Netopia Router PN Series Reference Manual

Netopia pn series router reference guide

Table of Contents

Quick Links

Download this manual

Netopia Router

Reference Guide

Table of Contents

Troubleshooting

Need help?

Do you have a question about the Router PN Series and is the answer not in the manual?

Questions and answers

Summary of Contents for Netopia Router PN Series

Page 1 Netopia Router Reference Guide...
Page 2 Copyright Copyright © 1998 Netopia, Inc. v.298 All rights reserved. This manual and any associated artwork, software and product designs are copyrighted with all rights reserved. Under the copyright laws such materials may not be copied, in whole or part, without the prior written consent of Farallon Communications. Under the law, copying includes translation to another language or format.
Page 3: Table Of Contents
Contents Chapter 1 — Introduction ... 1-1 How to use this guide ... 1-2 Netopia models... 1-3 Connecting to the Advanced Conﬁguration screens... 1-4 Connecting a modem to the SmartPort ... 1-4 Navigating through the Advanced Conﬁguration screens ... 1-6 Keyboard navigation ...
Page 4 Reference Guide Readying computers on your local network... 3-2 Connecting to a LocalTalk network— for 400 series models... 3-3 Connecting to an Ethernet network... 3-4 EtherWave ... 3-5 10Base-T... 3-7 Thick and Thin Ethernet ... 3-8 Chapter 4 — IP Setup ... 4-1 Key Features of IP Network Address Translation ...
Page 5 Chapter 8 — Token Security Authentication ... 8-1 Securing network environments ... 8-1 Using the SecurID token card ... 8-2 Personal identiﬁcation number (PIN) ... 8-2 Key Security Authentication Features of the Netopia Router ... 8-2 Security authentication components... 8-3 Conﬁguring the Netopia Router for security authentication ...
Page 6 Chapter 10 — Utilities and Tests ... 10-1 Setting the system date and time ... 10-2 Ping ... 10-3 Tracing a route ... 10-7 Upgrading the Netopia Router ... 10-8 Restarting the system... 10-8 Factory defaults... 10-9 The ISDN loopback test... 10-9 Console conﬁguration...
Page 7 Uploading conﬁguration ﬁles ... 10-16 Transferring conﬁguration and ﬁrmware ﬁles with TFTP ... 10-17 Updating ﬁrmware ... 10-18 Downloading conﬁguration ﬁles ... 10-19 Uploading conﬁguration ﬁles ... 10-20 Appendix A — Troubleshooting ... A-1 Power outages ... A-1 Conﬁguration problems... A-1 Console connection problems ...
Page 8 viii Reference Guide About SPIDs ... C-2 Example SPIDs ... C-3 Second directory number ... C-3 Switch-speciﬁc uses ... D-3 Backup number... D-4 Dynamic B-channel usage... D-4 Other incoming call restrictions ... D-5 Appendix D — ISDN, DDS/ADN, and T1 Events... D-1 Leased line events...
Page 9: Chapter 1 - Introduction
This Reference Guide should be used as a companion to the Easy Setup conﬁguration instructions in the Netopia Router Getting Started guide. You should read the Getting Started guide before reading this Reference Guide .
Page 10: How To Use This Guide
How to use this guide 400 Netopia series models only This guide is organized into chapters describing each of the Netopia Router’s advanced features. You may want to read each chapter’s introductory section to familiarize yourself with the various features available.
Page 11: Netopia Models
This Reference Guide covers all of the Netopia Router models. However some information in this guide will only apply to a speciﬁc model. See the Netopia Router’s Release Notes for more information, or call Farallon Customer Service. Screen differences Because different Netopia Router models offer different features and interfaces, the options shown on some screens in this Reference Guide may not appear on your own particular Netopia Router’s...
Page 12: Connecting To The Advanced Conﬁguration Screens
Connecting a modem to the SmartPort The Netopia Router has a SmartPort (also known as a PC Card port or a PCMCIA card port) for attaching a PC Card Type II modem. The port has two Type II slots and is located on the router’s left side behind a pull-down cover.
Page 13 SmartPort PC Card (PCMCIA) To attach the modem to the Netopia Router, pull down the rubber door that covers its SmartPort slots and insert the modem. You can use either slot. Inserting a PC Card (PCMCIA) modem into the exposed SmartPort slot.
Page 14: Navigating Through The Advanced Conﬁguration Screens
Reference Guide Navigating through the Advanced Conﬁguration screens Advanced Main Menu Conﬁg. To help you ﬁnd your way to particular screens, some sections in this guide begin with a graphical path guide similar to the following example: Setup This particular path guide shows how to get to the WAN Setup screens.
Page 15: Keyboard Navigation
Keyboard navigation Use your keyboard to navigate the Netopia Router’s conﬁguration screens, enter and edit information, and make choices. The following table lists the navigation keys. To... Move through selectable items in a screen or pop-up menu Execute action of a selected item or...
Page 16 Reference Guide...
Page 17: Chapter 2 - Conﬁguring Isdn And Leased Line Connections
Chapter 2 Conﬁguring ISDN and Leased Line Connections This chapter shows you how to conﬁgure the Netopia Router to make and receive network connections over an ISDN or leased line and how to control those connections. Topics include: “ISDN WAN Setup” on page 2-2 your ISDN Netopia Router for outgoing calls.
Page 18: Isdn Wan Setup
Reference Guide ISDN WAN Setup Advanced Main Menu Conﬁguration Setup The ISDN WAN Setup screen has three subscreens, each involving a different aspect of using the ISDN line to control connections to remote IP or IPX networks. Note: If you have completed Easy Setup (see the Getting Started Guide ), the information you have already entered will appear in some of the Advanced Conﬁguration screens.
Page 19 Note: If your ISDN Line Conﬁguration screen contains items that are not discussed in this section, such as SPIDs, see “ISDN Conﬁguration Guide.” The ISDN Line Conﬁguration screen consists of up to three pop-up menus and up to four editable ﬁelds. North America ISDN models only Return/Enter goes to new screen.
Page 20 Reference Guide Outside North America models only North America models only North America models only ISDN Line Configuration Circuit Type... B-Channel Usage... Data Link Encapsulation... Enter information supplied to you by your ISDN phone company. From the pop-up menu, select the appropriate B-channel, such as B1, B2, or Both.
Page 21: Leased Line Wan Setup
Since an IDSL line is already physically hooked up in a pt-to-pt conﬁguration, a speciﬁc directory number is not necessary. However, the Netopia Router does require a directory number in this ﬁeld to allow a connection to dial out. If you have a second directory number, select Directory Number 2 and enter the secondary directory number as you would dial it, including any required preﬁxes (such as area,...
Page 22: Leased Line Conﬁguration
From here you will configure yours and the remote sites' WAN information. Note: For all leased line Netopia Router models using PPP or Cisco- HDLC datalink encapsulation, the Frame Relay Conﬁguration and Frame Relay DLCI Conﬁguration options will be hidden.
Page 23 Auto. (The data rates to choose from range from 56 kbps to the highest synchronized line speed.) The Auto setting allows your Netopia Router to determine the data rate of your serial line at the time of circuit activation. Press Return.
Page 24 Reference Guide Permanent circuit only Switched circuit only Equipment) because their transmit data can become altered in relation to the clock sourced by the DCE (Data Communications Equipment). A DTE (Data Terminal Equipment) is a term used to deﬁne the equipment rate.
Page 25 The T1 Line Conﬁguration screen is where you enter the conﬁguration parameters for your leased line, in order for the Netopia Router to communicate with the physical connection. Use the information in the Leased Line worksheet in the Getting Started Guide as a reference when specifying your T1 conﬁguration...
Page 26 Messages (PRMs) that may be transmitted each second from a T1 Integrated CSU to the telephone service provider’s network. By default, the Netopia Router does not send PRMs. However, you can enable these transmissions by toggling Transmit ANSI PRMs to Yes.
Page 27 Conﬁguring ISDN and Leased Line Connections Note: Each DS0 channel represents a 56k or 64k increment in bandwidth. Selecting a number less than the maximum of 24 speciﬁes a fractional-T1 interface. For fractional-T1, you may also specify in the check box whether the DS0 channels are contiguous or alternating.
Page 28 The data rate choices are 56 kbps and 64 kbps. The default is Automatic. Press Return. Note: As noted above, DDS Netopia Routers may run 56 kbps or 64 kbps data rates on permanent circuits. You may...
Page 29: Connection Proﬁles For Isdn And Leased Lines
Connection proﬁles for ISDN and Leased lines A connection proﬁle is a set of parameters that tells the Netopia Router how to connect to a remote destination. Connection proﬁles are also used to make out-bound calls and optionally to help answer calls.
Page 30 Note: The Establish WAN Connection and Disconnect WAN Connection ﬁelds in the Connection Proﬁles screen will only appear for a Netopia Router model with switched circuit selected. This ﬁeld will remain hidden when permanent circuit is selected. Displaying connection proﬁles To display a view-only table of connection proﬁles, select...
Page 31 Conﬁguring ISDN and Leased Line Connections Connection Profiles +-Profile Name---------------------IP Address----IPX Network-+ +------------------------------------------------------------+ | Easy Setup Profile | Panost Inc. | XYZ Corporation +------------------------------------------------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. Changing a Connection Proﬁle To modify a connection proﬁle, select Display/Change Connection Proﬁle in the Connection Proﬁles screen to display a table of connection proﬁles.
Page 32 2-16 Reference Guide Deleting a Connection Proﬁle To delete a connection proﬁle, select Delete Connection Proﬁle in the Connection Proﬁles screen and press Return to display a table of connection proﬁles. +-Profile Name---------------------IP Address----IPX Network-+ +------------------------------------------------------------+ | Gunther Hydroelectric +------------------------------------------------------------+ +------------------------------------------------------------+ | Are you sure you want to delete this Connection Profile? CANCEL...
Page 33 Conﬁguring ISDN and Leased Line Connections Add Connection Profile Profile Name: Profile Enabled: IP Enabled: IP Profile Parameters... IPX Enabled: IPX Profile Parameters.. Data Link Encapsulation... Data Link Options... Interface Group... Telco Options... ADD PROFILE NOW Configure a new Conn. Profile. Finished? Select Proﬁle Name and enter a name for this connection proﬁle.
Page 34 Enabled to Yes if you choose to use Network Address Translation. Network Address Translation allows communication between the LAN connected to the Netopia Router and the Internet using a single IP address, instead of a routed account with separate IP addresses for each computer on the network. Network...
Page 35 Note: When using Cisco-HDLC datalink encapsulation and Network Address Translation, you must use a static address. When using numbered interfaces, the Netopia Router will use its local WAN IP address and subnet mask to send packets to the remote router. Both routers have WAN IP addresses and subnet masks associated with the connection.
Page 36 ﬁlter set. You can either select Continue or Cancel. Select Receive RIP and toggle it to Yes if you want the Netopia Router to receive RIP information sent by remote routers that are connected to your local area network (LAN).
Page 37 IPX network being called. Do not use an address already in use by another connection proﬁle . If this value is set to zero and the Netopia Router is answering a call, the remote address will be learned when the proﬁle is active.
Page 38 2-22 Reference Guide To change the default Path Delay, select and enter a value (in ticks). To enable NetBIOS Packet Forwarding, toggle the selection to Yes. Select Incoming Packet Filter Set to attach a ﬁlter set for ﬁltering incoming packets. Choose a ﬁlter set from the list and press Return.
