Page 1 ™ Netopia R9100 Ethernet Router for DSL and Cable Modems User’s Reference Guide...
Page 2 ©1997–98, Netopia, Inc., v.0300 All rights reserved. Printed in the U.S.A. This manual and any associated artwork, software, and product designs are copyrighted with all rights reserved. Under the copyright laws such materials may not be copied, in whole or part, without the prior written consent of Netopia, Inc.
Page 3: Table Of Contents
Welcome to the Netopia R9100 Ethernet Router User’s Reference Guide. This guide is designed to be your single source for information about your Netopia R9100 Ethernet Router. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been deliberately designed to present the maximum information in the minimum space on your screen.
Page 4 User’s Reference Guide Connecting to an Ethernet network... 4-5 10Base-T... 4-5 Adding an external modem ... 4-7 Connecting to a LocalTalk network ... 4-8 Wiring guidelines for PhoneNET cabling... 4-9 Chapter 5 — Setting up your Router with the SmartStart Wizard 5-1 Before running SmartStart ...
Page 5 Part II: Advanced Configuration Chapter 8 — WAN and System Conﬁguration ...8-1 WAN conﬁguration... 8-1 Creating a new Connection Proﬁle ... 8-3 Default Answer Proﬁle for Dial-in Connections ... 8-7 How the Default Answer Proﬁle works ... 8-7 System conﬁguration screens ... 8-9 Navigating through the system conﬁguration screens...
Page 6 User’s Reference Guide Chapter 10 — IPX Setup ...10-1 IPX features ... 10-1 IPX deﬁnitions ... 10-1 Internetwork Packet Exchange (IPX) ... 10-1 IPX address ... 10-2 Socket ... 10-2 Routing Information Protocol (RIP) ... 10-2 Service Advertising Protocol (SAP)... 10-2 NetBIOS ...
Page 7 System Information... 12-12 SNMP ... 12-12 The SNMP Setup screen ... 12-13 SNMP traps ... 12-14 SmartView ... 12-16 SmartView overview ... 12-16 Navigating SmartView... 12-16 General Machine information page ... 12-17 Event history pages... 12-17 Standard HTML web-based monitoring pages ... 12-19 Chapter 13 —...
Page 8 User’s Reference Guide Firewall tutorial ... 13-29 General ﬁrewall terms ... 13-29 Basic IP packet components ... 13-29 Basic protocol types ... 13-29 Firewall design rules... 13-30 Filter basics ... 13-32 Example ﬁlters ... 13-33 Chapter 14 — Utilities and Diagnostics ...14-1 Ping ...
Page 9 How to reach us... A-4 Appendix B — Understanding IP Addressing ...B-1 What is IP?... B-1 About IP addressing ... B-1 Subnets and subnet masks ... B-2 Example: Using subnets on a Class C IP internet... B-3 Example: Working with a Class C subnet ... B-5 Distributing IP addresses ...
Page 10 viii User’s Reference Guide Agency approvals... F-3 Regulatory notices ... F-3 Important safety instructions ... F-4 Glossary... GL-1 Index ...Index-1 Limited Warranty and Limitation of Remedies ...1...
Page 12 User’s Reference Guide...
Page 13: Chapter 1 - Introduction
Netopia R9100 with a cable or DSL modem provides businesses with a low-cost connection to the Internet while retaining the power of a router. Once your Netopia R9100 Ethernet Router is connected to your computer and an Internet connection device such as a cable or a DSL modem, and your account is activated by your network service provider, you will have a high-speed connection between your PC or LAN and the telephone company’s network of high-speed digital facilities.
Page 14: How To Use This Guide
How to use this guide This guide is designed to be your single source for information about your Netopia R9100 Ethernet Router. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been deliberately designed to present the maximum information in the minimum space on your screen.
Page 15: Chapter 2 - Setting Up Internet Services
Most most cable and DSL modems have a 10Base-T Ethernet connection port for connecting a PC. The Netopia R9100 Ethernet Router uses this connection port to connect all the computers on your LAN to the Internet. If your area has more than one ISP, the following considerations will help you decide which ISP is best suited for your requirements.
Page 16: Endorsements
Setting up an account using a Netopia R9100 Check whether your ISP has the Netopia R9100 on its list of supported products that have been tested with a particular conﬁguration. If the ISP does not have the Netopia R9100 on such a list, describe the Netopia R9100 in as much detail as needed, so your ISP account can be optimized.
Page 17: Local Lan Ip Address Information To Obtain
The Ethernet IP address for your Netopia R9100 The Ethernet IP subnet mask for your Netopia R9100 An IP address for each device on your network, in the same network range as the Netopia R9100. Setting Up Internet Services 2-3...
Page 18 2-4 User’s Reference Guide...
Page 19: Chapter 3 - Making The Physical Connections
For small networks, install the Netopia R9100 near one of the LANs. For large networks, you can install the Netopia R9100 in a wiring closet or a central network administration site. In most cases the router will be near the cable or DSL modem which is near the cable or DSL wall outlet. You could route a line from the wall outlet to a wiring closet if you store the modem and router there.
Page 20: What You Need
A Windows 95, 98, or NT–based PC or a Macintosh computer with Ethernet connectivity for conﬁguring the Netopia R9100. This may be built-in Ethernet or an add-on card, with TCP/IP installed and conﬁgured. See “Hardware and operating system requirements” on page An Internet modem such as a cable modem or DSL bridge connected to the appropriate wall outlet for your Internet service source.
Page 21: Netopia R9100 Ethernet Router Back Panel Ports
8-port Ethernet hub Eight Ethernet jacks. You will use one of these to conﬁgure the Netopia R9100. For a new installation, use the Ethernet connection. Alternatively, you can use the console connection to run console-based management using a direct serial connection.
Page 22: Netopia R9100 Ethernet Router Status Lights
3-4 User’s Reference Guide Netopia R9100 Ethernet Router status lights The ﬁgure below represents the Netopia R9100 status light (LED) panel. Netopia R9100 LED front panel WAN 1 The following table summarizes the meaning of the various LED states and colors: When this happens...
Page 23: Chapter 4 — Connecting To Your Local Area Network
Before connecting the Netopia R9100 to any AppleTalk LANs that contain other AppleTalk routers, you should read “Routers and seeding” on page 11-3. See the later sections in this chapter for details on how to connect the Netopia R9100 to different types of networks. Connecting to Your Local Area Network 4-1 “Console-Based Management”...
Page 24: Network Model
4-2 User’s Reference Guide Network Model The following diagrams illustrate network models for typical deployments of the Netopia R9100 Ethernet Router as an Internet access device. Before With a DSL or cable modem, you can connect a single computer to the Internet.
Page 25 Connecting to Your Local Area Network 4-3 After Using the Netopia R9100 Ethernet Router, you can connect multiple computers to the Internet with a single user account. using a DSL modem with a Netopia R9100 using a cable modem with a Netopia R9100 While this network model is typical, other network models are possible.
Page 26: Readying Computers On Your Local Network
TCP/IP stack: This is the software that lets your PC or Macintosh communicate using Internet protocols. TCP/IP stacks must be conﬁgured with some of the same information you used to conﬁgure the Netopia R9100. There are a number of TCP/IP stacks available for PC computers. Windows 95 includes a built-in TCP/IP stack. See “Conﬁguring TCP/IP on Windows 95, 98, or NT”...
Page 27: Connecting To An Ethernet Network
(cable length) Cable type Netopia R9100 port used Other restrictions 10Base-T You can connect a standard 10Base-T Ethernet network to the Netopia R9100 using any of its available Ethernet ports. Netopia R9100 Ethernet Router back panel Ethernet Normal Crossover switch...
Page 28 If you have more than eight devices to connect, you can attach additional devices using either a 10Base-T hub or an EtherWave daisy chain, or some combination of both. If you add devices connected through a hub, connect the hub to Ethernet port number 1 on the Netopia R9100 and set the Normal/Uplink switch to Uplink.
Page 29: Adding An External Modem
Auxiliary connection port HD-15 (female) By default, the Auxiliary port on your Netopia R9100 is enabled for remote console conﬁguration via an external asynchronous modem. This means that all you have to do is connect your modem to the Auxiliary port and conﬁgure its settings in the Line Conﬁguration screens under the WAN Conﬁguration menu.
Page 30: Connecting To A Localtalk Network
HD-15 (female) Connect the male HD-15 end of the LocalTalk cable to the Auxiliary port on your Netopia R9100. Connect the other end of the cable to your LocalTalk network. You can use only one connection on the Auxiliary port. You cannot use both the PhoneNET connector and an external modem.
Page 31: Wiring Guidelines For Phonenet Cabling
Wiring guidelines for PhoneNET cabling Topology Daisy chain Backbone 4-branch passive star* LocalTalk StarController 12-branch active star * Distance is per branch For detailed conﬁguration instructions see Connecting to Your Local Area Network 4-9 22 gauge 24 gauge .642 mm .510 mm 4500 ft.
Page 32 4-10 User’s Reference Guide...
Page 33: Chapter 5 - Setting Up Your Router With The Smartstart Wizard
Once you’ve connected your router to your computer and your telecommunications line and installed a web browser, you’re ready to run the Netopia SmartStart™ Wizard. The SmartStart Wizard will help you set up the router and share the connection. The SmartStart Wizard walks you through a series of questions and based on your responses automatically conﬁgures the router for connecting your LAN to the Internet or to your remote corporate network.
