Page 1 ™ Netopia 4752 SDSL Integrated Access Device Administration Guide...
Page 2 This manual and any associated artwork, software, and product designs are copyrighted with all rights reserved. Under the copyright laws such materials may not be copied, in whole or part, without the prior written consent of Netopia, Inc. Under the law, copying includes translation to another language or format.
Page 3: Table Of Contents
Pricing and support... 2-2 Endorsements ... 2-2 Deciding on an ISP Account ... 2-2 Setting up a Netopia 4752 account... 2-2 Obtaining an IP address ... 2-2 Obtaining Information from the ISP... 2-3 Local LAN IP address information to obtain... 2-3 Chapter 3 —...
Page 4 Administration Guide Chapter 6 — Console-Based Management ...6-1 Connecting through a Telnet Session... 6-2 Conﬁguring Telnet software... 6-2 Connecting a Console Cable to Your Device ... 6-3 Navigating through the Console Screens... 6-5 Chapter 7 — Easy Setup ...7-1 Easy Setup Console Screens ... 7-1 Accessing the Easy Setup console screens...
Page 5 The ATMP/PPTP Default Proﬁle ... 9-17 System Conﬁguration Screens ... 9-17 Navigating through the System Conﬁguration screens... 9-17 System Conﬁguration Features ... 9-18 IP setup ... 9-19 Filter sets... 9-19 IP address serving ... 9-19 Date and time ... 9-19 Console conﬁguration...
Page 6 Administration Guide Server Lists and Dynamic NAT conﬁguration... 11-6 IP setup ... 11-7 Modifying map lists ... 11-12 Moving maps... 11-14 Adding Server Lists... 11-16 Modifying server lists ... 11-19 Deleting a server ... 11-21 Binding Map Lists and Server Lists ... 11-22 IP proﬁle parameters...
Page 7 About ATMP Tunnels... 12-20 ATMP conﬁguration ... 12-20 Allowing VPNs through a Firewall ... 12-23 PPTP example... 12-24 ATMP example ... 12-27 Chapter 13 — Security ...13-1 Suggested Security Measures... 13-1 User Accounts ... 13-1 Telnet Access ... 13-3 About Filters and Filter Sets... 13-4 What’s a ﬁlter and what’s a ﬁlter set? ...
Page 8 viii Administration Guide Chapter 14 — Monitoring Tools ...14-1 Quick View Status Overview... 14-1 General status... 14-2 Current status ... 14-3 Status lights... 14-3 Statistics & Logs ... 14-4 Event Histories ... 14-4 WAN Event History ... 14-5 Device Event History ... 14-6 Voice Logs...
Page 9 Appendix A — Troubleshooting...A-1 Conﬁguration Problems ... A-1 Console connection problems ... A-2 Network problems... A-2 How to Reset the Netopia 4752 to Factory Defaults ... A-3 Power Outages ... A-3 Technical Support ... A-4 How to reach us ... A-4 Appendix B —...
Page 10 Environment ... F-1 Software and protocols ... F-1 Agency Approvals... F-2 Regulatory notices ... F-2 Important Safety instructions ... F-4 Netopia 4752 Speciﬁcations ... F-5 Physical interface ... F-5 Data features ... F-5 Hardware speciﬁcations ... F-7 Voice features ... F-7...
Page 12 Administration Guide...
Page 13: Chapter 1 - Introduction
DSL. The Netopia 4752 supports the broad array of phone features offered through your service provider and uses your existing analog telephone equipment. The Netopia 4752 includes Netopia's sophisticated data routing engine optimized for small and medium size business needs.
Page 14 Setup and conﬁguration management via console menu. This guide is designed to be your source for information about your Netopia 4752 SDSL Integrated Access Device. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been deliberately designed to present the maximum information in the minimum space on your screen.
Page 15: Chapter 2 - Setting Up Internet Services
Note: Some companies act as their own ISP. For example, some organizations have branch ofﬁces that can use the Netopia 4752 to access the Internet via the main ofﬁce in a point-to-point scenario. If you install the Netopia 4752 in this type of environment, refer to the following sections for speciﬁc information you must receive from the network administrator to conﬁgure the Netopia 4752 properly.
Page 16 Check whether your ISP has the Netopia 4752 on its list of supported products that have been tested with a particular conﬁguration. If the ISP does not have the Netopia 4752 on such a list, describe the Netopia 4752 in as much detail as needed, so your ISP account can be optimized.
Page 17 If you are using MultiNAT, you should obtain the following: If you are connecting to a remote site using Network Address Translation on your router, your provider will not deﬁne the IP address information on your local LAN. You can deﬁne this information based on an IP conﬁguration that may already be in place for the existing network.
Page 18 2-4 Administration Guide...
Page 19: Chapter 3 - Making The Physical Connections
Cable length and network size limitations when expanding networks For small networks, install the Netopia 4752 near one of the LANs. For large networks, you can install the Netopia 4752 in a wiring closet or a central network administration site.
Page 20: What You Need
You will need: A Windows 95 or 98–based PC or a Macintosh computer with Ethernet connectivity for conﬁguring the Netopia 4752. This may be built-in Ethernet or an add-on card, with TCP/IP installed and conﬁgured. See “Sharing the Connection” on page An SDSL wall outlet wired for a connection to a Local Exchange Carrier (LEC) who supports Symmetric Digital Subscriber Line connections.
Page 21: Identify The Connectors And Attach The Cables
Identify the connectors on the back panel and attach the necessary Netopia cables. The ﬁgure below displays the back of the Netopia 4752 SDSL Integrated Access Device. Netopia 4752 back panel The following table describes all the Netopia 4752 SDSL Integrated Access Device back panel ports. Port Telephone extension Eight RJ-11 telephone jacks for connecting your phone extensions.
Page 22: Netopia 4752 Status Lights
3-4 Administration Guide Netopia 4752 Status Lights The ﬁgure below represents the Netopia 4752 status light (LED) panel. Netopia 4752 LED front panel The following table summarizes the meaning of the various LED states and colors: When this happens... The power is off (button is not pressed in)
Page 23: Chapter 4 - Sharing The Connection
Once you have set up your physical local area network, you will need to conﬁgure the TCP/IP stack on each client workstation connected to your Netopia 4752. This chapter describes how to conﬁgure TCP/IP for both Windows-based and Macintosh computers.
Page 24: Conﬁguring Tcp/Ip On Windows-Based Computers
DNS will be assigned by the router with DHCP. Click OK in this window and the next window. When prompted, reboot the computer. Note: You can also use these instructions to conﬁgure other computers on your network to accept IP addresses served by the Netopia 4752.
Page 25: Static Conﬁguration (Optional)
Subnet Mask: 255.255.255.0, or for 12-user models 255.255.255.240 This address is an example of one that can be used to conﬁgure the router. Your ISP or network administrator may ask you to use a different IP address and subnet mask.
Page 26 Under “New gateway,” enter 192.168.1.1. Click Add. This is the Netopia 4752’s pre-assigned IP address. Click OK in this window and the next window. When prompted, reboot the computer. Note: You can also use these instructions to conﬁgure other computers on your network with manual or static IP addresses.
Page 27: Conﬁguring Tcp/Ip On Macintosh Computers
You must have either Open Transport or Classic Networking (MacTCP) installed. Note: If you want to use the Dynamic Host Conﬁguration Protocol (DHCP) server built into your Netopia 4752 to assign IP addresses to your Macintoshes, you must be running Open Transport, standard in MacOS 8 and optional in earlier system versions.
Page 28: Static Conﬁguration (Optional)
Option: Connect via: Conﬁgure: IP Address: Subnet mask: Router or Gateway address: Name server address: Implicit Search Path: Starting domain name: Close the TCP/IP or MacTCP control panel and save the settings. If you are using MacTCP, you must restart the computer. If you are using Open Transport, you do not need to restart.
Page 29 IP addresses. Be sure each computer on your network has its own IP address. More information about conﬁguring your Macintosh computer for TCP/IP connectivity through a Netopia 4752 can be found in Technote NIR_026, “Open Transport and Netopia Routers,” located on the Netopia Web site.
Page 30 4-8 Administration Guide...
Page 31: Chapter 5 - Connecting To Your Local Network
This chapter describes how to physically connect the Netopia 4752 to your local area network (LAN). Before you proceed, make sure the Netopia 4752 is properly conﬁgured. You can customize the device’s conﬁguration for your particular LAN requirements using console-based management (see page 6-1).
Page 32: Readying Computers On Your Local Network
TCP/IP stack: This is the software that lets your PC or Macintosh computer communicate using Internet protocols. TCP/IP stacks must be conﬁgured with some of the same information you used to conﬁgure the Netopia 4752. There are a number of TCP/IP stacks available for PC computers. Windows 95 includes a built-in TCP/IP stack. See “Conﬁguring TCP/IP on Windows-based Computers”...
Page 33: Connecting To An Ip And Telephone Network
Connecting to an IP and Telephone Network The Netopia 4752 supports Ethernet connections through its Ethernet port. You can connect a standard 10 or 100Base-T Ethernet network to the Netopia 4752 using its Ethernet port. Netopia 4752 back panel Add computers by connecting...
Page 34 5-4 Administration Guide...
Page 35: Chapter 6 - Console-Based Management
Console-based management is a menu-driven interface for the capabilities built into the Netopia 4752. Console-based management provides access to a wide variety of features that the router supports. You can customize these features for your individual setup. This chapter describes how to access the console-based management screens.
Page 36: Connecting Through A Telnet Session
Note: Alternatively, you can have a direct serial console cable connection using the provided console cable for your platform (PC or Macintosh) and the Console port on the back of the router. For more information on attaching the console cable, see Telnet software installed on the computer you will use to conﬁgure the router...
Page 37: Connecting A Console Cable To Your Device
NT on the PC, or ZTerm, included on the Netopia CD, for Macintosh computers. The Netopia 4752 back panel has a connector labeled “Console” for attaching the Router to either a PC or Macintosh computer via the serial port on the computer. (On a Macintosh computer, the serial port is called the Modem port or Printer port.) This connection lets you use the computer to conﬁgure and monitor the Netopia...
Page 38 6-4 Administration Guide Launch your terminal emulation software and conﬁgure the communications software for the values shown in the table below. These are the default communication parameters that the Netopia 4752 uses. Parameter Terminal type Data bits Parity Stop bits...
Page 39: Navigating Through The Console Screens
Navigating through the Console Screens Use your keyboard to navigate the Netopia 4752’s conﬁguration screens, enter and edit information, and make choices. The following table lists the keys to use to navigate through the console screens. Move through selectable items in a screen or pop-up menu...
Page 40 6-6 Administration Guide...
Page 41: Chapter 7 - Easy Setup
This chapter describes how to use the Easy Setup console screens on your Netopia 4752 SDSL Integrated Access Device. After completing the Easy Setup console screens, your device will be ready to connect to the Internet or another remote site.
