Page 2 The information provided herein is subject to change without notice. In no event shall Allied Telesyn be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not...
Page 3: Table Of Contents
Publicly Accessible Documents..................13 Conventions........................13 Overview ......................14 CHAPTER 1 Introduction........................14 Overview of the AT-AR240E ADSL Bridge/Router ............14 How to start the web interface ..................15 Performing Basic Tasks....................17 Status ..........................17 User Management ......................18 Error Log...........................
Page 4 IP Protocol Introduction ....................37 The Internet ........................37 Addressing........................39 Subnets ..........................41 Changing the AT-AR240E LAN - USB IP address ............43 IP Routing......................... 44 DHCP ........................46 CHAPTER 4 The Dynamic Host Configuration Protocol ............... 46 The AT-AR240E’s support for DHCP ................47 DHCP Relay ........................
Page 5 AT-AR240E Remote management................. 116 APPENDIX G ....................120 CHAPTER 14 AT-AR240E – How to update the software using the TFTP software......120 How to upload the recovery.................... 120 How to upload the software image ................. 121 APPENDIX J ..................... 122 CHAPTER 15 Troubleshooting......................
Page 6 List of Figures Figure 1. ADSL Network topology ............................15 Figure 2. Web interface Status Page ..........................17 Figure 3. Web interface User Management page ......................18 Figure 4. Web interface Error Log page ..........................19 Figure 5. Save Configuration.............................. 20 Figure 6.
Page 7 Figure 56. Global Address Pool settings ..........................86 Figure 57. AT-AR240E console login ..........................90 Figure 58. AT-AR240E console............................90 Figure 59. AT-AR240E console – SNMP module ......................91 Figure 60. How to close the console ..........................92 Figure 61. SNMP commands online help........................... 93...
Page 8 List of Tables Table 1: Protocols and standards supported by the AT-AR240E ADSL Bridge/Router............. 11 Table 2: Typographic conventions used in this manual..................... 13 Table 3: G.DMT features..............................25 Table 4: G.Lite features..............................25 Table 5: Functions of the fields in an IP datagram ......................39...
Page 9: Purpose Of This Manual
Check the system status View error log Define new users for management The AT-AR240E Console is provided to configure and show the status of the SNMP module. Intended Audience This manual is intended for the system administrator, network manager or...
Page 10: Structure Of This Manual
It is assumed that the reader is familiar with: The topology of the network in which the AT-AR240E is to be used. Basic principles of computer networking, ADSL protocols, IP protocols and routing, and interfaces. Administration and operation of a computer network.
Page 11: Standards And Protocols
AT-AR240E ADSL Bridge/Router Web Interface User Manual Standards and Protocols Supported Standards and Protocols Table 1 lists the protocols and standards supported by the AT-AR240E ADSL Bridge/Router and the references where these protocols and standards are defined. Table 1: Protocols and standards supported by the AT-AR240E ADSL Bridge/Router.
Page 12: Background Reading
which lists the titles and file names of all available RFCs. Most sites have a file, usually rfc-retrieval.txt, which gives detailed information about RFC repositories and how to retrieve RFCs via FTP, mail servers, WWW, Gopher and WAIS. To learn how to obtain a copy of an RFC via email from a mail server, point your browser at http://www.isi.edu/in-notes/rfc-editor/rfc- info.
Page 13: Publicly Accessible Documents
Using and Managing PPP, Andrew Sun, O’Reilly; ISBN: 1565923219; (March 1999). Publicly Accessible Documents Allied Telesyn maintains an online archive of documents and files that customers can access via the World Wide Web or via anonymous FTP. For access, point...
Page 14: Chapter 1 Overview
(G.DMT), G.922.2 (G.lite) and ANSI (T1.413) for operation over mixed gauge two-wire circuits and is interoperable with all major DSLAM and Multi Service Access Systems. When used with a POT’s Splitter the AT-AR240E ADSL Bridge/Router can be used in conjunction with a telephony service using the same two-wire local loop circuit.
Page 15: How To Start The Web Interface
IP address assignment can be either static or dynamic per virtual ATM connection. How to start the web interface To run the AT-AR240E web interface, ensure that your Web Browser is Microsoft® Internet Explorer 5.0 (or later) and disable any proxy settings on your Web Browser as follows:...
Page 16 • Click OK for changes to take effect. The default IP address on the AT-AR240E is 192.168.1.1. The IP address on your PC has to be in the same subnet as 192.168.1.1. It is outside the scope of this manual to explain how to achieve this setting on your PC.
Page 17: Performing Basic Tasks
AT-AR240E ADSL Bridge/Router Web Interface User Manual Performing Basic Tasks Status The AT-AR240E has three physical ports: the ADSL, the LAN and the USB. Using the Web interface, clicking on STATUS it is possible to check the status of each port.
