™ Netopia 4553 G.
Copyright ©2001 Netopia, Inc., v.032101 All rights reserved. Printed in the U.S.A. This manual and any associated artwork, software, and product designs are copyrighted with all rights reserved. Under the copyright laws such materials may not be copied, in whole or part, without the prior written consent of Netopia, Inc. Under the law, copying includes translation to another language or format. Netopia, Inc. 2470 Mariner Square Loop Alameda, CA 94501-1010 U.S.A.
Contents Chapter 1 — Introduction..........................................................1-9 Overview ....................................................................... 1-9 Features and capabilities ............................................... 1-9 How to use this guide .................................................. 1-10 Chapter 2 — Making the Physical Connections........................2-11 Find a location............................................................. 2-11 What you need .......
iv User’s Reference Guide Easy Setup Security Configuration ....................... 6-35 Chapter 7 — WAN and System Configuration ...........................7-37 WAN configuration........................................................ 7-37 Creating a new Connection Profile ................................. 7-40 The default profile........................................................ 7-43 IP parameters (default profile) screen .................. 7-45 Scheduled Connections ..............................
Contents v Connection Profiles ...................................................... 8-87 Chapter 9 — Multiple Network Address Translation .................9-91 Overview ..................................................................... 9-91 Features............................................................ 9-91 Supported Traffic ............................................... 9-95 MultiNAT Configuration ................................................. 9-95 Easy Setup Profile configuration ........
vi User’s Reference Guide VPN QuickView ........................................................ Dial-Up Networking for VPN ....................................... Installing Dial-Up Networking ........................... Creating a new Dial-Up Networking profile ........ Configuring a Dial-Up Networking profile ........... Installing the VPN Client ........................................... Windows 95 VPN installation........................... Windows 98 VPN installation...........................
Contents vii Chapter 12 — Monitoring Tools ...........................................12-179 Quick View status overview ...................................... 12-179 General status ............................................... 12-180 Current status ............................................... 12-181 Status lights .................................................. 12-181 Statistics & Logs ..................................................... 12-182 Event histories .....................................
viii User’s Reference Guide How to reset the router to factory defaults .................. Power outages........................................................... Technical support ...................................................... How to reach us............................................... A-207 A-207 A-208 A-208 Appendix B — Technical Specifications and Safety Information ............................................................................................
Introduction 1-9 Chapter 1 Introduction Overview The Netopia 4553 G.shdsl Router is a full-featured, stand-alone DSL router for connecting diverse local area networks (LANs) to the Internet and other remote networks. It supports the newly ratified ITU G.991.2 standard for symmetric DSL series. The Netopia 4553 G.shdsl Router uses a high performance telecommunications line to provide your whole network with a high-speed connection to the outside world.
1-10 User’s Reference Guide How to use this guide In addition to the simple documentation contained in the accompanying Getting Started Guide, this guide is designed to be your single source for information about your Netopia 4553 G.shdsl Router. It is intended to be viewed on-line, using the powerful features of the Adobe Acrobat Reader. The information display has been deliberately designed to present the maximum information in the minimum space on your screen.
Making the Physical Connections 2-11 Chapter 2 Making the Physical Connections This section tells you how to make the physical connections to your Netopia 4553 Router.
2-12 User’s Reference Guide You will need: ■ A Windows 95 or 98–based PC or a Macintosh computer with Ethernet connectivity for configuring the Netopia. This may be built-in Ethernet or an add-on card, with TCP/IP installed and configured. See “Sharing the Connection” on page 3-15. ■ A G.shdsl wall outlet wired for a connection to a Local Exchange Carrier (LEC) who supports Symmetric Digital Subscriber Line connections.
Making the Physical Connections 2-13 3. Connect the Ethernet cable to the Ethernet port on the router and the other end to your computer. You should now have: the power adapter plugged in; the Ethernet cable connected between the router and your computer; and the DSL cable connected between the router and the DSL wall outlet. Netopia 4553 Router status lights The figure below represents the Netopia status light (LED) panel.
2-14 User’s Reference Guide
Sharing the Connection 3-15 Chapter 3 Sharing the Connection Once you have set up your physical local area network, you will need to configure the TCP/IP stack on each client workstation connected to your Netopia 4553. This chapter describes how to configure TCP/IP for both Windows-based and Macintosh computers.
3-16 User’s Reference Guide Dynamic configuration (recommended) To configure your PC for dynamic addressing do the following: 1. Go to the Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Configuration tab. 2. Select TCP/IP-->Your Network Card. Then select Properties. In the TCP/IP Properties screen, select the IP Address tab. Click “Obtain an IP Address automatically”. 3. Click on the DNS Configuration tab. Click Disable DNS.
Sharing the Connection 3-17 Static configuration (optional) If you are manually configuring for a fixed or static IP address, perform the following: 1. Go to Start Menu/Settings/Control Panels and double click the Network icon. From the Network components list, select the Configuration tab. 2. Select TCP/IP-->Your Network Card. Then select Properties. In the TCP/IP Properties screen, select the IP Address tab. Click “Specify an IP Address.” Enter the following: IP Address: 192.168.1.2 Subnet Mask: 255.
3-18 User’s Reference Guide 3. Click on the Gateway tab (shown below). Under “New gateway,” enter 192.168.1.1. Click Add. This is the Netopia 4553’s pre-assigned IP address. Click on the DNS Configuration tab. Click Enable DNS. Enter the following information: Host: Type the name you want to give to this computer. Domain: Type your domain name. If you don't have a domain name, type your ISP's domain name; for example, netopia.com.
Sharing the Connection 3-19 Configuring TCP/IP on Macintosh Computers The following is a quick guide to configuring TCP/IP for MacOS computers. Configuring TCP/IP in a Macintosh computer requires the following: You must have either Open Transport or Classic Networking (MacTCP) installed.
3-20 User’s Reference Guide Static configuration (optional) If you are manually configuring for a fixed or static IP address, perform the following: 1. Go to the Apple menu. Select Control Panels and then TCP/IP or MacTCP. 2. With the TCP/IP window open, go to the Edit menu and select User Mode. Choose Advanced and click OK. Or, in the MacTCP window, select Ethernet and click the More button. 3.
Sharing the Connection 3-21 Note: You can also use these instructions to configure other computers on your network with manual or static IP addresses. Be sure each computer on your network has its own IP address. More information about configuring your Macintosh computer for TCP/IP connectivity through a Netopia 4553 can be found in Technote NIR_026, “Open Transport and Netopia Routers,” located on the Netopia Web site.
3-22 User’s Reference Guide
Connecting to Your Local Area Network 4-23 Chapter 4 Connecting to Your Local Area Network This chapter describes how to physically connect the Netopia 4553 to your local area network (LAN). Before you proceed, make sure the Netopia 4553 is properly configured. You can customize the router’s configuration for your particular LAN requirements using console-based management (see “Console-Based Management” on page 5-25).
4-24 User’s Reference Guide Once the Netopia 4553 is properly configured and connected to your LAN, PC and Macintosh computers that have their required components in place will be able to connect to the Internet or other remote IP networks. Connecting to an Ethernet network The Netopia 4553 supports Ethernet connections through its Ethernet port. You can connect a standard 10 or 100Base-T Ethernet network to the Netopia 4553 using its Ethernet port.
Console-Based Management 5-25 Chapter 5 Console-Based Management Console-based management is a menu-driven interface for the capabilities built into the Netopia 4553. Console-based management provides access to a wide variety of features that the router supports. You can customize these features for your individual setup. This chapter describes how to access the console-based management screens.
5-26 User’s Reference Guide may be using the router to connect to more than one service provider or remote site. ■ The System Configuration menus display and permit changing: ■ IP setup. See “IP Setup” on page 8-64. ■ Filter sets (firewalls). See “Security” on page 11-151. ■ IP address serving. See “IP Address Serving” on page 8-72. ■ Date and time. See “Date and time” on page 7-59. ■ Console configuration. See “Connecting a console cable to your router” on page 5-27.
Console-Based Management 5-27 Configuring Telnet software If you are configuring your router using a Telnet session, your computer must be running a Telnet software program. ■ If you connect a PC with Microsoft Windows, you can use a Windows Telnet application or simply run Telnet from the Start menu. ■ If you connect a Macintosh computer, you can use the NCSA Telnet program supplied on the Netopia 4553 CD. You install NCSA Telnet by simply dragging the application from the CD to your hard disk.
5-28 User’s Reference Guide Launch your terminal emulation software and configure the communications software for the values shown in the table below. These are the default communication parameters that the Netopia 4553 uses. Parameter Suggested Value Terminal type PC: ANSI-BBS Mac: ANSI, VT-100, or VT-200 Data bits 8 Parity None Stop bits 1 Speed 9600 - 57600 bits per second Flow Control None Note: The router firmware contains an autobaud detection feature.
Easy Setup 6-29 Chapter 6 Easy Setup This chapter describes how to use the Easy Setup console screens on your Netopia 4553. After completing the Easy Setup console screens, your router will be ready to connect to the Internet or another remote site.
6-30 User’s Reference Guide A screen similar to the following Main Menu appears: Netopia Router Easy Setup... WAN Configuration... System Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... Return/Enter goes to Easy Setup -- minimal configuration. You always start from this main screen.
Easy Setup 6-31 The Main Menu appears. Netopia Router Easy Setup... WAN Configuration... System Configuration... Utilities & Diagnostics... Statistics & Logs... Quick Menus... Quick View... 2. Select the first item on the Main Menu list, Easy Setup. Press Return to bring up the DSL Line Configuration menu screen. DSL Line Configuration DSL Line Configuration WAN DSL Mode... Regional Setting... ATM Annex A Clock Source... Network Data Link Encapsulation... RFC1483 Mode...
