ADSL BarricadeTM 4-Port ADSL Router with Built-in Annex A ADSL Modem User Guide February 2004
TABLE OF CONTENTS Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Using this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Notational conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Typographical conventions . . . . . . . . . . . . . . . . . . . . .
Table of Contents Getting Started with the Configuration Manager 23 Accessing the Configuration Manager . . . . . . . . . . . . . . . . . . . Functional Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Commonly used buttons . . . . . . . . . . . . . . . . . . . . . . . . The Home Page and System View Table . . . . . . . . . . . . . . . . Modifying Basic System Information . . . . . . . . . . . . . . . . . . . . Committing Changes and Rebooting . . . . . . . . . . . . . . . . . . .
Table of Contents Viewing NAT Global Settings and Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Viewing NAT Rules and Rule Statistics . . . . . . . . . . . . . . . . . . 62 Viewing Current NAT Translations . . . . . . . . . . . . . . . . . . . . . . 63 Adding NAT Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 The NAPT rule: Translating between private and public IP addresses . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Viewing Your ATM VC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Adding ATM VCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Modifying ATM VCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Configuring PPP Interfaces . . . . . . . . . . . . . . . .105 Viewing Your Current PPP Configuration . . . . . . . . . . . . . . . Viewing PPP Interface Details . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Blocked Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Viewing DSL Line Information . . . . . . . . . . . . . . 153 Administrative Tasks . . . . . . . . . . . . . . . . . . . . . 157 Configuring User Names and Passwords . . . . . . . . . . . . . . . . 157 Changing Login Passwords . . . . . . . . . . . . . . . . . . . . . 157 Viewing System Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Viewing the Alarm Table . . . . . . . . . . . .
INTRODUCTION Congratulations on becoming the owner of the ADSL Barricade, a 4-port ADSL Router with built-in ADSL Modem. Your LAN (Local Area Network) will now be able to access the Internet using your high-speed ADSL connection. This User Guide will show you how to set up the ADSL Barricade, and how to customize its configuration to get the most out of your new product. Features • External ADSL modem for high-speed Internet access.
Introduction System Requirements In order to use the ADSL Barricade, you must have the following: • ADSL service up and running on your telephone line, with at least one public Internet address for your LAN. • One or more computers each containing an Ethernet 10/100 Base-T network interface card (NIC). • An Ethernet hub/switch, if you are connecting the device to more than one computer on an Ethernet network.
Using this Document Typographical conventions • Italics are used to identify terms that are defined in the Terminology. • Square brackets are used for items you select from menus and drop-down lists. Special messages This document uses the following statement to call your attention to specific instructions or explanations. Note: Provides clarifying or non-essential information on the current topic. Definition: Explains terms or acronyms that may be unfamiliar to many readers.
GETTING TO KNOW THE ADSL BARRICADE Package Contents • One ADSL Barricade. • One Power adapter. • One RJ-45 Ethernet cable. • One RJ-11 Standard phone/DSL line cable. • Installation utility and Documentation CD. • Quick Installation Guide.
Getting to Know the ADSL Barricade Hardware Description Front Panel LED Label Power Color Status Green Link TX/RX Ethernet 1 2 3 4 Green Green Green Steady Power On ADSL line is trained.
QUICK START This Quick Start provides basic instructions for connecting the ADSL Barricade to a computer or LAN and to the Internet. • Connecting the Hardware describes how to set up the hardware. • Configuring Your Computers describes how to configure Internet properties on your computer(s). • Configuring the ADSL Barricade shows you how to configure basic settings on the ADSL Barricade to get your LAN connected to the Internet.
Quick Start Wall Jack ADSL Barricade AC adapter To a hub: use crossover cable to uplink port or straight cable to standard port or To a PC: use a cross-over cable Hub/switch (for local area network) Stand-alone computer Networked Computers Figure 1. Overview of Hardware Connections Step 1. Connect the ADSL cable Connect one end of the provided phone cable (RJ-11) to the port labeled ADSL on the Rear Panel of the device. Connect the other end to your wall phone jack.
Configuring Your Computers Step 2. Connect the Ethernet cable If you are connecting a LAN to the ADSL Barricade, attach one end of a provided Ethernet cable to a regular hub port and the other to the Ethernet port on the ADSL Barricade. If you are using the ADSL Barricade with a single computer and no hub, you must use an Ethernet cable to attach the PC directly to the device. The cable is wired differently than the cable you would use to connect to a hub. Step 3.
Quick Start If you have connected your PC of LAN via Ethernet to the ADSL Barricade, follow the instructions that correspond to the operating system installed on your PC. Windows® XP 1. In the Windows task bar, click the [Start] button, and then click [Control Panel]. 2. Double-click the [Network Connections] icon. 3. In the [LAN or High-Speed Internet] window, right-click on the icon corresponding to your network interface card (NIC) and select [Properties].
Configuring Your Computers Windows 2000 First, check for the IP protocol and, if necessary, install it. 1. In the Windows task bar, click the [Start] button, point to [Settings], and then click [Control Panel]. 2. Double-click the [Network and Dial-up Connections] icon. 3. In the [Network and Dial-up Connections] window, right-click the [Local Area Connection] icon, and then select [Properties]. The [Local Area Connection Properties] dialog box displays a list of currently installed network components.
Quick Start 10. In the [Local Area Connection Properties] dialog box, select [Internet Protocol (TCP/IP)], and then click [Properties]. 11. In the [Internet Protocol (TCP/IP) Properties] dialog box, click the radio button labeled [Obtain an IP address automatically]. Also click the radio button labeled [Obtain DNS server address automatically]. 12. Click [OK] twice to confirm and save your changes, and then close the Control Panel. Windows Me 1.
Configuring Your Computers 8. If prompted, click [OK] to restart your computer with the new settings. Next, configure the PCs to accept IP information assigned by the ADSL Barricade. 9. In the Control Panel, double-click the [Network and Dial-up Connections] icon. 10. In the [Network and Dial-up Connections] window, right-click the [Network] icon, and then select [Properties]. 11. In the [Network Properties] dialog box, select [TCP/IP], and then click [Properties]. 12.
Quick Start 4. Select [Protocol], and then click [Add...]. The [Select Network Protocol] dialog box appears. 5. Click on [Microsoft] in the [Manufacturers] list box, and then click [TCP/IP] in the [Network Protocols] list box. 6. Click [OK] to return to the [Network] dialog box, and then click [OK] again. You may be prompted to install files from your Windows 95/98 installation CD. Follow the instructions to install the files. 7. Click [OK] to restart the PC and complete the TCP/IP installation.
Configuring Your Computers Windows NT 4.0 First, check for the IP protocol and, if necessary, install it. 1. In the Windows NT task bar, click the [Start] button, point to [Settings], then click [Control Panel]. 2. In the [Control Panel] window, double-click the [Network] icon. 3. In the [Network] dialog box, click the [Protocols] tab. The [Protocols] tab displays a list of currently installed network protocols. If the list includes [TCP/IP], then the protocol has already been enabled. Skip to Step 9. 4.
Quick Start Assigning static Internet Information to your PCs In some cases, you may want to assign Internet information to some or all of your PCs directly (often called statically), rather than allowing the ADSL Barricade to assign it. This option may be desirable (but not required) if: • You have obtained one or more public IP addresses that you want to associate with specific computers (for example, if you are using a computer as a public web server).
Configuring the ADSL Barricade Note: Your PCs must have IP addresses that place them in the same subnet as the ADSL Barricade's LAN port. If you manually assign IP information to all your LAN PCs, you can follow the instructions in Configuring the LAN Ports to change the LAN port IP address accordingly. Configuring the ADSL Barricade This section provides you instructions on how to log into the program of the ADSL Barricade and how to configure basic settings for your Internet connection.
Quick Start Figure 2. Quick Configuration Page in Configuration Manager The fields are described in the following table. Work with your ISP to determine which settings you need to change. Field Description ATM Interface: This setting allows you to select the ATM interface you want to use (usually [atm-0]). Your system may be configured with more than one ATM interface if you are using different types of services with your ISP. Operation Mode: This setting enables or disables the ADSL Barricade.
Configuring the ADSL Barricade Bridge: You may select [Enabled] or [Disabled] to set the bridging between the ADSL Barricade and your ISP. Your ISP may also refer to this as RFC 1483 or Ethernet over ATM. IGMP: You may select [Enabled] or [Disabled] to set the Internet Group Management Protocol, which some ISPs use to perform remote configuration of your device.
Quick Start You have now finished customizing the basic settings. Read the following section in order to determine whether you need to change additional settings. Default Router Settings In addition to handling the DSL connection to your ISP, the ADSL Barricade can provide a variety of services to your network. The device is preconfigured with default settings for use with a typical home or small office network.
Configuring the ADSL Barricade NAT NAT rule enabled Your computers’ private IP addresses (see DHCP above) will be translated to your public IP address whenever they access the Internet. See Configuring the LAN Ports on page 33 for a description of the NAT service. Assigned static IP address: 192.168.1.1 Subnet mask: 255.255.255.0 This is the IP address of the LAN port on the device. The LAN port connects the device to your Ethernet network. Typically, you will not need to change this address.
