ADSL Modem HM210dp/di User Guide
ADSL Modem HM210dp/di User Guide . Copyright Ericsson AB – 2003 All Rights Reserved Disclaimer The contents of this document are subject to revision without notice due to continued progress in methodology, design, and manufacturing. Ericsson shall have no liability for any error or damages of any kind resulting from the use of this document.
Contents Contents 1 Introduction 1 1.1 About this User Guide 1 1.2 About the ADSL Modem HM210d 1 1.2.1 Features 1 2 Hardware Description and Installation 2 2.1 Before You Start 2 2.1.1 Package Contents 2 2.1.2 Subscription for ADSL Service 2 2.1.3 System Requirements 2 2.2 Physical Appearance 3 2.2.1 Front Panel and LED Indicators 3 2.2.2 Back Panel and Connectors 4 2.3 Choosing a Place for the Router 4 2.4 Connecting the Hardware 5 3 Local PC Configuration 6 3.
Contents iv 4.3 The Home Page and System View Table 13 4.4 Commiting Changes and Rebooting 15 4.4.1 Rebooting the HM210dp/di using Options 16 4.5 Quick Configuration 18 5 Basic Configuration 21 5.1 Configuring the ATM Virtual Circuit 21 5.1.1 Adding ATM VCs 21 5.1.2 Modifying ATM VCs 23 5.2 Configuring PPP Interfaces 24 5.2.1 Adding PPP Interfaces 24 5.2.2 Checking Your Connection Status 27 5.2.3 Modifying and Deleteing PPP Interfaces 28 5.
Contents 7.3.2 Enabling DHCP Server Mode 46 7.3.3 Configuring Your PCs as DHCP Clients 47 7.3.4 Viewing, Modifying and Deleting Address Pools 47 7.3.5 Excluding IP Addresses from a Pool 48 7.3.6 Viewing Current DHCP Address Assignments 48 7.4 Configuring DHCP Relay 49 7.4.1 Defining the DHCP Relay Interface(s) 49 7.4.2 Enabling DHCP Relay Mode 50 7.4.3 Configuring Your PCs as DHCP Clients 51 8 Configuring NAT 52 8.1 Overview of NAT 52 8.2 Viewing NAT Configuration 53 8.
Contents vi 11 Configuring Firewall Settings 78 11.1 Global Firewall Settings 78 11.2 Configuring IP Filters 80 11.2.1 Viewing Your IP Filter Configuration 81 11.2.2 Configuring IP Filter Global Settings 82 11.2.3 Creating IP Filter Rules 82 11.2.4 Viewing IP Filter Statistics 88 11.2.5 Managing Current IP Filter Sessions 89 11.3 Blocking Specific Protocols 90 12 Administration Tasks 93 12.1 Changing the System Date and Time 93 12.
Contents 15.2.1 License 110 15.2.2 Term 110 15.2.3 Limited Warranty 110 15.2.4 Intended Use 111 15.2.5 Limitation of Liability 111 15.2.6 Governing Law 111 15.3 Regulatory Information 112 15.3.1 EU Directives 112 15.3.2 Safety Approvals 112 15.3.3 EMC Approvals 113 15.3.4 Telecom Approval 115 15.3.5 Caution 116 15.3.6 Power Supply 116 15.3.7 Environmental Information 116 15.3.
Introduction 1 Introduction Congratulations on becoming the owner of an Ericsson ADSL Modem HM210dp/di. Your LAN (Local Area Network) will now be able to access the Internet using your high-speed ADSL connection. 1.1 About this User Guide This User Guide describes how to install and setup your HM210dp/di in a Windows environment, and how to customize its configuration to get the most out of your new product. The Glossary includes abbreviations and explanations to technical terms used in this guide. 1.
Hardware Description and Installation 2 Hardware Description and Installation This chapter describes the product and provides instructions about how to install the HM210dp/di in a PC/Windows environment. 2.1 Before You Start 2.1.1 Package Contents Check the contents of the package against the shipping contents checklist below. If any of the items is missing, please contact the ADSL modem provider.
Hardware Description and Installation An Ethernet hub/switch if you are connecting the device to more than one computer. For system configuration using the built-in Configuration Manager program you need a web browser such as Internet Explorer v5.0 or later, or Netscape v5.0 or later. 2.2 Physical Appearance 2.2.1 Front Panel and LED Indicators The front panel of the HM210dp/di contains five control lamps (LEDs) that indicate the status of the modem.
Hardware Description and Installation 2.2.2 Back Panel and Connectors The following figure illustrates the back panel of your HM210dp/di: Figure 2 - Back Panel of the HM210dp/di Description of connectors and buttons: DSL – The DSL port is used for connecting the HM210dp/di to the ADSL service port (splitter/filter or phone outlet) using the supplied ADSL line cable (RJ11 – RJ11).
Hardware Description and Installation 2.4 Connecting the Hardware Follow the procedures below to connect related devices. NOTE! Before you begin, turn the power off for all devices. These include your computer(s), your LAN hub/switch (if applicable), and the HM210dp/di. 1. Connect to the ADSL Line Connect one end of the provided ADSL Line cable to the port labeled DSL on the back panel of the HM210dp/di. Connect the other end to your ADSL service port (splitter/filter or phone outlet). 2.
Local PC Configuration 3 Local PC Configuration By default, the HM210dp/di acts as a DHCP server that automatically assigns all required Internet settings to your PCs, i.e. the DHCP clients. The predefined IP address and DHCP range is as below: LAN Port IP Address 192.168.1.1 Subnet Mask 255.255.255.0 DHCP Range 192.168.1.3 – 192.168.1.34 The following instructions assume that your PC meets the following prerequisites: 1.
Local PC Configuration 5. Some configuration files may be copied to your hard disk and if a “Settings Changes” message asks you to restart your PC, you should answer Yes. 3.1.2 In Windows 2000: 1. From the Start menu select Settings > Control Panel and doubleclick on the Network and Dial-up Connections icon. 2. Double-click on the Local Area Connection icon for the HM310dp. Be sure to choose the correct one if you have several dial-up icons. 3. Click the Properties button. 4.
