents network information.
  • Page 289 "123" IKE-mode invalid-spi-recovery { off | on } Enables the Gateway to re-establish the tunnel if either the Motorola Netopia® Gateway or the peer gateway is rebooted. set security ipsec tunnels name "123" xauth enable {off | on } Enables or disables Xauth extensions to IPsec, when IKE-mode neg-method is set to aggressive.
  • Page 290 Administrator’s Handbook set security ipsec tunnels name "123" local-id-type { IP-address | Subnet | Hostname | ASCII } Specifies the NAT local ID type for the specified IPsec tunnel, when Aggressive Mode is set. set security ipsec tunnels name "123" local-id id_value Specifies the NAT local ID value as specified in the local-id-type for the specified IPsec tunnel, when Aggressive Mode is set.
  • Page 291: Internet Key Exchange (Ike) Settings

    Internet Key Exchange (IKE) Settings The following four IPsec parameters configure the rekeying event. set security ipsec tunnels name "123" IKE-mode ipsec-soft-mbytes (1000) {1-1000000} set security ipsec tunnels name "123" IKE-mode ipsec-soft-seconds (82800) {60-1000000} set security ipsec tunnels name "123" IKE-mode ipsec-hard-mbytes (1200) {1-1000000} set security ipsec tunnels name "123"...
  • Page 292: Stateful Inspection

    Administrator’s Handbook Stateful Inspection Stateful inspection options are accessed by the security state-insp tag. set security state-insp [ ip-ppp | dsl ] vcc n option [ off | on ] set security state-insp ethernet [ A | B ] option [ off | on ] Sets the stateful inspection option off or on on the specified interface.
  • Page 293: Example

    set security state-insp xposed-addr exposed-address# " n " Allows you to add an entry to the specified list, or, if the list does not exist, creates the list for the stateful inspection feature. xposed-addr settings only apply if NAT is off. Example: set security state-insp xposed-addr exposed-address# (?): 32 32 has been added to the xposed-addr list.
  • Page 294: Packet Filtering Settings

    Administrator’s Handbook Packet Filtering Settings Packet Filtering has two parts: • Create/Edit/Delete Filter Sets, create/edit/delete rules to a Filter Set. • Associate a created Filter Set with a WAN or LAN interface “Packet Filter” on page 163 set security pkt-filter filterset filterset-name [ input_filter | output_filter ] index forward [ on | off ] Creates or edits a filter rule, specifying whether packets will be forwarded or not.
  • Page 295 set security pkt-filter filterset filterset-name [ input_filter | output_filter ] index dest-ip ip_addr Specifies the destination IP address to match packets (where the packet is going). set security pkt-filter filterset filterset-name [ input_filter | output_filter ] index dest-mask mask Specifies the destination IP mask to match packets (where the packet is going). set security pkt-filter filterset filterset-name [ input_filter | output_filter ] index tos value Specifies the TOS (Type Of Service) value to match packets.
  • Page 296: Example

    Administrator’s Handbook set security pkt-filter filterset filterset-name [ input_filter | output_filter ] index dst-compare [ nc | ne | lt | le | eq | gt | ge ] Sets the destination compare operator action for the specified filter rule. dst-compare only displays when the protocol is TCP or UDP.
  • Page 297: Snmp Settings

    Identifies the location, such as the building, floor, or room number, of the Motorola Netopia® Gateway. You can enter up to 255 characters for the location_info argument. You must put the location_info argument in double-quotes if it contains embedded spaces.
  • Page 298: System Settings

    Specifies the name of your Motorola Netopia® Gateway. Each Motorola Netopia® Gateway is assigned a name as part of its factory initialization. The default name for a Motorola Netopia® Gateway consists of the word “Netopia-3000/XXX” where “XXX” is the serial number of the device; for example, Netopia-3000/ 9437188.
  • Page 299 A password can be as many as 8 characters. Passwords are case-sensitive. Passwords go into effect immediately. You do not have to restart the Motorola Netopia® Gateway for the password to take effect. Assigning an administrator or user password to a Motorola Netopia® Gateway does not affect communications through the device.
  • Page 300 Administrator’s Handbook set system heartbeat option { on | off } protocol [ udp | tcp ] port-client [ 1 - 65535 ] ip-server [ ip_address | dns_name ] port-server [ 1 - 65535 ] url-server (" server_name ") number [ 1 – 1073741823 ] interval (00:00:00:20) sleep (00:00:30:00) contact-email ("...
  • Page 301: Syslog