6-32 User’s Reference Guide 3. Select a Clock Source, either Network (the default) or Internal. If you are using an ATM-based Mode, the DSL Line Configuration screen offers additional parameters. 4. Select Data Link Encapsulation and from the pop-up menu choose either RFC1483 (the default) or PPP. ■ If you selected RFC1483, the next pop-up menu RFC1483 Mode offers the choice of Bridged 1483 or Routed 1483. If you select Bridged 1483, a new option PPP over Ethernet (PPPoE) appears.
Easy Setup 6-33 If you selected Numbered, the following fields appear. ■ Select the editable field labeled Local WAN IP Address. The default address is 0.0.0.0, which allows for dynamic addressing, when your ISP assigns an address each time you connect. However, you can enter another specific address if you want to use static addressing. In that case, enter the local WAN address your ISP gave you. Press Return. ■ Select the editable field labeled Local WAN IP Mask.
6-34 User’s Reference Guide IP Easy Setup Ethernet IP Address: Ethernet Subnet Mask: 192.168.1.1 255.255.255.0 Domain Name: Primary Domain Name Server: Secondary Domain Name Server: isp.net 209.3.224.21 209.3.224.20 Default IP Gateway: 127.0.0.2 IP Address Serving: On Number of Client IP Addresses: 1st Client Address: 100 192.168.1.100 PREVIOUS SCREEN NEXT SCREEN Enter an IP address in decimal and dot form (xxx.xxx.xxx.xxx). Set up the basic IP & IPX attributes of your Netopia in this screen.
Easy Setup 6-35 7. Toggle IP Address Serving to On or Off, depending on whether you want the device’s IP address server to supply dynamic IP addresses to your client workstations. Normally, you would accept the default On so that workstations on your LAN can have IP addresses assigned dynamically from the Router. 8. The IP address server will provide 100 IP addresses automatically to workstations on your LAN.
6-36 User’s Reference Guide The Router will restart and your configuration settings will be activated. You can then Exit or Quit your Telnet application. Easy Setup is now complete.
WAN and System Configuration 7-37 Chapter 7 WAN and System Configuration This chapter describes how to use the console-based management screens to access and configure advanced features of your Netopia 4553 Router. You can customize these features for your individual setup. These menus provide a powerful method for experienced users to set up their router’s connection profiles and system configuration.
7-38 User’s Reference Guide DSL Line Configuration WAN DSL Mode... Regional Setting... ATM Annex A Clock Source... Cell Format... Unused Cell Format... Network Unscrambled Idle Data Link Encapsulation... RFC1483 Mode... PPP over Ethernet (PPPoE): RFC1483 Bridged 1483 Off Display/Change Circuit... Add Circuit... Delete Circuit... 1. Select WAN DSL Mode and from the pop-up menu choose the type of DSLAM to which you will be connecting, either ATM or HDLC. 2.
WAN and System Configuration 7-39 Add Circuit Circuit Name: Circuit 2 Circuit Enabled: Yes Circuit VPI (0-255): 0 Circuit VCI (0-65535): 0 Use Connection Profile... Use Default Profile for Circuit Default Profile ADD Circuit NOW CANCEL ■ Enter a name for the circuit in the Circuit Name field. ■ Toggle Circuit Enabled to Yes. ■ Enter the Virtual Path Identifier and the Virtual Channel Identifier in the Circuit VPI and Circuit VCI fields, respectively.
7-40 User’s Reference Guide Creating a new Connection Profile For a Netopia 4553, connection profiles are useful for configuring the connection and authentication settings for negotiating a PPP connection on the G.shdsl link. If you are using the PPP data link encapsulation method, you can store your authentication information in the connection profile so that your user name and password (or host name and secret) are transmitted when you attempt to connect.
WAN and System Configuration 7-41 3. Select Data Link Encapsulation and press Return. The pop-up menu offers the possible data link encapsulation methods for connection profiles used for a variety of purposes: PPP, Frame Relay, RFC1483, ATMP, PPTP, or IPsec. If you select any data link encapsulation method other than RFC1483, a Data Link Options menu item is displayed; if you select RFC1483, Data Link Options is hidden. 4.
7-42 User’s Reference Guide Datalink (Frame Realy) Options Auto-Detect DLCIs: Yes Multicast DLCI Number: 0 Toggle Auto-Detect DLCIs to Yes (the default) or No. Select the Multicast DLCI Number field and enter a value. 5. You can edit the Maximum Packet Size field, if you want packets limited to a lower value than 1500. Return to the Add Connection Profile screen by pressing Escape. 6. Select IP Profile Parameters and press Return. The IP Profile Parameters screen appears.
WAN and System Configuration 7-43 WAN Configuration +-Profile Name---------------------IP Address------+ +--------------------------------------------------+ | Easy Setup Profile 255.225.255.255 | | Profile 1 0.0.0.0 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | +--------------------------------------------------+ The default profile If you are using RFC1483 datalink encapsulation, the Default Profile screen controls whether or not the G.
7-44 User’s Reference Guide Main Menu WAN Configuration WAN Default Profile The Default Profile screen appears. WAN Default Profile Must Match a Defined Profile: No IP Parameters... ■ You can set Must Match a Defined Profile item to Yes or No (the default). This item controls whether or not the G.shdsl link will come up without an explicitly configured connection profile.
WAN and System Configuration 7-45 IP parameters (default profile) screen If you are using RFC1483 datalink encapsulation, the IP Parameters (Default Profile) screen allows you to configure various IP parameters for G.shdsl connections established without an explicitly configured connection profile: IP Parameters (Default Profile) Address Translation Enabled: No Filter Set (Firewall)... Remove Filter Set Receive RIP: Transmit RIP: Both Off Return/Enter accepts * Tab toggles * ESC cancels. For an G.
7-46 User’s Reference Guide Scheduled Connections Display/Change Scheduled Connection... Add Scheduled Connection... Delete Scheduled Connection... Navigate from here to add/modify/change/delete Scheduled Connections. Viewing scheduled connections To display a table of scheduled connections, select Display/Change Scheduled Connection in the Scheduled Connections screen. Each scheduled connection occupies one row of the table. Scheduled Connections +-Days----Begin At---HH:MM---When----Conn. Prof.
WAN and System Configuration 7-47 The other columns show: ■ The time of day that the connection will Begin At ■ The duration of the connection (HH:MM) ■ Whether it’s a recurring Weekly connection or used Once Only ■ Which connection profile (Conn. Prof.) is used to connect ■ Whether the scheduled connection is currently Enabled The router checks the date and time set in scheduled connections against the system date and time.
7-48 User’s Reference Guide demand call on the line. ■ ■ Demand-Allowed, meaning that this schedule will permit a demand call on the line. ■ Demand-Blocked, meaning that this schedule will prevent a demand call on the line. ■ Periodic, meaning that the connection is retried several times during the scheduled time. If How Often is set to Weekly, the item directly below How Often reads Set Weekly Schedule.
WAN and System Configuration 7-49 Set Once-Only Schedule If you set How Often to Once Only, select Set Once-Only Schedule and go to the Set Once-Only Schedule screen. Set Once-Only Schedule ■ Place Call on (MM/DD/YY): 05/07/1998 Scheduled Window Start Time: AM or PM: 11:50 AM Scheduled Window Duration: 00:00 Select Place Call On (Date) and enter a date in the format MM/DD/YY or MM/DD/YYYY (month, day, year). Note: You must enter the date in the format specified. The slashes are mandatory.
7-50 User’s Reference Guide Modifying a scheduled connection To modify a scheduled connection, select Display/Change Scheduled Connection in the Scheduled Connections screen to display a table of scheduled connections. Select a scheduled connection from the table and press Return. The Change Scheduled Connection screen appears. The parameters in this screen are the same as the ones in the Add Scheduled Connection screen (except that ADD SCHEDULED CONNECTION and CANCEL do not appear).
WAN and System Configuration 7-51 Frame Relay Configuration LMI Type... T391 (Polling Interval in secs): N391 (Polls/Full Status Cycles): N392 (Error Threshold): N393 (Monitored Event Window): ANSI (Annex D) 10 6 3 4 Tx Injection Management... Default CIR: Default Bc: Default Be: Standard 64000 64000 0 Congestion Management Enabled: No Maximum Tx Frame Size: 1520 Return/Enter goes to new screen. Enter Information supplied to you by your telephone company. 1.
7-52 User’s Reference Guide ting defaults to 64000, but you may modify the capacity rate if this setting will not be applicable to you. ■ The Default Bc (Bc also referred to as Committed Burst Size) represents the maximum amount of data that your Frame Relay service provider agrees to transfer from a given PVC (Permanent Virtual Circuit) or DLCI (Data Link Connection Identifier). This setting defaults to 64000, but you may change the capacity rate if this setting needs to be modified.
WAN and System Configuration 7-53 To go to the Frame Relay DLCI configuration screen, select Frame Relay DLCI Configuration in the WAN Configuration screen. Frame Relay DLCI Configuration Display/Change DLCIs... Add DLCI... Delete DLCI... Add, delete, and modify DLCIs from here. Displaying a Frame Relay DLCI configuration table To display a view-only table of the Frame Relay DLCIs, select Display/Change DLCIs in the Frame Relay DLCI Configuration screen, and press Return.
7-54 User’s Reference Guide Changing a Frame Relay DLCI configuration To modify a Frame Relay DLCI configuration, select Display/Change DLCIs in the Frame Relay DLCI Configuration screen. Select a DLCI Name from the table and press Return to go to the Change DLCI screen. The parameters in this screen are the same as the parameters in the Add DLCI screen. To find out how to set them, see “Adding a Frame Relay DLCI configuration” on page 7-55.
WAN and System Configuration 7-55 Adding a Frame Relay DLCI configuration To add a new Frame Relay DLCI, select Add DLCI in the Frame Relay DLCI Configuration screen and press Return. The Add DLCI screen appears. Add DLCI DLCI Name: DLCI 16 DLCI Enabled: Yes DLCI Number (16-991): 16 Remote IP Address: 0.0.0.0 Data Flow Parameters---------------Use Default---------Value---CIR: Yes Bc: Yes Be: Yes ADD DLCI NOW CANCEL Return accepts * ESC cancels * Left/Right moves insertion point * Del deletes.