Page 18: User Management
Chapter 1 - Overview User Management Clicking on ʹUsers Managementʹ enables the definition of new users. Two kind of users are defined (see Figure 3): Normal User Administrator A normal user is only able to view and check the status of the ADSL router without having any configuration privileges.
Page 19: Error Log
AT-AR240E ADSL Bridge/Router Web Interface User Manual Error Log Clicking on ʹError Logʹ displays a table as shown in Figure 4. This table shows some useful information on configuration errors: • When: time in seconds since last reboot • Process: the process that caused the error •...
Page 20: Save Configuration
Chapter 1 - Overview Save Configuration The ʹSave Configurationʹ section provides the opportunity to store into the internal flash all the configuration settings made by the AT-AR240E administrator (see Figure 5). Figure 5. Save Configuration There will be a delay (approximately 15 secs) for saving the configuration.
Page 21: Restart
AT-AR240E ADSL Bridge/Router Web Interface User Manual Restart Clicking on ʹRestartʹ forces a Software restart on the AT-AR240E (see Figure 7 ). Figure 7. Web interface Restart page...
Page 22: Chapter 2 Configuring The Adsl Interface
Chapter 2 – Configuring the ADSL Interface Chapter 2 Configuring the ADSL Interface Introduction to ADSL ADSL, short for Asymmetric Digital Subscriber Line, is an exciting new technology that utilizes existing telephone lines for multimedia and high- speed data communications in parallel with the regular telephone voice services.
Page 23: Telecommuting
AT-AR240E ADSL Bridge/Router Web Interface User Manual Telecommuting Telecommuting is another ripe opportunity for ADSL technology. With high- speed connectivity to employees' homes, a "virtual office" experience to telecommuters can be offered. This is attractive because more and more corporations are embracing telecommuting as an effective means of reducing facility expenses and complying with environmental quality regulations.
Page 24: Multi (Auto)
Chapter 2 – Configuring the ADSL Interface Figure 8. ADSL Service Configuration The characteristics of each service are briefly described below. MULTI (AUTO) Using this setting, the DSL configuration is automatically configured during the ADSL link establishment. ANSI T1.413 and G.DMT ANSI T1.413.
Page 25: G.lite Adsl
AT-AR240E ADSL Bridge/Router Web Interface User Manual Table 3: G.DMT features. G.DMT Best Applications Maximum Distance Asymmetric from CO Speeds Range 1.5 to 6 Mbps Internet/Intranet access, Web 18,000 feet or 3.4 Downstream; surfing, large files download, miles 16 to 640 Kbps video-on-demand, VPN.
Page 26: Atm Channel Parameters
Chapter 2 – Configuring the ADSL Interface Figure 9. ATM parameters The following is a brief explanation of each of these parameters. ATM Channel Parameters The following parameters identifies the ATM channel: • Name: an identifier of the connection • VPI/VCI: Virtual Path Identifier and Virtual Channel Identifier identify the ATM channel ATM Quality of Service Parameters...
Page 27: Configuring The Connection Type
AT-AR240E ADSL Bridge/Router Web Interface User Manual BIT-RATE OPTIONS • UBR (Unspecified Bit Rate): may be interpreted as “best effort service” • CBR (Constant Bit Rate): this service class is intended for real time applications requiring constrained delay and delay variation •...
Page 28: Encapsulation
AT-AR240E as a bridge The AT-AR240E can be used as an ADSL bridge device. The AT-AR240E cannot manage routed and bridged connections at the same time When you configure a Bridged (RFC1483 or PPPoA) connection you have to decide whether you are bridging from the LAN or from the USB interface.
Page 29: Rfc 1483 Bridged/Routed Connection
It is worth noting that even when the LAN interface is being bridged, it is still possible to manage the AT-AR240E using the other interface (e.g. USB), by connecting to its address (e.g. default value for USB interface is 192.168.2.1, and so is access from the web browser by typing http://192.168.2.1:8080...
Page 30: Configuration Example For An Rfc1483 Routed Connection
Chapter 2 – Configuring the ADSL Interface If your Connection type is RFC 1483 Bridged than choose the RFC1483 Bridged radio button as shown above (see Figure 10). You will also need to specify: • the Encapsulation (see discussion on Encaspulation on page 28) •...
Page 31: Ip Over Atm Connection
AT-AR240E ADSL Bridge/Router Web Interface User Manual IP over ATM connection An explanation of IP over ATM can be seen in Appendix C. Configuration Example for an IP over ATM Connection Figure 12. IP over ATM Connection If your Connection type is IP over ATM than choose the IPoA radio button as shown above (see Figure 12).
Page 32: Ppp Over Atm Bridged/Routed Connection
Chapter 2 – Configuring the ADSL Interface PPP over ATM Bridged/Routed connection An explanation of PPP and PPP over ATM can be seen in Appendix D. Configuration Example for a PPP over ATM bridged Connection Figure 13. PPP over ATM Bridged Connection If your Connection type is PPP over ATM bridged than choose the PPP radio button and check the PPPoA Bridged option as shown above (see Figure 13).
Page 33: Configuration Example For A Ppp Over Atm Routed Connection