GETTING STARTED WITH THE CONFIGURATION MANAGER The ADSL Barricade includes a preinstalled program called Configuration Manager, which provides an interface to the software installed on the device. It enables you to configure the device settings to meet the needs of your network. You access it through your web browser from any PC connected to the ADSL Barricade via the LAN ports. This section describes how to use the Configuration Manager.
Getting Started with the Configuration Manager Figure 3. Login Screen 2. Enter your [User Name] and [Password], and then click [OK]. The first time you log into the program, use these default values: Default User Name : smc Default Password : smcadmin Note: You can change the password at any time (See Configuring User Names and Passwords on page 157 for instructions). The [System View] page on the [Home] tab appears each time you log into the program (shown in Figure 4).
Functional Layout Functional Layout Configuration Manager tasks are grouped into several categories, which can be accessed by clicking the tabs at the top of each page. Each tab displays the available tasks in a horizontal menu at the top of the page. You can click on these menu items and display the specific configuration options. A separate page appears for each task in the task bar. The left-most task appears by default when you click on a new tab.
Getting Started with the Configuration Manager The Home Page and System View Table The [Home] page appears when you first access the program. This page is one of the two options available in the [Home] tab; (the other is the [Quick Configuration] page, as described in Quick Start, Logging into the ADSL Barricade). Figure 4. System View Table The [System View] table provides a snapshot of your system configuration.
The Home Page and System View Table Table Heading Description Device This table displays basic information about the ADSL Barricade hardware and software versions, the system uptime (since the last reboot), and the preconfigured operating mode. DSL This table displays the operational status, version, and performance statistics for the DSL line. You can check DSL in the table or display the [WAN] tab to view additional DSL settings, which are described in Configuring EOA Interfaces.
Getting Started with the Configuration Manager Services Summary This table displays the status of various services that the ADSL Barricade performs to help you manage your network. A green check mark indicates that the service is active and a red X indicates that it is inactive. [NAT] : to translate private IP addresses to your public IP address (Configuring Network Address Translation).
Modifying Basic System Information 1. At the bottom of the [Home] page, click [Modify]. The [System – Modify] page appears in a separate browser window. Figure 5. System - Modify Page 2. Modify the fields on this page as required. The following table describes each field: Option Description Date: Time: These fields initially appear dimmed. To modify the date and time, click the respective check boxes and select the appropriate values from the drop-down lists. The time appears in military format.
Getting Started with the Configuration Manager Host Name: You can use this field to specify an easy-to-remember name for the ADSL Barricade. The next time you want to access the Configuration Manager, you can type this name in the location box in your Web browser, instead of typing the digital IP address.
Committing Changes and Rebooting You can commit changes to save them permanently to a flash memory. Note: Submitting changes activates them immediately, but saves them only until the device is reset or powered down. Committing changes saves them permanently. Follow these steps to commit changes. 1. Click the [Admin] tab, and then click [Commit & Reboot] in the task bar. The [Commit & Reboot] page appears. Figure 6. Commit & Reboot Page 2. Click [Commit].
Getting Started with the Configuration Manager Option This option is to reboot the device using the current settings in the permanent memory, including any changes you have just committed. Reboot from Backup Configuration This option is to reboot the device using settings stored in the backup memory. These are the settings that were effective before you committed new settings in the current session.
CONFIGURING THE LAN PORTS This section describes how to configure IP properties for the interfaces on the ADSL Barricade that communicate with your LAN computers. Connecting via Ethernet If you are using the ADSL Barricade with multiple PCs on your LAN, you must connect the LAN via an Ethernet hub to the device's LAN port, called [eth-0]. If you are using a single PC with the ADSL Barricade, you can connect the PC directly to the LAN port using an Ethernet cable.
Configuring the LAN Ports If your network uses a DHCP server (other than the ADSL Barricade) to assign IP addresses, you can configure the device to accept and use a LAN IP address assigned by that server. Similarly, if your ISP performs DHCP serving for your network, you can configure the device to accept an IP address assigned from the ISP's server. In this mode, the ADSL Barricade is considered as a DHCP client of your DHCP (or ISP's) server.
Configuring the LAN Port IP Address The LAN Configuration table displays the following settings: Setting Description System Mode: This setting is preconfigured for your device, such as [Routing mode], [Bridging mode], or both modes simultaneously. This setting is not user-configurable. Get LAN Address: This setting provides options for how the device’s LAN port is assigned an IP address: [Manual] indicates that you will be assigning a static IP address, which you can enter in the fields below.
Configuring the LAN Ports masks must be the same). See IP Addresses, Network Masks, and Subnets for an explanation of IP addresses and network masks. If you change the LAN IP address, you may need to update the DHCP configuration so that the addresses that the DHCP server dynamically assigns to your computers are on the same subnet as the new LAN IP address. See Configuring Dynamic Host Configuration Protocol on page 43 for instructions on changing the pool of dynamically assigned addresses.
Configuring the LAN Port IP Address was previously configured, your current connection will be terminated. 4. Reconfigure your PCs, if necessary, so that their IP addresses place them in the same subnet as the new IP address of the LAN port. See Quick Start, Configuring Your Computers on page 9 for instructions. 5. Log into [Configuration Manager] by typing the new IP address in your Web browser's address/location box. 6.
VIEWING SYSTEM IP ADDRESSES AND IP PERFORMANCE STATISTICS The interface on the ADSL Barricade that communicates with other network and Internet devices are identified by unique Internet protocol (IP) addresses. You can use the Configuration Manager to view the list of IP addresses that your device uses, and to view other system and network performance data. See IP Addresses, Network Masks, and Subnets for a description of IP addresses and masks.
Viewing System IP Addresses and IP Performance Statistics The listed IP addresses may include: • The IP address of the device's LAN (Ethernet) port, called [eth-0]. See Configuring the LAN Ports on page 33 for instructions on configuring this address. • The IP address of the WAN (ADSL line) interface, which your ISP and other external devices use to identify your network.
Viewing IP Performance Statistics Viewing IP Performance Statistics You can view statistics on the processing of Internet protocol packets (a packet is a collection of data that has been bundled for transmission). You will not typically need to view thi s data, but you may find it helpful when working with your ISP to diagnose network and Internet data transmission problems. To view global IP statistics, click [Global Stats] on the [IP Address Table] page.
CONFIGURING DYNAMIC HOST CONFIGURATION PROTOCOL You can configure your network and ADSL Barricade to use the Dynamic Host Configuration Protocol (DHCP). This section provides an overview of DHCP and instructions for implementing it on your network. Overview of DHCP What is DHCP? DHCP is a protocol that enables network administrators to centrally manage the assignment and distribution of IP information to computers on a network.
Configuring Dynamic Host Configuration Protocol The DHCP server draws from a defined pool of IP addresses and leases them for a specified amount of time to your computers when they request an Internet session. It monitors, collects, and redistributes the addresses as needed. On a DHCP-enabled network, the IP information is assigned dynamically rather than statically. A DHCP client can be assigned a different address from the pool each time it reconnects to the network.
Configuring DHCP Server • If you have another PC or device on your network that is already performing the DHCP server function, then you can configure the device's LAN port to be a DHCP client of that server (as are your PCs). This configuration is described in Configuring the LAN Ports. Note: You can input settings for both DHCP server and DHCP relay mode, and then activate either mode at any time. Deactivated settings are retained for your future use.
Configuring Dynamic Host Configuration Protocol You can create up to two pools. The pools can maintain a combined total of 254 IP addresses. For example, you can configure only one pool with addresses in the range 192.168.1.2 through 192.168.1.255, or two pools with the following address ranges: Pool 0: 192.168.1.2 through 192.168.1.128 Pool 1: 192.168.1.129 through 192.168.1.
Configuring DHCP Server Adding DHCP Server Address Pools Follow these instructions to create an IP address pool: 1. Log into Configuration Manager, click the [LAN] tab, and then click [DHCP Server] in the task bar. The [Dynamic Host Configuration Protocol (DHCP) Server Configuration] page appears: Figure 10. Dynamic Host Configuration Protocol (DHCP) Server Configuration Page Depending on your preconfigured settings, the table may display one or more address pools, each in a row, or may be empty.
Configuring Dynamic Host Configuration Protocol 2. Click [Add]. The [DHCP Server Pool – Add] page appears, as shown in Figure 11: Figure 11. DHCP Server Pool – Add Page 3. Enter values for the [Start IP Address:], [End IP Address:], and [Netmask:] fields, which are required, and any others as needed: Field Description Start IP Address: This field specifies the lowest and highest addresses in the pool, End IP Address: up to a maximum range of 254 addresses.
Configuring DHCP Server Netmask: This field specifies which portion of each IP address in this range refers to the network and which portion refers to the host (computer). For a description of network masks and LAN network masks, see IP Addresses, Network Masks, and Subnets. You can use the network mask to distinguish which pool of addresses should be distributed to a particular subnet (as explained on page 45).