    Zero Touch refers to automatic configuration of your Motorola Netopia® Gateway. The Motorola Netopia® Gateway has default settings such that initial connection to the Internet will succeed. If the zerotouch option is set to on, HTTP requests to any destination IP address except the IP address(es) of the configured redirection URL(s) will access a redirection server.
  • Page 302: Default Syslog Installation Procedure

    Administrator’s Handbook Default syslog installation procedure Access the router via telnet from the private LAN. DHCP server is enabled on the LAN by default. The product’s stateful inspection feature must be enabled in order to examine TCP, UDP and ICMP packets destined for the router or the private hosts. This can be done by entering the CONFIG interface.
  • Page 303: Wireless Settings (Supported Models)

    { off | at-startup | continuous } Specifies the wireless AutoChannel Setting for 802.11G models. AutoChannel is a feature that allows the Motorola Netopia® Gateway to determine the best channel to broadcast automatically. For details, see “Advanced” on page set wireless default-channel { 1...14 }...
  • Page 304 Administrator’s Handbook set wireless multi-ssid {second-ssid | third-ssid | fourth-ssid } name Specifies a descriptive name for each SSID. when multi-ssid option is set to on. set wireless multi-ssid second-ssid-privacy { off | WEP | WPA-PSK | WPA-802.1x } set wireless multi-ssid third-ssid-privacy { off | WEP | WPA-PSK | WPA-802.1x } set wireless multi-ssid fourth-ssid-privacy { off | WEP | WPA-PSK | WPA-802.1x }...
  • Page 305 set wireless multi-ssid second-ssid-wepkey { hexadecimal digits } set wireless multi-ssid third-ssid-wepkey { hexadecimal digits } set wireless multi-ssid fourth-ssid-wepkey { hexadecimal digits } Specifies a WEP key for the multiple SSIDs, when second-, third-, or fourth-ssid-privacy is set to WEP. For 40/64bit encryption, you need 10 digits;...
  • Page 306: Wireless Multi-Media (Wmm) Settings

    Administrator’s Handbook Wireless Multi-media (WMM) Settings Router EDCA Parameters (Enhanced Distributed Channel Access) govern wireless data from your Gate- way to the client; Client EDCA Parameters govern wireless data from the client to your Gateway. set wireless wmm option [ off | on ] Enables or disables wireless multi-media settings option, which allows you to fine tune WiFi Multimedia Quality of Service (QoS) by transmitting data depending on Diffserv priority settings.
  • Page 307 set wireless wmm router-edca background { aifs 1... 255 } set wireless wmm router-edca background { cwmin value } set wireless wmm router-edca background { cwmax value } Sets values for Gateway WMM background parameters. set wireless wmm client-edca voice { aifs 1... 255 } set wireless wmm client-edca voice { cwmin value } set wireless wmm client-edca voice { cwmax value } set wireless wmm client-edca voice { txoplimit 0...
  • Page 308: Wireless Privacy Settings

    Administrator’s Handbook Wireless Privacy Settings set wireless network-id privacy option { off | WEP | WPA-PSK | WPA-802.1x } Specifies the type of privacy enabled on the wireless LAN. off = no privacy; WEP = WEP encryption; WPA- PSK = Wireless Protected Access/Pre-Shared Key; WPA-802.1x = Wireless Protected Access/802.1x authentication.
  • Page 309: Wireless Mac Address Authorization Settings

    set wireless network-id privacy encryption-key1 { hexadecimal digits } set wireless network-id privacy encryption-key2 { hexadecimal digits } set wireless network-id privacy encryption-key3 { hexadecimal digits } set wireless network-id privacy encryption-key4 { hexadecimal digits } The encryption keys. Enter keys using hexadecimal digits. For 40/64bit encryption, you need 10 digits; 26 digits for 128bit, and 58 digits for 256bit WEP.
  • Page 310: Radius Server Settings

