Netopia R310 User Reference Manual

Isdn router

Table of Contents

Quick Links

Download this manual

™

Netopia

R310 ISDN Router

User's Reference Guide

Table of Contents

Troubleshooting

Summary of Contents for Netopia R310

Page 1 ™ Netopia R310 ISDN Router User’s Reference Guide...
Page 2 This manual and any associated artwork, software and product designs are copyrighted with all rights reserved. Under the copyright laws such materials may not be copied, in whole or part, without the prior written consent of Netopia, Inc. Under the law, copying includes translation to another language or format.
Page 3: Table Of Contents
Welcome to the Netopia R310 User’s Reference Guide. This guide is designed to be your single source for information about your Netopia R310 ISDN Router. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been deliberately designed to present the maximum information in the minimum space on your screen.
Page 4 About Console-based Management ... 5-1 Connecting through a Telnet session ... 5-2 Conﬁguring Telnet software ... 5-3 Connecting a local terminal console cable to your router... 5-3 Navigating through the console screens ... 5-5 Chapter 6 — Easy Setup ...6-1 Easy Setup console screens...
Page 5 Filter Sets (Firewalls) ... 7-13 IP Address Serving ... 7-13 Date and Time ... 7-13 Console Conﬁguration... 7-14 SNMP (Simple Network Management Protocol) ... 7-15 Security ... 7-15 Upgrade Feature Set ... 7-15 Logging ... 7-15 Chapter 8 — Call Accounting and Default Answer Proﬁle ...8-1 Cost control feature -- call accounting...
Page 6 User’s Reference Guide Binding Map Lists and Server Lists ... 9-20 NAT Associations ... 9-22 MultiNAT Conﬁguration Example ... 9-24 Notes on the example ... 9-27 IP subnets... 9-28 Static routes... 9-30 IP address serving ... 9-34 DHCP NetBIOS Options... 9-35 Chapter 10 —...
Page 7 Status lights ... 11-3 Statistics & Logs ... 11-4 General Statistics ... 11-4 Event histories ... 11-5 Routing tables ... 11-7 Served IP Addresses... 11-8 System Information... 11-10 SNMP ... 11-10 The SNMP Setup screen ... 11-11 SNMP traps ... 11-12 Chapter 12 —...
Page 8 viii User’s Reference Guide Filter Basics... 12-26 Example Filters ... 12-27 Token Security Authentication ... 12-30 Securing network environments... 12-30 Using the SecurID token card... 12-30 Security authentication components ... 12-31 Conﬁguring for security authentication ... 12-31 Connecting using security authentication ... 12-32 Chapter 13 —...
Page 9 ISP’s Point of presence ... C-2 Endorsements ... C-2 Deciding on an ISP account ... C-2 Setting up a Netopia R310 account ... C-2 Obtaining an IP host address ... C-2 SmartIP™ ... C-2 Obtaining information from the ISP... C-3 Local LAN IP address information to obtain ...
Page 10 Tips and rules for distributing IP addresses... D-8 Nested IP subnets ... D-10 Broadcasts... D-12 Packet header types... D-12 Appendix E — Understanding Netopia NAT Behavior ... E-1 Network Conﬁguration ... E-1 Background ... E-1 Exported services ... E-5 Important notes ... E-6 Conﬁguration ...
Page 11: Conﬁguration Options For Your Netopia R310 Isdn Router
Conﬁguration options for your Netopia R310 ISDN Router The Netopia R310 ISDN Router can be used in different ways depending on your needs. In general, you will probably want to use it in one or more of the following ways: (Click on one of these links) “1.
Page 12: Small Ofﬁce Connection To The Internet
For Small Ofﬁce connections to the Internet, using a single dynamic IP address with Network Address Translation (NAT) enabled, you should use the following conﬁguration option: the SmartStart™ Wizard, included on your Netopia R310 CD. This is the fastest and simplest way to get you up and running with the minimum difﬁculty.
Page 13 For Small Ofﬁce connections to the Internet, using a block of IP addresses (Network Address Translation disabled), you use both of the following conﬁguration tools: the SmartStart™ Wizard, included on your Netopia R310 CD. This is the fastest and simplest way to get you up and running with the minimum difﬁculty.
Page 14: Direct Connection To A Corporate Ofﬁce (Telecommuter)
3. Direct Connection to a Corporate Ofﬁce (Telecommuter) For direct connections to a Corporate Ofﬁce, you can use either one of two conﬁguration options: the SmartStart™ Wizard, included on your Netopia R310 CD. For instructions on this option, see on page 3-3.
Page 15: Conﬁgured To Accept Incoming Dial-Up Connections
4. Conﬁgured to accept incoming dial-up connections To conﬁgure the Netopia R310 to accept incoming dial-up connections, you should use the following conﬁguration option: use the SmartStart™ Wizard, to conﬁgure your outbound connection to an ISP. For instructions on this option, see on page 3-3.
Page 18 User’s Reference Guide...
Page 19: Chapter 1 - Introduction
The Netopia R310 ISDN Router is a full-featured, stand-alone, multiprotocol router for connecting diverse local area networks (LANs) to the Internet and other remote networks. The Netopia R310 ISDN Router uses a high performance telecommunications line to provide your whole network with a high-speed connection to the outside world.
Page 20: How To Use This Guide
In addition to the simple documentation contained in the accompanying Getting Started Guide, this guide is designed to be your single source for information about your Netopia R310 ISDN Router. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been deliberately designed to present the maximum information in the minimum space on your screen.
Page 21: Chapter 2 - Making The Physical Connections
Cable length and network size limitations when expanding networks For small networks, install the Netopia R310 near one of the LANs. For large networks, you can install the Netopia R310 in a wiring closet or a central network administration site.
Page 22: Identify The Connectors And Attach The Cables
2-2 User’s Reference Guide You will need: A Windows 95, 98, or NT-based PC or a Macintosh with Ethernet connectivity for conﬁguring the Netopia R310. This may be built-in Ethernet or an add-on card, with TCP/IP installed. An ISDN telephone line.
Page 23: Netopia R310 Isdn Router Back Panel Ports
Management.” 4-port Ethernet hub Four Ethernet jacks. You will use one of these to connect to the Netopia R310 for conﬁguration. For a new installation with SmartStart, use the Ethernet connection. You can either connect your computer directly to any of the Ethernet ports on the router, or connect both your computer and the router to an existing Ethernet hub on your LAN.
Page 24: Netopia R310 Isdn Router Status Lights
2-4 User’s Reference Guide Netopia R310 ISDN Router Status Lights The ﬁgure below represents the Netopia R310 status light (LED) panel. Netopia R310 LED front panel The following table summarizes the meaning of the various LED states and colors: When this happens...
Page 25: Chapter 3 - Setting Up Your Router With The Smartstart Wizard
Once you’ve connected your router to your computer and your telecommunications line and installed a web browser, you’re ready to run the Netopia SmartStart™ Wizard. The SmartStart Wizard will help you set up the router and share the connection. The SmartStart Wizard walks you through a series of questions and based on your responses automatically conﬁgures the router for connecting your LAN to the Internet or to your remote...
Page 26: Before Running Smartstart
SmartStart, in case you do not want to use the dynamic addressing features built in to the Netopia Router and need to restore the ﬁxed IP address.
Page 27: Setting Up Your Router With The Smartstart Wizard
The SmartStart Wizard presents a series of screens to guide you through the preliminary conﬁguration of a Netopia R310. It will then create a connection proﬁle using the information you supply to it. Welcome screen. The ﬁrst screen welcomes you to the SmartStart Wizard conﬁguration utility.
Page 28: Easy Option
Advanced option to assign the router an IP address in your target IP range. See option” on page 3-8. If all of the above steps fail to resolve the problem, reset the router to its factory default settings and rerun SmartStart. See “Factory defaults” on page 13-7 for more information. “Connection Test page 3-8 now.
Page 29 ISP Automation or Manual Entry. Options are explained below. Make your selection and click Next. If you select ISP Automation, SmartStart offers you the option of choosing one of several Netopia ISP partners that support the Netopia R310. You then see the page 3-6.
Page 30 If you select Manual Entry, the Internet Service Provider Selection screen. Select an ISP from the list of Netopia ISP partners who have provided information for automatic setup. Choose Generic ISP if your ISP is not included on the list. If you don’t already have an account with the selected ISP, call...
Page 31 SmartStart displays a screen telling you that your conﬁguration is now complete. In most cases, this SmartStart conﬁguration is all that you need to get your router up and running and connected to the Internet. However, you may want to take advantage of additional features or special conﬁguration options available through the console-based conﬁguration interface.
Page 32: Advanced Option
ﬁrst radio button. If you do this, the Address screen,” appears (shown below.) If you want to reconﬁgure the router with a new IP address and subnet mask, select the second radio button. If you do this, the “New IP Address screen”...
Page 33: Sharing The Connection
The TCP/IP protocol must be “bound” to the adapter or card Dynamic conﬁguration (recommended) If you conﬁgure your Netopia R310 using SmartStart, you can accept the dynamic IP address assigned by your router. The Dynamic Host Conﬁguration Protocol (DHCP) server, which enables dynamic addressing, is enabled by default in the router.
Page 34 DNS will be assigned by the router with DHCP. Click OK in this window, and the next window. When prompted, reboot the computer. Note: You can also use these instructions to conﬁgure other computers on your network to accept IP addresses served by the Netopia R310.
Page 35 Subnet Mask: 255.255.255.0 This address is an example of one that can be used to conﬁgure the router with the Easy option in the SmartStart Wizard. Your ISP or network administrator may ask you to use a different IP address and subnet mask.
Page 36: Conﬁguring Tcp/Ip On Macintosh Computers
Macintosh. Dynamic conﬁguration (recommended) If you conﬁgure your Netopia R310 using SmartStart, you can accept the dynamic IP address assigned by your router. The Dynamic Host Conﬁguration Protocol (DHCP), which enables dynamic addressing, is enabled by default in the router. To conﬁgure your Macintosh computer for dynamic addressing do the following: Click on the DNS Conﬁguration tab.
Page 37 “Conﬁgure: Using DHCP Server.” Note: You can also use these instructions to conﬁgure other computers on your network to accept IP addresses served by the Netopia R310. Static conﬁguration (optional) If you are manually conﬁguring the computer on your Local Area Network for a ﬁxed or static IP address, perform the...
Page 38: Dns Proxy And Caching Behavior
DNS response if it ﬁnds the mapping in its own DNS cache. This ensures that DHCP clients of the Netopia R310 will be able to use DNS as soon as the NetopiaR310 is able to do so.
Page 39: Chapter 4 — Connecting Your Local Area Network