Configuring Dynamic Host Configuration Protocol Viewing, modifying, and deleting address pools To view, modify, or delete an existing address pool, display the DHCP Server Configuration page, and click the icons in the corresponding row in the address pool table. • To delete an IP address pool, click and [Commit] your changes. • To view details on an IP address pool, click . A page appears with the same information that you entered when you added the pool. • To modify the pool, click .
Configuring DHCP Server Excluding IP addresses from a pool If you have IP addresses that are designated for fixed use with specific devices, or if for some other reason you do not want to make them available to your network, you can exclude them from the pool. Display the [DHCP Server Pool – Modify] page, as shown in Figure 12. Type each address to be excluded in the [Excluded IP] field, and click [Add].
Configuring Dynamic Host Configuration Protocol The DHCP Server Address Table lists any IP addresses that are currently leased to LAN devices. For each leased address, the table lists the following information: Field Description IP Address This field indicates the address that has been leased from the pool. Netmask This is the network mask associated with the leased address.
Configuring DHCP Relay First, you must configure your PCs to accept DHCP information assigned by a DHCP server: 1. Open the Windows [Control Panel] and display the computer's [Networking properties]. Configure the TCP/IP properties to [Obtain an IP address automatically] (the actual text may vary depending on your operating system).
Configuring Dynamic Host Configuration Protocol 4. Select your WAN interface from the drop-down list and click [Add]. Your WAN interface may be named [ppp-0], [eoa-0], or [ipoa-0]. Contact your ISP if you are unsure which type of WAN interface you use. Note: You can also delete an interface from the table by clicking in the right column. 5. Click [Submit]. A page appears to confirm your changes, and then the program returns to the [Dynamic Host Configuration Protocol (DHCP) Relay Configuration] page. 6.
Setting the DHCP Mode 2. From the [DHCP Mode:] drop-down list, choose [DHCP Server], [DHCP Relay], or [None]. If you choose [None], your LAN computers must be configured with static IP addresses. 3. Click [Submit]. 4. Click the [Admin] tab, and then click [Commit & Reboot] in the task bar. 5. Click [Commit] to save your changes to the permanent memory.
CONFIGURING NETWORK ADDRESS TRANSLATION This section provides an overview of Network Address Translation (NAT) and instructions for modifying the default configuration on your device. Overview of NAT Network Address Translation is a method for disguising the private IP addresses you use on your LAN as the public IP address you use on the Internet. You can define NAT rules that specify exactly how and when to translate between public and private IP addresses.
Configuring Network Address Translation Definition: An IP data packet contains bits of data bundled together in a specific format for efficient transmission over the Internet. Such packets are the building blocks of all Internet communication.
Viewing NAT Global Settings and Statistics • They provide a measure of security for you LAN by enabling you to assign private IP addresses and then have these and the source port numbers swapped out before your computers access the Internet. The type of NAT function described above is called [Network Address Port Translation (NAPT)].
Configuring Network Address Translation The [NAT Configuration] page contains the following elements: • The [NAT Options] drop-down list will provide access to the [NAT Configuration] page and [NAT Global Information] table (shown by default and in Figure 16), the [Network Address Translation (NAT) Rule Configuration] page (see Figure 18) and the [NAT Translations] page (see Figure 20). • The [Enable] and [Disable] radio buttons will allow you to turn on or off the NAT feature.
Viewing NAT Global Settings and Statistics GRE Timeout (sec): Same as TCP Idle Timeout, but for GRE-based communication sessions. Default Nat Age (sec): For all other NAT translation sessions, the number of seconds after which a translation session will no longer be valid if no packets are received. NAPT Port Start: When an NAPT rule is defined, the source ports will be translated to sequential numbers in this range.
Configuring Network Address Translation Viewing NAT Rules and Rule Statistics To view the NAT rules currently defined on your system, select [NAT Rule Entry] in the [NAT Options] drop-down list. The [Network Address Translation (NAT) Rule Configuration] page appears, as shown in Figure 18: Figure 18. Network Address Translation (NAT) Rule Configuration Page The [Network Address Translation (NAT) Rule Configuration] table displays a row containing basic information for each rule.
Viewing Current NAT Translations Figure 19. NAT Rule Statistics Page The statistics show how many times this rule has been invoked and how many currently active sessions are using this rule. You can click [Clear] to reset the statistics to zeros and [Refresh] to display newly accumulated data.
Configuring Network Address Translation For each current NAT Translations session, the table contains the following fields: Field Description Trans Index This is the sequential number assigned to the IP session used by this NAT translation session. Rule ID This field indicates the ID of the invoked NAT rule. Interface This field indicates the device interface on which the NAT rule was invoked (from the rule definition).
Viewing Current NAT Translations Figure 21. NAT TRANSLATION – Details Page In addition to the information displayed in the [NAT TRANSLATION - Details] table, this table displays the following for the selected current translation sessions: Field Description Translated In Address: This field indicates the public IP address to which the private IP address was translated. In Address: This field indicates the private IP address that was translated.
Configuring Network Address Translation Adding NAT Rules This section explains how to create rules for each NAT flavor. Note: You cannot edit existing NAT rules. To change a rule setup, delete it and add a new rule with the modified settings. The NAPT rule: Translating between private and public IP addresses Follow these instructions to create a rule for translating the private IP addresses on your LAN to your public IP addresses.
Adding NAT Rules Figure 22. NAT Rule-Add Page (NAPT Flavor) 4. Enter a [Rule ID:]. The Rule ID determines the order in which rules are invoked (the lowest numbered rule is invoked first, and so on). If you define two or more rules that act on the same set of IP addresses, be sure to assign the Rule ID so that the higher priority rules are invoked first. It is recommended that you specify Rule IDs as multiples of 5 or 10 so that, in the future, you can insert a rule between two existing rules.
Configuring Network Address Translation of the range of private addresses you use on your network that you want to have translated. You can specify that data from all LAN addresses should be translated by typing [0] (zero) in each [From] field and [255] in each [To] field. Or, type the same address in both fields if the rule only applies to one LAN computer. 7. In the [Global Address:] field, type the public IP address assigned to you by your ISP. 8. Click [Submit]. 9.
Adding NAT Rules The following example illustrates using the RDR rule to provide external access to your web server: Your ADSL Barricade receives a packet containing a request for access to your Web server. The packet header contains the public address for your LAN as the destination IP address, and a destination port number 80. Because you have set up an RDR rule for incoming packets with destination port 80, the device recognizes the data as a request for Web server access.
Configuring Network Address Translation Follow the following instructions to add an RDR rule (see steps 1-4 under The NAPT Rule for specific instructions corresponding to steps 1 and 2 below): 1. Display the [NAT Rule – Add] Page, select [RDR] as the [Rule Flavor:], if necessary, and enter a [Rule ID]. 2. Select the interface on which this rule will be effective. 3. Select a [Protocol:] to which this rule applies, or choose [ANY].
Adding NAT Rules 5. In the [Global Address From:] and [Global Address To:] fields, type the public IP address assigned to you by your ISP. If you have multiple WAN (PPP) interfaces, this rule will not be enforced for data that arrives on other PPP interfaces. This rule will not be enforced for data that arrives on WAN interfaces not specified here. If you have multiple WAN interfaces and want the rule to be enforced on more than one of them (or all), type the starting and ending IP addresses of the range.
Configuring Network Address Translation you specify. For example, if your Web server uses (nonstandard) port 2000, but you expect incoming data packets to refer to (standard) port 80, you should enter 2000 here (and select HTTP or type 80 in the Destination Port fields). The headers of incoming packets destined for port 80 will be modified to refer to port 2000. The packet will then be routed appropriately to the web server. 8. Follow steps 8-12 under The NAPT Rule on page 68 to submit your changes.
Adding NAT Rules Follow the folowing instructions to add a BASIC rule (see steps 1-4 under The NAPT Rule for specific instructions corresponding to steps 1 and 2 below): 1. Display the [NAT Rule – Add] Page, select [BASIC] as the [Rule Flavor:], and enter a [Rule ID:]. 2. Select the interface on which this rule will be effective. 3. Select a [Protocol:] to which this rule applies, or choose [ANY]. This selection specifies which type of Internet communication will be subject to this translation rule.
Configuring Network Address Translation 6. Follow steps 8-12 under The NAPT Rule on page 68 to submit your changes. The Filter rule: Configuring a BASIC rule with additional criteria Like the BASIC flavor, the Filter flavor translates public and private IP addresses on a one-to-one basis. The Filter flavor extends the capability of the BASIC rule. Refer to The BASIC Rule on page 72 for a general description.
Adding NAT Rules Follow these instructions to add a Filter rule (see steps 1-4 under The NAPT Rule on page 66 for specific instructions corresponding to steps 1 and 2 below): 1. Display the [NAT Rule – Add] Page, select [FILTER] as the [Rule Flavor:], and enter a [Rule ID:]. 2. Select the interface ([IF Name:]) on which this rule will be effective. 3. Select a [Protocol:] to which this rule applies, or choose [ANY].
