SIEMENS Business Class 5890 DSL Router User’s Guide Part No.
Software License and Limited Warranty Copyright© 2005 Siemens Home and Office Communications Devices LLC. All rights reserved. Siemens and the Siemens logo are trademarks of Siemens AG, Germany. All other trademarks are held by their respective companies. Siemens reserves the right to make changes to product specifications at any time without notice.
liable for any other losses or damages. • The end user will be billed for any parts or labor charges not covered by this limited warranty. The end user will be responsible for any expenses related to reinstallation of the product. • THIS LIMITED WARRENTY IS THE ONLY WARRENTY SSN MAKES FOR THE PRODUCT AND SOFTWARE. TO THE EXTENT ALLOWED BY LAW, NO OTHER WARRENTY APPLIES, WETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING ANY WARRENTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 6.
SIEMENS 5890 DSL Router User’s Guide Table of Contents Chapter 1 Product Specifications Front Panel ......................................................................................................................................................... 1 Back Panel ......................................................................................................................................................... 1 Hardware Specifications................................................................
SIEMENS 5890 DSL Router User’s Guide Point-to-Point Protocol over ATM (VC Multiplexing) .................................................................................. 18 Point-to-Point Protocol over ATM (LLC Encapsulation) ............................................................................. 20 RFC 1483 (Multiprotocol Encapsulation LLC/SNAP) ................................................................................. 22 RFC 1483 (VC Multiplexing Routed).....................................
SIEMENS 5890 DSL Router User’s Guide Secure Shell ..................................................................................................................................................... 68 Configure SSH ........................................................................................................................................... 69 Load Keys .............................................................................................................................................
Chapter 1 Product Specifications Front Panel The following table explains the LEDs that appear on the front panel of the Siemens 5890 router.
Chapter 1 Product Specifications Hardware Specifications SIEMENS 5890 DSL Router User’s Guide Hardware Specifications Physical Specifications • Dimensions:8.25" W x 7.0" D x 1.
Chapter 1 Product Specifications Software Specifications SIEMENS 5890 DSL Router User’s Guide Software Specifications Configuration Management • Easy Setup Web Management Interface • Configuration and management using HTTP, serial console, SNMP, SSH, or Telnet • TFTP download/upload of new software and configuration files • Dynamic event and history logging • Network boot uses the BootP server (RFC 2131, RFC 2132) • Syslog Server Support • Performance monitoring data available via SNMP Differentiated
Chapter 1 Product Specifications Software Specifications SIEMENS 5890 DSL Router User’s Guide ATM Frame Relay • Encapsulation (IP, Bridging, and Bridge • Support of frame relay ANSI T1.618 and CCIT Encapsulated Routing) (RFC 2684/1483) • PPP over ATM (LLC and VC multiplexing) (RFC 2364) • • • • Classical IP over ATM (RFC 2225) Classical IP (RFC 1577) AAL5 Virtual Circuit (VC) traffi c shaping (CBR, PCR, UBR, VBR) Q.
Chapter 2 Installation This chapter describes the steps you must take to install and configure the various components in your network to utilize the Siemens DSL broadband internet router. This includes setting up the hardware connections to the Internet router, configuring the PC to use the Internet router for Internet access, and setting up the Internet router configuration. Before beginning installation, make sure you meet all installation requirements.
SIEMENS 5890 DSL Router User’s Guide Chapter 2 Installation Installation Requirements Network Service Provider Requirements Your Network Service Provider will provide you with information to configure your router’s WAN connection. Depending upon the type of service that you ordered, you will need some of the items from the following list. Contact your Network Service Provider for specific details on the items you should receive.
Chapter 2 Installation Hardware Installation SIEMENS 5890 DSL Router User’s Guide Hardware Installation You may position the Siemens broadband router at any convenient location where it will be well ventilated. Do not stack it with other devices or place it on the carpet. You can connect the router to an existing Ethernet port on your computer. To connect the SpeedStream device via the Ethernet interface, your computer must have an Ethernet adapter (also called a network interface card, or NIC) installed.
Chapter 2 Installation PC Configuration SIEMENS 5890 DSL Router User’s Guide PC Configuration Your PC must be configured to use the TCP/IP protocol suite over the Internet, and to accept Dynamic Host Configuration Protocol address assignments from the router. Although this is the default settings for the PC, it is a good idea to verify that they have not been changed. Each supported PC Operating System varies slightly in how the configuration windows are presented.
SIEMENS 5890 DSL Router User’s Guide Chapter 2 Installation PC Configuration Windows NT 4 1. On your desktop, right click on the Network Neighborhood icon. This displays the Network window. 2. Click the Protocols tab. 3. Select TCP/IP Protocol from the Network Protocols list. 4. Click Properties. This displays the Microsoft TCP/IP Properties window. 5. Click the IP Address tab. 6. On the IP Address tab, select Obtain an IP address from a DHCP server. 7. Click OK to close each dialog. 8.
