f f f f o o o o r r r r d d d d a a a a t t t t a a a a c c c c o o o o m m m m m m m m u u u u n n n n i i i i c c c c a a a a t t t t i i i i o o o o n n n n

User's Reference Guide

Table of Contents

Troubleshooting

Summary of Contents for Netopia R2020

Page 1 Netopia R2020 Dual Analog Router f f f f o o o o r r r r d d d d a a a a t t t t a a a a c c c c o o o o m m m m m m m m u u u u n n n n i i i i c c c c a a a a t t t t i i i i o o o o n n n n...
Page 2 This manual and any associated artwork, software and product designs are copyrighted with all rights reserved. Under the copyright laws such materials may not be copied, in whole or part, without the prior written consent of Netopia, Inc. Under the law, copying includes translation to another language or format.
Page 3: Table Of Contents
C C C C o o o o n n n n t t t t e e e e n n n n t t t t s s s s Welcome to the Netopia R2020 Dual Analog Router User’s Reference Guide . This guide is designed to be your single source for information about your Netopia R2020 Dual Analog Router.
Page 4 User’s Reference Guide Sharing the Connection ... 3-9 Conﬁguring TCP/IP on Windows 95, 98, or NT computers ... 3-9 Conﬁguring TCP/IP on Macintosh computers ... 3-13 Chapter 4 — Connecting Your Local Area Network ...4-1 Overview ... 4-1 Readying computers on your local network... 4-1 Connecting to an Ethernet network...
Page 5 Navigating through the System Conﬁguration screens... 7-8 System Conﬁguration features ... 7-8 Network Protocols Setup... 7-10 Filter Sets (Firewalls) ... 7-10 IP Address Serving ... 7-11 Date and Time ... 7-11 Console Conﬁguration... 7-11 SNMP (Simple Network Management Protocol) ... 7-12 Security ...
Page 6 User’s Reference Guide Encryption support ... 9-7 VPN Default Answer Proﬁle ... 9-8 VPN QuickView ... 9-9 Dial-Up Networking for VPN ... 9-10 Installing Dial-Up Networking ... 9-10 Creating a new Dial-Up Networking proﬁle ... 9-11 Conﬁguring a Dial-Up Networking proﬁle ... 9-12 Installing the VPN Client ...
Page 7 Firmware upgrades and NAT ... 10-28 IP subnets... 10-29 Static routes ... 10-31 IP address serving ... 10-35 DHCP NetBIOS Options... 10-37 DHCP Relay Agent ... 10-40 MacIP (Kip Forwarding) Options... 10-41 Chapter 11 — IPX Setup ...11-1 IPX Features... 11-1 IPX Deﬁnitions ...
Page 8 User’s Reference Guide Chapter 13 — Monitoring Tools ...13-1 Quick View status overview ... 13-1 General Status... 13-2 Current Status ... 13-3 Status lights ... 13-3 Statistics & Logs ... 13-4 General Statistics ... 13-4 Event Histories ... 13-5 Routing Tables... 13-7 Served IP Addresses...
Page 9 IPX packet ﬁlters ... 14-22 IPX packet ﬁlter sets ... 14-23 IPX SAP ﬁlters ... 14-25 IPX SAP ﬁlter sets ... 14-27 Firewall tutorial ... 14-28 General Firewall Terms ... 14-28 Basic IP Packet Components... 14-29 Basic Protocol Types ... 14-29 Firewall design rules...
Page 10 ISP’s Point of presence ... B-2 Endorsements ... B-2 Deciding on an ISP account ... B-2 Setting up a Netopia R2020 account ... B-2 Obtaining an IP host address ... B-2 SmartIP™ ... B-3 Obtaining information from the ISP... B-3 Local LAN IP address information to obtain (NAT enabled) ...
Page 11 Example: Working with a Class C subnet ... C-5 Distributing IP addresses ... C-5 Technical note on subnet masking... C-6 Conﬁguration ... C-7 Manually distributing IP addresses ... C-8 Using address serving ... C-8 Tips and rules for distributing IP addresses... C-9 Nested IP subnets ...
Page 12 User’s Reference Guide...
Page 13: Conﬁguration Options For Your Netopia R2020 Dual Analog Router
Conﬁguration options for your Netopia R2020 Dual Analog The Netopia R2020 can be used in different ways depending on your needs. In general, you will probably want to use it in one or more of the following ways: (Click on one of these links) “1.
Page 14: Small Ofﬁce Connection To The Internet
For Small Ofﬁce connections to the Internet, using a single dynamic IP address with Network Address Translation (NAT) enabled, you should use the following conﬁguration option: the SmartStart™ Wizard, included on your Netopia R2020 CD. This is the fastest and simplest way to get you up and running with the minimum difﬁculty.
Page 15 2. Small Ofﬁce connection to the Internet For Small Ofﬁce connections to the Internet, using a block of IP addresses (Network Address Translation disabled), you should use the following conﬁguration tool: Easy Setup conﬁguration using console-based management. This option allows maximum ﬂexibility for experienced users and administrators.
Page 16: Direct Connection To A Corporate Ofﬁce (Telecommuter)
For direct connections to a Corporate Ofﬁce, you can use either one of two conﬁguration options: If you will be using Network Address Translation, use the SmartStart™ Wizard, included on your Netopia R2020 CD. For instructions on this option, see on page 3-3.
Page 17: Conﬁgured To Accept Incoming Dial-Up Connections
4. Conﬁgured to accept incoming dial-up connections To conﬁgure the Netopia R2020 to accept incoming dial-up connections, you should use the following conﬁguration method: To create one or more dial-in Connection Proﬁles for each dial-in user, see new Connection Proﬁle” on page You do this using console-based management.
Page 18: Conﬁgured For Two Onboard And One External Modem On The Auxiliary Port
5. Conﬁgured for two onboard and one external modem on the Auxiliary port To conﬁgure the Netopia R2020 to use the two onboard modems and a third external modem on the Auxiliary serial port, you should use the following conﬁguration options. This might be done to allow three separate simultaneous dial-in/dial-out connections or one or two aggregated dial-in/dial-out calls using Multilink PPP.
Page 19 P P P P a a a a r r r r t t t t I I I I : : : : G G G G e e e e t t t t t t t t i i i i n n n n g g g g S S S S t t t t a a a a r r r r t t t t e e e e d d d d...
Page 20 User’s Reference Guide...
Page 21: Chapter 1 - Introduction
The Netopia R2020 Dual Analog Router is a full-featured, stand-alone, multiprotocol router for connecting diverse local area networks (LANs) to the Internet and other remote networks. The Netopia R2020 Dual Analog Router uses two 56Kbps V.90 modems communicating over standard analog telephone lines to provide your whole network with a high-speed connection to the outside world.
Page 22: How To Use This Guide
How to use this guide This guide is designed to be your single source for information about your Netopia R2020 Dual Analog Router. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been deliberately designed to present the maximum information in the minimum space on your screen.
Page 23: Chapter 2 - Making The Physical Connections
Cable length and network size limitations when expanding networks For small networks, install the Netopia R2020 near one of the LANs. For large networks, you can install the Netopia R2020 in a wiring closet or a central network administration site.
Page 24: Identify The Connectors And Attach The Cables
Windows and Macintosh, ZTerm terminal emulator software and NCSA Telnet 2.6 for Macintosh You will need: A Windows 95-based PC or a Macintosh with Ethernet connectivity for conﬁguring the Netopia R2020. This may be built-in Ethernet or an add-on card, with TCP/IP installed and conﬁgured. See SmartStart”...
Page 25 Netopia R2020 are powered ON. the computer running SmartStart and the Netopia R2020 to be conﬁgured must be on the same Ether- net segment; there can be no intervening routers. Repeaters, such as 10Base-T hubs, are acceptable.
Page 26: Netopia R2020 Dual Analog Router Back Panel Ports
2-4 User’s Reference Guide Netopia R2020 Dual Analog Router Back Panel Ports The ﬁgure below displays the back of the Netopia R2020 Dual Analog Router. Netopia R2020 Dual Analog Router back panel Ethernet Crossover switch 8 port Ethernet hub Line ports...
Page 27 The following table describes all the Netopia R2020 Dual Analog Router back panel ports. Port Power port a mini-DIN8 power adapter cable connection. Line 1 port a red RJ-11 telephone jack labelled “Line 1". Console port a DE-9 Console port for a direct serial connection to the console screens. You may use this if you are an experienced user and choose not to use SmartStart.
Page 28: Netopia R2020 Dual Analog Router Status Lights
2-6 User’s Reference Guide Netopia R2020 Dual Analog Router Status Lights The ﬁgure below represents the Netopia R2020 status light (LED) panel. Netopia R2020 LED front panel 2 3 4 5 WAN 1 The following table summarizes the meaning of the various LED states and colors: When this happens...
Page 29: Chapter 3 - Setting Up Your Router With The Smartstart Wizard
IP address assign an IP address to your router allow you to register with a new ISP if you don’t already have one. For a list of ISPs that support Netopia Routers in North America, see the Netopia website at http://www.netopia.com.
Page 30 SmartStart, in case you do not want to use the dynamic addressing features built in to the Netopia Router and need to restore the ﬁxed IP address.
Page 31: Setting Up Your Router With The Smartstart Wizard
The SmartStart Wizard presents a series of screens to guide you through the preliminary conﬁguration of a Netopia R2020. It will then create a connection proﬁle using the information you supply to it. Welcome screen. The ﬁrst screen welcomes you to the SmartStart Wizard conﬁguration utility.
Page 32: Easy Option
Check your cable connections. Be sure you have connected the router and the computer properly, using the correct cables. Refer to the Step 1 “Connect the Router” sheet in your Netopia R2020 documentation folio. Make sure the router is turned on and that there is an Ethernet connection between your computer and the router.
Page 33 ISP Automation or Manual Entry. Options are explained below. Make your selection and click Next. If you select ISP Automation, SmartStart offers you the option of choosing one of several Netopia ISP partners that support the Netopia R2020. You then see the page 3-5.
Page 34 3-6 User’s Reference Guide with: Your dial-up number, sometimes referred to as an ISP POP number Your Login name and Password. (These are case-sensitive.) Note: Your ISP may provide you with additional values such as “Remote IP Gateway” or “Subnet Mask.” These entries are not required for the SmartStart Wizard to conﬁgure your router.
Page 35 Connection Proﬁle Test screen. SmartStart tests your connection proﬁle by attempting to connect to your ISP. To test the connection proﬁle with your ISP, click Next. While the test is running, SmartStart reports its progress in a brief succession of dialog boxes as described below. Available Line Test Progress screen.
Page 36: Advanced Option
It is also found in your documentation folio. Note: Forcing a new IP address may turn off the Netopia R2020’s IP address serving capabilities, if you assign an IP address and subnet mask outside the router’s current IP address serving pool.
Page 37: Sharing The Connection
The TCP/IP protocol must be “bound” to the adapter or card Dynamic conﬁguration (recommended) If you conﬁgure your Netopia R2020 using SmartStart, you can accept the dynamic IP address assigned by your router. The Dynamic Host Conﬁguration Protocol (DHCP) server, which enables dynamic addressing, is enabled by default in the router.
Page 38 DNS will be assigned by the router with DHCP. Click OK in this window, and the next window. When prompted, reboot the computer. Note: You can also use these instructions to conﬁgure other computers on your network to accept IP addresses served by the Netopia R2020.
Page 39 Static conﬁguration (optional) If you are manually conﬁguring for a ﬁxed or static IP address, perform the following: Go to Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Conﬁguration tab. Select TCP/IP-->Your Network Card. Then select Properties. In the TCP/IP Properties screen (shown below), select the IP Address tab.
Page 40 Click on the Gateway tab (shown below). Under “New gateway,” enter 192.168.1.1. Click Add. This is the Netopia R2020’s pre-assigned IP address. Click OK in this window, and the next window. When prompted, reboot the computer. Note: You can also use these instructions to conﬁgure other computers on your network with manual or static IP addresses.
Page 41: Conﬁguring Tcp/Ip On Macintosh Computers
Macintosh. Dynamic conﬁguration (recommended) If you conﬁgure your Netopia R2020 using SmartStart, you can accept the dynamic IP address assigned by your router. The Dynamic Host Conﬁguration Protocol (DHCP), which enables dynamic addressing, is enabled by default in the router. To conﬁgure your Macintosh computer for dynamic addressing do the following: Go to the Apple menu.
Page 42 3-14 User’s Reference Guide Static conﬁguration (optional) If you are manually conﬁguring for a ﬁxed or static IP address, perform the following: Go to the Apple menu. Select Control Panels and then TCP/IP or MacTCP. With the TCP/IP window open, go to the Edit menu and select User Mode.