Configuring Network Address Translation 6. In the [Destination Address From:] and [Destination Address To:] fields, specify a destination address (or range) if you want this rule to apply only to outbound traffic to the address (or range). If you enter only the network ID portion of the destination address, then the rule will apply to outbound traffic to all computers on network. 7.
Adding NAT Rules Bimap rules can be used to provide external access to a LAN device. They do not provide the same level of security as RDR rules, because RDR rules also reroute incoming packets based on the port ID. Bimap rules do not account for the port number, and therefore allow external access regardless of the destination port type specified in the incoming packet. Figure 26.
Configuring Network Address Translation The Pass rule: Allowing specific addresses to pass through untranslated You can create a Pass rule to allow a range of IP addresses to remain untranslated when another rule would otherwise do so. Figure 27. NAT Rule - Add Page (PASS Flavor) The Pass rule must be assigned a rule ID that is a lower number than the ID assigned to the rule it is intended to pass.
Adding NAT Rules 3. In the [Local Address From:] and [Local Address To:] fields, type the lowest and highest IP addresses that define the range of private address you want to be passed without translation. If you want the Pass rule to act on only one address, type that address in both fields. 4. Follow steps 7-12 under The NAPT Rule on page 68 to submit your changes.
CONFIGURING DNS SERVER ADDRESSES About DNS Domain Name System (DNS) servers map the user-friendly domain names that users type into their Web browsers (e.g. yahoo.com) to the equivalent numerical IP addresses that are used for Internet routing. When a PC user types a domain name into a browser, the PC must first send a request to a DNS server to obtain the equivalent IP addresses.
Configuring DNS Server Addresses • Dynamically from a DHCP pool: You can configure the DHCP Server feature on the ADSL Barricade and create an address pool that specifies the DNS addresses to be distributed to the PCs. Refer to Configuring DHCP Server for instructions on creating DHCP address pools. In either case, you can specify the actual addresses of the ISP's DNS servers (on the PC or in the DHCP pool), or you can specify the address of the LAN port on the ADSL Barricade (e.g. 192.168.1.1).
Configuring DNS Relay on configuring your PPP interface. Note that you cannot change this property by modifying an existing PPP interface; you must delete the interface and recreate it with the new setting.) Using this option provides the advantage that you will not need to reconfigure the PCs or the ADSL Barricade if the ISP changes their DNS addresses. • Configured on the ADSL Barricade: You can use the device's DNS feature to specify the ISP's DNS addresses.
Configuring DNS Server Addresses a. Click the [Services] tab, and then click [DNS] in the task bar. The [Domain Name Service (DNS) Configuration] page appears. Figure 28. Domain Name Service (DNS) Configuration Page b. Type the IP address of the DNS server in an empty row and click [Add]. You can enter only two addresses. c. Click the [Enable] radio button, and then click [Submit]. 3. Click the [Admin] tab, and then click [Commit & Reboot] in the task bar. 4.
CONFIGURING IP ROUTES You can use the Configuration Manager to define specific routes for your Internet and network data. This section describes basic routing concepts and provides instructions for creating routes. Note: Most users do not need to define IP routes.
Configuring IP Routes In comparison, when your computer initiates communication over the Internet, such as viewing a web page connecting to a web server, the data it sends out includes the IP address of the destination computer (the phone number). All your outgoing requests first go to the same router at your ISP (the first switchboard). That router looks at the network ID portion of the destination address (the area code) and determines which next router to send the request to.
Overview of IP Routes Using IP routes to define default gateways IP routes are defined on computers, routers, and other IP-enabled devices to instruct them which hop to take, or which gateway to use, to help forward data along to its specified destination. If no IP route is defined for a destination, then IP data is passed to a predetermined default gateway.
Configuring IP Routes • On the ADSL Barricade itself, a default gateway is defined to direct all outbound Internet traffic to a router at your ISP. This default gateway is assigned automatically by your ISP whenever the device negotiates an Internet connection. (The process for adding a default route is described on page 90.) You may need to define routes if your home setup includes two or more networks or subnets, if you connect to two or more ISP services, or if you connect to a remote corporate LAN.
Viewing the IP Routing Table The [IP Route Table] displays a row for each existing route. These include routes that were predefined on the device, routes you may have added, and routes that the device has identified automatically through communication with other devices. The following table defines the fields in the [IP Route Table]. Field Description Destination This field specifies the IP address of the destination computer.
Configuring IP Routes Adding IP Routes Follow these instructions to add an IP route to the routing table. 1. From the [IP Route Table] page, click [Add]. The [IP Route Add] page appears, as shown in Figure 30. Figure 30. IP Route-Add Page 2. Specify the Destination, Netmask, and Gateway or NextHop for this route. For a description of these fields, refer to the table on page 89. To create a route that defines the default gateway for your LAN, enter 0.0.0.0 in both the [Destination:] and [Netmask:] fields.
Adding IP Routes 3. Click [Submit]. 4. On the [Confirmation] page, click [Close] to return to the [IP Route Table] page. The [IP Routing Table] will now display the new route. 5. Click the [Admin] tab, and then click [Commit & Reboot] in the task bar. 6. Click [Commit] to save your changes to the permanent memory.
CONFIGURING THE ROUTING INFORMATION PROTOCOL The ADSL Barricade can be configured to communicate with other routing devices to determine the best path for sending data to its intended destination. Routing devices communicate this information using a variety of IP protocols. This section describes how to configure the ADSL Barricade to use one of these, called the Routing Information Protocol (RIP).
Configuring the Routing Information Protocol When should you configure RIP? Most small home or office networks do not need to use RIP; they have only one router, such as the ADSL Barricade, and one path to an ISP. In these cases, there is no need to share routes, because all Internet data from the network is sent to the same ISP gateway.
Configuring the ADSL Barricade's Interfaces with RIP 1. Log into the Configuration Manager, click the [Services] tab, and then click [RIP] in the task bar. The [Routing Information Protocol (RIP) Configuration] page appears, as shown in Figure 31. Figure 31. Routing Information Protocol (RIP) Configuration Page The page contains radio buttons for [Enable] or [Disable] the RIP feature and a table listing interfaces on which the protocol is currently running.
Configuring the Routing Information Protocol 3. In the [IF Name] column, select the name of the interface on which you want to enable RIP. For communication with RIP-enabled devices on your LAN, select [eth-0] or the name of the appropriate virtual Ethernet interface. For communication with your ISP or a remote LAN, select the corresponding [ppp], [eoa], or other WAN interface. 4. Select a [Metric] value for the interface.
Configuring the ADSL Barricade's Interfaces with RIP RIP version 2 is the preferred selection because it supports classless IP addresses (which are used to create subnets) and other features. Select [RIP2] if all other routing devices on the autonomous network support this version of the protocol. 6. Click [Add]. The new RIP entry will display in the table. 7. Click the [Enable] radio button to enable the RIP feature.
Configuring the Routing Information Protocol Viewing RIP Statistics From the [RIP Configuration] page, you can click [Global Stats] to view statistics on attempts to send and receive route table data over RIP-enabled interfaces on the ADSL Barricade. Figure 32. RIP Global Statistics Page You can click [Clear] to reset all statistics to zero and [Refresh] to display any newly accumulated data.
CONFIGURING THE ATM VIRTUAL CIRCUIT As your LAN computers access the Internet via the ADSL Barricade, data is exchanged with your ISP through a complex network of telephone switches, Internet routers, servers, and other specialized hardware. These various devices communicate using a common language, or protocol, called Asynchronous Transfer Mode (ATM). On the Wide Area Network (WAN) that connects you to your ISP, the ATM protocol performs functions like those that the Ethernet protocol performs on your LAN.
Configuring the ATM Virtual Circuit The ATM VC Configuration table displays the following fields (contact your ISP to determine these settings): Field Description Interface This field indicates the name of the lower-level interface on which this VC operates. The low-level interface names are preconfigured in the software and identify the type of traffic that can be supported, such as data or voice. Internet data services typically use an aal5-type interface.
Adding ATM VCs Adding ATM VCs You may need to create a VC if none has been predefined on your system or if you use multiple services with your ISP. Each service may require its own VC. Follow these instructions to add a VC: 1. From the [ATM VC Configuration] page, click [Add]. The [ATM VC - Add] page appears, as shown in Figure 34. Figure 34. ATM VC-Add Page 2. Select an interface name from the [VC Interface:] drop-down list. 3.
Configuring the ATM Virtual Circuit 6. When the [Confirmation] page appears, click [Close] to return to the [ATM VC Configuration] page.The new interface should now display in the [ATM VC Configuration] table. You may need to create a new WAN interface, or modify an existing interface, so that it uses the new VC. See the instructions for Configuring a PPP, EoA, or IPoA interfaces, depending on the type you use to communicate with your ISP.
Modifying ATM VCs Figure 35. ATM VC Interface - Modify Page 2. Enter the new [VPI:] and [VCI:] values, select the [Mux Type:], or change the maximum number of protocols that the VC can carry, as directed by your ISP. You cannot modify the interface type over which an existing VC operates (aal5-0, for example). If you want to change the interface type, you must delete the existing interface, create a new one, and select the desired interface type. 3. Click [Submit]. 4.