Page 39 From the pop-up menu highlight PAP, CHAP, PAP-TOKEN, CACHE-TOKEN, or None (if the remote network does not use PAP or CHAP). On the Netopia Router the default Conﬁguring ISDN and Leased Line Connections PPP/MP Options Data Compression...
Page 40 CHAP. “Default proﬁle” on page If you choose to use PAP-TOKEN, select Send User Name and enter a name for your Netopia Router. You will not need to enter a Send Password for PAP-TOKEN. “Default proﬁle” on...
Page 41 2 B, Pre-emptable. Conﬁguring ISDN and Leased Line Connections If you choose to use CACHE-TOKEN, select Send User Name and enter a name for your Netopia Router. Then, select Send Password and enter a secret name or number. PPP/MP Options Data Compression...
Page 42 B-channel may be blocked from use if the answering side drops that B-channel before you begin sending data over it. The Netopia Router will try four times to bring up the second B-Channel; if all attempts fail and you wish to retry, end the call and reinitiate it.
Page 43 Conﬁguring ISDN and Leased Line Connections telephone number for a multilink call. In addition, the Netopia Router can bring WAN links up and down with a remote router. Note: There are two speciﬁcations for BAP protocol. The ﬁrst speciﬁcation was proposed before January 1997 and the latter...
Page 44 2-28 Reference Guide T1 and DDS models only Models with Switched circuits only ISDN Switched circuit models only 10. The Interface Group ﬁeld reﬂects the active port selection: the internal CSU for T1 or DDS, or SA port for SA, if backup is enabled.
Page 45 See “Establishing a WAN Connection” on page 2-30 for more information. Select Idle Timeout (seconds) and enter the time limit desired before the Netopia Router drops a call if there is no activity on the line. The default timeout setting is 300 seconds (5 minutes.)
Page 46 The CNA Validation Number is the telephone number that your Netopia Router will match to incoming calls. Question marks “?” can be used in place of numbers as wild card characters to ensure that matches are made on different directory numbers.
Page 47: Frame Relay Conﬁguration
Frame Relay conﬁguration If you chose Frame Relay as your datalink encapsulation type you will now need to conﬁgure your Netopia Router to support Frame Relay. From the WAN Setup screen, select the Frame Relay Conﬁguration option and press Return.
Page 48 2-32 Reference Guide Frame Relay Configuration LMI Type... T391 (Polling Interval in secs): N391 (Polls/Full Status Cycles): N392 (Error Threshold): N393 (Monitored Event Window): Tx Injection Management... Default CIR: Default Bc: Default Be: Congestion Management Enabled: Maximum Tx Frame Size: Enter Information supplied to you by your telephone company.
Page 49 N393 sliding window. If an N392 thresh- old is exceeded, the switch declares the Netopia Router inac- tive. The default setting is 3. The N393 option allows the user to specify the width of the sliding N392 monitored event window.
Page 50: Frame Relay Dlci Conﬁguration
Press Return. If Congestion Management is enabled, this option causes the Netopia Router to use in-bound FECNs (Forward Explicit Congestion Notiﬁcation). This feature is designed to notify you that congestion avoidance procedures should be initiated where applicable for trafﬁc in the same direction as the received frame.
Page 51 Conﬁguring ISDN and Leased Line Connections A Frame Relay DLCI is a set of parameters that tells the Netopia Router how to initially connect to a remote destination. The Netopia Router leased line models support up to 16 different Frame Relay DLCI conﬁguration proﬁles.
Page 52 2-36 Reference Guide Changing a Frame Relay DLCI conﬁguration To modify a Frame Relay DLCI conﬁguration, select Display/Change DLCIs in the Frame Relay DLCI Conﬁguration screen. Select a DLCI Name from the table and press Return to go to the Change DLCI screen.
Page 53 Conﬁguring ISDN and Leased Line Connections A Frame Relay DLCI Conﬁguration table appears with a prompt asking you if you want to delete the connection proﬁle you have just highlighted. Select CONTINUE if you wish to delete this DLCI or CANCEL if you do not. You are now done conﬁguring the Frame Relay DLCI Conﬁguration screen.
Page 54 2-38 Reference Guide Note: The Netopia Router allows Frame Relay DLCIs to be named, so that you can easily reference and differentiate them. This is accomplished by giving a DLCI Name to a DLCI Number. Frame Relay DLCI Configuration +-DLCI Name----------DLCI Number-+ +--------------------------------+ | Panost Inc.
Page 55: Default Proﬁle
Frame Relay DLCI proﬁle you have just created by selecting CANCEL to exit the Add DLCI screen. Netopia can answer calls as well as initiate them over switched circuits. To answer calls, Netopia uses a default proﬁle. The default proﬁle controls how incoming calls are set up, authenticated, ﬁltered,...
Page 56: How The Default Proﬁle Works For A Switched Circuit
To determine how which call parameter values unmatched calls will adopt, customize the default proﬁle parameters in the Default Proﬁle screen. Customizing the default proﬁle You can customize the Netopia Router’s default proﬁle in the Default Proﬁle screen.
Page 57 Required: Authentication is attempted if the calling number is available. If authentication fails, or the calling number is not available, the Netopia Router disconnects the caller. Use this setting if you require all calls to be CNA-authenticated. Calling Number Authentication (CNA), is an application of CallerID.
Page 58 Using CNA can also provide cost savings because calls are not billed during the CNA phase. With CNA, a caller can set up a connection to the Netopia Router without incurring any charges by accessing a dial-back connection proﬁle. If the caller’s rates are higher than those charged to the Netopia Router’s return call,...
Page 59 255.255.255.0. Class C address ranges are generally the most common subnet allocated. If a remote network has a non-standard mask (that is, it uses subnetting), the only way for it to successfully connect to the Netopia Router is by matching a connection proﬁle. In other 2-43...
Page 60 2-44 Reference Guide Non-North America models only ISDN switched circuit models with PPP enabled only Non-Small Ofﬁce models only Non-Small Ofﬁce models only words, you will have to set up a connection proﬁle for that network. You can set the following default parameters for incoming calls: Authentication Force 56K on Answer Data Compression...
Page 61: How The Default Proﬁle Works For A Permanent Circuit
Conﬁguring ISDN and Leased Line Connections 2-45 How the default proﬁle works for a permanent circuit The default proﬁle works like a guard booth at the gate to your network: it scrutinizes WAN connections. Like the guard booth, the default proﬁle allows connections based on a set of criteria that you deﬁne.
Page 62 2-46 Reference Guide Customizing the default proﬁle You can customize the Netopia Router’s default frame relay proﬁle in the Default Frame Proﬁle screen. Line Configuration... Frame Relay Configuration... Frame Relay DLCI Configuration... Connection Profiles... Default Frame Profile... Return/Enter for default WAN connection parameters.
Page 63: Call Acceptance Scenarios
Conﬁguring ISDN and Leased Line Connections If Must Match a Deﬁned Proﬁle is set to No, you can also set the following parameters for accepted calls that do not match a connection proﬁle: Network Address Translation Interface-based Routing or System-based Routing Firewall Filter Set Transmit RIP Receive RIP...
Page 64: Wan Ip Address Serving
Toggle Must Match a Deﬁned Proﬁle to Yes, and set Authentication to None. To not allow any incoming calls to connect to the Netopia Router: Toggle Must Match a Deﬁned Proﬁle to Yes, and Set the Dial option in the Telco Options screen of every con- nection proﬁle to Dial Out Only...
Page 65: Scheduled Connections
WAN IP Address Serving. Scheduled Connections You can set a Netopia Router using a switched circuit to make scheduled connections using designated connection proﬁles. This is useful for creating and controlling regularly scheduled periods when the router can be used by hosts on your network.
Page 66 Whether it’s a recurring Weekly connection or used Once Only Which connection proﬁle (Conn. Prof.) is used to connect Whether the scheduled connection is currently Enabled You should make sure that the Netopia Router’s system date and time are correct (see “Setting the system date and time” on page The router checks the date and time set in scheduled connections against the system date and time.
Page 67 Conﬁguring ISDN and Leased Line Connections Adding a scheduled connection To add a new scheduled connection, select Add Scheduled Connection in the Scheduled Connections screen and go to the Add Scheduled Connection screen. Add Scheduled Connection Scheduled Connection Enable: How Often... Schedule Type...
Page 68 2-52 Reference Guide Demand-Blocked deﬁnes the schedule when demand calls are prevented. If you selected Weekly, select Set Weekly Schedule and go to the Set Weekly Schedule screen. Select the days for the scheduled connection to occur and toggle them to Yes. Set Weekly Schedule Monday: Tuesday:...
Page 69 Conﬁguring ISDN and Leased Line Connections Select AM or PM and choose AM or PM from the pop-up menu. Select Scheduled Window Duration and enter the maximum duration allowed for this scheduled window (not for the call). If you selected Periodic, select Every and choose how often the call should be attempted.
Page 70 2-54 Reference Guide Select AM or PM and choose AM or PM. The AM or PM item appears only if the time is in the 12-hour clock format. Select Scheduled Window Duration and enter the maximum duration allowed for this scheduled window (not for the call). Use the same format restrictions noted above.
Page 71: Csu Backup
CSU Backup Advanced Main Menu Conﬁguration Conﬁguring ISDN and Leased Line Connections Setup When you are using the leased line interfaces T1 and DDS, you can conﬁgure an automatic CSU backup, to switch to the SA port during a leased line failure. CSU Backup Configuration Enable SA Port as CSU Backup Requires Data Link Failure of...
Page 72 2-56 Reference Guide...
Page 73: Chapter 3 - Connecting Your Local Network
Router using Console-based Management or Web-based Management (see the Getting Started Guide ). You can connect the Netopia Router to an IP or IPX network that uses Ethernet. You can connect to the Router’s Ethernet ports with either a PC LAN using IP over Ethernet or Apple Macintosh computers using native IP.
Page 74: Readying Computers On Your Local Network
Internet protocols. TCP/IP stacks must be conﬁgured with some of the same information you used to conﬁgure the Netopia Router. There are a number of TCP/IP stacks available for PC computers. Windows 95 includes a built-in TCP/IP stack.
Page 75: Connecting To A Localtalk Network-For 400 Series Models
Internet or other remote IP networks. Connecting to a LocalTalk network—for 400 series models Connect one end of the LocalTalk cable to the Netopia Router’s PhoneNET port. Connect the other end of the cable to your LocalTalk network.
Page 76: Connecting To An Ethernet Network
EtherWave ports is automatically detected and the connected port is used. You can connect several types of Ethernet networks to the Netopia Router. Most are distinguished by the type of cable they use. The table below displays some important attributes of four types of Ethernet.
Page 77: Etherwave
Printer Adapter Macintosh LaserWriter 10Base-T EtherWave EtherWave AAUI Transceiver Printer Adapter The Netopia Router in the middle of an EtherWave daisy chain that’s part of a Connecting Your Local Network EtherWave Macintosh EtherWave EtherWave NuBus Card ISA Card The Netopia Router in the middle of an EtherWave daisy chain...
Page 78 You may use either or both of the EtherWave ports to connect the Netopia Router, as needed. No termination is necessary, even when the router is at the end of your EtherWave network. EtherWave Netopia EtherWave The Netopia Router at the end of an EtherWave daisy chain...
Page 79: 10Base-T