Page 43 If you want to use MacIP to dynamically assign IP addresses to the Macintosh computers on your network you must install the optional AppleTalk feature set kit. Note: You cannot use MacIP dynamic conﬁguration to conﬁgure your Netopia R2020 Dual Analog Router because you must ﬁrst conﬁgure the router in order to enable AppleTalk.
Page 44 These are the only ﬁelds you need to modify in these screens. Note: More information about conﬁguring your Macintosh computer for TCP/IP connectivity through a Netopia R2020 can be found in Technote NIR_026, “Open Transport and Netopia Routers,” located on the Netopia Web site.
Page 45: Chapter 4 — Connecting Your Local Area Network
Before connecting the Netopia R2020 to any AppleTalk LANs that contain other AppleTalk routers, you should read “Routers and seeding” on page 12-3. See the sections later in this chapter for details on how to connect the Netopia R2020 to different types of networks. Readying computers on your local network PC and Macintosh computers must have certain components installed before they can communicate through the Netopia R2020.
Page 46 TCP/IP stack: This is the software that lets your PC or Macintosh communicate using Internet protocols. TCP/IP stacks must be conﬁgured with some of the same information you used to conﬁgure the Netopia R2020. There are a number of TCP/IP stacks available for PC computers. Windows 95 includes a built-in TCP/IP stack. See “Conﬁguring TCP/IP on Windows 95, 98, or NT computers”...
Page 47: Connecting To An Ethernet Network
The Netopia R2020 supports Ethernet connections through its eight Ethernet ports. The Router automatically detects which Ethernet port is in use. 10Base-T You can connect a standard 10Base-T Ethernet network to the Netopia R2020 using any of its available Ethernet ports. Netopia R2020 back panel...
Page 48: Adding An External Modem
4-4 User’s Reference Guide If you add devices connected through a hub, connect the hub to Ethernet port number 1 on the Netopia R2020 and set the Normal/Uplink switch to Uplink. Macintosh Adding an external modem You may wish to add a third (external) modem to gain additional speed for your Internet connection. You will need to obtain the special external modem cable either from your reseller or directly from Netopia.
Page 49: Connecting To A Localtalk Network
HD-15 (female) Connect the male HD-15 end of the LocalTalk cable to the Auxiliary port on your Netopia R2020. Connect the other end of the cable to your LocalTalk network. You can use only one connection on the Auxiliary port. You cannot use both the PhoneNET connector and an external modem.
Page 50: Wiring Guidelines For Phonenet Cabling
4-6 User’s Reference Guide Wiring guidelines for PhoneNET cabling Topology daisy chain backbone 4-branch passive star* LocalTalk StarController 12-branch active star * distance is per branch For detailed conﬁguration instructions see 22 gauge 24 gauge .642 mm .510 mm 4500 ft. 3000 ft.
Page 51: Chapter 5 - Console-Based Management
C C C C o o o o n n n n s s s s o o o o l l l l e e e e - - - - b b b b a a a a s s s s e e e e d d d d M M M M a a a a n n n n a a a a g g g g e e e e m m m m e e e e n n n n t t t t Console-based management is a menu-driven interface for the capabilities built in to the Netopia R2020.
Page 52: Connecting Through A Telnet Session
“Quick View status overview” on page 13-1 Connecting through a Telnet session Features of the Netopia R2020 may be conﬁgured through the console screens. Before you can access the console screens through Telnet, you must have: a network connection locally to the router or IP access to the router through the WAN port. This could be the same connection as the one you used with SmartStart.
Page 53: Conﬁguring Telnet Software
ZTerm, included on the Netopia CD, for the Macintosh. The Netopia R2020 back panel has a connector labeled “Console” for attaching the Router to either a PC or Macintosh computer via the serial port on the computer. (On a Macintosh, the serial port is called the Modem port or the Printer port.) This connection lets you use the computer to conﬁgure and monitor the Netopia R2020...
Page 54: Navigating Through The Console Screens
The new baud rate is displayed at the bottom of the screen. Navigating through the console screens Use your keyboard to navigate the Netopia R2020’s conﬁguration screens, enter and edit information, and make choices. The following table lists the keys to use to navigate through the console screens.
Page 55: Chapter 6 - Easy Setup
E E E E a a a a s s s s y y y y S S S S e e e e t t t t u u u u p p p p This chapter describes how to use the Easy Setup console screens on your Netopia R2020 Dual Analog Router.
Page 56 If you do not see the Main Menu, verify that: the computer used to view the console screen has its serial port connected to the Netopia R2020’s “Console” port or an Ethernet connection to one of its Ethernet ports. See console cable to your router”...
Page 57: Beginning Easy Setup
ISP or a corporate site. On a Netopia R2020 Dual Analog Router you can add up to 15 more connection proﬁles, for a total of 16. See “Creating a new Connection Proﬁle” on page Select Number to Dial and enter the telephone number you received from your ISP.
Page 58: Ip Easy Setup
However, you may enter another address if you want to use static addressing. When using numbered interfaces, the Netopia Router will use its local WAN IP address and subnet mask to send packets to the remote router. Both routers have WAN IP addresses and subnet masks associated with the connection.
Page 59 Select Primary Domain Name Server and enter the IP address your ISP has given you. The Default IP Gateway defaults to the remote IP address you entered in the Easy Setup connection proﬁle. If the Netopia Router does not recognize the destination of any IP trafﬁc, it forwards that trafﬁc to this gateway.
Page 60: Easy Setup Security
PREVIOUS SCREEN Configure a Configuration Access Name and Password here. The ﬁnal step in conﬁguring the Easy Setup console screens is to restart the Netopia R2020, so the conﬁguration settings take effect. Select RESTART DEVICE. A prompt asks you to conﬁrm your choice.
Page 61 P P P P a a a a r r r r t t t t I I I I I I I I : : : : A A A A d d d d v v v v a a a a n n n n c c c c e e e e d d d d C C C C o o o o n n n n f f f f i i i i g g g g u u u u r r r r a a a a t t t t i i i i o o o o n n n n...
Page 62 User’s Reference Guide...
Page 63: Chapter 7 — Wan And System Conﬁguration
This chapter describes how to use the console-based management screens to access and conﬁgure advanced features of your Netopia R2020 Dual Analog Router. You can customize these features for your individual setup. These menus provide a powerful method for experienced users to set up their router’s connection proﬁles and system conﬁguration.
Page 64: Creating A New Connection Proﬁle
Configure a new Conn. Profile. Finished? On a Netopia R2020 Dual Analog Router you can add up to 15 more connection proﬁles, for a total of 16. Select Proﬁle Name and enter a name for this connection proﬁle. It can be any name you wish. For example: the name of your ISP.
Page 65 Select Datalink Options and press Return. The Datalink Options screen appears. Note: The Datalink Options shown below are for the default Data Link Encapsulation method PPP. (For VPN Data Link Options see “Virtual Private Networks” on page Data Compression... Send Authentication... Send User Name: Send Password: Receive User Name:...
Page 66 7-4 User’s Reference Guide Address Translation Enabled: IP Addressing... NAT Rule List... NAT Server List... Local WAN IP Address: Local WAN IP Mask: Remote IP Address: Remote IP Mask: Filter Set... Remove Filter Set Receive RIP: Toggle to Yes if this is a single IP address ISP account. Configure IP requirements for a remote network connection here.
Page 67: Viewing Or Editing Connection Proﬁles
Select Telco Options and press return. the Telco Options screen appears. NOTE: If you are creating a VPN Connection Proﬁle, the Telco Options menu is not used and becomes unavailable. Dial... Dialing Prefix: Number to Dial: Alternate Site to Dial: Dial on Demand: Idle Timeout (seconds): CNA Validation Number:...
Page 68 7-6 User’s Reference Guide +-Profile Name---------------------IP Address----IPX Network-+ +------------------------------------------------------------+ | Easy Setup Profile | Profile 02 +------------------------------------------------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. Select the connection proﬁle you want to view or edit and press Return. The proﬁle is displayed, and you can change any of the parameters.
Page 69: Deleting Connection Proﬁles
5-3) You can also retrieve the Netopia R2020’s conﬁguration information and remotely set its parameters using the Simple Network Management Protocol (see Open a Telnet connection to the IP address you set in the router with SmartStart, for example “192.168.1.1.”...
Page 70: Navigating Through The System Conﬁguration Screens
To go back in this sequence of screens, use the Escape key. System Conﬁguration features SmartStart may be all you need to conﬁgure your Netopia R2020. Some users, however, require advanced settings or prefer manual control over the default selections that SmartStart automatically chooses. For these users, the Netopia R2020 provides System Conﬁguration options.
Page 71 To help you determine whether you need to use the System Conﬁguration options, review the following requirements. If you have one or more of these needs, use the System Conﬁguration options described in the later chapters. Two or more outgoing connection proﬁles to connect to more than one remote location (for example, to connect to the Internet and to a network at another ofﬁce).
Page 72: Network Protocols Setup
7-10 User’s Reference Guide Layer Category Physical Layer Telco Parameters To access the System Conﬁguration screens, select System Conﬁguration in the Main Menu, then press Return. The System Conﬁguration Menu screen appears: Return/Enter to configure Networking Protocols (such as TCP/IP). Use this screen if you want options beyond Easy Setup.
Page 73: Ip Address Serving
IP Address Serving These screens allow you to conﬁgure IP Address serving on your network by means of DHCP, WANIP, BootP, and with the optional AppleTalk kit, MacIP. Details are given in “IP address serving” on page Date and Time You can set the system’s date and time in the Set Date and Time screen.
Page 74: Snmp (Simple Network Management Protocol)
You can upgrade your Netopia R2020 by adding new feature sets through the Upgrade Feature Set utility. See the release notes that came with your router or feature set upgrade or visit the Netopia web site at www.netopia.com for information on new feature sets, how to obtain them, and how to install them on your Netopia R2020.
Page 75: Logging
You can specify the UNIX syslog Facility to use by selecting the Facility pop-up. Installing the Syslog client The Goodies folder on the Netopia CD contains a Syslog client daemon program that can be conﬁgured to report the WAN events you speciﬁed in the Logging Conﬁguration screen.
Page 76 The following screen shows a sample syslog dump of WAN events: April 5 10:14:06 tsnext.netopia.com April 5 10:14:06 tsnext.netopia.com >>Issued Speech Setup Request from our DN: 5108645534 April 5 10:14:06 tsnext.netopia.com April 5 10:14:06 tsnext.netopia.com April 5 10:14:06 tsnext.netopia.com April 5 10:14:06 tsnext.netopia.com >>Issued Speech Setup Request from our DN: 5108645534...
Page 77: Chapter 8 - Managing Data Calls
It is also useful for once-only connections that you want to schedule in advance. The Netopia R2020 Dual Analog Router can answer calls as well as initiate them. To answer calls, the Netopia R2020 uses a Default Answer Proﬁle. The Default Answer Proﬁle controls how incoming calls are set up, authenticated, ﬁltered, and more.
Page 78 Enter the optional telephone or Directory Numbers for the two onboard modems to provide the Netopia R2020 with the information needed to establish a two-channel call using MP or BAP. This will advise the remote side of an inbound data call how to connect to a second channel.
Page 79 Allows carrier tones to be heard, as well. You can specify how to use the auxiliary serial port on the Netopia R2020’s back panel. By default, this port is enabled for an external asynchronous modem. If you have installed the optional AppleTalk feature set, then this port defaults to a LocalTalk connection.
Page 80: Default Answer Proﬁle For Dial-In Connections
Default Answer Proﬁle for Dial-in Connections The Netopia R2020 Dual Analog Router can answer calls as well as initiate them. To answer calls, the Netopia R2020 uses a Default Answer Proﬁle. The Default Answer Proﬁle controls how incoming calls are set up, authenticated, ﬁltered, and more.
Page 81 Required: Authentication is attempted if the calling number is available. If authentication fails, or the calling number is not available, the Netopia Router disconnects the caller. Use this setting if you require all calls to be CNA-authenticated. Calling Number Authentication (CNA), is an application of CallerID. It is a method of verifying that an incoming call is originating from an expected site.