Local PC Configuration 3.2 Assigning Static IP Addresses to your PCs In some cases, you may want to assign static IP information to your PCs directly if: In bridged mode, you have completed the initial configuration and you need to use the IP address and default gateway given by your ISP. You have obtained one or more public IP addresses that you want to always associate with specific computers (for example, if you are using a computer as a public web server). You maintain different subnets on your LAN.
Local PC Configuration 3.2.2 In Windows 2000: 1. From the Start menu select Settings > Control Panel and doubleclick on the Network and Dial-up Connections icon. 2. Double-click on the Local Area Connection icon for the HM310dp. Be sure to choose the correct one if you have several dial-up icons. 3. Click the Properties button. 4. Select the Internet Protocol (TCP/IP) and click the Properties button. 5. Select “Specify an IP address” and enter the IP settings provided by your ISP/service provider.
Getting Started with the Configuration Manager 4 Getting Started with the Configuration Manager Your HM210dp/di includes a web-based Configuration Manager, which enables you to configure the device settings to meet the needs of your network. 4.1 Accessing the Configuration Manager You can access the Configuration Manager from any computer connected to the HM210dp/di. Follow the instructions below: 1.
Getting Started with the Configuration Manager 4.2 Functional Layout The Configuration Manager tasks are grouped into categories, which you can access by clicking the tabs at the top of each page. Each tab displays the available tasks in a horizontal menu at the top of the page. You can click on these menu items to display the specific configuration options. Tab Task bar A separate page displays for each task in the task bar. The left-most task displays by default when you click on a new tab.
Getting Started with the Configuration Manager 4.2.1 Commonly Used Buttons and Icons The table below describes buttons and icons commonly used in the Configuration Manager. Button / Symbol Description Stores in temporary system memory any changes you have made on the current page. See section 4.4 “Committing Changes and Rebooting” for instructions on how to store changes permanently. Redisplays the current page with updated statistics or settings.
Getting Started with the Configuration Manager 4.3 The Home Page and System View Table The Home page - System View – displays when you first access the Configuration Manager. This page is one of two options available in the Home tab (the other is the Quick Configuration page, as described in section 4.5). The System View table provides a snapshot of your system configuration. Note that some of the settings are links to the software pages that enable you to configure those settings.
Getting Started with the Configuration Manager 14 Table Heading Description Device Displays basic information about the HM210dp/di hardware and software versions, the system uptime (since the last reboot), and the preconfigured operating mode. DSL Displays the operational status, version, and performance statistics for the DSL line. You can click on DSL in the table heading or display the WAN tab to view additional DSL settings, which are described in chapter x.
Getting Started with the Configuration Manager 4.4 Commiting Changes and Rebooting Whenever you change system settings, the changes are initially placed in a temporary storage (called random access memory or RAM). Your changes are made effective when you submit them, but will be lost if the device is reset or turned off. NOTE! Submitting changes activates them immediately, but saves them only until the device is reset or powered down. Committing changes saves them permanently.
Getting Started with the Configuration Manager 4.4.1 Rebooting the HM210dp/di using Options If, after rebooting the device, you find that it does not operate properly with the new configuration, you can reboot using options that reactivate a previous configuration or the factory default configuration. 1. Select Admin > Commit & Reboot. The Commit & Reboot page appears: 2. In the Reboot Mode: dropdown list you can select from the following options before clicking the Reboot button.
Getting Started with the Configuration Manager Reboot from Minimum Configuration NOTE! Do not reboot the device using the Reset button on the back panel of the HM210dp/di to activate new changes. This button resets the device settings to the manufacturer’s default values. Any custom settings will be lost.
Getting Started with the Configuration Manager 4.5 Quick Configuration The Quick Configuration page allows you to quickly configure your HM210dp/di for Internet connection. Your ISP should provide you with necessary information to complete the quick setup. To quickly configure the system, go to Home > Quick Configuration.
Getting Started with the Configuration Manager Field Description ATM Interface: Select the ATM interface you want to use (usually atm-0) for this connection. Operation Mode: Enabled/Disabled. If set to Disabled, the device cannot provide Internet connectivity for your network. Encapsulation: Select the connection type your ISP uses to communicate with your HM210dp/di. VPI and VCI: Enter the VPI/VCI values given by your ISP.
Getting Started with the Configuration Manager Field Description DNS Primary/Secondary DNS Server: You may just keep the default 0.0.0.0. If you enter the Primary/Secondary DNS addresses given by your ISP, these DNS servers will be used in addition to any DNS servers discovered automatically. After completing the required settings, click the Submit button. Then, go to Admin > Commit & Reboot and click the Commit button to store your changes to permanent memory.
Basic Configuration 5 Basic Configuration This chapter provides basic configuration instructions to get your HM210dp/di run and have your network connected to the Internet. The instructions assume that the HM210dp/di is not predefined with any ATM VC, PPP or IpoA settings. For each connection method, example parameters are given for your better understanding. You should consult with your ISP to determine your connection mode and enter the actual values provided by your ISP.
Basic Configuration Enter the provided fields as below: Field Description VC Interface: Select a VC interface from the available interfaces, e.g. aal5-0. VPI and VCI: Enter the VPI/VCI values given by your ISP, e.g. 0/33. Mux Type: Select LLC or VC as required by your ISP. Max Proto per AAL5: This setting indicates the number of higher-level interfaces that the VC can support (the higher level interfaces can be PPP, EoA, or IpoA interfaces).
Basic Configuration 5. Select Admin > Commit & Reboot and click the Commit button to store your changes to permanent memory. 6. You may need to create a new WAN interface, or modify an existing interface, so that it uses the new VC. See the instructions in the following sections for configuring a PPP (section 5.2), EoA (section 5.3) or IpoA (section 5.4) interfaces, depending on the type you use to communicate with your ISP. 5.1.