AT-AR240E ADSL Bridge/Router Web Interface User Manual Configuration Example for a PPP over ATM Routed Connection Figure 14. PPP over ATM Routed Connection If your Connection type is PPP over ATM Routed then choose the PPP radio button and check the PPPoA Routed option as shown above (see Figure 14).
Page 34: Ppp Over Ethernet Routed Connection
Chapter 2 – Configuring the ADSL Interface PPP Over Ethernet Routed Connection PPP Over Ethernet introduction PPP, which was designed for serial communications, has now been adapted to Ethernet, and is appropriately called PPP over Ethernet (PPPoE). Since PPP was designed to do things that were either impossible or unnecessary with Ethernet, users are often confused as to why one would want to use PPP over Ethernet at all.
Page 35: Configuration Example For A Ppp Over Ethernet Routed Connection
AT-AR240E ADSL Bridge/Router Web Interface User Manual PPPoE on a Local Network. Figure 16. Configuration Example for a PPP over Ethernet Routed Connection Figure 17. PPP over Ethernet Routed Connection...
Page 36 Chapter 2 – Configuring the ADSL Interface If your Connection type is PPP over Ethernet Routed then choose the PPP radio button and check the PPPoE Routed option as shown above (see Figure 17). You will also need to specify: •...
Page 37: Chapter 3 Lan - Usb
AT-AR240E ADSL Bridge/Router Web Interface User Manual Chapter 3 LAN - USB The main task in configuring LAN – USB interfaces is configuring the IP parameters. The following is an introduction to IP. IP Protocol Introduction IP protocols are widely used and available on nearly every hosts and PC systems.
Page 38: Figure 18. Ip Packet Or Datagram
Chapter 3 – LAN - USB Successive packets may take different routes through the network to the destination. There is a strong analogy with the postal delivery system in which letters are placed in individually addressed envelopes and put into the system in the ‘hope’...
Page 39: Addressing
AT-AR240E ADSL Bridge/Router Web Interface User Manual Table 5: Functions of the fields in an IP datagram Field Function The version of the IP protocol that created the datagram. The length of the IP header in 32-bit words (the minimum value is 5).
Page 40: Figure 19. Subdivision Of The 32 Bits Of An Internet Address
Chapter 3 – LAN - USB Table 6: Internet Protocol address classes and limits on numbers of networks and hosts. Class Maximum number of possible Maximum number of hosts networks per network 16,777,216 65,536 16,384 2,097,152 Reserved Class Reserved Class Each class differs in the number of bits assigned to the host and network see Figure 19 portions of the address (...
Page 41: Subnets
AT-AR240E ADSL Bridge/Router Web Interface User Manual For example: is a class A address 10.4.8.2 is the DDN assigned network number .4.8 are (possibly) user assigned subnet numbers is the user assigned host number 172.16.9.190 is a class B address 172.16...
Page 42 Chapter 3 – LAN - USB A subnet is formed by taking the host portion of the assigned address and dividing it into two parts. The first part is the ‘set of subnets’ while the second refers to the hosts on each subnet. For example the DDN may assign a class B address as 172.16.0.0.
Page 43: Changing The At-Ar240E Lan - Usb Ip Address
AT-AR240E ADSL Bridge/Router Web Interface User Manual Changing the AT-AR240E LAN - USB IP address By default, the LAN IP address is set at 192.168.1.1 for users connected to the Ethernet Port of their Router and 192.168.2.1 for users connected to the USB Port of their Router.
Page 44: Ip Routing
IP address of a the other router on LAN via which data will be sent to the destination subnet. The gateway address is NOT the IP address on the LAN interface of the AT-AR240E itself. When you have entered the required information, click ADD, and the route will be created.
Page 45: Figure 21. How To Add A New Static Route
AT-AR240E ADSL Bridge/Router Web Interface User Manual If an invalid route is created, then entering the IP routing page a warning message will inform that the wrong route will be deleted. Figure 21. How to add a new Static Route...
Page 46: Chapter 4 Dhcp
IP address to a new host being permanently connected to a network where IP addresses are sufficiently scarce that it is important to reclaim them when old hosts are retired. The DHCP server facility in the AT-AR240E only supports dynamic allocation.
Page 47: The At-Ar240E's Support For Dhcp
AT-AR240E ADSL Bridge/Router Web Interface User Manual The AT-AR240E’s support for DHCP The AT-AR240E can handle DHCP packets in one of three mutually exclusive ways: Ignore the packets -- - DHCP relay disabled and Server disabled Relay the DHCP packets on to some other device that is known to be...
Page 48: Figure 23. Dhcp Relay
Chapter 4 – DHCP To configure the router as a DHCP relay, click on the Enable/Configure button in the “DHCP Relay” field of the DHCP Service page. The DHCP Relay page, illustrated in Figure 23, will be presented. Figure 23. DHCP relay Click on EDIT, and the DHCP Relay Configuration page, illustrated in Figure 24, will be presented.
Page 49: Dhcp Server
Figure 24. DHCP relay setting DHCP Server The AT-AR240E DHCP Server only supports dynamic address allocation. It is not possible to configure static IP assignments. The server can supply up to 25 clients with two parameters in addition to an assigned address. The parameters are DNS address and Gateway address.
Page 50: Figure 25. Dhcp Server