Page 82 If a remote network has a non-standard mask (that is, it uses subnetting), the only way for it to successfully connect to the Netopia Router is by matching a connection proﬁle. In other words, you will have to set up a connection proﬁle for that network.If Must Match a Deﬁned Proﬁle is set to No, you can also set the...
Page 83: Scheduled Connections
Main Menu You can set a Netopia Router to make scheduled connections using designated connection proﬁles. This is useful for creating and controlling regularly scheduled periods when the router can be used by hosts on your network. It is also useful for once-only connections that you want to schedule in advance.
Page 84 8-8 User’s Reference Guide Viewing scheduled connections To display a table of view-only scheduled connections, select Display/Change Scheduled Connection in the Scheduled Connections screen. Each scheduled connection occupies one row of the table. +-Days----Begin At---HH:MM---When----Conn. Prof. Name----Enabled-----+ +--------------------------------------------------------------------+ | mtWtfss 08:30PM +--------------------------------------------------------------------+ The ﬁrst column in the table shows a one-letter representation of the Days of the week, from Monday (M or m) to Sunday (S or s).
Page 85 Scheduled Connection Enable: How Often... Schedule Type... Set Weekly Schedule... Use Connection Profile... ADD SCHEDULED CONNECTION Scheduled Connections dial remote Networks on a Weekly or Once-Only basis. Follow these steps to conﬁgure the new scheduled connection: To activate the connection, select Scheduled Connection Enable and toggle it to On. You can make the scheduled connection inactive by toggling Scheduled Connection Enable to Off.
Page 86 8-10 User’s Reference Guide Often is set to Once Only, the item directly below How Often reads Set Once-Only Schedule. Set Weekly Schedule If you set How Often to Weekly, select Set Weekly Schedule and go to the Set Weekly Schedule screen. Select the days for the scheduled connection to occur and toggle them to Yes.
Page 87 Place Call on (MM/DD/YY): Scheduled Window Start Time: AM or PM: Scheduled Window Duration: Select Place Call On (Date) and enter a date in the format MM/DD/YY or MM/DD/YYYY (month, day, year). Note: You must enter the date in the format speciﬁed. The slashes are mandatory. For example, the entry 5/7/98 would be accepted as May 7, 1998.
Page 88: Connection Metering
Escape key. Connection Metering The Netopia R2020 offers system-wide and per-Connection Proﬁle enhanced connection metering and budgeting. You use this feature to track ﬁrst minutes (an ISDN tariff factor) and additional minutes or megabytes per time period for initiated data and voice calls, either through the Web-based management pages or the console-based management screens.
Page 89: Connection Status Page
S S S S y y y y s s s s t t t t e e e e m m m m I I I I n n n n f f f f o o o o r r r r m m m m a a a a t t t t i i i i o o o o n n n n p p p p a a a a g g g g e e e e This is the initial page you link to when you connect to the Web-based management pages.
Page 90: Connect/Disconnect Page
8-14 User’s Reference Guide of the activity for your Frame relay DLCIs. “Connection Status page” on page 8-15 your switched connection. “Connect/Disconnect page” on page 8-16 nection Proﬁles, allowing you to initiate connections using any one of them. Accounting (for switched interfaces only) If you have a leased line with an unswitched interface, these options do not appear.
Page 91 Managing Data Calls 8-15 C C C C o o o o n n n n n n n n e e e e c c c c t t t t i i i i o o o o n n n n S S S S t t t t a a a a t t t t u u u u s s s s p p p p a a a a g g g g e e e e For switched interface connections, the Connection Status page displays information for your active Connection Proﬁle and, if applicable, any POTS calls currently active.
Page 92 8-16 User’s Reference Guide C C C C o o o o n n n n n n n n e e e e c c c c t t t t / / / / D D D D i i i i s s s s c c c c o o o o n n n n n n n n e e e e c c c c t t t t p p p p a a a a g g g g e e e e The Connect/Disconnect page displays a list of your conﬁgured Connection Proﬁles and allows you to connect or disconnect any of them.
Page 93 R R R R o o o o u u u u t t t t e e e e r r r r B B B B u u u u d d d d g g g g e e e e t t t t C C C C o o o o n n n n f f f f i i i i g g g g u u u u r r r r a a a a t t t t i i i i o o o o n n n n p p p p a a a a g g g g e e e e The Router Budget Conﬁguration page allows you to modify the parameters for your overall connection accounting policy.
Page 94: Connection Budget Conﬁguration Page
8-18 User’s Reference Guide C C C C o o o o n n n n n n n n e e e e c c c c t t t t i i i i o o o o n n n n B B B B u u u u d d d d g g g g e e e e t t t t s s s s p p p p a a a a g g g g e e e e The Connection Budgets page displays information for three budgets or Connection Proﬁles for tracking and controlling connection usage on a per-Connection Proﬁle basis.
Page 95 C C C C o o o o n n n n n n n n e e e e c c c c t t t t i i i i o o o o n n n n B B B B u u u u d d d d g g g g e e e e t t t t C C C C o o o o n n n n f f f f i i i i g g g g u u u u r r r r a a a a t t t t i i i i o o o o n n n n p p p p a a a a g g g g e e e e You can conﬁgure budgets to be: Enforced, meaning that when you reach the usage limit for the assigned time period, the Connection Proﬁle will allow no more connections.
Page 96 8-20 User’s Reference Guide schedule, you choose the day of the month to start it. Click the Submit button to enable your entries and be returned to the Connection Budgets page or click the Cancel button to discard all your entries. Click the Reset button to reset all counters and archives to zero. B B B B u u u u d d d d g g g g e e e e t t t t S S S S t t t t a a a a t t t t i i i i s s s s t t t t i i i i c c c c s s s s p p p p a a a a g g g g e e e e You can view statistics for all of your budgets at once or one at a time.
Page 97: Event History Pages
You can view two different event histories: one for the router’s system and one for the WAN. The Netopia R2020’s built-in battery backup prevents loss of event history from a shutdown or reset.
Page 98 8-22 User’s Reference Guide D D D D e e e e v v v v i i i i c c c c e e e e E E E E v v v v e e e e n n n n t t t t H H H H i i i i s s s s t t t t o o o o r r r r y y y y p p p p a a a a g g g g e e e e You can refresh the Device Event History log by clicking the update this page link.
Page 99: Console-Based Management Screens
C C C C o o o o n n n n s s s s o o o o l l l l e e e e - - - - b b b b a a a a s s s s e e e e d d d d m m m m a a a a n n n n a a a a g g g g e e e e m m m m e e e e n n n n t t t t s s s s c c c c r r r r e e e e e e e e n n n n s s s s You access the console-based management screens either by running your Telnet application or your terminal emulator to the serial console.
Page 100 8-24 User’s Reference Guide Name: Use Connection Profile... Enforced: Override: Units: Limit: Time Period... 1st Day of Week... Choose the Connection Profile this budget is for. Conﬁguration is similar to the Web-based management conﬁguration screens. Selecting Use Connection Proﬁle displays a pop-up list of all of your Connection Proﬁles. Choose the Connection Proﬁle you want this budget to apply to and press Return.
Page 101 Main Menu The Budget Statistics screen appears. Budget Name------First Minutes----Additional Minutes-------Cutoff--Expired Budget 1 Budget 2 Budget 3 You can view statistics for all your budgets at once or one at a time. Budget Name shows the names of your budgets. First Minutes displays the number of ﬁrst minutes of outbound calls placed during the recording interval.
Page 102 8-26 User’s Reference Guide D D D D a a a a t t t t e e e e a a a a n n n n d d d d t t t t i i i i m m m m e e e e s s s s e e e e t t t t t t t t i i i i n n n n g g g g Note: If you have Connection Budgets conﬁgured, changing the date setting will reset the Connection Budgets under one of the following conditions: If the new date is greater than the old date and the new date falls outside of the current budget window;...
Page 103: Chapter 9 - Virtual Private Networks
(Internet). The Netopia Router can be used in VPNs either to initiate the connection or to answer it. When used in this way, the routers are said to be tunnelling through the public network (Internet). The advantages are that, like your long distance phone call, you don't need a direct line between one computer or LAN and the other, but use the local connections, making it much cheaper;...
Page 104 Netopia’s PPTP implementation is compatible with Microsoft’s and can function as either the client (PAC) or the server (PNS). As a client, a Netopia R-series router can provide all users on a LAN with secure access over the Internet to the resources of another LAN by setting up a tunnel with a Windows NT server running Remote Access Services (RAS) or with another Netopia Router.
Page 105: About Pptp Tunnels
Conﬁguring the Netopia Router for use with either of the two protocols is done through the console-based menu screens. Each type is described in its own section: “About PPTP tunnels” on page 9-4 “About ATMP Tunnels” on page 9-16 Your conﬁguration depends on which protocol you (and the router at the other end of your tunnel) will use, and whether or not you will be using the VPN client software in a standalone remote connection.
Page 106 9-4 User’s Reference Guide A A A A b b b b o o o o u u u u t t t t P P P P P P P P T T T T P P P P t t t t u u u u n n n n n n n n e e e e l l l l s s s s To set up a PPTP tunnel, you create a Connection Proﬁle including the IP address and other relevant information for the remote PPTP partner.
Page 107 PPTP Partner IP Address: Tunnel Via Gateway: Data Compression... Authentication... Send Host name: Send Secret: Receive Host name: Receive Secret: Initiate Connections: On Demand: Idle Timeout (seconds): Return accepts * ESC cancels * Left/Right moves insertion point * Del deletes. In this Screen you will configure the GRE/PPTP specific connection params.
Page 108 9-6 User’s Reference Guide initiating a tunnel connection. You can specify a Receive Host Name which is used with the Receive Secret for authenticating a remote PPTP client. You must specify a Receive Secret, used for authenticating the remote PPTP client. You can specify that this router will Initiate Connections (acting as a PAC) or only answer them (acting as a PNS).
Page 109 Netopia’s ATMP implementation supports Data Encryption Standard (DES) data encryption for user data transfer over the ATMP tunnel between two Netopia routers. The encryption option, none or DES, is a selectable option in the ATMP Tunnel Options screen.
Page 110 9-8 User’s Reference Guide V V V V P P P P N N N N D D D D e e e e f f f f a a a a u u u u l l l l t t t t A A A A n n n n s s s s w w w w e e e e r r r r P P P P r r r r o o o o f f f f i i i i l l l l e e e e The WAN Conﬁguration menu offers a VPN Default Answer Proﬁle option.
Page 111 default) if you do not. This applies to both ATMP and PPTP connections. For PPTP tunnel connections only, you must deﬁne what type of authentication these connections will use. Select Receive Authentication and press Return. A pop-up menu offers the following options: PAP (the default), CHAP, or MS-CHAP.
Page 112 Microsoft Windows Dial-Up Networking software permits a remote stand-alone workstation to establish a VPN tunnel to a PPTP server such as a Netopia Router located at a central site. Dial-Up Networking also allows a mobile user who may not be connected to a PAC to dial into an intermediate ISP and establish a VPN tunnel to, for example, a corporate headquarters, remotely.
Page 113 The Communications window appears. In the Communications window, select Dial-Up Networking and click the OK button. This returns you to the Windows Setup screen. Click the OK button. Respond to the prompts to install Dial-Up Networking from the system disks or CDROM. When prompted, reboot your PC.
Page 114 9-12 User’s Reference Guide C C C C o o o o n n n n f f f f i i i i g g g g u u u u r r r r i i i i n n n n g g g g a a a a D D D D i i i i a a a a l l l l - - - - U U U U p p p p N N N N e e e e t t t t w w w w o o o o r r r r k k k k i i i i n n n n g g g g p p p p r r r r o o o o f f f f i i i i l l l l e e e e Once you have created your Dial-Up Networking proﬁle, you conﬁgure it for TCP/IP networking to allow you to connect to the Internet through your Internet connection device.
Page 115 Click the TCP/IP Settings button. If your ISP uses dynamic IP addressing (DHCP), select the Server assigned IP address radio button. If your ISP uses static IP addressing, select the Specify an IP address radio button and enter your assigned IP address in the ﬁelds provided. Also enter the IP address in the Primary and Secondary DNS ﬁelds.