7-56 User’s Reference Guide Identifier). The setting defaults to 64000, but you may modify the committed burst size by toggling the selection in the Use Default field to No. You can then enter a different committed burst size in the Value field. ■ The Be (Excess Burst Size) represents the maximum amount of data that your Frame Relay service provider will attempt to deliver to a given PVC (Permanent Virtual Circuit) or DLCI (Data Link Connection Identifier).
WAN and System Configuration 7-57 System configuration screens You can connect to the Netopia 4553’s system configuration screens in either of two ways: ■ By using Telnet with the Router’s Ethernet port IP address ■ Through the console port, using a local terminal (see “Connecting a console cable to your router” on page 5-27) You can also retrieve the Netopia 4553’s configuration information and remotely set its parameters using the Simple Network Management Protocol (see “SNMP” on page 12-188).
7-58 User’s Reference Guide 2. Select IP Setup and press Return. The IP Setup screen appears. To go back in this sequence of screens, use the Escape key. System configuration features The Netopia 4553 Router’s default settings may be all you need to configure your Netopia 4553. Some users, however, require advanced settings or prefer manual control over the default selections. For these users, the Netopia 4553 provides system configuration options.
WAN and System Configuration 7-59 IP setup These screens allow you to configure your network’s use of the IP networking protocol. ■ Details are given in “IP Setup” on page 8-64. Filter sets (firewalls) These screens allow you to configure security on your network by means of filter sets and a basic firewall. ■ Details are given in “Security” on page 11-151. IP address serving These screens allow you to configure IP address serving on your network by means of DHCP, WANIP, and BootP.
7-60 User’s Reference Guide 3. Select the Router’s time zone from the Time Zone pop-up menu and press Return. 4. In the NTP Update Interval field, enter how often to synchronize with the time server, using the format HHHH:MM where H is hours and M is minutes. 5. Select a System Date Format; the options are MM/DD/YY, DD/MM/YY, and YY/MM/DD, where M is month, D is day, and Y is year. 6. Select a System Time Format, either AM/PM or 24hrs. 7. Press Escape to return to the System Configuration menu.
WAN and System Configuration 7-61 Security These screens allow you to add users and define passwords on your network. ■ Details are given in “Security” on page 11-151. Upgrade feature set You can upgrade your Netopia 4553 by adding new feature sets through the Upgrade Feature Set utility. See the release notes that came with your router or feature set upgrade, or visit the Netopia Web site at www.netopia.
7-62 User’s Reference Guide characters. ■ You can specify the UNIX syslog Facility to use by selecting the Facility pop-up. ■ Erase the log by selecting DUMP WAN LOG Installing the Syslog client The Goodies folder on the Netopia CD contains a Syslog client daemon program that can be configured to report the WAN events you specified in the Logging Configuration screen.
IP Setup 8-63 Chapter 8 IP Setup The Netopia 4553 uses Internet Protocol (IP) to communicate both locally and with remote networks. This chapter shows you how to configure the router to route IP traffic. You also learn how to configure the router to serve IP addresses to hosts on your local network. Netopia’s IP routing features Network Address Translation and IP address serving.
8-64 User’s Reference Guide IP Setup Main Menu System Configuration IP Setup The IP Setup options screen is where you configure the Ethernet side of the Netopia 4553. The information you enter here controls how the router routes IP traffic. Consult your network administrator or ISP to obtain the IP setup information (such as the Ethernet IP address, Ethernet subnet mask, default IP gateway, and Primary Domain Name Server IP address) you will need before changing any of the settings in this screen.
IP Setup 8-65 The Netopia 4553 supports multiple IP subnets on the Ethernet interface. You may want to configure multiple IP subnets to service more hosts than are possible with your primary subnet. It is not always possible to obtain a larger subnet from your ISP. For example, if you already have a full Class C subnet, your only option is multiple Class C subnets, since it is virtually impossible to justify a Class A or Class B assignment.
8-66 User’s Reference Guide IP subnets The IP Subnets screen allows you to configure up to eight Ethernet IP subnets on unlimited-user models, one “primary” subnet and up to seven secondary subnets, by entering IP address/subnet mask pairs: IP Subnets #1: IP Address ---------------192.128.117.162 Subnet Mask --------------255.255.255.0 #2: 0.0.0.0 0.0.0.0 #3: #4: #5: #6: #7: #8: Note: You need not use this screen if you have only a single Ethernet IP subnet.
IP Setup 8-67 For example: IP Subnets #1: IP Address ---------------192.128.117.162 Subnet Mask --------------255.255.255.0 #2: 192.128.152.162 255.255.0.0 #3: 0.0.0.0 0.0.0.0 #4: #5: #6: #7: #8: ■ To delete a configured subnet, set both the IP address and subnet mask values to 0.0.0.0, either explicitly or by clearing each field and pressing Return to commit the change. When a configured subnet is deleted, the values in subsequent rows adjust up to fill the vacant fields.
8-68 User’s Reference Guide If you have configured multiple Ethernet IP subnets, the IP Setup screen changes slightly: IP Setup Subnet Configuration... Default IP Gateway: 192.128.117.163 Primary Domain Name Server: Secondary Domain Name Server: Domain Name: 0.0.0.0 0.0.0.0 Receive RIP... Transmit RIP... Both v2 (multicast) Static Routes... Network Address Translation (NAT)... IP Address Serving... Set up the basic IP attributes of your Netopia in this screen.
IP Setup 8-69 The Static Routes screen will appear. Static Routes Display/Change Static Route... Add Static Route... Delete Static Route... Configure/View/Delete Static Routes from this and the following Screens. Viewing static routes To display a view-only table of static routes, select Display/Change Static Route. The table shown below will appear. +-Dest. Network---Subnet Mask-----Next Gateway----Priority-Enabled-+ +------------------------------------------------------------------+ | 0.0.0.0 0.0.0.
8-70 User’s Reference Guide Subnet Mask: The subnet mask associated with the destination network. Next Gateway: The IP address of the router that will be used to reach the destination network. Priority: An indication of whether the Netopia 4553 will use the static route when it conflicts with information received from RIP packets. Enabled: An indication of whether the static route should be installed in the IP routing table. To return to the Static Routes screen, press Escape.
IP Setup 8-71 information; Low means that the RIP information takes precedence over the static route. ■ If the static route conflicts with a connection profile, the connection profile will always take precedence. ■ To make sure that the static route is known only to the Netopia 4553, select Advertise Route Via RIP and toggle it to No. To allow other RIP-capable routers to know about the static route, select Advertise Route Via RIP and toggle it to Yes.
8-72 User’s Reference Guide IP Address Serving Main Menu System Configuration IP Address Serving • Serve DHCP Clients • Serve BootP Clients • Serve Dynamic WAN Clients In addition to being a router, the Netopia 4553 is also an IP address server. There are three protocols it can use to distribute IP addresses.
IP Setup 8-73 Follow these steps to configure IP Address Serving: ■ If you enabled IP Address Serving, then DHCP, BootP clients and Dynamic WAN clients are automatically enabled. ■ The IP Address Serving Mode pop-up menu allows you to choose the way in which the Netopia 4553 will serve IP addresses. The device can act as either a DHCP Server or a DHCP Relay Agent. (See “DHCP Relay Agent” on page 8-85 for more information.
8-74 User’s Reference Guide If you have configured multiple Ethernet IP subnets, the appearance of the IP Address Serving screen is altered slightly: IP Address Serving IP Address Serving Mode... DHCP Server Configure Address Pools... Serve DHCP Clients: DHCP NetBios Options... Yes Serve BOOTP Clients: Yes Serve Dynamic WAN Clients: Yes The first three menu items are hidden, and Configure Address Pools... appears instead. If you select Configure Address Pools...
IP Setup 8-75 IP Address Pools The IP Address Pools screen allows you to configure a separate IP address serving pool for each of up to eight configured Ethernet IP subnets: IP Address Pools Subnet (# host addrs) --------------------192.128.117.0 (253) 1st Client Addr --------------192.128.117.196 Clients ------16 Client Gateway -------------192.128.117.162 192.129.117.0 192.129.117.110 8 192.129.117.4 (253) This screen consists of between two and eight rows of four columns each.
8-76 User’s Reference Guide Numerous factors influence the choice of served address. It is difficult to specify the address that will be served to a particular client in all circumstances. However, when the address server has been configured, and the clients involved have no prior address serving interactions, the Netopia 4553 will generally serve the first unused address from the first address pool with an available address.
IP Setup 8-77 DHCP NetBIOS Options If your network uses NetBIOS, you can enable the Netopia 4553 to use DHCP to distribute NetBIOS information. NetBIOS stands for Network Basic Input/Output System. It is a layer of software originally developed by IBM and Sytek to link a network operating system with specific hardware. NetBIOS has been adopted as an industry standard. It offers LAN applications a variety of “hooks” to carry out inter-application communications and data transfer.
8-78 User’s Reference Guide ■ From the NetBios Type pop-up menu, select the type of NetBIOS used on your network. DHCP NetBios Options Serve NetBios Type: NetBios Type... Serve NetBios Scope: NetBios Scope: Serve NetBios Name Server: NetBios Name Server IP Addr: ■ +--------+ +--------+ | Type B | | Type P | | Type M | | Type H | +--------+ No 0.0.0.0 To serve DHCP clients with the NetBIOS scope, select Serve NetBios Scope and toggle it to Yes. Select NetBios Scope and enter the scope.
IP Setup 8-79 IP Address Lease Management Reset All Leases Release BootP Leases Reclaim Declined Addresses Hit RETURN/ENTER, you will return to the previous screen. Select Release BootP Leases and press Return. ■ Back in IP Address Serving, the Serve Dynamic WAN Clients toggle More Address Serving Options The Netopia 4553 includes a number of enhancements in the built-in DHCP IP address server.