    Administrator’s Handbook RADIUS Server Settings set radius radius-name " server_name_string " Specifies the default RADIUS server name or IP address. set radius radius-secret " shared_secret " Specifies the RADIUS secret key used by this server. The shared secret should have the same characteris- tics as a normal password.
  • Page 311: Vlan Settings

    VLAN Settings You can create up to 8 VLANs, and you can also restrict any VLAN, and the computers on it, from adminis- tering the Gateway. See “VLAN” on page 107 for more information. set vlan name name Sets the descriptive name for the VLAN. If no name is specified, displays a selection list of node names to select for editing.
  • Page 312: Example 1

    Administrator’s Handbook 802.1p priority bit field for tagged IP packets transmitted from this port for this VLAN. All mappings between Ethernet 802.1p and IP-TOS are made via diffserv dscp-map settings. set vlan name name ports port port-pbits [ 0 - 7 ] Specifies the 802.1p priority bit for this port associated with the specified VLAN.
  • Page 313: Example 2

    option (off) [ off | on ]: vcc1 option (off) [ off | on ]: • Assign an IP interface: ip-vcc1 option (off) [ off | on ]: ip-eth-a option (off) [ off | on ]: on ipsec-mgmt1 option (off) [ off | on ]: Netopia-3000/9437188 (vlan)>>...
  • Page 314 Administrator’s Handbook set vlan name "Voip_217" ip-interfaces ip-eth-a option off set vlan name "Voip_217" inter-vlan-routing group-1 on set vlan name "Voip_217" inter-vlan-routing group-2 off set vlan name "Voip_217" inter-vlan-routing group-3 off set vlan name "Voip_217" inter-vlan-routing group-4 off set vlan name "PPPoE_11" type global set vlan name "PPPoE_11"...
  • Page 315 set vlan name "Video_31" ports eth1 tag on set vlan name "Video_31" ports eth1 priority off set vlan name "Video_31" ports eth1 promote off set vlan name "Video_31" ports eth1 port-pbits 0 set vlan name "Video_31" ip-interfaces ip-ppp-a option off set vlan name "Video_31"...
  • Page 316: Voip Settings

    Session Initiation Protocol (SIP), to transmit sound over a network or the Internet in the form of data packets. Certain Motorola Netopia® Gateway models have two separate voice ports for connecting tele- phone handsets. These models support VoIP. If your Gateway is a VoIP model, you can configure the VoIP features.
  • Page 317 set voip phone [ 0 | 1 ] sip-user-display-name name Specifies the user name that is displayed on the web UI Home page, or other caller-id displays for the spec- ified phone. set voip phone [ 0 | 1 ] sip-user-name username Specifies the user name that authenticates the user to SIP for the specified phone.
  • Page 318 Administrator’s Handbook set voip phone [ 0 | 1 ] codec G726_40 priority [ 1 | 2 | 3 | 4 | 5 | 6 | 7 | none ] Assigns a priority to the G726-40 codec, a common audio media type implementation at 40 kbit/s. set voip phone [ 0 | 1 ] sip-advanced-setting sip-dtmf-mode [ inband | rfc2833 | info ] sip-dtmf-mode –...
  • Page 319 set voip phone [ 0 | 1 ] sip-advanced-setting call-feature call-waiting-option [ off | on ] call-waiting-option – enables or disables call waiting. set voip phone [ 0 | 1 ] sip-advanced-setting call-feature call-conferencing-option [ off | on ] call-conferencing-option – enables or disables 3-way call conferencing. set voip phone [ 0 | 1 ] sip-advanced-setting call-feature subscribe-do-not-disturb-option [ off | on ] subscribe-do-not-disturb-option –...
  • Page 320: Example