Page 116 9-14 User’s Reference Guide I I I I n n n n s s s s t t t t a a a a l l l l l l l l i i i i n n n n g g g g t t t t h h h h e e e e V V V V P P P P N N N N C C C C l l l l i i i i e e e e n n n n t t t t Before Installing the VPN Client you must have TCP/IP installed and have an established Internet connection.
Page 117 Click the Windows Setup tab. The Windows Setup screen will be displayed within the top center box. Double-click Communications. This displays a list of possible selections for the communications option. Active components will have a check in the checkboxes to their left. Check Dial Up Networking at the top of the list and Virtual Private Networking at the bottom of the list.
Page 118 9-16 User’s Reference Guide A A A A b b b b o o o o u u u u t t t t A A A A T T T T M M M M P P P P T T T T u u u u n n n n n n n n e e e e l l l l s s s s To set up an ATMP tunnel, you create a Connection Proﬁle including the IP address and other relevant information for the remote ATMP partner.
Page 119 You can specify a Network Name. When the tunnel partner is another Netopia router, this name may be used to match against a Connection Proﬁle. When the partner is an Ascend router in Gateway mode, then Network Name is used by the Ascend router to match a gateway proﬁle.
Page 120 Ordinarily, Ping is an excellent troubleshooting tool, but it will not be effective in this circumstance. Instead, use another TCP- or UDP-based network service for troubleshooting. Since the Netopia Router is capable of serving Telnet and HTTP, we recommend using these services instead of Ping.
Page 121: Pptp Example
A A A A l l l l l l l l o o o o w w w w i i i i n n n n g g g g V V V V P P P P N N N N s s s s t t t t h h h h o o o o u u u u g g g g h h h h a a a a f f f f i i i i r r r r e e e e w w w w a a a a l l l l l l l l An administrator interested in securing a network will usually combine the use of VPNs with the use of a ﬁrewall or some similar mechanism.
Page 122 9-20 User’s Reference Guide Select Display/Change Input Filter. Display/Change Input Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+ 0.0.0.0 0.0.0.0 For Input Filter 1 set the Destination Port information as shown below. Enabled: Forward: Source IP Address: Source IP Address Mask: Dest.
Page 123 In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+ 0.0.0.0 0.0.0.0 For Output Filter 1 set the Protocol Type and Destination Port information as shown below. Enabled: Forward: Source IP Address: Source IP Address Mask: Dest.
Page 124 9-22 User’s Reference Guide A A A A T T T T M M M M P P P P E E E E x x x x a a a a m m m m p p p p l l l l e e e e To enable a ﬁrewall to allow ATMP trafﬁc, you must provision the ﬁrewall to allow inbound and outbound UDP packets speciﬁcally destined for port 5150.
Page 125 Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+ 0.0.0.0 0.0.0.0 For Output Filter 1 set the Protocol Type and Destination Port information as shown below.
Page 126 9-24 User’s Reference Guide Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: Change Output Filter 2 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0...
Page 127: Overview
The terms mapping or remapping refer to rules that translate one or more addresses on the Netopia Router's LAN to another address or addresses on the other side of the Netopia Router's WAN link (typically the Internet). The terms private and internal refer to addresses on the Netopia Router's LAN network that are protected or obscured from the NAT remappings.
Page 128 10-2 User’s Reference Guide The terms public and external refer to the Internet side of the Netopia Router's connection. A machine on the public network cannot necessarily access a machine behind a Netopia Router's NAT remapping, unless you specify that it can.
Page 129 F F F F e e e e a a a a t t t t u u u u r r r r e e e e s s s s The Netopia R2020 Router features the following: Default behavior consistent with previous ﬁrmware versions, including PAT to a DHCP- or PPP-assigned address.
Page 130: Easy Setup Proﬁle
10-4 User’s Reference Guide NAT conﬁguration You use the NAT feature sets by deﬁning a series of remapping rules and then grouping them into a list . There are two kinds of lists -- Map Lists , made up of PAT and Static remapping rules, and Server Lists , a list of internal services to be presented to the external world.
Page 131: Binding Map Lists And Server Lists
The Local WAN IP Address is used to conﬁgure a NAT public address range consisting of the Local WAN IP Address and all its ports. The public address map list is named Easy-PAT List and the port map list is named Easy-Servers .
Page 132 Network Address Translation (NAT)... Filter Sets... Enter an IP address in decimal and dot form (xxx.xxx.xxx.xxx). Set up the basic IP attributes of your Netopia in this screen. Select Network Address Translation (NAT) and press Return. The Network Address Translation screen appears.
Page 133 N N N N A A A A T T T T r r r r u u u u l l l l e e e e s s s s The following rules apply to assigning NAT ranges and server lists: Static public address ranges must not overlap other static, PAT, public addresses or the public address assigned to the router’s WAN interface.
Page 134 10-8 User’s Reference Guide Select ADD NAT PUBLIC RANGE and press Return. The range will be added to your list and you will be returned to the Network Address Translation screen. Once the public ranges have been assigned, the next step is to bind interior addresses to them. Because these bindings occur in ordered lists, called map lists , you must ﬁrst deﬁne the list, then add mappings to it.
Page 135 Select First and Last Private Address and enter the ﬁrst and last interior IP addresses you want to assign to this mapping. Select Use NAT Public Range and press Return. A screen appears displaying the public ranges you have deﬁned. +-Public Address Range------------Type----Name-------------+ +----------------------------------------------------------+ | 0.0.0.0...
Page 136 10-10 User’s Reference Guide First Private Address: Last Private Address: Use NAT Public Range... Public Range Type is: Public Range Start Address is: ADD NAT MAP Select ADD NAT MAP and press Return. Your mapping is added to your map list. M M M M o o o o d d d d i i i i f f f f y y y y i i i i n n n n g g g g m m m m a a a a p p p p l l l l i i i i s s s s t t t t s s s s You can make changes to an existing map list after you have created it.
Page 137 The Show/Change NAT Map List screen appears. Map List Name: Add Map... Show/Change Maps... Delete Map... Move Map... Add Map allows you to add a new map to the map list. Show/Change Maps allows you to modify the individual maps within the list. Delete Map allows you to delete a map from the list.
Page 138 10-12 User’s Reference Guide The Change NAT Map screen appears. First Private Address: Last Private Address: Use NAT Public Range... Public Range Type is: Public Range Start Address is: Public Range End Address is: CHANGE NAT MAP Make any modiﬁcations you need and then select CHANGE NAT MAP and press Return. Your changes will become effective and you will be returned to the Show/Change NAT Map List screen.
Page 139 All operations are done from a single pop-up menu. In the Show/Change Map List screen, select Move Map. A selection mode pop-up menu appears. In this mode you scroll to the map you want to move and press Return to select it for moving. After pressing Return you are in Move mode.
Page 140 10-14 User’s Reference Guide Service... Server Private IP Address: Public IP Address: ADD NAT SERVER Select Service and press Return. A pop-up menu appears listing a selection of commonly exported services. Service... Server Private IP Address: Public IP Address: ADD NAT SERVER Choose the service you want to export and press Return.
Page 141 Note: CUSeeMe (or other services that listen on speciﬁc ports) through MultiNAT works as it did for regular NAT routers. In order to use CUSeeMe through the Netopia R2020 Router, you must export the ports 7648 and 7649. In MultiNAT, you may use a port range export. Without the export, CUSeeMe will fail to work.
Page 142 10-16 User’s Reference Guide Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. The Show/Change NAT Server List screen appears. Server List Name: Add Server... Show/Change Server... Delete Server... Selecting Show/Change Server or Delete Server displays the same pop-up menu. Network Address Translation +-NAT Server List Name-+ +----------------------+...
Page 143 +-Private Address--Public Address----Port------------+ +----------------------------------------------------+ Se| 1.1.1.1 | 3.3.3.3 | 5.5.5.5 +----------------------------------------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. Select any server from the list and press Return. The Change NAT Server screen appears. Service... Server Private IP Address: Public IP Address: CHANGE NAT SERVER You can make changes to the server’s service and port or internal or external address.
Page 144: Ip Proﬁle Parameters
10-18 User’s Reference Guide A pop-up menu lists your conﬁgured servers. Select the one you want to delete and press Return. A dialog box asks you to conﬁrm your choice. +-Internal Address-External Address--Port------------+ +----------------------------------------------------+ Se| 1.1.1.1 | 3.+----------------------------------------------+ | | 5.+----------------------------------------------+ | | Are you sure you want to delete this Server? | | +----------------------------------------------+ | +----------------------------------------------------+...
Page 145 Address Translation Enabled: IP Addressing... NAT Map List... NAT Server List... Local WAN IP Address: Remote IP Address: Remote IP Mask: Filter Set... Remove Filter Set Receive RIP: Return/Enter to select <among/between> ... Configure IP requirements for a remote network connection here. Select NAT Map List and press Return.
Page 146: Default Answer Proﬁle
10-20 User’s Reference Guide Address Trans| my_server_list IP Addressing| my_servers NAT Map List.| NAT Server Li| Local WAN IP | Local WAN IP | Remote IP Add| Remote IP Mas| Filter Set...| Remove Filter| Receive RIP: | Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. Select the server list you want to bind to this Connection Proﬁle and press Return.
Page 147 The Default Answer Proﬁle screen appears. Must Match a Defined Profile: IP Enabled: IP Parameters... IPX Enabled: Data Compression... Max. Receive Packet Size: Idle Timeout: Return/Enter accepts * Tab toggles * ESC cancels. Configure values which may be used when receiving a call in this screen. If Must Match a Deﬁned Proﬁle is set to Yes, then the NAT attributes of the Connection Proﬁle take precedence.
Page 148: Nat Associations
10-22 User’s Reference Guide N N N N A A A A T T T T A A A A s s s s s s s s o o o o c c c c i i i i a a a a t t t t i i i i o o o o n n n n s s s s Conﬁguration of map and server lists alone is not sufﬁcient to enable NAT for a WAN connection because map and server lists must be linked to a proﬁle that controls the WAN interface.
Page 149 Profile/Interface Name-------------Nat+------------------+Server List Name Easy Setup Profile Profile 01 Profile 02 Profile 03 Profile 04 Default Answer Profile Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. Select the list name you want to assign and press Return again. Your selection will then be associated with the corresponding proﬁle or interface.
Page 150 Public IP addresses assigned by the ISP are 206.1.1.1 through 206.1.1.6 (255.255.255.248 subnet mask). Your internal devices have IP addresses of 192.168.1.1 through 192.168.1.254 (255.255.255.0 subnet mask). Netopia router's address is: Web server's address is: Mail server's address is: FTP server's address is: In this example you will statically map the ﬁrst ﬁve public IP addresses (206.1.1.1 - 206.1.1.5) to the ﬁrst ﬁve...
Page 151 Default IP Gateway: IP Address Serving: Number of Client IP Addresses: 1st Client Address: PREVIOUS SCREEN Set up the basic IP & IPX attributes of your Netopia in this screen. Then navigate to the Network Address Translation (NAT) screen. System Main Menu...
Page 152 10-26 User’s Reference Guide Select Show/Change Public Range, then Easy-PAT Range, and press Return. Enter the value your ISP assigned for your public address (206.1.1.6, in this example). Toggle Type to pat . Your public address is then mapped to the remaining private IP addresses using PAT.
Page 153 You do this through either the NAT Associations screen or the proﬁle’s conﬁguration screens. The PAT part of this example setup will allow any user on the Netopia Router's LAN with an IP address in the range of 192.168.1.6 through 192.168.1.254 to initiate trafﬁc ﬂow to the outside world (for example, the Internet).
Page 154 IP address, 206.1.1.3. For the sake of this example, alias both services to 206.1.1.2. Now, as before, the PAT conﬁguration will allow any user on the Netopia Router's LAN with an IP address in the range of 192.168.1.6 through 192.168.1.254 to initiate trafﬁc ﬂow to the Internet.
Page 155: Ip Subnets
All eight row labels are always visible, regardless of the number of subnets conﬁgured. To add an IP subnet, enter the Netopia R2020’s IP address on the subnet in the IP Address ﬁeld in a particular row and the subnet mask for the subnet in the Subnet Mask ﬁeld in that row.