8-80 User’s Reference Guide Configuring the IP Address Server options To access the enhanced DHCP server functions, from the Main Menu navigate to Statistics & Logs and then Served IP Addresses. Main Menu Statistics & Logs Served IP Addresses The following example shows the Served IP Addresses screen after three clients have leased IP addresses. The first client did not provide a Host Name in its DHCP messages; the second and third clients did.
IP Setup 8-81 You can select the entries in the Served IP Addresses screen. Use the up and down arrow keys to move the selection to one of the entries in the list of served IP addresses. Served IP Addresses -IP Address------Type----Expires—-Host Name/Client Identifier--------------------------------------------------SCROLL UP----------------------------------192.168.1.100 192.168.1.101 192.168.1.102 192.168.1.103 192.168.1.104 192.168.1.105 192.168.1.106 +------------+ 192.168.1.107 +------------+ 192.168.
8-82 User’s Reference Guide ■ Details… is displayed if the entry is associated with both a host name and a client identifier. Selecting Details… displays a pop-up menu that provides additional information associated with the IP address. The pop-up menu includes the IP address as well as the host name and client identifier supplied by the client to which the address is leased.
IP Setup 8-83 Served IP Addresses -IP Address------Type----Expires—-Host Name/Client Identifier--------------------------------------------------SCROLL UP----------------------------------192.168.1.100 192.168.1.101 192.1+-------------------------------------------------------------+ 192.1+-------------------------------------------------------------+ 192.1| | 192.1| You are about to make changes that will affect an address | 192.1| that is currently in use. Are you sure you want to do this? | 192.
8-84 User’s Reference Guide Served IP Addresses -IP Address------Type----Expires—-Host Name/Client Identifier--------------------------------------------------SCROLL UP----------------------------------192.168.1.100 192.168.1.101 192.168.1.102 +--------------------------------------+ 192.168.1.103 +--------------------------------------+ 192.168.1.104 | | 192.168.1.105 | IP Address is 192.168.1.108 | 192.168.1.106 | MAC Address: 00-00-c5-45-89-ef | 192.168.1.107 | | 192.168.1.108 | CANCEL OK | 192.168.1.
IP Setup 8-85 DHCP Relay Agent The Netopia 4553 offers DHCP Relay Agent functionality, as defined in RFC1542. A DHCP relay agent is a computer system or a router that is configured to forward DHCP requests from clients on the LAN to a remote DHCP server, and to pass the replies back to the requesting client systems. When a DHCP client starts up, it has no IP address, nor does it know the IP address of a DHCP server. Therefore, it uses an IP broadcast to communicate with one or more DHCP servers.
8-86 User’s Reference Guide Select IP Address Serving and press Return. The IP Address Serving screen appears. IP Address Serving +------------------+ +------------------+ IP Address Serving Mode... | Disabled | | DHCP Server | Number of Client IP Addresses: | DHCP Relay Agent | 1st Client Address: +------------------+ Client Default Gateway... 192.168.1.1 Serve DHCP Clients: DHCP NetBIOS Options... Yes Serve BOOTP Clients: Yes Select IP Address Serving Mode.
IP Setup 8-87 Note: The remote DHCP server(s) to which the Netopia Router is relaying DHCP requests must be capable of servicing relayed requests. Not all DHCP servers support this feature. For example, the DHCP server in the Netopia Router does not. The DHCP server(s) to which the Netopia Router is relaying DHCP requests must be configured with one or more address pools that are within the Netopia Router’s primary Ethernet LAN subnet.
8-88 User’s Reference Guide 2. Toggle the Profile Enabled value to Yes or No. The default is Yes. 3. Select IP Profile Parameters and press Return. The IP Profile Parameters screen appears. IP Profile Parameters Address Translation Enabled: IP Addressing... Yes Numbered NAT Map List... NAT Server List... Easy-PAT List Easy-Servers Local WAN Local WAN Remote IP Remote IP 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 IP Address: IP Mask: Address: Mask: Filter Set... Remove Filter Set RIP Profile Options...
IP Setup 8-89 5. Select ADD PROFILE NOW and press Return. Your new connection profile will be added. If you want to view the connection profiles in your router, return to the WAN Configuration screen, and select Display/Change Connection Profile. The list of connection profiles is displayed in a scrolling pop-up screen. WAN Configuration +-Profile Name---------------------IP Address------+ +--------------------------------------------------+ | Easy Setup Profile 127.0.0.2 | | Profile 1 0.0.0.
8-90 User’s Reference Guide
Multiple Network Address Translation 9-91 Chapter 9 Multiple Network Address Translation The Netopia 4553 offers advanced Multiple Network Address Translation functionality. You should read this chapter completely before attempting to configure any of the advanced NAT features.
9-92 User’s Reference Guide The following is a general description of these features: Port Address Translation The simplest form of classic Network Address Translation is PAT (Port Address Translation). PAT allows a group of computers on a LAN, such as might be found in a home or small office, to share a single Internet connection using one IP address. The computers on the LAN can surf the Web, read e-mail, download files, etc., but their individual IP addresses are never exposed to the public network.
Multiple Network Address Translation 9-93 When addresses are returned to the group of available addresses, they are returned to the head of the group, being the most recently used. If that same host requests a connection an hour later, and the same public address is still available, then it will be mapped to the same private host. If a new host, which has not previously requested a connection, initiates a connection it is allocated the last, or oldest, public address available.
9-94 User’s Reference Guide Exterior addresses are allocated to internal hosts on a demand, or as-needed, basis and then made available when traffic from that host ceases. Once an internal host has been allocated an address, it will use that address for all traffic. Five minutes after all traffic ceases – no pings, all TCP connections closed, no DNS requests, etc. – the address is put at the head of an available list.
Multiple Network Address Translation 9-95 In order to support this type of mapping, you define two address ranges. First, you define a public range which contains the first and last public address to be used and the way in which these addresses should be used (PAT, static, or dynamic). You then configure an address map which defines the private IP address or addresses to be used and which public range they should be mapped to.
9-96 User’s Reference Guide Easy Setup Profile configuration The screen below is an example. Depending on the type of router you are using, fields displayed in this screen may vary. Connection Profile 1: Easy Setup Profile Connection Profile Name: Easy Setup Profile Address Translation Enabled: IP Addressing... Yes Numbered Local WAN Local WAN Remote IP Remote IP 0.0.0.0 255.255.255.0 127.0.0.2 255.255.255.255 IP Address: IP Mask: Address: Mask: PPP Authentication...
Multiple Network Address Translation 9-97 You can configure a simple 1-to-many PAT (often referred to simply as NAT) mapping using Easy Setup. More complex setups require configuration using the Network Address Translation item on the IP Setup screen. An example MultiNAT configuration at the end of this chapter describes some applications for these features. See the MultiNAT Configuration Example on page 9-116.
9-98 User’s Reference Guide The Network Address Translation screen appears. Network Address Translation Add Public Range... Show/Change Public Range... Delete Public Range... Add Map List... Show/Change Map List... Delete Map List... Add Server List... Show/Change Server List... Delete Server List... NAT Associations... Return/Enter to configure IP Address redirection. Public Range defines an external address range and indicates what type of mapping to apply when using this range.
Multiple Network Address Translation 9-99 The Add NAT Public Range screen appears. Add NAT Public Range Range Name: my_first_range Type... pat Public Address: 206.1.1.6 First Public Port: 49152 Last Public Port: 65535 ADD NAT PUBLIC RANGE CANCEL ■ Select Range Name and give a descriptive name to this range. ■ Select Type and from the pop-up menu, assign its type. Options are static, dynamic, or pat (the default).
9-100 User’s Reference Guide Add NAT Map List Map List Name: my_map Add Map... ■ Select Map List Name and enter a descriptive name for this map list. A new menu item, Add Map, appears. ■ Select Add Map and press Return. The Add NAT Map screen appears. Add NAT Map ("my_map") First Private Address: 192.168.1.1 Last Private Address: 192.168.1.254 Use NAT Public Range...
Multiple Network Address Translation 9-101 Add NAT Map ("my_map") +-Public Address Range------------Type----Name-------------+ +----------------------------------------------------------+ | 0.0.0.0 -pat Easy-PAT | | 206.1.1.6 -pat my_first_range | | 206.1.1.1 206.1.1.2 static my_second_range | | <> | | | | | | | | | | | | | | | | | | | | | | | | | +----------------------------------------------------------+ Select Up/Down Arrow Keys to select, ESC to cancel, Return/Enter to Delete.
9-102 User’s Reference Guide Modifying map lists You can make changes to an existing map list after you have created it. Since there may be more than one map list you must select which one you are modifying. From the Network Address Translation screen select Show/Change Map List and press Return. ■ Select the map list you want to modify from the pop-up menu.
Multiple Network Address Translation 9-103 ■ Add Map allows you to add a new map to the map list. ■ Show/Change Maps allows you to modify the individual maps within the list. ■ Delete Map allows you to delete a map from the list. Selecting Show/Change Maps or Delete Map displays the same pop-up menu. Show/Change NAT Map List +---Private Address Range---------Type----Public Address Range------------+ +-------------------------------------------------------------------------+ | 192.168.1.1 192.168.1.
9-104 User’s Reference Guide Adding Server Lists Server lists, also known as Exports, are handled similarly to map lists. If you want to make a particular server’s port accessible (and it isn’t accessible through other means, such as a static mapping), you must create a server list. Select Add Server List from the Network Address Translation screen. The Add NAT Server List screen appears. Add NAT Server List Server List Name: my_servers Add Server...
Multiple Network Address Translation 9-105 ■ Select Add Server and press Return. The Add NAT Server screen appears. Add NAT Server ("my_servers") Service... ■ Server Private IP Address: 192.168.1.45 Public IP Address: 206.1.1.1 ADD NAT SERVER CANCEL Select Service and press Return. A pop-up menu appears listing a selection of commonly exported services. Add NAT Server ("my_servers") +-Type------Port(s)-------+ +-------------------------+ Service...