Page 42 Return/Enter goes to Easy Setup -- minimal configuration. If you do not see the Main Menu, verify that: If you are using a serial connection, that your serial port speed is the same as the Netopia 4752’s default 9600 baud, for ﬁrst use.
Page 43: Quick Easy Setup Connection Path
Quick Easy Setup Connection Path This section may be all you need to do to conﬁgure your Netopia 4752 SDSL Integrated Access Device to connect to the Internet. Your service provider must supply you with several parameter values for you to enter in the device. The service...
Page 44 (If you want to record these values, you can print these pages and use the spaces above.) If your ISP assigns your Router a Static IP address, do the following: Open a Telnet session to 192.168.1.1 to bring up the Main Menu.
Page 45: Sdsl Line Conﬁguration
Operation Mode... Data Rate... Data Link Encapsulation... PPP Mode... Data Circuit VPI (0-255): Data Circuit VCI (0-65535): PREVIOUS SCREEN Netopia 4752 v5.1 Easy Setup... WAN Configuration... System Configuration... POTS Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View...
Page 46 7-6 Administration Guide The Operation Mode selection will reset a number of default values that pertain to that particular DSLAM. If the changes are such that the defaults completely change the conﬁguration, you will see an alert message asking you to conﬁrm the resetting of the defaults. Operation Mode...
Page 47 If you are using an ATM-based Mode, the SDSL Line Conﬁguration screen offers additional parameters. Operation Mode... Data Link Encapsulation... RFC1483 Mode... Data Circuit VPI (0-255): Data Circuit VCI (0-65535): PREVIOUS SCREEN Select Data Link Encapsulation and from the pop-up menu choose either RFC1483 (the default) or PPP. If you selected RFC1483, the next pop-up menu RFC1483 Mode offers the choice of Bridged 1483 or Routed 1483.
Page 48: Voice Easy Setup
7-8 Administration Guide Voice Easy Setup Voice Gateway... Voice VPI (0-255): Voice VCI (0-65535): PREVIOUS SCREEN Select Voice Gateway and press Return. The pop-up menu will offer you the choice of popular voice gateway devices. Your selection depends on which type your ISP uses: CopperCom, JetStream, TollBridge, TDSoft, or Zhone.
Page 49: Easy Setup Proﬁle
ISP or a corporate site. On a Netopia 4752 SDSL Integrated Access Device you can add up to 15 more connection proﬁles, for a total of 16, although, except for Virtual Private Networks, you can only use one at a time.
Page 50: Ip Easy Setup
7-10 Administration Guide IP Easy Setup The IP Easy Setup screen is where you enter information about your Netopia Router’s: Ethernet IP address Ethernet Subnet mask Domain Name Domain Name Server IP address Default gateway IP address Consult with your network administrator to obtain the information you will need. For more information about setting up IP, see “IP Setup”...
Page 51: Easy Setup Security Conﬁguration
Do not confuse the remote IP address and the Default IP Gateway’s address with the block of local IP addresses you receive from your ISP. You use the local IP addresses for the Netopia 4752’s Ethernet port and for IP clients on your local network. The remote IP address and the default gateway’s IP address should point to your ISP’s router.
Page 52 PREVIOUS SCREEN Configure a Configuration Access Name and Password here. The ﬁnal step in conﬁguring the Easy Setup console screens is to restart the Netopia 4752, so that the conﬁguration settings take effect. Select RESTART DEVICE. A prompt asks you to conﬁrm your choice.
Page 53: Chapter 8 - Voice Conﬁguration
Some telephony terms mean different things in Centrex mode and PBX/local switching mode: Toll Restriction and Speed Dial. Since the Netopia 4752 operates in Centrex mode, it may be useful for you to understand how Centrex and local PBX work differently.
Page 54: Wan Conﬁguration
This is independent of the previous mode. This section describes how to conﬁgure the voice telephone features of the Netopia 4752. From the Main Menu select Voice Conﬁguration.
Page 55 Voice Gateway... Ring Cadence... Port Configuration... Voice Coding... Select Voice Gateway and from the pop-up menu, choose the type of voice gateway device to which you will be connected. The choices are: CopperCom, JetStream, TollBridge, TDSoft, or Zhone. Select Ring Cadence and press Return. A pop-up menu allows you to choose between 20Hz (the default) and 25Hz for compliance with several non-North American telephone systems.
Page 56 Once you have set echo cancellation, press Escape to return to the Voice Conﬁguration screen. You can enable or disable echo cancellation for each port on the Netopia 4752. Select Voice Coding and press Return. From the pop-up menu choose the voice coding method you will be using.
Page 58 Administration Guide...
Page 59: Chapter 9 — Wan And System Conﬁguration
This chapter describes how to use the console-based management screens to access and conﬁgure advanced features of your Netopia 4752 SDSL Integrated Access Device. You can customize these features for your individual setup. These menus provide a powerful method for experienced users to set up their device’s connection proﬁles and system conﬁguration.
Page 60: Wan Configuration
9-2 Administration Guide WAN Conﬁguration To conﬁgure your Wide Area Network (WAN) connection, navigate to the WAN Conﬁguration screen from the Main Menu and select WAN Conﬁguration, then WAN Setup. Main Menu From here you will configure yours and the remote sites' WAN information. The SDSL Line Conﬁguration screen appears.
Page 61 Operation Mode... Clock Source... Data Rate Mode... Data Rate... Display/Change Circuit... Add Circuit... Delete Circuit... Data Link Encapsulation... PPP Mode... Select Operation Mode and from the pop-up menu choose the type of DSLAM to which you will be connecting. Each access concentrator (DSLAM) has a different set of default data rates and other parameters. Your service provider should supply you with the appropriate information about the type and capabilities of the access concentrator equipment they use.
Page 62 9-4 Administration Guide For example, for the ATM-based DSLAM mode Nokia Fixed, the following screen displays. Operation Mode... Clock Source... Data Rate Mode... Data Rate... Display/Change Circuit... Add Circuit... Delete Circuit... Data Link Encapsulation... RFC1483 Mode... Enter Information supplied to you by your telephone company. For all except the (HDLC) Copper Mountain Operation Mode, the Data Rate Mode pop-up menu offers the choice of Hunt or Locked mode.
Page 63 (DSLAM) is divided logically into one or more virtual circuits (VCs). A virtual circuit may be either a permanent virtual circuit (PVC) or a switched virtual circuit (SVC). Netopia devices support PVCs. VCs are identiﬁed by a Virtual Path Identiﬁer (VPI) and Virtual Channel Identiﬁer (VCI). A VPI is an 8-bit value between 0 and 255, inclusive, while a VCI is a 16-bit value between 0 and 65535, inclusive.
Page 64 9-6 Administration Guide You conﬁgure Virtual Circuits in the Add/Change Circuit screen. From the Main Menu, navigate to the SDSL Line Conﬁguration screen. Main Menu Operation Mode... Clock Source... Data Rate Mode... Data Rate... Display/Change Circuit... Add Circuit... Delete Circuit... Data Link Encapsulation...
Page 65 Choosing Display/Change Circuit (or Delete Circuit) displays a pop-up menu that allows you to select the circuit to be modiﬁed or deleted. Operation Mode... Clock Source... Data Rate Mode... Data Rate... Display/Change Circuit... Add Circuit... Delete Circuit... Data Link Encapsulation... PPP Mode...
Page 66: Adding A Circuit
9-8 Administration Guide Circuit Enabled allows you to enable or disable the circuit, using the Tab key. The default is enabled. Trafﬁc Type allows you to select which type of trafﬁc will be routed on this circuit, Voice or Data. If you choose Voice, the Connection Proﬁle is ﬁeld becomes unavailable and does not display.
Page 67 Choosing Add Circuit displays the Add Circuit screen. Circuit Name: Circuit Enabled: Traffic Type... Circuit VPI (0-255): Circuit VCI (0-65535): Use Connection Profile... Use Default Profile for Circuit ADD Circuit NOW The ﬁelds in the Add Circuit screen are the similar to the ﬁelds in the Change Circuit screen described above. You can add up to seven circuits (for a total of eight) and bind them to separate Connection Proﬁles.
Page 68 9-10 Administration Guide The General Statistics screen adds a selection for ATM VC Statistics. To access the ATM VC Statistics screen navigate from the Main Menu to Statistics & Logs then General Statistics. Main Menu The General Statistics screen appears. Physical I/F-----Rx Bytes---Tx Bytes---Rx Pkts---Tx Pkts----Rx Err----Tx Err Ethernet Hub Aux Async...
Page 69 The ATM VC Statistics screen appears. VPI/VCI------Local IP Addr---------Frames Rx--Frames Tx---Bytes Rx---Bytes Tx ----------------------------------SCROLL UP----------------------------------- 0/39 111.222.333.4 8/36 ---------------------------------SCROLL DOWN---------------------------------- To display more information about each circuit associated with the selected WAN module, use the up or down arrow key to highlight the circuit you want to view. Press Return. A pop-up window appears, displaying detailed information for the selected circuit.
Page 70: Creating A New Connection Proﬁle
Return accepts * ESC cancels * Left/Right moves insertion point * Del deletes. Configure a new Conn. Profile. Finished? On a Netopia 4752 SDSL Integrated Access Device you can add up to 15 more connection proﬁles, for a total of 16, but you can only use one at a time.
Page 71 Select Data Link Encapsulation and press Return. The pop-up menu offers the possible data link encapsulation methods for connection proﬁles used for a variety of purposes: PPP, HDLC, Frame Relay, RFC1483, ATMP, PPTP, or IPsec. If you select any data link encapsulation method other than HDLC or RFC1483, a Data Link Options menu item is displayed;...
Page 72 9-14 Administration Guide Address Translation Enabled: Local WAN IP Address: Remote IP Address: Remote IP Mask: Filter Set... Remove Filter Set Receive RIP: Toggle to Yes if this is a single IP address ISP account. Configure IP requirements for a remote network connection here. Toggle or enter any IP Parameters you require and return to the Add Connection Proﬁle screen by pressing Escape.
Page 73: The Wan Default Proﬁle
The WAN Default Proﬁle If you are using RFC1483 datalink encapsulation, the WAN Default Proﬁle screen controls whether or not the SDSL link will come up without an explicitly conﬁgured connection proﬁle. (PPP datalink encapsulation does not support a default proﬁle, and the corresponding menu item is unavailable.) See Proﬁle”...
Page 74: Ip Parameters (Default Proﬁle) Screen
9-16 Administration Guide IP Parameters (Default Proﬁle) screen If you are using RFC1483 datalink encapsulation, the IP Parameters (Default Proﬁle) screen allows you to conﬁgure various IP parameters for SDSL connections established without an explicitly conﬁgured connection proﬁle: Address Translation Enabled: Filter Set (Firewall)...
Page 75: The Atmp/Pptp Default Proﬁle
See information. System Conﬁguration Screens You can connect to the Netopia 4752’s system conﬁguration screens in either of two ways: By using Telnet with the device’s Ethernet port IP address Through the console port, using a local terminal (see...
Page 76: System Conﬁguration Features
To go back in this sequence of screens, use the Escape key. System Conﬁguration Features The Netopia 4752 SDSL Integrated Access Device’s default settings may be all you need to conﬁgure your Netopia 4752. Some users, however, require advanced settings or prefer manual control over the default selections.
Page 77: Ip Setup