Chapter 4 – DHCP Figure 25. DHCP server In order to change the DHCP server settings, click on the related Enable/Configure button. A web page as in Figure 26 will appear. It is possible to modify the setting of the DHCP server both on the LAN and on the USB interface.
Page 51: Figure 26. Dhcp Server Settings
AT-AR240E ADSL Bridge/Router Web Interface User Manual The value displayed is the router’s LAN IP address. I.e. it is assumed that PC’s that are sending DHCP requests to the router will be using the router as their gateway. Figure 26. DHCP server settings...
Page 52: Chapter 5 Dns
Chapter 5 – DNS Chapter 5 DNS introduction DNS is an abbreviation for Domain Name System, a system for naming computers and network services that is organized into a hierarchy of domains. DNS naming is used in TCP/IP networks, such as the Internet, to locate computers and services through user-friendly names.
Page 53: Dns Relay
AT-AR240E ADSL Router Web Interface Manual In this example, a client computer queries a server, asking for the IP address of a computer configured to use host-a.example.alliedtelesyn.com as its DNS domain name. Because the server is able to answer the query based on its...
Page 54: Dns Client
Chapter 5 – DNS DNS Client The AT-AR240E is provided with an internal DNS client. It is possible to add DNS server addresses that will be used by the router ONLY for its own lookups. It is possible also to define a list of domain names using the ʺDomain Search Orderʺ...
Page 55: Chapter 6 Security
Chapter 6 Security Introduction This chapter describes the AT-AR240E router’s built-in security facilities, and how to configure and monitor them. The Internet is a network that allows access to vast amounts of information and potential customers. However, the Internet is not controlled and certain individuals use it destructively.
Page 56: Stateful Inspection
Chapter 5 – Security very restrictive. Only protocols that have specific proxies configured are allowed through the security system; all other traffic is rejected. In practice most third-party proxies are transparent proxies, which pass all traffic between the two sessions without regard to the data. Stateful Inspection A more recent approach to security design uses a method called “stateful inspection”.
Page 57: Firewall
AT-AR240E ADSL Router Web Interface Manual Figure 29. Security configuration web page The security features in the AT-AR240E are divided into four areas: Firewall This covers the creation of policies and filtering rules. Dynamic Port Opening This is a companion feature to the filtering rules. There are a number of Internet applications that require secondary ports to be open in order for a session to operate.
Page 58: Nat
Chapter 5 – Security Upon detecting such a traffic pattern, the router can take certain configurable actions. The AT-AR240E implements Port-based network Address Translation. The NAT can be configured to enable incoming sessions to particular private hosts. We will now examine the details of configuring these four features.
Page 59 AT-AR240E ADSL Router Web Interface Manual • Internal: an interface to a private network. Hosts on a private network are considered to be benign, but in need of protection from incoming attacks. • External: an interface to on public network (typically the Internet) which may contain hosts which will launch attacks.
Page 60: Firewall
Chapter 5 – Security Firewall Clicking on the Firewall Configure button, a web page as in Figure 31 will appear. The firewall service can be configured using three pre-defined levels that are: LOW: setting this level all output traffic is allowed; incoming traffic is blocked only for http, ftp, telnet, smtp, pop3, nntp and icmp.
Page 61: Figure 31. Security Level
AT-AR240E ADSL Router Web Interface Manual Figure 31. Security level Figure 32. Low Security level...
Page 62: Figure 33. Medium Security Level
Chapter 5 – Security Figure 33. Medium Security level Figure 34. High Security level Otherwise it is possible to configure the firewall using a User Defined configuration. A User defined Configuration will consist of a number of Firewall policies.
Page 63: Figure 35. Current Firewall Policies
AT-AR240E ADSL Router Web Interface Manual To add a new policy: click on User Defined button and a web page as in Figure 35 will appear each policy has defined between a pair of interfaces 3. Three policies has already defined. You can configure/delete one of this policy clicking on Configure policy (e.g.
Page 64: Figure 36. Firewall Port Filters
Chapter 5 – Security Figure 36. Firewall Port Filters Figure 37. Adding a new TCP filter By default, no packets are allowed in through an external interface. All packets are allowed out through an internal interface.
Page 65: Precedence Rule For Overlapping Filters
AT-AR240E ADSL Router Web Interface Manual So, typically, on a User-Defined firewall service, if we are changing default behaviour, we are allowing certain traffic types in through external and we are blocking certain traffic types from going out through internal interface...
Page 66: Figure 39. Firewall Add Tcp Port Filters
Chapter 5 – Security By default, no packets are allowed in through an external interface. Packets for most common applications are allowed out through an internal interface. 1) The first step will be to delete the filter that allows outgoing TCP to port 80;...
Page 67: Dynamic Port Opening