    Administrator’s Handbook set voip phone [ 0 | 1 ] sip-advanced-setting dsp-settings vad-setting [ vad-cn | vad-std-sid | vad-suppress-sid ] When vad-option is set to on: • vad-cn – enables Voice Activity Detection/Comfort Noise Generation. When speech is not present, the CNG algorithm generates a noise signal at the level sent from the transmit side.
  • Page 321: Upnp Settings

    PCs using UPnP can retrieve the Gateway’s WAN IP address, and automatically create NAT port maps. This means that applications that support UPnP, and are used with a UPnP-enabled Motorola Netopia® Gateway, will not need application layer gateway support on the Motorola Netopia® Gateway to work through NAT. The default is on.
  • Page 322: Tr-069

    LAN, whereas the communication in TR-069 is over the WAN link for some features and over the LAN for others. TR-069 allows a remote Auto-Config Server (ACS) to provision and manage the Motorola Netopia® Gateway. TR-069 protects sensitive data on the Gateway by not advertising its presence, and by password protection.
  • Page 323: Backup Ip Gateway Settings

    Backup IP Gateway Settings The purpose of Backup is to provide a recovery mechanism in the event that the primary connection fails. Should the primary WAN connection fail, traffic would be automatically redirected through your alternate gateway device to maintain Internet connectivity. See “Backup”...
  • Page 324 Administrator’s Handbook set ip backup-gateway default ip_address Specifies the ip address of the default gateway.
  • Page 325: Vdsl Settings

    VDSL Settings ☛ CAUTION! These settings are for very advanced users and lab technicians. Exercise extreme caution when modifying any of these settings. set vdsl sys-option [ 0x00 - 0xff ] sys-bandplan [ 0x00 - 0xff ] psd-mask-level [ 0x00 - 0xff ] pbo-k1_1 [ 0x00000000 - 0xffffffff ] pbo-k1_2 [ 0x00000000 - 0xffffffff ] pbo-k1_3 [ 0x00000000 - 0xffffffff ]...
  • Page 326 Administrator’s Handbook VDSL Parameter Defaults Parameter pbo-k2_3 line-type us-max-inter-delay ds-max-inter-delay us-target-noise-margin ds-target-noise-margin min-noise-margin port-bandplan framing-mode band-mod port-option power-mode tx-filter rx-filter dying-gasp Default 0x00 VDSL system power back-off k2_3 0x81 VDSL port line type(auto=0x80, vdsl=0x81, vdsl_etsi=0x82) 0x04 VDSL port upstream max inter delay 0x04 VDSL port downstream max inter delay 0x0C...
  • Page 327: Vdsl Parameters Accepted Values

    VDSL Parameters Accepted Values Parameter sys-option Bit[0]: NTR_DISABLE Bit[1]: ALW_MARGIN_ADJUST. 1: the SNR margin for the optional band is reduced by up to 2.5 dB, but never below a minimum of 4 dB. Bit[2]: SUPPORT_INI Bit[4]: TLAN Enable Bit[5]: PBO Weak mode Enable (Applicable only when PBO Bit[3]=0.
  • Page 328 Administrator’s Handbook VDSL Parameters Accepted Values Parameter psd-mask-level pbo-k1_1 pbo-k1_2 pbo-k1_3 pbo-k2_1 pbo-k2_2 pbo-k2_3 line-type us-max-inter-delay ds-max-inter-delay us-target-noise-margin ds-target-noise-margin min-noise-margin Accepted Values 0x00 -- default mask (old gains from before) 0x01 -- ANSI M1 CAB 0x02 -- ANSI M2 CAB 0x03 -- ETSI M1 CAB 0x04 -- ETSI M2 CAB 0x05 -- ITU-T Annex F (Japan)
  • Page 329 VDSL Parameters Accepted Values Parameter port-bandplan BP1_998_3 BP2_998_3 BP998_3B_8_5M (0x01) BP3_998_4 BP998_4B_12M BP4_997_3 BP997_3B_7_1M (0x03) BP5_997_3 BP6_997_4 BP997_4B_7_1M (0x05) BP7_MXU_3 FLEX_3B_8_5M BP8_MXU_2 BP9_998_2 BP10_998_2 BP998_2B_3_8M (0x09) BP11_998_2 BP12_998_2 BP13_MXU_3 BP14_MXU_3 BP15_MXU_3 BP16_997_4B_4P (0x0F) BP17_998_138_4400 (0x10) BP18_997_138_4400(0x11) BP19_997_32_4400(0x12) BP20_998_138_4400_opBand (0x15) BP21_997_138_4400_opBand (0x16) BP22_998_138_4400_opBand(0x16) BP23_998_138_16000 (0x17) BP24_998_3B_8KHZ...
  • Page 330 Administrator’s Handbook VDSL Parameters Accepted Values Parameter band-mod port-option power-mode tx-filter rx-filter dying-gasp Accepted Values Bit 0, 1: Tx Cfg band 1- All tones on 2- All tones below 640 Khz are turned off 3- All tones below 1.1 Mhz are turned off Bit 2,3: Not used Bit 4,5: Rx Cfg band 1- All tones on...
  • Page 331: Chapter 7 Glossary