TCP/IP stack: This is the software that lets your PC or Macintosh communicate using Internet protocols. TCP/IP stacks must be conﬁgured with some of the same information you used to conﬁgure the Netopia R310. There are a number of TCP/IP stacks available for PC computers. Windows 95 includes a built-in TCP/IP stack.
Page 40: Connecting To An Ethernet Network
Internet or other remote IP networks. Connecting to an Ethernet network You can connect the Netopia R310 to an IP network that uses Ethernet. The Netopia R310 supports Ethernet connections through its four Ethernet ports. The Router automatically detects which Ethernet port is in use.
Page 41: Chapter 5 - Console-Based Management
This chapter describes how to use the Console-based management screens on your Netopia R310 ISDN Router. The console screens provide an alternate method for experienced users to conﬁgure their router without using SmartStart. After completing the Easy Setup console screens, your router will be ready to connect to the Internet or another remote site.
Page 42: Connecting Through A Telnet Session
5-2 User’s Reference Guide Note about screen differences. Netopia R310 models offering different feature sets will have variations in the ﬁelds on certain screens. For example, there are switched (dial-up ISDN) and leased (Synchronous/Asynchro- nous and T1) line models, as well as models that offer feature subsets such as SmartIP (Network Address Translation and DHCP).
Page 43: Conﬁguring Telnet Software
PC, or ZTerm, included on the Netopia CD, for the Macintosh. The Netopia R310 back panel has a connector labeled “Console” for attaching the Router to either a PC or Macintosh computer via the serial port on the computer. (On a Macintosh, the serial port is called the Modem port or the Printer port.) This connection lets you use the computer to conﬁgure and monitor the Netopia R310...
Page 44 If you connect a Macintosh computer, you can use the ZTerm terminal emulation program on the supplied Netopia R310 CD. Launch your terminal emulation software and conﬁgure the communications software for the following values. These are the default communication parameters that the Netopia R310 uses. Parameter Terminal type...
Page 45: Navigating Through The Console Screens
Navigating through the console screens Use your keyboard to navigate the Netopia R310’s conﬁguration screens, enter and edit information, and make choices. The following table lists the keys to use to navigate through the console screens. Move through selectable items in a screen or pop-up menu...
Page 46 5-6 User’s Reference Guide...
Page 47: Chapter 6 - Easy Setup
This chapter describes how to use the Easy Setup console screens on your Netopia R310 ISDN Router. The Easy Setup console screens provide an alternate method for experienced users to set up their router’s Connection Proﬁles without using SmartStart. After completing the Easy Setup console screens, your router will be ready to connect to the Internet or another remote site.
Page 48 If you do not see the Main Menu, verify that: the computer used to view the console screen has its serial port connected to the Netopia R310’s “Console” port or an Ethernet connection to one of its Ethernet ports. See console cable to your router”...
Page 49: Beginning Easy Setup
ISP or a corporate site. On a Netopia R310 ISDN Router you can add up to 15 more connection proﬁles, for a total of 16. Select Circuit Type and press Return. From the pop-up menu, select: ISDN, Switched if you have a switched ISDN line.
Page 50 United Kingdom - EuroISDN. Select Directory Number 1. The router attempted to detect your Directory Number(s) when you selected Auto-Detect in Step 1. If it succeeded, the directory number(s) will be displayed, and the screen will indicate “Detected” (as...
Page 51: Easy Setup Proﬁle
Select Number to Dial and enter the ISDN telephone number you received from your ISP. This is the number the Netopia R310 dials to reach your ISP. Enter the number as you would dial it, including any required preﬁxes (such as area, access, and long-distance dialing codes).
Page 52 6-6 User’s Reference Guide When using unnumbered interfaces, the Netopia Router will use either its local Ethernet IP address or its NAT address (if so conﬁgured) and subnet mask to send packets to the remote router. Neither router has a WAN IP address or subnet mask associated with this connection.
Page 53: Ip Easy Setup
IP Easy Setup The IP Easy Setup screen is where you enter information about your Netopia Router’s: IP address Subnet mask Default gateway IP address Domain name server IP address IP address serving information, such as the number of client IP addresses and the 1st client address; and You should consult with your network administrator to obtain the information you will need.
Page 54: Easy Setup Security
The Default IP Gateway defaults to the remote IP address you entered in the Easy Setup connection proﬁle. If the Netopia Router does not recognize the destination of any IP trafﬁc, it forwards that trafﬁc to this gateway – set to 127.0.0.2 if your ISP does not otherwise specify.
Page 55 PREVIOUS SCREEN Configure a Configuration Access Name and Password here. The ﬁnal step in conﬁguring the Easy Setup console screens is to restart the Netopia R310, so the conﬁguration settings take effect. Select RESTART DEVICE. A prompt asks you to conﬁrm your choice.
Page 56 6-10 User’s Reference Guide...
Page 58 User’s Reference Guide...
Page 59: Chapter 7 — Wan And System Conﬁguration
This chapter describes how to use the console-based management screens to access and conﬁgure advanced features of your Netopia R310 ISDN Router. You can customize these features for your individual setup. These menus provide a powerful method for experienced users to set up their router’s connection proﬁles and system conﬁguration.
Page 60 Configure a new Conn. Profile. Finished? On a Netopia R310 ISDN Router you can add up to 15 more connection proﬁles, for a total of 16. Select Proﬁle Name and enter a name for this connection proﬁle. It can be any name you wish. For example: the name of your ISP.
Page 61 Toggle or enter any IP Parameters you require and return to the Add Connection Proﬁle screen by pressing Escape. For more information, see Select Datalink Options and press Return. The Datalink Options screen appears. Data Compression... Send Authentication... Send User Name: Send Password: Receive User Name: Receive Password:...
Page 62 7-4 User’s Reference Guide Select Telco Options and press return. the Telco Options screen appears. Initiate Data Service... Dial... Number to Dial: Alternate Site to Dial: Dial on Demand: Idle Timeout (seconds): CNA Validation Number: Callback: Maximum connect time (HH:MM): Return/Enter to select data rate/class of service.
Page 63: The Default Proﬁle
If you want to view the Connection Proﬁles in your router, return to the WAN Conﬁguration screen, and select Display/Change Connection Proﬁle. The list of Connection Proﬁles is displayed in a scrolling pop-up screen. +-Profile Name---------------------IP Address----------------+ +------------------------------------------------------------+ | SmartStart Profile...
Page 64: Customizing The Default Proﬁle
IP Address, you need not explicitly conﬁgure a connection proﬁle, and the default behavior of the router will be to connect automatically once it is powered on. If Must Match a Deﬁned Proﬁle is set to No, then an IP Enabled item is visible. Toggling this item to Yes (the default) or No controls whether or not IP will be supported on the ISDN link.
Page 65: Ip Parameters (Default Proﬁle) Screen
Transmit RIP: The Netopia R310 ISDN Router always acts as a DHCP client on the ISDN link when using a Default Proﬁle. The DHCP server will supply a local IP address and subnet mask. For an ISDN link, Network Address Translation (NAT) is enabled by default in the Default Proﬁle and the Default Subnet Mask is set to 0.0.0.0.
Page 66: Delayed Remote Conﬁguration Change Toggle
Split Horizon so the routers can learn about other networks. Delayed Remote Conﬁguration Change Toggle The Netopia R310 supports delaying some conﬁguration changes until after the router is restarted. If your router is preconﬁgured by your service provider, or if you are not remotely conﬁguring the router, you can leave this setting unchanged.
Page 67 | Are you sure you want to do this? +----------------------------------------------------+ Toggling from Yes to No makes the router ready to be conﬁgured. If you toggle from No to Yes, and conﬁrm the reboot, your changes are committed and the router comes up using the newly created conﬁguration.
Page 68: System Conﬁguration Screens
5-3) You can also retrieve the Netopia R310’s conﬁguration information and remotely set its parameters using the Simple Network Management Protocol (see Open a Telnet connection to the IP address you set in the router with SmartStart, for example “192.168.1.1.”...
Page 69: System Conﬁguration Features
You always start from this main screen. System Conﬁguration features SmartStart may be all you need to conﬁgure your Netopia R310. Some users, however, require advanced settings or prefer manual control over the default selections that SmartStart automatically chooses. For these users, the Netopia R310 provides System Conﬁguration options.
Page 70 7-12 User’s Reference Guide Layer Category Protocol Layer IP Parameters Datalink Layer PPP/MP Parameters Physical Layer Telco Parameters To access the System Conﬁguration screens, select System Conﬁguration in the Main Menu, then press Return. The System Conﬁguration screen appears: Return/Enter to configure Networking Protocols (such as TCP/IP). Use this screen if you want options beyond Easy Setup.
Page 71: Network Protocols Setup
Network Protocols Setup These screens allow you to conﬁgure your network’s use of IP. Details are given in “IP Setup and Network Address Translation” on page Filter Sets (Firewalls) These screens allow you to conﬁgure security on your network by means of ﬁlter sets and a basic ﬁrewall. Details are given in “Security”...
Page 72: Console Conﬁguration
7-14 User’s Reference Guide Select AM or PM and choose AM or PM. Console Conﬁguration You can change the default terminal communications parameters to suit your requirements. To go to the Console Conﬁguration screen, select Console Conﬁguration in the System Conﬁguration screen. Baud Rate...
Page 73: Snmp (Simple Network Management Protocol)
“Security” on page Upgrade Feature Set You can upgrade your Netopia R310 by adding new feature sets through the Upgrade Feature Set utility. Vvisit the Netopia Web site at www.netopia.com for information on new feature sets, how to obtain them, and how to install them on your Netopia R310.
Page 74 You can specify the UNIX syslog Facility to use by selecting the Facility pop-up. The following screen shows a sample syslog dump of WAN events: 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com >>Issued Speech Setup Request from our DN: 5108645534 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com...
Page 75: Chapter 8 - Call Accounting And Default Answer Proﬁle
It is also useful for once-only connections that you want to schedule in advance. The Netopia R310 ISDN Router can also answer calls as well as initiate them. To answer calls, the Netopia R310 uses a Default Answer Proﬁle. The Default Answer Proﬁle controls how incoming calls are set up, authenticated, ﬁltered, and more.
Page 76: Viewing Call Accounting Statistics