Page 34: Before Running Smartstart
Required for web-based registration and web-based monitoring. Notes: • The computer running SmartStart must be on the same Ethernet cable segment as the Netopia R9100. Repeaters, such as 10Base-T hubs between your computer and the Netopia R9100, are acceptable, but devices such as switches or other routers are not.
Page 35: Setting Up Your Router With The Smartstart Wizard
The SmartStart Wizard presents a series of screens to guide you through the preliminary conﬁguration of a Netopia R9100. It will then create a connection proﬁle using the information you supply to it. Welcome screen. The ﬁrst screen welcomes you to the SmartStart Wizard conﬁguration utility.
Page 36: Easy Option
Check your cable connections. Be sure you have connected the router and the computer properly, using the correct cables. Refer to the Step 1 “Connect the Router” sheet in your Netopia R9100 documentation folio. Make sure the router is turned on and that there is an Ethernet connection between your computer and the router.
Page 37: Advanced Option
When the test is successful, SmartStart presents you with the Additional Conﬁguration screen. If you have a router that has a permanent unswitched connection to your ISP, such as an Ethernet WAN interface router attached to a cable modem, the Additional Conﬁguration screen appears. You may want to do additional conﬁguration to customize your network environment.
Page 38: Sharing The Connection
It is also found in your documentation folio. Note: Forcing a new IP address may turn off the Netopia R9100’s IP address serving capabilities, if you assign an IP address and subnet mask outside the router’s current IP address serving pool. The Netopia R9100 does not allow an invalid address to be served.
Page 39 Dynamic conﬁguration (recommended) If you conﬁgure your Netopia R9100 using SmartStart, you can accept the dynamic IP address assigned by your router. The Dynamic Host Conﬁguration Protocol (DHCP) server, which enables dynamic addressing, is enabled by default in the router. If your PC is not set for dynamic addressing, SmartStart will offer to do this for you when you launch it.
Page 40 Go to Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Conﬁguration tab. Select TCP/IP-->Your Network Card. Then select Properties. In the TCP/IP Properties screen (shown below), select the IP Address tab. Click “Specify an IP Address.”...
Page 41 Click on the Gateway tab (shown below). Under “New gateway,” enter 192.168.1.1. Click Add. This is the Netopia R9100’s pre-assigned IP address. Click OK in this window, and the next window. When prompted, reboot the computer. Note: You can also use these instructions to conﬁgure other computers on your network with manual or static IP addresses.
Page 42: Conﬁguring Tcp/Ip On Macintosh Computers
Macintosh. Dynamic conﬁguration (recommended) If you conﬁgure your Netopia R9100 using SmartStart, you can accept the dynamic IP address assigned by your router. The Dynamic Host Conﬁguration Protocol (DHCP), which enables dynamic addressing, is enabled by default in the router. To conﬁgure your Macintosh computer for dynamic addressing do the following: Go to the Apple menu.
Page 43 Static conﬁguration (optional) If you are manually conﬁguring for a ﬁxed or static IP address, perform the following: Go to the Apple menu. Select Control Panels and then TCP/IP or MacTCP. With the TCP/IP window open, go to the Edit menu and select User Mode.
Page 44 If you want to use MacIP to dynamically assign IP addresses to the Macintosh computers on your network you must install the optional AppleTalk feature set kit. Note: You cannot use MacIP dynamic conﬁguration to conﬁgure your Netopia R9100 Ethernet Router because you must ﬁrst conﬁgure the router in order to enable AppleTalk.
Page 45 These are the only ﬁelds you need to modify in these screens. Note: More information about conﬁguring your Macintosh computer for TCP/IP connectivity through a Netopia R9100 can be found in Technote NIR_026, “Open Transport and Netopia Routers,” located on the Netopia Web site.
Page 46 5-14 User’s Reference Guide...
Page 47: Chapter 6 - Console-Based Management
Console-based management is a menu-driven interface for the capabilities built in to the Netopia R9100. Console-based management provides access to a wide variety of features that the router supports. You can customize these features for your individual setup. This chapter describes how to access the console-based management screens.
Page 48: Connecting Through A Telnet Session
“Quick View status overview” on page 12-1 Connecting through a Telnet session Features of the Netopia R9100 can be conﬁgured through the console screens. Before you can access the console screens through Telnet, you must have: A network connection locally to the router or IP access to the router.
Page 49: Conﬁguring Telnet Software
ZTerm, included on the Netopia CD, for Macintosh computers. The Netopia R9100 back panel has a connector labeled “Console” for attaching the Router to either a PC or Macintosh computer via the serial port on the computer. (On a Macintosh computer, the serial port is called the Modem port or Printer port.) This connection lets you use the computer to conﬁgure and monitor the Netopia...
Page 50: Navigating Through The Console Screens
The new baud rate is displayed at the bottom of the screen. Navigating through the console screens Use your keyboard to navigate the Netopia R9100’s conﬁguration screens, enter and edit information, and make choices. The following table lists the keys to use to navigate through the console screens.
Page 51: Chapter 7 - Easy Setup
This chapter describes how to use the Easy Setup console screens on your Netopia R9100 Ethernet Router. After completing the Easy Setup console screens, your router will be ready to connect to the Internet or another remote site. This chapter covers the following topics: “Easy Setup console screens”...
Page 52 If you do not see the Main Menu, verify that: The computer used to view the console screen has its serial port connected to the Netopia R9100’s Console port or an Ethernet connection to one of its Ethernet ports. See your router”...
Page 53: Quick Easy Setup Connection Path
Quick Easy Setup connection path This section may be all you need to do to conﬁgure your Netopia R9100 Ethernet Router to connect to the Internet. If your ISP supports DHCP Your Netopia R9100 Ethernet Router comes preconﬁgured with the ability to accept an IP address dynamically assigned by your ISP.
Page 54 Return. When prompted, select CONTINUE, and press Return. The router will restart and your conﬁguration settings will be activated. You can then Exit or Quit your Telnet application. For more Easy Setup options see Netopia R9100 v4.3 Easy Setup... WAN Configuration... System Configuration...
Page 55: More Easy Setup Options
IP address you want to use. Otherwise, accept the default value 0.0.0.0. If you accept the default, the Netopia R9100 Ethernet Router will act as a DHCP client on the Ethernet WAN port and attempt to acquire an address from a DHCP server.
Page 56: Ip Easy Setup
7-6 User’s Reference Guide IP Easy Setup The IP Easy Setup screen is where you enter information about your Netopia Router’s: Ethernet IP address Ethernet Subnet mask Domain Name Domain Name Server IP address Default gateway IP address Whether to serve IP addresses or not Consult with your network administrator to obtain the information you will need.
Page 57: Easy Setup Security Conﬁguration
Note: If the Netopia R9100’s WAN interface is acting as a DHCP client, do not change the default settings for Steps 3, 4, and 5. Select Primary Domain Name Server and enter the IP address your ISP has given you. An alternate or Secondary Domain Name Server ﬁeld will appear, where you can enter a secondary DNS IP address if your...
Page 58 7-8 User’s Reference Guide Select CONTINUE to restart the Netopia Router and have your selections take effect. Note: You can also restart the system at any time by using the Restart System utility (see “Restarting the system” on page 14-12) or by turning the Netopia Router off and on with the power switch. Easy Setup is now complete.
Page 60 User’s Reference Guide...
Page 61: Chapter 8 — Wan And System Conﬁguration
Console-based management is a menu-driven interface for the capabilities built in to the Netopia R9100. Console-based management provides access to a wide variety of features that the router supports. You can customize these features for your individual setup. This chapter describes how to access the console-based management screens.
Page 62 RIP v1 or v2 routers. Alternatively, select Receive RIP and select v1 or v2 from the popup menu. With Receive RIP set to “v1,” the Netopia R9100’s Ethernet port will accept routing information provided by RIP packets from other routers that use the same subnet mask. Set to “v2,” the Netopia R9100 will accept routing information provided by RIP packets from other routers that use different subnet masks.
Page 63: Creating A New Connection Proﬁle
If you want the Netopia R9100 to advertise its routing table to other routers via RIP, select Transmit RIP and select v1, v2 (broadcast), or v2 (multicast) from the popup menu. With Transmit RIP v1 selected, the Netopia R9100 will generate RIP packets only to other RIP v1 routers. With Transmit RIP v2 (broadcast) selected, the Netopia R9100 will generate RIP packets to all other hosts on the network.
Page 64 Return accepts * ESC cancels * Left/Right moves insertion point * Del deletes. Configure a new Conn. Profile. Finished? On a Netopia R9100 Ethernet Router you can add up to 15 more connection proﬁles, for a total of 16, but you can only use one at a time.
Page 65 Toggle or enter any IP Parameters you require and return to the Add Connection Proﬁle screen by pressing Escape. For more information, see If you will be connecting with an IPX remote network, toggle IPX Enabled to Yes, and press Return. Otherwise, accept the default No.