Page 156 10-30 User’s Reference Guide For example: IP Address ---------------- 192.128.117.162 192.128.152.162 0.0.0.0 To delete a conﬁgured subnet, set both the IP address and subnet mask values to 0.0.0.0, either explicitly or by clearing each ﬁeld and pressing Return or Enter to commit the change. When a conﬁgured subnet is deleted, the values in subsequent rows adjust up to ﬁll the vacant ﬁelds.
Page 157: Static Routes
Static routes are IP routes that are maintained manually. Each static route acts as a pointer that tells the Netopia R2020 how to reach a particular network. However, static routes are used only if they appear in the IP routing table, which contains all of the routes used by the Netopia R2020 (see Static routes are helpful in situations where a route to a network must be used and other means of ﬁnding the...
Page 158 10-32 User’s Reference Guide Configure/View/Delete Static Routes from this and the following Screens. Viewing static routes To display a view-only table of static routes, select Display/Change Static Route in the Static Routes screen. +-Dest. Network---Subnet Mask-----Next Gateway----Priority-Enabled-+ +------------------------------------------------------------------+ | 0.0.0.0 +------------------------------------------------------------------+ Select a Static Route to modify.
Page 159 Select Destination Network Subnet Mask and enter the subnet mask used by the destination network. Select Next Gateway IP Address and enter the IP address for the router that the Netopia R2020 will use to reach the destination network. This router does not necessarily have to be part of the destination network, but it must at least know where to forward packets destined for that network.
Page 160 Rules of static route installation The Netopia R2020 applies certain rules before installing enabled static routes in the IP routing table. An enabled static route will not be installed in the IP routing table if any of the following conditions are true: The static route’s Next Gateway IP Address matches the IP address used by a connection proﬁle or the...
Page 161: Ip Address Serving
Menu Configuration In addition to being a router, the Netopia R2020 is also an IP address server. There are four protocols it can use to distribute IP addresses. The ﬁrst, called Dynamic Host Conﬁguration Protocol (DHCP), is widely supported on PC networks, as well as Apple Macintosh computers using Open Transport and computers using the UNIX operating system.
Page 162 DHCP, BOOTP, Dynamic WAN, and/or MacIP. Example: Your ISP has given your Netopia R2020 the IP address 192.168.6.137, with a subnet mask of 255.255.255.248. The subnet mask allocated will give you six IP addresses to use when connecting to the ISP over the Internet (for more information on understanding IP addressing refer to “Understanding IP...
Page 163: Dhcp Netbios Options
DHCP NetBIOS Options If your network uses NetBIOS, you can enable the Netopia R2020 to use DHCP to distribute NetBIOS information. NetBIOS stands for Network Basic Input/Output System. It is a layer of software originally developed by IBM and Sytek to link a network operating system with speciﬁc hardware. NetBIOS has been adopted as an industry standard.
Page 164 Note: Addresses assigned through BOOTP are permanently allocated from the IP Address Serving pool until you release them. To view all of the IP addresses currently being served by the Netopia R2020, from the Statistics & Logs menu select Served IP Addresses.
Page 165 The Served IP Addresses screen appears. -IP Address-------Type----Expires--Client Identifier-------------------------- ----------------------------------SCROLL UP----------------------------------- 192.168.1.100 192.168.1.101 192.168.1.102 192.168.1.103 192.168.1.104 192.168.1.105 192.168.1.106 192.168.1.107 192.168.1.108 192.168.1.109 192.168.1.110 192.168.1.111 192.168.1.112 192.168.1.113 ---------------------------------SCROLL DOWN---------------------------------- Lease Management... EN = Ethernet Address; AT = AppleTalk Address; CP = Profile Name; HX = hex To release these addresses, select Lease Management.
Page 166: Dhcp Relay Agent
Netopia Router. If the Netopia Router is conﬁgured to act as a DHCP server, it will assign the client an address from an address pool conﬁgured locally in the Netopia Router and respond to the client's request...
Page 167: Macip (Kip Forwarding) Options
Ethernet), they must use a MacIP (AppleTalk-IP) gateway. The optional Netopia AppleTalk feature enhancement kit provides for this service. A MacIP gateway converts network trafﬁc into the correct format for AppleTalk or IP, depending on the trafﬁc’s destination. The MacIP gateway can also distribute IP addresses to AppleTalk computers on the network.
Page 168 Select MacIP/KIP Static Options and press Return. The MacIP (KIP) Forwarding Setup screen tells the Netopia R2020 how many static addresses to allocate for MacIP/KIP clients. The addresses must fall within the address pool from the previous screen. You will need to enter the number of static MacIP addresses to reserve in this screen.
Page 169: Chapter 11 - Ipx Setup
Internetwork Packet Exchange (IPX) is the network protocol used by Novell NetWare networks. This chapter shows you how to conﬁgure the Netopia R2020 for routing data using IPX. You also learn how to conﬁgure the router to serve IPX network addresses.
Page 170: Ipx Address
11-2 User’s Reference Guide IPX address An IPX address consists of a network number, a node number, and a socket number. An IPX network number is composed of eight hexadecimal digits. The network number must be the same for all nodes on a particular physical network segment.
Page 171: Netbios
IPX Spooﬁng The Netopia R2020 has several IPX features designed to restrict the trafﬁc on the dial-up link when the unit is not sending or receiving IPX data. When the link is idle and a user is logged into a Novell server, the server will send “keep alive”...
Page 172 IPX network to only those required by remote users connecting to the Netopia R2020. An Ethernet SAP ﬁlter must be used with networks that have so many servers advertised that the Netopia R2020 would otherwise exhaust its internal memory storing server entries.
Page 173: Ipx In The Answer Proﬁle
Select Default Gateway Address, and enter the network address of the IPX network to which all packets of unknown destination address should be routed. Note: The Default Gateway Address is usually set up to match the IPX Address in your network Connection Proﬁle.
Page 174 11-6 User’s Reference Guide To conﬁgure IPX routing in the answer proﬁle, select IPX Parameters and go to the IPX Parameters (Default Answer Proﬁle) screen. The items in this screen are similar to the IPX Proﬁle Parameters items of the same name (see page 11-5).
Page 175: Ipx Routing Tables
IPX routing tables Main Menu IPX routing tables provide information on current IPX routes and services. To go to the IPX Routing Table screen, select IPX Routing Table in the Routing Tables screen. This table shows detailed information about current IPX network routes. Net Addr-Hops-Ticks-Type--Status-Interface--------------via Router------------ -----------------------------------SCROLL UP---------------------------------- 00000020...
Page 176 11-8 User’s Reference Guide...
Page 177: Chapter 12 - Appletalk Setup
This chapter discusses the concept of AppleTalk routing and how to conﬁgure AppleTalk Setup for a Netopia R2020 with the AppleTalk kit installed. AppleTalk support is available as a separate kit for the Netopia R2020 Dual Analog Router. Skip this chapter if you do not have the AppleTalk kit.
Page 178 AppleTalk tells them apart according to an additional part of their addresses: the network number. The Netopia R2020 assigns a unique network number to each member network. In terms of the city street metaphor, the network number is similar to the name of the street. Putting a network number together with a node number fully speciﬁes the address of a node on an internet.
Page 179: Macip
When two networks using AppleTalk communicate with each other through a network based on the Internet Protocol, they are said to be tunneling through the IP network. The Netopia R2020 uses AURP to allow your AppleTalk network to tunnel to designated AppleTalk partner networks, as well as to accept connections from remote AppleTalk networks tunneling to your AppleTalk LAN.
Page 180: Installing Appletalk
You should set the Netopia R2020’s seeding action to work best in your particular network environment. These scenarios may guide you in deciding how to set the router’s seeding: If the Netopia R2020 is the only router on your network, you must set it to either hard seeding or soft seeding. The default is soft seeding.
Page 181 Main Menu The Netopia Feature Set Upgrade screen appears. You may be able to extend the features of your Netopia by purchasing a 'Software Upgrade'. notes that came with your Netopia or visit the Netopia Communications web site at www.netopia.com.
Page 182: Conﬁguring Appletalk
Otherwise, your EtherTalk network may experience routing conﬂicts. The Netopia R2020 supports creating up to 32 zone names. As an alternative, you can set EtherTalk seeding to soft seeding and let the Netopia R2020 receive the zone name and network number from the other router.
Page 183: Localtalk Setup
Note: Your LocalTalk network may already have a zone and network number in place. For the Netopia R2020’s LocalTalk port to be part of your LocalTalk network, it must have a network number and zone name that matches the values in use on the LocalTalk network.
Page 184: Aurp Setup
12-8 User’s Reference Guide As an alternative, you can set LocalTalk seeding to soft seeding and let the Netopia R2020 receive the zone name and network number from the other router. Select LocalTalk Network Number and enter the desired network number.
Page 185 Site A has an AURP tunnel to site B. Both sides have multiple zones deﬁned on the EtherTalk port and a unique zone on their LocalTalk ports. If side A has indicated one of its EtherTalk zones is the Free Trade Zone and has opted to use the Free Trade Zone option for its tunnel to B, then only this Free Trade Zone will show up on side B and only those machines or services in the Free Trade Zone will be accessible to side B.
Page 186 The AURP tickle timer is a parameter that you can set anywhere between 0 and 100 hours. This parameter tells the AURP partners when to send out an AURP tickle packet. If this value is set to 0, the Netopia R2020 will never send out a tickle packet.
Page 187 Update Interval every time there's such a change in the network topology. This will cause the Netopia's WAN link to be brought up. You can opt to minimize what may be unnecessary calls by changing the Update Interval value to some larger value. At the end of this time window if there has been a local AppleTalk network change the Netopia R2020 will call any remote AURP partner and forward the new network information.
Page 188 12-12 User’s Reference Guide...
Page 189: Quick View Status Overview
“SNMP” on page 13-12 Quick View status overview You can get a useful, overall status report from the Netopia R2020 in the Quick View screen. To go to the Quick View screen, select Quick View in the Main Menu. The Quick View screen has three status sections:...
Page 190: General Status
IPX Address: The Netopia R2020’s IPX address, entered in the IPX Setup screen. EtherTalk Address: The Netopia R2020’s AppleTalk address on its EtherTalk Phase II interface, entered in the EtherTalk Phase II Setup screen (only if the optional AppleTalk feature set is installed).
Page 191: Current Status
ISDN caller identiﬁcation (if available). Status lights This section shows the current real-time status of the Netopia R2020’s status lights (LEDs). It is useful for remotely monitoring the router’s status. The Quick View screen’s arrangement of LEDs corresponds to the physical arrangement of LEDs on the router.
Page 192: Statistics & Logs
Main Menu When you are troubleshooting your Netopia R2020, the Statistics screens provide insight into the recent event activities of the Router. From the Main Menu go to Statistics & Logs and select one of the options described in the sections below.
Page 193: Event Histories
You can view two different event histories: one for the router’s system and one for the WAN. The Netopia R2020’s built-in battery backup prevents loss of event history from a shut down or reset.
Page 194 13-6 User’s Reference Guide WAN Event History The WAN Event History screen lists a total of 128 events on the WAN. The most recent events appear at the top. To go to the WAN Event History screen, select WAN Event History in the Statistics & Logs screen. -Date-----Time-----Event------------------------------------------------------ ----------------------------------SCROLL UP----------------------------------- 6/17/99 01:56:49...
Page 195: Routing Tables