To enable call accounting, follow these steps: Select Enable Call Accounting and toggle it to On. Select Day for auto-reset of timers and enter the day of the month for the Router to reset the Call Account- ing Statistics. Select Maximum Aggregate connect time (HH:MM) and enter the total amount of time to allow for out- bound calls, where HH is the hour (using either the 12-hour or 24-hour clock) and MM is the minutes.
Page 77 The Call Accounting Statistics screen appears. If you select Aggregate Statistics, the following screen appears. Total First Minutes: Total Additional Time (HH:MM): Remaining Time (HH:MM): Hit Return or Enter to reset Total First/Additional Time. Total First Minutes displays the total number of ﬁrst minutes of outbound calls placed during the recording interval.
Page 78: Scheduled Connections
8-4 User’s Reference Guide You can reset the counters by selecting RESET AGGREGATE MINUTE COUNTERS. A dialog box will ask you to conﬁrm the reset. Select CONTINUE to reset the counters or CANCEL to leave them as is. If you select Proﬁle Statistics, the following screen appears. Call Accounting Profile Statistics (in HHHH:MM) Profile Name---------First Minutes----Additional Minutes-------Cutoff--Expired ----------------------------------SCROLL UP-----------------------------------...
Page 79: Viewing Scheduled Connections
Navigate from here to add/modify/change/delete Scheduled Connections. Viewing scheduled connections To display a table of view-only scheduled connections, select Display/Change Scheduled Connection in the Scheduled Connections screen. Each scheduled connection occupies one row of the table. +-Days----Begin At---HH:MM---When----Conn. Prof. Name----Enabled-----+ +--------------------------------------------------------------------+ | mtWtfss 08:30PM +--------------------------------------------------------------------+...
Page 80: Adding A Scheduled Connection
Which connection proﬁle (Conn. Prof.) is used to connect Whether the scheduled connection is currently Enabled The router checks the date and time set in scheduled connections against the system date and time. Adding a scheduled connection To add a new scheduled connection, select Add Scheduled Connection in the Scheduled Connections screen and press Return.
Page 81: Set Weekly Schedule
Demand-Allowed, meaning that this schedule will permit a demand call on the line. Demand-Blocked, meaning that this schedule will prevent a demand call on the line. Periodic, meaning that the connection is retried several times during the scheduled time. If How Often is set to Weekly, the item directly below How Often reads Set Weekly Schedule. If How Often is set to Once Only, the item directly below How Often reads Set Once-Only Schedule.
Page 82: Set Once-Only Schedule
8-8 User’s Reference Guide Set Once-Only Schedule If you set How Often to Once Only, select Set Once-Only Schedule and go to the Set Once-Only Schedule screen. Place Call on (MM/DD/YY): Scheduled Window Start Time: AM or PM: Scheduled Window Duration: Select Place Call On (Date) and enter a date in the format MM/DD/YY or MM/DD/YYYY (month, day, year).
Page 83: Modifying A Scheduled Connection
Escape key. Default Answer Proﬁle The Netopia R310 ISDN Router can answer calls as well as initiate them. To answer calls, the Netopia R310 uses a Default Answer Proﬁle. The Default Answer Proﬁle controls how incoming calls are set up, authenticated, ﬁltered, and more.
Page 84 Required: Authentication is attempted if the calling number is available. If authentication fails, or the calling number is not available, the Netopia R310 disconnects the caller. Use this setting if you require all calls to be CNA-authenticated. Calling Number Authentication (CNA), is an application of CallerID. It is a method of verifying that an incoming call is originating from an expected site.
Page 85 Using CNA can also provide cost savings because calls are not billed during the CNA phase. With CNA, a caller can set up a connection to the Netopia R310 without incurring any charges by accessing a dial-back connection proﬁle. If the caller’s rates are higher than those charged to the Netopia R310’s return call, then using CNA has saved the difference.
Page 86 If a remote network has a non-standard mask (that is, it uses subnetting), the only way for it to successfully connect to the Netopia Router is by matching a connection proﬁle. In other words, you will have to set up a connection proﬁle for that network.If Must Match a Deﬁned Proﬁle is set to No, you can also set the...
Page 87: Chapter 9 - Ip Setup And Network Address Translation
To help you understand some of the concepts discussed here, it may be helpful to introduce some NAT terminology. The term mapping refers to rules that associate one or more private addresses on the Netopia R310’s LAN to one or more public addresses on the Netopia R310’s WAN interface (typically the Internet).
Page 88: Features
IP address to which you would like to provide access. You may also deﬁne a speciﬁc public IP address to use for this service if you want to use an IP other than the WAN IP address of the Netopia R310.
Page 89 If a host on the private network initiates a connection to the Internet, for example, the Netopia R310 automatically sets up a one-to-one mapping of that host’s private IP address to one of the public IP addresses allocated to be used for Dynamic NAT.
Page 90: Wan Network
For example, if a connection is initiated from the public network and is destined for a public IP address conﬁgured on the Netopia R310, the following comparisons are made in this order. The Netopia R310 ﬁrst checks its internal NAT cache to see if the data is part of a previously initiated connection, if not…...
Page 91 Any public addresses not associated with the Connection Proﬁle WAN IP address must have a static route pointing to it from a router on the public network if public users are expected to be able to access the NATed machines or services.
Page 92: Supported Trafﬁc
For the more advanced features, such as Server Lists and Dynamic NAT, follow the instructions in setup” on page 9-7. Basic conﬁguration – Easy Setup Proﬁle The screen below is an example. Depending on the type of router you are using, ﬁelds displayed in this screen may vary. Number to Dial: Address Translation Enabled: IP Addressing...
Page 93: Advanced Conﬁguration - Server Lists And Dynamic Nat
An example MultiNAT conﬁguration at the end of this chapter describes some applications for these features. “MultiNAT Conﬁguration Example” on page In order to conﬁgure the router to make servers on your LAN visible to the Internet, you use advanced features in the System Conﬁguration screens, described in Note: There is no implicit binding between the WAN IP interface address and NAT, so you cannot disallow conﬁguration of NAT simply because the interface is numbered or disallow conﬁguration of the addressing type...
Page 94 Network Address Translation (NAT)... Filter Sets... Enter an IP address in decimal and dot form (xxx.xxx.xxx.xxx). Set up the basic IP attributes of your Netopia in this screen. Select Network Address Translation (NAT) and press Return. The Network Address Translation screen appears.
Page 95: Nat Rules
Static public address ranges must not overlap other static, PAT, public addresses or the public address assigned to the router’s WAN interface. A PAT public address must not overlap any static address ranges. It may be the same as another PAT address or server list address, but the port range must not overlap.
Page 96 9-10 User’s Reference Guide If you choose static as the range type, a new menu item, First Public Address, becomes visible. Select First Public Address and enter the ﬁrst exterior IP address in the range you want to assign. Select Last Public Address and enter an IP address at the end of the range. Select ADD NAT PUBLIC RANGE and press Return.
Page 97 Select First and Last Private Address and enter the ﬁrst and last interior IP addresses you want to assign to this mapping. Select Use NAT Public Range and press Return. A screen appears displaying the public ranges you have deﬁned. +-Public Address Range------------Type----Name-------------+ +----------------------------------------------------------+ | 0.0.0.0...
Page 98: Modifying Map Lists
9-12 User’s Reference Guide Select ADD NAT MAP and press Return. Your mapping is added to your map list. Modifying map lists You can make changes to an existing map list after you have created it. Since there may be more than one map list you must select which one you are modifying.
Page 99 Add Map allows you to add a new map to the map list. Show/Change Maps allows you to modify the individual maps within the list. Delete Map allows you to delete a map from the list. Move Map allows you to change the priority order in which the map is evaluated within the list. See “Moving maps”...
Page 100 9-14 User’s Reference Guide Make any modiﬁcations you need and then select CHANGE NAT MAP and press Return. Your changes will become effective and you will be returned to the Show/Change NAT Map List screen. Moving maps The Move Maps screen permits reordering the priority of maps in a map list. Since the maps are read from top to bottom, those at the top have the highest priority, those at the bottom have the lowest.
Page 101: Adding Server Lists
+---Private Address Range---------Type----Public Address Range------------+ +-------------------------------------------------------------------------+ | 192.168.1.2 | 192.168.1.1 | 192.168.1.252 +-------------------------------------------------------------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. You can press Escape at any time in the pop-up menu to abort the move and restore the map list to its original ordering.
Page 102 9-16 User’s Reference Guide Select Server List Name and type in a descriptive name. A new menu item, Add Server, appears. Select Add Server and press Return. The Add NAT Server screen appears. Service... Server Private IP Address: Public IP Address: ADD NAT SERVER Select Service and press Return.
Page 103 Add NAT Server List screen. Note: To use CUSeeMe (or other services that listen on speciﬁc ports) through the Netopia R310, you must export the ports 7648 and 7649. In MultiNat, you may use a port range export. Without the export, CUSeeMe will fail to work.
Page 104 9-18 User’s Reference Guide Select the Server List Name you want to modify from the pop-up menu and press Return. Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. The Show/Change NAT Server List screen appears. Server List Name: Add Server...
Page 105 +-Private Address--Public Address----Port------------+ +----------------------------------------------------+ Se| 192.168.1.254 | 192.168.1.254 | 192.168.1.254 Ad| 192.168.1.254 | 192.168.1.254 +----------------------------------------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. Select any server from the list and press Return. The Change NAT Server screen appears. Service...
Page 106: Binding Map Lists And Server Lists
9-20 User’s Reference Guide A pop-up menu lists your conﬁgured servers. Select the one you want to delete and press Return. A dialog box asks you to conﬁrm your choice. +-Internal Address-External Address--Port------------+ +----------------------------------------------------+ Se| 192.168.1.254 | 19+----------------------------------------------+ | | 19+----------------------------------------------+ | | Are you sure you want to delete this Server? | | +----------------------------------------------+ | +----------------------------------------------------+...