9-106 User’s Reference Guide Other Exported Port First Port Number (1..65535): 31337 Last Port Number (1..65535): 31337 OK ■ ■ CANCEL Enter the First and Last Port Number between ports 1 and 65535. Select OK and press Return. You will be returned to the Add NAT Server screen. Enter the Server Private IP Address of the server whose service you are exporting.
Multiple Network Address Translation 9-107 Modifying server lists Once a server list exists, you can select it for modification or deletion. ■ Select Show/Change Server List from the Network Address Translation screen. ■ Select the Server List Name you want to modify from the pop-up menu and press Return. Network Address Translation +-NAT Server List Name-+ +----------------------+ A| my_servers | S| |.. D| | | | A| | S| | D| | | | A| | S| |.
9-108 User’s Reference Guide ■ Selecting Show/Change Server or Delete Server displays the same pop-up menu. Show/Change NAT Server List +-Private Address--Public Address----Port------------+ +----------------------------------------------------+ Se| 192.168.1.254 206.1.1.6 smtp | | 192.168.1.254 206.1.1.5 smtp | | 192.168.1.254 206.1.1.4 smtp | Ad| 192.168.1.254 206.1.1.3 smtp | | 192.168.1.254 206.1.1.
Multiple Network Address Translation 9-109 Deleting a server To delete a server from the list, select Delete Server from the Show/Change NAT Server List menu and press Return. A pop-up menu lists your configured servers. Select the one you want to delete and press Return. A dialog box asks you to confirm your choice. Show/Change NAT Server List +-Internal Address-External Address--Port------------+ +----------------------------------------------------+ Se| 192.168.1.254 206.1.1.
9-110 User’s Reference Guide Binding Map Lists and Server Lists Once you have created your map lists and server lists, for most Netopia Router models you must bind them to a profile, either a Connection Profile or the Default Profile.
Multiple Network Address Translation 9-111 ■ Select NAT Map List and press Return. A pop-up menu displays a list of your defined map lists. IP Profile Parameters +--NAT Map List Name---+ +----------------------+ Address Trans| Easy-PAT |s IP Addressing| my_map |mbered | <> | NAT Map List.| |sy PAT NAT Server Li| | | | Local WAN IP | | | | Remote IP Add| |7.0.0.2 Remote IP Mas| |5.255.255.255 | | Filter Set...
9-112 User’s Reference Guide IP Parameters (WAN Default Profile) The Netopia 4553 using RFC 1483 supports a WAN default profile that permits several parameters to be configured without an explicitly configured Connection Profile. The procedure is similar to the procedure to bind map lists and server lists to a Connection Profile. From the Main Menu go to the WAN Configuration screen, then the Default Profile screen. Select IP Parameters and press Return.
Multiple Network Address Translation 9-113 ■ Select NAT Map List and press Return. A pop-up menu displays a list of your defined map lists. IP Parameters (Default Profile) +--NAT Map List Name---+ +----------------------+ | Easy-PAT List | | my_map | Address Trans| <> |s | | NAT Map List.| | NAT Server Li| | | | Filter Set (F| | Remove Filter| | | | Receive RIP: | |th | | | | | | | | | | +----------------------+ Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
9-114 User’s Reference Guide NAT Associations Configuration of map and server lists alone is not sufficient to enable NAT for a WAN connection because map and server lists must be linked to a profile that controls the WAN interface. This can be a Connection Profile, a WAN Ethernet interface, a default profile, or a default answer profile. Once you have configured your map and server lists, you may want to reassign them to different interface-controlling profiles, for example, Connection Profiles.
Multiple Network Address Translation 9-115 keys. Select the item by pressing Return to display a pop-up menu of all of your configured lists.
9-116 User’s Reference Guide MultiNAT Configuration Example To help you understand a typical MultiNAT configuration, this section describes an example of the type of configuration you may want to implement on your site. The values shown are for example purposes only. Make your own appropriate substitutions. A typical DSL service from an ISP might include five user addresses. Without PAT, you might be able to attach only five IP hosts.
Multiple Network Address Translation 9-117 Enter your ISP-supplied values as shown below. Connection Profile 1: Easy Setup Profile Connection Profile Name: Easy Setup Profile Address Translation Enabled: IP Addressing... Yes Numbered Local WAN IP Address: Local WAN IP Mask: 206.1.1.6 255.255.255.248 PREVIOUS SCREEN NEXT SCREEN Enter a subnet mask in decimal and dot form (xxx.xxx.xxx.xxx). Enter basic information about your WAN connection with this screen. Select NEXT SCREEN and press Return.
9-118 User’s Reference Guide Select Show/Change Public Range, then Easy-PAT Range, and press Return. Enter the value your ISP assigned for your public address (206.1.1.6, in this example). Toggle Type to pat. Your public address is then mapped to the remaining private IP addresses using PAT. (If you were not using the Easy-PAT Range and Easy-PAT List that are created by default by using Easy Setup, you would have to define a public range and map list.
Multiple Network Address Translation 9-119 Select ADD NAT PUBLIC RANGE and press Return. You are returned to the Network Address Translation screen. Next, select Show/Change Map List and choose Easy-PAT List. Select Add Map. The Add NAT Map screen appears. (Now the name Easy-PAT List is a misnomer since it has a static map included in its list.) Enter in 192.168.1.1 for the First Private Address and 192.168.1.5 for the Last Private Address. Add NAT Map ("Easy-PAT List") First Private Address: 192.168.1.
9-120 User’s Reference Guide To make these changes, first limit the range of remapped addresses on the Static Map and then edit the default server list called Easy-Servers. ■ First, navigate to the Show/Change Map List screen, select Easy-PAT List and then Show/Change Maps. Choose the Static Map you created and change the First Private Address from 192.168.1.1 to 192.168.1.4.
Virtual Private Networks (VPNs) 10-121 Chapter 10 Virtual Private Networks (VPNs) The Netopia 4553 offers IPsec, PPTP, and ATMP tunneling support for Virtual Private Networks (VPN).
10-122 User’s Reference Guide Tunneling is a process of creating a private path between a remote user or private network and another private network over some intermediate network, such as the IP-based Internet. A VPN allows remote offices or employees access to your internal business LAN through means of encryption allowing the use of the public Internet to look “virtually” like a private secure network.
Virtual Private Networks (VPNs) 10-123 the receiving side, an IPsec-compliant device decrypts each packet. The Netopia 4553 supports the more secure Tunnel mode. DES stands for Data Encryption Standard, a popular symmetric-key encryption method. DES uses a 56-bit key. The Netopia 4553 offers IPsec DES encryption over the VPN tunnel. When used to initiate the tunnelled connection, the Netopia 4553 is called a PPTP Access Concentrator (PAC, in PPTP language), or a foreign agent (in ATMP language).
10-124 User’s Reference Guide PPTP configuration To set up the router as a PPTP Network Server (PNS) capable of answering PPTP tunnel requests you must also configure the VPN Default Answer Profile. See "ATMP/PPTP Default Profile" on page 10-136 for more information. PPTP is a Datalink Encapsulation option in Connection Profiles. It is not an option in device or link configuration screens, as PPTP is not a native encapsulation.
Virtual Private Networks (VPNs) 10-125 When you define a Connection Profile as using PPTP by selecting PPTP as the datalink encapsulation method, and then select Data Link Options, the PPTP Tunnel Options screen appears. PPTP Tunnel Options PPTP Partner IP Address: Tunnel Via Gateway: 173.167.8.134 0.0.0.0 Authentication... Data Compression...
10-126 User’s Reference Guide Note: The Netopia 4553 supports 128-bit (“strong”) encryption. Unlike MS-CHAP version 1, which supports one-way authentication, MS-CHAP version 2 supports mutual authentication between connected routers and is incompatible with MS-CHAP version 1 (MS-CHAP-V1). When you choose MS-CHAP as the authentication method for the PPTP tunnel, the Netopia router will start negotiating MS-CHAP-V2.
Virtual Private Networks (VPNs) 10-127 The IP Profile Parameters screen appears. IP Profile Parameters Address Translation Enabled: Yes NAT Map List... NAT Server List... Easy-PAT Easy-Servers Local WAN IP Address: 0.0.0.0 Remote IP Address: Remote IP Mask: 173.167.8.10 255.255.0.0 Filter Set... Remove Filter Set RIP Profile Options... ■ Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel.
10-128 User’s Reference Guide The Add Connection Profile screen appears. Add Connection Profile Profile Name: Profile Enabled: Data Link Encapsulation... Data Link Options... IP Profile Parameters... COMMIT Profile 1 +-------------+ +-------------+ | PPP | | Frame Relay | | RFC1483 | | ATMP | | PPTP | | IPsec | +-------------+ CANCEL ■ From the Data Link Encapsulation pop-up menu select IPsec. ■ Then select Data Link Options. The IPsec Encryption & Authentication Options screen appears.
Virtual Private Networks (VPNs) 10-129 IPsec Encryption & Authentication Options Encryption Transform... Encryption Key: DES Authentication Type... Authentication Transform... Authentication Key: ESP HMAC-MD5-96 COMMIT CANCEL Enter a key of 16 Hex digits, e.g. '1234567890ABCDEF' ■ You must enter an Encryption Key if the Encryption Transform is DES. The key for DES must be a hexadecimal string of 16 characters, using Hex characters only: '0'-'9', 'A'-'F' and 'a' - 'f'.
10-130 User’s Reference Guide IP Profile Parameters The following IP Profile Options screen is displayed for an IPsec Connection Profile. IP Profile Options SPI (Security Parameters Index): 123456789 Remote Tunnel Endpoint Address: Idle Timeout (seconds): Remote Members Network: Remote Members Mask: 0.0.0.0 300 0.0.0.0 0.0.0.0 Address Translation Enabled: NAT Map List... NAT Server List... PAT IP Address: Yes Easy-PAT List Easy-Servers 1.1.1.1 Filter Set...