CONFIGURING PPP INTERFACES When powered on, the ADSL Barricade initiates a connection through your DSL line to your ISP. The point-to-point (PPP) protocol is commonly used between ISPs and their customers to identify and control various communication properties, including: • Identifying the type of service the ISP provides to a given customer. • Identifying the customer to the ISP through a username and password login. • Enabling the ISP to assign Internet information to the customer's computers.
Configuring PPP Interfaces Viewing Your Current PPP Configuration To view your current PPP setup, log into the Configuration Manager, and click the [WAN] tab. Then click [PPP] in the task bar. The [Point to Point Protocol (PPP) Configuration] page appears, as shown in Figure 36. Figure 36. Point to Point Protocol (PPP) Configuration Page PPP is configured as a group of software settings associated with the ADSL port.
Viewing Your Current PPP Configuration The [Point to Point Protocol (PPP) Configuration] page displays the following fields: Field Description Interface This is the predefined name of the PPP interface. VC This is the virtual circuit over which the PPP data are sent. The VC identifies the physical path the data takes to reach your ISP. Interface Sec Type This fields indicates the type of firewall protections that are effective on the interface ([Public], [Private], or [DMZ]).
Configuring PPP Interfaces Field Description Default Route This field indicates whether the ADSL Barricade should use the IP address assigned to this connection as its default route. It can be [Enable] or [Disable]. See Quick Start on page 7 for an explanation of default routes. Use DHCP When set to [Enable], the device will acquire additional IP information from the ISP's DHCP server. The PPP connection itself acquires the device's IP address, mask, DNS address, and default gateway address.
Viewing PPP Interface Details Viewing PPP Interface Details When you click to view additional details, the [PPP Interface – Detail] page appears, as shown in Figure 37. Figure 37.
Configuring PPP Interfaces In addition to the properties defined on page 107, the [PPP Interface - Detail] page displays these fields: 110 Field Description Status: Indicates whether the interface has been specified in the system as: [Enabled] A connection will be established for use when the device is turned on or rebooted. [Disabled] The PPP interface cannot currently be used. [Start] The PPP connection will be made only when data is sent to the interface (e.g.
Viewing PPP Interface Details Field Description Last Fail Cause: This field indicates the action that ended the previous PPP session. [No Valid PADO Recvd]: The unit initiated a PPPoE handshake but did not receive a packet in reply from the ISP. [No Valid PADS Recvd]: After the initial handshake, the unit did not receive a confirmation packet from the ISP. [Stopped by User]: The user stopped the connection (for example, by changing the Configuration Manager settings for the PPP interface.
Configuring PPP Interfaces Adding a PPP Interface Definition If you intend to use more than one type of service from your ISP, the device can be configured with multiple PPP interfaces, each with unique logon and other properties. Follow this procedure to define properties for a PPP interface: 1. From the [Point to Point Protocol (PPP) Configuration Page], click [Add]. The [PPP Interface – Add] page appears, as shown in Figure 38. Figure 38. PPP Interface – Add Page 2.
Modifying and Deleting PPP Interfaces 3. Click [Submit]. A page appears to confirm your changes. 4. Click [Close] to return to the [Point to Point Protocol (PPP) Configuration] page and view the new interface in the table. 5. Click the [Admin] tab, and then click [Commit & Reboot] in the task bar. 6. Click [Commit] to save your changes to the permanent memory.
Configuring PPP Interfaces You can change only the [Status:] of the PPP connection, the [Security Protocol:], your [Login Name:], and your [Password:]. To modify the other settings, you must delete the interface and create a new one. To delete a [PPP Interface], display the [Point to Point Protocol (PPP) Configuration] page and click in the [Action] column for the interface you want to delete. You should not delete a [PPP Interface] unless you have received instructions to do so from your ISP.
CONFIGURING EOA INTERFACES This section describes how to configure an Ethernet-over-ATM interface on the ADSL Barricade, if one is needed to communicate with your ISP. Overview of EOA The Ethernet-over-ATM (EOA) protocol is often referred to as RFC1483, which is the Internet specification that defines it. It is commonly used to carry data between local area networks that use the Ethernet protocol and wide-area networks that use the ATM protocol.
Configuring EOA Interfaces Viewing Your EOA Setup To view your current EOA configuration, log into Configuration Manager and click [WAN] in the task bar. Then click [EOA]. Figure 40 shows the [RFC1483/Ethernet over ATM (EOA) Config] page. Figure 40. RFC1483/Ethernet over ATM (EOA) Config Page The EOA table contains a row for each EOA interface currently defined on the device. The table may contain no entries if your ISP does not use the EOA protocol.
Viewing Your EOA Setup Field Description Interface Sec Type This field indicates the type of security protections in effect on the interface ([Public], [Private], or [DMZ]). A [Public] interface connects to the Internet (IPoA interfaces are typically public). Packets received on a public interface are subject to the most restrictive set of firewall protections defined in the software. A [Private] interface connects to your LAN, such as the Ethernet interface.
Configuring EOA Interfaces Field Description Default Route This field indicates whether the ADSL Barricade uses the IP address assigned to this interface, if any, as its default route for your LAN. Your system can have only one default route. Gateway Address The external IP address that the ADSL Barricade communicates with via the EOA interface to gain access to the Internet. This is typically an ISP server.
Adding EOA Interfaces 2. Click [Add]. The [EOA Interface – Add] page appears, as shown in Figure 41. Figure 41. EOA Interface – Add Page 3. Select one of the predefined interface names from the [EOA Interface:] drop down list. 4. From the [Interface Sec Type:] drop-down list, select the level of IP Firewall to be used on this interface, as defined on page 116. 5. In the [Lower Interface:] field, select the lower-level interface name over which this protocol is being configured.
Configuring EOA Interfaces 7. If your ISP will assign the IP address from their DHCP server, click the [Enable] radio button in the [Use Dhcp] field. When DHCP is set to [Enable], the address you entered in the [Conf. IP Address:] field will be requested from the DHCP server; the server may assign a different address if necessary. 8. If you want the EOA interface to serve as the default route for Internet access for your LAN, click the [Enable] radio button in the [Default Route:] field. 9.
CONFIGURING IPOA INTERFACES This section describes how to configure an IPoA (Internet Protocol-over-ATM) interface on the ADSL Barricade. An IPoA interface can be used to exchange IP packets over the ATM network, without using an underlying Ethernet over ATM (EOA) connection. Typically, this type of interface is used only in product development and test environments, to eliminate unneeded variables when evaluating IP layer processing.
Configuring IPoA Interfaces The following table describes the fields on this page: Field Description Interface This is the name the software uses to identify the IPoA interface. RFC 1577 If 1577 is selected, the PPP packets are encapsulated according to RFC 1577 for transmission over an ATM link. If 1577 is not selected, RFC 1577 is not applied under this option.
Adding IPoA Interfaces Field Description Gateway Address This is the external IP address that the ADSL Barricade communicates with via the IPoA interface to gain access to the Internet. This is typically an ISP server. Status A green or red ball will appear to indicate that the interface is currently up or down, respectively. You cannot manually enable or disable the interface; a down interface may indicate a problem with the DSL connection.
Configuring IPoA Interfaces 2. Select the next available interface name from the [IPoA Interface:] drop-down list. 3. In the [Conf. IP Address:] and [Netmask:] fields, type the address and mask that what you want to assign to the IPoA interface. 4. From the [IPF Type:] drop-down list, select the level of firewall security for the interface ([Public], [Private] or [DMZ], see page 121 for definitions). 5.
CONFIGURING BRIDGING The ADSL Barricade can be configured to act as a bridging device between your LAN and your ISP. Bridges are devices that enable two or more networks to communicate as if they are two segments of the same physical LAN. This section describes how to configure the ADSL Barricade to operate as a bridge.
Configuring Bridging On the receiving network, a LAN protocol such as Ethernet takes over, helping the packet reaches its destination. When the bridge does not recognize a packet's destination hardware ID, it broadcasts the packet through all of its interfaces – to each network it is attached to. Note: 126 Bridges vs. Routers : The essential difference between a bridge and a router is that a router uses a higher-level protocol (such as IP) to determine how to pass data.
When to Use the Bridging Feature When to Use the Bridging Feature Although the ADSL Barricade is preconfigured to serve as a router for providing Internet connectivity to your LAN, there are several instances in which you may also want to configure bridging: • Your ISP may use protocols that require bridging with your LAN. The device can be configured to appear as a bridge when communicating with your ISP, while continuing to provide router functionality for your LAN.
Configuring Bridging The page displays radio buttons for enabling, and a table for specifying the interfaces on which bridging will be performed. The table may be empty if bridging has not yet been configured. 2. Select the [Interface Name] on which you want to perform bridging and click [Add]. For example, select [eth-0] (LAN) and [eoa-0] (WAN) interfaces. If you use a USB-connected computer, you can also select [usb-0].