Page 66 8-6 User’s Reference Guide Select Datalink Options and press Return. The Datalink Options screen appears. Data Compression... Receive User Name: Receive Password: Maximum Packet Size: In this Screen you will configure the PPP/MP specific connection params. You can accept the defaults, or change them if you wish. You can also specify user name and password for both outgoing and incoming calls.
Page 67: Default Answer Proﬁle For Dial-In Connections
Default Answer Proﬁle for Dial-in Connections The Netopia R9100 Ethernet Router can answer calls on the Auxiliary port. To answer calls, the Netopia R9100 uses a Default Answer Proﬁle. The Default Answer Proﬁle controls how incoming calls are set up, authenticated, ﬁltered, and more.
Page 68 8-8 User’s Reference Guide If an incoming call is not required to match a connection proﬁle, and fails to do so, it is accepted as a standard IP connection. Accepted, unmatched calls adopt the call parameter values set in the Default Answer Proﬁle. To determine the call parameter values that unmatched calls will adopt, customize the Default Answer Proﬁle parameters in the Default Answer Proﬁle screen.
Page 69: System Conﬁguration Screens
Through the console port, using a local terminal (see page 6-3) You can also retrieve the Netopia R9100’s conﬁguration information and remotely set its parameters using the Simple Network Management Protocol (see Open a Telnet connection to the router’s IP address; for example, “192.168.1.1.”...
Page 70: Navigating Through The System Conﬁguration Screens
Select Network Protocols and press Return. The Network Protocols screen appears. Select IP Setup and press Return. The IP Setup screen appears. To go back in this sequence of screens, use the Escape key. Netopia R9100 v4.3 Easy Setup... WAN Configuration...
Page 71: System Conﬁguration Features
System conﬁguration features The Netopia R9100 Ethernet Router’s default settings may be all you need to conﬁgure your Netopia R9100. Some users, however, require advanced settings or prefer manual control over the default selections. For these users, the Netopia R9100 provides system conﬁguration options.
Page 72: Filter Sets (Firewalls)
8-12 User’s Reference Guide Filter sets (ﬁrewalls) These screens allow you to conﬁgure security on your network by means of ﬁlter sets and a basic ﬁrewall. Details are given in “Security” on page IP address serving These screens allow you to conﬁgure IP address serving on your network by means of DHCP, WANIP, BootP, and with the optional AppleTalk kit, MacIP.
Page 73: Snmp (Simple Network Management Protocol)
Upgrade feature set You can upgrade your Netopia R9100 by adding new feature sets through the Upgrade Feature Set utility. See the release notes that came with your router or feature set upgrade, or visit the Netopia Web site at www.netopia.com for information on new feature sets, how to obtain them, and how to install them on your...
Page 74: Logging
8-14 User’s Reference Guide Logging You can conﬁgure a UNIX-compatible syslog client to report a number of subsets of the events entered in the router’s WAN Event History. See supplied as a .ZIP ﬁle on the Netopia CD. Select Logging from the System Conﬁguration menu. The Logging Conﬁguration screen appears.
Page 75 The following screen shows a sample syslog dump of WAN events: 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com >>Issued Speech Setup Request from our DN: 5108645534 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com >>Issued Speech Setup Request from our DN: 5108645534 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com 5 10:14:06 tsnext.netopia.com...
Page 76 8-16 User’s Reference Guide...
Page 77: Chapter 9 - Ip Setup And Network Address Translation
The Netopia R9100 uses Internet Protocol (IP) to communicate both locally and with remote networks. This chapter shows you how to conﬁgure the Router to route IP trafﬁc. You also learn how to conﬁgure the router to serve IP addresses to hosts on your local network.
Page 78 IP address shown to the remote side of the router. When NAT is enabled, the Netopia R9100 can use either a statically assigned IP address or one dynamically assigned each time the router connects to the ISP. While a dynamically assigned IP address offers the ISP more ﬂexibility, it does have an important limitation: the router requires a static IP address to support Web, FTP, or...
Page 79: Using Network Address Translation
Note: See “Associating port numbers with nodes” on page By default, Network Address Translation is enabled in the Netopia R9100. If you disabled it and now want to reenable it: From the WAN Conﬁguration menu in the Main Menu screen, select WAN (Wide Area Network) Setup.
Page 80 9-4 User’s Reference Guide Or, from the Main Menu, select Easy Setup. The Easy Setup WAN Ethernet Conﬁguration screen appears. Address Translation Enabled: Local WAN IP Address: TO MAIN MENU Set up the basic IP attributes of your Ethernet Module in this screen. Toggle Address Translation Enabled to Yes or No (Yes to enable NAT) and press Return.
Page 81: Associating Port Numbers With Nodes
Telnet uses port number 23 SNMP uses port number 161 To help direct incoming IP trafﬁc to the appropriate server, the Netopia R9100 lets you associate these and other port numbers with distinct IP addresses on your internal LAN using exported services. See page 9-6 for details.
Page 82: Ip Setup
Main Menu The IP Setup options screen is where you conﬁgure the Ethernet side of the Netopia R9100. The information you enter here controls how the router routes IP trafﬁc. Consult your network administrator or Internet service provider to obtain the IP setup information (such as the Ethernet IP address, Ethernet subnet mask, default IP gateway and Primary Domain Name Server IP address) you will need before changing any of the settings in this screen.
Page 83 Routing Information Protocol (RIP) is needed if there are IP routers on other segments of your Ethernet network that the Netopia R9100 needs to recognize. If this is the case select Receive RIP and select v1, v2, or Both from the popup menu. With Receive RIP set to “v1,” the Netopia R9100’s Ethernet port will accept routing information provided by RIP packets from other routers that use the same subnet mask.
Page 84 9-8 User’s Reference Guide Exports, Add Export, and Delete Export. Return/Enter to configure UDP/TCP Port-to-IP Address redirection. Select Add Export. The Add Exported Service screen appears. Service... Local Server's IP Address: ADD EXPORT NOW Exported Services (Local Port to IP Address Remapping) Show/Change Exports...
Page 85 Select any of the services/ports and press Return to associate it with the address of a server on your local area network. For example, if we select www-http 80, press Return, and type 10.0.0.2, the Netopia R9100 redirects any incoming trafﬁc destined for a Web server to address 10.0.0.2.
Page 86: Ip Subnets
9-10 User’s Reference Guide Press Escape when you are ﬁnished conﬁguring exported services. You are returned to the IP Setup screen. Ethernet IP Address: Ethernet Subnet Mask: Define Additional Subnets... Default IP Gateway: Primary Domain Name Server: Secondary Domain Name Server: Domain Name: Receive RIP: Transmit RIP:...
Page 87 All eight row labels are always visible, regardless of the number of subnets conﬁgured. To add an IP subnet, enter the Netopia R9100’s IP address on the subnet in the IP Address ﬁeld in a particular row and the subnet mask for the subnet in the Subnet Mask ﬁeld in that row.
Page 88: Static Routes
Static routes are IP routes that are maintained manually. Each static route acts as a pointer that tells the Netopia R9100 how to reach a particular network. However, static routes are used only if they appear in the IP routing table, which contains all of the routes used by the Netopia R9100 (see Static routes are helpful in situations where a route to a network must be used and other means of ﬁnding the...
Page 89 The Static Routes screen will appear. Configure/View/Delete Static Routes from this and the following Screens. Viewing static routes To display a view-only table of static routes, select Display/Change Static Route. The table shown below will appear. +-Dest. Network---Subnet Mask-----Next Gateway----Priority-Enabled-+ +------------------------------------------------------------------+ | 0.0.0.0 +------------------------------------------------------------------+...
Page 90 Select Destination Network Subnet Mask and enter the subnet mask used by the destination network. Select Next Gateway IP Address and enter the IP address for the router that the Netopia R9100 will use to reach the destination network. This router does not necessarily have to be part of the destination network, but it must at least know where to forward packets destined for that network.
Page 91 Rules of static route installation The Netopia R9100 applies certain rules before installing enabled static routes in the IP routing table. An enabled static route will not be installed in the IP routing table if any of the following conditions are true: The static route’s Next Gateway IP Address matches the IP address used by the Netopia R9100’s...
Page 92: Ip Address Serving
Menu Configuration In addition to being a router, the Netopia R9100 is also an IP address server. There are four protocols it can use to distribute IP addresses. The ﬁrst, called Dynamic Host Conﬁguration Protocol (DHCP), is widely supported on PC networks, as well as Apple Macintosh computers using Open Transport and computers using the UNIX operating system.
Page 93 AppleTalk kit installed) are automatically enabled. Select Number of Client IP Addresses and enter the total number of contiguous IP addresses that the Netopia R9100 will distribute to the client machines on your local area network. 12-user models are limited to twelve IP addresses.