EtherWave EtherWave ISA Card Printer Adapter 10Base-T You can connect a 10Base-T Ethernet network to the Netopia Router either through one of its EtherWave ports or through its AUI port. EtherWave 10Base-T The Netopia Router in a 10Base-T network To connect your 10Base-T network to the Netopia Router through its EtherWave port, use a 10Base-T cable with RJ-45 connectors.
Page 80: Thick And Thin Ethernet
You can connect a 10Base-5 (Thick Ethernet) or 10Base-2 (Thin Ethernet) network to the Netopia Router’s AUI port. To connect your 10Base-5 network to the Netopia Router’s AUI port, use a standard Ethernet 10Base-5 transceiver and cable. To connect your 10Base-2 network to the Netopia Router’s AUI port, use a standard Ethernet 10Base-2 transceiver and cable.
Page 81: Chapter 4 - Ip Setup
Chapter 4 IP Setup The Netopia Router uses Internet Protocol (IP) to communicate both locally and with remote networks. This chapter shows you how to conﬁgure the Router to effectively route IP trafﬁc. You also learn how to conﬁgure the Router to serve IP addresses to hosts on your local network.
Page 82: Using Nat
Proﬁle Parameters screen, toggle Address Translation Enabled to Yes, to turn on NAT for this proﬁle. When your Netopia Router calls the ISP, the remote router that answers the call assigns your Netopia Router an IP address that external users use to communicate with your network. To view this address, go to the QuickView menu and check More Info in the Current Status section of the proﬁle.
Page 83 In the following example screen, 192.163.100.6 is assigned to the calling Netopia Router. Note: The QuickView screen varies by your Netopia Router model and line type. Ethernet Address - 00-00-c5-ff-60-8d Firmware Version -- IP Address - 163.176.8.128 IPX Network Address - 00000000 Current ISDN Connection Status ---Profile Name-------State--%Use---Remote Address--------Est.----More Info-----...
Page 84: Associating Port Numbers With Nodes
FTP servers use port number 21. Telnet uses port number 23. SNMP uses port number 161. The Netopia Router lets you associate these and other port numbers with nodes on your internal LAN. See on how to accomplish this. page 4-8...
Page 85: Nat Guidelines
NAT guidelines Observe the following guidelines when using Network Address Translation. The router can export just one local IP address per TCP port, so you can have just one machine available for a given service, such as one FTP server. However, some services, such as Web servers (www-http servers), allow you to change the TCP port on both the server and client.
Page 86: Ip Setup
Protocols Setup The IP Setup options screen is where you conﬁgure the Ethernet side of the Netopia Router. The information you enter here controls how the Router routes IP trafﬁc. Consult your network administrator or Internet Service Provider to obtain the IP setup information (such as the Ethernet IP Address,...
Page 87 This can be the address of any major router accessible to the Netopia Router. A default gateway should be able to successfully route packets when the Netopia Router cannot recognize the intended recipient’s IP address. A typical example of a default gateway is the ISP’s router.
Page 88 If a secondary DNS server is available, select Secondary DNS Server and enter its IP address. The secondary DNS server is used by the Netopia Router when the primary DNS server is inaccessible. Entering a secondary DNS is useful but it is not necessary.
Page 89 Select Service. A pop-up menu of services and ports appears. Add Exported Service Service... Local Server's IP Address: ADD EXPORT NOW Select any of the services/ports and press Return to associate it with the address of a server on your local area network. Press the Escape key when you are ﬁnished conﬁguring Exported Services to go back to the IP Setup screen.
Page 90 Receive RIP: Transmit RIP: Static Routes... Set up the basic IP attributes of your Netopia in this screen. Follow these steps to conﬁgure IP Setup for your Corporate Netopia Router: Select Ethernet IP Address and enter the IP address for the Netopia Router’s Ethernet port.
Page 91: Static Routes
Static routes Static routes are IP routes that are maintained manually. Each static route acts as a pointer that tells the Netopia Router how to reach a particular network. However, static routes are used only if they appear in the IP routing table, which contains all of the routes used by the Netopia Router (see “IP routing table”...
Page 92 4-12 Reference Guide Static routes are helpful in situations where a route to a network must be used and other means of ﬁnding the route are unavailable. For example, static routes are useful when you cannot rely on RIP. To go to the Static Routes screen, select the Static Routes item in the IP Setup screen.
Page 93 Next Gateway: The IP address of the router that will be used to reach the destination network. Priority: An indication whether the Netopia Router will use the static route when it conﬂicts with information received from RIP packets. Enabled: An indication whether the static route should be installed in the IP routing table.
Page 94 If the static route conﬂicts with a connection proﬁle, the connection proﬁle will always take precedence. To make sure that the static route is known only to the Netopia Router, select Advertise Route Via RIP and toggle it to No. To allow other RIP-capable routers to know about the static route, select Advertise Route Via RIP and toggle it to Yes.
Page 95 IP routing table if any of the following conditions are true: The static route’s Next Gateway IP Address matches the IP address used by a connection proﬁle or the Netopia Router’s Ethernet port. The static route’s Next Gateway IP Address matches an IP address in the range of IP addresses being distributed by MacIP or DHCP.
Page 96: Ip Address Serving
Address Serving In addition to being a router, the Netopia Router is also an IP address server. There are four protocols it can use to distribute IP addresses. The ﬁrst, called Dynamic Host Conﬁguration Protocol (DHCP),...
Page 97 IP addresses with MacIP. Since no two hosts can use the same IP address at the same time, make sure that the addresses distributed by the Netopia Router, and those that are manually conﬁgured are not the same. Each method of distribution must have its own exclusive range of addresses to draw from.
Page 98 IP addresses that you will be serving addresses from via DHCP, BOOTP and or MacIP. Example: Your ISP has given your Netopia Router the IP address 192.168.6.137, with a subnet mask of 255.255.255.248. The...
Page 99 Netopia Router will send this information to client machines requesting it. (Note that you will need to conﬁgure each client machine for the Netopia Router and clients to communicate with each other). In the Domain Name menu item, type in the domain name that will be used on your network.
Page 100 DNS. If the secondary DNS is available and the IP address is resolved than the Netopia will be able to connect to the ISP or remote network.) You are now ﬁnished setting up DHCP Options. To return to the IP Address Serving screen press the Escape key once.
Page 101 DHCP NetBios Options Serve NetBios Type: NetBios Type... Serve NetBios Scope: NetBios Scope: Serve NetBios Name Server: NetBios Name Server IP Addr: DHCP allows you to allocate IP Addresses dynamically. To serve DHCP clients with the type of NetBIOS used on your network, select Serve NetBIOS Type and toggle it to Yes.
Page 102: Macip (Kip Forwarding) Options
IP network (usually an ethernet), they must use a MacIP (AppleTalk-IP) gateway. Such a service is provided by AppleTalk models of the Netopia Routers. A MacIP gateway converts network trafﬁc into the correct format for AppleTalk or IP, depending on the trafﬁc’s destination.
Page 103 Non-Small Ofﬁce AppleTalk models only This screen tells the Netopia how many static addresses to allocate for MacIP/KIP clients. The addresses must fall within the address pool from the previous screen -- 163.176.56.90 to 163.176.56.94. Reserve static MacIP addresses for KIP Forwarding here.
Page 104 4-24 Reference Guide...
Page 105: Ipx Deﬁnitions
Internetwork Packet Exchange (IPX) is the network protocol used by Novell NetWare networks. This chapter shows you how to conﬁgure the Netopia Router for routing data using IPX. You also learn how to conﬁgure the router to serve IPX network addresses.
Page 106 Reference Guide Internetwork Packet Exchange (IPX) IPX is a datagram, connectionless protocol that Novell adapted from Xerox Network System’s (XNS) Internet Datagram Protocol (IDP). IPX is dynamically routed, and the routing architecture works by “learning” network addressing automatically. IPX address An IPX address consists of a network number, a node number, and a socket number.
Page 107 Routing Information Protocol (RIP) RIP, which was also derived from XNS, is a protocol that allows for the bidirectional transfer of routing tables and provides timing information (ticks), so that the fastest route to a destination can be determined. IPX routers use RIP to create and dynamically maintain databases of internetwork routing information.
Page 108: Chapter 5 - Ipx Setup
Router routes IPX trafﬁc. Consult your network administrator for the IPX setup information you will need before changing any of the settings in this screen. Changes made in this screen will take effect only after the Netopia Router is reset. General...
Page 109: Ipx Setup
Default Gateway Address: Filters and Filter Sets... IPX Wan Pool Base Address Set up the basic IPX attributes of your Netopia in this screen. To enable IPX routing, select IPX Routing, toggle it to Yes, and press Return. To change Ethernet encapsulation from the commonly used 802.3 standard, select Ethernet Encapsulation and choose a...
Page 110 SAP ﬁlter on the Ethernet, you can restrict the number of SAP entries learned on a large IPX network to only those required by remote users connecting to the Netopia Router. An Ethernet SAP ﬁlter must be used with networks that have so many servers advertised that the Netopia Router would otherwise exhaust its internal memory storing server entries.
Page 111: Ipx In The Answer Proﬁle
IPX in the answer proﬁle The answer proﬁle can be conﬁgured to accept calls from remote IPX networks. To conﬁgure the answer proﬁle to accept calls from remote IPX networks, go to the Default Answer Proﬁle screen. Note: The Default Answer Proﬁle screen varies according to conﬁguration.
Page 112: Ipx Filters
Reference Guide IPX ﬁlters Advanced Main Menu Conﬁg. IPX Parameters (Default Answer Profile) NetBios Packet Forwarding: Incoming Packet Filter Set... Outgoing Packet Filter Set... Incoming SAP Filter Set... Outgoing SAP Filter Set... Detach Filter Sets... Periodic RIP Timer: Periodic SAP Timer: Configure IPX values to use when no matching Profile can be found.
Page 113 Setting up and using IPX ﬁlter sets is a four-step process: Create the ﬁlters to use. Create the ﬁlter sets to use. Add ﬁlters to the ﬁlter sets. Attach the ﬁlter sets to the answer proﬁle or to connection proﬁles. You can conﬁgure IPX ﬁlters and set up IPX ﬁlter sets from the IPX Filters and Filter Sets screen.
Page 114: Ipx Packet Filters
5-10 Reference Guide IPX packet ﬁlters For each IPX packet ﬁlter, you can conﬁgure a set of parameters to match on the source or destination attributes of IPX data packets coming from or going to the WAN. Viewing and modifying packet ﬁlters To display a view-only table of IPX packet ﬁlters, select Show/Change IPX Packet Filters in the IPX Filters and Filter Sets screen.
Page 115: Ipx Packet Filter Sets
By default, the ﬁlter’s socket numbers and network and node addresses are null (all zeros). This sets the ﬁlter to match on any IPX data packet. You should conﬁgure the ﬁlter using criteria that meet your security needs. Select Filter Name and enter a descriptive name for the ﬁlter. To specify a source network for the ﬁlter to match on, select Source Network and enter an IPX network address.
Page 116 5-12 Reference Guide Viewing and modifying packet ﬁlter sets To display a table of IPX packet ﬁlter sets, select Show/Change IPX Packet Filter Sets in the IPX Filters and Filter Sets screen. To modify any of the ﬁlter sets in the list, select the desired ﬁlter set and press Return to go to the Change Packet Filter Set screen.