Page 107 Address Translation Enabled: IP Addressing... NAT Map List... NAT Server List... Local WAN IP Address: Remote IP Address: Remote IP Mask: Filter Set... Remove Filter Set Receive RIP: Return/Enter to select <among/between> ... Configure IP requirements for a remote network connection here. Select NAT Map List and press Return.
Page 108: Nat Associations
9-22 User’s Reference Guide Address Trans| Easy-Servers IP Addressing| my_servers NAT Map List.| NAT Server Li| Local WAN IP | Local WAN IP | Remote IP Add| Remote IP Mas| Filter Set...| Remove Filter| Receive RIP: | Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit. Select the server list you want to bind to this Connection Proﬁle and press Return.
Page 109 Profile/Interface Name-------------Nat?-Map List Name-----Server List Name Default Answer Profile Easy Setup Profile Profile 01 Profile 02 Profile 03 You can toggle NAT? On or Off for each Proﬁle/Interface name. You do this by navigating to the NAT? ﬁeld associated with each proﬁle using the arrow keys. Toggle NAT on or off by using the Tab key. You can reassign any of your map lists or server lists to any of the Proﬁle/Interfaces.
Page 110: Multinat Conﬁguration Example
Public IP addresses assigned by the ISP are 206.1.1.1 through 206.1.1.6 (255.255.255.248 subnet mask). Your internal devices have IP addresses of 192.168.1.1 through 192.168.1.254 (255.255.255.0 subnet mask). Netopia R310's address is: Web server's address is: Mail server's address is: FTP server's address is: In this example you will statically map the ﬁrst ﬁve public IP addresses (206.1.1.1 - 206.1.1.5) to the ﬁrst ﬁve...
Page 111 Default IP Gateway: IP Address Serving: Number of Client IP Addresses: 1st Client Address: PREVIOUS SCREEN Set up the basic IP attributes of your Netopia in this screen. Then navigate to the Network Address Translation (NAT) screen. System Main Menu...
Page 112 9-26 User’s Reference Guide Select Show/Change Public Range, then Easy-PAT Range, and press Return. Enter the value your ISP assigned for your public address (206.1.1.6, in this example). Toggle Type to pat. Your public address is then mapped to the remaining private IP addresses using PAT. (If you were not using the Easy-PAT Range and Easy-PAT List that is created by default by using Easy Setup, you would have to deﬁne a public range and Map List.
Page 113: Notes On The Example
You do this through either the NAT Associations screen or the proﬁle’s conﬁguration screens. The PAT part of this example setup will allow any user on the Netopia R310's LAN with an IP address in the range of 192.168.1.6 through 192.168.1.254 to initiate trafﬁc ﬂow to the outside world (for example, the Internet).
Page 114: Ip Subnets
IP address, 206.1.1.3. For the sake of this example, alias both services to 206.1.1.2. Now, as before, the PAT conﬁguration will allow any user on the Netopia R310's LAN with an IP address in the range of 192.168.1.6 through 192.168.1.254 to initiate trafﬁc ﬂow to the Internet.
Page 115 All eight row labels are always visible, regardless of the number of subnets conﬁgured. To add an IP subnet, enter the Netopia R310’s IP address on the subnet in the IP Address ﬁeld in a particular row and the subnet mask for the subnet in the Subnet Mask ﬁeld in that row.
Page 116: Static Routes
Static routes are IP routes that are maintained manually. Each static route acts as a pointer that tells the Netopia R310 how to reach a particular network. However, static routes are used only if they appear in the IP routing table, which contains all of the routes used by the Netopia R310 (see Static routes are helpful in situations where a route to a network must be used and other means of ﬁnding the...
Page 117 Dest. Network: The network IP address of the destination network. Subnet Mask: The subnet mask associated with the destination network. Next Gateway: The IP address of the router that will be used to reach the destination network. IP Setup and Network Address Translation 9-31 Static Routes Display/Change Static Route...
Page 118 Select Destination Network Subnet Mask and enter the subnet mask used by the destination network. Select Next Gateway IP Address and enter the IP address for the router that the Netopia R310 will use to reach the destination network. This router does not necessarily have to be part of the destination network, but it must at least know where to forward packets destined for that network.
Page 119 Rules of static route installation The Netopia R310 applies certain rules before installing enabled static routes in the IP routing table. An enabled static route will not be installed in the IP routing table if any of the following conditions are true: The static route’s Next Gateway IP Address matches the IP address used by a connection proﬁle or the...
Page 120: Ip Address Serving
Menu Configuration In addition to being a router, the Netopia R310 is also an IP address server. There are three protocols it can use to distribute IP addresses. The ﬁrst, called Dynamic Host Conﬁguration Protocol (DHCP), is widely supported on PC networks, as well as Apple Macintosh computers using Open Transport and computers using the UNIX operating system.
Page 121: Dhcp Netbios Options
DNS to be served that was acquired via DHCP. The Netopia R310 defaults to a DHCP lease time of one hour. If this is unnecessarily brief for your network environment, you can conﬁgure the DHCP Lease Time (Hours) ﬁeld. You can enter any number up to and including 168 (one week) for the DHCP lease.
Page 122 9-36 User’s Reference Guide Serve NetBios Type: NetBios Type... Serve NetBios Scope: NetBios Scope: Serve NetBios Name Server: NetBios Name Server IP Addr: Configure DHCP-served NetBIOS options here. To serve DHCP clients with the type of NetBIOS used on your network, select Serve NetBIOS Type and toggle it to Yes.
Page 123 IP Setup and Network Address Translation 9-37 Select NetBIOS Name Server IP Address and enter the IP address for the NetBIOS name server. You are now ﬁnished setting up DHCP NetBIOS Options. To return to the IP Address Serving screen press the Escape key once.
Page 124 9-38 User’s Reference Guide...
Page 125: Overview
(Internet). The Netopia R310 can be used in VPNs either to initiate the connection or to answer it. When used in this way, the routers are said to be tunnelling through the public network (Internet). The advantages are that, like your long distance phone call, you don't need a direct line between one computer or LAN and the other, but use the local connections, making it much cheaper;...
Page 126 Netopia’s PPTP implementation is compatible with Microsoft’s and can function as either the client (PAC) or the server (PNS). As a client, a Netopia R-series router can provide all users on a LAN with secure access over the Internet to the resources of another LAN by setting up a tunnel with a Windows NT server running Remote Access Services (RAS) or with another Netopia Router.
Page 127 General Routing Encapsulation (GRE), at one end of the tunnel, and unwraps, or decapsulates, it at the other end. Conﬁguring the Netopia R310 for use with either of the two protocols is done through the console-based menu screens. Each type is described in its own section: “About PPTP Tunnels”...
Page 128 PPTP server or to terminate a tunnel initiated by a remote PPTP client. To set up the router as a PPTP Network Server (PNS) capable of answering PPTP tunnel requests you must also conﬁgure the VPN Default Answer Proﬁle. See PPTP is a Datalink Encapsulation option in Connection Proﬁles.
Page 129 If you do not specify the PPTP Partner IP Address, the router will use the default gateway to reach the partner and the Tunnel Via Gateway ﬁeld is hidden. If the partner should be reached via an alternate port (i.e.
Page 130 PPTP client. You must specify a Receive Secret, used for authenticating the remote PPTP client. You can specify that this router will Initiate Connections (acting as a PAC) or only answer them (acting as a PNS). Tunnels are normally initiated On Demand; however, you can disable this feature. When disabled, the tunnel must be manually established via the call management screens or may be scheduled using the scheduled connections feature.
Page 131 Netopia’s ATMP implementation supports Data Encryption Standard (DES) data encryption for user data transfer over the ATMP tunnel between two Netopia routers. The encryption option, none or DES, is a selectable option in the ATMP Tunnel Options screen.
Page 132 10-8 Firmware Version 4.6 Addendum The WAN Conﬁguration menu offers a VPN Default Answer Proﬁle option. Use this selection when your router is acting as the server for VPN connections, that is, when you are on the answering end of the tunnel establishment.
Page 133 For PPTP tunnel connections only, you must deﬁne what type of authentication these connections will use. Select Receive Authentication and press Return. A pop-up menu offers the following options: PAP (the default), CHAP, or MS-CHAP. If you chose PAP or CHAP authentication, from the Data Compression pop-up menu select either None (the default) or Standard LZS.
Page 134 Microsoft Windows Dial-Up Networking software permits a remote standalone workstation to establish a VPN tunnel to a PPTP server such as a Netopia R310 located at a central site. Dial-Up Networking also allows a mobile user who may not be connected to a PAC to dial into an intermediate ISP and establish a VPN tunnel to, for example, a corporate headquarters, remotely.
Page 135 The Communications window appears. In the Communications window, select Dial-Up Networking and click the OK button. This returns you to the Windows Setup screen. Click the OK button. Respond to the prompts to install Dial-Up Networking from the system disks or CDROM. When prompted, reboot your PC.
Page 136 Windows 98 users select PPP: Windows 98, Windows NT Server, Internet In the Allowed network protocols area check TCP/IP and uncheck all of the other checkboxes. Note: Netopia’s PPTP implementation does not currently support tunnelling of IPX and NetBEUI protocols.
Page 137 Click the TCP/IP Settings button. If your ISP uses dynamic IP addressing (DHCP), select the Server assigned IP address radio button. If your ISP uses static IP addressing, select the Specify an IP address radio button and enter your assigned IP address in the ﬁelds provided. Also enter the IP address in the Primary and Secondary DNS ﬁelds.
Page 138 10-14 Firmware Version 4.6 Addendum Before Installing the VPN Client you must have TCP/IP installed and have an established Internet connection. From your Internet browser navigate to the following URL: http://www.microsoft.com/NTServer/nts/downloads/recommended/dunl3win95/releasenotes.aso Download the Microsoft Windows 95 VPN patch dun 1.3 to the Windows 95 computer you intend to use as a VPN client with PPTP.
Page 139 Click the Windows Setup tab. The Windows Setup screen will be displayed within the top center box. Double-click Communications. This displays a list of possible selections for the communications option. Active components will have a check in the checkboxes to their left. Check Dial Up Networking at the top of the list and Virtual Private Networking at the bottom of the list.