The System Conﬁguration menu screen appears: Use this screen if you want options beyond Easy Setup. IP setup These screens allow you to conﬁgure your network’s use of the standard networking protocol: IP: Details are given in “IP Setup” on page Filter sets These screens allow you to conﬁgure security on your network by means of ﬁlter sets and a basic ﬁrewall.
Page 78: Console Conﬁguration
9-20 Administration Guide System Date Format: Current Date (MM/DD/YY): System Time Format: Current Time: AM or PM: Follow these steps to set the system’s date and time: Select Current Date and enter the date in the appropriate format. Use one- or two-digit numbers for the month and day, and the last two digits of the current year.
Page 79: Snmp (Simple Network Management Protocol)
You can upgrade your Netopia 4752 by adding new feature sets through the Upgrade Feature Set utility. See the release notes that came with your device or feature set upgrade, or visit the Netopia Web site at www.netopia.com for information on new feature sets, how to obtain them, and how to install them on your Netopia 4752.
Page 80: Logging
You can specify the UNIX syslog Facility to use by selecting the Facility pop-up. Installing the Syslog client The Goodies folder on the Netopia CD contains a Syslog client daemon program that can be conﬁgured to report the WAN events you speciﬁed in the Logging Conﬁguration screen.
Page 81 The following screen shows a sample syslog dump of WAN events: 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com >>Issued Speech Setup Request from our DN: 5108645534 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com >>Issued Speech Setup Request from our DN: 5108645534 5 10:14:06 tsnext.netopia.com...
Page 82 9-24 Administration Guide...
Page 83 The Netopia 4752 uses Internet Protocol (IP) to communicate both locally and with remote networks. This chapter shows you how to conﬁgure the router to route IP trafﬁc. You also learn how to conﬁgure the router to serve IP addresses to hosts on your local network.
Page 84: Chapter 10 - Ip Setup
Main Menu The IP Setup options screen is where you conﬁgure the Ethernet side of the Netopia 4752. The information you enter here controls how the router routes IP trafﬁc. Consult your network administrator or ISP to obtain the IP setup information (such as the Ethernet IP address, Ethernet subnet mask, default IP gateway, and Primary Domain Name Server IP address) you will need before changing any of the settings in this screen.
Page 85: Ip Setup
Set to Both, the Netopia 4752 will accept information from either RIP v1 or v2 routers. If you want the Netopia 4752 to advertise its routing table to other routers via RIP, select Transmit RIP and select v1, v2 (broadcast), or v2 (multicast) from the pop-up menu. With Transmit RIP v1 selected, the Netopia 4752 will generate RIP packets only to other RIP v1 routers.
Page 86: Ip Subnets
All eight row labels are always visible, regardless of the number of subnets conﬁgured. To add an IP subnet, enter the Netopia 4752’s IP address on the subnet in the IP Address ﬁeld in a particular row and the subnet mask for the subnet in the Subnet Mask ﬁeld in that row.
Page 87 For example: IP Address ---------------- 192.128.117.162 192.128.152.162 0.0.0.0 To delete a conﬁgured subnet, set both the IP address and subnet mask values to 0.0.0.0, either explicitly or by clearing each ﬁeld and pressing Return to commit the change. When a conﬁgured subnet is deleted, the values in subsequent rows adjust up to ﬁll the vacant ﬁelds.
Page 88: Static Routes
Static routes are IP routes that are maintained manually. Each static route acts as a pointer that tells the Netopia 4752 how to reach a particular network. However, static routes are used only if they appear in the IP routing table, which contains all of the routes used by the Netopia 4752 (see Static routes are helpful in situations where a route to a network must be used and other means of ﬁnding the...
Page 89 The Static Routes screen will appear. Configure/View/Delete Static Routes from this and the following Screens. Viewing static routes To display a view-only table of static routes, select Display/Change Static Route. The table shown below will appear. +-Dest. Network---Subnet Mask-----Next Gateway----Priority-Enabled-+ +------------------------------------------------------------------+ | 0.0.0.0 +------------------------------------------------------------------+...
Page 90 Select Destination Network Subnet Mask and enter the subnet mask used by the destination network. Select Next Gateway IP Address and enter the IP address for the router that the Netopia 4752 will use to reach the destination network. This router does not necessarily have to be part of the destination network, but it must at least know where to forward packets destined for that network.
Page 91 If the static route conﬂicts with a connection proﬁle, the connection proﬁle will always take precedence. To make sure that the static route is known only to the Netopia 4752, select Advertise Route Via RIP and toggle it to No. To allow other RIP-capable routers to know about the static route, select Advertise Route Via RIP and toggle it to Yes.
Page 92: Ip Address Serving
Menu Configuration In addition to being a router, the Netopia 4752 is also an IP address server. There are three protocols it can use to distribute IP addresses. The ﬁrst, called Dynamic Host Conﬁguration Protocol (DHCP), is widely supported on PC networks, as well as Apple Macintosh computers using Open Transport and computers using the UNIX operating system.
Page 93 If you enabled IP Address Serving, then DHCP, BootP clients and Dynamic WAN clients are automatically enabled. The IP Address Serving Mode pop-up menu allows you to choose the way in which the Netopia 4752 will serve IP addresses. The device can act as either a DHCP Server or a DHCP Relay Agent. (See “DHCP Relay...
Page 94 10-12 Administration Guide If you have conﬁgured multiple Ethernet IP subnets, the appearance of the IP Address Serving screen is altered slightly: Configure Address Pools... Serve DHCP Clients: DHCP NetBios Options... Serve BOOTP Clients: Serve Dynamic WAN Clients: The ﬁrst three menu items are hidden, and Conﬁgure Address Pools... appears instead. If you select Conﬁgure Address Pools...
Page 95: Ip Address Pools
The value defaults to the Netopia 4752’s IP address on the corresponding subnet (or the Netopia 4752’s default gateway, if that gateway is located on the subnet in question). You can override the value by entering any address that is part of the subnet.
Page 96 When requesting an address, a client may provide a client identiﬁer, or, if it does not, the Netopia 4752 may construct a pseudo-client identiﬁer for the client. When the client subsequently requests an address, the Netopia 4752 will attempt to serve the address previously associated with the pseudo-client identiﬁer.
Page 97: Dhcp Netbios Options
DHCP NetBIOS Options If your network uses NetBIOS, you can enable the Netopia 4752 to use DHCP to distribute NetBIOS information. NetBIOS stands for Network Basic Input/Output System. It is a layer of software originally developed by IBM and Sytek to link a network operating system with speciﬁc hardware. NetBIOS has been adopted as an industry standard.
Page 98 10-16 Administration Guide From the NetBios Type pop-up menu, select the type of NetBIOS used on your network. Serve NetBios Type: NetBios Type... Serve NetBios Scope: NetBios Scope: Serve NetBios Name Server: NetBios Name Server IP Addr: To serve DHCP clients with the NetBIOS scope, select Serve NetBios Scope and toggle it to Yes. Select NetBios Scope and enter the scope.
Page 99: More Address Serving Options
The ability to serve as a DHCP Relay Agent. The Netopia 4752 supports reserving an IP address only for a type 1 client identiﬁer (i.e., an Ethernet hardware address). It does not support reserving an IP address for an arbitrary client identiﬁer. (For more information on client identiﬁers, see RFC 2131, section 9.14.)
Page 100: Conﬁguring The Ip Address Server Options
10-18 Administration Guide Conﬁguring the IP Address Server options To access the enhanced DHCP server functions, from the Main Menu navigate to Statistics & Logs and then Served IP Addresses. Main Menu The following example shows the Served IP Addresses screen after three clients have leased IP addresses. The ﬁrst client did not provide a Host Name in its DHCP messages;...
Page 101 You can select the entries in the Served IP Addresses screen. Use the up and down arrow keys to move the selection to one of the entries in the list of served IP addresses. -IP Address------Type----Expires—-Host Name/Client Identifier----------------- ----------------------------------SCROLL UP----------------------------------- 192.168.1.100 192.168.1.101 192.168.1.102...
Page 102 10-20 Administration Guide Details… is displayed if the entry is associated with both a host name and a client identiﬁer. Selecting Details… displays a pop-up menu that provides additional information associated with the IP address. The pop-up menu includes the IP address as well as the host name and client identiﬁer supplied by the client to which the address is leased.
Page 103 -IP Address------Type----Expires—-Host Name/Client Identifier----------------- ----------------------------------SCROLL UP----------------------------------- 192.168.1.100 192.168.1.101 192.1+-------------------------------------------------------------+ 192.1+-------------------------------------------------------------+ 192.1| 192.1| You are about to make changes that will affect an address 192.1| that is currently in use. Are you sure you want to do this? | 192.1| 192.1| CANCEL 192.1| 192.1+-------------------------------------------------------------+...
Page 104 The router’s Ethernet IP address(es) will be automatically excluded from the address serving pool(s) on startup. Entries in the served IP address list corresponding to the router’s Ethernet IP address(es) that have been automatically excluded on startup are not selectable.
Page 105 Netopia Router. If the Netopia Router is conﬁgured to act as a DHCP server, it will assign the client an address from an address pool conﬁgured locally in the Netopia Router and respond to the client's request...
Page 106: Dhcp Relay Agent
10-24 Administration Guide Select IP Address Serving and press Return. The IP Address Serving screen appears. IP Address Serving Mode... Number of Client IP Addresses: 1st Client Address: Client Default Gateway... Serve DHCP Clients: DHCP NetBIOS Options... Serve BOOTP Clients: Select IP Address Serving Mode.
Page 107: Connection Proﬁles
Configure a new Conn. Profile. Finished? On a Netopia 4752 SDSL Integrated Access Device you can add up to 15 more connection proﬁles, for a total of 16, although only one can be used at a time, unless you are using VPNs.
Page 108 10-26 Administration Guide Select Proﬁle Name and enter a name for this connection proﬁle. It can be any name you wish. For example: the name of your ISP. Toggle the Proﬁle Enabled value to Yes or No. The default is Yes. Select IP Proﬁle Parameters and press Return.
Page 109 Select ADD PROFILE NOW and press Return. Your new connection proﬁle will be added. If you want to view the connection proﬁles in your router, return to the WAN Conﬁguration screen, and select Display/Change Connection Proﬁle. The list of connection proﬁles is displayed in a scrolling pop-up screen.
Page 110 10-28 Administration Guide...
Page 111: Chapter 11 - Multiple Network Address Translation
To help you understand some of the concepts discussed here, it may be helpful to introduce some NAT terminology. The term mapping refers to rules that associate one or more private addresses on the Netopia Router’s LAN to one or more public addresses on the Netopia Routers WAN interface (typically the Internet).