Page 117 Show Filters/Change Actions on Match Filter Name---------------------Forward Filter 1 Filter 2 <<NO MATCH>> Set whether filters forward or drop matching packets here. Select a ﬁlter and toggle the packet forwarding action to Yes (pass) or No (discard). To add a ﬁlter to the ﬁlter set, select Append Filter to display a table of ﬁlters.
Page 118: Ipx Sap Filters
5-14 Reference Guide IPX SAP ﬁlters For each IPX SAP ﬁlter, you can conﬁgure a set of parameters to match on certain attributes of IPX SAP packet entries. The ﬁlters check IPX SAP packets for entries that match and then act on those entries.
Page 119 Add SAP Filter Filter Name: Server Name: Socket: Type: IPX Network: IPX Node Address: ADD FILTER NOW Configure a new IPX SAP Filter. Finished? By default, the ﬁlter’s socket and type numbers and network and node addresses are null (all zeros). This sets the ﬁlter to match on any IPX SAP packet entry.
Page 120: Ipx Sap Filter Sets
5-16 Reference Guide To specify an IPX node address for the ﬁlter to match on, select IPX Node Address and enter an IPX node address. Select ADD FILTER NOW to save the current ﬁlter. Select CANCEL to exit the Add SAP Filter screen without saving the new ﬁlter.
Page 121 Add SAP Filter Set Filter Set Name: Show Filters/Change Action on Match... Append Filter... Detach Filter... ADD FILTER SET NOW Modify an IPX SAP filter here. Changes are immediate. Follow these steps to conﬁgure the new SAP ﬁlter set: Select Filter Set Name and enter a descriptive name for the ﬁlter set.
Page 122 5-18 Reference Guide To add a ﬁlter to the ﬁlter set, select Append Filter to display a table of ﬁlters. Select a ﬁlter from the table and press Return to add it to the ﬁlter set. The default action of newly added ﬁlters is to not forward (discard) packet entries that match their criteria.
Page 123: Ipx Routing Tables
IPX routing tables Main Statistics, Utilities, Tests Menu Routing Tables IPX routing tables provide information on current IPX routes and services. To go to the IPX Routing Table screen, select IPX Routing Table in the Routing Tables screen. This table shows detailed information about current IPX network routes.
Page 124 5-20 Reference Guide...
Page 125: Chapter 6 - Appletalk Setup
This chapter discusses the concept of AppleTalk routing and how to conﬁgure AppleTalk Setup for a Netopia Router with AppleTalk capability. AppleTalk is available on the Netopia Router’s 400 series which includes both the Small Ofﬁce and Corporate models. This chapter will discuss both versions.
Page 126 AppleTalk needs to send a packet from one computer to another. However, networks can be connected together through routers, such as the Netopia Router, into an internetwork (often shortened to internet). Because devices on different networks can have duplicate node numbers, AppleTalk tells them apart according to an additional part of their addresses: the network number.
Page 127: Routing Table
You can use the information in the AppleTalk routing table to observe and diagnose the Netopia Router’s current connections to other AppleTalk routers. To go to the AT Routing Table screen from the Netopia Router’s console, select Statistics, Utilities, Tests from the Main Menu and then select Routing Tables and AppleTalk Routing Table.
Page 128: Macip
MacIP and other IP addressing schemes. AURP AppleTalk Update-Based Routing Protocol (AURP) allows AppleTalk networks to communicate across an IP network. Your local AppleTalk networks (connected to the Netopia Router) can exchange data with remote AppleTalk networks that are also connected to an AURP-capable router.
Page 129: Routers And Seeding
When two networks using AppleTalk communicate with each other through a network based on the Internet Protocol, they are said to be tunneling through the IP network. The Netopia Router uses AURP to allow your AppleTalk network to tunnel to designated AppleTalk partner networks, as well as to accept connections from remote AppleTalk networks tunneling to your AppleTalk LAN.
Page 130 If there is another active router on your network, you could set the Netopia Router to be soft seeding if you are unsure that the second router would always be available to conﬁgure the Netopia Router’s EtherTalk or LocalTalk parameters.
Page 131: Appletalk Setup For Small Ofﬁce Models
AppleTalk Setup for Small Ofﬁce models If you want the Netopia Router and all other routers on your network to use only their own conﬁgurations, set the Netopia Router and all other routers to hard seeding. In this case, any router (including the Netopia Router) that is rebooted will not begin routing if it detects a routing conﬂict between itself and...
Page 132 ‘are you still there’ packet will be sent to the remote AppleTalk network. This parameter can be set between 0 and 100 hours. If this value is set to 0, the Netopia Router will never send out a tickle packet.
Page 133: Appletalk Setup For Corporate Models
Seeding... Up/Down Arrow Keys to select, ESC to dismiss. If you are using EtherTalk Phase II on the Ethernet network connected to Netopia Router, select EtherTalk Phase ll Enabled and toggle it to On. AppleTalk Setup +---------ET II Zone List----------+...
Page 134 EtherTalk network. If another router is already present on the EtherTalk network that you will be connecting to the Netopia Router, use the zone name and network number used by that router for that EtherTalk network.
Page 135: Localtalk Setup
If another router is already present on the LocalTalk network that you will be connecting to the Netopia Router, use the zone name and network number used by that router for that LocalTalk network. Otherwise, your LocalTalk network may experience routing conﬂicts.
Page 136: Aurp Setup
6-12 Reference Guide As an alternative, you can set LocalTalk seeding to soft seeding and let the Netopia Router receive the zone name and network number from the other router. Select LocalTalk Network Number and enter the desired network number.
Page 137 Viewing AURP partners To see a table of existing AURP partners, select Display/Show Partners and press Return. Note: The Netopia Router can deﬁne a total of 32 AURP partners. Adding an AURP partner To add a new AURP partner, select Add Partner and press Return to go to the Add AURP Partner screen.
Page 138 6-14 Reference Guide To initiate a connection with an AURP partner, select Initiate Connection and toggle it to Yes. This will open a connection to the remote AppleTalk network. To restrict the new AURP partner’s access to your intranet, select Restrict to Free Trade Zone and toggle it to Yes. See “Restricting intranet access,”...
Page 139 Receiving AURP connections To control the acceptance of incoming AURP tunnels, select Accept Connections From and choose Anyone or Conﬁgured Partners Only from the pop-up menu. If you choose Anyone, all incoming AURP connections will be accepted. The more secure option is Conﬁgured Partners Only, which only accepts connections from recognized AURP partners (the ones you have set up).
Page 140 0 and 100 hours. This parameter tells the AURP partners when to send out an AURP tickle packet. If this value is set to 0, the Netopia Router will never send out a tickle packet. Select Update Interval (HH:MM:SS) and set the timer to indicate how often a Routing Information Update (RI-Upd) packet will be sent to the remote router.
Page 141 AppleTalk Setup 6-17 To override the AppleTalk maximum limit of 15 hops, select Enable Hop-Count Reduction and toggle it to Yes. Hosts on a local AppleTalk network will then “see” AppleTalk destinations across the IP tunnel as being only one hop away. AppleTalk allows a packet up to 15 hops (going through 15 AppleTalk routers) to reach its destination.
Page 142 6-18 Reference Guide...
Page 143: Chapter 7 - Security
Chapter 7 Security The Netopia Router provides a number of security features to help protect its conﬁguration screens and your local network from unauthorized access. Although these features are optional, it is strongly recommended that you use them. This chapter is divided into ﬁve main sections: “Suggested security measures”...
Page 144: Suggested Security Measures
In addition to setting up user accounts, Telnet access, and ﬁlters (all of which are covered later in this chapter), there are other actions you can take to make the Netopia Router and your network more secure: If you will be using a PC Card modem for dial-up access through a telephone line, keep the phone number secure and be sure to set passwords to protect the conﬁguration screens.
Page 145 Caution! You are strongly encouraged to add protection to the conﬁguration screens. Unprotected screens could allow an unauthorized user to compromise the operation of your entire network. The following screens can be protected with a name/password combination: Main Menu Easy Setup Advanced Conﬁguration Security Options (password only) Statistics, Utilities, Tests...
Page 146 Reference Guide Protecting the Security Options screen The ﬁrst screen you should protect is the Security Options screen, because it controls access to the conﬁguration screens. Access to the Security Options screen can be protected with a password. Select Password To Visit This Screen in the Security Options screen and enter a password.
Page 147: Telnet Access
Options screen and toggle it to Yes. Telnet is a TCP/IP service that allows remote terminals to access hosts on an IP network. The Netopia Router supports Telnet access to its conﬁguration screens. You should consider restricting Telnet access to the Netopia Router if you suspect there is a chance of tampering.
Page 148: About Filters And Filter Set
Internet. Using packet ﬁlters to control network communications can greatly improve your network’s security. The Netopia Router’s packet ﬁlters are designed to provide security for the Internet connections made to and from your network. You can customize the router’s ﬁlter sets for a variety of packet ﬁltering applications.
Page 149 Security Each inspector has a speciﬁc task. One inspector’s task may be to examine the destination address of all outgoing packages. That inspector looks for a certain destination—which could be as speciﬁc as a street address or as broad as an entire country—and checks each package’s destination address to see if it matches that destination.
Page 150 Reference Guide packet ﬁrst ﬁlter match? send to next ﬁlter pass or discard? discard (delete) pass to network For example, let’s say the ﬁrst inspector’s orders are to send along all packages that come from Rome, and the second inspector’s orders are to reject all packages that come from France.
Page 151: How Individual Filters Work
This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match occurs, the packet is blocked. Here is what this rule looks like when implemented as a ﬁlter on the Netopia Router: +-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd +--------------------------------------------------------------------+ 1 199.211.211.17...
Page 152 7-10 Reference Guide Internet service Telnet SMTP (mail) Gopher Parts of a ﬁlter A ﬁlter consists of criteria based on packet attributes. A typical ﬁlter can match a packet on any one of the following attributes: The source IP address (where the packet was sent from) The destination IP address (where the packet is going) The type of higher-layer Internet protocol the packet is carrying, such as TCP or UDP...
Page 153 Internet service Who Is World Wide Web SNMP TFTP UDP port Internet service AppleTalk Routing Maintenance (at-rtmp) AppleTalk Name Binding (at-nbp) AURP (AppleTalk) Port number comparisons A ﬁlter can also use a comparison option to evaluate a packet’s source or destination port number. The comparison options are: No Compare: No comparison of the port number speciﬁed in the ﬁlter with the packet’s port number.
Page 154: Other Filter Attributes
7-12 Reference Guide Other ﬁlter attributes There are three other attributes to each ﬁlter: The ﬁlter’s order (i.e., priority) in the ﬁlter set Whether the ﬁlter is currently active Whether the ﬁlter is set to pass (forward) packets or to block (discard) packets Putting the parts together When you display a ﬁlter set, its ﬁlters are displayed as rows in a...