Virtual Private Networks (VPNs) 10-131 Map Lists, Server Lists, and PAT addresses are described in detail in Chapter 9, “Multiple Network Address Translation.” ■ You can specify a Filter Set. See "About filters and filter sets" on page 11-154. ■ You can remove a Filter Set. ■ You can choose to configure Advanced IP Profile Options (see “Advanced IP Profile Options,” in the following section).
10-132 User’s Reference Guide If you do not specify the Remote Tunnel Endpoint Address, the router will use the default gateway to reach the partner. If the partner should be reached via an alternate port (for example, the LAN instead of the WAN), the Next Hop Gateway field allows this path to be resolved. Interoperation with other features ■ Address serving is not supported through IPsec Tunnels. ■ AH is not supported through an interface that has NAT applied to it.
Virtual Private Networks (VPNs) 10-133 Add Connection Profile Profile Name: Profile Enabled: Data Link Encapsulation... Data Link Options... IP Profile Parameters... COMMIT Profile 2 +---------------+ +---------------+ | PPP | | Frame Relay | | RFC1483 | | ATMP | | PPTP | | IPsec | +---------------+ CANCEL When you define a Connection Profile as using ATMP by selecting ATMP as the datalink encapsulation method, and then select Data Link Options, the ATMP Tunnel Options screen appears.
10-134 User’s Reference Guide the gateway partner is reached. If you do not specify the ATMP Partner IP Address, the router will use the default gateway to reach the partner and the Tunnel Via Gateway field is hidden. If the partner should be reached via an alternate port (i.e., the LAN instead of the WAN), the Tunnel Via Gateway field allows this path to be resolved. ■ You can specify a Network Name.
Virtual Private Networks (VPNs) 10-135 IP Profile Parameters Address Translation Enabled: Yes NAT Map List... NAT Server List... Easy-PAT Easy-Servers Local WAN IP Address: 0.0.0.0 Remote IP Address: Remote IP Mask: 173.167.8.10 255.255.0.0 Filter Set... Remove Filter Set RIP Profile Options... ■ Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel.
10-136 User’s Reference Guide and transparently. ATMP/PPTP Default Profile The WAN Configuration menu offers a ATMP/PPTP Default Profile option. Use this selection when your router is acting as the server for VPN connections, that is, when you are on the answering end of the tunnel establishment. The ATMP/PPTP Default Profile determines the way the attempted tunnel connection is answered. WAN Configuration WAN (Wide Area Network) Setup... Display/Change Connection Profile... Add Connection Profile...
Virtual Private Networks (VPNs) 10-137 If you chose MS-CHAP authentication, the Data Compression option is not required, and this menu item becomes hidden. VPN QuickView You can view the status of your VPN connections in the VPN QuickView screen. From the Main Menu select QuickView and then VPN QuickView. Main Menu QuickView VPN QuickView The VPN QuickView screen appears. VPN Quick View Profile Name----------Type----Rx Pckts---Tx Pckts--RxDiscard--Remote Address-HA <-> FA1 (Jony Fon ATMP 99 99 0 173.
10-138 User’s Reference Guide Dial-Up Networking for VPN Microsoft Windows Dial-Up Networking software permits a remote standalone workstation to establish a VPN tunnel to a PPTP server such as a Netopia Router located at a central site. Dial-Up Networking also allows a mobile user who may not be connected to a PAC to dial into an intermediate ISP and establish a VPN tunnel to, for example, a corporate headquarters, remotely.
Virtual Private Networks (VPNs) 10-139 The Communications window appears. 5. In the Communications window, select Dial-Up Networking and click the OK button. This returns you to the Windows Setup screen. Click the OK button. 6. Respond to the prompts to install Dial-Up Networking from the system disks or CDROM. 7. When prompted, reboot your PC.
10-140 User’s Reference Guide Configuring a Dial-Up Networking profile Once you have created your Dial-Up Networking profile, you configure it for TCP/IP networking to allow you to connect to the Internet through your Internet connection device. Do the following: 1. Double-click the My Computer (or whatever you have named it) icon on your desktop. Open the Dial-Up Networking folder. You will see the icon for the profile you created in the previous section. 2.
Virtual Private Networks (VPNs) 10-141 4. 5. Click the TCP/IP Settings button. ■ If your ISP uses dynamic IP addressing (DHCP), select the Server assigned IP address radio button. ■ If your ISP uses static IP addressing, select the Specify an IP address radio button and enter your assigned IP address in the fields provided. Also enter the IP address in the Primary and Secondary DNS fields. Click the OK button in this window and the next two windows.
10-142 User’s Reference Guide This displays a list of possible selections for the communications option. Active components will have a check in the checkboxes to their left. 6. Check Dial Up Networking at the top of the list and Virtual Private Networking at the bottom of the list. 7. Click OK at the bottom right on each screen until you return to the Control Panel. Close the Control Panel by clicking the upper right corner X. 8.
Virtual Private Networks (VPNs) 10-143 Connecting using Dial-Up Networking A Dial-Up Networking connection will be automatically launched whenever you run a TCP/IP application, such as a web browser or email client. When you first run the application a Connect To dialog box appears in which you enter your User name and Password. If you check the Save password checkbox, the system will remember your User name and Password, and you won’t be prompted for them again.
10-144 User’s Reference Guide PPTP example To enable a firewall to allow PPTP traffic, you must provision the firewall to allow inbound and outbound TCP packets specifically destined for port 1723. The source port may be dynamic, so often it is not useful to apply a compare function upon this portion of the control/negotiation packets. You must also set the firewall to allow inbound and outbound GRE packets, enabling transport of the tunnel payload.
Virtual Private Networks (VPNs) 10-145 Change Input Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: GRE In the Display/Change Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+ | 1 0.0.0.0 0.0.
10-146 User’s Reference Guide Select Output Filter 2 and press Return. In the Change Output Filter 2 screen, set the Protocol Type to allow GRE as shown below. Change Output Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.
Virtual Private Networks (VPNs) 10-147 Select Input Filter 1 and press Return. In the Change Input Filter 1 screen, set the Destination Port information as shown below. Change Input Filter 1 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: Source Port Compare... Source Port ID: Dest. Port Compare... Dest. Port ID: Established TCP Conns.
10-148 User’s Reference Guide In the Display/Change Filter Set screen select Display/Change Output Filter. Display/Change Output Filter screen +-#----Source IP Addr----Dest IP Addr------Proto-Src.Port-D.Port--On?-Fwd-+ +-------------------------------------------------------------------------+ | 1 0.0.0.0 0.0.0.0 TCP NC =1723 Yes Yes | | 2 0.0.0.0 0.0.0.0 GRE --Yes Yes | | | +-------------------------------------------------------------------------+ Select Output Filter 1 and press Return.
Virtual Private Networks (VPNs) 10-149 Change Output Filter 2 Enabled: Forward: Yes Yes Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.
10-150 User’s Reference Guide
Security 11-151 Chapter 11 Security The Netopia 4553 provides a number of security features to help protect its configuration screens and your local network from unauthorized access. Although these features are optional, it is strongly recommended that you use them.
11-152 User’s Reference Guide Once user accounts are created, users who attempt to access protected screens will be challenged. Users who enter an incorrect name or password are returned to a screen requesting a name/password combination to access the Main Menu. To set up user accounts, in the System Configuration screen select Security and press Return. The Security Options screen appears.
Security 11-153 To add a new user account, select Add User in the Security Options screen and press Return. The Add Name With Write Access screen appears. Add Name With Write Access Enter Name: Enter Password (11 characters max): ADD NAME/PASSWORD NOW CANCEL Follow these steps to configure the new account: 1. Select Enter Name and enter a descriptive name (for example, the user’s first name). 2. Select Enter Password and enter a password. 3.
11-154 User’s Reference Guide To restrict Telnet access, select Security in the Advanced Configuration menu. The Security Options screen will appear. There are two levels of Telnet restriction available: ■ To restrict Telnet access to the SNMP screens, select Enable Telnet Access to SNMP Screens and toggle it to No. (See “SNMP traps” on page 12-189.) ■ To restrict Telnet access to all of the configuration screens, select Enable Telnet Console Access and toggle it to No.
Security 11-155 Each inspector has a specific task. One inspector’s task may be to examine the destination address of all outgoing packages. That inspector looks for a certain destination—which could be as specific as a street address or as broad as an entire country—and checks each package’s destination address to see if it matches that destination. TOR INSPEC ED ROV APP FROM: FROM: TO: FROM: TO: TO: A filter inspects data packets like a customs inspector scrutinizing packages.
11-156 User’s Reference Guide If the package does not match the first inspector’s criteria, it goes to the second inspector, and so on. You can see that the order of the inspectors in the line is very important. For example, let’s say the first inspector’s orders are to send along all packages that come from Rome, and the second inspector’s orders are to reject all packages that come from France.
Security 11-157 Parts of a filter A filter consists of criteria based on packet attributes.
11-158 User’s Reference Guide Port number comparisons A filter can also use a comparison option to evaluate a packet’s source or destination port number. The comparison options are: No Compare: No comparison of the port number specified in the filter with the packet’s port number. Not Equal To: For the filter to match, the packet’s port number cannot equal the port number specified in the filter.
Security 11-159 Putting the parts together When you display a filter set, its filters are displayed as rows in a table: +-#---Source IP Addr---Dest IP Addr-----Proto-Src.Port-D.Port--On?-Fwd-+ +----------------------------------------------------------------------+ | 1 192.211.211.17 0.0.0.0 TCP 0 23 Yes No | | 2 0.0.0.0 0.0.0.0 TCP NC =6000 Yes No | | 3 0.0.0.0 0.0.0.0 ICMP --Yes Yes | | 4 0.0.0.0 0.0.0.0 TCP NC >1023 Yes Yes | | 5 0.0.0.0 0.0.0.
11-160 User’s Reference Guide Filtering example #1 Returning to our filtering rule example from above (see page 11-156), look at how a rule is translated into a filter. Start with the rule, then fill in the filter’s attributes: 1. The rule you want to implement as a filter is: Block all Telnet attempts that originate from the remote host 199.211.211.17. 2. 3. 4. The host 199.211.211.17 is the source of the Telnet packets you want to block, while the destination address is any IP address.