AT-AR240E ADSL Router Web Interface Manual Dynamic Port Opening To gain an understanding of the purpose of the Dynamic Port Opening feature, let us look at the operation of the FTP protocol FTP PROTOCOL OPERATION FTP is rather a difficult protocol for firewalls to deal with, for two reasons:...
Page 68 Application is developed, there potentially has to be new code added to the firewall to handle the new application. The Dynamic Port Opening method used on the AT-AR240E takes a quite different approach. It is able to handle these port-number embedding applications without having to know the details of the format of the packets used in the application.
Page 69 AT-AR240E ADSL Router Web Interface Manual Although FTP is given as an example of a protocol that requires dynamic port opening, because FTP is such a very common application, the dynamic port opening for FTP is enabled in the software by default, and does not have to be configured by the user.
Page 70 Chapter 5 – Security • Protocol: TCP or UDP • Port range: this defines a range of UDP or TCP destination port numbers. Sessions to these port numbers will be treated as primary sessions – ie sessions that will be put into the table that is examined when deciding whether to allow in a new session.
Page 71: Configuration Example 1 For Dynamic Port Opening
AT-AR240E ADSL Router Web Interface Manual Configuration example 1 for Dynamic Port Opening Suppose that a user connected to the LAN interface of the AT-AR240E wants to receive audio or video via RealPlayer from a remote RealServer (see Figure 41).
Page 72: Figure 43. Dynamic Port Opening Configuration
Chapter 5 – Security 2) After clicking on New Dynamic Port Opening a web page as in Figure 43 will appear: Figure 43. Dynamic port opening configuration 3) Insert the following values related to TCP port 554 and click on “APPLY”: •...
Page 73: Figure 44. Dynamic Port Opening Settings For Real Player Applications
AT-AR240E ADSL Router Web Interface Manual Figure 44. Dynamic Port Opening settings for Real Player Applications...
Page 74: Configuration Example 2 For Dynamic Port Opening
Chapter 5 – Security Configuration example 2 for Dynamic Port Opening Suppose that a user connected to the LAN interface of the AT-AR240E wants to establish a Netmeeting session with a remote host (Fig.50) AT-AR240E Internet Figure 50 – Dynamic port opening: establishing a Netmeeting session...
Page 75: Figure 45. Dynamic Port Opening Settings For Netmeeting Applications
AT-AR240E ADSL Router Web Interface Manual Figure 45. Dynamic port opening settings for Netmeeting applications...
Page 76: Attack Detection And Blocking
Chapter 5 – Security Attack Detection and Blocking Clicking on the ʹAttack Detection and Blockingʹ Configure button, a web page as in Figure 46 will appear. The following parameters can be set: • Use blacklist: this parameter enables the use of a blacklist where the router blocks a host IP address if it detects an intrusion from that host.
Page 77: Nat
Figure 46. Attack Detection and Blocking web page An introduction to NAT can be found in Appendix E. On the AT-AR240E, NAT policies are created between pairs of interfaces. One of the interface in any GIVEN policy pair must be an external interface.
Page 78: Figure 47. Nat Configuration Web Page
Chapter 5 – Security Figure 47. NAT configuration Web Page Suppose that we want to enable the NAT between the PPP over Ethernet (external) and LAN (internal) interface. Clicking on the corresponding Configure button, the following web page will appear.
Page 79: Figure 48. Nat Enabling Web Page
AT-AR240E ADSL Router Web Interface Manual Figure 48. NAT enabling Web Page After clicking on “Enable NAT to Internal Interface” a NAT policy between these two interfaces is created. So now: • all sessions originating from hosts on the internal LAN destined for the external interface will have their source address replaced by the IP address on the external interface.
Page 80: Figure 49. Nat Related Setting
Chapter 5 – Security Figure 49. NAT related setting The best way to illustrate the use of Global address pools and Reserved Mapping is to look at some configuration examples.
Page 81: Configuration Example 1 For Nat
AT-AR240E ADSL Router Web Interface Manual Configuration example 1 for NAT Suppose that an FTP server is running on a host on the internal side of the AT-AR240E and you want to permit the access to this server from remote hosts (see Figure 50). AT-AR204E...
Page 82: Figure 52. Reserved Mapping Settings
Chapter 5 – Security 2) Insert the following values: • 136.10.2.45 (ADSL interface IP address) Global IP Address: • Internal IP Address: 192.168.1.10 (FTP server IP address) • Protocol: TCP • Port Number: 21 (ftp control session port) Figure 52. Reserved Mapping settings Clicking on APPLY, the Reserved Mapping will be created.
Page 83: Configuration Example 2 For Nat
AT-AR240E ADSL Router Web Interface Manual Configuration example 2 for NAT Suppose that a user connected to the LAN interface of the AT-AR240E has an FTP server on a local host and a Web server on another local host and he...
Page 84: Configuration Example 3 For Nat
Chapter 5 – Security Configuration example 3 for NAT Suppose that a user connected to the LAN interface of the AT-AR240E wants to connect to a remote Private LAN (i.e Company Intranet) using an IPSEC tunnel. AT-AR240E Internet 136.10.2.45 IPSec Gateway 192.168.1.10...
Page 85: Configuration Example 4 For Nat