Page 94 9-18 User’s Reference Guide If you have conﬁgured multiple Ethernet IP subnets, the appearance of the IP Address Serving screen is altered slightly: Configure Address Pools... Serve DHCP Clients: DHCP NetBios Options... Serve BOOTP Clients: Serve Dynamic WAN Clients: Serve MacIP/KIP Clients: MacIP/KIP Static Options...
Page 95: Ip Address Pools
The Client Gateway column allows you to specify the default gateway address that will be provided to clients served an address from the corresponding pool. The value defaults to the Netopia R9100’s IP address on the corresponding subnet (or the Netopia R9100’s default gateway, if that gateway is located on the subnet in question).
Page 96 When requesting an address, a client may provide a client identiﬁer, or, if it does not, the Netopia R9100 may construct a pseudo-client identiﬁer for the client. When the client subsequently requests an address, the Netopia R9100 will attempt to serve the address previously associated with the client identiﬁer.
Page 97: Dhcp Netbios Options
DHCP NetBIOS Options If your network uses NetBIOS, you can enable the Netopia R9100 to use DHCP to distribute NetBIOS information. NetBIOS stands for Network Basic Input/Output System. It is a layer of software originally developed by IBM and Sytek to link a network operating system with speciﬁc hardware. NetBIOS has been adopted as an industry standard.
Page 98 9-22 User’s Reference Guide From the NetBios Type pop-up menu, select the type of NetBIOS used on your network. Serve NetBios Type: NetBios Type... Serve NetBios Scope: NetBios Scope: Serve NetBios Name Server: NetBios Name Server IP Addr: To serve DHCP clients with the NetBIOS scope, select Serve NetBios Scope and toggle it to Yes. Select NetBios Scope and enter the scope.
Page 99: Macip (Kip Forwarding) Setup
Reset All Leases Release BootP Leases Reclaim Declined Addresses Hit RETURN/ENTER, you will return to the previous screen. Select Release BootP Leases and press Return. MacIP (KIP forwarding) setup When hosts using AppleTalk (typically those using LocalTalk) are not directly connected to an IP network (usually an Ethernet), they must use a MacIP (AppleTalk–IP) gateway.
Page 100 9-24 User’s Reference Guide The MacIP (KIP) Forwarding Setup screen tells the Netopia R9100 how many static addresses to allocate for MacIP/KIP clients. The addresses must fall within the address pool from the previous screen. Enter the number of static MacIP addresses to reserve.
Page 101: Chapter 10 - Ipx Setup
Internetwork Packet Exchange (IPX) is the network protocol used by Novell NetWare networks. This chapter shows you how to conﬁgure the Netopia R9100 for routing data using IPX. You also learn how to conﬁgure the router to serve IPX network addresses.
Page 102: Ipx Address
10-2 User’s Reference Guide IPX address An IPX address consists of a network number, a node number, and a socket number. An IPX network number is composed of eight hexadecimal digits. The network number must be the same for all nodes on a particular physical network segment.
Page 103: Netbios
IPX spooﬁng The Netopia R9100 has several IPX features designed to restrict the trafﬁc on the dial-up link when the unit is not sending or receiving IPX data. When the link is idle and a user is logged into a Novell server, the server will send “keep-alive”...
Page 104 IPX network to only those required by remote users connecting to the Netopia R9100. An Ethernet SAP ﬁlter must be used with networks that have so many servers advertised that the Netopia R9100 would otherwise exhaust its internal memory storing server entries.
Page 105: Ipx Routing Tables
Select Default Gateway Address and enter the network address of the IPX network to which all packets of unknown destination address should be routed. Note: The default gateway address is usually set up to match the IPX Address in your network connection proﬁle.
Page 106 10-6 User’s Reference Guide...
Page 107: Chapter 11 - Appletalk Setup
This chapter discusses the concept of AppleTalk routing and how to conﬁgure AppleTalk setup for a Netopia R9100 with the AppleTalk kit installed. AppleTalk support is available as a separate kit for the Netopia R9100 Ethernet Router. Skip this chapter if you do not have the AppleTalk kit.
Page 108 AppleTalk tells them apart according to an additional part of their addresses: the network number. The Netopia R9100 assigns a unique network number to each member network. In terms of the city street metaphor, the network number is similar to the name of the street. Putting a network number together with a node number fully speciﬁes the address of a node on an internet.
Page 109: Macip
When two networks using AppleTalk communicate with each other through a network based on the Internet Protocol, they are said to be “tunneling” through the IP network. The Netopia R9100 uses AURP to allow your AppleTalk network to tunnel to designated AppleTalk partner networks, as well as to accept connections from remote AppleTalk networks tunneling to your AppleTalk LAN.
Page 110: Installing Appletalk
These scenarios may guide you in deciding how to set the router’s seeding: If the Netopia R9100 is the only router on your network, you must set it to either hard seeding or soft seeding. The default is soft seeding.
Page 111 Main Menu The Netopia Feature Set Upgrade screen appears. You may be able to extend the features of your Netopia by purchasing a 'Software Upgrade'. notes that came with your Netopia or visit the Netopia Communications web site at www.netopia.com. To purchase an upgrade, you must provide your Serial Number, which is: xx-xx-xx You will receive an Upgrade Key, which you should enter below.
Page 112: Conﬁguring Appletalk
Otherwise, your EtherTalk network may experience routing conﬂicts. The Netopia R9100 supports creating up to 32 zone names. As an alternative, you can set EtherTalk seeding to soft seeding and let the Netopia R9100 receive the zone name and network number from the other router.
Page 113: Localtalk Setup
Note: Your LocalTalk network may already have a zone and network number in place. For the Netopia R9100’s LocalTalk port to be part of your LocalTalk network, it must have a network number and zone name that matches the values in use on the LocalTalk network.
Page 114: Aurp Setup
11-8 User’s Reference Guide As an alternative, you can set LocalTalk seeding to soft seeding and let the Netopia R9100 receive the zone name and network number from the other router. Select LocalTalk Net Number and enter the desired network number.
Page 115 Example: Site A has an AURP tunnel to site B. Both sides have multiple zones deﬁned on the EtherTalk port and a unique zone on their LocalTalk ports. If side A has indicated that one of its EtherTalk zones is the Free Trade Zone and has opted to use the Free Trade Zone option for its tunnel to B, then only this Free Trade Zone will show up on side B and only those machines or services in the Free Trade Zone will be accessible to side B.
Page 116 11-10 User’s Reference Guide Partner IP Address or Domain Name: 176.163.8.134 Initiate Connection: Restrict to Free Trade Zone: The Change AURP Partner screen has all the values you entered when you added that partner. All of these values may be modiﬁed in this screen. Deleting an AURP partner To delete an AURP partner, in the AURP Setup screen select Delete Partner and press Return.
Page 117 AURP partners when to send out an AURP tickle packet. If this value is set to 0, the Netopia R9100 will never send out a tickle packet. Tickle packets verify that the remote router is working. The minimum tickle interval is 90 seconds. The maximum tickle interval setting is 99:59:59 (100 hours), which is the recommendation for small networks.
Page 118 11-12 User’s Reference Guide When network number remapping is enabled, you must choose a safe range of network numbers as a destination for the remapping. A safe range of network numbers does not intersect your local AppleTalk network’s range of network numbers. To choose a destination range for the remapping, select From under Remap into Range and enter a starting value.
Page 119: Quick View Status Overview
“SmartView” on page 12-16 Quick View status overview You can get a useful, overall status report from the Netopia R9100 in the Quick View screen. To go to the Quick View screen, select Quick View in the Main Menu. The Quick View screen has three status sections:...
Page 120: General Status
Setup screen (only if the optional AppleTalk feature set is installed). Status lights This section shows the current real-time status of the Netopia R9100’s status lights (LEDs). It is useful for remotely monitoring the router’s status. The Quick View screen’s arrangement of LEDs corresponds to the physical arrangement of LEDs on the router.
Page 121: Statistics & Logs
• General Statistics Menu When you are troubleshooting your Netopia R9100, the Statistics & Logs screens provide insight into the recent event activities of the router. From the Main Menu go to Statistics & Logs and select one of the options described in the sections below.
Page 122: General Statistics
Network----------Rx Bytes---Tx Bytes---Rx Pkts---Tx Pkts----Rx Err----Tx Err AppleTalk The General Statistics screen displays information about data trafﬁc on the Netopia R9100’s data ports. This information is useful for monitoring and troubleshooting your LAN. Note that the counters roll over at their maximum ﬁeld width, that is, they restart again at 0.
Page 123: Event Histories
You can view two different event histories: one for the router’s system and one for the WAN. The Netopia R9100’s built-in battery backup prevents loss of event history from a shutdown or reset.