    Glossary CHAPTER 7 10Base-T. IEEE 802.3 specification for Ethernet that uses unshielded twisted pair (UTP) wiring with RJ-45 eight-conductor plugs at each end. Runs at 10 Mbps. 100Base-T. IEEE 802.3 specification for Ethernet that uses unshielded twisted pair (UTP) wiring with RJ-45 eight-conductor plugs at each end.
  • Page 332 Administrator’s Handbook asynchronous communication. Network system that allows data to be sent at irregular intervals by pre- ceding each octet with a start bit and following it with a stop bit. Compare synchronous communication. Auth Protocol. Authentication Protocol for IP packet header. The three parameter values are None, Encap- sulating Security Payload (ESP) and Authentication Header (AH).
  • Page 333 compression. Operation performed on a data set that reduces its size to improve storage or transmission rate. CPIP. Carrier Pigeon Internet Protocol. RFC 1149 - Standard for the transmission of IP datagrams on avian carriers. The IP datagram is printed, on a small scroll of paper, in hexadecimal, with each octet separated by whitestuff and blackstuff.
  • Page 334 Administrator’s Handbook domain name. Name identifying an organization on the Internet. Domain names consists of sets of charac- ters separated by periods (dots). The last set of characters identifies the type of organization (.GOV, .COM, .EDU) or geographical location (.US, .SE). domain name server.
  • Page 335 -----F----- FCS. Frame Check Sequence. Data included in frames for error control. flow control. Technique using hardware circuits or control characters to regulate the transmission of data between a computer (or other DTE) and a modem (or other DCE). Typically, the modem has buffers to hold data;...
  • Page 336 Administrator’s Handbook -----I----- IGMP. Internet Group Management Protocol allows a router to determine which host groups have members on a given network segment. IKE. Internet Key Exchange protocol provides automated key management and is a preferred alternative to manual key management as it provides better security. Manual key management is practical in a small, static environment of two or three sites.
  • Page 337 -----M----- magic number. Random number generated by a router and included in packets it sends to other routers. If the router receives a packet with the same magic number it is using, the router sends and receives packets with new random numbers to determine if it is talking to itself. MD5.
  • Page 338 Administrator’s Handbook -----P----- packet. Logical grouping of information that includes a header and data. Compare frame, datagram. PAP. Password Authentication Protocol. Security protocol within the PPP protocol suite that prevents unau- thorized access to network services. See RFC 1334 for PAP specifications. Compare CHAP. parity.
  • Page 339 -----R----- repeater. Device that regenerates and propagates electrical signals between two network segments. Also known as a hub. RFC. Request for Comment. Set of documents that specify the conventions and standards for TCP/IP net- working. RIP. Routing Information Protocol. Protocol responsible for distributing information about available routes and networks from one router to another.
  • Page 340 Administrator’s Handbook Soft MBytes. Setting the Soft MBytes parameter forces the renegotiation of the IPSec Security Associa- tions (SAs) at the configured Soft MByte value. The value can be configured between 1 and 1,000,000 MB and refers to data traffic passed. If this value is not achieved, the Hard MBytes parameter is enforced. Soft Seconds.
  • Page 341 the same levels of Quality of Service, authentication, and service segmentation previously provided by tra- ditional DSL networks. twisted pair. Cable consisting of two copper strands twisted around each other. The twisting provides pro- tection against electromagnetic interference. -----U----- UTP. Unshielded twisted pair cable. -----V----- VDSL.
  • Page 342 Administrator’s Handbook...
  • Page 343: Technical Specifications And Safety Information