Return. Routing Tables You can view all of the IP, IPX and AppleTalk routes in the Netopia R2020’s IP, IPX and AppleTalk routing tables, respectively. To go to a Routing Table screen, select the Routing Table you are interested in from the Statistics & Logs screen.
Page 196 13-8 User’s Reference Guide IP routing table The IP routing table displays all of the IP routes currently known to the Netopia R2020. To display the IP Routing Table screen, select IP Routing Table in the Statistics & Logs screen and press Return.
Page 197 IPX Sap Bindery table The IPX Sap Bindery table displays all of the IPX Sap Bindery routes currently known to the Netopia R2020. To display the IPX SAP Bindery Table screen, select IPX Sap Bindery Table in the Statistics & Logs screen and press Return.
Page 198: Served Ip Addresses
Pkts Fwded: The number of packets sent to the router shown. Served IP Addresses You can view all of the IP addresses currently being served by the Netopia R2020 Dual Analog Router from the Served IP Addresses screen. From the Statistics & Logs menu, select Served IP Addresses.
Page 199 The IP Address Lease Management screen appears. Reset All Leases Release BootP Leases Reclaim Declined Addresses Hit RETURN/ENTER, you will return to the previous screen. By selecting each of these options you can: Reset all current IP addresses leased through DHCP without waiting for the default one hour lease period to elapse Release BootP leases that may be in place, and which may no longer be required Reclaim served leases that have been declined, for example by devices which may no longer be on the...
Page 200: System Information
Frame Relay DTE MIB (RFC 1315) Netopia MIB These MIBs are on the Netopia R2020 CD included with the Netopia R2020. You should load these MIBs into your SNMP management software in the order they are listed here. Follow the instructions included with your SNMP manager on how to load MIBs.
Page 201: The Snmp Setup Screen
Select System Contact and enter the name of the person responsible for maintaining the router. System Name, System Location, and System Contact set the values returned by the Netopia R2020 SNMP agent for the SysName, SysLocation, and SysContact objects, respectively, in the MIB-II system group. Although optional, the information you enter in these items can help a system administrator manage the network more efﬁciently.
Page 202: Snmp Traps
SNMP traps An SNMP trap is an informational message sent from an SNMP agent (in this case, the Netopia R2020) to a manager. When a manager receives a trap, it may log the trap as well as generate an alert message of its own.
Page 203 Return/Enter to modify an existing Trap Receiver. Navigate from here to view, add, modify and delete IP Trap Receivers. Setting the IP trap receivers Select Add IP Trap Receiver. Select Receiver IP Address or Domain Name. Enter the IP address or domain name of the SNMP manager you want to receive the trap.
Page 204 13-16 User’s Reference Guide...
Page 205: Chapter 14 - Security
S S S S e e e e c c c c u u u u r r r r i i i i t t t t y y y y The Netopia R2020 provides a number of security features to help protect its conﬁguration screens and your local network from unauthorized access.
Page 206: User Accounts
14-2 User’s Reference Guide User accounts When you ﬁrst set up and conﬁgure the Netopia R2020, no passwords are required to access the conﬁguration screens. Anyone could tamper with the router’s conﬁguration by simply connecting it to a console. However, by adding user accounts, you can protect the most sensitive screens from unauthorized access. User accounts are composed of name/password combinations that can be given to authorized users.
Page 207: Dial-In Console Access
Remote modem terminal emulator setups can dial in to either internal modem line and establish a remote console session, even though they are not using PPP. This allows Netopia Inc.'s “Up and Running, Guaranteed!” department or other administrator with the appropriate security to remotely conﬁgure your router for you. If you used SmartStart to conﬁgure your router, this option will be set to “No”.
Page 208: Enable Smartstart/Web Server
SmartStart. To prevent access to these features toggle this option to “No”. Telnet access Telnet is a TCP/IP service that allows remote terminals to access hosts on an IP network. The Netopia R2020 supports Telnet access to its conﬁguration screens. Caution! You should consider password-protecting or restricting Telnet access to the Netopia R2020 if you suspect there is a chance of tampering.
Page 209: How Filter Sets Work
Security 14-5 How ﬁlter sets work A ﬁlter set acts like a team of customs inspectors. Each ﬁlter is an inspector through which incoming and outgoing packages must pass. The inspectors work as a team, but each inspects every package individually. Each inspector has a speciﬁc task.
Page 210 14-6 User’s Reference Guide If the package does not match the ﬁrst inspector’s criteria, it goes to the second inspector, and so on. You can see that the order of the inspectors in the line is very important. For example, let’s say the ﬁrst inspector’s orders are to send along all packages that come from Rome, and the second inspector’s orders are to reject all packages that come from France.
Page 211: How Individual Filters Work
This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match occurs, the packet is blocked. Here is what this rule looks like when implemented as a ﬁlter on the Netopia R2020: +-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +--------------------------------------------------------------------+ 199.211.211.17...
Page 212 14-8 User’s Reference Guide Internet service Telnet SMTP (mail) Gopher Internet service Who Is World Wide Web SNMP TFTP Port number comparisons A ﬁlter can also use a comparison option to evaluate a packet’s source or destination port number. The comparison options are: No Compare: No comparison of the port number speciﬁed in the ﬁlter with the packet’s port number.
Page 213 Putting the parts together When you display a ﬁlter set, its ﬁlters are displayed as rows in a table: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ 192.211.211.17 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 +----------------------------------------------------------------------+ The table’s columns correspond to each ﬁlter’s attributes: #: The ﬁlter’s priority in the set. Filter number 1, with the highest priority, is ﬁrst in the table. Source IP Addr: The packet source IP address to match.
Page 214 14-10 User’s Reference Guide Filtering example #1 Returning to our ﬁltering rule example from above (see Start with the rule, then ﬁll in the ﬁlter’s attributes: The rule you want to implement as a ﬁlter is: Block all Telnet attempts that originate from the remote host 199.211.211.17. The host 199.211.211.17 is the source of the Telnet packets you want to block, while the destination address is any IP address.
Page 215: Design Guidelines
+-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ 200.233.14.0 +----------------------------------------------------------------------+ This ﬁlter blocks any packets coming from a remote network with the IP network address 200.233.14.0. The 0 at the end of the address signiﬁes any host on the class C IP network 200.233.14.0. If, for example, the ﬁlter is applied to a packet with the source IP address 200.233.14.5, it will block it.
Page 216: Working With Ip Filters And Filter Sets
14-12 User’s Reference Guide An approach to using ﬁlters The ultimate goal of network security is to prevent unauthorized access to the network without compromising authorized access. Using ﬁlter sets is part of reaching that goal. Each ﬁlter set you design will be based on one of the following approaches: That which is not expressly prohibited is permitted.
Page 217: Adding A Filter Set
View, change, or delete individual ﬁlters and ﬁlter sets. The sections below explain how to execute these steps. Adding a ﬁlter set You can create up to eight different custom ﬁlter sets. Each ﬁlter set can contain up to 16 output ﬁlters and up to 16 input ﬁlters.
Page 218 The Netopia R-series Router Packets in the Netopia R2020 pass through an input ﬁlter if they originate in the WAN and through an output ﬁlter if they’re being sent out to the WAN. The process for adding input and output ﬁlters is exactly the same. The main difference between the two involves their reference to source and destination.
Page 219 Enter the IP specific information for this filter. To make the ﬁlter active in the ﬁlter set, select Enabled and toggle it to Yes. If Enabled is toggled to No, the ﬁlter can still exist in the ﬁlter set, but it will have no effect. If you want the ﬁlter to forward packets that match its criteria to the destination IP address, select Forward and toggle it to Yes.
Page 220: Viewing Filter Sets
14-16 User’s Reference Guide 10. When you are ﬁnished conﬁguring the ﬁlter, select ADD THIS FILTER NOW to save the ﬁlter in the ﬁlter set. Select CANCEL to discard the ﬁlter. Viewing ﬁlters To display a view-only table of input (output) ﬁlters, select Display/Change Input Filters (Display/Change Output Filters) in the Add IP Filter Set screen.
Page 221: Modifying Filter Sets
ﬁlter set. A sample IP ﬁlter set This section contains the settings for a ﬁlter set, called Basic Firewall, which is part of the Netopia R2020’s factory conﬁguration. Basic Firewall blocks undesirable trafﬁc originating from the WAN (in most cases, the Internet), but passes all trafﬁc originating from the LAN.
Page 222 14-18 User’s Reference Guide The ﬁve input ﬁlters and one output ﬁlter that make up Basic Firewall are shown in the table below. Input ﬁlter Setting Enabled Forward Source IP 0.0.0.0 address Source IP 0.0.0.0 address mask Dest. IP 0.0.0.0 address Dest.
Page 223 Basic Firewall is suitable for a LAN containing only client hosts that wish to access servers on the WAN, not for a LAN containing servers providing services to clients on the WAN. Basic Firewall’s general strategy is to explicitly pass WAN-originated TCP and UDP trafﬁc to ports greater than 1023. Ports lower than 1024 are the service origination ports for various Internet services such as FTP, Telnet, and the World Wide Web (WWW).
Page 224 AURP tunnel. To allow an AURP tunnel between a remote AURP router with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243) and a local AURP router (including the Netopia R2020 itself), insert the following input ﬁlter ahead of the current input ﬁlter 1: Enabled: Yes Forward: Yes Source IP Address: a.b.c.d...
Page 225: Ipx Filters
IPX ﬁlters Main Menu IPX packet ﬁlters work very similarly to IP packet ﬁlters. They ﬁlter data trafﬁc coming from or going to remote IPX networks. IPX ﬁlters can be set up to pass or discard IPX packets based on a number of user-deﬁned criteria.
Page 226: Ipx Packet Filters
14-22 User’s Reference Guide The items in the IPX Filters and Filter Sets screen are grouped into four areas: IPX packet ﬁlters IPX packet ﬁlter sets IPX SAP ﬁlters IPX SAP ﬁlter sets The following sections explain the items in each of these areas. IPX packet ﬁlters For each IPX packet ﬁlter, you can conﬁgure a set of parameters to match on the source or destination attributes of IPX data packets coming from or going to the WAN.
Page 227: Ipx Packet Filter Sets
Select Filter Name and enter a descriptive name for the ﬁlter. To specify a source network for the ﬁlter to match on, select Source Network and enter an IPX network address. To specify a source node for the ﬁlter to match on, select Source Node Address and enter an IPX node address.
Page 228 14-24 User’s Reference Guide Add Packet Filter Set Filter Set Name: Show Filters/Change Action on Match... Append Filter... Remove Filter... ADD FILTER SET NOW Configure an IPX Filter Set here. You must ADD FILTER SET NOW to save. Follow these steps to conﬁgure the new packet ﬁlter set: Select Filter Set Name and enter a descriptive name for the ﬁlter set.
Page 229: Ipx Sap Filters
To add a ﬁlter to the ﬁlter set, select Append Filter to display a table of ﬁlters. Select a ﬁlter from the table and press Return to add it to the ﬁlter set. The default action of newly added ﬁlters is to not forward packets that match their criteria.
Page 230 (no characters), and ? to match any single character in the server’s name. For example, the ﬁlter could match on the server name “NETOPIA” with “NETO*”, “NETO?IA”, and “NETOPIA*”. To specify a socket for the ﬁlter to match on, select Socket and enter an IPX socket number.
Page 231: Ipx Sap Filter Sets
Deleting a SAP ﬁlter To delete a SAP ﬁlter, select Delete IPX SAP ﬁlter in the IPX Filters and Filter Sets screen to display a table of ﬁlters. Select a ﬁlter from the table and press Return to delete it. Press the Escape key to exit the table without deleting the ﬁlter.
Page 232: Firewall Tutorial
14-28 User’s Reference Guide Set whether filters forward or drop matching packets here. Select a ﬁlter and toggle the entry forwarding action to Yes (pass) or No (discard). To add a ﬁlter to the ﬁlter set, select Append Filter to display a table of ﬁlters. Select a ﬁlter from the table and press Return to add it to the ﬁlter set.