Basic Configuration 5.2 Configuring PPP Interfaces When powered on, the HM210dp/di initiates a connection through your DSL line to your ISP. The Point-to-Point (PPP) protocol is commonly used between ISPs and their customers to identify and control various communication properties, including: Identifying the type of service the ISP provides to a given customer. Identifying the customer to the ISP through a username and password login.
Basic Configuration 2. Click the Add button to display the PPP Interface – Add page: 3. Enter the provided fields as below: Field Description PPP Interface: Select a PPP interface from the available interfaces, e.g. ppp-0. ATM VC: Select the ATM VC you wish to use for this connection, e.g. aal5-0. Interface Sec Type: Public / Private / DMZ.
Basic Configuration A private interface connects to your LAN, such as the Ethernet interface. Packets received on a private interface are subject to a less restrictive set of protections, because they originate within the network. The term DMZ (de-militarized zone), in Internet networking terms, refers to computers that are available for both public and in-network accesses (such as a company’s public Web server).
Basic Configuration Security Information Security Protocol: Select PAP or CHAP as required by your ISP. Login Name: Password: The login name and password given by your ISP. NOTE that characters of colon (:), semicolon (;) and questions mark (?) are not allowed when entering login name and password. 5. After entering the fields above, click the Submit button and when the confirmation page appears, click Close. 6. You will return to the PPP Configuration page and see the newly added PPP interface.
Basic Configuration 5.2.3 Modifying and Deleteing PPP Interfaces To modify a PPP interface, display the PPP Configuration page and click in the “Action(s)” column for the interface you want to modify. The PPP Interface – Modify page displays. You can change only the status of the PPP connection, the security protocol, your login name and your password. To modify the other settings, you must delete the interface and create a new one.
Basic Configuration 5.3 Configuring EoA Interfaces This section describes how to configure an Ethernet-over-ATM interface on the HM210dp/di, if one is needed to communicate with your ISP. The Ethernet-over-ATM (EoA) protocol is often referred to as RFC1483, which is the Internet specification that defines it. It is commonly used to carry data between local area networks that use the Ethernet protocol and wide-area networks that use the ATM protocol.
Basic Configuration 2. Click the Add button to display the EOA Interface – Add page: 3. Enter the provided fields as below: Field Description EOA Interface: Select an EoA interface from the available interfaces, e.g. eoa-0. Interface Sec Type: Public / Private / DMZ. This setting defines the type of firewall protections that are in effect on the interface as described below: A public interface connects to the Internet (PPP interfaces are typically public).
Basic Configuration (such as a company’s public Web server). Packets incoming on a DMZ interface – whether from a LAN or external source – are subject to a set of protections that is in between public and private interfaces in terms of restrictiveness. Lower Interface: Select an ATM VC interface previously created, e.g. aal5-0.
Basic Configuration 6. Select Admin > Commit & Reboot and click the Commit button to store your changes to permanent memory.
Basic Configuration 5.4 Configuring IPoA Interfaces This section describes how to configure an IPoA (Internet Protocol-overATM) interface on the HM210dp/di. An IPoA interface can be used to exchange IP packets over the ATM network, without using an underlying Ethernet over ATM (EoA) connection. Typically, this type of interface is used only in product development and test environments, to eliminate unneeded variables when evaluating IP layer processing. 5.4.
Basic Configuration Interface Sec Type: Public / Private / DMZ. This setting defines the type of firewall protections that are in effect on the interface as described below: A public interface connects to the Internet (PPP interfaces are typically public). Packets received on a public interface are subject to the most restrictive set of firewall protections defined in the software. A private interface connects to your LAN, such as the Ethernet interface.
Basic Configuration 4. After entering the fields above, click the Submit button and when the confirmation page appears, click Close. 5. You will return to the IpoA Configuration table and see the newly added IPoA entry: 6. Click Map in the “Action” column. The IPoA Interface – Map page appears: 7. Select an ATM VC you have created earlier from the “Lower Interface:” dropdown list and then click Add. Click Close to exit the confirmation page. 8.
Basic Configuration 5.5 Bridging Connection Mode The HM210dp/di can be configured to act as a bridging device between your LAN and your ISP. Bridges are devices that enable two or more networks to communicate as if they are two segments of the same physical LAN.
Basic Configuration 5.5.2 Check Your Connection Status Select Home > System Mode. The WAN Interface item should display the interface you created to communicate with your ISP. A green ball in the Status field indicates a successful connection: 5.5.3 Deleting a Bridge Interface To make an interface non-bridgeable, display the Bridge Configuration page and click next to the interface you want to delete. Click OK to confirm the deletion.
Configuring IP Routes 6 Configuring IP Routes You can use the Configuration Manager to define specific routes for your Internet and network data. This chapter provides instructions for creating routes. Most users do not need to define IP routes. On a typical small home or office LAN, the existing routes that set up the default gateways for your LAN computers and for the HM210dp/di provide the most appropriate path for all your Internet traffic.
Configuring IP Routes data intelligently. If it cannot determine which of these devices provides a good next hop (because no such route has been defined), then that device will forward the data to its default gateway. Eventually, a high level device, using a predefined IP route, will be able to forward the data along a path to its destination. 6.2 Viewing the IP Routing Table All IP-enabled computers and routers maintain a table of IP addresses that are commonly accessed by their users.
Configuring IP Routes 40 Field Description Destination: Specifies the IP address of the destination computer. The destination can be specified as the IP address of a specific computer or an entire network. It can also be specified as all zeros to indicate that this route should be used for all destinations for which no other route is defined (this is the route that creates the default gateway).