Page 155 Src. Port: The source port to match. This is the port on the sending host that originated the packet. D. Port: The destination port to match. This is the port on the receiving host for which the packet is intended. On?: Displays Yes when the ﬁlter is in effect or No when it is not.
Page 156 7-14 Reference Guide Using the tables on page protocol numbers (the local Telnet port): Proto = TCP (or 6) D. Port = 23 The ﬁlter should be enabled and instructed to block the Telnet packets containing the source address shown in step 2: On? = Yes Fwd = No This four-step process is how we produced the following ﬁlter from...
Page 157: Design Guidelines
Design guidelines Careful thought should go into designing a new ﬁlter set. You should consider the following guidelines: Be sure the ﬁlter set’s overall purpose is clear from the beginning. A vague purpose can lead to a faulty set, and that can actually make your network less secure.
Page 158: Working With Ip Filters And Filter Sets
7-16 Reference Guide Working with IP ﬁlters and ﬁlter sets Advanced Main Menu Conﬁg. Too much reliance on packet ﬁlters can cause too little reliance on other security methods. Filter sets are not a substitute for password protection, effective safeguarding of passwords, caller ID, the “must match”...
Page 159: Adding A Filter Set
Display/Change IP Filter Set... Add IP Filter Set... Delete IP Filter Set... Return/Enter to configure and add a new Filter Set. Set Up IP Filter Sets (Firewalls) from this and the following Menus. The basic procedure for creating and maintaining ﬁlter sets is as follows: Add a new ﬁlter set.
Page 160 7-18 Reference Guide Add IP Filter Set Filter Set Name: Display/Change Input Filter... Add Input Filter... Delete Input Filter... Display/Change Output Filter... Add Output Filter... Delete Output Filter... ADD FILTER SET Configure the Filter Set name and its associated Filters. Naming a new ﬁlter set All new ﬁlter sets have a default name.
Page 161 ﬁlter The Netopia Router Packets in the Netopia Router pass through an input ﬁlter if they originate in the WAN and through an output ﬁlter if they’re being sent out to the WAN. The process for adding input and output ﬁlters is exactly the same.
Page 162 7-20 Reference Guide Adding ﬁlters to a ﬁlter set In this section you’ll learn how to add an input ﬁlter to a ﬁlter set. Adding an output ﬁlter works exactly the same way, providing you keep the different source and destination perspectives in mind. To add an input ﬁlter, select Add Input Filter in the Add IP Filter Set screen and go to the Add Filter screen.
Page 163 Select Source IP Address and enter the source IP address this ﬁlter will match on. You can enter a subnet or a host address. Select Source IP Address Mask and enter a mask for the source IP address. This allows you to further modify the way the ﬁlter will match on the source address.
Page 164 7-22 Reference Guide You can add a TCP ﬁlter to a ﬁlter set with the following steps: In the Add Filter screen, toggle the Enabled ﬁeld to Yes. Select Forward and toggle it to Yes. Select the Protocol Type ﬁeld and type in TCP. Then press Return.
Page 165: Deleting Filters
Change Filter Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: Source Port Compare... Source Port ID: Dest. Port Compare... Dest. Port ID: Enter the IP specific information for this filter. Deleting ﬁlters To delete a ﬁlter, select Delete Input Filter (Delete Output Filter) in the Add Filter Set screen to display a table of ﬁlters.
Page 166: Modifying Filter Sets
7-24 Reference Guide Modifying ﬁlter sets To modify a ﬁlter set, select Display/Change Filter Set in the Filter Sets screen to display a list of ﬁlter sets. Select a ﬁlter set from the list and press Return to go to the Change IP Filter Set screen.
Page 167: A Sample Ip Filter Set
A sample IP ﬁlter set This section contains the settings for a ﬁlter set, called Basic Firewall, which is part of the Netopia Router’s factory conﬁguration. You can add Basic Firewall to your connection proﬁles or the answer proﬁle (see “Connection proﬁles for ISDN and Leased lines”...
Page 168 7-26 Reference Guide Input ﬁlter Setting Enabled Forward Source IP 0.0.0.0 address Source IP 0.0.0.0 address mask Dest. IP 0.0.0.0 address Dest. IP 0.0.0.0 address mask Protocol type Source port comparison Compare Source port ID Dest. port Equal comparison Dest. port ID 2000 Input ﬁlter Input ﬁlter...
Page 169 Security 7-27 Input ﬁlter 3: This ﬁlter explicitly passes all WAN-originated ICMP trafﬁc to permit devices on the WAN to ping devices on the LAN. Ping is an Internet service that is useful for diagnostic purposes. Input ﬁlters 4 and 5: These ﬁlters pass all TCP and UDP trafﬁc, respectively, when the destination port is greater than 1023.
Page 170 7-28 Reference Guide Trusted host. To allow unlimited access by a trusted remote host with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243), insert the following input ﬁlter ahead of the current input ﬁlter 1: Enabled: Yes Forward: Yes Source IP Address: a.b.c.d...
Page 171 FTP sessions. To allow WAN-originated FTP sessions to a LAN-based FTP server with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243), insert the following input ﬁlter ahead of the current input ﬁlter 1: Enabled: Yes Forward: Yes Source IP Address: 0.0.0.0 Source IP Address Mask: 0.0.0.0...
Page 172 AURP tunnel. To allow an AURP tunnel between a remote AURP router with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243) and a local AURP router (including the Netopia Router itself), insert the following input ﬁlter ahead of the current input ﬁlter 1: Enabled: Yes Forward: Yes Source IP Address: a.b.c.d...
Page 173: Chapter 8 - Token Security Authentication
Securing network environments This chapter discusses how to conﬁgure and use security authentication on the Netopia Router. Note: The security authentication feature only applies to Netopia Router models connecting over a dial-up ISDN line using the PPP-PAP-TOKEN or PPP-CACHE-TOKEN authentication protocol.
Page 174: Using The Securid Token Card
PIN before access is granted. Key Security Authentication Features of the Netopia Router As a remote device, the Netopia Router offers client/calling side security authentication. This feature allows the Netopia Router to call a server router and perform security card authentication. The router of the called server must have access to a server with ACE software loaded on it.
Page 175: Security Authentication Components
Note: The Netopia Router currently only supports Ascend routers as ACMs. An external Netopia Router calling into a designated server. For example, a telecommuter dialing into a remote site from a Netopia Router interested in accessing personal email or ﬁle sharing services.
Page 176: Conﬁguring The Netopia Router For Security Authentication
Reference Guide Conﬁguring the Netopia Router for security authentication To conﬁgure the Netopia Router to support security authentication, select an authentication method and set up a designated connection proﬁle from the Advanced Conﬁguration screen or your ﬁrst connection proﬁle from Easy Setup.
Page 177: Initiating A Connection Call Using Security Authentication
Initiating a connection call using security authentication If you select PAP-TOKEN, select Send User Name and enter a name for your Netopia Router. You will not need to enter a Send Password for PAP-TOKEN. Press Return. If you select CACHE-TOKEN, select Send User Name and enter a name for your Netopia Router.
Page 178 Reference Guide Statistics, Utilities, Tests Statistics General Statistics... Event Histories... Routing Tables... Utilities Date and Time... Establish WAN Connection... Disconnect WAN Connection... Ping... Upgrade Feature Set... Restart System... Revert to Factory Defaults... Secure Authentication Monitor... Tests ISDN Switch Loopback Test... Select Secure Authentication Monitor and press Return.
Page 179 Secure Authentication Monitor Current ISDN Connection Status Profile Name---State---%Use---Remote Address---Est.---More Info--- Status --- Passcode Required For Connection Profile: Easy Setup Profile 0-Challenge: Enter PASSCODE: Passcode: 123412345678 From the ﬁelds that appear, select Enter PASSCODE and press Return. Enter your PIN and the code displayed on your security authentication token card LED screen.
Page 180: Establishing A Manual Connection Call
Reference Guide Establishing a manual connection call To establish a Manual connection call, select the Statistic, Utilities, Tests from the Main Menu and press Return. Select Establish WAN Connection from the Statistics, Utilities, Tests screen and press Return. The Establish WAN Connection screen displays a table of all of the connection proﬁles you have deﬁned.
Page 181: Troubleshooting
If your security authentication token card is not providing you with a passcode, the card may have expired or either the Netopia Router or Radius server is misconﬁgured. For further information on how to troubleshoot these kinds of problems, contact the manufacturer of your security authentication software and hardware, or contact Farallon Technical Support.
Page 182 8-10 Reference Guide...
Page 183: Chapter 9 - Monitoring Tools
You can get a useful, overall status report from the Netopia Router in the Quick View screen. To go to the Quick View screen, select Quick View in the Main Menu.
Page 184: General Status
Ethernet Address: The Netopia Router’s hardware address. Firmware Version: The version of the software that controls the Netopia Router. This number is useful if you call Farallon technical support and are asked for the ﬁrmware version running on the router. The ﬁrmware version number is also displayed on the Main Menu.
Page 185: Current Status
Current Status The current status section is a table showing the current status of ISDN, the WAN, or Frame Relay. Current ISDN Connection or WAN Status ISDN only ---Profile Name------State---%Use-Remote Address----Est.-More Info---------- Leased line with PPP or HDLC enabled only ---Profile Name------State---%Use-Remote Address----Est.-More Info---------- Proﬁle Name: Lists the name of the connection proﬁle being used, if any.
Page 186: Led Status
(FECN) indicates too much data at too high a speed is being sent. LED Status This section shows the current real-time status of the Netopia Router’s LEDs. It is useful for remotely monitoring the router’s status. The Quick View screen’s arrangement of LEDs corresponds to the physical arrangement of LEDs on the router.
Page 187: General Statistics
O: The letter “O” means the LED is on (solid). E: The letter “E” means the LED is reporting an error. When you are troubleshooting your Netopia Router, the Statistics screens provide insight into the recent event activities of the Router.
Page 188 ISDN only ISDN only General Statistics displays information about data trafﬁc on the Netopia Router’s PhoneNet and Ethernet ports. This information is useful for monitoring and troubleshooting your LAN. The left side of the screen lists total packets received and total...
Page 189 The number of bytes and packets received through the channel The number of bytes and packets transmitted through the channel The IP address of the remote network to which the Netopia Router is connected through the channel The congestion notiﬁcations (FECNs and BECNs) indicating too...
Page 190 Reference Guide Models with Frame Relay enabled only DLCI Trafﬁc Statistics DLCI Statistics DLCI----Remote IP Addr--IPX Net----Frames Rx--Frames Tx---Bytes Rx---Bytes Tx ----------------------------------SCROLL UP----------------------------------- ---------------------------------SCROLL DOWN---------------------------------- Select a DLCI and hit Return/Enter for more information. Interfaces using Frame Relay also offer the DLCI Trafﬁc Statistics ﬁeld.
Page 191: Event Histories
Event Histories The Netopia Router records certain relevant occurrences in event histories. Event histories are useful for diagnosing problems because they list what happened before, during, and after a problem occurs. You can view two different event histories: one for the router’s system and one for the ISDN or leased line.