Page 233: Basic Ip Packet Components
Host: A workstation on the Network. Packet: Unit of communication on the Internet. Packet Filter: Packet ﬁlters allow or deny packets based on source or destination IP addresses, TCP or UDP ports, or the TCP ACK bit. Port: A number that deﬁnes a particular type of service. Filter Rule: A ﬁlter set is comprised of individual ﬁlter rules.
Page 234: Firewall Design Rules
14-30 User’s Reference Guide Firewall design rules There are two basic rules to ﬁrewall design: “What is not explicitly allowed is denied...” “What is not explicitly denied is allowed...” The ﬁrst rule is far more secure, and is the best approach to ﬁrewall design. It is far easier (and more secure) to allow in or out only certain services and deny anything else.
Page 235 Logical ANDing When a packet is compared (in most cases) a logical AND is performed. First the IP addresses and subnet masks are converted to binary and then ANDed together. The rules for logical ANDing are as follows: 0 AND 0 = 0 0 AND 1 = 0 1 AND 0 = 0 1 AND 1 = 1...
Page 236: Filter Basics
In the source or destination IP address ﬁelds, the IP address that is entered MUST be the NETWORK address of the subnet. A HOST address can be entered, but the applied subnet mask must be 32 bits (255.255.255.255). The Netopia R2020 has the ability to compare source and destination TCP or UDP ports. These options are as follows:...
Page 237: Example Filters
IP Address 200.1.1.28 255.255.255.128 This incoming IP packet has a source IP address that matches the network address in the Source IP Address ﬁeld (00000000) in the Netopia R2020. This will NOT forward this packet. Incoming Packet Filter Netopia 200.1.1.0 (Source IP Network Address) 255.255.255.128...
Page 238 IP Address 200.1.1.184 255.255.255.240 Since the Source IP Network Address in the Netopia R2020 is 01100000, and the source IP address after the logical AND is 1011000, this rule does NOT match and this packet will be passed. 200.1.1.0 (Source IP Network Address) 255.255.255.128...
Page 239 IP Address 200.1.1.104 255.255.255.240 Since the Source IP Network Address in the Netopia R2020 is 01100000, and the source IP address after the logical AND is 01100000, this rule DOES match and this packet will NOT be passed. Example 5 Filter Rule: Incoming packet has the source address of 200.1.1.96...
Page 240: Token Security Authentication
As a remote device, the Netopia R2020 offers client/calling side security authentication. This feature allows the Netopia R2020 to call a server router and perform security card authentication. The router of the called server must have access to a server with ACE software loaded on it.
Page 241: Security Authentication Components
Note: The Netopia R2020 currently only supports Ascend routers as ACMs. An external Netopia R2020 calling into a designated server. For example, a telecommuter dialing into a remote site from a Netopia R2020 interested in accessing personal email or ﬁle sharing services.
Page 242: Connecting Using Security Authentication
CACHE-TOKEN. Your network administrator or the remote network administrator will tell you which method to select. If you select PAP-TOKEN, select Send User Name and enter a name for your Netopia R2020. You will not need to enter a Send Password for PAP-TOKEN. Press Return.
Page 243 Select Secure Authentication Monitor and press Return. The Secure Authentication Monitor screen appears. Wait for the call to initiate. Profile Name---State---%Use---Remote Address---Est.---More Info--- Status --- Passcode Required For Connection Profile: 0-Challenge: Enter PASSCODE: Passcode: From the ﬁelds that appear, select Enter PASSCODE and press Return. Enter your PIN and the code displayed on your security authentication token card LED.
Page 244 14-40 User’s Reference Guide Note: When using CACHE-TOKEN, your passcode is valid for a time interval determined by the network administrator. When this time interval expires, you must provide a new passcode for the call negotiation. When using PAP-TOKEN, your passcode is valid for one call negotiation. For a second call negotiation, you must enter the next passcode provided by the security authentication token card every 60 seconds.
Page 245: Chapter 15 — Utilities And Diagnostics
C C C C h h h h a a a a p p p p t t t t e e e e r r r r 1 1 1 1 5 5 5 5 U U U U t t t t i i i i l l l l i i i i t t t t i i i i e e e e s s s s a a a a n n n n d d d d D D D D i i i i a a a a g g g g n n n n o o o o s s s s t t t t i i i i c c c c s s s s A number of utilities and tests are available for system diagnostic and control purposes: “Ping”...
Page 246: Ping
(Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender. Ping allows you to see whether a particular IP destination is reachable from the Netopia R2020. You can also ascertain the quality and reliability of the connection to the desired destination by studying the Ping test’s statistics.
Page 247 Ping packets. Note that the second return Ping packet is considered to be late because it is not received by the Netopia R2020 before the third Ping packet is sent. The ﬁrst and third return Ping packets are on time.
Page 248 The time-to-live (TTL) value for each Ping packet sent by the Netopia R2020 is 255, the maximum allowed. The TTL value deﬁnes the number of IP routers that the packet can traverse. Ping packets that reach their TTL value are dropped, and a “destination unreachable”...
Page 249: Trace Route
Trace Route You can count the number of routers between your Netopia Router and a given destination with the Trace Route utility. Select Trace Route in the Statistics & Diagnostics screen and press Return to go to the Trace Route screen.
Page 250: Telnet Client
15-6 User’s Reference Guide Telnet client The Telnet client mode replaces the normal menu mode. Telnet sessions can be cascaded, that is, you can initiate a Telnet client session when using a Telnet console session. To activate the Telnet client, select Telnet from the Utilities &...
Page 251: Disconnect Telnet Console Session
If you select Continue, you will immediately terminate your session. Factory defaults You can reset the Netopia R2020 to its factory default settings. Select the Revert to Factory Defaults item in the Statistics & Diagnostics screen and press Return. Select CONTINUE in the dialog box and press Return.
Page 252: Updating Firmware
ﬁrmware governs how the modems communicate with the remote site. Modem ﬁrmware, for example to support the ITU V.90 standard, is included on your Netopia CD for XMODEM transfer and later updates will be available on the Netopia website. Router ﬁrmware updates are also periodically posted on the Netopia website.
Page 253: Downloading Conﬁguration Files
Some models do not support all ﬁrmware versions. Loading an incorrect ﬁrmware version can permanently damage the unit. Do not manually power down or reset the Netopia R2020 while it is automatically resetting or it could be damaged. If you choose to download the ﬁrmware, the TFTP Transfer State item will change from Idle to Reading Firmware.
Page 254: Uploading Conﬁguration Files
Using TFTP, you can send a ﬁle containing a snapshot of the Router’s current conﬁguration to a TFTP server. The ﬁle can then be downloaded by a different Netopia R2020 unit to conﬁgure its parameters (see conﬁguration ﬁles” on page 15-9).
Page 255: Updating Firmware
Send Firmware to Netopia Internal modem... Modem Firmware Status: Updating ﬁrmware Firmware updates may be available periodically from Netopia or from a site maintained by your organization’s network administration. The procedure below applies whether you are using the console or the built-in modems.
Page 256: Downloading Conﬁguration Files
The system will reset at the end of a successful ﬁle transfer to put the new ﬁrmware into effect. While the system resets, the LEDs will blink on and off. Caution! Do not manually power down or reset the Netopia R2020 while it is automatically resetting or it could be damaged. Downloading conﬁguration ﬁles The Netopia R2020 can be conﬁgured by downloading a conﬁguration ﬁle.
Page 257: Restarting The System
You can restart the system by selecting the Restart System item in the Utilities & Diagnostics screen. You must restart the system whenever you reconﬁgure the Netopia R2020 and want the new parameter values to take effect. Under certain circumstances, restarting the system may also clear up system or network malfunctions.
Page 258 15-14 User’s Reference Guide...
Page 259 P P P P a a a a r r r r t t t t I I I I I I I I I I I I : : : : A A A A p p p p p p p p e e e e n n n n d d d d i i i i x x x x e e e e s s s s...
Page 260 User’s Reference Guide...
Page 261: Appendix A - Troubleshooting
Note: If you are attempting to modify the IP address or subnet mask from a previous, successful conﬁguration attempt, you will need to clear the IP address or reset your Netopia R2020 to the factory default before reinitiating the conﬁguration process. For further information on resetting your Netopia R2020 to factory default, see “Factory defaults”...
Page 262: Smartstart Troubleshooting
Problems communicating with remote IP hosts Verify the accuracy of the default gateway’s IP address (entered in the IP Setup or Easy Setup screen). Use the Netopia R2020’s ping utility, in the Statistics, Tests, Utilities screen, and try to ping local and remote hosts. See “Ping”...
Page 263: Power Outages
Power outages If you suspect that power was restored after a power outage, and the Netopia R2020 is connected to a remote site, you may need to switch the Netopia R2020 off and then back on again. After temporary power outages, a connection that still seems to be up may actually be disconnected.
Page 264 Netopia World Wide Web server via http://www.netopia.com Internet via anonymous FTP to ftp.netopia.com/pub FAX-Back This service provides technical notes which answer the most commonly asked questions, and offer solutions for many common problems encountered with Netopia products. FAX-Back: +1 510-814-5040...
Page 265: Appendix B - Setting Up Internet Services
During the setup session, the SmartStart setup application will provide you with a list of service providers who support the Netopia R2020 with Dual Analog. You can register with one of these ISPs as part of setting up your router.
Page 266: Unique Requirements
Setting up a Netopia R2020 account Check whether your ISP has the Netopia R2020 on a list of supported products that have been tested with a particular conﬁguration. If the ISP does not have the Netopia R2020 on such a list, describe the Netopia R2020 in as much detail as needed, so your ISP account can be optimized.
Page 267: Smartip
The Netopia R2020 with Dual Analog supports the SmartIP™ feature which includes Network Address Translation. Network Address Translation provides Internet access to the network connected to the Netopia R2020 using only a single IP address. These routers translate between the internal or local area network (LAN) addresses and a single external IP address and route accordingly.
Page 268 The Ethernet IP address for your Netopia R2020 The Ethernet IP subnet mask address for your Netopia R2020 The Default Gateway IP Address (same as Remote IP Address in most cases) Primary and Secondary Domain Name Server IP Addresses Domain Name (usually the same as the ISP’s domain name unless you have registered for your own...
Page 269: Appendix C - Understanding Ip Addressing
U U U U n n n n d d d d e e e e r r r r s s s s t t t t a a a a n n n n d d d d i i i i n n n n g g g g I I I I P P P P A A A A d d d d d d d d r r r r e e e e s s s s s s s s i i i i n n n n g g g g This appendix is a brief general introduction to IP addressing. A basic understanding of IP will help you in conﬁguring the Netopia R2020 and using some of its powerful features, such as static routes and packet ﬁltering.
Page 270: Subnets And Subnet Masks
C-2 User’s Reference Guide IP addresses indicate both the identity of the network and the identity of the individual host on the network. The number of bits used for the network number and the number of bits used for the host number can vary, as long as certain rules are followed.
Page 271: Example: Using Subnets On A Class C Ip Internet
When setting up IP routing with a Class A Address, or even multiple Class C Addresses, subnetting is fairly straightforward. Subnetting a single Class C address between two networks, however, is more complex. This section describes the general procedures for subnetting a single Class C network between two Netopia routers so that each can have Internet access.
Page 272 Below is a diagram of a simple network conﬁguration. The ISP is providing a Class C address to the customer site, and both networks A and B want to gain Internet access through this address. Netopia R2020 B connects to Netopia R2020 A and is provided Internet access through Routers A and B.
Page 273: Example: Working With A Class C Subnet