Deleting a Bridge Interface Deleting a Bridge Interface To make an interface non-bridgeable, display the [Bridge Configuration] page and click next to the interface you want to delete. Click [OK] to confirm the deletion. The interface remains defined in the system, but is no longer capable of performing bridging.
CONFIGURING FIREWALL SETTINGS Configuration Manager provides built-in firewall functions, enabling you to protect the system against denial of service (DoS) attacks and other unwelcome or malicious accesses to your LAN. You can also specify how to monitor attempted attacks, and who should be automatically notified. Configuring Global Firewall Settings Follow these instructions to configure global firewall settings: 1. Log into the Configuration Manager, click the [Services] tab.
Configuring Firewall Settings 2. Configure any of the following settings that figure in the [Firewall Global Information] table: Field Description Blacklist Status: If you want the device to maintain and use a black list, click [Enable]. Click [Disable] if you do not want to maintain a list. Blacklist Period(min): This field specifies the number of minutes that a computer's IP address will remain on the black list (i.e.
Configuring Global Firewall Settings Field Description Max ICMP Conn.: This field sets the percentage of concurrent IP sessions that can be used for ICMP messages. If the percentage is exceeded, then older ICMP IP sessions will be replaced by new sessions as they are initiated. Max Single Host Conn.: This field sets the percentage of concurrent IP session that can originate from a single computer. This percentage should take into account the number of hosts on the LAN.
Configuring Firewall Settings Managing the Black List If data packets are received that violate the firewall settings or any of the IP filter rules, then the source IP address of the offending packets can be blocked from such accesses for a specified period of time. You can enable or disable use of the black list using the settings described above. The source computer remains on the black list for the period of time that you specify.
CONFIGURING IP FILTERS AND BLOCKED PROTOCOLS This section describes two Configuration Manager features that enable you to control the data passing through your network: • The IP filter feature enables you to create rules to block attempts by certain computers on your LAN to access certain types of data or Internet locations. You can also block incoming access to computers on your LAN.
Configuring IP Filters and Blocked Protocols If the packet matches the criteria established in a rule, the packet can either be accepted (forwarded towards its destination), or denied (discarded), depending on the action specified in the rule. Viewing Your IP Filter Configuration To view your current IP filter configuration, log into [Configuration Manager], click the [Services] tab, and then click [IP Filter] in the task bar. The [IP Filter Configuration] page appears, as shown in Figure 47. Figure 47.
Configuring IP Filters Configuring IP Filter Global Settings The [IP Filter Configuration] page enables you to configure the following global IP filter settings. [Security Level:] This setting determines which IP filter rules take effect, based on the security level specified in each rule. For example, when [High] is selected, only those rules that are assigned a High security value will be effective. The same is true for the [Medium] and [Low] settings. When [None] is selected, IP filtering is disabled.
Configuring IP Filters and Blocked Protocols LAN computers have access to the ADSL Barricade's Internet connection. - The term DMZ (de-militarized zone), in Internet networking terms, refers to computers that are available for both public and in-network accesses (such as a company's public Web server). Packets received on a DMZ interface - whether from a LAN or an external source - are subject to a set of protections that is in between Public and Private interfaces in terms of restrictiveness.
Configuring IP Filters Rule - Add] page appears, as shown in Figure 48.) Figure 48. IP Filter Rule - Add Page 2. Enter or select data for each field that applies to your rule. The following table describes the fields: Field Description Rule ID: Each rule must be assigned a sequential ID number. Rules are processed from lowest to highest on each data packet, until a match is found. It is recommended that you assign rule IDs in multiples of 5 or 10 (e.g.
Configuring IP Filters and Blocked Protocols 140 Interface: This is the interface on the ADSL Barricade on which the rule will take effect. See the examples on page 145 for suggestions on choosing the appropriate interface for various rule types. In Interface: This is the interface from which packets must have been forwarded to the interface specified in the previous selection. This option is valid only for the outgoing direction.
Configuring IP Filters Security Level: This is the security level that must be enabled globally for this rule to take affect. A rule will be active only if its security level is the same as the globally configured setting (shown on the main [IP Filter Configuration] page). For example, if the rule is set to [Medium] and the global firewall level is set to [Medium], then the rule will be active; but if the global firewall level is set to [High] or [Low], then the rule will be inactive.
Configuring IP Filters and Blocked Protocols Src IP Address: Dest IP Address: These fields indicate IP address criteria for the source computer(s) (from which the packet originates) and the destination computer. In the drop-down list, you can configure the rule to be invoked on packets containing: [any]: any source IP address. [lt]: any source IP address that is numerically less than the specified address. [lteq]: any source IP address that is numerically less than or equal to the specified address.
Configuring IP Filters Store State: When this option is enabled, packets are monitored for their state (i.e., whether they are the initiating packet or a subsequent packet in an ongoing communication, etc). This option provides a degree of security by blocking/dropping packets that are not received in the anticipated state. Such packets can signify unwelcome attempt to gain access to a network.
Configuring IP Filters and Blocked Protocols IP Frag Pkt: This field determines how the rule applies to IP packets that contain fragments. You can choose from the following options: [Yes]: The rule will be applied only to packets that contain fragments. [No]: The rule will be applied only to packets that do not contain fragments. [Ignore]: (Default) The rule will be applied to packets whether or not they contain fragments, assuming that they match the other criteria.
Configuring IP Filters 3. When you have finished selecting the criteria, make sure that the [Enable] radio button is selected at the top of the page. Then click [Submit]. After a [Confirmation] page appears, the [IP Filter Configuration] page will redisplay with the new rule showing in the table. If the security level of the rule matches the globally configured setting, a green ball in the [Oper. Status] column for that rule, indicating that the rule is now effective.
Configuring IP Filters and Blocked Protocols 3. Specify the [Protocol] = [TCP] and enable the [Store State] setting. 4. Select the [TCP Protocol], then specify a [Dest Port] = [80], which is the well-known port number for web servers. 5. Enable the rule by clicking the radio button at the top of the page. 6. Click [Submit] to create the rule. 7.
Configuring IP Filters 4. Click [Submit] to create the rule, and commit your changes. Figure 49 shows how this rule could be configured: Figure 49. IP Filter Rule - Add page. Viewing IP Filter Statistics For each rule, you can view statistics on how many packets were accepted or denied. Display the [IP Filter Configuration] page, and then click [Stats] in the row corresponding to the rule. The [IP Filter Rule - Statistics] page appears, as shown in Figure 50.
Configuring IP Filters and Blocked Protocols Figure 50. IP Filter Rule - Statistics Page You can click [Clear] to reset the count to zero and [Refresh] to display newly accumulated data. Managing Current IP Filter Sessions When two computers communicate using the IP protocol, an IP session is created for the duration of the communication. The ADSL Barricade allows a fixed number of concurrent IP sessions.
Blocked Protocols The [IP Filter Session] table displays the following fields for each current IP session: Field Description Session Index This field displays the ID assigned by the system to the IP session (all sessions, whether or not they are affected by an IP filter rule, are assigned a session index). Time to expire This field displays the number of seconds in which the connection will automatically expire.
Configuring IP Filters and Blocked Protocols needed or wanted on your network, this feature provides a convenient way to discard such data before it is passed. To display the [Blocked Protocols] page, click the [Services] tab, and then click [Blocked Protocols] in the task bar. The [Blocked Protocols] page appears, as shown in Figure 52. Figure 52. Blocked Protocols Page Warning: Blocking certain protocols may disrupt or disable your network communication or Internet access.
Blocked Protocols Protocol Description PPPoE This is the abbreviation of Point-to-Point Protocol over Ethernet. Many DSL modems use PPPoE to establish and maintain a connection with a service provider. PPPoE provides a means of logging in to the ISPs servers so that they can authenticate you as a customer and provide you access to the Internet. Check with your ISP before blocking this protocol. IP Multicast IP Multicast is an extension to the IP protocol.
Configuring IP Filters and Blocked Protocols IPV6 Multicast This field displays IP Multicasting under IP Protocol version 6. See IP Multicast above. 802.1.Q This IEEE specification defines a protocol for virtual LANs on Ethernet networks. A virtual LAN is a group of PCs that function as a local area network, even though the PCs may not be physically connected. They are commonly used to facilitate administration of large networks. To block a protocol, click the appropriate check box, and click [Submit].
VIEWING DSL LINE INFORMATION To view configuration parameters and performance statistics for the ADSL Barricade’s DSL line, log into Configuration Manager. Then click the [WAN] tab. The [DSL Status] page appears by default, as shown in Figure 53. Figure 53. DSL Status Page The [DSL Status] page displays current information on the DSL line performance. The page refreshes according to the setting in the [Refresh Rate] drop-down list, which you can configure.
Viewing DSL Line Information Although you generally will not need to view the remaining data, it may be helpful when troubleshooting connection or performance problems with your ISP. You can click [Clear] to reset all counters to zero, and [Refresh] to display the page with newly accumulated values. You can click [DSL Param] to display data about the configuration of the DSL line, as shown in Figure 54. Figure 54.