Configuring IP Routes 6.3 Adding IP Routes To add an IP route to the routing table, follow the steps below: 1. Select Routing > IP Route > Add. The IP Route – Add page appears: 2. Specify the destination, netmask, and gateway or next hop for this route. For a description of these fields, refer to the table on the previous page. To create a route that defines the default gateway for your LAN, enter 0.0.0.0 in both the Destination and Netmask fields.
Configuring DHCP 7 Configuring DHCP You can configure your network and HM210dp/di to use the Dynamic Host Configuration Protocol (DHCP). This chapter provides instructions for implementing DHCP on your network. 7.1 Overview of DHCP DHCP is a protocol that enables network administrators to centrally manage the assignment and distribution of IP information to computers on a network.
Configuring DHCP translated to your public IP address on the Internet. Both DHCP server and NAT are enabled in the default configuration. DHCP Relay Agent If your ISP performs the DHCP server function for your network, then you can configure the HM210dp/di as a DHCP relay agent. When the HM210dp/di receives a request for Internet access from a computer on your network, it contacts your ISP for the necessary IP information, and then relays the assigned information back to the computer.
Configuring DHCP 7.3.1 Creating DHCP Server Address Pools To create a pool of IP addresses follow the steps below: 1. Select LAN > DHCP Server. The DHCP Server Configuration page appears: Depending on your preconfigured settings, the table may display one or more address pools, each in a row, or may be empty. 2. To add an IP address pool, click Add.
Configuring DHCP Enter the provided fields as below: The Start IP Address, End IP Address, Net Mask and Gateway Address fields are required, the others are optional. Field Description Start IP Address: End IP Address: Specify the lowest and highest IP addresses in the pool, up to a maximum range of 254 addresses. For example, if the LAN port is assigned IP address 192.168.1.1, then you could create a pool with address range 192.168.1.2 – 192.168.1.254 for distribution to your LAN computers.
Configuring DHCP address in both the Start/End IP Address fields. Netmask: Specifies which portion of each IP address in this range refers to the network and which portion refers to the host (computer). You can use the network mask to distinguish which pool of addresses should be distributed to a particular subnet. Domain Name: A user-friendly name that refers to the subnet that includes the addresses in this pool. This is used for reference only.
Configuring DHCP 2. A page appears to confirm the change. 3. Select Admin > Commit & Reboot and click the Commit button to save your changes to permanent storage. 7.3.3 Configuring Your PCs as DHCP Clients For each computer that you want to configure to receive IP information automatically, configure the TCP/IP properties to “Obtain an IP address automatically” (the actual text may vary depending on your operating system). Refer to section 3.
Configuring DHCP When modifying an IP address pool, you are only allowed to: Change the domain name associated with the pool and to exclude IP addresses within its range from distribution. To exclude an IP address, enter it in the field provided and click Add. If you want to change other attributes, you must delete the pool and create a new one. After entering your changes, click the Submit button. Select Admin > Commit & Reboot and click the Commit button to save your changes to permanent storage. 7.3.
Configuring DHCP To view a table of all current IP address assignments, select LAN > DHCP Server and on that page click the Address Table button to view the DHCP Server Address Table page. For each leased address, the table lists the following information: 7.4 Field Description IP Address: The address that has been leased from the pool. Netmask: The network mask associated with the leased address. This identifies the network ID and host ID portions of the address.
Configuring DHCP 1. Select LAN > DHCP Relay. The DHCP Relay Configuration page appears: This page provides a text box for entering the IP address of your ISP’s DHCP server and a table that lists the interfaces on your HM210dp/di that can relay DHCP information. 2. Type the IP address of your ISP’s DHCP server in the fields provided. If you do not have this address, it is not essential to enter it.
Configuring DHCP 2. A page appears to confirm the change. 3. Select Admin > Commit & Reboot and click the Commit button to save your changes to permanent storage. 7.4.3 Configuring Your PCs as DHCP Clients For each computer that you want to configure to receive IP information automatically, configure the TCP/IP properties to “Obtain an IP address automatically” (the actual text may vary depending on your operating system). Refer to section 3.
Configuring NAT 8 Configuring NAT This chapter provides an overview of Network Address Translation (NAT) and instructions for modifying the default configuration on your HM210dp/di. 8.1 Overview of NAT Network Address Translation is a method for disguising the private IP addresses you use on your LAN as the public IP address you use on the Internet. You define NAT rules that specify exactly how and when to translate between public and private IP addresses.
Configuring NAT They provide a measure of security for your LAN by enabling you to assign private IP addresses and then have these and the source port numbers swapped out before your computers access the Internet. The type of NAT function described above is called network address port translation (NAPT). You can use other types, called flavors, of NAT for other purposes; for example, providing outside access to your LAN or translating multiple private addresses to multiple public addresses.
Configuring NAT default), the NAT Rule Configuration page, and the NAT Translations page. Enable/Disable radio buttons, which allow you to turn on or off the NAT feature. The NAT Global Information table, which displays the following settings that apply to all NAT rule translations: Field Description TCP Idle Timeout(sec): When a NAT rule is in effect on a TCP session in the active state, the session will timeout if no packets are received for the specified time.
Configuring NAT The table provides basic information for each NAT rule you have set up. You can click the Clear button to restart the accumulation of the statistics at their initial values. 8.3 Viewing NAT Rules and Rule Statistics To view the NAT Rules currently defined on your system, select Services > NAT and select NAT Rule Entry in the NAT Options drop-down list.
Configuring NAT The NAT Rule Configuration table displays a row containing basic information for each rule. For a description of these fields, refer to the instructions for adding rules in section 0 “Adding NAT Rules”. From the NAT Rule Configuration page, you can click the Add button to add a new rule, or use the icons in the “Action” column to delete ( ) or view details on ( ) a rule. To view data on how often a specific NAT rule has been used, click Stats in the “Action” column.
Configuring NAT button to reset the statistics to zeros and the Refresh button to display newly accumulated data. 8.