Page 124 12-6 User’s Reference Guide WAN Event History The WAN Event History screen lists a total of 128 events on the WAN. The most recent events appear at the top. -Date-----Time-----Event------------------------------------------------------ ----------------------------------SCROLL UP----------------------------------- 08/11/98 12:15:54 --Device restarted----------------------------------------- 08/11/98 12:11:12 --Device restarted----------------------------------------- 08/11/98 10:36:38 08/11/98 10:36:38 --Device restarted----------------------------------------- ---------------------------------SCROLL DOWN----------------------------------...
Page 125: Routing Tables
To clear the Device Event History, select Clear History and press Return. Routing tables You can view all of the IP, IPX, and AppleTalk routes in the Netopia R9100’s IP, IPX, and AppleTalk routing tables, respectively. To go to a routing table screen, select the routing table you are interested in from the Statistics & Logs screen.
Page 126 12-8 User’s Reference Guide IP routing table In the Statistics & Logs screen, select IP Routing Table and press Return. The IP routing table displays all of the IP routes currently known to the Netopia R9100. Network Address-Subnet Mask-----via Router------Port------------------Type---- ----------------------------------SCROLL UP----------------------------------- 0.0.0.0...
Page 127 IPX Sap Bindery table In the Statistics & Logs screen, select IPX Sap Bindery Table and press Return. The IPX Sap Bindery table displays all of the IPX Sap Bindery routes currently known to the Netopia R9100. AppleTalk routing table In the Statistics &...
Page 128: Served Ip Addresses
Pkts Fwded: The number of packets sent to the router shown. Served IP Addresses You can view all of the IP addresses currently being served by the Netopia R9100 Ethernet Router from the Served IP Addresses screen. From the Statistics & Logs menu, select Served IP Addresses. The Served IP Addresses screen appears.
Page 129 The IP Address Lease Management screen appears. Reset All Leases Release BootP Leases Reclaim Declined Addresses Hit RETURN/ENTER, you will return to the previous screen. This screen has three options: Reset All Leases: Resets all current IP addresses leased through DHCP without waiting for the default one–hour lease period to elapse Release BootP Leases: Releases any BootP leases that may be in place, and which may no longer be required.
Page 130: System Information
AppleTalk MIB I (RFC 1243) Netopia MIB These MIBs are on the Netopia R9100 CD included with the Netopia R9100. Load these MIBs into your SNMP management software in the order they are listed here. Follow the instructions included with your SNMP manager on how to load MIBs.
Page 131: The Snmp Setup Screen
Select System Contact and enter the name of the person responsible for maintaining the router. System Name, System Location, and System Contact set the values returned by the Netopia R9100 SNMP agent for the SysName, SysLocation, and SysContact objects, respectively, in the MIB II system group. Although optional, the information you enter in these items can help a system administrator manage the network more efﬁciently.
Page 132: Snmp Traps
SNMP traps An SNMP trap is an informational message sent from an SNMP agent (in this case, the Netopia R9100) to a manager. When a manager receives a trap, it may log the trap as well as generate an alert message of its own.
Page 133 Return/Enter to modify an existing Trap Receiver. Navigate from here to view, add, modify and delete IP Trap Receivers. Setting the IP trap receivers Select Add IP Trap Receiver. Select Receiver IP Address or Domain Name. Enter the IP address or domain name of the SNMP manager you want to receive the trap.
Page 134: Smartview
12-16 User’s Reference Guide SmartView This section discusses SmartView, the Netopia R9100’s device and network web-based monitoring tool. This tool can provide statistical information, report on current network status, record events, and help in diagnosing and locating problems. SmartView overview SmartView is a Java-based applet that runs in a Web browser window.
Page 135: General Machine Information Page
You can view two different event histories: one for the router’s system and one for the WAN. The Netopia R9100’s built-in battery backup prevents loss of event history from a shutdown or reset.
Page 136 12-18 User’s Reference Guide The router’s event histories are structured to display the most recent events ﬁrst, and to make it easy to distinguish error messages from informational messages. Error messages are preﬁxed with an asterisk. Both the WAN Event History and Device Event History pages retain records of up to 128 of the most recent events. Device Event History page WAN Event History page You can refresh the Event history logs by clicking the Update button.
Page 137: Standard Html Web-Based Monitoring Pages
Standard HTML web-based monitoring pages You can also view connection proﬁle information and event histories in the Web-based monitoring pages. These pages are provided for users without Java-enabled browsers. Unlike the SmartView pages, they are not dynamically updated. You access the Web-based monitoring pages by launching your Web browser and entering the URL: http://router_IP_address where router_IP_address is the address of your router.
Page 138 12-20 User’s Reference Guide...
Page 139: Chapter 13 — Security
User accounts When you ﬁrst set up and conﬁgure the Netopia R9100, no passwords are required to access the conﬁguration screens. Anyone could tamper with the router’s conﬁguration by simply connecting it to a console. However, by adding user accounts, you can protect the most sensitive screens from unauthorized access. User accounts are composed of name/password combinations that can be given to authorized users.
Page 140 13-2 User’s Reference Guide Caution! You are strongly encouraged to add protection to the conﬁguration screens. Unprotected screens could allow an unauthorized user to compromise the operation of your entire network. Once user accounts are created, users who attempt to access protected screens will be challenged. Users who enter an incorrect name or password are returned to a screen requesting a name/password combination to access the Main Menu.
Page 141: Dial-In Console Access
To add a new user account, select Add User in the Security Options screen and press Return. The Add Name With Write Access screen appears. Enter Name: Enter Password (11 characters max): ADD NAME/PASSWORD NOW Follow these steps to conﬁgure the new account: Select Enter Name and enter a descriptive name (for example, the user’s ﬁrst name).
Page 142: Enable Smartstart/Smartview/Web Server
SmartStart. To prevent access to these features toggle this option to No. Telnet access Telnet is a TCP/IP service that allows remote terminals to access hosts on an IP network. The Netopia R9100 supports Telnet access to its conﬁguration screens. Caution! You should consider password-protecting or restricting Telnet access to the Netopia R9100 if you suspect there is a chance of tampering.
Page 143: How Filter Sets Work
Security 13-5 How ﬁlter sets work A ﬁlter set acts like a team of customs inspectors. Each ﬁlter is an inspector through which incoming and outgoing packages must pass. The inspectors work as a team, but each inspects every package individually. Each inspector has a speciﬁc task.
Page 144 13-6 User’s Reference Guide If the package does not match the ﬁrst inspector’s criteria, it goes to the second inspector, and so on. You can see that the order of the inspectors in the line is very important. For example, let’s say the ﬁrst inspector’s orders are to send along all packages that come from Rome, and the second inspector’s orders are to reject all packages that come from France.
Page 145: How Individual Filters Work
This rule applies to Telnet packets that come from a host with the IP address 199.211.211.17. If a match occurs, the packet is blocked. Here is what this rule looks like when implemented as a ﬁlter on the Netopia R9100: +-#--Source IP Addr--Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +--------------------------------------------------------------------+ 199.211.211.17...
Page 146 13-8 User’s Reference Guide By matching on a port number, a ﬁlter can be applied to selected TCP or UDP services, such as Telnet, FTP, and World Wide Web. The tables below show a few common services and their associated port numbers. Internet service Telnet SMTP (mail)
Page 147 Other ﬁlter attributes There are three other attributes to each ﬁlter: The ﬁlter’s order (i.e., priority) in the ﬁlter set Whether the ﬁlter is currently active Whether the ﬁlter is set to pass (forward) packets or to block (discard) packets Putting the parts together When you display a ﬁlter set, its ﬁlters are displayed as rows in a table: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+...
Page 148 13-10 User’s Reference Guide Src. Port: The source port to match. This is the port on the sending host that originated the packet. D. Port: The destination port to match. This is the port on the receiving host for which the packet is intended. On?: Displays Yes when the ﬁlter is in effect or No when it is not.
Page 149: Design Guidelines
Filtering example #2 Suppose a ﬁlter is conﬁgured to block all incoming IP packets with the source IP address of 200.233.14.0, regardless of the type of connection or its destination. The ﬁlter would look like this: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ 200.233.14.0 +----------------------------------------------------------------------+...
Page 150: Working With Ip Filters And Filter Sets
13-12 User’s Reference Guide option in the answer proﬁle, PAP or CHAP in connection proﬁles, callback, and general awareness of how your network may be vulnerable. An approach to using ﬁlters The ultimate goal of network security is to prevent unauthorized access to the network without compromising authorized access.
Page 151: Adding A Filter Set