Viewing DSL Line Information From the [DSL Status] page, you can click [Stats] to display DSL line performance statistics, as shown in Figure 55. Figure 55. DSL Statistics Page The [DSL Statistics] page reports error data relating to the last 15-minute interval, the current day, and the previous day.
Viewing DSL Line Information At the bottom of the page, the [Detailed Interval Statistic (Past 24 hrs)] table displays links you can click on to display detailed data for each 15-minute interval in the past 24 hours. For example, when you click on [1-4], the data appear for the 16 intervals (15-minutes each) that make up the previous 4 hours. Figure 56 shows an example. Figure 56.
ADMINISTRATIVE TASKS This section describes the following administrative tasks that you can perform using Configuration Manager: • Configuring User Names and Passwords. • Viewing System Alarms. • Upgrading the Software. • Using Diagnostics. • Modifying Port Settings. You can access these tasks from the [Admin] tab task bar. The other Admin tasks listed in the [Admin] tab – [Configuring User Logon], [Committing] and [Rebooting] – are described in Getting Started with the Configuration Manager.
Administrative Tasks 1. Log into the Configuration Manager, then click the [Admin] tab. Click [User Config], the [User Password Configuration] page appears, as shown in Figure 57. Figure 57. User Configuration Page 2. Type the [Old Password:], then type the [New Password:] in exactly the same way in both text boxes. The password can be up to eight ASCII characters long. When logging in, you must type the [New Password:] in the same upper and lower case characters that you use here. 3. Click [Submit]. 4.
Viewing System Alarms Viewing System Alarms You can use the Configuration Manager to view information about alarms that occur in the system. Alarms, also called traps, are caused by a variety of system events, including connection attempts, resets, and configuration changes. Although you will not typically need to view this information, it may be helpful in working with your ISP to troubleshoot problems you encounter with the device.
Administrative Tasks Upgrading the Software Your ISP may from time to time provide you with an upgrade to the software running on the ADSL Barricade. All system software is contained in a single file, called an image. The image is composed of several distinct parts, each of which implements a different set of functions. Configuration Manager provides an easy way to upload a new software image, or a specific part of the image, to the memory on the ADSL Barricade.
Using Diagnostics - TEAppl.gsz - Filesys.bin - TEPatch.bin 3. Click [Upload]. The following message box appears at the bottom of the page: Loading New Software: Please do not interrupt the upgrade process. A status page will appear Automatically when loading is completed (about 1 minute). 4. When loading is complete, the following message appears (the file name may differ): File: TEDsl.gsz successfully saved to flash. Please reboot for the new image to take effect.
Administrative Tasks Figure 60. Diagnostics Page 2. From the [ATM VC:] drop-down list, select the name of the ATM interface currently defined on your system. 3. Click [Submit]. The diagnostics utility will run a series of test to check whether the device's connections are up and working. This takes only a few seconds and the results for each test are displayed on screen. A test may be skipped if the program determines that no suitable interface is configured on which to run the test.
Modifying Port Settings Modifying Port Settings Overview of IP port numbers The header information in an IP data packet specifies a destination port number. Routers use the port number along with the specified IP addresses to forward the packet to its intended recipient. For example, all IP data packets that the ADSL Barricade receives from the Internet specify the same IP address (your public IP address) as the destination.
Administrative Tasks Modifying the ADSL Barricade’s port numbers In some cases, you may want to assign non-standard port numbers to the HTTP and Telnet servers that are embedded on the ADSL Barricade. The following scenario is one example where changing the HTTP port number may be necessary: You have an externally visible Web server on your LAN, with a NAT Rule (RDR flavor) that redirects incoming HTTP packets to that Web server.
Modifying Port Settings Follow these steps to modify port settings: 1. Log into the Configuration Manager, click the [Admin] tab. Then click [Port Settings] in the task bar. The [Port Settings] page is shown in Figure 61. Figure 61. Port Settings Page 2. Type the new port number(s) in the appropriate text box(es) and click [Submit]. The default port numbers are shown in Figure 61. You can enter non-standard port numbers in the range 61000-62000. 3.
APPENDIX A IP Addresses Note: This section pertains only to IP addresses for IPv4 (version 4 of the Internet Protocol). IPv6 addresses are not covered. This section assumes basic knowledge of binary numbers, bits, and bytes. For details on this subject, see Appendix B on page 173. IP addresses, the Internet's version of telephone numbers, are used to identify individual nodes (computers or devices) on the Internet.
Appendix A The first part of every IP address contains the network ID, and the rest of the address contains the host ID. The length of the network ID depends on the network's class (see following section). Figure 62 shows the structure of an IP address. Field 1 Class A Class B Class C Field 2 Network ID Field 3 Field 4 Host ID Network ID Network ID Host ID Host ID Table 4. IP Address structure Here are some examples of valid IP addresses: Class A: 10.30.6.125 (network = 10, host = 30.6.
Network classes Network classes The three commonly used network classes are A, B and C. (There is also a class D but it has a special use beyond the scope of this discussion.) These classes have different uses and characteristics. Class A networks are the Internet's largest networks, each with room for over 16 million hosts. Up to 126 of these huge networks can exist, for a total of over 2 billion hosts.
Appendix A Subnet masks Definition: A mask looks like a regular IP address, but contains a pattern of bits that tells what parts of an IP address are the network ID and what parts are the host ID: - bits set to 1 means "this bit is part of the network ID" - bits set to 0 means "this bit is part of the host ID." Subnet masks are used to define subnets (what you get after dividing a network into smaller pieces).
Subnet masks Note: Sometimes a subnet mask does not specify any additional network ID bits, and thus no subnets. Such a mask is called a default subnet mask. These masks are: - Class A: - Class B: - Class C: 255.0.0.0 255.255.0.0 255.255.255.0 These are called default because they are used when a network is initially configured, at which time it has no subnets.
APPENDIX B Binary Numbers In everyday life, we use the decimal system of numbers. In decimal, numbers are written using the ten digits 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9. Computers, however, do not use decimal. Instead, they use binary. Definition (binary numbers): Binary numbers are numbers written using only the two digits 0 and 1, e.g. 110100. Hint: Does "base ten" sound familiar? (Think grade school). Base ten is just another name for decimal. Similarly, base two is binary.
Appendix B Bits and bytes Computers handle binary numbers by grouping them into units of distinct sizes. The smallest unit is called a bit, and the most commonly used unit is called a byte. Definition (bit and byte): A bit is a single binary digit, i.e., 0 or 1. A byte is a group of eight consecutive bits (the number of bits can vary with computers, but is almost always eight), e.g., 11011001. The value of a byte ranges from 0 (00000000) to 255 (11111111).
TROUBLESHOOTING This troubleshooting suggests solutions for problems you may encounter in installing or using the ADSL Barricade, and provides instructions for using several IP utilities to diagnose problems. Contact Customer Support if these suggestions do not resolve the problem. LEDs • o • o Power LED does not illuminate after product is turned on Verify that you are using the power cable provided with the device and that it is securely connected to the ADSL Barricade and a wall socket/power strip.
Troubleshooting Internet Access • My PC cannot access Internet o Use the ping utility, discussed in the following section, to check whether your PC can communicate with the ADSL Barricade's LAN IP address (by default [192.168.1.1]). If it cannot, check the Ethernet cabling.
Troubleshooting • My LAN PCs cannot display web pages on the Internet o Verify that the DNS server IP address specified on the PCs is correct for your ISP, as discussed in the item above. If you specified that the DNS server be assigned dynamically from a server, then verify with your ISP that the address configured on the ADSL Barricade is correct. Then you can use the ping utility to test connectivity with your ISP's DNS server.
Troubleshooting • My changes to Configuration Manager are not being retained o Be sure to use the [Commit] function after any changes. • Diagnosing Problem using IP Utilities o ping Ping is a command you can use to check whether your PC can recognize other computers on your network and the Internet. A ping command sends a message to the computer you specify. If the computer receives the message, it sends messages in reply.
Troubleshooting If the target computer cannot be located, you will receive the message [Request timed out]. Using the ping command, you can test whether the path to the ADSL Barricade is working (using the preconfigured default LAN IP address 192.168.1.1) or another address you assigned. You can also test whether access to the Internet is working by typing an external address, such as that for www.yahoo.com (216.115.108.243).
Troubleshooting The window will display the associate IP address, if known, as shown in Figure 63 Figure 63. Using the nslookup Utility There may be several addresses associated with an Internet name. This is common for web sites that receive heavy traffic; they use multiple, redundant servers to carry the same information. To exit from the nslookup utility, type exit and press [Enter] at the command prompt.
TECHNICAL SPECIFICATIONS Interface Ports: - Internet (WAN): ADSL RJ11 (pin 3 and 4) - Network (LAN): 4-Port 10/100 Mbps Ethernet switch (Auto MDI/MDI-X) ADSL Features: - Embedded full-rate ADSL Modem Compliant with ANSI T1.413 Issue 2 , ITU G.992.1 (G.DMT) and ITU G.992.2 (G.Lite). - G.