Configuring NAT order to work while NAT is enabled). NAT Direction The direction (incoming or outgoing) of the translation (from the port definition). A NAT direction is assigned to each port; the Ethernet port are defined as incoming port, and the WAN ports are defined as outgoing ports. The NAT direction is determined by the interface on which the rule is invoked. Entry Age The elapsed time, in seconds, of the NAT translation session.
Configuring NAT 8.5 Adding NAT Rules This section explains how to create rules for the various NAT flavors. 8.5.1 The NAPT Rule The NAT flavor NAPT was used in your default configuration. The NAPT flavor translates all LAN-side private source IP addresses to a single public IP address. It also translates the source port numbers to port numbers that are defined on the NAT Global Configuration page. To create a NAPT rule, proceed as follows: 1. Select Services > NAT > NAT Rule Entry > Add.
Configuring NAT 5. In the “Local Address From/To:” fields, type the starting and ending IP addresses respectively, of the range of private IP addresses you want to be translated. Or type the same address in both fields to specify a single IP address. If all LAN IP addresses should be translated, specify 0.0.0.0 and 255.255.255.255 respectively. 6. In the “Global Address:” field, type the address that you want to serve as the publicly known IP address for the LAN computer. 7.
Configuring NAT 2. In the ”Rule Flavor:” dropdown list, select RDR. 3. In the “Rule ID:” field, enter an ID for the rule. The Rule ID determines the order in which the rules are invoked (the lowest numbered rule is invoked first, and so on). In some case, two or more rules may be fined to act on the same set of IP addresses. Once a data packet matches a rule, the data is acted upon according to that rule and is not subjected to higher-numbered rules. 4.
Configuring NAT would typically be used for load balancing, whereby traffic is distributed among several redundant servers. 7. In the “Global Address From/To:” fields, type the public IP address assigned to you by your ISP. If you have multiple WAN interfaces, in both fields type the IP address of the interface to which this rule applies. This rule will not be enforced for data that arrives on WAN interfaces not specified here.
Configuring NAT 1. Select Services > NAT > NAT Rule Entry > Add. The NAT Rule – Add page appears: 2. In the ”Rule Flavor:” dropdown list, select BASIC. 3. In the “Rule ID:” field, enter an ID for the rule. The Rule ID determines the order in which the rules are invoked (the lowest numbered rule is invoked first, and so on). In some case, two or more rules may be fined to act on the same set of IP addresses.
Configuring NAT 7. In the “Global Address From/To:” fields, type the starting and ending IP address that identify the pool of public IP addresses to be translated to your private IP addresses. Or, type the same IP address in both fields (if you also specified a single address in the previous step). 8. When you have completed entering all information, click the Submit button. A page appears to confirm the changes. 9. Click Close to return to the NAT Configuration page.
Configuring NAT 2. In the ”Rule Flavor:” dropdown list, select FILTER. 3. In the “Rule ID:” field, enter an ID for the rule. The Rule ID determines the order in which the rules are invoked (the lowest numbered rule is invoked first, and so on). In some case, two or more rules may be fined to act on the same set of IP addresses. Once a data packet matches a rule, the data is acted upon according to that rule and is not subjected to higher-numbered rules. 4.
Configuring NAT to a corresponding address in a range of global addresses (which you specify in the next step). 7. In the “Global Address From/To:” fields, type the starting and ending IP address that identify the pool of public IP addresses to be translated to your private IP addresses. Or, type the same IP address in both fields (if you also specified a single address in the previous step). 8. Enter a “Destination Address From/To:” …. 9.
Configuring NAT 1. Select Services > NAT > NAT Rule Entry > Add. The NAT Rule – Add page appears: 2. In the ”Rule Flavor:” dropdown list, select NAPT. 3. In the “Rule ID:” field, enter an ID for the rule. The Rule ID determines the order in which the rules are invoked (the lowest numbered rule is invoked first, and so on). In some case, two or more rules may be fined to act on the same set of IP addresses.
Configuring NAT 10. Select Admin > Commit & Reboot and click the Commit button to save your changes to permanent storage. 8.5.6 The PASS Rule You can create a PASS rule to allow a range of IP addresses to remain untranslated when another rule would otherwise do so. The PASS rule must be assigned a rule ID that is a lower number than the ID assigned to the rule it is intended to pass.
Configuring NAT 5. In the “Local Address From/To:” fields, type the lowest and highest IP addresses that define the range of private addresses you want to be passed without translation. If you want the PASS rule to act on only one address, type that address in both fields. 6. When you have completed entering all information, click the Submit button. A page appears to confirm the changes. 7. Click Close to return to the NAT Configuration page. The new rule should no be displayed in the NAT Rule table. 8.
Configuring DNS Server Addresses 9 Configuring DNS Server Addresses Domain Name System (DNS) servers map the user-friendly domain names that users type into their Web browsers (e.g. “yahoo.com”) to the equivalent numerical IP addresses that are used for Internet routing. When a PC user types a domain name into a browser, the PC must first send a request to a DNS server to obtain the equivalent IP address.
Configuring DNS Server Addresses 9.2 Overview of DNS Relay When you specify the HM210dp/di’s LAN port IP address as the DNS address, then the device automatically performs “DNS relay”; i.e. because the device itself is not a DNS server, it forwards domain name lookup requests it receives from the LAN PCs to a DNS server at the ISP. It then relays the DNS server’s response to the PC. When performing DNS relay, the HM210dp/di must maintain the IP addresses of the DNS servers it contacts.
Configuring DNS Server Addresses If “Use DNS” is disabled, you must delete the interface and create a new one with the new setting.
Configuring DNS Server Addresses You can configure the DNS server address to be relayed on the modem if one of the following circumstances applies: Not using PPP connection to the ISP (or a protocol other than PPP is used, such as EoA). You use PPP connection and “Use DNS” is already Enabled. Then these configured addresses will be used in addition to those DNS addresses learned through PPP. You use PPP connection and “Use DNS” is Disabled. Then these configured addresses will be used.