Add a new ﬁlter set. Create the ﬁlters for the new ﬁlter set. View, change, or delete individual ﬁlters and ﬁlter sets. The sections below explain how to execute these steps. Adding a ﬁlter set You can create up to eight different custom ﬁlter sets. Each ﬁlter set can contain up to 16 output ﬁlters and up to 16 input ﬁlters.
Page 152 The Netopia R-Series Router Packets in the Netopia R9100 pass through an input ﬁlter if they originate in the WAN and through an output ﬁlter if they’re being sent out to the WAN. The process for adding input and output ﬁlters is exactly the same. The main difference between the two involves their reference to source and destination.
Page 153 Enter the IP specific information for this filter. To make the ﬁlter active in the ﬁlter set, select Enabled and toggle it to Yes. If Enabled is toggled to No, the ﬁlter can still exist in the ﬁlter set, but it will have no effect. If you want the ﬁlter to forward packets that match its criteria to the destination IP address, select Forward and toggle it to Yes.
Page 154: Viewing Filter Sets
13-16 User’s Reference Guide 10. When you are ﬁnished conﬁguring the ﬁlter, select ADD THIS FILTER NOW to save the ﬁlter in the ﬁlter set. Select CANCEL to discard the ﬁlter and return to the Add IP Filter Set screen. Viewing ﬁlters To display a view-only table of input (output) ﬁlters, select Display/Change Input Filter or Display/Change Output Filter in the Add IP Filter Set screen.
Page 155: Modifying Filter Sets
ﬁlter set. A sample IP ﬁlter set This section contains the settings for a ﬁlter set called Basic Firewall, which is part of the Netopia R9100’s factory conﬁguration. Basic Firewall blocks undesirable trafﬁc originating from the WAN (in most cases, the Internet), but passes all trafﬁc originating from the LAN.
Page 156 13-18 User’s Reference Guide The ﬁve input ﬁlters and one output ﬁlter that make up Basic Firewall are shown in the table below. Input ﬁlter Setting Enabled Forward Source IP 0.0.0.0 address Source IP 0.0.0.0 address mask Dest. IP 0.0.0.0 address Dest.
Page 157 Basic Firewall is suitable for a LAN containing only client hosts that want to access servers on the WAN, but not for a LAN containing servers providing services to clients on the WAN. Basic Firewall’s general strategy is to explicitly pass WAN-originated TCP and UDP trafﬁc to ports greater than 1023. Ports lower than 1024 are the service origination ports for various Internet services such as FTP, Telnet, and the World Wide Web (WWW).
Page 158 AURP tunnel. To allow an AURP tunnel between a remote AURP router with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243) and a local AURP router (including the Netopia R9100 itself), insert the following input ﬁlter ahead of the current input ﬁlter 1: Enabled: Yes Forward: Yes Source IP Address: a.b.c.d...
Page 159: Ipx Filters
IPX ﬁlters Main Menu IPX packet ﬁlters work very similarly to IP packet ﬁlters. They ﬁlter data trafﬁc coming from or going to remote IPX networks. IPX ﬁlters can be set up to pass or discard IPX packets based on a number of user-deﬁned criteria.
Page 160: Ipx Packet Filters
13-22 User’s Reference Guide The items in the IPX Filters and Filter Sets screen are grouped into four areas: IPX packet ﬁlters IPX packet ﬁlter sets IPX SAP ﬁlters IPX SAP ﬁlter sets The following sections explain the items in each of these areas. IPX packet ﬁlters For each IPX packet ﬁlter, you can conﬁgure a set of parameters to match on the source or destination attributes of IPX data packets coming from or going to the WAN.
Page 161: Ipx Packet Filter Sets
Select Filter Name and enter a descriptive name for the ﬁlter. To specify a source network for the ﬁlter to match on, select Source Network and enter an IPX network address. To specify a source node for the ﬁlter to match on, select Source Node Address and enter an IPX node address.
Page 162 13-24 User’s Reference Guide Add Packet Filter Set Filter Set Name: Show Filters/Change Action on Match... Append Filter... Remove Filter... ADD FILTER SET NOW Configure an IPX Filter Set here. You must ADD FILTER SET NOW to save. Follow these steps to conﬁgure the new packet ﬁlter set: Select Filter Set Name and enter a descriptive name for the ﬁlter set.
Page 163: Ipx Sap Filters
To add a ﬁlter to the ﬁlter set, select Append Filter to display a table of ﬁlters. Select a ﬁlter from the table and press Return to add it to the ﬁlter set. The default action of newly added ﬁlters is to not forward packets that match their criteria.
Page 164 13-26 User’s Reference Guide Adding a SAP ﬁlter To add a new IPX SAP ﬁlter, select Add IPX SAP Filter in the IPX Filters and Filter Sets screen and press Return. The Add SAP Filter screen appears. Filter Name: Server Name: Socket: Type: IPX Network:...
Page 165: Ipx Sap Filter Sets
IPX SAP ﬁlter sets Before IPX SAP ﬁlters can be used, they must be grouped into sets. A SAP ﬁlter can be part of more than one ﬁlter set. Viewing and modifying SAP ﬁlter sets To display a table of IPX SAP ﬁlter sets, select Display/Change IPX SAP Filter Sets in the IPX Filters and Filter Sets screen to display a list of ﬁlter sets.
Page 166 13-28 User’s Reference Guide Set whether filters forward or drop matching packets here. Select a ﬁlter and toggle the entry forwarding action to Yes (pass) or No (discard). To add a ﬁlter to the ﬁlter set, select Append Filter in the Add SAP Filter Set screen to display a table of ﬁlters.
Page 167: Firewall Tutorial
Firewall tutorial General ﬁrewall terms Filter rule: A ﬁlter set is comprised of individual ﬁlter rules. Filter set: A grouping of individual ﬁlter rules. Firewall: A component or set of components that restrict access between a protected network and the Internet, or between two networks.
Page 168: Firewall Design Rules
13-30 User’s Reference Guide Example TCP/UDP Ports TCP Port 20/21 Firewall design rules There are two basic rules to ﬁrewall design: “What is not explicitly allowed is denied.” “What is not explicitly denied is allowed.” The ﬁrst rule is far more secure, and is the best approach to ﬁrewall design. It is far easier (and more secure) to allow in or out only certain services and deny anything else.
Page 169 and a packet goes through these rules destined for FTP, the packet would pass through the ﬁrst ﬁlter rule (WWW), match the second rule (FTP), and the packet is allowed through. Even though the next rule is to deny all FTP trafﬁc, the FTP packet will never make it to this rule.
Page 170: Filter Basics
In the source or destination IP address ﬁelds, the IP address that is entered must be the network address of the subnet. A host address can be entered, but the applied subnet mask must be 32 bits (255.255.255.255). The Netopia R9100 has the ability to compare source and destination TCP or UDP ports. These options are as follows:...
Page 171: Example Filters
Less Than or Equal Equal Greater Than or Equal Greater Than Example network Example ﬁlters Example 1 Filter Rule: Incoming packet has the source address of 200.1.1.28 IP Address 200.1.1.28 255.255.255.128 Any port less than or equal to the port deﬁned Matches only the port deﬁned Matches the port or any port greater Matches anything greater than the port deﬁned...
Page 172 This incoming IP packet (10000000) has a source IP address that does not match the network address in the Source IP Address ﬁeld (00000000) in the Netopia R9100. This rule will forward this packet because the packet does not match.
Page 173 Since the Source IP Network Address in the Netopia R9100 is 01100000, and the source IP address after the logical AND is 1011000, this rule does not match and this packet will be passed. Example 4 Filter Rule: Incoming packet has the source address of 200.1.1.104.
Page 174 13-36 User’s Reference Guide Since the Source IP Network Address in the Netopia R9100 is 01100000, and the source IP address after the logical AND is 01100000, this rule does match and this packet will NOT be passed. This rule masks off a...
Page 175: Chapter 14 — Utilities And Diagnostics
A number of utilities and tests are available for system diagnostic and control purposes. This section covers the following topics: “Ping” on page 14-2 “Trace Route” on page 14-4 “Telnet client” on page 14-5 “Disconnect Telnet console session” on page 14-6 “Factory defaults”...
Page 176: Ping
(Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender. Ping allows you to see whether a particular IP destination is reachable from the Netopia R9100. You can also ascertain the quality and reliability of the connection to the desired destination by studying the Ping test’s statistics.
Page 177 Ping packets. Note that the second return Ping packet is considered to be late because it is not received by the Netopia R9100 before the third Ping packet is sent. The ﬁrst and third return Ping packets are on time.
Page 178: Trace Route
The time-to-live (TTL) value for each Ping packet sent by the Netopia R9100 is 255, the maximum allowed. The TTL value deﬁnes the number of IP routers that the packet can traverse. Ping packets that reach their TTL value are dropped, and a “destination unreachable”...
Page 179: Telnet Client
Select Use Reverse DNS to learn the names of the routers between the Netopia Router and the destination router. The default is Yes. Select START TRACE ROUTE and press Return. A scrolling screen will appear that lists the destination, number of hops, IP addresses of each hop, and DNS names, if selected. Cancel the trace by pressing Escape.
Page 180: Disconnect Telnet Console Session
Trivial File Transfer Protocol (TFTP) is a method of transferring data over an IP network. TFTP is a client-server application, with the router as the client. To use the Netopia R9100 as a TFTP client, a TFTP server must be available.
Page 181: Updating Firmware