AT-AR240E ADSL Router Web Interface Manual Configuration example 4 for NAT Suppose that a user connected to the LAN interface of the AT-AR240E has two FTP servers on two different local hosts and two public IP addresses (provided by its ADSL service provider).
Page 86: Figure 56. Global Address Pool Settings
Chapter 5 – Security 1) Click on Add Global Address Pool, insert the following values and click on APPLY (see Figure 56): • Start IP Address: 136.10.2.45 (first public IP address) • End IP Address: 136.10.2.46 (second public IP address) •...
Page 87: Interactions Of Nat And Other Security Features
AT-AR240E ADSL Router Web Interface Manual Interactions of NAT and other security features. Firewall filters and Reserved mappings. So far, the NAT reserved mappings have been considered independently of the firewall. If the firewall is not enabled, then all that is required to enable NAT to allow in TCP sessions to a certain port number is to create a reserved mapping for that particular TCP port number.
Page 88: Chapter 7 Snmp
Chapter 7 SNMP Introduction Simple Network Management Protocol (SNMP) The AT-AR240E device can be monitored/configured using the SNMP protocol. The Simple Network Management Protocol (SNMP) is the network management protocol of choice for the Internet and IP-based internetworks. The SNMP protocol provides a mechanism for management entities, or stations, to extract information from the Management Information Base (MIB) of a managed device.
Page 89: At-Ar240E Console
AT-AR240E Console The AT-AR240E console is used for configuring the snmp module. A TELNET session has to be established to access the AT-AR240E console. To start a TELNET session, do one of the following: From your Windows PC open a DOS shell and type the following command: telnet x.y.z.u where x.y.z.u is the AT-AR240E...
Page 90: Figure 57. At-Ar240E Console Login
Appendix AT-AR240E console login The SNMP related commands are a subset of the AT-AR240E console; to have access to these settings first of all enter the following command and press [enter] twice (see Figure 57): console enable Figure 57. AT-AR240E console...
Page 91: How To Close The Console
(e.g. 192.168.2.1); now enter the following command in order to access to the SNMP module and press [enter] (see Figure 58): 192.168.2.1> snmp Figure 58. AT-AR240E console – SNMP module How to close the console To close a session enter the following commands (see Figure 59):...
Page 92: Help On Snmp Console Commands
Appendix Figure 59. How to close the console HELP on SNMP console commands An online help is provided for all the SNMP provided commands that are: • access • config • trap To have access to the Online help (see Figure 60) simply type “ help”...
Page 93: Command Reference
AT-AR240E ADSL Router Web Interface Manual Figure 60. SNMP commands online help Command Reference SNMP ACCESS Syntax snmp access [read | write] <community> [<IP addr>] snmp access delete <community> [<IP addr>] snmp access flush snmp access list Description These commands are used for the following scopes: To allow access for some <...
Page 94: Snmp Config
Appendix To change from the default value (that is “friend”) to the new value “test” the SNMP write community string: snmp access delete friend snmp access write test SNMP CONFIG Syntax SNMP CONFIG SAVE Description This command saves the SNMP configuration into the flash. SNMP TRAP Syntax snmp trap add <community>...
Page 95: Chapter 8
AT-AR240E ADSL Router Web Interface Manual APPENDIX A ATM is a standard that supports the integration of voice, data, & video, and allows for the guarantees of service quality from end-to-end. The following describes the reasons why ATM has become a popular service, and goes on to describe some of the details of the operation of ATM.
Page 96: Lan/Wan/Voice Integration
Appendix An Ethernet is treated as a network of peers – every workstation has equal access to the line. At peak times, its just first-in-first-served. Also, Ethernet is an asynchronous medium – a workstation can start transmitting data at any moment it chooses;...
Page 97: Other Significant Features Of Atm
AT-AR240E ADSL Router Web Interface Manual Other significant features of ATM Traffic engineering features ATM offers improved performance through an ability to offer performance guarantees and robust WAN traffic management that support the following capabilities: • Large buffers that guarantee Quality of Service (QoS) for bursty data traffic and demanding multimedia applications •...
Page 98: Basic Structure Of Atm Network
Appendix BASIC STRUCTURE OF ATM NETWORK ATM is based on the concept of two end-point devices communicating by means of intermediate switches. As figure below shows, an ATM network is made up of a series of switches and end-point devices. The end-point devices can be ATM-attached end stations, ATM-attached servers, or ATM-attached routers.
Page 99: Atm Virtual Connections
AT-AR240E ADSL Router Web Interface Manual ATM VIRTUAL CONNECTIONS ATM networks are fundamentally connection oriented, which means that a virtual channel (VC) must be set up across the ATM network prior to any data transfer. (A virtual channel is roughly equivalent to a virtual circuit.)
Page 100: Ubr (Unspecified Bit Rate)
Appendix Let us look at the characteristics of these connection types. UBR (unspecified bit rate) The UBR service class is intended for delay-tolerant or non-real-time applications, i.e., those which do not require tightly constrained delay and delay variation, such as traditional computer communications applications. Sources are expected to transmit non-continuous bursts of cells.