Security 11-161 This filter blocks any packets coming from a remote network with the IP network address 200.233.14.0. The 0 at the end of the address signifies any host on the class C IP network 200.233.14.0. If, for example, the filter is applied to a packet with the source IP address 200.233.14.5, it will block it. In this case, the mask, which does not appear in the table, must be set to 255.255.255.0. This way, all packets with a source address of 200.233.14.
11-162 User’s Reference Guide An approach to using filters The ultimate goal of network security is to prevent unauthorized access to the network without compromising authorized access. Using filter sets is part of reaching that goal. Each filter set you design will be based on one of the following approaches: ■ That which is not expressly prohibited is permitted. ■ That which is not expressly permitted is prohibited.
Security 11-163 To add a new filter set, select Add Filter Set in the Filter Sets screen and press Return. The Add Filter Set screen appears. Add Filter Set... Filter Set Name: Filter Set 3 ADD FILTER SET CANCEL Naming a new filter set All new filter sets have a default name. The first filter set you add will be called Filter Set 1, the next filter will be Filter Set 2, and so on. To give a new filter set a different name, select Filter Set Name and enter a new name for the filter set.
11-164 User’s Reference Guide Adding filters to a filter set There are two kinds of filters you can add to a filter set: input and output. Input filters check packets received from the Internet, destined for your network. Output filters check packets transmitted from your network to the Internet.
Security 11-165 Display/Change Filter Set... Filter Set Name: Filter Set 3 Add Input Filter to Filter Set... Display/Change Input Filter... Delete Input Filter... Move Input Filter... Add Output Filter to Filter Set... Display/Change Output Filter... Delete Output Filter... Move Output Filter... Note: There are two groups of items in this screen, one for input filters and one for output filters. In this section, you’ll learn how to add an input filter to a filter set.
11-166 User’s Reference Guide 5. Select Source IP Address Mask and enter a mask for the source IP address. This allows you to further modify the way the filter will match on the source address. Enter 0.0.0.0 to force the filter to match on all source IP addresses, or enter 255.255.255.255 to match the source IP address exclusively. 6. Select Dest. IP Address and enter the destination IP address this filter will match on. You can enter a subnet or a host address. 7. Select Dest.
Security 11-167 Change Filter Enabled: Forward: No No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: 0 Source Port Compare... Source Port ID: Dest. Port Compare... Dest. Port ID: No Compare 0 No Compare 0 Enter the IP specific information for this filter. Deleting filters To delete a filter, select Delete Input Filter or Delete Output Filter in the Display/Change Filter Set screen to display a table of filters.
11-168 User’s Reference Guide Basic Firewall blocks undesirable traffic originating from the WAN (in most cases, the Internet), but forwards all traffic originating from the LAN. It follows the conservative “that which is not expressly permitted is prohibited” approach: unless an incoming packet expressly matches one of the constituent input filters, it will not be forwarded to the LAN. The five input filters and one output filter that make up Basic Firewall are shown in the table below.
Security 11-169 Output filter 1: This filter forwards all outgoing traffic to make sure that no outgoing connections from the LAN are blocked. Basic Firewall is suitable for a LAN containing only client hosts that want to access servers on the WAN, but not for a LAN containing servers providing services to clients on the WAN. Basic Firewall’s general strategy is to explicitly forward WAN-originated TCP and UDP traffic to ports greater than 1023.
11-170 User’s Reference Guide FTP sessions. To allow WAN-originated FTP sessions to a LAN-based FTP server with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243), insert the following input filter ahead of the current input filter 1: ■ Enabled: Yes ■ Forward: Yes ■ Source IP Address: 0.0.0.0 ■ Source IP Address Mask: 0.0.0.0 ■ Dest. IP Address: a.b.c.d ■ Dest. IP Address Mask: 255.255.255.
Security 11-171 Basic IP packet components All IP packets contain the same basic header information, as follows: Source IP Address 163.176.132.18 Destination IP Address 163.176.4.27 Source Port 2541 Destination Port 80 Protocol TCP ACK Bit Yes DATA User Data This header information is what the packet filter uses to make filtering decisions. It is important to note that a packet filter does not look into the IP data stream (the User Data from above) to make filtering decisions.
11-172 User’s Reference Guide UDP Port Service 69 TFTP 387 AURP Firewall design rules There are two basic rules to firewall design: ■ “What is not explicitly allowed is denied.” and ■ “What is not explicitly denied is allowed.” The first rule is far more secure, and is the best approach to firewall design. It is far easier (and more secure) to allow in or out only certain services and deny anything else.
Security 11-173 Logical AND function When a packet is compared (in most cases) a logical AND function is performed. First the IP addresses and subnet masks are converted to binary and then combined with AND. The rules for the logical use of AND are as follows: 0 AND 0 = 0 0 AND 1 = 0 1 AND 0 = 0 1 AND 1 = 1 For example: Filter rule: Deny IP: 163.176.1.15BINARY: 10100011.10110000.00000001.00001111 Mask: 255.255.255.255BINARY:11111111.11111111.11111111.11111111 Incoming Packet: IP 163.176.1.
11-174 User’s Reference Guide Example filter set screen This is an example of the Netopia filter set screen: Change Input Filter 1 Enabled: Forward: Yes No Source IP Address: Source IP Address Mask: 0.0.0.0 0.0.0.0 Dest. IP Address: Dest. IP Address Mask: 0.0.0.0 0.0.0.0 Protocol Type: Source Port Compare... Source Port ID: Dest. Port Compare... Dest. Port ID: Established TCP Conns.
Security 11-175 Example network Incoming Packet Filter Netopia Internet IP: 200.1.1.?? DATA Example filters Example 1 Filter Rule: 200.1.1.0 (Source IP Network Address) 255.255.255.128 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.28 IP Address Binary Representation 200.1.1.28 00011100 (Source address in incoming IP packet) 10000000 (Perform the logical AND) 00000000 (Logical AND result) AND 255.255.255.
11-176 User’s Reference Guide Example 2 Filter Rule: 200.1.1.0 (Source IP Network Address) 255.255.255.128 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.184. IP Address Binary Representation 200.1.1.184 10111000 (Source address in incoming IP packet) 10000000 (Perform the logical AND) 10000000 (Logical AND result) AND 255.255.255.
Security 11-177 Example 4 Filter Rule: 200.1.1.96 (Source IP Network Address) 255.255.255.240 (Source IP Mask) Forward = No (What happens on match) Incoming packet has the source address of 200.1.1.104. IP Address Binary Representation 200.1.1.104 01101000 (Source address in incoming IP packet) 11110000 (Perform the logical AND) 01100000 (Logical AND result) AND 255.255.255.
11-178 User’s Reference Guide
Monitoring Tools 12-179 Chapter 12 Monitoring Tools This chapter discusses the Netopia 4553’s device and network monitoring tools. These tools can provide statistical information, report on current network status, record events, and help in diagnosing and locating problems.
12-180 User’s Reference Guide General status Quick View Default IP Gateway: 0.0.0.0 Primary DNS Server: 0.0.0.0 Secondary DNS Server: 0.0.0.0 CPU Load: 4% 10/11/2001 07:31:26 AM Unused Memory: 6044 KB Domain Name: Netopia.com ----------------MAC Address--------IP Address--------------------------------Ethernet Hub: 00-00-c5-ff-70-00 192.168.1.1 ATM HSDSL WAN: 00-00-c5-ff-70-02 0.0.0.0 Current DSL Status Profile Name----------Rate--%Use-Remote Address-----Est.-More Info-----------ISP 1536 10 IP 92.163.
Monitoring Tools 12-181 Current status The current status section is a table showing the current status of the DSL connection. For example: Current DSL Status Profile Name----------Rate--%Use-Remote Address-----Est.-More Info-----------ISP 1536 10 IP 92.163.4.1 Lcl NAT 192.163.100.6 Profile Name: Lists the name of the connection profile being used, if any. Rate: Shows the line rate for this connection.
12-182 User’s Reference Guide Statistics & Logs Main Menu Statistics & Logs When you are troubleshooting your Netopia 4553, the Statistics & Logs screens provide insight into the recent event activities of the router. From the Main Menu go to Statistics & Logs and select one of the options described in the sections below. Event histories Main Menu Statistics & Logs • WAN Event History • Device Event History The Netopia 4553 records certain relevant occurrences in event histories.
Monitoring Tools 12-183 WAN Event History The WAN Event History screen lists a total of 128 events on the WAN. The most recent events appear at the top. WAN Event History Current Date -- 10/11/2001 03:02:23 PM -Date-----Time-----Event---------------------------------------------------------------------------------------SCROLL UP----------------------------------07/03/98 13:59:06 DSL: IP up, channel 1, gateway: 173.166.107.
12-184 User’s Reference Guide In the Statistics & Logs screen, select Device Event History. The Device Event History screen appears. Device Event History Current Date -- 10/11/2001 03:02:23 PM -Date-----Time-----Event---------------------------------------------------------------------------------------SCROLL UP----------------------------------01/22/96 02:03:11 IP address server initialization complete 01/22/96 02:03:11 --BOOT: Warm start v4.
Monitoring Tools 12-185 IP Routing Table Main Menu Statistics & Logs • IP Routing Table The IP routing table displays all of the IP routes currently known to the Netopia 4553. IP Routing Table Network Address-Subnet Mask-----via Router------Port------------------Type-------------------------------------SCROLL UP----------------------------------0.0.0.0 255.0.0.0 0.0.0.0 -Other 127.0.0.1 255.255.255.255 127.0.0.1 Loopback Local 192.168.1.0 255.255.255.240 192.168.1.1 Ethernet Local 192.168.1.1 255.255.