Page 192 9-10 Reference Guide Device Event History -Date-----Time-----Event------------------------------------------------------ ----------------------------------SCROLL UP----------------------------------- 06/04/97 08:56:13 AppleTalk initialization complete 06/04/97 08:56:06 IPX initialization complete 06/04/97 08:56:06 IP address server initialization complete 06/04/97 08:56:06 --BOOT: Cold start v3.2------------------------------------- 06/04/97 08:52:28 AURP initialization complete ---------------------------------SCROLL DOWN---------------------------------- Return/Enter on event item for details or 'SCROLL [UP/DOWN]' item for scrolling.
Page 193: Monitoring Tools
-Date-----Time-----Event------------------------------------------------------ ----------------------------------SCROLL UP----------------------------------- 06/04/97 16:35:44 06/04/97 16:35:44 06/04/97 16:35:43 06/04/97 16:35:43 06/04/97 16:35:43 06/04/97 16:35:41 06/04/97 16:35:41 06/04/97 16:35:41 >>Issued 64Kb Setup Request from our DN: 5105771234 06/04/97 16:34:57 06/04/97 16:34:56 06/04/97 16:34:56 06/04/97 16:34:56 * PPP: PAP 06/04/97 16:34:54 06/04/97 16:34:54 06/04/97 16:34:53 >>Issued 64Kb Setup Request from our DN: 5105771234 ---------------------------------SCROLL DOWN----------------------------------...
Page 194: Routing Tables
To clear the WAN Event History, select Clear WAN Event History in the Event Histories screen. You can view all of the IP, IPX and AppleTalk routes in the Netopia Router’s IP, IPX and AppleTalk routing tables, respectively. To go to the Routing Tables screen, select Routing Tables in the Statistics, Utilities, Tests screen.
Page 195 AppleTalk routing table The AppleTalk routing table displays information about the current state of AppleTalk networks connected to the Netopia Router, including remote AppleTalk networks connected with AURP. This information is gathered from other active AppleTalk routers. To go to the AT Routing Table screen, select AppleTalk Routing...
Page 196 9-14 Reference Guide AT Routing Table -Net---Range--(Def) Zone Name---------Hops-State-Next Rtr Addr.--Pkts Fwded--- ----------------------------------SCROLL UP----------------------------------- Admin Admin Operations Sales Marketing Marketing Customer Service TechSports R&D R&D R&D UNIX Services Operations R&D ---------------------------------SCROLL DOWN---------------------------------- UPDATE '*' Entries have multiple zone names. Return/Enter on these to see zone list. Each row in the AppleTalk routing table corresponds to an AppleTalk route or network range.
Page 197: Call Accouting
AppleTalk network (e.g.: LocalTalk or EtherTalk Phase II). An IP address is displayed if the Netopia Router is connected to the router shown using AURP. IP address means a connection transports over AURP (AppleTalk encapsulated IP).
Page 198 9-16 Reference Guide Call Accounting Enable Call Accounting: Day for auto-reset of timers: Maximum connect time (HH:MM): RESET MINUTE COUNTERS -------- Call Accounting Statistics ---------------------------------- Total First Minutes: Total Additional Time (HH:MM): Remaining Time (HH:MM): Trigger Date(MDY): To enable call accounting, follow these steps: Select Enable Call Accounting and toggle it to On.
Page 199: Snmp
Frame Relay DTE MIB (RFC 1315) Farallon Netopia MIB These MIBs are on the Netopia Router CD included with the Netopia Router. You should load these MIBs into your SNMP management software in the order they are listed here. Follow the instructions included with your SNMP manager on how to load MIBs.
Page 200: Sysobjectid And Sysdescr
Model no. The value returned by the Netopia Router SNMP agent for sysDescr is Netopia PN yyy , where yyy is your particular Netopia Router model number. For some models, yyy also includes a sufﬁx to the model number. See the table below.
Page 201: The Snmp Setup Screen
System Name, System Location, and System Contact set the values returned by the Netopia Router SNMP agent for the SysName, SysLocation, and SysContact objects, respectively, in the MIB-II system group. Although optional, the information you enter in these items can help a system administrator manage the network more efﬁciently.
Page 202: Snmp Traps
SNMP traps An SNMP trap is an informational message sent from an SNMP agent (in this case, the Netopia Router) to a manager. When a manager receives a trap, it may log the trap as well as generate an alert message of its own.
Page 203 The Netopia Router sends traps using UDP (for IP networks). You can specify which SNMP managers are sent the IP traps generated by the Netopia Router. Up to eight receivers can be set. You can also review and remove IP traps.
Page 204 9-22 Reference Guide Viewing IP trap receivers To display a view-only table of IP trap receivers, select Display/Change IP Trap Receiver in the IP Trap Receivers screen. Modifying IP trap receivers To edit an IP trap receiver, select Display/Change IP Trap Receiver in the IP Trap Receivers screen.
Page 205: Chapter 10 - Utilities And Tests
Note: These utilities and tests are accessible only through the console-based management screens. If you used Web-based management to conﬁgure your Router, see Chapter 4, “Installing the Netopia Router,” of the Getting Started Guide for information on accessing the console-based management screens. page...
Page 206: Setting The System Date And Time
10-2 Reference Guide Setting the system date and time Some utilities and tests may not be available on some Netopia Router models, depending on the switch type and data encapsulation method. See the following sections for more information. You can set the system’s date and time in the Set Date and Time screen.
Page 207: Ping
Ping The Netopia Router includes a standard Ping test utility. A Ping test generates IP packets destined for a particular (Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender.
Page 208 10-4 Reference Guide Select Packets to Send to change the default setting. This is the total number of packets to be sent during the Ping test. The default setting is adequate in most cases, but you may change it to any value from 1 to 4,294,967,295. Select Data Size to change the default setting.
Page 209 Packets In count. In the example below, a Netopia Router is sending Ping packets to another host, which responds with return Ping packets. Note that...
Page 210 10-6 Reference Guide send Ping packet 1 Netopia receive return Ping packet 1 Netopia send Ping packet 2 Netopia send Ping packet 3 Netopia receive return Ping packet 2 Netopia receive return Ping packet 3 Netopia Packets Lost: The number of packets unaccounted for, shown in total and as a percentage of total packets sent.
Page 211: Tracing A Route
Tracing a route The time-to-live (TTL) value for each Ping packet sent by the Netopia Router is 255, the maximum allowed. The TTL value deﬁnes the number of IP routers that the packet can traverse. Ping packets that reach their TTL value are dropped, and a “destination unreachable”...
Page 212: Upgrading The Netopia Router
Cancel the trace by pressing Esc. Return to the Trace Route screen by pressing Esc twice. You can upgrade your Netopia Router by adding new feature sets through the Upgrade Feature Set utility. See the release notes that came with your router or visit the Farallon web site at www.farallon.com for information on new...
Page 213: Factory Defaults
Router parameters. This test is available only on switched ISDN lines. Using the ﬁrst B-channel, the test calls the Netopia Router on the second B-channel, creating a call loop back to the unit. To run the ISDN loopback test, select ISDN Switch Loopback Test in the Statistics, Utilities, Tests screen and press Return to go to the ISDN Switch Loopback Test screen.
Page 214 10-10 Reference Guide The Status item reports one of three results: Untested: The loopback test has not yet been run. Loopback Test FAILED: The loopback test has failed. See loopback test fails,” below, for troubleshooting suggestions. Loopback Test PASSED. The loopback test was successful. The line is working properly, and the directory numbers (the ISDN phone numbers associated with each B-channel) are correct.
Page 215: Console Conﬁguration
In the Getting Started Guide , it was suggested that you set the communications parameters in your terminal emulation software to match the Netopia Router’s default settings. However, you can change the default terminal communications parameters to suit your requirements.
Page 216: Transferring Conﬁguration And Firmware Files With Xmodem
PC Card Modem Init String: The transfer you initiate will occur through the port from which you initiate it. If you are connected to the Netopia Router through its console port, the transfer will occur through that port. If you are connected through the PC Card port, the transfer will occur through that port.
Page 217: Using The Smartport
The terminal emulation program should be conﬁgured as speciﬁed in the Getting Started guide. Once you connect to the Netopia Router’s modem, you should see the conﬁguration screens. Press Ctrl-L if you connect but are unable to see the screens.
Page 218: Reference Guide
+--------------------------------------------------------------------+ +--------------------------------------------------------------------+ Are you sure you want to send a firmware file to your Netopia? If so, when you hit Return/Enter on the CONTINUE button, you will have 10 seconds to begin the transfer from your terminal program.
Page 219: Downloading Conﬁguration Files
+--------------------------------------------------------------------+ +--------------------------------------------------------------------+ | Do you want to send a saved configuration to your Netopia? | If so, when you hit Return/Enter on the CONTINUE button, you will | have 10 seconds to begin the transfer from your terminal program.
Page 220: Uploading Conﬁguration Files
+--------------------------------------------------------------------+ Are you sure you want to save your current Netopia configuration? | If so, when you hit Return/Enter on the CONTINUE button, you will | have 10 seconds to begin the transfer from your terminal program. |...
Page 221: Transferring Conﬁguration And Firmware Files With Tftp
Transferring conﬁguration and ﬁrmware ﬁles with TFTP Select CANCEL to exit without uploading the ﬁle, or select CONTINUE to upload the ﬁle. If you choose CONTINUE, you will have ten seconds to use your terminal emulation software to initiate an XMODEM transfer of the conﬁguration ﬁle.
Page 222: Updating Firmware
Select GET FIRMWARE FROM SERVER and press Return. You will see the following dialog box: +--------------------------------------------------------------------+ +--------------------------------------------------------------------+ | Are you sure you want to send a firmware file to your Netopia? | The device will restart when the transfer is complete. CANCEL +--------------------------------------------------------------------- ------------------------------------------------------------+ Select CANCEL to exit without downloading the ﬁle, or select...
Page 223: Downloading Conﬁguration Files
Select GET CONFIG FROM SERVER and press Return. You will see the following dialog box: +--------------------------------------------------------------------+ +--------------------------------------------------------------------+ | Are you sure you want to send a saved configuration to your Netopia? | CANCEL +--------------------------------------------------------------------+ Select CANCEL to exit without downloading the ﬁle, or select CONTINUE to download the ﬁle.
Page 224: Uploading Conﬁguration Files
ﬁles. Uploading a ﬁle can also be useful for troubleshooting purposes. The uploaded conﬁguration ﬁle can be tested on a different Netopia Router unit by Farallon or your network administrator. To upload a conﬁguration ﬁle, follow these steps: Select TFTP Server Name and enter the DNS name or IP address of the TFTP server you will use.
Page 225 +--------------------------------------------------------------------+ +--------------------------------------------------------------------+ | Are you sure you want to save your current Netopia configuration? CANCEL +--------------------------------------------------------------------+ Select CANCEL to exit without uploading the ﬁle, or select CONTINUE to upload the ﬁle. The system will reset at the end of the ﬁle transfer to put the new conﬁguration into effect.