Page 101: Abr (Available Bit Rate) And Qfc
(The range of values on the AT-AR240 is: [3,2500]) Minimum Cell Rate (MCR) None of the traffic classes available on the AT-AR240E implement MCR. There is a channel attribute, but this is just a place-holder: setting it has no effect.
Page 102: Sustainable Cell Rate (Scr)
Appendix Sustainable Cell Rate (SCR) This is ignored unless the traffic class is VBR. For VBR, the SCR limits are the same as the PCR limits (see above). But SCR must be set less than PCR (this is enforced by the parameter checking code). (The range of values on the AT-AR240 is: [2,2499]) Maximum Burst Size (MBS) and Burst Tolerance (BT) These only affect VBR classes.
Page 103: Chapter 9
AT-AR240E ADSL Router Web Interface Manual APPENDIX B RFC1483 Bridged/Routed RFC1483 defines the encapsulations used for multiplexing multiple protocols over ATM. The RFC1483 Bridged/Routed connections both use the encapsulations defined in that RFC to send the data across the ADSL line.
Page 104 Appendix After it identifies the signals as belonging to a data connection, it passes them to the ADSL Transmission Unit Central Office (ATU-C) in the DSLAM. The ATU-C demodulates the signal and retrieves the ATM cells, which are then passed to the network interface card (NIC) in the multiplexing device (MUX).
Page 105: Chapter 10
AT-AR240E ADSL Router Web Interface Manual APPENDIX C IP Over ATM In appendix B, there is a description of the RFC1483 routed connection, in which an IP packet is encapsulated in ATM and send over the line. Here we will describe the more elaborate IPoA service, in which an ATM network acts as a multi-drop IP network, and the ARP protocol can be used to find the network node that has a particular IP address.
Page 106: Qos-Aware Vs. Best Effort
Appendix path(s) may not be an optimal path and may become overwhelmed by the amount of data being transfered. QoS-aware vs. Best Effort Quality of Service is an important concept in ATM networks. It includes the parameters like the bandwidth and delay requirements of a connection. Such requirements are included in the signaling messages used to establish a connection.
Page 107: Routing Between Liss
AT-AR240E ADSL Router Web Interface Manual A LIS has the following properties • End systems in an LIS share the same IP prefix and address mask. In this way LIS is quite similar to a traditional IP subnetwork over a broadcast LAN.
Page 108: Chapter 11
Appendix APPENDIX D Point to Point Protocol The arrival of low cost broadband technologies in general and DSL (Digital Subscriber Line) in particular has greatly increased the number of computer hosts that are permanently connected to the Internet. This has increased concerns on the part of DSL service providers about security.
Page 109: Ppp Over Atm
AT-AR240E ADSL Router Web Interface Manual PPP is used by Internet Service Providers (ISPs) to allow dial- up users to connect to the Internet. PPP over ATM With ATM over ADSL, the residential and small business office customers have access to broadband Internet environments. ATM over ADSL provides seamless connections from remote users to any ATM distribution network, to any ATM backbone, to any corporate intranets, or to the Internet.
Page 110 Appendix Essential operational functions can be delivered over ATM using features well established in PPP: • Authentication (PAP, CHAP, token-based systems) • Layer 3 address autoconfiguration (e.g., domain name autoconfiguration, IP address assignment by the destination network) • Multiple concurrent destinations (i.e., multiple PPP sessions) •...
Page 111: Chapter 12
AT-AR240E ADSL Router Web Interface Manual APPENDIX E Network Address Translation NAT stands for Network Address Translation. In short, it is a mechanism by which the IP addresses of packets are changed as they go through a routing device. The reason for doing such a translation is to enable a device to appear to have one address to hosts on one side of the NATing router, and another address to hosts on the other side of the NATing router.
Page 112: Security
Appendix Address Conservation using NAT Security The security provided by NAT is really a by-product of the address conservation purpose. The fact is that NAT aims to translate the source addresses of packets originating from within the local private network; when reply packets come back from the Internet, they can be passed back to the hosts on the Private network as the NAT process keeps an internal table that enables it to know which replies are actually destined to which private hosts.
Page 113 AT-AR240E ADSL Router Web Interface Manual The particular value of the source port number in a session is not important, so the NAT device is free to change the source port numbers in packets. This freedom to change the source port number is the central key to NAT. This enables it to make sure that every TCP or UDP session that it sends out to the Internet has a UNIQUE source port number.
Page 114: What About Protocols Other Than Udp And Tcp
Appendix • if it is found, the packet is recognized as being a reply for an existing session, and the source IP and source Port number in the table entry are put into the destination IP address and destination port number fields of the packet, and the packet is then sent onto the private LAN.