Page 112 IP address to which you would like to provide access. You may also deﬁne a speciﬁc public IP address to use for this service if you want to use an IP other than the WAN IP address of the Netopia Router.
Page 113: Wan Network
NAT. Dynamic NAT is intended to provide functionality beyond many-to-one and one-to-one translation. Netopia’s NAT implementation makes it possible to have a static mapping of one public address to one private address, thus allowing applications such as NetMeeting to work by assuring that any trafﬁc sent back to the source IP address is forwarded through to the internal machine.
Page 114 For example, if a connection is initiated from the public network and is destined for a public IP address conﬁgured on the Netopia Router, the following comparisons are made in this order. The Netopia Router ﬁrst checks its internal NAT cache to see if the data is part of a previously initiated connection, if not…...
Page 115: Supported Trafﬁc
In order to support this type of mapping, you deﬁne two address ranges. First, you deﬁne a public range which contains the ﬁrst and last public address to be used and the way in which these addresses should be used (PAT, static, or dynamic).
Page 116: Multinat Conﬁguration
IP proﬁle parameters, described on Easy Setup Proﬁle conﬁguration The screen below is an example. Depending on the type of router you are using, ﬁelds displayed in this screen may vary. Address Translation Enabled: IP Addressing... Local WAN IP Address:...
Page 117: Ip Setup
An example MultiNAT conﬁguration at the end of this chapter describes some applications for these features. See the MultiNAT Conﬁguration Example on page In order to conﬁgure the router to make servers on your LAN visible to the Internet, you use advanced features in the System Conﬁguration screens, described in IP setup To access the NAT conﬁguration screens, from the Main Menu navigate to IP Setup:...
Page 118 Static public address ranges must not overlap other static, PAT, public addresses, or the public address assigned to the router’s WAN interface. A PAT public address must not overlap any static address ranges. It may be the same as another PAT address or server list address, but the port range must not overlap.
Page 119 The Add NAT Public Range screen appears. Range Name: Type... Public Address: First Public Port: Last Public Port: ADD NAT PUBLIC RANGE Select Range Name and give a descriptive name to this range. Select Type and from the pop-up menu, assign its type. Options are static, dynamic, or pat (the default). If you choose pat as the range type, select Public Address and enter the exterior IP address in the range you want to assign.
Page 120 11-10 Administration Guide Map List Name: Add Map... Select Map List Name and enter a descriptive name for this map list. A new menu item, Add Map, appears. Select Add Map and press Return. The Add NAT Map screen appears. First Private Address: Last Private Address: Use NAT Public Range...
Page 121 +-Public Address Range------------Type----Name-------------+ +----------------------------------------------------------+ | 0.0.0.0 | 206.1.1.6 | 206.1.1.1 | <<NEW RANGE...>> +----------------------------------------------------------+ Up/Down Arrow Keys to select, ESC to cancel, Return/Enter to Delete. From the list of public ranges you deﬁned, select the one that you want to map to the interior range for this mapping and press Return.
Page 122: Modifying Map Lists
11-12 Administration Guide Modifying map lists You can make changes to an existing map list after you have created it. Since there may be more than one map list you must select which one you are modifying. From the Network Address Translation screen select Show/Change Map List and press Return. Select the map list you want to modify from the pop-up menu.
Page 123 Add Map allows you to add a new map to the map list. Show/Change Maps allows you to modify the individual maps within the list. Delete Map allows you to delete a map from the list. Move Map allows you to change the priority order in which the map is evaluated within the list. See maps on page 11-14.
Page 124: Moving Maps
11-14 Administration Guide Make any modiﬁcations you need and then select CHANGE NAT MAP and press Return. Your changes will become effective and you will be returned to the Show/Change NAT Map List screen. Moving maps The Move Maps screen permits reordering the priority of maps in a map list. Since the maps are read from top to bottom, those at the top have the highest priority and those at the bottom have the lowest.
Page 125 +---Private Address Range---------Type----Public Address Range------------+ +-------------------------------------------------------------------------+ | 192.168.1.2 | 192.168.1.252 | 192.168.1.1 +-------------------------------------------------------------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. You can press Escape at any time in the pop-up menu to abort the move and restore the map list to its original ordering.
Page 126: Adding Server Lists
11-16 Administration Guide Adding Server Lists Server lists, also known as Exports, are handled similarly to map lists. If you want to make a particular server’s port accessible (and it isn’t accessible through other means, such as a static mapping), you must create a server list.
Page 127 Select Add Server and press Return. The Add NAT Server screen appears. Service... Server Private IP Address: Public IP Address: ADD NAT SERVER Select Service and press Return. A pop-up menu appears listing a selection of commonly exported services. Service... Server Private IP Address: Public IP Address: ADD NAT SERVER...
Page 128 Note: CUSeeMe (or other services that listen on speciﬁc ports) through MultiNat works as it did for non-MultiNat releases prior to version 4.4. In order to use CUSeeMe through the Netopia Router, you must export the ports 7648 and 7649. In MultiNat, you may use a port range export. Without the export, CUSeeMe will fail to work.
Page 129: Modifying Server Lists
Modifying server lists Once a server list exists, you can select it for modiﬁcation or deletion. Select Show/Change Server List from the Network Address Translation screen. Select the Server List Name you want to modify from the pop-up menu and press Return. Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
Page 130 11-20 Administration Guide Selecting Show/Change Server or Delete Server displays the same pop-up menu. +-Private Address--Public Address----Port------------+ +----------------------------------------------------+ Se| 192.168.1.254 | 192.168.1.254 | 192.168.1.254 Ad| 192.168.1.254 | 192.168.1.254 +----------------------------------------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. Select any server from the list and press Return.
Page 131: Deleting A Server
Deleting a server To delete a server from the list, select Delete Server from the Show/Change NAT Server List menu and press Return. A pop-up menu lists your conﬁgured servers. Select the one you want to delete and press Return. A dialog box asks you to conﬁrm your choice.
Page 132: Binding Map Lists And Server Lists
Binding Map Lists and Server Lists Once you have created your map lists and server lists, for most Netopia Router models you must bind them to a proﬁle, either a Connection Proﬁle or the Default Proﬁle. You do this in one of the following screens: IP proﬁle parameters...
Page 133 Select NAT Map List and press Return. A pop-up menu displays a list of your deﬁned map lists. Address Trans| Easy-PAT IP Addressing| my_map NAT Map List.| NAT Server Li| Local WAN IP | Remote IP Add| Remote IP Mas| Filter Set...| Remove Filter| Receive RIP: |...
Page 134: Ip Parameters (Wan Default Proﬁle)
11-24 Administration Guide IP Parameters (WAN Default Proﬁle) The Netopia 4752 in HDLC (Copper Mountain) Operation Mode supports a WAN default proﬁle that permits several parameters to be conﬁgured without an explicitly conﬁgured Connection Proﬁle. The procedure is similar to the procedure to bind map lists and server lists to a Connection Proﬁle.
Page 135 Select NAT Map List and press Return. A pop-up menu displays a list of your deﬁned map lists. Address Trans| <<None>> NAT Map List.| NAT Server Li| Filter Set (F| Remove Filter| Receive RIP: | Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. Select the map list you want to bind to the default proﬁle and press Return.
Page 136: Nat Associations
11-26 Administration Guide NAT Associations Conﬁguration of map and server lists alone is not sufﬁcient to enable NAT for a WAN connection because map and server lists must be linked to a proﬁle that controls the WAN interface. This can be a Connection Proﬁle, a WAN Ethernet interface, a default proﬁle, or a default answer proﬁle.
Page 137 keys. Select the item by pressing Return to display a pop-up menu of all of your conﬁgured lists. Profile/Interface Name-------------Nat+------------------+Server List Name Easy Setup Profile Profile 01 Profile 02 Profile 03 Profile 04 Default Answer Profile Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. Select the list name you want to assign and press Return again.
Page 138: Multinat Conﬁguration Example
Public IP addresses assigned by the ISP are 206.1.1.1 through 206.1.1.6 (255.255.255.248 subnet mask). Your internal devices have IP addresses of 192.168.1.1 through 192.168.1.254 (255.255.255.0 subnet mask). Netopia Router's address is: Web server's address is: Mail server's address is: FTP server's address is: In this example you will statically map the ﬁrst ﬁve public IP addresses (206.1.1.1 - 206.1.1.5) to the ﬁrst ﬁve...
Page 139 Default IP Gateway: IP Address Serving: Number of Client IP Addresses: 1st Client Address: PREVIOUS SCREEN Set up the basic IP & IPX attributes of your Netopia in this screen. Then navigate to the Network Address Translation (NAT) screen. Main Menu Configuration...
Page 140 11-30 Administration Guide Select Show/Change Public Range, then Easy-PAT Range, and press Return. Enter the value your ISP assigned for your public address (206.1.1.6, in this example). Toggle Type to pat. Your public address is then mapped to the remaining private IP addresses using PAT. (If you were not using the Easy-PAT Range and Easy-PAT List that are created by default by using Easy Setup, you would have to deﬁne a public range and map list.
Page 141 You do this through either the NAT Associations screen or the proﬁle’s conﬁguration screens. The PAT part of this example setup will allow any user on the Netopia Router's LAN with an IP address in the range of 192.168.1.6 through 192.168.1.254 to initiate trafﬁc ﬂow to the outside world (for example, the Internet).
Page 142 IP address, 206.1.1.3. For the sake of this example, alias both services to 206.1.1.2. Now, as before, the PAT conﬁguration will allow any user on the Netopia Router's LAN with an IP address in the range of 192.168.1.6 through 192.168.1.254 to initiate trafﬁc ﬂow to the Internet.
Page 143: Chapter 12 — Virtual Private Networks (Vpns)
(Internet). The Netopia 4752 can be used in VPNs either to initiate the connection or to answer it. When used in this way, the routers are said to be tunnelling through the public network (Internet). The advantages are that, like your long distance phone call, you don't need a direct line between one computer or LAN and the other, but use the local connections, making it much cheaper;...
Page 144 Netopia’s PPTP implementation is compatible with Microsoft’s and can function as either the client (PAC) or the server (PNS). As a client, a Netopia R-series router can provide all users on a LAN with secure access over the Internet to the resources of another LAN by setting up a tunnel with a Windows NT server running Remote Access Services (RAS) or with another Netopia Router.