Technical Specifications • • Reverse Address Resolution Protocol (RARP) Internet Control Message Protocol (ICMP) - Bridging/Routing Functionality: • • • • • • • • • • • • • Up to 1000 hosts Transparent bridging as specified in IEEE 802.
Technical Specifications Standards Compliance: - ADSL : ANSI T1.413 Issue 2 G.DMT ( ITU G.992.1 ) G.Lite ( ITU G.992.2 ) - Ethernet : IEEE 802.3 10 Base-T Ethernet IEEE 802.
Technical Specifications Power Input 12V/1.2A Weight 545g Dimensions 20 x 14.8 x 3.
TERMINOLOGY 10BASE-T A designation for the type of wiring used by Ethernet networks with a data rate of 10 Mbps. Also known as Category 3 (CAT 3) wiring. See also data rate, Ethernet. 100BASE-T A designation for the type of wiring used by Ethernet networks with a data rate of 100 Mbps. Also known as Category 5 (CAT 5) wiring. See also data rate, Ethernet. ADSL (Asymmetric Digital Subscriber Line) The most commonly deployed flavor of DSL for home users.
Terminology binary The base two system of numbers, that uses only two digits, 0 and 1, to represent all numbers. In binary, the number 1 is written as 1, 2 as 10, 3 as 11, 4 as 100, etc. Although expressed as decimal numbers for convenience, IP addresses in actual use are binary numbers; e.g., the IP address 209.191.4.240 is 11010001.10111111.00000100.11110000 in binary. See also bit, IP address, network mask. bit Short for binary digit. A bit is a number that can have two values, 0 or 1. See also binary.
Terminology DHCP (Dynamic Host Configuration Protocol) DHCP automates address assignment and management. When a computer connects to the LAN, DHCP assigns it an IP address from a shared pool of IP addresses; after a specified time limit, DHCP returns the address to the pool. DHCP relay (Dynamic Host Configuration Protocol relay) A DHCP relay is a computer that forwards DHCP data between computers that request IP addresses and the DHCP server that assigns the addresses.
Terminology domain name A domain name is a user-friendly name used in place of its associated IP address. For example, www.globespan.net is the domain name associated with the IP address 209.191.4.240. Domain names must be unique. Their assignment is controlled by the Internet Corporation for Assigned Names and Numbers (ICANN). Domain names are a key element of URLs, which identify a specific file at a web site, e.g., http://www.globespan.net/index.html. See also DNS.
Terminology firewall Any method of protecting a computer or LAN connected to the Internet from intrusion or attack from the outside. Some firewall protection can be provided by packet filtering and Network Address Translation services. FTP (File Transfer Protocol) A program used to transfer files between computers connected to the Internet. Common uses include uploading new or updated files to a web server, and downloading files from a web server.
Terminology host A device (usually a computer) connected to a network. HTTP (Hyper-Text Transfer Protocol) HTTP is the main protocol used to transfer data from web sites so that it can be displayed by web browsers. See also web browser. ICMP (Internet Control Message Protocol) An Internet protocol used to report errors and other network-related information. The ping command makes use of ICMP.
Terminology IP address (Internet Protocol address) The address of a host (computer) on the Internet, consisting of four numbers, each from 0 to 255, separated by periods, e.g., 209.191.4.240. An IP address consists of a network ID that identifies the particular network the host belongs to, and a host ID uniquely identifying the host itself on that network. A network mask is used to define the network ID and the host ID.
Terminology mask See network mask. Mbps Abbreviation for Megabits per second, or one million bits per second. Network data rates are often expressed in Mbps. Microfilter In splitterless deployments, a microfilter is a device that removes the data frequencies in the DSL signal, so that telephone users do not experience interference (noise) from the data signals. Microfilter types include in-line (installs between phone and jack) and wall-mount (telephone jack with built-in microfilter).
Terminology network mask A network mask is a sequence of bits applied to an IP address to select the network ID while ignoring the host ID. Bits set to 1 mean "select this bit" while bits set to 0 mean "ignore this bit." For example, if the network mask 255.255.255.0 is applied to the IP address 100.10.50.1, the network ID is 100.10.50, and the host ID is 1. See also binary, IP address, subnet.
Terminology POTS splitter See splitter. PPP (Point-to-Point Protocol) A protocol for serial data transmission that is used to carry IP (and other protocol) data between your ISP and your computer. The WAN interface on the ADSL Barricade uses two forms of PPP called PPPoA and PPPoE. See also PPPoA, PPPoE. PPPoA (Point-to-Point Protocol over ATM) One of the two types of PPP interfaces you can define for a Virtual Circuit (VC), the other type being PPPoE. You can define only one PPPoA interface per VC.
Terminology RJ-11 (Registered Jack Standard-11) The standard plug used to connect telephones, fax machines, modems, etc. to a telephone jack. It is a 6-pin connector usually containing four wires. RJ-45 (Registered Jack Standard-45) The 8-pin plug used in transmitting data over phone lines. Ethernet cabling usually uses this type of connector. routing Forwarding data between your network and the Internet on the most efficient route, based on the data's destination IP address and current network conditions.
Terminology each jack in the home carries both voice and data, requiring a microfilter for each telephone to prevent interference from the data signal. ADSL is usually splitterless; if you are unsure if your installation has a splitter, ask your DSL provider. See also splitter, microfilter. subnet A subnet is a portion of a network. The subnet is distinguished from the larger network by a subnet mask which selects some of the computers of the network and excludes all others.
Terminology Telnet An interactive, character-based program used to access a remote computer. While HTTP (the web protocol) and FTP only allow you to download files from a remote computer, Telnet allows you to log into and use a computer from a remote location. TFTP (Trivial File Transfer Protocol) A protocol for file transfers, TFTP is easier to use than File Transfer Protocol (FTP) but not as capable or secure. TTL (Time To Live) A field in an IP packet that limits the life span of that packet.
Terminology VCI (Virtual Circuit Identifier) Together with the Virtual Path Identifier (VPI), the VCI uniquely identifies a VC. Your ISP will tell you the VCI for each VC they provide. See also VC. VPI (Virtual Path Identifier) Together with the Virtual Circuit Identifier (VCI), the VPI uniquely identifies a VC. Your ISP will tell you the VPI for each VC they provide. See also VC. WAN (Wide Area Network) Any network spread over a large geographical area, such as a country or continent.
Terminology Web site A computer on the Internet that distributes information to (and gets information from) remote users through web browsers. A web site typically consists of web pages that contain text, graphics, and hyperlinks. See also hyperlink, web page. WWW (World Wide Web) Also called (the) Web. Collective term for all web sites anywhere in the world that can be accessed via the Internet.
COMPLIANCES FCC - Class B This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with instructions, may cause harmful interference to radio communications.
Compliances of devices that may be connected to the line, as determined by the total RENs, contact the telephone company to determine the maximum REN for the calling area. If this equipment causes harm to the telephone network, the telephone company will notify you in advance that temporary discontinuance of service may be required. If advance notice not practical, the telephone company will notify the customer as soon as possible.
Compliances EC Conformance Declaration - Class B This information technology equipment complies with the requirements of the Council Directive 89/336/EEC on the Approximation of the laws of the Member States relating to Electromagnetic Compatibility and 73/23/EEC for electrical equipment used within certain voltage limits and the Amendment Directive 93/ 68/EEC.
Compliances Safety Compliance Wichtige Sicherheitshinweise (Germany) 1. Bitte lesen Sie diese Hinweise sorgfältig durch. 2. Heben Sie diese Anleitung für den späteren Gebrauch auf. 3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Verwenden Sie keine Flüssigoder Aerosolreiniger. Am besten eignet sich ein angefeuchtetes Tuch zur Reinigung. 4. Die Netzanschlu ßsteckdose soll nahe dem Gerät angebracht und leicht zugänglich sein. 5. Das Gerät ist vor Feuchtigkeit zu schützen. 6.
Compliances e. f. Verbesserung erzielen. Das Gerät ist gefallen und/oder das Gehäuse ist beschädigt. Wenn das Gerät deutliche Anzeichen eines Defektes aufweist. 15. Stellen Sie sicher, daß die Stromversorgung dieses Gerätes nach der EN 60950 geprüft ist. Ausgangswerte der Stromversorgung sollten die Werte von AC 7,5-8V, 50-60Hz nicht über oder unterschreiten sowie den minimalen Strom von 1A nicht unterschreiten.
LEGAL INFORMATION AND CONTACTS SMC's Limited Warranty Statement SMC Networks Europe ("SMC") warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 2 year limited warranty from the date of purchase from SMC or its Authorized Reseller.
Legal Information and Contacts WARRANTIES EXCLUSIVE: IF A SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER'S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC'S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESSED OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Legal Information and Contacts Firmware and Drivers For latest driver, technical information and bug-fixes please visit www.smc-europe.com (for EMEA and www.smc.com for North America). Contact SMC Contact details for your relevant countries are available on www.smc-europe.com for EMEA and www.smc.com for North America.