Page 226 10-22 Reference Guide...
Page 227: Appendix A - Troubleshooting
Power outages If you suspect that power was restored after a power outage, and the Netopia Router is connected to a remote site, you may need to switch the Netopia Router off and then back on again. After temporary power outages, a connection that still seems to be up may actually be disconnected.
Page 228: Console Connection Problems
ISDN problems The WAN Ready LED is blinking red This is an indication that the Netopia Router cannot detect the ISDN switch at your ISDN service provider’s central ofﬁce. Check that the cable you are using for ISDN is not a 10Base-T cable, which can look similar to an ISDN cable.
Page 229 The WAN Ready LED is solid red This is an indication that the Netopia Router is unable to synchronize with the switch at your ISDN service provider’s central ofﬁce. Conﬁrm that you have entered the correct directory numbers when conﬁguring the Router.
Page 230: Frame Relay Problems
Reference Guide If you are trying to call an ISP, conﬁrm the following: The ISP’s directory number The authorization method you use (PAP, CHAP, or none) to access your ISP account If using PAP or CHAP, the name and password/secret you were given and their case (uppercase or lowercase) The ISP’s IP address Check the ISDN event history for more information.
Page 231: Network Problems
(198.34.7.1 but not garcia.farallon.com, for example), verify that the DNS server’s IP address is correct and that it is reachable from the Netopia Router (use ping). If you are using ﬁlters, check that your ﬁlter sets are not blocking the type of connections you are trying to make.
Page 232: Internal Termination Switch
Router to the NT1 or wall jack on your ISDN line. The S/T bus must be properly terminated to avoid ISDN communications errors. The Netopia Router ships with its internal termination switch set to the off position. This means that you should already have S/T bus termination.
Page 233: Technical Support
Locate the Netopia Router’s model number, product serial number, and ﬁrmware version. The serial number is on the bottom side of the Router, along with the model number. The ﬁrmware version appears in the Netopia Router’s Main Menu screen. Model number:__________________________...
Page 234: How To Reach Us
If you contact us by telephone, please be ready to supply Farallon Technical Support with the information you used to conﬁgure the Netopia Router. Also, please be at the site of the problem and prepared to reproduce it and to try some troubleshooting steps.
Page 235 Troubleshooting Local service If you are not located in the United States or Canada, you can get service locally by contacting your nearest Farallon reseller or distributor. For a worldwide list of our distributors, see our AppleLink bulletin board or contact Farallon directly.
Page 236 A-10 Reference Guide...
Page 237: Appendix B - Understanding Ip Addressing
What is IP? This appendix is a brief general introduction to IP addressing. A basic understanding of IP will help you in conﬁguring the Netopia Router and using some of its powerful features, such as static routes and packet ﬁltering.
Page 238: About Ip Addressing
Reference Guide About IP addressing Every networking protocol uses some form of addressing in order to ensure that packets are delivered correctly. In IP, individual network devices that are initial sources and ﬁnal destinations of packets are usually called hosts, instead of nodes, but the two terms are inter- changeable.
Page 239: Subnets And Subnet Masks
Number of networks Class First byte possible per class 1-127 128-191 16,384 192-223 2,097,152 Class A networks have a small number of possible network numbers, but a large number of possible host numbers. Conversely, Class C networks have a small number of possible host numbers, but a large number of possible network numbers.
Page 240 To know whether subnets are being used or not, you must know what subnet mask is being used—you cannot determine this information simply from an IP address. Subnet mask information is conﬁgured as part of the process of setting up IP routers and gateways such as the Netopia Router.
Page 241: Example: Using Subnets On A Class C Ip Internet
Understanding IP Addressing Note: If you receive an IP address from an ISP, there must be a mask associated with that IP address. By using the IP address with the mask you can discover exactly how many IP host addresses you actually have.
Page 242 Reference Guide Subnetting options for a Class C IP network Subnet mask chosen 11111111.11111111.11111111.10000000 or 255.255.255.128 11111111.11111111.11111111.11000000 or 255.255.255.192 11111111.11111111.11111111.11100000 or 255.255.255.224 11111111.11111111.11111111.11110000 or 255.255.255.240 11111111.11111111.11111111.11111000 or 255.255.255.248 11111111.11111111.11111111.11111100 or 255.255.255.252 11111111.11111111.11111111.11111110 or 255.255.255.254 11111111.11111111.11111111.11111111 or 255.255.255.255 Number of bits for subnet number As you can see, subnet masks that allocate one, seven, or eight bits to subnets are useless for a Class C network.
Page 243 that allocates ﬁve bits to the host address and three to the subnet address. This gives you a potential of six subnets of 30 machines each. Determine the subnet mask You can ﬁnd the subnet mask associated with your subnetting choice in the table above.
Page 244: Example: Working With A Class C Subnet
Reference Guide Smallest Subnet Subnet host location number number 3rd ﬂoor 4th ﬂoor 5th ﬂoor Determine the host addresses Finally, combine your subnet numbers with your host numbers to determine the actual IP addresses you may use for your 25 hosts. The ﬁrst three bytes of the address will always be 199.14.17, as assigned to you by InterNIC.
Page 245: Distributing Ip Addresses
These two methods are not mutually exclusive; you can manually issue some of the addresses while the rest are distributed by the Netopia Router. Using the Router in this way allows it to function as an address server. One reason to use the Netopia Router as an address server is that it takes less time than manually distributing the addresses.
Page 246: Manually Distributing Ip Addresses
DHCP. The second way, MacIP, is for Macintosh computers. MacIP is provided with the Netopia Internet Software Starter Kit. The Netopia Router can use both DHCP and MacIP. Whether you use one or both will depend on your particular networking environment.
Page 247 A single IP address range is used by all the address-served clients. These include DHCP, BOOTP, MacIP, and WAN clients, even though BOOTP and static MacIP clients might not be considered served. B-11 Distributed to the Netopia Router (Ethernet IP address) Manually distributed (static) Pool of Addresses Distributed...
Page 248 B-12 Reference Guide The address range speciﬁed for address-served clients cannot wrap around from the end of the total available range back to the beginning. See below for a further explanation and an example. The network address issued by an ISP cannot be used as a host address.
Page 249: Nested Ip Subnets
Class C address a.b.c.0, and contains Router A (which could be a Netopia Router), a Netopia Router, and a number of other hosts. Router A maintains a link to the Internet, and may be used as the default gateway.
Page 250 255.255.255.192 a.b.c.248 255.255.255.248 The Netopia Router’s connection proﬁles for Routers B and C create entries in its IP routing table. One entry points to the subnet a.b.c.128, while a second entry points to the subnet a.b.c.248. The IP routing table might look similar to the following:...
Page 251 When a.b.c.249 is masked by the ﬁrst route’s subnet mask, it yields a.b.c.248, which matches the network address in the route. The Netopia Router uses the connection proﬁle associated with the route to connect to Router C, and then forwards the packet. Router C delivers the packet to the host on its local network.
Page 252: Broadcasts
IP computers, or talk with your IP network manager or the vendor of your IP equipment. By default, the Netopia Router uses Ethernet packet headers for IP trafﬁc. If your network requires 802.3 IP...
Page 253: Appendix C - Isdn Conﬁguration Guide
SPID. It’s usually 1 or 01 for the ﬁrst SPID and 2 or 02 for the second SPID, but it can vary in form. You may need to add a TID to each SPID you use when you conﬁgure the Netopia Router. If you encounter other unfamiliar terms, check the glossary.
Page 254: About Spids
The table below displays the general SPID formats for the types of North American ISDN switch protocols supported by the Netopia Router. The formats shown are a subset of possible SPID formats, but in most cases they should work.
Page 255: Example Spids
If the remote network has an ISDN line with a DMS-100 switch and is not in a hunt group, it should have one directory number for each B-channel. Both directory numbers are required by the Netopia Router to make a connection to that network using two B-channels.
Page 256: Backup Number
For example, if calling the primary number returns a busy signal, the Netopia Router will attempt to use the secondary number stored in Optional Second Number. If a connection also cannot be made using the secondary number, see the event history to determine the problem and its solution.
Page 257: Other Incoming Call Restrictions
The table below shows which supported switch types can allow an incoming call when ACO for data is on. Type of switch: AT&T 5ESS custom AT&T 5ESS National ISDN-1 DMS-100 custom DMS-100 National ISDN-1 * Must have two directory numbers assigned. This table may not be a complete list of switch protocols that support ACO.
Page 258 Reference Guide...
Page 259: Appendix D - Isdn, Dds/Adn, And T1 Events
ISDN, DDS/ADN, and T1 Events This appendix is a complete list of the leased line and ISDN events that can appear in the Netopia Router’s event histories. The text that appears in a history is shown in bold, followed by a brief explanation and the parameters associated with the event.
Page 260: Leased Line Events
Reference Guide Leased line events ISDN events +------------------------EVENT DETAILS----------------------+ +-----------------------------------------------------------+ | 19:40:04 on Friday, July 23, 1999 | Disconnect Requested | Called #: 914152270188; Cause: 16 +-----------------------------------------------------------+ WAN data link activated at X Kbps: Indicates leased line is active at the speciﬁed speed (X). WAN data link deactivated: Indicates leased line is not active.
Page 261: Isdn Event Cause Codes
ISDN, DDS/ADN, and T1 Events Connection Conﬁrmed to our DN: Received connect conﬁrmation for Connect Request sent to the switch. Associated parameter: called directory number. Received Connect Ind. for DN: Received connect indication for Call Request sent to the switch. Associated parameter: called directory number.
Page 262 Reference Guide Cause No. 2: no route to speciﬁed transit network. This cause indicates that the equipment sending this cause has received a request to route the call through a particular transit network which it does not recognize. The equipment sending this cause does not recognize the transit network either because the transit network does not exist or because that particular network, while it does exist, does not serve the equipment that is sending this cause.
Page 263 ISDN, DDS/ADN, and T1 Events This cause is not necessarily generated by Q.931 procedures but may be generated by internal network timers. Cause No. 21: call rejected. This cause indicates that the equipment sending this cause does not wish to accept this call, although it could have accepted the call because the equipment sending this cause is neither busy nor incompatible.
Page 264 Reference Guide Cause No. 38: network out of order. This cause indicates that the network is not functioning correctly and that the condition is likely to last a relatively long period of time: e.g., immediately reattempting the call is not likely to be successful. Cause No.