Page 145: About Pptp Tunnels
PPTP language), or a foreign agent (in ATMP language). When used to answer the tunnelled connection, the Netopia Router is called a PPTP Network Server (PNS, in PPTP language) or a home agent (in ATMP language). In either case, the Netopia Router wraps, or encapsulates, information that one end of the tunnel exchanges with the other, in a wrapper called General Routing Encapsulation (GRE), at one end of the tunnel, and unwraps, or decapsulates, it at the other end.
Page 146: Pptp Conﬁguration
12-4 Administration Guide PPTP conﬁguration To set up the router as a PPTP Network Server (PNS) capable of answering PPTP tunnel requests you must also conﬁgure the VPN Default Answer Proﬁle. See information. PPTP is a Datalink Encapsulation option in Connection Proﬁles. It is not an option in device or link conﬁguration screens, as PPTP is not a native encapsulation.
Page 147 If you do not specify the PPTP Partner IP Address, the router will use the default gateway to reach the partner and the Tunnel Via Gateway ﬁeld is hidden. If the partner should be reached via an alternate port (i.e.
Page 148 MS-CHAP version 1 (MS-CHAP-V1). When you choose MS-CHAP as the authentication method for the PPTP tunnel, the Netopia router will start negotiating MS-CHAP-V2. If the router you are connecting to does not support MS-CHAP-V2, it will fall back to MS-CHAP-V1, or, if the router you are connecting to does not support MPPE at all, the PPP session will be dropped.
Page 149: About Ipsec Tunnels
IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPsec-compliant device decrypts each packet. Netopia Routers support the more secure Tunnel mode.
Page 150 12-8 Administration Guide The Add Connection Proﬁle screen appears. Profile Name: Profile Enabled: Data Link Encapsulation... Data Link Options... IP Profile Parameters... COMMIT From the Data Link Encapsulation pop-up menu select IPsec. Then select Data Link Options. The IPsec Encryption & Authentication Options screen appears. Encryption Transform...
Page 151 IPsec Encryption & Authentication Options Encryption Transform... Encryption Key: Authentication Type... Authentication Transform... Authentication Key: COMMIT Enter a key of 16 Hex digits, e.g. '1234567890ABCDEF' You must enter an Encryption Key if the Encryption Transform is DES. The key for DES must be a hexadecimal string of 16 characters, using Hex characters only: '0'-'9', 'A'-'F' and 'a' - 'f'.
Page 152: Ip Proﬁle Parameters
12-10 Administration Guide IP Proﬁle Parameters The following IP Proﬁle Options screen is displayed for an IPsec Connection Proﬁle. SPI (Security Parameters Index): Remote Tunnel Endpoint Address: Remote Members Network: Remote Members Mask: Address Translation Enabled: NAT Map List... NAT Server List... PAT IP Address: Filter Set...
Page 153: Advanced Ip Proﬁle Options
Next Hop Gateway option allows you to enter the address by which the gateway partner is reached. If you do not specify the Remote Tunnel Endpoint Address, the router will use the default gateway to reach the partner. If the partner should be reached via an alternate port (for example, the LAN instead of the WAN), the Next Hop Gateway ﬁeld allows this path to be resolved.
Page 154: Interoperation With Other Features
Notes: The Netopia 4752 supports 128-bit (“strong”) encryption when using PPTP tunnels. ATMP does not have an option of using 128-bit MPPE. If you are using ATMP between two Netopia routers you can optionally set 56-bit DES encryption. When you choose MS-CHAP as the authentication method for a PPTP tunnel, the Netopia router will start negotiating MS-CHAPv2.
Page 155: Atmp/Pptp Default Answer Proﬁle
The WAN Conﬁguration menu offers a ATMP/PPTP Default Answer Proﬁle option. Use this selection when your router is acting as the server for VPN connections, that is, when you are on the answering end of the tunnel establishment. The ATMP/PPTP Default Answer Proﬁle determines the way the attempted tunnel connection is answered.
Page 156: Vpn Quickview
12-14 Administration Guide default) if you do not. This applies to both ATMP and PPTP connections. For PPTP tunnel connections only, you must deﬁne what type of authentication these connections will use. Select Receive Authentication and press Return. A pop-up menu offers the following options: PAP (the default), CHAP, or MS-CHAP.
Page 157: Dial-Up Networking For Vpn
Microsoft Windows Dial-Up Networking software permits a remote standalone workstation to establish a VPN tunnel to a PPTP server such as a Netopia Router located at a central site. Dial-Up Networking also allows a mobile user who may not be connected to a PAC to dial into an intermediate ISP and establish a VPN tunnel to, for example, a corporate headquarters, remotely.
Page 158: Creating A New Dial-Up Networking Proﬁle
12-16 Administration Guide The Communications window appears. In the Communications window, select Dial-Up Networking and click the OK button. This returns you to the Windows Setup screen. Click the OK button. Respond to the prompts to install Dial-Up Networking from the system disks or CDROM. When prompted, reboot your PC.
Page 159: Conﬁguring A Dial-Up Networking Proﬁle
Windows 98 users select PPP: Windows 98, Windows NT Server, Internet In the Allowed network protocols area check TCP/IP and uncheck all of the other checkboxes. Note: Netopia’s PPTP implementation does not currently support tunnelling of IPX and NetBEUI protocols. Virtual Private Networks (VPNs) 12-17...
Page 160: Installing The Vpn Client
12-18 Administration Guide Click the TCP/IP Settings button. If your ISP uses dynamic IP addressing (DHCP), select the Server assigned IP address radio button. If your ISP uses static IP addressing, select the Specify an IP address radio button and enter your assigned IP address in the ﬁelds provided.
Page 161: Windows 98 Vpn Installation
This displays a list of possible selections for the communications option. Active components will have a check in the checkboxes to their left. Check Dial Up Networking at the top of the list and Virtual Private Networking at the bottom of the list. Click OK at the bottom right on each screen until you return to the Control Panel.
Page 162: Connecting Using Dial-Up Networking
12-20 Administration Guide Connecting using Dial-Up Networking A Dial-Up Networking connection will be automatically launched whenever you run a TCP/IP application, such as a web browser or email client. When you ﬁrst run the application a Connect To dialog box appears in which you enter your User name and Password.
Page 163 Profile Name: Profile Enabled: Data Link Encapsulation... Data Link Options... IP Profile Parameters... ADD PROFILE NOW When you deﬁne a Connection Proﬁle as using ATMP by selecting ATMP as the datalink encapsulation method, and then select Data Link Options, the ATMP Tunnel Options screen appears. ATMP Partner IP Address: Tunnel Via Gateway: Network Name:...
Page 164 You can specify a Network Name. When the tunnel partner is another Netopia router, this name may be used to match against a Connection Proﬁle. When the partner is an Ascend router in Gateway mode, then Network Name is used by the Ascend router to match a gateway proﬁle.
Page 165: Allowing Vpns Through A Firewall
Select IP Proﬁle Parameters and press Return. The IP Proﬁle Parameters screen appears. Address Translation Enabled: NAT Map List... NAT Server List... Local WAN IP Address: Remote IP Address: Remote IP Mask: Filter Set... Remove Filter Set Receive RIP: Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx). Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel.
Page 166: Pptp Example
12-24 Administration Guide PPTP example To enable a ﬁrewall to allow PPTP trafﬁc, you must provision the ﬁrewall to allow inbound and outbound TCP packets speciﬁcally destined for port 1723. The source port may be dynamic, so often it is not useful to apply a compare function upon this portion of the control/negotiation packets.
Page 167 For Input Filter 2 set the Protocol Type to allow GRE as shown below. Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+...
Page 168 12-26 Administration Guide For Output Filter 2 set the Protocol Type to allow GRE as shown below. Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: Change Output Filter 2 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0...
Page 169: Atmp Example
ATMP example To enable a ﬁrewall to allow ATMP trafﬁc, you must provision the ﬁrewall to allow inbound and outbound UDP packets speciﬁcally destined for port 5150. The source port may be dynamic, so often it is not useful to apply a compare function on this portion of the control/negotiation packets.
Page 170 12-28 Administration Guide For Input Filter 2 set the Protocol Type to allow GRE as shown below. Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+...
Page 171 For Output Filter 2 set the Protocol Type to allow GRE as shown below. Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: Virtual Private Networks (VPNs) 12-29 Change Output Filter 2 0.0.0.0 0.0.0.0 0.0.0.0...
Page 172 12-30 Administration Guide...
Page 173: Chapter 13 — Security
User Accounts When you ﬁrst set up and conﬁgure the Netopia 4752, no passwords are required to access the conﬁguration screens. Anyone could tamper with the router’s conﬁguration by simply connecting it to a console. However, by adding user accounts, you can protect the most sensitive screens from unauthorized access. User accounts are composed of name/password combinations that can be given to authorized users.
Page 174 13-2 Administration Guide CAUTION! You are strongly encouraged to add protection to the conﬁguration screens. Unprotected screens could allow an unauthorized user to compromise the operation of your entire network. Once user accounts are created, users who attempt to access protected screens will be challenged. Users who enter an incorrect name or password are returned to a screen requesting a name/password combination to access the Main Menu.
Page 175: Telnet Access
Return to delete it. To exit the list without deleting the selected account, press Escape. Telnet Access Telnet is a TCP/IP service that allows remote terminals to access hosts on an IP network. The Netopia 4752 supports Telnet access to its conﬁguration screens.
Page 176: About Filters And Filter Sets
ﬁlters to control network communications can greatly improve your network’s security. The Netopia 4752’s packet ﬁlters are designed to provide security for the Internet connections made to and from your network. You can customize the router’s ﬁlter sets for a variety of packet ﬁltering applications.
Page 177 Filter priority Continuing the customs inspectors analogy, imagine the inspectors lined up to examine a package. If the package matches the ﬁrst inspector’s criteria, the package is either rejected or passed on to its destination, depending on the ﬁrst inspector’s particular orders. In this case, the package is never seen by the remaining inspectors.
Page 178: How Individual Filters Work
This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match occurs, the packet is blocked. Here is what this rule looks like when implemented as a ﬁlter on the Netopia 4752: +-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +--------------------------------------------------------------------+ 199.211.211.17...
Page 179 Internet service Telnet SMTP (mail) Gopher Internet service Who Is World Wide Web SNMP TFTP Port number comparisons A ﬁlter can also use a comparison option to evaluate a packet’s source or destination port number. The comparison options are: No Compare: No comparison of the port number speciﬁed in the ﬁlter with the packet’s port number. Not Equal To: For the ﬁlter to match, the packet’s port number cannot equal the port number speciﬁed in the ﬁlter.