SEND CONFIG TO SERVER... TFTP Transfer State -- Idle TFTP Current Transfer Bytes -- 0 The sections below describe how to update the Netopia R9100’s ﬁrmware and how to download and upload conﬁguration ﬁles. Updating ﬁrmware Firmware updates may be available periodically from Netopia or from a site maintained by your organization’s network administrator.
Page 182: Downloading Conﬁguration Files
Some models do not support all ﬁrmware versions. Loading an incorrect ﬁrmware version can permanently damage the unit. Do not manually power down or reset the Netopia R9100 while it is automatically resetting or it could be damaged. If you choose to download the ﬁrmware, the TFTP Transfer State item will change from Idle to Reading Firmware.
Page 183: Uploading Conﬁguration Files
Using TFTP, you can send a ﬁle containing a snapshot of the router’s current conﬁguration to a TFTP server. The ﬁle can then be downloaded by a different Netopia R9100 unit to conﬁgure its parameters (see conﬁguration ﬁles” on page 14-8).
Page 184: Updating Firmware
The procedure below applies whether you are using the console or the WAN interface module. Follow these steps to update the Netopia R9100’s ﬁrmware: Make sure you have the ﬁrmware ﬁle on disk and know the path to its location.
Page 185: Downloading Conﬁguration Files
The system will reset at the end of a successful ﬁle transfer to put the new ﬁrmware into effect. While the system resets, the LEDs will blink on and off. Caution! Do not manually power down or reset the Netopia R9100 while it is automatically resetting or it could be damaged. Downloading conﬁguration ﬁles The Netopia R9100 can be conﬁgured by downloading a conﬁguration ﬁle.
Page 186: Restarting The System
You can restart the system by selecting the Restart System item in the Utilities & Diagnostics screen. You must restart the system whenever you reconﬁgure the Netopia R9100 and want the new parameter values to take effect. Under certain circumstances, restarting the system may also clear up system or network malfunctions.
Page 188 User’s Reference Guide...
Page 189: Appendix A - Troubleshooting
Netopia R9100. It also includes information on how to contact Netopia Technical Support. Important information on these problems can be found in the event histories kept by the Netopia R9100. These event histories can be accessed in the Statistics & Logs screen.
Page 190: Console Connection Problems
Note: If you are attempting to modify the IP address or subnet mask from a previous, successful conﬁguration attempt, you will need to clear the IP address or reset your Netopia R9100 to the factory default before reinitiating the conﬁguration process. For further information on resetting your Netopia R9100 to factory default, see “Factory defaults”...
Page 191: How To Reset The Router To Factory Defaults
Power outages If you suspect that power was restored after a power outage and the Netopia R9100 is connected to a remote site, you may need to switch the Netopia R9100 off and then back on again. After temporary power outages, a connection that still seems to be up may actually be disconnected.
Page 192: Technical Support
If you contact us by telephone, please be ready to supply Netopia Technical Support with the information you used to conﬁgure the Netopia R9100. Also, please be at the site of the problem and prepared to reproduce it and to try some troubleshooting steps.
Page 193 Netopia Bulletin Board Service: 1 510-865-1321 Online product information Product information can be found in the following: Netopia World Wide Web server via http://www.netopia.com Internet via anonymous FTP to ftp.netopia.com/pub FAX-Back This service provides technical notes that answer the most commonly asked questions, and offers solutions for many common problems encountered with Netopia products.
Page 194 A-6 User’s Reference Guide...
Page 195: What I Ip?"
This appendix is a brief general introduction to IP addressing. A basic understanding of IP will help you in conﬁguring the Netopia R9100 and using some of its powerful features, such as static routes and packet ﬁltering. In packets, a header is part of the envelope information that surrounds the actual data being transmitted. In e-mail, a header is usually the address and routing information found at the top of messages.
Page 196: Subnets And Subnet Masks
B-2 User’s Reference Guide IP addresses indicate both the identity of the network and the identity of the individual host on the network. The number of bits used for the network number and the number of bits used for the host number can vary, as long as certain rules are followed.
Page 197: Example: Using Subnets On A Class C Ip Internet
IP address. Subnet mask information is conﬁgured as part of the process of setting up IP routers and gateways such as the Netopia R9100. Note: If you receive a routed account from an ISP, there must be a mask associated with your network IP address.
Page 198 Below is a diagram of a simple network conﬁguration. The ISP is providing a Class C address to the customer site, and both networks A and B want to gain Internet access through this address. Netopia R9100 B connects to Netopia R9100 A and is provided Internet access through Routers A and B.
Page 199: Example: Working With A Class C Subnet
ISP's equipment. The most important item in this conﬁguration is the static route deﬁned on Router B. This tells Router B what path to take to get to the network deﬁned by Netopia R9100 B. Without this information, Customer Site B will be able to access Customer Site A, but not the Internet.
Page 200: Technical Note On Subnet Masking
These two methods are not mutually exclusive; you can manually issue some of the addresses while the rest are distributed by the Netopia R9100. Using the router in this way allows it to function as an address server. One reason to use the Netopia R9100 as an address server is that it takes less time than manually distributing the addresses.
Page 201: Conﬁguration
DHCP address lease for one hour. The number of devices a Netopia R9100 can serve DHCP to is 512. This is imposed by global limits on the size of the address serving database, which is shared by all address serving functions active in the router.
Page 202: Manually Distributing Ip Addresses
Once the Mac workstation requests and receives a valid address, the Netopia R9100 actively checks for the workstation’s existence once every minute. For a dynamic address, the Netopia R9100 releases the address back to the address pool after it has lost contact with the Mac workstation for over 2 minutes.
Page 203: Tips And Rules For Distributing Ip Addresses
In any situation where a device is dialing into a Netopia router, the router may need to be conﬁgured to serve IP via the WAN interface. This is only a requirement if the calling device has not been conﬁgured locally to know what its address(es) are.
Page 204 (199.1.1.49, 199.1.1.50, and 199.1.1.51). Distributed to the (Ethernet IP address) Pool of addresses distributed Netopia R9100 Manually distributed (static) by MacIP and DHCP...
Page 205: Nested Ip Subnets
The ﬁgure at left shows a possible network conﬁguration following this scheme. The main network is set up with the Class C address a.b.c.0, and contains Router A (which could be a Netopia R9100), a Netopia R9100, and a number of other hosts. Router A maintains a link to the Internet, and can be used as the default gateway.
Page 206 For Router C The Netopia R9100’s connection proﬁles for Routers B and C create entries in its IP routing table. One entry points to the subnet a.b.c.128, while a second entry points to the subnet a.b.c.248. The IP routing table might...
Page 207: Broadcasts
These two protocols specify two different ways to organize the very ﬁrst signals in the sequence of electrical signals that make up an IP packet travelling over Ethernet. By default, the Netopia R9100 uses Ethernet packet headers for IP trafﬁc. If your network requires 802.3 IP framing, you must conﬁgure this through SNMP.
Page 208 B-14 User’s Reference Guide...
Page 209: Appendix C - Understanding Netopia Nat Behavior
R9100 uses a one-to-many IP address mapping scheme; that is against a single IP address the Netopia R9100 acquires on its WAN interface, the Netopia R9100 can proxy 14, 30, or an unlimited number of IP hosts on the LAN interface.
Page 210 R9100 is 192.168.5.1 and the address of the router at the ISP is 200.1.1.1. Assuming that the addresses negotiated by the routers are valid and unique for the Internet, the Netopia R9100 and the hosts on its LAN would be able to access the Internet.
Page 211 If the send and response IP packets were drawn out, this process would look like the following: As you can see, the IP packet from Workstation A is sent to the Netopia R9100 and the source IP address is substituted with 200.1.1.40 and the source port is substituted with 5001, then the IP packet checksum is recalculated.
Page 212 TCP or UDP source ports need to be changed as well. These are changed and maintained in an internal table so the Netopia R9100 can determine which host on the local LAN interface sent the IP packet and what host the response from the WAN interface is going to go to on the LAN interface.
Page 213: Exported Services
5001 and the source port for Workstation B has been changed to 5002. If you were to look at the internal port mapping table that is maintained by the Netopia R9100, it would look similar to the following: Source LAN IP 192.168.5.2...
Page 214: Important Notes
Device Event History. When using NAT it is most likely that the Netopia R9100 will be receiving an IP address from a “pool” of dynamic IP addresses at the ISP. This means that the Netopia R9100's IP presence on the Internet will change with each connection.
Page 215: Conﬁguration
Toggling Address Translation Enabled to Yes enables the Netopia R9100 to send out an all-zeros IPCP address that requests an IP to be assigned to the Netopia R9100’s WAN interface. Note that the remote IP address is 127.0.0.2, which should also be the default gateway under IP Setup in System Conﬁguration. This is done for proﬁle matching purposes and because the IP address of the router the Netopia R9100 is dialing is not always...