Page 140 Connection Proﬁles. Note: The R9100 Ethernet-to-Ethernet Router now has access to Connection Proﬁles for tunnelling purposes. If the PPP dialup kit is not installed you cannot use PPP as a datalink encapsulation, and have access only to ATMP and PPTP.
Page 141 Profile Name: Profile Enabled: Data Link Encapsulation... Data Link Options... IP Enabled: IP Profile Parameters... ADD PROFILE NOW When you deﬁne a Connection Proﬁle as using ATMP by selecting ATMP as the datalink encapsulation method, and then select Data Link Options, the ATMP Tunnel Options screen appears. ATMP Partner IP Address: Tunnel Via Gateway: Network Name:...
Page 142 You can specify a Network Name. When the tunnel partner is another Netopia R310, this name may be used to match against a Connection Proﬁle. When the partner is an Ascend router in Gateway mode, then Network Name is used by the Ascend router to match a gateway proﬁle.
Page 143 Ordinarily, Ping is an excellent troubleshooting tool, but it will not be effective in this circumstance. Instead, use another TCP- or UDP-based network service for troubleshooting. Since the Netopia R310 is capable of serving Telnet and HTTP, we recommend using these services instead of Ping.
Page 144: Pptp Example
10-20 Firmware Version 4.6 Addendum An administrator interested in securing a network will usually combine the use of VPNs with the use of a ﬁrewall or some similar mechanism. This is because a VPN is not a complete security solution, but rather a component of overall security.
Page 145: Chapter 10 — Virtual Private Networks (Vpn)
To enable a ﬁrewall to allow PPTP trafﬁc, you must provision the ﬁrewall to allow inbound and outbound TCP packets speciﬁcally destined for port 1723. The source port may be dynamic, so often it is not useful to apply a compare function upon this portion of the control/negotiation packets. You must also set the ﬁrewall to allow inbound and outbound GRE packets, enabling transport of the tunnel payload.
Page 146 10-22 Firmware Version 4.6 Addendum For Input Filter 2 set the Protocol Type to allow GRE as shown below. Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+...
Page 147 For Output Filter 2 set the Protocol Type to allow GRE as shown below. Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: Virtual Private Networks (VPN) 10-23 Change Output Filter 2 0.0.0.0 0.0.0.0 0.0.0.0...
Page 148 10-24 Firmware Version 4.6 Addendum To enable a ﬁrewall to allow ATMP trafﬁc, you must provision the ﬁrewall to allow inbound and outbound UDP packets speciﬁcally destined for port 5150. The source port may be dynamic, so often it is not useful to apply a compare function on this portion of the control/negotiation packets.
Page 149 For Input Filter 2 set the Protocol Type to allow GRE as shown below. Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: In the Display/Change IP Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+...
Page 150 10-26 Firmware Version 4.6 Addendum For Output Filter 2 set the Protocol Type to allow GRE as shown below. Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: Change Output Filter 2 0.0.0.0 0.0.0.0 0.0.0.0...
Page 151: Quick View Status Overview
“SNMP” on page 11-10 Quick View status overview You can get a useful, overall status report from the Netopia R310 in the Quick View screen. To go to the Quick View screen, select Quick View in the Main Menu. The Quick View screen has three status sections:...
Page 152: General Status
Default IP Gateway: The router’s default gateway, which may be either manually conﬁgured or learned via DHCP. This is the value you assigned in the Default IP Gateway ﬁeld on page 6-8. If you are using the router’s defaults (DHCP and NAT) this value will be 0.0.0.0. If you have assigned an IP address as your default gateway, it is shown here.
Page 153: Current Status
(if available). Status lights This section shows the current real-time status of the Netopia R310’s status lights (LEDs). It is useful for remotely monitoring the router’s status. The Quick View screen’s arrangement of LEDs corresponds to the physical arrangement of LEDs on the router.
Page 154: Statistics & Logs
Main Menu When you are troubleshooting your Netopia R310, the Statistics & Logs screens provide insight into the recent event activities of the router. From the Main Menu go to Statistics & Logs and select one of the options described in the sections below.
Page 155: Event Histories
You can view two different event histories: one for the router’s system and one for the WAN. The Netopia R310’s built-in battery backup prevents loss of event history from a shutdown or reset.
Page 156 11-6 User’s Reference Guide WAN Event History The WAN Event History screen lists a total of 128 events on the WAN. The most recent events appear at the top. -Date-----Time-----Event------------------------------------------------------ ----------------------------------SCROLL UP----------------------------------- 09/04/98 12:58:34 09/04/98 12:58:34 09/04/98 12:58:34 09/04/98 12:58:32 09/04/98 12:58:24 >>Issued 64Kb Setup Request from our DN: 5105776430 09/04/98 10:35:54 09/04/98 10:35:54...
Page 157: Routing Tables
To clear the Device Event History, select Clear History and press Return. Routing tables You can view all of the IP routes in the Netopia R310’s IP routing tables. To go to the IP routing table screen, select IP Routing Table from the Statistics & Logs screen.
Page 158: Served Ip Addresses
255.255.255.255 255.255.255.255 255.255.255.255 -- ---------------------------------SCROLL DOWN---------------------------------- UPDATE Served IP Addresses You can view all of the IP addresses currently being served by the Netopia R310 ISDN Router from the Served IP Addresses screen. Statistics & Logs WAN Event History... Device Event History...
Page 159 From the Statistics & Logs menu, select Served IP Addresses. The Served IP Addresses screen appears. -IP Address-------Type----Expires--Client Identifier-------------------------- ----------------------------------SCROLL UP----------------------------------- 192.168.1.100 192.168.1.101 192.168.1.102 192.168.1.103 192.168.1.104 192.168.1.105 192.168.1.106 192.168.1.107 192.168.1.108 192.168.1.109 192.168.1.110 192.168.1.111 192.168.1.112 192.168.1.113 ---------------------------------SCROLL DOWN---------------------------------- Lease Management... EN = Ethernet Address; CP = Profile Name; HX = hex To manage DHCP leases, select Lease Management in this screen.
Page 160: System Information
Ethernet MIB (RFC 1643) Netopia MIB These MIBs are on the Netopia R310 CD included with the Netopia R310. Load these MIBs into your SNMP management software in the order they are listed here. Follow the instructions included with your SNMP manager on how to load MIBs.
Page 161: The Snmp Setup Screen
Select System Contact and enter the name of the person responsible for maintaining the router. System Name, System Location, and System Contact set the values returned by the Netopia R310 SNMP agent for the SysName, SysLocation, and SysContact objects, respectively, in the MIB II system group. Although optional, the information you enter in these items can help a system administrator manage the network more efﬁciently.
Page 162: Snmp Traps
SNMP traps An SNMP trap is an informational message sent from an SNMP agent (in this case, the Netopia R310) to a manager. When a manager receives a trap, it may log the trap as well as generate an alert message of its own.
Page 163 Setting the IP trap receivers Select Add IP Trap Receiver. Select Receiver IP Address or Domain Name. Enter the IP address or domain name of the SNMP manager you want to receive the trap. Select Community String. Enter whatever community string is appropriate for the traps to be sent to the management station whose IP address or domain name you entered on the previous line.
Page 164 11-14 User’s Reference Guide...
Page 165: Chapter 12 - Security
User accounts When you ﬁrst set up and conﬁgure the Netopia R310, no passwords are required to access the conﬁguration screens. Anyone could tamper with the router’s conﬁguration by simply connecting it to a console. 12-1, lists actions for blocking potential security holes.
Page 166 12-2 User’s Reference Guide However, by adding user accounts, you can protect the most sensitive screens from unauthorized access. User accounts are composed of name/password combinations that can be given to authorized users. Caution! You are strongly encouraged to add protection to the conﬁguration screens. Unprotected screens could allow an unauthorized user to compromise the operation of your entire network.
Page 167 When you enter your password, you are prompted to conﬁrm it by re-entering it in a pop-up window. +----------------------------------------------------------------+ En+----------------------------------------------------------------+ En| Please re-enter Password: De+----------------------------------------------------------------+ Password for This Screen (11 chars max): Configuration Changes Reset WAN Connection: Re-type your password to conﬁrm your entry. When you press Return, the password becomes effective. Protecting the conﬁguration screens You can protect the conﬁguration screens with user accounts.
Page 168: Dial-In Console Access
Remote modem terminal emulator setups can dial in to either internal modem line and establish a remote console session, even though they are not using PPP. This allows Netopia Inc.'s “Up and Running, Guaranteed!” department or other administrator with the appropriate security to remotely conﬁgure your router for you. If you used SmartStart to conﬁgure your router, this option will be set to “No”.
Page 169: Telnet Access
Security 12-5 Telnet access Telnet is a TCP/IP service that allows remote terminals to access hosts on an IP network. The Netopia R310 supports Telnet access to its conﬁguration screens. Caution! You should consider password-protecting or restricting Telnet access to the Netopia R310 if you suspect there is a chance of tampering.
Page 170 12-6 User’s Reference Guide Each inspector has a speciﬁc task. One inspector’s task may be to examine the destination address of all outgoing packages. That inspector looks for a certain destination—which could be as speciﬁc as a street address or as broad as an entire country—and checks each package’s destination address to see if it matches that destination.
Page 171: How Individual Filters Work
This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match occurs, the packet is blocked. Here is what this rule looks like when implemented as a ﬁlter on the Netopia R310: +-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +--------------------------------------------------------------------+ 199.211.211.17...
Page 172 12-8 User’s Reference Guide Parts of a ﬁlter A ﬁlter consists of criteria based on packet attributes. A typical ﬁlter can match a packet on any one of the following attributes: The source IP address (where the packet was sent from) The destination IP address (where the packet is going) The type of higher-layer Internet protocol the packet is carrying, such as TCP or UDP Port numbers...
Page 173 Equal: For the ﬁlter to match, the packet’s port number must equal the port number speciﬁed in the ﬁlter. Greater Than: For the ﬁlter to match, the packet’s port number must be greater than the port number speciﬁed in the ﬁlter. Greater Than or Equal: For the ﬁlter to match, the packet’s port number must be greater than or equal to the port number speciﬁed in the ﬁlter.