Page 180 13-8 Administration Guide Other ﬁlter attributes There are three other attributes to each ﬁlter: The ﬁlter’s order (i.e., priority) in the ﬁlter set Whether the ﬁlter is currently active Whether the ﬁlter is set to forward packets or to block (discard) packets Putting the parts together When you display a ﬁlter set, its ﬁlters are displayed as rows in a table: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+...
Page 181 Src. Port: The source port to match. This is the port on the sending host that originated the packet. D. Port: The destination port to match. This is the port on the receiving host for which the packet is intended. On?: Displays Yes when the ﬁlter is in effect or No when it is not.
Page 182: Design Guidelines
13-10 Administration Guide Filtering example #2 Suppose a ﬁlter is conﬁgured to block all incoming IP packets with the source IP address of 200.233.14.0, regardless of the type of connection or its destination. The ﬁlter would look like this: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ 200.233.14.0 +----------------------------------------------------------------------+...
Page 183: Working With Ip Filters And Filter Sets
option in the answer proﬁle, PAP or CHAP in connection proﬁles, callback, and general awareness of how your network may be vulnerable. An approach to using ﬁlters The ultimate goal of network security is to prevent unauthorized access to the network without compromising authorized access.
Page 184: Adding A Filter Set
13-12 Administration Guide Add a new ﬁlter set. Create the ﬁlters for the new ﬁlter set. View, change, or delete individual ﬁlters and ﬁlter sets. The sections below explain how to execute these steps. Adding a ﬁlter set You can create up to eight different custom ﬁlter sets. Each ﬁlter set can contain up to 16 output ﬁlters and up to 16 input ﬁlters.
Page 185 The Netopia R-Series Router Packets in the Netopia 4752 pass through an input ﬁlter if they originate in the WAN and through an output ﬁlter if they’re being sent out to the WAN. The process for adding input and output ﬁlters is exactly the same. The main difference between the two involves their reference to source and destination.
Page 186 13-14 Administration Guide Enter the IP specific information for this filter. To make the ﬁlter active in the ﬁlter set, select Enabled and toggle it to Yes. If Enabled is toggled to No, the ﬁlter can still exist in the ﬁlter set, but it will have no effect. If you want the ﬁlter to forward packets that match its criteria to the destination IP address, select Forward and toggle it to Yes.
Page 187: Viewing Filter Sets
10. When you are ﬁnished conﬁguring the ﬁlter, select ADD THIS FILTER NOW to save the ﬁlter in the ﬁlter set. Select CANCEL to discard the ﬁlter and return to the Add IP Filter Set screen. Viewing ﬁlters To display a view-only table of input or output ﬁlters, select Display/Change Input Filter or Display/Change Output Filter in the Add IP Filter Set screen.
Page 188: Modifying Filter Sets
ﬁlter set. A sample IP ﬁlter set This section contains the settings for a ﬁlter set called Basic Firewall, which is part of the Netopia 4752’s factory conﬁguration. Basic Firewall blocks undesirable trafﬁc originating from the WAN (in most cases, the Internet), but forwards all trafﬁc originating from the LAN.
Page 189 The ﬁve input ﬁlters and one output ﬁlter that make up Basic Firewall are shown in the table below. Input ﬁlter Setting Enabled Forward Source IP 0.0.0.0 address Source IP 0.0.0.0 address mask Dest. IP 0.0.0.0 address Dest. IP 0.0.0.0 address mask Protocol type Source port...
Page 190 13-18 Administration Guide Basic Firewall is suitable for a LAN containing only client hosts that want to access servers on the WAN, but not for a LAN containing servers providing services to clients on the WAN. Basic Firewall’s general strategy is to explicitly forward WAN-originated TCP and UDP trafﬁc to ports greater than 1023.
Page 191: Firewall Tutorial
FTP sessions. To allow WAN-originated FTP sessions to a LAN-based FTP server with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243), insert the following input ﬁlter ahead of the current input ﬁlter 1: Enabled: Yes Forward: Yes Source IP Address: 0.0.0.0 Source IP Address Mask: 0.0.0.0...
Page 192: Basic Ip Packet Components
13-20 Administration Guide Basic IP packet components All IP packets contain the same basic header information, as follows: This header information is what the packet ﬁlter uses to make ﬁltering decisions. It is important to note that a packet ﬁlter does not look into the IP data stream (the User Data from above) to make ﬁltering decisions. Basic protocol types TCP: Transmission Control Protocol.
Page 193: Firewall Design Rules
Firewall design rules There are two basic rules to ﬁrewall design: “What is not explicitly allowed is denied.” “What is not explicitly denied is allowed.” The ﬁrst rule is far more secure, and is the best approach to ﬁrewall design. It is far easier (and more secure) to allow in or out only certain services and deny anything else.
Page 194 13-22 Administration Guide Logical AND function When a packet is compared (in most cases) a logical AND function is performed. First the IP addresses and subnet masks are converted to binary and then combined with AND. The rules for the logical use of AND are as follows: 0 AND 0 = 0 0 AND 1 = 0...
Page 195: Filter Basics
In the source or destination IP address ﬁelds, the IP address that is entered must be the network address of the subnet. A host address can be entered, but the applied subnet mask must be 32 bits (255.255.255.255). The Netopia 4752 has the ability to compare source and destination TCP or UDP ports. These options are as follows:...
Page 196: Example Filters
IP Address 200.1.1.28 255.255.255.128 This incoming IP packet has a source IP address that matches the network address in the Source IP Address ﬁeld (00000000) in the Netopia 4752. This will not forward this packet. Incoming Packet Filter Netopia 200.1.1.0 (Source IP Network Address) 255.255.255.128...
Page 197 IP Address 200.1.1.184 255.255.255.240 Since the Source IP Network Address in the Netopia 4752 is 01100000, and the source IP address after the logical AND is 1011000, this rule does not match and this packet will be forwarded. 200.1.1.0 (Source IP Network Address) 255.255.255.128...
Page 198 IP Address 200.1.1.104 255.255.255.240 Since the Source IP Network Address in the Netopia 4752 is 01100000, and the source IP address after the logical AND is 01100000, this rule does match and this packet will not be forwarded. Example 5 Filter Rule: Incoming packet has the source address of 200.1.1.96.
Page 199: Lan Ip Filtersets
LAN IP Filtersets The Netopia 4752 offers LAN-side ﬁltering on the Ethernet hub. This permits multiple IP addresses or subnets on the Ethernet LAN to be kept separate from one another and operate as virtual independent networks sharing a single Internet connection. Small- to medium-sized ofﬁces can beneﬁt by using a single router to connect to the Internet, with multiple businesses within the ofﬁce using independent subnets on the network.
Page 200 13-28 Administration Guide Any customized ﬁlter set you create can be associated with the Ethernet hub as shown below: Security Databases... RADIUS Server Addr/Name: RADIUS Server Secret: Alt RADIUS Server Addr/Name: Alt RADIUS Server Secret: RADIUS Identifer: RADIUS Server Authentication Port: 1812 LAN (EN Hub) IP Filter Set...
Page 201 Security 13-29 To remove the ﬁlter set from the Ethernet hub interface, select Remove Filter Set and press Return. The ﬁlter set will be disconnected from the LAN interface. Note: Removing the ﬁlter set from the LAN does not delete the ﬁlter set. It is still available to be reassociated with the same or another interface, or modiﬁed further.
Page 202 WAN connectivity access authentication. The Netopia 4752 has the ability to authenticate users seeking console conﬁguration access by using a remote authentication database maintained by a RADIUS server. It supports four security database modes:...
Page 203 Choosing RADIUS Only causes the router to ignore the local database and to authenticate users using the conﬁgured RADIUS server. Choosing RADIUS then Local causes the router to attempt to authenticate a user ﬁrst using a RADIUS server and then, if that fails, using the local authentication database.
Page 204: Warning Alerts
In addition to specifying the server’s hostname or IP address, you must also specify a RADIUS Server Secret and an Alt RADIUS Server Secret (if conﬁgured) known to both the router and the RADIUS server. The secret is used to encrypt RADIUS transactions in transit. The RADIUS Server Secret items are limited to 31 characters.
Page 205 | continue you will be unable to configure this device unless | | a Radius Server is available to authenticate you. +-------------------------------------------------------------+ Show Users... Add User... Delete User... Advanced Security Optio| Password for This Scree+-------------+): Security Options CONTINUE +-------------+ +-------------+ | Netopia URG | | tonyf Security 13-33 CANCEL...
Page 206 13-34 Administration Guide...
Page 207: Chapter 14 — Monitoring Tools
“SNMP” on page 14-13 Quick View Status Overview You can get a useful, overall status report from the Netopia 4752 in the Quick View screen. To go to the Quick View screen, select Quick View in the Main Menu. The Quick View screen has three status sections:...
Page 208: General Status
Unused Memory: The total remaining system memory available for use. Primary DNS Server: If you are using the router’s defaults (DHCP and NAT) this value will be 0.0.0.0. If you have assigned an IP address as your primary default gateway, it is shown here.
Page 209: Current Status
Status lights This section shows the current real-time status of the Netopia 4752’s status lights (LEDs). It is useful for remotely monitoring the router’s status. The Quick View screen’s arrangement of LEDs corresponds to the physical arrangement of LEDs on the router.
Page 210: Statistics & Logs
You can view two different event histories: one for the router’s system and one for the WAN. The Netopia 4752’s built-in battery backup prevents loss of event history from a shutdown or reset.
Page 211: Wan Event History
WAN Event History The WAN Event History screen lists a total of 128 events on the WAN. The most recent events appear at the top. -Date-----Time-----Event------------------------------------------------------ ----------------------------------SCROLL UP----------------------------------- 07/03/98 13:59:06 07/03/98 13:59:05 07/03/98 13:59:05 >>WAN: data link activated at 1040 Kbps 07/03/98 13:58:32 --Device restarted----------------------------------------- 07/03/98 12:46:39 --Device restarted----------------------------------------- 07/03/98 11:45:57 --Device restarted-----------------------------------------...
Page 212: Device Event History
14-6 Administration Guide Device Event History The Device Event History screen lists a total of 128 port and system events, giving the time and date for each event, as well as a brief description. The most recent events appear at the top. In the Statistics &...
Page 213: Voice Logs
Voice Logs Voice Log The Voice Log screen lists a total of 128 voice-related events, giving the time and date for each event, as well as a brief description. The most recent events appear at the top. In the Statistics & Logs screen, select Voice Log. The Voice Log screen appears. -Date-----Time-----Event------------------------------------------------------ ----------------------------------SCROLL UP----------------------------------- 01/05/01 11:03:27...