    2200-Series Wireless Models: 1.2"(3.0cm) H, 8.7" (22.0 cm) W, 5.2"(13.2cm) L Communications interfaces: The Motorola Netopia® Gateways have an RJ-11 jack for DSL line connections or an RJ-45 jack for cable/DSL modem connections and 1 or 4–port 10/100Base-T Ethernet switch for your LAN connections.
  • Page 344: Management/Configuration Methods

    Regulatory notices European Community. This Motorola Netopia® product conforms to the European Community CE Mark standard for the design and manufacturing of information technology equipment. This standard covers a broad area of product design, including RF emissions and immunity from electrical disturbances.
  • Page 345: United States

    It is the responsibility of users requiring service to report the need for service to our Company or to one of our authorized agents. Service can be obtained at Motorola, Inc., 6001 Shellmound Street, Emeryville, California, 94608.
  • Page 346: Caution

    Administrator’s Handbook Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas. Caution Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate.
  • Page 347: 47 Cfr Part 68 Information

    If this happens the telephone company will provide advance notice in order for you to make necessary modifications to maintain uninterrupted service. g) If trouble is experienced with this equipment, the Motorola Netopia® 2200-, 3300- or 7000-series router, for repair or warranty information, please contact:...
  • Page 348: Electrical Safety Advisory

    If your home has specially wired alarm equipment connected to the telephone line, ensure the installation of this Motorola Netopia® 2200-, 3300- or 7000-series router does not disable your alarm equipment. If you have questions about what will disable alarm equipment, consult your telephone company or qualified installer.
  • Page 349 Original SSLeay License /Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscape’s SSL. This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code;...
  • Page 350 Administrator’s Handbook LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFT- WARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Portions of this software are based in part on the work of the following: Copyright (C) 1990, RSA Data Security, Inc.
  • Page 351: Chapter 9 Overview Of Major Capabilities

    CHAPTER 9 Overview of Major Capabilities The Motorola Netopia® Gateway offers simplified setup and management features as well as advanced broadband router capabilities. The following are some of the main features of the Motorola Netopia® Gate- way: • “Wide Area Network Termination” on page 351 The Gateway combines an ADSL modem with an Internet router.
  • Page 352: Instant-On Ppp

    While an Always On connection is convenient, it does leave your network permanently connected to the Internet, and therefore potentially vulnerable to attacks. Motorola Netopia®'s Instant On technology furnishes almost all the benefits of an Always-On connection while providing two additional security benefits: •...
  • Page 353: Dns Proxy

    Resource Locator) as text to surf to a desired website. The Motorola Netopia® DNS Proxy feature allows the LAN-side IP address of the Gateway to be used for proxying DNS requests from hosts on the LAN to the DNS Servers configured in the gateway. This is accom- plished by having the Gateway's LAN address handed out as the “DNS Server”...
  • Page 354: Security

    LAN sites that communicate through an Internet Service Provider typically enable NAT, since they usually purchase only one IP address from the ISP. When NAT is ON, the Motorola Netopia® Gateway “proxies” for the end computer stations on your net- •...
  • Page 355: Motorola Netopia® Advanced Features For Nat

    When NAT is OFF, a Motorola Netopia® Gateway acts as a traditional TCP/IP router, all LAN computers/ • devices are exposed to the Internet. A diagram of a typical NAT-enabled LAN follows: Internet Ethernet Interface Embedded Admin Services: HTTP-Web Server and Telnet Server Port ☛...
  • Page 356: Pinholes