Page 174 12-10 User’s Reference Guide Proto: The protocol to match. This can be entered as a number (see the table below) or as TCP or UDP if using those protocols. Protocol ICMP Src. Port: The source port to match. This is the port on the sending host that originated the packet. D.
Page 175: Design Guidelines
The ﬁlter should be enabled and instructed to block the Telnet packets containing the source address shown in step 2: On? = Yes Fwd = No This four-step process is how we produced the following ﬁlter from the original rule: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ 192.211.211.17...
Page 176: Working With Ip Filters And Filter Sets
12-12 User’s Reference Guide discarded if all the ﬁlters are conﬁgured to pass (forward). discarded if the set contains a combination of pass and discard ﬁlters. Disadvantages of ﬁlters Although using ﬁlter sets can greatly enhance network security, there are disadvantages: Filters are complex.
Page 177: Adding A Filter Set
Return/Enter to configure and add a new Filter Set Set Up IP Filter Sets (Firewalls) from this and the following Menus. The procedure for creating and maintaining ﬁlter sets is as follows: Add a new ﬁlter set. Create the ﬁlters for the new ﬁlter set. View, change, or delete individual ﬁlters and ﬁlter sets.
Page 178 12-14 User’s Reference Guide Filter Set Name: Display/Change Input Filter... Add Input Filter... Delete Input Filter... Display/Change Output Filter... Add Output Filter... Delete Output Filter... ADD FILTER SET Configure the Filter Set name and its associated Filters. Naming a new ﬁlter set All new ﬁlter sets have a default name.
Page 179 The Netopia R-series Router Packets in the Netopia R310 pass through an input ﬁlter if they originate in the WAN and through an output ﬁlter if they’re being sent out to the WAN. The process for adding input and output ﬁlters is exactly the same. The main difference between the two involves their reference to source and destination.
Page 180 12-16 User’s Reference Guide Enabled: Forward: Source IP Address: Source IP Address Mask: Dest. IP Address: Dest. IP Address Mask: Protocol Type: ICMP Type Compare... ICMP Type: ICMP Code Compare... ICMP Code: ADD THIS FILTER NOW Enter a type: 'ICMP', 'UDP', 'TCP', 'Any', or a number between 0 and 255. To make the ﬁlter active in the ﬁlter set, select Enabled and toggle it to Yes.
Page 181 10. Select ICMP Code Compare and choose one of the following options from the pop-up menu: No Compare, Not Equal To, Less Than, Less Than or Equal, Equal, Greater Than or Equal, or Greater Than. 11. In addition to the Type, an 8-bit ﬁeld, Code, gives more information about the Type. Select ICMP Codes and select more information about the type.
Page 182: Viewing Filter Sets
12-18 User’s Reference Guide Modifying ﬁlters To modify a ﬁlter, select Display/Change Input Filter (Display/ Change Output Filter) in the Add IP Filter Set screen to display a table of ﬁlters. Select a ﬁlter from the table and press Return to go to the Change Filter screen. The parameters in this screen are the same as the ones in the Add Filter screen (see Enter the IP specific information for this filter.
Page 183: Deleting A Filter Set
ﬁlter set. A sample IP ﬁlter set This section contains the settings for a ﬁlter set, called Basic Firewall, which is part of the Netopia R310’s factory conﬁguration. Basic Firewall blocks undesirable trafﬁc originating from the WAN (in most cases, the Internet), but passes all trafﬁc originating from the LAN.
Page 184 12-20 User’s Reference Guide The ﬁve input ﬁlters and one output ﬁlter that make up Basic Firewall are shown in the table below. Input ﬁlter Setting Enabled Forward Source IP 0.0.0.0 address Source IP 0.0.0.0 address mask Dest. IP 0.0.0.0 address Dest.
Page 185 Basic Firewall is suitable for a LAN containing only client hosts that wish to access servers on the WAN, not for a LAN containing servers providing services to clients on the WAN. Basic Firewall’s general strategy is to explicitly pass WAN-originated TCP and UDP trafﬁc to ports greater than 1023. Ports lower than 1024 are the service origination ports for various Internet services such as FTP, Telnet, and the World Wide Web (WWW).
Page 186: Firewall Tutorial
12-22 User’s Reference Guide FTP sessions. To allow WAN-originated FTP sessions to a LAN-based FTP server with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243), insert the following input ﬁlter ahead of the current input ﬁlter 1: Enabled: Yes Forward: Yes Source IP Address: 0.0.0.0...
Page 187: Basic Protocol Types
This header information is what the packet ﬁlter uses to make ﬁltering decisions. It is important to note that a packet ﬁlter does not look into the IP datastream (the User Data from above) to make ﬁltering decisions. Basic Protocol Types TCP: Transmission Control Protocol.
Page 188 12-24 User’s Reference Guide Firewall Logic Firewall design is a test of logic, and ﬁlter rule ordering is critical. If a packet is passed through a series of ﬁlter rules and then the packet matches a rule, the appropriate action is taken. The packet will not pass through the remainder of the ﬁlter rules.
Page 189 Incoming Packet: IP 163.176.1.15 AND the incoming packet and subnet mask together, the result is: which matches the IP address in the ﬁlter rule and the packet is denied. Implied Rules With a given set of ﬁlter rules, there is an Implied rule which may or may not be shown to the user. The implied rule tells the ﬁlter set what to do with a packet that does not match any of the ﬁlter rules.
Page 190: Filter Basics
In the source or destination IP address ﬁelds, the IP address that is entered MUST be the NETWORK address of the subnet. A HOST address can be entered, but the applied subnet mask must be 32 bits (255.255.255.255). The Netopia R310 has the ability to compare source and destination TCP or UDP ports. These options are as follows:...
Page 191: Example Filters
IP Address 200.1.1.28 255.255.255.128 This incoming IP packet has a source IP address that matches the network address in the Source IP Address ﬁeld (00000000) in the Netopia R310. This will NOT forward this packet. Incoming Packet Filter Netopia 200.1.1.0 (Source IP Network Address) 255.255.255.128...
Page 192 IP Address 200.1.1.184 255.255.255.240 Since the Source IP Network Address in the Netopia R310 is 01100000, and the source IP address after the logical AND is 1011000, this rule does NOT match and this packet will be passed. 200.1.1.0 (Source IP Network Address) 255.255.255.128...
Page 193 IP Address 200.1.1.104 255.255.255.240 Since the Source IP Network Address in the Netopia R310 is 01100000, and the source IP address after the logical AND is 01100000, this rule DOES match and this packet will NOT be passed. Example 5 Filter Rule: Incoming packet has the source address of 200.1.1.96...
Page 194: Token Security Authentication
As a remote device, the Netopia R310 offers client/calling side security authentication. This feature allows the Netopia R310 to call a server router and perform security card authentication. The router of the called server must have access to a server with ACE software loaded on it.
Page 195: Security Authentication Components
Note: The Netopia R310 does not include a security authentication token card. Conﬁguring for security authentication To conﬁgure the Netopia R310 to support security authentication, select an authentication method and set up a designated connection proﬁle from the System Conﬁguration screen or your ﬁrst connection proﬁle from Easy Setup.
Page 196: Connecting Using Security Authentication
CACHE-TOKEN. Your network administrator or the remote network administrator will tell you which method to select. If you select PAP-TOKEN, select Send User Name and enter a name for your Netopia R310. You will not need to enter a Send Password for PAP-TOKEN. Press Return.
Page 197 Select Secure Authentication Monitor and press Return. The Secure Authentication Monitor screen appears. Wait for the call to initiate. Profile Name---State---%Use---Remote Address---Est.---More Info--- Status --- Passcode Required For Connection Profile: 0-Challenge: Enter PASSCODE: Passcode: From the ﬁelds that appear, select Enter PASSCODE and press Return. Enter your PIN and the code displayed on your security authentication token card LED.
Page 198 12-34 User’s Reference Guide Note: When using CACHE-TOKEN, your passcode is valid for a time interval determined by the network administrator. When this time interval expires, you must provide a new passcode for the call negotiation. When using PAP-TOKEN, your passcode is valid for one call negotiation. For a second call negotiation, you must enter the next passcode provided by the security authentication token card every 60 seconds.
Page 199: Chapter 13 — Utilities And Diagnostics
A number of utilities and tests are available for system diagnostic and control purposes: “Ping” on page 13-2 “Telnet client” on page 13-4 “Trace Route” on page 13-5 “Secure Authentication Monitor” on page 13-6 “Disconnect Telnet Console Session” on page 13-7 “Transferring conﬁguration and ﬁrmware ﬁles with TFTP”...
Page 200: Ping
(Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender. Ping allows you to see whether a particular IP destination is reachable from the Netopia R310. You can also ascertain the quality and reliability of the connection to the desired destination by studying the Ping test’s statistics.
Page 201 Packets In count. In the example below, a Netopia R310 is sending Ping packets to another host, which responds with return Ping packets. Note that the second return Ping packet is considered to be late because it is not received by the Netopia R310 before the third Ping packet is sent.
Page 202: Telnet Client
The time-to-live (TTL) value for each Ping packet sent by the Netopia R310 is 255, the maximum allowed. The TTL value deﬁnes the number of IP routers that the packet can traverse. Ping packets that reach their TTL value are dropped, and a “destination unreachable”...
Page 203: Trace Route
Terminate Suspended Session – select this one if you want to end the session Trace Route You can count the number of routers between your Netopia Router and a given destination with the Trace Route utility. Select Trace Route in the Statistics & Diagnostics screen and press Return to go to the Trace Route screen.
Page 204: Secure Authentication Monitor
Select Timeout per probe (1..10 sec) to set when the trace will timeout for each hop, up to 10 seconds. The default is 3 seconds. Select Use Reverse DNS to learn the names of the routers between the Netopia Router and the destination router. The default is Yes.
Page 205: Disconnect Telnet Console Session
If you select Continue, you will immediately terminate your session. Factory defaults You can reset the Netopia R310 to its factory default settings. Select the Revert to Factory Defaults item in the Statistics & Diagnostics screen and press Return. Select CONTINUE in the dialog box and press Return.
Page 206: Updating Firmware
You may need to enter a ﬁle path along with the ﬁle name (for example, bigroot/conﬁg/myﬁle). Select Send Firmware to Netopia from TFTP Server and press Return. You will see the following dialog box: +-----------------------------------------------------------+...
Page 207: Downloading Conﬁguration Files