Page 214 14-8 Administration Guide -Date-----Time-----Event------------------------------------------------------ ----------------------------------SCROLL UP----------------------------------- 1/5/01 05:29:08 1/5/01 05:28:53 1/5/01 05:28:49 ---------------------------------SCROLL DOWN---------------------------------- Clear History... If the log exceeds the size of the screen, you can scroll through it by using SCROLL UP and SCROLL DOWN. To scroll up, select SCROLL UP at the top of the list and press Return. To scroll down, select SCROLL DOWN at the bottom of the list and press Return.
Page 215: Ip Routing Table
IP Routing Table In the Statistics & Logs screen, select IP Routing Table and press Return. The IP routing table displays all of the IP routes currently known to the Netopia 4752. Network Address-Subnet Mask-----via Router------Port------------------Type---- ----------------------------------SCROLL UP----------------------------------- 0.0.0.0 255.0.0.0 127.0.0.1...
Page 216: Served Ip Addresses
14-10 Administration Guide Served IP Addresses You can view all of the IP addresses currently being served by the Netopia 4752 SDSL Integrated Access Device from the Served IP Addresses screen. From the Statistics & Logs menu, select Served IP Addresses. The Served IP Addresses screen appears.
Page 217: General Statistics
Network----------Rx Bytes---Tx Bytes---Rx Pkts---Tx Pkts----Rx Err----Tx Err The General Statistics screen displays information about data trafﬁc on the Netopia 4752’s data ports. This information is useful for monitoring and troubleshooting your LAN. Note that the counters roll over at their maximum ﬁeld width, that is, they restart again at 0.
Page 218 14-12 Administration Guide Physical Interface The top left side of the screen lists total packets received and total packets transmitted for the following data ports: Ethernet Hub SDSL 1 Network Interface The bottom left side of the screen lists total packets received and total packets transmitted for the following protocols: IP (IP packets on the Ethernet) The right side of the table lists the total number of occurrences of each of six types of communication...
Page 219: System Information
Ethernet MIB (RFC 1643) Netopia MIB These MIBs are on the Netopia 4752 CD included with the Netopia 4752. Load these MIBs into your SNMP management software in the order they are listed here. Follow the instructions included with your SNMP manager on how to load MIBs.
Page 220: The Snmp Setup Screen
Select System Contact and enter the name of the person responsible for maintaining the router. System Name, System Location, and System Contact set the values returned by the Netopia 4752 SNMP agent for the SysName, SysLocation, and SysContact objects, respectively, in the MIB II system group. Although optional, the information you enter in these items can help a system administrator manage the network more efﬁciently.
Page 221: Snmp Traps
SNMP traps An SNMP trap is an informational message sent from an SNMP agent (in this case, the Netopia 4752) to a manager. When a manager receives a trap, it may log the trap as well as generate an alert message of its own.
Page 222 14-16 Administration Guide Return/Enter to modify an existing Trap Receiver. Navigate from here to view, add, modify and delete IP Trap Receivers. Setting the IP trap receivers Select Add IP Trap Receiver. Select Receiver IP Address or Domain Name. Enter the IP address or domain name of the SNMP manager you want to receive the trap.
Page 223 A number of utilities and tests are available for system diagnostic and control purposes. This section covers the following topics: “Ping” on page 15-2 “Trace Route” on page 15-4 “Telnet Client” on page 15-5 “Disconnect Telnet Console Session” on page 15-6 “Factory Defaults”...
Page 224: Ping
(Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender. Ping allows you to see whether a particular IP destination is reachable from the Netopia 4752. You can also ascertain the quality and reliability of the connection to the desired destination by studying the Ping test’s statistics.
Page 225 Ping packets. Note that the second return Ping packet is considered to be late because it is not received by the Netopia 4752 before the third Ping packet is sent. The ﬁrst and third return Ping packets are on time.
Page 226: Trace Route
The time-to-live (TTL) value for each Ping packet sent by the Netopia 4752 is 255, the maximum allowed. The TTL value deﬁnes the number of IP routers that the packet can traverse. Ping packets that reach their TTL value are dropped, and a “destination unreachable”...
Page 227: Telnet Client
Select Use Reverse DNS to learn the names of the routers between the Netopia Router and the destination router. The default is Yes. Select START TRACE ROUTE and press Return. A scrolling screen will appear that lists the destination, number of hops, IP addresses of each hop, and DNS names, if selected.
Page 228: Disconnect Telnet Console Session
If you select Continue, you will immediately terminate your session. Factory Defaults You can reset the Netopia 4752 to its factory default settings. In the Utilities & Diagnostics screen, select Revert to Factory Defaults and press Return. Select CONTINUE in the dialog box and press Return. The Netopia 4752 will reboot and its settings will return to the factory defaults, deleting your conﬁgurations.
Page 229: Transferring Conﬁguration And Firmware Files With Tftp
Trivial File Transfer Protocol (TFTP) is a method of transferring data over an IP network. TFTP is a client-server application, with the router as the client. To use the Netopia 4752 as a TFTP client, a TFTP server must be available.
Page 230: Downloading Conﬁguration Files
Some models do not support all ﬁrmware versions. Loading an incorrect ﬁrmware version can permanently damage the unit. Do not manually power down or reset the Netopia 4752 while it is automatically resetting or it could be damaged. If you choose to download the ﬁrmware, the TFTP Transfer State item will change from Idle to Reading Firmware.
Page 231: Uploading Conﬁguration Files
Using TFTP, you can send a ﬁle containing a snapshot of the router’s current conﬁguration to a TFTP server. The ﬁle can then be downloaded by a different Netopia 4752 unit to conﬁgure its parameters (see conﬁguration ﬁles” on page 15-8).
Page 232: Transferring Conﬁguration And Firmware Files With Xmodem
15-10 Administration Guide Transferring Conﬁguration and Firmware Files with XMODEM You can transfer conﬁguration and ﬁrmware ﬁles with XMODEM through the Netopia 4752’s console port. Be sure your terminal emulation program supports XMODEM ﬁle transfers. To go to the X-Modem File Transfer screen, select it in the Utilities & Diagnostics menu.
Page 233: Downloading Conﬁguration Files
The system will reset at the end of a successful ﬁle transfer to put the new ﬁrmware into effect. While the system resets, the LEDs will blink on and off. Caution! Do not manually power down or reset the Netopia 4752 while it is automatically resetting or it could be damaged. Downloading conﬁguration ﬁles The Netopia 4752 can be conﬁgured by downloading a conﬁguration ﬁle.
Page 234: Uploading Conﬁguration Files
The system will reset at the end of a successful ﬁle transfer to put the new conﬁguration into effect. Uploading conﬁguration ﬁles A ﬁle containing a snapshot of the Netopia 4752’s current conﬁguration can be uploaded from the router to disk. The ﬁle can then be downloaded by a different Netopia 4752 to conﬁgure its parameters (see “Downloading conﬁguration ﬁles,”...
Page 236 Administration Guide...
Page 237: Appendix A - Troubleshooting
Netopia 4752. It also includes information on how to contact Netopia Technical Support. Important information on these problems can be found in the event histories kept by the Netopia 4752. These event histories can be accessed in the Statistics & Logs screen.
Page 238: Console Connection Problems
Note: If you are attempting to modify the IP address or subnet mask from a previous, successful conﬁguration attempt, you will need to clear the IP address or reset your Netopia 4752 to the factory default before reinitiating the conﬁguration process. For further information on resetting your Netopia 4752 to factory default, “Factory Defaults”...
Page 239: How To Reset The Netopia 4752 To Factory Defaults
Power Outages If you suspect that power was restored after a power outage and the Netopia 4752 is connected to a remote site, you may need to switch the Netopia 4752 off and then back on again. After temporary power outages, a connection that still seems to be up may actually be disconnected.
Page 240: Technical Support
If you contact us by telephone, please be ready to supply Netopia Technical Support with the information you used to conﬁgure the Netopia 4752. Also, please be at the site of the problem and prepared to reproduce it and to try some troubleshooting steps.
Page 241 Online product information Product information can be found in the following: Netopia World Wide Web server via http://www.netopia.com Internet via anonymous FTP to ftp.netopia.com/pub FAX-Back This service provides technical notes that answer the most commonly asked questions and offers solutions for many common problems encountered with Netopia products.
Page 242 A-6 Administration Guide...
Page 243: Appendix B - About Sdsl
(web surﬁng) with little data going in the other direction. Netopia's SDSL router has fewer implementation issues than ADSL routers. It uses 2B1Q line encoding (same as T1 or ISDN) and this doesn't produce the same noise and interference as ADSL, which uses DMT or CAP encoding.
Page 244 B-2 Administration Guide Because over 300,000 lines are already deployed using HDSL, service providers feel comfortable with SDSL since it uses the same technology as its predecessor and ISDN. The line coding employed by both HDSL and ISDN has not caused any interference with existing services like T1. This means service providers deploy SDSL solutions without worry about impact on other services in neighboring binder groups.
Page 245: What I Ip?"
This appendix is a brief general introduction to IP addressing. A basic understanding of IP will help you in conﬁguring the Netopia 4752 and using some of its powerful features, such as static routes and packet ﬁltering. This section covers the following topics: “What is IP?”...
Page 246: Subnets And Subnet Masks
C-2 Administration Guide IP addresses are maintained and assigned by the InterNIC, a quasi-governmental organization now increasingly under the auspices of private industry. Note: It’s very common for an organization to obtain an IP address from a third party, usually an Internet service provider (ISP).
Page 247: Example: Using Subnets On A Class C Ip Internet
When setting up IP routing with a Class A address, or even with multiple Class C addresses, subnetting is fairly straightforward. Subnetting a single Class C address between two networks, however, is more complex. This section describes the general procedures for subnetting a single Class C network between two Netopia routers so that each can have Internet access.
Page 248 Below is a diagram of a simple network conﬁguration. The ISP is providing a Class C address to the customer site, and both networks A and B want to gain Internet access through this address. Netopia 4752 B connects to...
Page 249: Example: Working With A Class C Subnet
ISP's equipment. The most important item in this conﬁguration is the static route deﬁned on Router B. This tells Router B what path to take to get to the network deﬁned by Netopia 4752 B. Without this information, Customer Site B will be able to access Customer Site A, but not the Internet.