    Contact your Network Administrator for LAN security questions. IP-Passthrough Motorola Netopia® OS now offers an IP passthrough feature. The IP passthrough feature allows a single PC on the LAN to have the Gateway’s public address assigned to it. It also provides PAT (NAPT) via the same public IP address for all other hosts on the private LAN subnet.
  • Page 357: Vpn Ipsec Pass Through

    VPN IPSec Pass Through This Motorola Netopia® service supports your independent VPN client software in a transparent manner. Motorola Netopia® has implemented an Application Layer Gateway (ALG) to support multiple PCs running IP Security protocols. This feature has three elements: On power up or reset, the address mapping function (NAT) of the Gateway’s WAN con-...
  • Page 358: Stateful Inspection Firewall

    “Install Certificate” on page VLANs Motorola Netopia®'s VGx technology allows a single Motorola Netopia® VGx-enabled broadband gate- way to act as separate virtual gateways, treating each individual service as a single service "channel." The VGx-enabled gateway applies specific policies, routing, and prioritization parameters to each service chan- nel, ensuring delivery of that service to the appropriate peripheral device with the requisite level of QoS and correct feature sets —...
  • Page 359: Index

    Index Symbols !! command Access the GUI Address resolution table Administrative restrictions Administrator password 39, 140, Arguments, CLI Command 228, ATA configuration Authentication Authentication trap auto-channel mode AutoChannel Setting 57, Backup Bridging Broadcast address 259, !! command Arguments Command shortcuts Command truncation Configuration mode Keywords...
  • Page 360 Administrator’s Handbook Community Compression, protocol Concurrent Bridging/Routing 105, CONFIG Command List Configuration mode D. port Default IP address denial of service designing a new filter set DHCP DHCP filtering DHCP lease table DHCP option filtering DHCP/PPPoE/PPPoA Autosensing Diagnostic log 231, Level Diagnostics DNS Proxy...
  • Page 361 filter sets adding defined deleting disadvantages using filtering example #1 filters actions a filter can take adding to a filter set defined deleting input modifying output using 170, viewing firewall Hardware address hijacking Hop count HTTP traffic ICMP Echo IGMP IGMP Snooping 101, Install Install Certificate...
  • Page 362 Administrator’s Handbook LAN Host Discovery Table latency LCP echo request Link Install Software Quickstart 47, 49, Local Area Network Location, SNMP Logging in lost echoes Magic number Memory Metric multi-cast forwarding 260, Multiple SSIDs multiple subnets Multiple Wireless SSIDs Wireless 59, Nameserver NAT 264, 278, Traffic rules...
  • Page 363 persistent-log Ping Ping command Pinholes 278, Planning policy-based routing Port authentication port number comparisons port numbers Port renumbering PPPoE PPPoE with IPoE 71, Primary nameserver Prompt, CLI 227, Protocol compression qos max-burst-size qos peak-cell-rate qos service-class qos sustained-cell-rate quality of service 165, Restart Restart command Restart timer...
  • Page 364 Administrator’s Handbook Set DMT commands Set dns commands Set ip static-routes commands Set ppp module port authentication command Set preference more command Set preference verbose command set security state-insp Set servers command Set servers telnet-tcp command Set snmp sysgroup location command Set snmp traps authentification-traps ip-address command Set system diagnostic-level command Set system heartbeat command...
  • Page 365 System contact, SNMP System diagnostics system idle-timeout Telnet 226, Telnet command Telnet traffic TFTP TFTP server Toolbar TOS bit 165, TraceRoute 218, Trap Trivial File Transfer Protocol Truncation UPnP User name User password 39, 140, set atm View command view config VLAN ID VLAN Settings VLANs...
  • Page 366 Administrator’s Handbook Zero Touch...
  • Page 367 Motorola Netopia® 2200-, 3300- or 7000-series Motorola, Inc. 6001 Shellmound Street Emeryville, CA 94608 August 2, 2007...
  • Page 368 Administrator’s Handbook...