Configuring RIP 10 Configuring RIP The HM210dp/di can be configured to communicate with other routing devices to determine the best path for sending data to its intended destination. This chapter describes how to configure your HM210dp/di to use one of these, called the Routing Information Protocol (RIP). 10.
Configuring RIP 10.2 Configuring the RIP Follow the steps below to configure your HM210dp/di to use RIP: 1. Select Services > RIP and the RIP Configuration page appears: 2. The page contains radio buttons for enabling or disabling the RIP feature and a table listing interfaces on which the protocol is currently running. The first time you open this page, the table may be empty. 3. If necessary, change the “Age(seconds)” and “Update Time(seconds):” values.
Configuring RIP given destination in the network. The hop count is the sum of the metric values assigned to each port through which data is passed before reaching the destination. Among several alternative routes, the one with the lowest hop count is considered the fastest path. For example, if you assign this port a metric of 1, then RIP will add 1 to the hop count when calculating a route that passes through this port.
Configuring RIP You can click the Clear button to reset all statistics to zero and the Refresh button to display any newly accumulated data.
Configuring Firewall Settings 11 Configuring Firewall Settings The Configuration Manager provides built-in firewall functions, enabling you to protect the system against denial of service (DoS) attacks and other types of malicious accesses to your LAN. You can also specify how to monitor attempted attacks, and who should be automatically notified. 11.1 Global Firewall Settings Follow the steps below to configure the global firewall settings: 1.
Configuring Firewall Settings Field Description Blacklist Status: If you want the device to maintain and use a black list, click Enable. Click Disable if you do not want to maintain a list. Blacklist Period(min): Specifies the number of minutes that a computer’s IP address will remain on the black list.
Configuring Firewall Settings they are initiated. Max Single Host Conn.: Sets the percentage of concurrent IP sessions that can originate from a single computer. This percentage should take into account the number of hosts on the LAN. Log Destination: Specifies how attempted violations of the firewall settings will be tracked. Records of such events can be sent out via Ethernet to be handled by a system utility Ethernet to (Trace) or can be emailed to specified administrators.
Configuring Firewall Settings 11.2.1 Viewing Your IP Filter Configuration To view your IP filter configuration, select Services > IP Filter. The IP Filter Configuration page appears: The IP Filter Configuration page displays global settings that you can modify, and the IP filter rule table, which shows all currently established rules. When rules are defined, you can use the icons in the “Action(s)” column to edit ( rule.
Configuring Firewall Settings 11.2.2 Configuring IP Filter Global Settings The IP Filter Configuration page enables you to configure several global IP Filter settings, and displays a table showing all existing IP Filter rules. The global settings that you can configure are: Security Level: When High is selected, only those rules that are assigned a security value of “High” will be in effect. The same is true for the Medium and Low settings. When None is selected, IP Filtering is disabled.
Configuring Firewall Settings 2.
Configuring Firewall Settings 84 Field Description Rule ID: Rules are processed from lowest to highest on each data packet, until a match is found. It is recommended that you assign rule Ids in multiples of 5 or 10 (e.g. 10, 20, 30) so that you leave enough space between them for inserting a new rule if necessary. Action: The action can be Accept (forward to destination) or Deny (discard the packet).
Configuring Firewall Settings Enable if you configure a Log Tag. Start/End Time: The time range during which this rule is to be in effect, specified in military units. Src IP Address: IP address criteria for the source computer(s) from which the packet originates.
Configuring Firewall Settings Source Port: Port number criteria for the computer(s) from which the packet originates. This field will be dimmed (unavailable for entry) if you have not specified a protocol critera. See the description of Src IP Address for the selection options. Dest Port: Port number criteria for the destination computer(s), i.e. the port number of the type of computer to which the packet is being sent.
Configuring Firewall Settings Ignore: (Default) The rule will be applied to packets whether or not they contain fragments, assuming that they match the other criteria. IP Option Pkt: Determines whether the rule should apply to IP packets that have options specified in their packet headers. You can choose from the following options: Yes: The rule will be applied only to packets that contain header options. No: The rule will be applied only to packets that do not contain header options.
Configuring Firewall Settings 11.2.3.1 IP Filter Rule Examples Example 1 – Blocking a specific computer on your LAN from accessing web servers on the Internet; 1. Add a new rule for outgoing packets on the ppp-0 interface from any incoming interface (this would include the eth-0 interface, for example). 2. Specify a source IP address of the computer you want to block. 3. Specify the Protocol = TCP and enable the Store State setting. 4.
Configuring Firewall Settings You can click the Clear button to reset the count to zero and the Refresh button to display newly accumulated data. 11.2.5 Managing Current IP Filter Sessions When two computers communicate using the IP protocol, an IP session is created for the duration of the communication. The HM210dp/di allows a fixed number of concurrent IP sessions. You can view information about each current IP session and delete sessions (for security reasons, for example).
Configuring Firewall Settings filter rule, are assigned a session index). Time to expire The number of seconds in which the connection will automatically expire. Protocol The underlying IP protocol used on the connection, such as TCP, UDP, IGMP, etc. I/F The interface on which the IP Filter rule is effective. IP Address The IP address involved in the communication. The first one shown is the initiator of the communication. Port The hardware addresses of the ports involved in the communication.
Configuring Firewall Settings Check the protocol type you want to block and click the Submit button. Make sure to use the Commit feature to save your changes to the permanent memory. To unblock a specific protocol, uncheck the protocol and repeat the submit and commit tasks. The following list describes each of the available protocols: Protocol Description PPPoE Point-to-Point Protocol over Ethernet. Many DSL modems use PPPoE to establish and maintain a connection with a service provider.
Configuring Firewall Settings hardware address (i.e. MAC addresses). Certain types of computers, such as diskless workstations, must use RARP to determine their IP address before communicating with other network devices. 92 AppleTalk A networking protocol used for Apple Macintosh networks. NetBEUI NetBIOS Enhanced User Interface. On many LAN operating systems, the NetBEUI rotocol provides the method by which computers identify themselves to and communicate with each other.