Page 250: Technical Note On Subnet Masking
These two methods are not mutually exclusive; you can manually issue some of the addresses while the rest are distributed by the Netopia 4752. Using the router in this way allows it to function as an address server. One reason to use the Netopia 4752 as an address server is that it takes less time than manually distributing the addresses.
Page 251: Conﬁguration
DHCP address lease for one hour. The number of devices a Netopia 4752 can serve DHCP to is 512. This is imposed by global limits on the size of the address serving database, which is shared by all address serving functions active in the router.
Page 252: Manually Distributing Ip Addresses
Once the Mac workstation requests and receives a valid address, the Netopia 4752 actively checks for the workstation’s existence once every minute. For a dynamic address, the Netopia 4752 releases the address back to the address pool after it has lost contact with the Mac workstation for over 2 minutes.
Page 253: Tips And Rules For Distributing Ip Addresses
In any situation where a device is dialing into a Netopia router, the router may need to be conﬁgured to serve IP via the WAN interface. This is only a requirement if the calling device has not been conﬁgured locally to know what its address(es) are.
Page 254 (199.1.1.49, 199.1.1.50, and 199.1.1.51). Distributed to the (Ethernet IP address) Pool of addresses distributed Netopia 4752 Manually distributed (static) by MacIP and DHCP...
Page 255: Nested Ip Subnets
The ﬁgure shows a possible network conﬁguration following this scheme. The main network is set up with the Class C address a.b.c.0, and contains Router A (which could be a Netopia 4752), a Netopia 4752, and a number of other hosts. Router A maintains a link to the Internet and can be used as the default gateway.
Page 256 C-12 Administration Guide Routers B and C (which could also be Netopia 4752s) serve the two remote networks that are subnets of a.b.c.0. The subnetting is accomplished by conﬁguring the Netopia 4752 with connection proﬁles for Routers B and C (see the following table).
Page 257: Broadcasts
These two protocols specify two different ways to organize the very ﬁrst signals in the sequence of electrical signals that make up an IP packet travelling over Ethernet. By default, the Netopia 4752 uses Ethernet packet headers for IP trafﬁc. If your network requires 802.3 IP framing, you must conﬁgure this through SNMP.
Page 258 C-14 Administration Guide...
Page 259: Appendix D - Binary Conversion Table
This table is provided to help you choose subnet numbers and host numbers for IP and MacIP networks that use subnetting for IP addresses. Decimal Binary 1000 1001 1010 1011 1100 1101 1110 1111 10000 10001 10010 10011 10100 10101 10110 10111 11000...
Page 260 D-2 Administration Guide Decimal Binary 10000000 10000001 10000010 10000011 10000100 10000101 10000110 10000111 10001000 10001001 10001010 10001011 10001100 10001101 10001110 10001111 10010000 10010001 10010010 10010011 10010100 10010101 10010110 10010111 10011000 10011001 10011010 10011011 10011100 10011101 10011110 10011111 Decimal Binary Decimal 10100000 10100001 10100010...
Page 261: Appendix E - Further Reading
Further Reading E-1 Alexander, S. and R. Droms, DHCP Options and BOOTP Vendor Extensions, RFC 2131, Silicon Graphics, Inc., Bucknell University, PA, 1997. Black, U., Data Networks: Concepts, Theory and Practice, Prentice Hall, Englewood Cliffs, NJ, 1989. Black, U., Physical Level Interfaces and Protocols, IEEE Computer Society Press, Los Alamitos, CA, 1988. Black, U., Emerging Communications Technologies, PTR Prentice Hall, Englewood Cliffs, NJ, 1994.
Page 262 E-2 Administration Guide LaQuey, Tracy, The Internet Companion: A Beginner's Guide to Global Networking, Addison-Wesley Publishing Company, Reading, MA, 1994. Leinwand, A., and K. Fang, Network Management: A Practical Perspective, Addison-Wesley Publishing Company, Reading, MA, 1993. Levine, John R., and Carol Baroudi, The Internet for Dummies, IDG Books Worldwide, Foster City, CA, 1993. Covers all of the most popular Internet services, including e-mail, newsgroups, and the World Wide Web.
Page 263 Further Reading E-3 Stallings, W. Local Networks, 3rd ed., Macmillan Publishing Company, New York, NY, 1990. Stevens, W.R., TCP/IP Illustrated, Vol 1, Addison-Wesley Publishing Company, Reading, MA, 1994. Sunshine, C.A. (ed.), Computer Network Architectures and Protocols, 2nd ed., Plenum Press, New York, NY, 1989.
Page 264 E-4 Administration Guide...
Page 265: Appendix F - Technical Speciﬁcations And Safety Information
12” (w) x 9.5” (d) x 1.75” (h) Communications interfaces: The Netopia 4752 SDSL Integrated Access Device has an RJ-45 jack for SDSL line connections; a 10/100Base-T Ethernet port for your LAN connection; 8 telephone extension jacks; and a DB-9 Console port.
Page 266: Agency Approvals
It is the responsibility of users requiring service to report the need for service to our Company or to one of our authorized agents. Service can be obtained at Netopia, Inc., 2470 Mariner Square Loop, Alameda, California, 94501.
Page 267 Technical Speciﬁcations and Safety Information F-3 Important This product was tested for FCC compliance under conditions that included the use of shielded cables and connectors between system components. Changes or modiﬁcations to this product not authorized by the manufacturer could void your authority to operate the equipment. Canada.
Page 268: Important Safety Instructions
Do not use the telephone to report a gas leak in the vicinity of the leak. SAVE THESE INSTRUCTIONS Battery The Netopia 4752’s lithium battery is designed to last for the life of the product. The battery is not user-ser- viceable. Caution! Danger of explosion if battery is incorrectly replaced.
Page 269: Radius Client Support
Netopia 4752 Speciﬁcations Physical interface WAN interface SDSL port with support for symmetric connections from 160 Kbps to 1.568 Mbps (uses RJ45 connector Interoperable with SDSL equipment from Copper Mountain, Lucent, Nokia, Nortel, Paradyne, and others. LAN interface 10/100BaseT Ethernet port Voice interfaces 8 Analog loopstart telephone interfaces (RJ11) for connection to phone handsets or fax.
Page 270 Trivial File Transfer Protocol (TFTP) Client: Allows remote upload and download ﬁrmware and conﬁguration ﬁles directly to the router Integrated Management Utilities: ICMP Ping: Tests IP connectivity from router to local or remote site. Trace Route: Determines routing path to particular host name or IP address. Telnet Client: Provides remote...
Page 271: Hardware Speciﬁcations
a syslog server SNMPv1: (RFC 1157) and MIB II (RFC 1213), Ethernet MIB and enterprise MIB for remote management using console applications Hardware speciﬁcations Memory: 16 MB DRAM memory Environmental Requirement: Operating: 0 to +40 C. Storage: 0 to +70 C (20 to 80% non-condensing) Power Requirements: AC 100-240 V;...
Page 272 F-8 Administration Guide Speed Dialing by dialing a feature code Three Way Calling Custom Ringing Distinctive Ringing...
Page 273: Glossary 1
Glossary 1 access line: A telephone line reaching from the telephone company central ofﬁce to a point usually on your premises. Beyond this point the wire is considered inside wiring. analog: In telecommunications, telephone transmission and/or switching that is not digital. An analog phone transmission is one that was originally intended to carry speech or voice, but may with appropriate modiﬁcations be used to carry data of other types.
Page 274 (0 through F) represents four binary bits. Do not confuse the Ethernet address of a device with its network address. ﬁrmware: System software stored in a device’s memory that controls the device. The Netopia 4752’s ﬁrmware can be updated.
Page 275 Media Access Control (MAC) address: This 48 bit address is assigned by the device manufacturer for its Ethernet connection. All Netopia 4752 units have MAC addresses of the form 00-C5-9X-XX-XX-XX. Each byte is represented as a conventional two digit hexadecimal number.
Page 276 4 Administration Guide NAT (Network Address Translation): A feature that allows communication between the LAN connected to the Netopia ISDN Router and the Internet using a single IP address, instead of having a separate IP address for each computer on the network.
Page 277 WAN line support to the LAN devices they serve. They may also provide various management and monitoring functions as well as a variety of conﬁguration capabilities. routing table: A list of networks maintained by each router on an internet. Information in the routing table helps the router determine the next router to forward packets to.
Page 278 WANs can span a state, a country, or even the world. WAN IP: In addition to being a router, the Netopia ISDN Router is also an IP address server. There are four protocols it can use to distribute IP addresses over the WAN which include: DHCP, BootP, IPCP, and MacIP. WAN IP is a feature for both the Small Ofﬁce and Corporate Netopia ISDN Router models.
Page 279 10Base-T, connecting 5-3 add static route 10-8 advanced conﬁguration features 9-18 application software 5-2 ATMP 12-12 tunnel options 12-20 back panel 3-3 ports 3-3 basic ﬁrewall 13-17 BootP 10-10 clients 10-16 broadcasts C-13 capabilities 1-2 change static route 10-9 community strings 14-14 conﬁguration troubleshooting PC A-1...
Page 280 Easy Setup connection proﬁle 7-9 IP setup 7-10 IPX setup 7-10 navigating 6-5 overview 7-1 quick connection path 7-3 encryption 12-2 12-7 12-12 Ethernet event history device 14-6 WAN 14-5 features 1-2 ﬁlter parts 13-6 parts of 13-6 ﬁlter priority 13-5 ﬁlter set adding 13-12 display 13-8...
Page 281 12-3 PVC 9-5 Quick View 14-1 RADIUS 13-30 restarting the system 15-12 restricting telnet access 13-3 RIP 10-3 router to serve IP addresses to hosts 10-1 routing tables IP 10-6 screens, connecting to 9-17 SDSL deﬁned B-1 security ﬁlters 13-4...
Page 282 ATMP 12-20 PPTP 12-3 tunneling 12-2 updating ﬁrmware with TFTP 15-7 with XMODEM 15-10 updating Netopia’s ﬁrmware 15-7 uploading conﬁguration ﬁles 15-9 with TFTP 15-9 with XMODEM 15-12 user accounts 13-1 utilities and diagnostics 15-1 Virtual Private Networks (VPN) 12-1...
Page 283 Netopia’s entire liability and your sole remedy under this warranty during the warranty period is that Netopia shall, at its option, either repair the Product or refund the original purchase price of the Product. In order to make a claim under this warranty you must comply with the following procedure: Contact Netopia Customer Service within the warranty period to obtain a Return Materials Authorization (“RMA”) number.
Page 284 Administration Guide...

This manual is also suitable for:

4752

Netopia 4752 2A4NA Administration Manual

Chapter 1 - Introduction

Chapter 2 - Setting up Internet Services

Chapter 3 - Making the Physical Connections

Chapter 4 - Sharing the Connection

Chapter 5 - Connecting to Your Local Network

Chapter 6 - Console-Based Management

Chapter 7 - Easy Setup

Chapter 8 - Voice Conﬁguration

Chapter 9 — WAN and System Conﬁguration

Chapter 10 - IP Setup

Chapter 11 - Multiple Network Address Translation

Chapter 12 — Virtual Private Networks (Vpns)

Chapter 13 — Security

Chapter 14 — Monitoring Tools

Chapter 15 - Utilities and Diagnostics

Appendix A - Troubleshooting

Appendix B - about SDSL

Appendix C - Understanding IP Addressing

Appendix D - Binary Conversion Table

Appendix E - Further Reading

Appendix F - Technical Specifications and Safety Information

Appendix F - Technical Speciﬁcations and Safety Information

Glossary 1

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Netopia 4752 2A4NA

Summary of Contents for Netopia 4752 2A4NA