Page 216: Summary
Summary NAT is a powerful feature of the Netopia R9100 and when used and set up properly can yield a secure network while only using one IP address on the WAN interface. Note that the addresses listed in this appendix are for demonstration purposes only.
Page 217: Appendix D - Binary Conversion Table
This table is provided to help you choose subnet numbers and host numbers for IP and MacIP networks that use subnetting for IP addresses. Decimal Binary 1000 1001 1010 1011 1100 1101 1110 1111 10000 10001 10010 10011 10100 10101 10110 10111 11000...
Page 218 D-2 User’s Reference Guide Decimal Binary 10000000 10000001 10000010 10000011 10000100 10000101 10000110 10000111 10001000 10001001 10001010 10001011 10001100 10001101 10001110 10001111 10010000 10010001 10010010 10010011 10010100 10010101 10010110 10010111 10011000 10011001 10011010 10011011 10011100 10011101 10011110 10011111 Decimal Binary Decimal 10100000 10100001...
Page 219: Appendix E - Further Reading
Further Reading E-1 Alexander, S. & R. Droms, DHCP Options and BOOTP Vendor Extensions, RFC 2131, Silicon Graphics, Inc., Bucknell University, March 1997. Angell, David. ISDN for Dummies Foster City, CA: IDG Books Worldwide, 1995. Thorough introduction to ISDN for beginners. Apple Computer, Inc.
Page 220 E-2 User’s Reference Guide Garcia-Luna-Aceves, J.J. "Loop-Free Routing Using Diffusing Computations." Publication pending in IEEE/ACM Transactions on Networking, Vol. 1, No. 1, 1993. Garﬁnkel, Simson. PGP: Pretty Good Privacy Sebastopol, CA: O’Reilly & Associates, 1991. A guide to the free data encryption program PGP and the issues surrounding encryption.
Page 221 Further Reading E-3 Sidhu, G.S., R.F. Andrews, and A.B. Oppenheimer. Inside AppleTalk, 2nd ed. Reading, MA: Addison-Wesley Publishing Company, 1990. Siyan, Karanjit. Internet Firewall and Network Security Indianapolis, IN: New Riders Publishing, 1995. Similar to the Chapman and Zwicky book. Smith, Philip.
Page 222 E-4 User’s Reference Guide...
Page 223: Appendix F - Technical Speciﬁcations And Safety Information
Pinouts for Auxiliary port modem cable HD-15 Pin 1 Ground Pin 2 Pin 3 Pin 4 Pin 5 Pin 6 (not used) Pin 7 Pin 8 Technical Speciﬁcations and Safety Information F-1 DB-25 Pin 1 (not used) Pin 2 Pin 3 Pin 4 Pin 5 Pin 6...
Page 224: Description
Dimensions: 124.0 cm (w) x 20.0 cm (d) x 5.3 cm (h) 9.4” (w) x 7.9” (d) x 2.1” (h) Communications interfaces: The Netopia R9100 Ethernet Router has an RJ-45 jack for Ethernet line connections; an 8–port 10Base-T Ethernet hub for your LAN connection; a DB-9 Console port; and an HD-15 Auxiliary port that can be used as either a serial or LocalTalk port.
Page 225: Software And Protocols
Diagnostics: Ping, event logging, routing table displays, traceroute, statistics counters, web-based management Agency approvals The Netopia R9100 Ethernet Router has met the safety standards (per CSA-950) of the Canadian Standards Association for Canada. The Netopia R9100 Ethernet Router has met the safety standards (per UL-1950) of the Underwriters Laboratories for the United States.
Page 226: Important Safety Instructions
F-4 User’s Reference Guide Important This product was tested for FCC compliance under conditions that included the use of shielded cables and connectors between system components. Changes or modiﬁcations to this product not authorized by the manufacturer could void your authority to operate the equipment. Canada.
Page 227 Do not use the telephone to report a gas leak in the vicinity of the leak. Battery The Netopia R9100’s lithium battery is designed to last for the life of the product. The battery is not user-ser- viceable. Caution! Danger of explosion if battery is incorrectly replaced.
Page 228 F-6 User’s Reference Guide...
Page 229: Glossary 1
Glossary 1 access line: A telephone line reaching from the telephone company central ofﬁce to a point usually on your premises. Beyond this point the wire is considered inside wiring. analog: In telecommunications, telephone transmission and/or switching that is not digital. An analog phone transmission is one that was originally intended to carry speech or voice, but may with appropriate modiﬁcations be used to carry data of other types.
Page 230 2 User’s Reference Guide byte: A group of bits, normally eight, which represent one data character. CallerID: See CND. CCITT (Comite Consultatif International Telegraphique et Telephonique): International Consultative Committee for Telegraphy and Telephony, a standards organization that devises and proposes recommenda- tions for international communications.
Page 231 Glossary 3 DTE (Data Terminal Equipment): Term deﬁned by standards committees, that applies to communications equipment, typically personal computers or data terminals, as distinct from other devices that attach to the network, typically modems or printers (DCE). The distinction generally refers to which pins in an RS-232-C connection transmit or receive data.
Page 232 4 User’s Reference Guide internet: A set of networks connected together by routers. This is a general term, not to be confused with the large, multi-organizational collection of IP networks known as the Internet. An internet is sometimes also known as an internetwork.
Page 233 Glossary 5 network log: A record of the names of devices, location of wire pairs, wall-jack numbers, and other information about the network. network number: A unique number for each network in an internet. AppleTalk network numbers are assigned by seed routers, to which the network is directly connected. An isolated AppleTalk network does not need a network number.
Page 234 6 User’s Reference Guide router: A device that supports network communications. A router can connect identical network types, such as LocalTalk-to-LocalTalk, or dissimilar network types, such as LocalTalk-to-Ethernet. However—unless a gateway is available—a common protocol, such as TCP/IP, must be used over both networks. Routers may be equipped to provide WAN line support to the LAN devices they serve.
Page 235 Glossary 7 TFTP (Trivial File Transfer Protocol): A protocol used to transfer ﬁles between IP nodes. TFTP is often used to transfer ﬁrmware and conﬁguration information from a UNIX computer acting as a TFTP server to an IP networking device, such as the Netopia ISDN Router. thicknet: Industry jargon for 10Base5 coaxial cable, the original Ethernet cabling.
Page 236 8 User’s Reference Guide...
Page 237 10Base-T 4-5 10Base-T, connecting 4-5 add static route 9-14 advanced conﬁguration features 8-11 answer proﬁle call acceptance scenarios 8-9 deﬁned 8-7 answering calls 8-7 AppleTalk 1-2 conﬁguring LocalTalk 11-7 routing table 12-9 setup 11-1 tunneling (AURP) 11-3 11-8 zones 11-6 11-7 AppleTalk Update-Based Routing Protocol, see AURP...
Page 238 Conﬁguring proﬁles for incoming calls. 8-8 conﬁguring terminal emulation software 6-3 conﬁguring the console 8-12 connecting to an Ethernet network 4-5 connecting to the conﬁguration screens 8-9 connection proﬁles deﬁned 7-5 console conﬁguring 8-12 connection problems A-2 screens, connecting to 8-9 console conﬁguration 8-13 console-based management conﬁguring with 6-1...
Page 239 using 13-12 viewing 13-16 ﬁrewall 13-17 ﬁrmware ﬁles updating with TFTP 14-7 updating with XMODEM 14-10 FTP sessions 13-20 further reading E-1 general statistics 12-4 Glossary GL-1 hard seeding 11-3 hops 12-9 how to reach us A-4 input ﬁlter 3 13-18 input ﬁlters 1 and 2 13-18 input ﬁlters 4 and 5 13-18 Internet addresses, see IP addresses...
Page 240 connecting to Ethernet, rules 4-5 connecting to LocalTalk 4-8 connection proﬁle 7-5 distributing IP addresses 9-16 IP setup 7-6 IPX setup 7-6 LocalTalk conﬁguration 11-7 monitoring 12-1 security 13-1 system utilities and diagnostics 14-1 Network Address Translation see NAT 9-1 network problems A-2 network status overview 12-1 next router address 12-10...
Page 241: Index
MIBs supported 12-12 setup screen 12-13 traps 12-14 socket 10-2 soft seeding 11-3 src. port 13-10 state 12-10 static IP addresses B-8 static route rules of installation 9-15 static routes 9-7 9-12 statistics, WAN 12-4 subnet masks B-3 – subnets B-2 multiple 9-10 nested B-11 subnets and subnet masks B-2...
Page 242 Index-6...
Page 243: Limited Warranty And Limitation Of Remedies
Netopia warrants to you, the end user, that the Netopia R9100 Ethernet Router (the “Product”) will be free from defects in materials and workmanship under normal use for a period of one (1) year from date of purchase. Netopia’s entire liability and your sole remedy under this warranty during the warranty period is that Netopia shall, at its sole option, either repair or replace the Product.
Page 244 User’s Reference Guide...

Netopia R9100 User Reference Manual

Chapter 1 - Introduction

Chapter 2 - Setting up Internet Services

Chapter 3 - Making the Physical Connections

Chapter 4 — Connecting to Your Local Area Network

Chapter 5 - Setting up Your Router with the Smartstart Wizard

Chapter 6 - Console-Based Management

Chapter 7 - Easy Setup

Chapter 8 — WAN and System Conﬁguration

Chapter 9 - IP Setup and Network Address Translation

Chapter 10 - IPX Setup

Chapter 11 - Appletalk Setup

Chapter 12 - Monitoring Tools

Chapter 13 — Security

Chapter 14 — Utilities and Diagnostics

Appendix A - Troubleshooting

Appendix B - Understanding IP Addressing

Appendix C - Understanding Netopia NAT Behavior

Appendix D - Binary Conversion Table

Appendix E - Further Reading

Appendix F - Technical Specifications and Safety Information

Appendix F - Technical Speciﬁcations and Safety Information

Quick Links

Need help?

Questions and answers

Related Manuals for Netopia R9100

Summary of Contents for Netopia R9100