Page 115 AT-AR240E ADSL Router Web Interface Manual specific static port mappings. For example, a mapping can be configured such that any TCP session coming into port 80 on the public interface is forwarded to a particular host on the private LAN; and any TCP session coming into port 25 on the public interface is forwarded to another (or maybe the same) host on the private LAN, and so on.
Page 116: Chapter 13
The upgrade procedure is a simple bash script. It must be executed with two command-line parameters, which are the IP address of the AT-AR240E interface, and the name of a tar file containing a set of files which have to be updated.
Page 117 AT-AR240E ADSL Router Web Interface Manual If the upgrade procedure is interrupted the web server could remain out of service for a maximum period of 5 minutes. If the upgrade procedure is interrupted during the updating of flash the equipment reboots with a corrupted image and enters in a recovery state. If this happens the software can be upgraded only locally, i.e.
Page 118 Appendix # write some files needed to communicate with TFTP server echo "friend" > tftplock.key if [ $? != 0 ]; then echo "cannot write file tftplock.key" exit touch_file tftp.rbt touch_file tftplock.web touch_file tftpupdt.dir touch_file tftpupgr.beg touch_file tftpupgr.end touch_file tftpupgr.rbt # Is AR240e alive ? echo "1.
Page 119 AT-AR240E ADSL Router Web Interface Manual put tftplock.key put tftpupgr.beg put $2 $tarfile put tftpupgr.end THIRD_STEP if [ $? != 0 ]; then echo "Software transfer failed" exit # Wait for a while... clean_up echo "6. Updating flash..." sleep 70 echo "7.
Page 120: Chapter 14
APPENDIX G AT-AR240E – How to update the software using the TFTP software The AT-AR240E software is composed of two main portions: the recovery image the software image A TFTP software is provided in order to upload both the recovery and the software images.
Page 121: How To Upload The Software Image
AT-AR240E ADSL Router Web Interface Manual How to upload the software image 1) configure your PC network card with the following IP Address: 192.168.1.2 2) connect your PC Ethernet port directly to the Router Ethernet port using a standard patch cable 3) load the software image into the router following these steps 3.1) select the at-ar240e_<sw-release>/phase2_software...
Page 122: Chapter 15
"bleed" over substandard wiring. No light on the AT-AR240E are lit, or light are indicating an error. • If the power led is not lit, verify that there is power to the AT-AR240E. If you have plugged the AT-AR240E into another electrical receptacle, verify if there is a switch that may control the electrical receptacle in use.
Page 123 • If the three leds present on the AT-AR240E are all lit, but neither the ADSL port nor the ethernet port is connected to anything, try to reset the device, turn it off and then on again, if the problem is still present please contact the supplier of your AT-AR240E.
Page 124: Wan Network
Appendix • Verify if the AT-AR240E DHCP server is enabled; to do this you will have set on your pc a static IP address that belongs at the same IP subnet as the AT-AR240E (for the LAN interface the defualt IP subnet is 192.168.1.0, and for the USB interface the defualt IP subnet...
Page 125 If the RX and TX values on the ATM connection are non zero. • Verify by the AT-AR240E GUI if, in the DNS Relay section of the DNS page, the IP address for the DNS Server is correct. (This value is obtained automatically when you choose “use DHCP”...
Page 126: Chapter 16
CD containing the files, as shown below: To install the drivers, proceed as follows: Connect the AT-AR240E to the PC, using a USB cable. The PC will detect the presence of a new hardware device connected to it, and will pop up a dialog...
Page 127 The dialog box illistrated here is from Windows XP, the exact appearance of the dialog will be different for different versions of Windows. Ensure that the CD containing the AT-AR240E USB driver files is inserted into the PC, then click on the next button, and the PC will search for the driver...
Page 128 Appendix If the PC fails to find the files, click the Back button from this window, and then in the previous window, choose the option “Choose from a list or specified location”. Then click on Next, and you will be given the opportunity to browse to the directory where the files reside.
Page 129 AT-AR240E ADSL Router Web Interface Manual When the installation is complete, you will be presented with the opportunity to set up Networking using this new connection:...
Page 130 This connection has the IP protocol enabled, and is set to learn an IP address by DHCP. So, it will obtain an IP address from the DHCP server in the AT-AR240E. It should now be possible to connect to the...
Page 131 AT-AR240E ADSL Router Web Interface Manual AT-AR240E using your web browser (the default IP address on the USB interface of the AT-AR240E is 192.68.2.1, and so would be accessed by typing http://192.168.2.1:8080 into the “Address” field of the web browser).

Allied Telesis AT-AR240E User Manual

CHAPTER 1 Overview

CHAPTER 2 Configuring the ADSL Interface

Chapter 3 Lan - Usb

Chapter 4 Dhcp

Chapter 5 Dns

CHAPTER 6 Security

Chapter 7 Snmp

Chapter 8

Chapter 9

Chapter 10

Chapter 11

Chapter 12

Chapter 13

Chapter 14

Chapter 15

Chapter 16

Quick Links

Related Manuals for Allied Telesis AT-AR240E

Summary of Contents for Allied Telesis AT-AR240E

Table of Contents