Some models do not support all ﬁrmware versions. Loading an incorrect ﬁrmware version can permanently damage the unit. Do not manually power down or reset the Netopia R310 while it is automatically resetting or it could be damaged. If you choose to download the ﬁrmware, the TFTP Transfer State item will change from Idle to Reading Firmware.
Page 208: Transferring Conﬁguration And Firmware Files With Xmodem
Transferring conﬁguration and ﬁrmware ﬁles with XMODEM You can transfer conﬁguration and ﬁrmware ﬁles with XMODEM through the Netopia R310’s console port. Be sure your terminal emulation program supports XMODEM ﬁle transfers.
Page 209: Downloading Conﬁguration Files
The system will reset at the end of a successful ﬁle transfer to put the new ﬁrmware into effect. While the system resets, the LEDs will blink on and off. Caution! Do not manually power down or reset the Netopia R310 while it is automatically resetting or it could be damaged. Downloading conﬁguration ﬁles The Netopia R310 can be conﬁgured by downloading a conﬁguration ﬁle.
Page 210: Uploading Conﬁguration Files
The system will reset at the end of a successful ﬁle transfer to put the new conﬁguration into effect. Uploading conﬁguration ﬁles A ﬁle containing a snapshot of the Netopia R310’s current conﬁguration can be uploaded from the Router to disk. The ﬁle can then be downloaded by a different Netopia R310 to conﬁgure its parameters (see “Downloading conﬁguration ﬁles”...
Page 211: Isdn Switch Loopback Test
The ISDN loopback test is designed to conﬁrm the existence of a working ISDN line and the proper conﬁguration of certain Netopia R310 ISDN Router parameters. This test is available only on switched ISDN lines. Using the ﬁrst B-channel, the test calls the Netopia R310 on the second B-channel, creating a call loop back to the unit.
Page 212 13-14 User’s Reference Guide If the loopback test fails Follow these suggestions to track down the reason behind the loopback test’s failure: Check that the WAN Ready LED is solid green. Check the ISDN event log and get more information about events that seem relevant to the failure. Check the B-channel usage in the Quick View screen to make sure there were no active calls when the loopback test was performed.
Page 214 User’s Reference Guide...
Page 215: Appendix A - Troubleshooting
Netopia R310. It also includes information on how to contact Netopia Technical Support. Important information on these problems may be found in the event histories kept by the Netopia R310. These event histories can be accessed in the Statistics, Utilities, Tests screen.
Page 216: Smartstart Troubleshooting
Problems communicating with remote IP hosts Verify the accuracy of the default gateway’s IP address (entered in the IP Setup or Easy Setup screen). Use the Netopia R310’s ping utility, in the Statistics, Tests, Utilities screen, and try to ping local and remote hosts. See “Ping”...
Page 217: Power Outages
Power outages If you suspect that power was restored after a power outage, and the Netopia R310 is connected to a remote site, you may need to switch the Netopia R310 off and then back on again. After temporary power outages, a connection that still seems to be up may actually be disconnected.
Page 218 Netopia World Wide Web server via http://www.netopia.com Internet via anonymous FTP to ftp.netopia.com/pub FAX-Back This service provides technical notes which answer the most commonly asked questions, and offer solutions for many common problems encountered with Netopia products. FAX-Back: +1 510-814-5040...
Page 219: Appendix B - Setting Up Telco Services
In either case, make sure there is a wall jack for the line near the location where you intend to install the Netopia Router. In many cases, ISDN can use the same physical wire used for analog service. For more information consult with your ISDN service provider.
Page 220: Completing The Isdn Worksheet
Setup tips Your ISDN service provider may have the Netopia Router on a list of supported products that have been tested with a particular ISDN line conﬁguration. Your ISDN service provider will know how to set up your line if the Netopia Router is on that list.
Page 221 Billing address for your ISDN line: ____________________________________________________________________________ ____________________________________________________________________________ 3. ISDN information ISDN line conﬁguration method used (check one): __ By product (Netopia Router) Type of switch (check one): __ EuroISDN (ETSI, NET3) –– Japanese NTT –– Australia TS013 Primary directory number (ID 1): ________________________________________________...
Page 222 B-4 User’s Reference Guide...
Page 223: Appendix C - Setting Up Internet Services
Note: Some companies act as their own ISP. For example, some organizations have branch ofﬁces that can use the Netopia R310 to access the Internet via the main ofﬁce in a point-to-point scenario. If you install the Netopia R310 in this type of environment, refer to the following sections for speciﬁc information you must receive from the network administrator to conﬁgure the Netopia R310 properly.
Page 224: Pricing And Support
Setting up a Netopia R310 account Check whether your ISP has the Netopia R310 on a list of supported products that have been tested with a particular conﬁguration. If the ISP does not have the Netopia R310 on such a list, describe the Netopia R310 in as much detail as needed, so your ISP account can be optimized.
Page 225: Obtaining Information From The Isp
If you are using SmartIP (NAT), you should obtain the following: If you are dialing out to a remote site using Network Address Translation on your router, your provider will not deﬁne the IP address information on your local LAN. You can deﬁne this information based on parameters deﬁned by another connection proﬁle such as that to a corporate network, or an IP...
Page 226 The telephone number of the ISP’s local or nearby dial-up POP (point-of-presence). Remote IP address of router at ISP or other remote site Remote IP subnet mask address of router at ISP or other remote site PPP authentication type for router at the ISP, such as PAP.
Page 227: Appendix D - Understanding Ip Addressing
This appendix is a brief general introduction to IP addressing. A basic understanding of IP will help you in conﬁguring the Netopia R310 and using some of its powerful features, such as static routes and packet ﬁltering. In packets, a header is part of the envelope information that surrounds the actual data being transmitted. In e-mail, a header is usually the address and routing information found at the top of messages.
Page 228: Subnets And Subnet Masks
D-2 User’s Reference Guide IP addresses indicate both the identity of the network and the identity of the individual host on the network. The number of bits used for the network number and the number of bits used for the host number can vary, as long as certain rules are followed.
Page 229: Example: Using Subnets On A Class C Ip Internet
When setting up IP routing with a Class A Address, or even multiple Class C Addresses, subnetting is fairly straightforward. Subnetting a single Class C address between two networks, however, is more complex. This section describes the general procedures for subnetting a single Class C network between two Netopia routers so that each can have Internet access.
Page 230 Below is a diagram of a simple network conﬁguration. The ISP is providing a Class C address to the customer site, and both networks A and B want to gain Internet access through this address. Netopia R310 B connects to Netopia R310 A and is provided Internet access through Routers A and B.
Page 231: Example: Working With A Class C Subnet
ISP's equipment. The most important item in this conﬁguration is the Static Route deﬁned on Router B. This tells Router B what path to take to get to the network deﬁned by Netopia R310 B. Without this information, Customer Site B will be able to access Customer Site A, but not the Internet.
Page 232: Technical Note On Subnet Masking
These two methods are not mutually exclusive; you can manually issue some of the addresses while the rest are distributed by the Netopia R310. Using the Router in this way allows it to function as an address server. One reason to use the Netopia R310 as an address server is that it takes less time than manually distributing the addresses.
Page 233: Conﬁguration
DHCP address lease for one hour. The Netopia R310 does release the DHCP address back to the available DHCP address pool precisely one hour after the last heard lease request as some other DHCP implementations may hold on to the lease for an additional time after the lease expired, to act as a buffer for variances in clocks between the client and server.
Page 234: Manually Distributing Ip Addresses
For a DYNAMIC address, the Netopia R310 will release the address back to the address pool after it has lost contact with the Mac workstation for over 2 minutes. For a STATIC address, the Netopia R310 will release the address back to the address pool after it has lost contact with the Mac workstation for over 20 minutes.
Page 235 (199.1.1.49, 199.1.1.50, and 199.1.1.51). Understanding IP Addressing D-9 Distributed to the (Ethernet IP address) Pool of Addresses Distributed Netopia R310 Manually distributed (static) by MacIP and DHCP...
Page 236: Nested Ip Subnets
The ﬁgure at left shows a possible network conﬁguration following this scheme. The main network is set up with the Class C address a.b.c.0, and contains Router A (which could be a Netopia R310), a Netopia R310, and a number of other hosts. Router A maintains a link to the Internet, and may be used as the default gateway.
Page 237 Router C a.b.c.248 The Netopia R310’s connection proﬁles for Routers B and C create entries in its IP routing table. One entry points to the subnet a.b.c.128, while a second entry points to the subnet a.b.c.248. The IP routing table might...
Page 238: Broadcasts
These two protocols specify two different ways to organize the very ﬁrst signals in the sequence of electrical signals that make up an IP packet travelling over Ethernet. By default, the Netopia R310 uses Ethernet packet headers for IP trafﬁc. If your network requires 802.3 IP framing, you must conﬁgure this through SNMP.
Page 239: Network Conﬁguration
R310 uses a one-to-many IP address mapping scheme, that is against a single IP address the Netopia R310 acquires on its WAN interface the Netopia R310 can proxy 14, 30, or an unlimited number of IP hosts on the LAN interface.
Page 240 192.168.5.1 and the address of the Router at the ISP is 200.1.1.1. Assuming that the addresses negotiated by the routers are valid and unique for the Internet, the Netopia R310 and the hosts on its LAN would be able to access the Internet.
Page 241 Dst Port:: 5001 As you can see, the IP packet from Workstation A is sent to the Netopia R310 and the source IP address is substituted with 200.1.1.40 and the source port is substituted with 5001, then the IP packet checksum is recalculated.
Page 242 Now both IP packets have the exact same source IP address (200.1.1.40) and source ports (400). The way the Netopia R310 is then able to distinguish between the two IP packets is to change the source TCP or UDP ports and keep this information in an internal table.
Page 243: Exported Services
If you were to look at the internal port mapping table that is maintained by the Netopia R310, it would look similar to the following: Source LAN IP 192.168.5.2 192.168.5.3 With this information the Netopia R310 can determine the appropriate routing for an IP response from the Internet.