Administration Tasks 12 Administration Tasks 12.1 Changing the System Date and Time The HM210dp/di keeps a record of the current date and time, which it uses to calculate and report various performance data. You can change the date and time as required. On this page you may also specify the host name and the domain name in the fields provided. Follow these instructions to change basic system information: 1. Select Home > Modify to display the System – Modify page: 2.
Administration Tasks is currently in effect. After you initially set the time, turning DST on or off will adjust the current displayed time by one hour in the appropriate direction. You must remember to change the DST option each spring and fall – it will not change automatically. Name: You can use this field to specify an easy-toremember name for the HM210dp/di.
Administration Tasks To add login User Id or change the login password, proceed as follows: 1. Select Admin > User Config. The User Configuration page appears: 2. To modify the login password click the (modify) icon in the “Action(s)” column and then change the current password: 3. To add a new login ID, click the Add button (on the User Configuration page) to display the User Config – Add page. Enter your settings in the fields provided. NOTE! Both the User ID and Password are case sensitive.
Administration Tasks 4. After making changes, click the Submit button. 5. Select Admin > Commit & Reboot and click the Commit button to save your changes to permanent storage. 12.3 Upgrading the Software This option allows you to upgrade the software running on the HM210dp/di. All system software is contained in a single file, called an image. The image is composed of several distinct parts, each of which implements a different set of functions.
Administration Tasks 2. Click Browse to locate the firmware file. The name of the upgrade file must be one of the following: TEImage.bin, TEDsl.gsz, TEAppl.gsz, Filesys.bin, TEPatch.bin. 3. Click the Upload button to start the upgrade. After a few seconds, a message like the following should appear (the file name may differ): File: TEDs1.gsz successfully saved to the flash. Please reboot for the new image to take effect. 4.
Administration Tasks Select the VC on which you want to execute diagnostics and then click the Submit button. The diagnostics utility will run a series of test to check whether the device’s connections are up and working. This takes only a few seconds and the results for each test are displayed on screen. A test may be skipped if the program determines that no suitable interface is configured on which to run the test. You can click Help to display an explanation of each test.
Administration Tasks 12.5 Modifying Port Settings The modem’s HTTP/Telnet/FTP services are accessible using the standard port number 80, 23 and 21 respectively. It is possible that you want to designate a publicly accessible HTTP, Telnet or FTP server on your LAN side and you want to shift the modem’s HTTP/Telnet/FTP service to use a non-standard port number. If this is the case, select Admin > Port Settings to view the Port Settings page: Modify the port settings and click the Submit button.
Administration Tasks 12.6 Viewing System Alarms You can use the Configuration Manager to view information about alarms that occur in the system. Alarms, also called traps, are caused by a variety of system events, including connection attempts, resets, and configuration changes. Although you will not typically need to view this information, it may be helpful in working with your ISP to troubleshoot problems you encounter with the device.
Viewing DSL Line Information 13 Viewing DSL Line Information To view configuration parameters and performance statistics for the ADSL line, select WAN > DSL. The DSL Status page displays: The DSL Status page displays the current information on the DSL line performance. The page refreshes about every 10 seconds. In the DSL Status table, the Operational Status: setting displays a red, orange, or green ball to indicate that the DSL line is idle, starting up, or upand-running, respectively.
Viewing DSL Line Information You can click the Clear button to reset all counters to zero, and the Refresh button to redisplay the page with newly accumulated values. You can click the DSL Param button to display data about the configuration of the DSL line, as shown below: The DSL Parameters and Status table displays settings preconfigured by the product manufacturer or your ISP. The Config Data table lists various types of error and defects measurements found on the DSL line.
Viewing DSL Line Information The DSL Statistics page reports error data relating to the last 15 minutes interval, the current day, and the previous day. At the bottom of the page, the Detailed Interval Statistic table displays links you can click to display detailed data for each 15 minute interval in the past 24 hours. For example, when you click on 1-4, data displays for the 15-minute such intervals that make up the previous 4 hours (there are 16 of these) shows one such page.
Troubleshooting 14 Troubleshooting This chapter suggests solutions for resolving some of the problems you might encounter when using your HM210dp/di, and provides instructions for using several IP utilities to diagnose problems. 14.1 LEDs Indication/Symptom Troubleshooting Suggestion The PWR LED does not illuminate after the product is turned on. Verify that you are using the power cable provided with the device and that it is securely connected to the HM210dp/di and a wall socket/power strip.
Troubleshooting 14.2 Internet Access Indication/Symptom Troubleshooting Suggestion My PC cannot access the Internet. Use the PING utility described below to check whether your PC can communicate with the HM210dp/di’s LAN IP address (by default 192.168.1.1). If it cannot, check the Ethernet cabling.
Troubleshooting 14.3 Configuration Manager Program Indication/Symptom Troubleshooting Suggestion I forgot/lost my Configuration Manager Username or Password. If you have not changed the password from the default, try using root as both the Username and Password. Otherwise, you can reset the device to the default configuration by pressing the Reset button on the back panel of the device (using a pointed object such as a pen tip). Then, type the default Username and password as shown above.
Troubleshooting 1. From the Start menu select Run… . 2. Type winipcfg and click OK. The “IP Configuration” dialog box appears. 3. From the scroll down menu at the top, select the network card that you are using. This is important if you have more than one network card. 4. Make sure that the Default gateway is the IP address of your HM210dp/di. If it is not, you will not be able to connect to the Internet.
Troubleshooting 14.4.3 How to use PING PING is a command you can use to check whether your PC can recognize other computers on your network and the Internet. A ping command sends a message to the computer you specify. If the computer receives the message, it sends messages in reply. To use it, you must know the IP address of the computer with which you are trying to communicate. You can execute a ping command from the Start menu. 1. From the Start menu select Run…. The “Run” window appears. 2.