12-186 User’s Reference Guide General Statistics Physical I/F-----Rx Bytes---Tx Bytes---Rx Pkts---Tx Pkts----Rx Err----Tx Err Ethernet Hub 1234567 123456 123456 123456 123456 12345 ATM SDSL 1 1234567 123456 123456 123456 123456 12345 Network----------Rx Bytes---Tx Bytes---Rx Pkts---Tx Pkts----Rx Err----Tx Err IP 1234567 123456 123456 123456 123456 12345 VC Traffic Statistics...
Monitoring Tools 12-187 Traffic Statistics When ATM is the mode or Frame Relay is the datalink encapsulation, traffic statistics are available through the option in the lower left corner. With other settings, this option is not available. To view the traffic statistics, select the option and press Return. A table of ATM VC Statistics (for ATM) or DLCI Statistics (for Frame Relay) appears.
12-188 User’s Reference Guide SNMP The Netopia 4553 includes a Simple Network Management Protocol (SNMP) agent, allowing monitoring and configuration by a standard SNMP manager. The Netopia 4553 supports the following management information base (MIB) documents: ■ MIB II (RFC 1213) ■ Interface MIB (RFC 1229) ■ Ethernet MIB (RFC 1643) ■ Netopia MIB These MIBs are on the Netopia CustomerCare CD included with the Netopia 4553.
Monitoring Tools 12-189 2. Select System Location and enter the router’s physical location (room, floor, building, etc.). 3. Select System Contact and enter the name of the person responsible for maintaining the router. System Name, System Location, and System Contact set the values returned by the Netopia 4553 SNMP agent for the SysName, SysLocation, and SysContact objects, respectively, in the MIB II system group.
12-190 User’s Reference Guide ■ A cold start trap is generated after the router is reset. ■ An interface down trap (ifDown) is generated when one of the router’s interfaces, such as a port, stops functioning or is disabled. ■ An interface up trap (ifUp) is generated when one of the router’s interfaces, such as a port, begins functioning. The Netopia 4553 sends traps using UDP (for IP networks). You can specify which SNMP managers are sent the IP traps generated by the Netopia 4553.
Monitoring Tools 12-191 2. Select an IP trap receiver from the table and press Return. 3. In the Change IP Trap Receiver screen, edit the information as needed and press Return. Deleting IP trap receivers 1. To delete an IP trap receiver, select Delete IP Trap Receiver in the IP Trap Receivers screen. 2. Select an IP trap receiver from the table and press Return. 3. In the dialog box, select Continue and press Return.
12-192 User’s Reference Guide
Utilities and Diagnostics 13-193 Chapter 13 Utilities and Diagnostics A number of utilities and tests are available for system diagnostic and control purposes.
13-194 User’s Reference Guide Ping The Netopia 4553 Router includes a standard Ping test utility. A Ping test generates IP packets destined for a particular (Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender. Ping allows you to see whether a particular IP destination is reachable from the Netopia 4553. You can also ascertain the quality and reliability of the connection to the desired destination by studying the Ping test’s statistics.
Utilities and Diagnostics 13-195 Status: The current status of the Ping test. This item can display the status messages shown in the able below: Message Description Resolving host name Finding the IP address for the domain name-style address Can’t resolve host name IP address can’t be found for the domain name–style address Pinging Ping test is in progress Complete Ping test was completed Cancelled by user Ping test was cancelled manually Destination unreachable from w.x.y.
13-196 User’s Reference Guide Packets Lost: The number of packets unaccounted for, shown in total and as a percentage of total packets sent. This statistic may be updated during the Ping test, and may not be accurate until after the test is over. However, if an escalating one-to-one correspondence is seen between Packets Out and Packets Lost, and Packets In is noticeably lagging behind Packets Out, the destination is probably unreachable. In this case, use STOP PING.
Utilities and Diagnostics 13-197 4. Select Use Reverse DNS to learn the names of the routers between the Netopia Router and the destination router. The default is Yes. 5. Select START TRACE ROUTE and press Return. A scrolling screen will appear that lists the destination, number of hops, IP addresses of each hop, and DNS names, if selected. 6. Cancel the trace by pressing Escape. Return to the Trace Route screen by pressing Escape twice.
13-198 User’s Reference Guide Factory defaults You can reset the Netopia 4553 to its factory default settings. In the Utilities & Diagnostics screen, select Revert to Factory Defaults and press Return. Select CONTINUE in the dialog box and press Return. The Netopia 4553 will reboot and its settings will return to the factory defaults, deleting your configurations. In an emergency, you can also use the Reset switch to return the router to its factory default settings.
Utilities and Diagnostics 13-199 Updating firmware Firmware updates may be available periodically from Netopia or from a site maintained by your organization’s network administrator. The Netopia 4553 ships with an embedded operating system referred to as firmware. The firmware governs how the device communicates with your network and the WAN or remote site. Firmware updates are periodically posted on the Netopia website.
13-200 User’s Reference Guide server name or IP address is available from the site where the server is located. ■ Select Config File Name and enter the name of the file you will download. The name of the file is available from the site where the server is located. You may need to enter a file path along with the file name (for example, bigroot/config/myfile). ■ Select GET CONFIG FROM SERVER and press Return.
Utilities and Diagnostics 13-201 Note: The X-Modem File Transfer screen is only available if you are connected via the Console port. Note: It is good practice when updating programmable devices to disable any other programs or network activity on the device or the attached computer. This includes WAN traffic such as a DSL connection or screen savers or other automatic programs running on the attached computer. Such activity can slow down or interrupt the file transfer requiring you to rerun the upgrade.
13-202 User’s Reference Guide If you choose CONTINUE, you will have ten seconds to use your terminal emulation software to initiate an XMODEM transfer of the firmware file. If you fail to initiate the transfer in that time, the dialog box will disappear and the terminal emulation software will inform you of the transfer’s failure. You can then try again. The system will reset at the end of a successful file transfer to put the new firmware into effect.
Utilities and Diagnostics 13-203 Uploading a file can also be useful for troubleshooting purposes. The uploaded configuration file can be tested on a different Netopia 4553 by Netopia or your network administrator. The procedure below applies whether you are using the console or the WAN interface. To upload a configuration file: 1. Decide on a name for the file and a path for saving it. 2. Select Receive Config from Netopia and press Return.
13-204 User’s Reference Guide
Troubleshooting A-205 Appendix A Troubleshooting This appendix is intended to help you troubleshoot problems you may encounter while setting up and using the Netopia 4553. It also includes information on how to contact Netopia Technical Support. Important information on these problems can be found in the event histories kept by the Netopia 4553. These event histories can be accessed in the Statistics & Logs screen.
A-206 User’s Reference Guide Console connection problems Can’t see the configuration screens (nothing appears) ■ Make sure the cable connection from the Netopia 4553’s console port to the computer being used as a console is securely connected. ■ Make sure the terminal emulation software is accessing the correct port on the computer that’s being used as a console. ■ Try pressing Ctrl-L or Return or the up or down arrow key several times to refresh the terminal screen.
Troubleshooting A-207 How to reset the router to factory defaults Lose your password? This section shows how to reset the router so that you can access the console screens once again. Keep in mind that all of your connection profiles and settings will need to be reconfigured. If you don't have a password, the only way to get back into the Netopia 4553 is the following: 1. Turn the router upside down. 2. Referring to the diagram below, find the paper clip-size Reset Switch slot. Reset Switch Slot 3.
A-208 User’s Reference Guide Technical support Netopia, Inc. is committed to providing its customers with reliable products and documentation, backed by excellent technical support. Before contacting Netopia Look in this guide for a solution to your problem. You may find a solution in this troubleshooting appendix or in other sections. Check the index for a reference to the topic of concern. If you cannot find a solution, complete the environment profile below before contacting Netopia Technical Support.
Troubleshooting A-209 Online product information Product information can be found in the following: Netopia World Wide Web server via http://www.netopia.com Internet via anonymous FTP to ftp.netopia.com/pub FAX-Back This service provides technical notes that answer the most commonly asked questions and offers solutions for many common problems encountered with Netopia products.
A-210 User’s Reference Guide
Technical Specifications and Safety Information B-211 Appendix B Technical Specifications and Safety Information Description Dimensions: 124.0 cm (w) x 20.0 cm (d) x 5.3 cm (h) 9.4” (w) x 7.9” (d) x 2.1” (h) Communications interfaces: The Netopia 4553 G.shdsl Router has an RJ-48 jack for DSL connections; an RJ-45 10Base-T Ethernet port for your LAN connection; and a DB-9 Console port. Power requirements ■ 12 VDC input ■ 1.
B-212 User’s Reference Guide December 1, 2000 ■ Canada – CSA: CAN/CSA-C22.2 No. 950-95 EMI: ■ FCC Part 15 Class B International Safety Approvals: ■ Low Voltage (European directive) 73/23/EEC ■ EN60950 1992 (Europe) ■ AS/NRZ 3260 (Australia) ■ TS001(Australia) EMI Compatibility: ■ European Directive 89/336/EEC ■ EN 300 368.2-1997 Telco: ■ European Directive 1999/5/EC Regulatory notices Warning This is a Class A product.
Technical Specifications and Safety Information B-213 The telephone company may make changes in its technical operations and procedures; if such changes affect the compatibility or use of this device, the telephone company is required to give adequate notice of the changes. You will be advised of your right to file a complaint with the FCC. If the telephone company requests information on what equipment is connected to their lines, inform them of: a) The telephone number to which this unit is connected.
B-214 User’s Reference Guide Caution Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate. The Load Number (LN) assigned to each terminal device denotes the percentage of the total load to be connected to a telephone loop which is used by the device, to prevent overloading.
Technical Specifications and Safety Information B-215 Replace only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.
B-216 User’s Reference Guide
Limited Warranty and Limitation of Remedies 217 Limited Warranty and Limitation of Remedies Netopia warrants to you, the end user, that the Netopia 4553™ G.shdsl Router (the “Product”) will be free from defects in materials and workmanship under normal use for a period of one (1) year from date of purchase. Netopia’s entire liability and your sole remedy under this warranty during the warranty period is that Netopia shall, at its sole option, either repair or replace the Product.
User’s Reference Guide