Page 244: Important Notes
Device Event History. When using NAT it is most likely that the Netopia R310 will be receiving an IP address from a “pool” of dynamic IP addresses at the ISP. This means that the Netopia R310's IP presence on the Internet will change with each connection.
Page 245 Toggling Address Translation Enabled to Yes enables the Netopia R310 to send out an all-zeros IPCP address that requests an IP to be assigned to the Netopia R310’s WAN interface. Note that the remote IP address is 127.0.0.2, which should also be the Default Gateway under IP Setup in System Conﬁguration. This is done for proﬁle matching purposes and because the IP address of the router the Netopia R310 is dialing is not always...
Page 246: Summary
Summary NAT is a powerful feature of the Netopia R310 and when used and set up properly can yield a secure network while only using one IP address on the WAN interface. Note that the addresses listed in this appendix are for demonstration purposes only.
Page 247: Appendix F - Event Histories
This appendix is a list of some of the events that can appear in the Netopia R310’s Event Histories. The text that appears in a history is shown in bold, followed by a brief explanation and the parameters associated with the event.
Page 248: Isdn Event Cause Codes
F-2 User’s Reference Guide Received Clear Ind. from DN: Received clear indication from switch. Associated parameter: called directory number. Secondary associated parameter: cause code. Connection Conﬁrmed to our DN: Received connect conﬁrmation for Connect Request sent to the switch. Associated parameter: called directory number. Received Connect Ind.
Page 249 Event Histories F-3 Cause No. 16: normal call clearing. This cause indicates that the call is being cleared because one of the users involved in the call has requested that the call be cleared. Under normal situations, the source of this cause is not the network. Cause No.
Page 250 F-4 User’s Reference Guide Cause No. 42: switching equipment congestion. This cause indicates that the switching equipment generating this cause is experiencing a period of high trafﬁc. Cause No. 43: access information discarded. This cause indicates that the network could not deliver access information to the remote user as requested: i.e., user-to-user information, low layer compatibility, high layer compatibility, or a sub-address as indicated in the diagnostic.
Page 251 Event Histories F-5 Cause No. 83: a suspended call exists, but this call identify does not. This cause indicates that a call resume has been attempted with a call identity which differs from that in use for any presently suspended call(s).
Page 252 F-6 User’s Reference Guide Cause No. 111: protocol error, unspeciﬁed. This cause is used to report a protocol error event only when no other cause in the protocol error class applies. Cause No. 127: interworking, unspeciﬁed. This cause indicates there has been interworking with a network that does not provide causes for actions it takes;...
Page 253: Appendix G - Isdn Conﬁguration Guide
This appendix contains supplemental ISDN conﬁguration information. This section covers the following topics: “Deﬁnitions” on page G-1 “Dynamic B-channel usage” on page G-1 Deﬁnitions The following terms are used in this appendix: Directory number: The actual phone number associated with the ISDN line you order. Depending on the type of switch protocol used on your line, there may be one directory number for both B-channels, or one for each B-channel.
Page 254 G-2 User’s Reference Guide...
Page 255: Appendix H - Binary Conversion Table
This table is provided to help you choose subnet numbers and host numbers for IP and MacIP networks that use subnetting for IP addresses. Decimal Binary 1000 1001 1010 1011 1100 1101 1110 1111 10000 10001 10010 10011 10100 10101 10110 10111 11000...
Page 256 H-2 User’s Reference Guide Decimal Binary 10000000 10000001 10000010 10000011 10000100 10000101 10000110 10000111 10001000 10001001 10001010 10001011 10001100 10001101 10001110 10001111 10010000 10010001 10010010 10010011 10010100 10010101 10010110 10010111 10011000 10011001 10011010 10011011 10011100 10011101 10011110 10011111 Decimal Binary Decimal 10100000 10100001...
Page 257: Appendix I - Technical Speciﬁcations And Safety Information
Dimensions: 124.0 cm (w) x 20.0 cm (d) x 5.3 cm (h) 9.4” (w) x 7.9” (d) x 2.1” (h) Communications interfaces: The Netopia R310 ISDN Router has an RJ-45 jack for ISDN connections; a 4-port 10Base-T Ethernet hub for your LAN connection; and a DB-9 Console port.
Page 258: Agency Approvals
I-2 User’s Reference Guide Agency approvals North America Safety Approvals: United States – UL: 1950 Third Edition Canada – CSA: CAN/CSA-C22.2 No. 950-95 EMI: FCC Class A International Safety Approvals: Low Voltage (European directive) 72/23 EN60950 (Europe) ETSI 300 047 (Europe) AS/NRZ 3260 (Australia) TS001(Australia) TS008 (Australia)
Page 259 It is the responsibility of users requiring service to report the need for service to our Company or to one of our authorized agents. Service can be obtained at Netopia, Inc., 2470 Mariner Square Loop, Alameda, California, 94501. Important This product was tested for FCC compliance under conditions that included the use of shielded cables and connectors between system components.
Page 260: Important Safety Instructions
I-4 User’s Reference Guide Declaration for Canadian users The Canadian Industry Canada label identiﬁes certiﬁed equipment. This certiﬁcation means that the equipment meets certain telecommunications network protective, operation and safety requirements. The Department does not guarantee the equipment will operate to the user’s satisfaction. Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company.
Page 261 Do not use the telephone to report a gas leak in the vicinity of the leak. Battery The Netopia R310’s lithium battery is designed to last for the life of the product. The battery is not user-ser- viceable. Caution! Danger of explosion if battery is incorrectly replaced.
Page 262 I-6 User’s Reference Guide...
Page 263: Glossary 1
Glossary 1 Access Line: A telephone line reaching from the telephone company central ofﬁce to a point usually on your premises. Beyond this point the wire is considered inside wiring. See also Trunk Line. analog: In telecommunications, telephone transmission and/or switching that is not digital. An analog phone transmission is one that was originally intended to carry speech or voice, but may with appropriate modiﬁcations be used to carry data of other types.
Page 264 CNA (Calling Number Authentication): A security feature that will reject an incoming call if it does not match the Calling Number ﬁeld in one of the Netopia ISDN Router’s Connection Proﬁles. CND (Calling Number Delivery): Also known as caller ID, a feature that allows the Called Customer Premises Equipment (CPE) to receive a calling party’s directory number during the call establishment phase.
Page 265 (0 through F) represents four binary bits. Do not confuse the Ethernet address of a device with its network address. ﬁrmware: System software stored in a device’s memory that controls the device. The Netopia ISDN Router’s ﬁrmware can be updated.
Page 266 (not ISDN) telephone lines. Modem is a contraction of modulator-demodulator. NAT (Network Address Translation): A feature that allows communication between the LAN connected to the Netopia ISDN Router and the Internet using a single IP address, instead of having a separate IP address for each computer on the network.
Page 267 A physical or logical connection between a router and a network. Where a network only allows the use of one protocol, each physical connection corresponds to one logical router port. An example is the Netopia ISDN Router’s LocalTalk port. Where a network allows the use of several protocols, each physical connection may correspond to several logical router ports—one for each protocol used.
Page 268 WANs can span a state, a country, or even the world. WAN IP: In addition to being a router, the Netopia ISDN Router is also an IP address server. There are four protocols it can use to distribute IP addresses over the WAN which include: DHCP, BOOTP, IPCP and MacIP. WAN IP is a feature for Netopia ISDN Router models.
Page 269 10Base-T connecting 4-2 add static route adding a ﬁlter set 12-13 advanced conﬁguration features answer proﬁle call acceptance scenarios 8-12 deﬁned answering calls application software 4-1 ATMP 10-7 tunnel options 10-16 authentication and answer proﬁle B channel usage, dynamic G-1 back panel ports basic ﬁrewall...
Page 270 default terminal emulation software settings delayed conﬁguration 7-8 delete static route deleting ﬁlters 12-18 designing a new ﬁlter set DHCP deﬁned DHCP NetBIOS options dial-in conﬁguration 7-4 directory number, deﬁned G-1 disadvantages of ﬁlters 12-12 display a ﬁlter set distributing IP addresses DNS Proxying downloading a conﬁguration ﬁle 13-9 downloading conﬁguration ﬁles 13-11...
Page 271 9-8 server lists 9-8 navigating Easy Setup NCSA Telnet 5-3 nested IP subnets D-10 NetBIOS 9-35 NetBIOS scope Netopia answering calls connecting to Ethernet, rules 4-2 , 6- connection proﬁle 6-3 distributing IP addresses 9-34 IP setup monitoring 11-1...
Page 272 12-3 protecting the security options screen Quick View resetting the system 13-12 restricting telnet access 12-5 RIP 7-7 router to serve IP addresses to hosts 9-1 routing tables , 11- IP 9-30 scheduled connections adding deﬁned 8-1...
Page 273 ATMP 10-16 PPTP tunneling 10-2 updating ﬁrmware with TFTP 13-8 with XMODEM 13-10 updating router ﬁrmware uploading a conﬁguration ﬁle 13-9 uploading conﬁguration ﬁles with TFTP 13-9 with XMODEM 13-12 user accounts 12-1 using ﬁlters 12-12 utilities and diagnostics 13-1...
Page 274 Index-12...
Page 275: Limited Warranty And Limitation Of Remedies 1
Netopia warrants to you, the end user, that the Netopia R310™ ISDN Router (the “Product”) will be free from defects in materials and workmanship under normal use for a period of one (1) year from date of purchase. Netopia’s entire liability and your sole remedy under this warranty during the warranty period is that Netopia shall, at its sole option, either repair or replace the Product.
Page 276 User’s Reference Guide...

Netopia R310 User Reference Manual

Chapter 1 - Introduction

Chapter 2 - Making the Physical Connections

Chapter 3 - Setting up Your Router with the Smartstart Wizard

Chapter 4 — Connecting Your Local Area Network

Chapter 5 - Console-Based Management

Chapter 6 - Easy Setup

Chapter 7 — WAN and System Conﬁguration

Chapter 8 - Call Accounting and Default Answer Proﬁle

Chapter 9 - IP Setup and Network Address Translation

Chapter 10 — Virtual Private Networks (VPN)

Chapter 11 - Monitoring Tools

Chapter 12 - Security

Chapter 13 — Utilities and Diagnostics

Appendix A - Troubleshooting

Appendix B - Setting up Telco Services

Appendix C - Setting up Internet Services

Appendix D - Understanding IP Addressing

Appendix E - Understanding Netopia NAT Behavior

Appendix F - Event Histories

Appendix G - ISDN Configuration Guide

Appendix G - ISDN Conﬁguration Guide

Appendix H - Binary Conversion Table

Appendix I - Technical Specifications and Safety Information

Appendix I - Technical Speciﬁcations and Safety Information

Quick Links

Troubleshooting

Related Manuals for Netopia R310

Summary of Contents for Netopia R310