Important Information 15 Important Information 15.1 Product Care and Maintenance NOTE! These are important guidelines for safe and efficient use of your device. Read this information before using your Ericsson ADSL Modem HM210dp/di. Your ADSL Modem HM210dp/di is a highly sophisticated electronic device. To get the most out of your product, be sure to read the following text about product care, safety and efficient use. Do not expose the product to liquid or moisture.
Important Information 15.2 License Agreement This is a legal agreement, Agreement, between you, Licensee, the recipient of the enclosed Software on compact disc, diskette or any other media and any upgrades thereof, and Ericsson AB, the Vendor. By opening the sealed software package and/or using the software you are agreeing to be bound by the terms of this Agreement. 15.2.
Important Information and your exclusive remedy under this warranty (which is subject to you returning the Software to an certified reseller with a copy of your receipt) will be, at Vendor's option, to replace the disc(s)/ diskette(s) or refund the purchase price for the Software and terminate this Agreement.
Important Information 15.3 Regulatory Information 15.3.1 EU Directives The HM210dp/di meet the following EU directives for the CE-mark: 73/23/EEC, Low Voltage Directive (LVD) 89/336/EEC, Electromagnetic Compatibility Directive (EMC) 1999/5/EC, Radio Equipment and Telecommunication Terminal Directive (R&TTE). 15.3.1.1 Declaration of Conformity 15.3.2 Safety Approvals The HM210dp/di is approved according to the following safety standards: UL 1950, 3rd Edition.
Important Information CSA-C22.2 No. 60950 IEC 60950 3rd Edition: 1999 15.3.2.1 UL 1950 Statement When using your telephone equipment, basic safety precautions should always be followed to reduce the risk of fire, electric shock and injury to persons, including the following: 1. Do not use this product near water, for example, near a bathtub, washbowl, kitchen sink or laundry tub, in a wet basement or near a swimming pool. 2. Avoid using a telephone (other than a cordless type) during an electrical storm.
Important Information 15.3.3.1 FCC Part 15 Statement This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
Important Information 15.3.4 Telecom Approval The HM210dp/di is approved according to the following telecom standard: FCC Part 68 15.3.4.1 FCC Part 68 Statement The Federal Communications Commission (FCC) has established Rules which permit this device to be directly connected to the telephone network. Standardized jacks are used for these connections. This equipment should not be used on party lines or coin phones.
Important Information authorized U.S. service agency for all such work. Locations and phone number of factory or authorized U.S. service points are as following: Special FCC rules apply to equipment connected behind a PBX or KTS. Company: Ericsson Inc. Address: 6300 Legacy Drive, Plano, TX 75024, USA Tel: 972-583-2000. 15.3.5 Caution Changes or modifications to this product not authorized by the manufacturer could void your authority to operate the equipment and invalidate approvals. 15.3.
Important Information 15.3.8 Intended Use The HM210dp/di is intended for indoor public and private use.
Glossary 16 Glossary -AADSL Short for Asymmetric Digital Subscriber Line. A variation of the DSL technologies that is most familiar to home and small business users. ADSL is called "asymmetric" because most of its two-way or duplex bandwidth is devoted to the downstream direction, sending data to the user. Only a small portion of bandwidth is available for upstream or user-interaction messages.
Glossary Broadband A telecommunications technology that can send different types of data over the same medium. DSL is a broadband technology. Broadcast To simultaneously send the same message to multiple recipients. -CCHAP Short for Challenge Handshake Authentication Protocol. A type of authentication in which the authentication agent (typically a network server) sends the client program a random value that is used only once and an ID value. Both the sender and peer share a predefined secret.
Glossary The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned. Domain name A domain name is a user-friendly name used in place of its associated IP address Downstream The direction of a downstream signal is from the ISP/service provider to the user's computer (downloading).
Glossary network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security critera.
Glossary Alternatively, the maximum number of hops that a packet is allowed to take before being discarded (see also TTL). Host A computer that is connected to a TCP/IP network, including the Internet. Each host has a unique IP address. HTTP Short for HyperText Transfer Protocol. HTTP is the main protocol used to transfer data from web sites so that it can be displayed by web browsers. -IICMP Short for Internet Control Message Protocol.
Glossary Private IP addresses are also LAN IP addresses, but are considered "illegal" IP addresses to the Internet. They are private to an enterprise while still permitting full network layer connectivity between all hosts inside an enterprise as well as all public hosts of different enterprises. ISP Short for Internet Service Provider, a company that provides access to the Internet.
Glossary Packet Data transmitted on a network consists of units called packets. Each packet contains a payload (the data), plus overhead information such as where it came from (source address) and where it should go (destination address). PAP Short for Password Authentication Protocol, the most basic form of authentication, in which a user’s name and password are transmitted over a network and compared to a table of name-password pairs. Typically, the passwords stored in the table are encrypted.
Glossary the circuit is preprogrammed by the carrier as a path through the network. It does not need to be set up or disconnected for each session. -RRemote In a physically separate location. For example, an employee away on travel who logs in to the company’s intranet is a remote user. RFC Short for Request For Comments, a series of notes about the Internet, started in 1969 (when the Internet was the ARPANET).
Glossary -TT1.413 The American National Standards Institute (ANSI) standard for asymmetric digital subscriber line using discrete multitone modulation, which the G.dmt standard is based on. TCP Abbreviation of Transmission Control Protocol, and pronounced as separate letters. TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data.
Glossary Upstream The direction of an upstream signal is from the user's computer to the ISP/service provider (uploading). -VVC A VC (Virtual Circuit) is a connection from your ADSL router to your ISP. VPI and VCI A VPI (Virtual Path Identifier) is an 8-bit field while VCI (Virtual Channel Identifier) is a 16-bit field in the ATM cell header. A VPI identifies a link formed by a virtual path and a VCI identifies a channel within a virtual path.