Page 265 ISDN, DDS/ADN, and T1 Events Cause No 57: bearer capability not authorized. This cause indicates that the user has requested a bearer capability implemented by the equipment that generated this cause that the user is not authorized to use. Cause No. 58: bearer capability not presently available. This cause indicates that the user has requested a bearer capability implemented by the equipment that generated this cause which is not available at this time.
Page 266 Reference Guide Cause No. 82: identiﬁed channel does not exist. This cause indicates that the equipment sending this cause has received a request to use a channel not activated on the interface for a call. For example, if a user has subscribed to those channels on a primary rate interface numbered from 1 to 12 and the user equipment or the network attempts to use channels 13 through 23, this cause is generated.
Page 267 ISDN, DDS/ADN, and T1 Events Cause No. 95: invalid message, unspeciﬁed. This cause is used to report an invalid message event only when no other cause in the invalid message class applies. Cause No. 96: mandatory information element is missing. This cause indicates that the equipment sending this cause has received a message that is missing an information element that must be present in the message before that message can be processed.
Page 268 D-10 Reference Guide Cause No. 102: recovery on timer expiry. This cause indicates that a procedure has been initiated by the expiry of a timer in association with Q.931 error handling procedures. Cause No. 111: protocol error, unspeciﬁed. This cause is used to report a protocol error event only when no other cause in the protocol error class applies.
Page 269: Appendix E - Further Reading
Appendix E Further Reading Angell, David. ISDN for Dummies , Foster City, CA: IDG Books Worldwide, 1995. Thorough introduction to ISDN for beginners. Black, Uyless. Emerging Communications Technologies , Englewood Cliffs, New Jersey: PTR Prentice Hall, 1994. Describes how emerging communications technologies, including ISDN and Frame Relay operate and where they ﬁt in a computer/communications network.
Page 270 Reference Guide Siyan, Karanjit. Internet Firewall and Network Security , Indianapolis: New Riders Publishing, 1995. Similar to the Chapman and Zwicky book. Smith, Philip. Frame Relay Principles and Applications , Addison-Wesley Publishing Company, 1996. Covers information on Frame Relay, including the pros and cons of the technology, description of the theory and application, and an explanation of the standardization process.
Page 271: Glossary
Glossary GL-1 Glossary Access Line: A communications line (e.g. circuit) interconnecting a frame-relay-compatible device (DTE) to a frame-relay switch (DCE). See also Trunk Line . Access Rate (AR): The data rate of the user access channel. The speed of the access channel determines how rapidly (maximum rate) the end user can inject data into a frame relay network.
Page 272 GL-2 Reference Guide Bandwidth: The range of frequencies, expressed in Kilobits per second, that can pass over a given data transmission channel within a frame relay network. The bandwidth determines the rate at which information can be sent through a channel - the greater the bandwidth, the more information that can be sent in a given amount of time.
Page 273 GL-3 Bridge: A device that supports LAN-to-LAN communications. Bridges may be equipped to provide frame relay support to the LAN devices they serve. A frame-relay-capable bridge encapsulates LAN frames in frame relay frames and feeds those frame relay frames to a frame relay switch for transmission across the network.
Page 274 GL-4 Reference Guide Unchannelized The entire T1/E1 line is considered a channel, where: The T1 line operates at speeds of 1.536 Mbps and is a signle channel consisting of 24 T1 time slots. The E1 line operates at speeds of 1.984 Mbps and is a single channel consisting of 20 E1 time slots.
Page 275 CNA (Calling Number Authentication): A security feature that will reject an incoming call if it does not match the Calling Number ﬁeld in one of the Netopia ISDN Router’s Connection Proﬁles. CND (Calling Number Delivery): Also known as caller ID, a feature that allows the Called Customer Premises Equipment (CPE) to receive a calling party’s directory number during the call...
Page 276 GL-6 Reference Guide community strings: Sequences of characters that serve much like passwords for devices using SNMP. Different community strings may be used to allow an SNMP user to gather device information or change device conﬁgurations. CRC (Cyclic Redundancy Check): A computational means to ensure the accuracy of frames transmitted between devices in a frame relay network.
Page 277 GL-7 DHCP (Dynamic Host Conﬁguration Protocol): A service that lets clients on a LAN request conﬁguration information, such as IP host addresses, from a server. DLCI (Data Link Control Identiﬁer): A unique number assigned to a PVC end point in a frame relay network. Identiﬁes a particular PVC endpoint within a user’s access channel in a frame relay network.
Page 278 ﬂow control functions as well as end-to-end acknowledgement of data during data transfer, thereby signiﬁcantly reducing overhead within the frame relay network. ﬁrmware: System software stored in a device’s memory that controls the device. The Netopia ISDN Router’s ﬁrmware can be updated.
Page 279 GL-9 Frame-Relay-Capable Interface Device: A communications device that performs encapsulation. frame-Relay-capable reouters and bridges are examples of interface devices used to interface the customer’s equipment to a frame relay network. See also Inteface Device and Encapsulation . Frame Relay Frame: A variable-length unit of data, in frame-relay format that is transmitted through a frame relay network as pure data.
Page 280 The maximum allowable hop count is usually 15. hop count reduction: A feature of AURP supported by the Netopia ISDN Router. Tunnels and point-to-point links over WANs can often exceed the maximum allowable hop count of 15 routers.
Page 281 GL-11 IP (Internet Protocol): A networking protocol developed for use on computer systems that use the UNIX operating system. Often used with Ethernet cabling systems. In this manual, IP is used as an umbrella term to cover all packets and networking operations that include the use of the Internet Protocol.
Page 282 NAT (Network Address Translation): A feature that allows communication between the LAN connected to the Netopia ISDN Router and the Internet using a single IP address, instead of having a separate IP address for each computer on the network.
Page 283 Resolves network number conﬂicts when two or more AppleTalk networks that may have duplicate network numbers are connected together. The Netopia ISDN Router lets you set up a range of network numbers into which remote AppleTalk network numbers are remapped.
Page 284 ﬁt into a PC Card slot. Formerly called a PCMCIA card. See PC Card slot . PC Card slot: The slot designed to hold PC Cards. Formerly called a PCMCIA slot. The Netopia ISDN Router has a PC Card port with two PC Card slots. PCMCIA: See PC Card .
Page 285 GL-15 protocol: A set of rules for communication, sometimes made up of several smaller sets of rules also called protocols. AppleTalk is a protocol that includes the LocalTalk, EtherTalk, and TokenTalk protocols. Q.922 A (Q.922 Annex A): The international draft standard that deﬁnes the structure of frame relay frames.
Page 286 Where a network only allows the use of one protocol, each physical connection corresponds to one logical router port. An example is the Netopia ISDN Router’s LocalTalk port. Where a network allows the use of several protocols, each physical connection may correspond to several logical router ports—one for...
Page 287 S/T interface: The interface on local ISDN equipment where the connection to an NT1 or a properly terminated ISDN line is made. The Netopia ISDN Router models 440-S/T and 430-S/T have S/T interfaces. See also NT1 , U interface .
Page 288 WANs can span a state, a country, or even the world. WAN IP: In addition to being a router, the Netopia ISDN Router is also an IP address server. There are four protocols it can use to distribute IP addresses over the WAN which include: DHCP, BOOTP, IPCP and MacIP.
Page 289 GL-19 zone: An arbitrary subset of nodes within an AppleTalk internet. Creating multiple zones makes it easier for users to locate network services. The network administrator deﬁnes zones when he or she conﬁgures routers. Isolated networks have no zones. LocalTalk and EtherTalk Phase I networks may have no more than one zone each.
Page 290 GL-20 Reference Guide...
Page 291 GL-21...
Page 292 GL-22 Reference Guide...
Page 293: Index
Index Numerics 1 B Channel 25 10Base-2, connecting 8 10Base-5, connecting 8 10Base-T 7 10Base-T, connecting 7 2 B Channels 26 2 B Pre-emptable 26 56 Kbps 30 64 Kbps 30 Add Static Route 13 Adding a filter set 17 answer profile call acceptance scenarios 49 default parameters 45...
Page 294: Dhcp Netbios Options
IN-2 Reference Guide secret 24 Community strings 19 configuration ISDN line 2 configuration files downloading with TFTP 17 downloading with XMODEM 13 uploading with TFTP 18 uploading with XMODEM 14 Configuring profiles for incoming calls. 44 configuring the console 9 Connecting to an Ethernet network 4 Connecting to the configuration screens 4 connection profiles...
Page 295 EtherWave 5 EtherWave, connecting 5 event history device 9 ISDN 10 Exported Services 8 Filter priority 8 filter sets adding 17 defined 7 deleting 24 disadvantages 15 linking to the answer profile 46 modifying 23 sample (Basic Firewall) 24 using 8, 16 viewing 23 Filtering example #1 13 filters...
Page 296 7 navigating through Easy Setup 7 Navigating through the configuration screens 6 Nested IP subnets 13 NetBIOS 20, 4 NetBIOS Scope 21 Netopia answering calls 41 connecting to Ethernet, rules 4 connecting to LocalTalk 3 distributing IP addresses 16, 9...
Page 297 LocalTalk configuration 11 models 3 monitoring 1 PPP options 22, 27 security 1 system utilities and tests 1 Network problems 5 network status overview 1 Next 15 Next Router Address 15 non-seeding 6 Output filter 1 26 packet header 16 and answer profile 44 configuring 23 Parts of a filter 10...
Page 298 IN-6 Reference Guide weekly 53 screens, connecting to 4 secret (CHAP) 24 security filters 6–29 measures to increase 2 telnet 6 user accounts (passwords) 2 Security Options screen 3 seeding 5 Select B-Channel Usage 25 Service Advertising Protocol (SAP) 3 Service Profile ID, see SPID Setting the IP trap receivers 20 Setting the system date and time 2...
Page 299 Trusted host 27 Trusted subnet 27 tunneling 5 unproxied addresses 1 updating firmware with TFTP 16 with XMODEM 12 Updating Netopia’s firmware 16 upgrade 3 Uploading a configuration file 18 uploading configuration files with TFTP 18 with XMODEM 14 user accounts 2...
Page 300: Limited Warranty And Limitation Of Remedies
Limited Warranty and Limitation of Remedies Farallon warrants to you, the end user, that the Netopia™ ISDN Router (the “Product”) will be free from defects in materials and workmanship under normal use for a period of one (1) year from date of purchase.
Page 301 THE ABOVE WARRANTIES ARE MADE BY FARALLON ALONE, AND THEY ARE THE ONLY WARRANTIES MADE BY ANYONE REGARDING THE ENCLOSED PRODUCT. FARALLON AND ITS LICENSOR(S) MAKE NO OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, REGARDING THE ENCLOSED PRODUCT.

This manual is also suitable for:

400 series

Netopia Router PN Series Reference Manual

Chapter 1 - Introduction

Chapter 2 - Conﬁguring ISDN and Leased Line Connections

Chapter 3 - Connecting Your Local Network

Chapter 4 - IP Setup

Chapter 5 - IPX Setup

Chapter 6 - Appletalk Setup

Chapter 7 - Security

Chapter 8 - Token Security Authentication

Chapter 9 - Monitoring Tools

Chapter 10 - Utilities and Tests

Appendix A - Troubleshooting

Appendix B - Understanding IP Addressing

Appendix C - ISDN Configuration Guide

Appendix C - ISDN Conﬁguration Guide

Appendix D - ISDN, DDS/ADN, and T1 Events

Appendix E - Further Reading

Quick Links

Troubleshooting

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Netopia Router PN Series

Summary of Contents for Netopia Router PN Series