ISP's equipment. The most important item in this conﬁguration is the Static Route deﬁned on Router B. This tells Router B what path to take to get to the network deﬁned by Netopia R2020 B. Without this information, Customer Site B will be able to access Customer Site A, but not the Internet.
Page 274: Technical Note On Subnet Masking
These two methods are not mutually exclusive; you can manually issue some of the addresses while the rest are distributed by the Netopia R2020. Using the Router in this way allows it to function as an address server. One reason to use the Netopia R2020 as an address server is that it takes less time than manually distributing the addresses.
Page 275: Conﬁguration
DHCP address lease for one hour. The number of devices a Netopia R2020 can serve DHCP to is 512. This is imposed by global limits on the size of the address serving database, which is shared by all address serving functions active in the router.
Page 276: Manually Distributing Ip Addresses
Clients (IPCP), is used to fulﬁll WAN client requirements The Netopia R2020 can use both DHCP and MacIP. Whether you use one or both will depend on your particular networking environment. If that environment includes both PCs and Macintosh computers that do not use Open Transport, you will need to use both DHCP and MacIP to distribute IP addresses to all of your computers.
Page 277: Tips And Rules For Distributing Ip Addresses
In any situation where a device is dialing into a Netopia router, the router may need to be conﬁgured to serve IP via the WAN interface. This is only a requirement if the calling device has not been conﬁgured locally to know what its address(es) are.
Page 278 (199.1.1.49, 199.1.1.50, and 199.1.1.51). Distributed to the (Ethernet IP address) Pool of Addresses Distributed Netopia R2020 Manually distributed (static) by MacIP and DHCP...
Page 279: Nested Ip Subnets
The ﬁgure at left shows a possible network conﬁguration following this scheme. The main network is set up with the Class C address a.b.c.0, and contains Router A (which could be a Netopia R2020), a Netopia R2020, and a number of other hosts. Router A maintains a link to the Internet, and may be used as the default gateway.
Page 280 Router C a.b.c.248 The Netopia R2020’s connection proﬁles for Routers B and C create entries in its IP routing table. One entry points to the subnet a.b.c.128, while a second entry points to the subnet a.b.c.248. The IP routing table might...
Page 281: Broadcasts
These two protocols specify two different ways to organize the very ﬁrst signals in the sequence of electrical signals that make up an IP packet travelling over Ethernet. By default, the Netopia R2020 uses Ethernet packet headers for IP trafﬁc. If your network requires 802.3 IP framing, you must conﬁgure this through SNMP.
Page 282 C-14 User’s Reference Guide...
Page 283: Appendix D - Binary Conversion Table
A A A A p p p p p p p p e e e e n n n n d d d d i i i i x x x x D D D D B B B B i i i i n n n n a a a a r r r r y y y y C C C C o o o o n n n n v v v v e e e e r r r r s s s s i i i i o o o o n n n n T T T T a a a a b b b b l l l l e e e e This table is provided to help you choose subnet numbers and host numbers for IP and MacIP networks that use subnetting for IP addresses.
Page 284 D-2 User’s Reference Guide Decimal Binary 10000000 10000001 10000010 10000011 10000100 10000101 10000110 10000111 10001000 10001001 10001010 10001011 10001100 10001101 10001110 10001111 10010000 10010001 10010010 10010011 10010100 10010101 10010110 10010111 10011000 10011001 10011010 10011011 10011100 10011101 10011110 10011111 Decimal Binary Decimal 10100000 10100001...
Page 285: Appendix E - Further Reading
Further Reading E-1 A A A A p p p p p p p p e e e e n n n n d d d d i i i i x x x x E E E E F F F F u u u u r r r r t t t t h h h h e e e e r r r r R R R R e e e e a a a a d d d d i i i i n n n n g g g g Angell, David.
Page 286 E-2 User’s Reference Guide Hares, S. "Components of OSI: Inter-Domain Routing Protocol (IDRP)." ConneXions: The Interoperability Report, Vol. 6, No. 5: May 1992. Jones, N.E.H. and D. Kosiur. Macworld Networking Handbook . San Mateo, California: IDG Books Worldwide, Inc.; 1992. Joyce, S.T.
Page 287 Further Reading E-3 Rose, M.T. The Open Book: A Practical Perspective on OSI . Englewood Cliffs, New Jersey: Prentice Hall; 1990. Rose, M.T. The Simple Book: An Introduction to Management of TCP/IP-based Internets . Englewood Cliffs, New Jersey: Prentice Hall; 1991. Ross, F.E.
Page 288 E-4 User’s Reference Guide...
Page 289: Appendix F - Technical Speciﬁcations And Safety Information
A A A A p p p p p p p p e e e e n n n n d d d d i i i i x x x x F F F F T T T T e e e e c c c c h h h h n n n n i i i i c c c c a a a a l l l l S S S S p p p p e e e e c c c c i i i i f f f f i i i i c c c c a a a a t t t t i i i i o o o o n n n n s s s s a a a a n n n n d d d d S S S S a a a a f f f f e e e e t t t t y y y y I I I I n n n n f f f f o o o o r r r r m m m m a a a a t t t t i i i i o o o o n n n n Pinouts for Auxiliary Port Modem Cable Shield HD-15...
Page 290: Description
9.4” (w) x 7.9” (d) x 2.1” (h) Communications interfaces: The Netopia R2020 Dual Analog Router has two RJ-45 jacks for modem connections; an 8 port 10Base-T Ethernet hub for your LAN connection; a DE-9 Console port; and an HD-15 Auxiliary port that can be used as either a serial or LocalTalk port.
Page 291: Software And Protocols
Diagnostics: PING, event logging, routing table displays, traceroute, statistics counters, Call Accounting Agency approvals The Netopia R2020 Dual Analog Router has met the safety standards (per CSA-950) of the Canadian Standards Association for Canada. The Netopia R2020 Dual Analog Router has met the safety standards (per UL-1950) of the Underwriters Laboratories for United States.
Page 292 It is the responsibility of users requiring service to report the need for service to our Company or to one of our authorized agents. Service can be obtained at Netopia, Inc., 2470 Mariner Square Loop, Alameda, California, 94501. Important This product was tested for FCC compliance under conditions that included the use of shielded cables and connectors between system components.
Page 293: Important Safety Instructions
Do not use the telephone to report a gas leak in the vicinity of the leak. Battery The Netopia R2020’s lithium battery is designed to last for the life of the product. The battery is not user-ser- viceable. Caution! Danger of explosion if battery is incorrectly replaced.
Page 294 F-6 User’s Reference Guide...
Page 295: Appendix G - About 56K Line Access
A A A A b b b b o o o o u u u u t t t t 5 5 5 5 6 6 6 6 K K K K L L L L i i i i n n n n e e e e A A A A c c c c c c c c e e e e s s s s s s s s The Netopia R2020 is capable of 56Kbps per line connections. This means that if you use both onboard modems, you can achieve inbound data transfer rates of up to 112Kbps.
Page 296 Internet Service Provider, but simply a fact of life in trying to extend the limitations of noisy analog telephone lines. The Netopia R2020 ships with the uniﬁed ITU V.90 standard ﬁrmware, also known as V.PCM, which merges the K56ﬂex standard with the competing x2 standard. Modem ﬁrmware updates that may from time to time become available will be made available on the Netopia website.
Page 297: Glossary 1
Glossary 1 G G G G l l l l o o o o s s s s s s s s a a a a r r r r y y y y Access Line: A telephone line reaching from the telephone company central ofﬁce to a point usually on your premises.
Page 298 CNA (Calling Number Authentication): A security feature that will reject an incoming call if it does not match the Calling Number ﬁeld in one of the Netopia ISDN Router’s Connection Proﬁles. CND (Calling Number Delivery): Also known as caller ID, a feature that allows the Called Customer Premises Equipment (CPE) to receive a calling party’s directory number during the call establishment phase.
Page 299 LocalTalk networks are compatible with Phase II but are not extended because a single LocalTalk network cannot have multiple network numbers or multiple zone names. ﬁrmware: System software stored in a device’s memory that controls the device. The Netopia ISDN Router’s ﬁrmware can be updated.
Page 300 4 User’s Reference Guide internet: A set of networks connected together by routers. This is a general term, not to be confused with the large, multi-organizational collection of IP networks known as the Internet. An internet is sometimes also known as an internetwork.
Page 301 Glossary 5 NAT (Network Address Translation): A feature that allows communication between the LAN connected to the Netopia ISDN Router and the Internet using a single IP address, instead of having a separate IP address for each computer on the network.
Page 302 A physical or logical connection between a router and a network. Where a network only allows the use of one protocol, each physical connection corresponds to one logical router port. An example is the Netopia ISDN Router’s LocalTalk port. Where a network allows the use of several protocols, each physical connection may correspond to several logical router ports—one for each protocol used.
Page 303 WANs can span a state, a country, or even the world. WAN IP: In addition to being a router, the Netopia ISDN Router is also an IP address server. There are four protocols it can use to distribute IP addresses over the WAN which include: DHCP, BOOTP, IPCP and MacIP. WAN IP is a feature for both the Small Ofﬁce and Corporate Netopia ISDN Router models.
Page 304 8 User’s Reference Guide...
Page 305: Index
I I I I n n n n d d d d e e e e x x x x Numerics 10Base-T 4-3 10Base-T, connecting 4-3 56k, about G-1 accounting conﬁguration 8-23 add static route 10-33 adding a ﬁlter set 14-13 advanced conﬁguration features 7-8 answer proﬁle...
Page 306 conﬁguring proﬁles for incoming calls. 8-6 conﬁguring terminal emulation software 5-3 conﬁguring the console 7-11 connecting to an Ethernet network 4-3 connecting to the conﬁguration screens 7-7 connection metering 8-12 connection proﬁles deﬁned 6-3 scheduling 8-1 console conﬁguring 7-11 screens, connecting to 7-7 console conﬁguration 7-12 console connection problems A-2 console-based management...
Page 307 output 14-14 parts of 14-7 priority 14-5 using 14-12 viewing 14-16 ﬁnding an ISP B-1 ﬁrewall 14-17 ﬁrmware ﬁles updating with TFTP 15-8 updating with XMODEM 15-11 FTP sessions 14-20 further reading E-1 General Statistics 13-4 Glossary GL-1 hard seeding 12-3 hops 13-10 how to reach us A-3 input ﬁlter 3 14-18...
Page 308 7-8 Easy Setup 5-4 NCSA Telnet 5-3 nested IP subnets C-11 NetBIOS 10-37 11-3 NetBIOS scope 10-38 Netopia answering calls 8-4 connecting to Ethernet, rules 4-3 connecting to LocalTalk 4-5 connection proﬁle 6-3 distributing IP addresses 10-35 IP setup 6-4 IPX setup 6-4 LocalTalk conﬁguration 12-7...
Page 309 14-19 trusted subnet 14-19 tunnel options ATMP 9-16 PPTP 9-4 tunneling 9-1 12-3 updating ﬁrmware with TFTP 15-8 with XMODEM 15-11 updating Netopia’s ﬁrmware 15-8 uploading a conﬁguration ﬁle 15-10 uploading conﬁguration ﬁles with TFTP 15-10 with XMODEM 15-12 Index-5...
Page 310 user accounts 14-2 using ﬁlters 14-12 utilities and tests 15-1 viewing and modifying packet ﬁlters 14-23 viewing and modifying SAP ﬁlter sets 14-28 viewing IP trap receivers 13-15 viewing scheduled connections 8-8 Virtual Private Networks (VPN) 9-1 VPN 9-1 allowing through a ﬁrewall 9-19 ATMP tunnel options 9-16 default answer proﬁle 9-8 encryption support 9-7...
Page 311: Limited Warranty And Limitation Of Remedies
L L L L i i i i m m m m i i i i t t t t e e e e d d d d W W W W a a a a r r r r r r r r a a a a n n n n t t t t y y y y a a a a n n n n d d d d L L L L i i i i m m m m i i i i t t t t a a a a t t t t i i i i o o o o n n n n o o o o f f f f R R R R e e e e m m m m e e e e d d d d i i i i e e e e s s s s Netopia warrants to you, the end user, that the Netopia R2020 Dual Analog Router (the “Product”) will be free from defects in materials and workmanship under normal use for a period of one (1) year from date of purchase.
Page 312 User’s Reference Guide...

Netopia R2020 User Reference Manual

Chapter 1 - Introduction

Chapter 2 - Making the Physical Connections

Chapter 3 - Setting up Your Router with the Smartstart Wizard

Chapter 4 — Connecting Your Local Area Network

Chapter 5 - Console-Based Management

Chapter 6 - Easy Setup

Chapter 7 — WAN and System Conﬁguration

Chapter 8 - Managing Data Calls

Chapter 9 - Virtual Private Networks

Chapter 10 - Multiple Network Address Translation and IP Setup

Chapter 11 - IPX Setup

Chapter 12 - Appletalk Setup

Chapter 13 — Monitoring Tools

Chapter 14 - Security

Chapter 15 — Utilities and Diagnostics

Appendix A - Troubleshooting

Appendix B - Setting up Internet Services

Appendix C - Understanding IP Addressing

Appendix D - Binary Conversion Table

Appendix E - Further Reading

Appendix F - Technical Specifications and Safety Information

Appendix F - Technical Speciﬁcations and Safety Information

Appendix G - about 56K Line Access

Quick Links

Troubleshooting

Related Manuals for Netopia R2020

Summary of Contents for Netopia R2020