SIEMENS 5890 DSL Router User’s Guide Chapter 2 Installation PC Configuration Windows 2000 1. Select Start >Settings >Control Panel. This displays the Control Panel window. 2. Double-click the Network and Dial-up Connection icon. This displays the Network and Dialup Connection window. 3. Right-click Local Area Connections and select Properties. This displays the Local Area Connections Properties window. 4. Select Internet Protocol (TCP/IP) from the list of components. 5. Click Properties.
SIEMENS 5890 DSL Router User’s Guide Chapter 2 Installation PC Configuration Windows XP 1. Click Start >Control Panel. This displays the Control Panel window. 2. Double-click the Network Connections icon. This displays the Network Connection window. 3. Right-click Local Area Connection, then click Properties. This displays the Local Area Connection Properties window. 4. Select Internet Protocol TCP/IP. 5. Click Properties. This displays the Internet Protocol (TCP/IP) Properties window. 6.
SIEMENS 5890 DSL Router User’s Guide Chapter 2 Installation PC Configuration Mac OS 9.x 1. Click Apple -> Control Panels -> TCP/IP. This displays the TCP/IP Control Panel window. 2. Select Ethernet from the Connect via drop-down menu. 3. Select Using DHCP Server from the Configure drop-down menu. 4. Complete the fields shown with any information supplied by your service provider. 5. Close window and save changes. 6. Configure the router.
SIEMENS 5890 DSL Router User’s Guide Chapter 2 Installation PC Configuration Mac OSX 1. Click Apple -> System Preferences. This displays the System Preferences window. 2. Double-click the Network icon under the Internet & Network section. This displays the Network window. 3. Select Ethernet from the Connect via drop-down menu. 4. Select Using DHCP Server from the Configure drop-down menu. 5. Enter any information supplied by your service provider. 6. Click Apply Now to save and exit the Network window.
SIEMENS 5890 DSL Router User’s Guide Chapter 2 Installation PC Configuration Linux 1. From a terminal window, run linuxconfig. This displays the Config window. 2. Click the Adaptor tab. 3. Enter any information specified by your service provider in the fields under the appropriate Adapter tab. 4. When settings are completed, click Accept. This displays the Status of the system tab. 5. To update the system status, ensure that the Activate the changes button is highlighted, then click Act/ Changes. 6.
SIEMENS 5890 DSL Router User’s Guide Chapter 2 Installation Configuring the Router Configuring the Router The Siemens Business Class Router family of products provides two user interfaces: a Web Management Interface and a console-based Command Line Interface (CLI). The Web Management Interface uses an HTTP server housed in the router. Using this server, you can connect to and manage the router using your Web browser.
Chapter 2 Installation Configuring the Router SIEMENS 5890 DSL Router User’s Guide Router Information Page The Router Information Page is the first page you encounter after logging into the router. The Router Information page displays basic router information and configuration settings. On the Router Information page, the following information is presented: • Router Information: Including the model number, software version number, and hardware description.
Chapter 3 Easy Setup This chapter describes how to define router configuration settings using the Easy Setup Wizard. These settings control access to the Wide Area Network (WAN) and Local Area Network (LAN). During the Easy Setup procedure, you will be prompted to specify configuration parameters that may require information from your service provider. Access Easy Setup Wizard To access the Easy Setup Wizard, click Easy Setup in the left navigation pane of the Router Information window.
SIEMENS 5890 DSL Router User’s Guide Chapter 3 Easy Setup Select Protocol Point-to-Point Protocol over ATM (VC Multiplexing) If you selected Point-to-Point Protocol over ATM (VC Multiplexing) from the Wan Interface page, the Pointto-Point Protocol page is displayed when you click Next. To configure Point-to-Point Protocol: 1. Enter PPP User Name and Password to use for authentication when establishing a WAN connection using PPP protocol. 2.
SIEMENS 5890 DSL Router User’s Guide Chapter 3 Easy Setup Select Protocol 5. If you enabled IP routing, optionally select one or more of the following: • NAT Enabled: Network Address Translation (NAT) allows multiple workstations on your LAN to share a single, public IP address. All outgoing traffic appears to originate from the router’s IP address. • Block Net BIOS Traffic: NetBIOS is a PC networking protocol that can keep network connections open inadvertently.
SIEMENS 5890 DSL Router User’s Guide Chapter 3 Easy Setup Select Protocol Point-to-Point Protocol over ATM (LLC Encapsulation) If you selected Point-to-Point Protocol over ATM (LLC Encapsulation) from the Wan Interface page, the Point-to-Point Protocol page is displayed when you click Next. To configure Point-to-Point Protocol: 1. Enter PPP User Name and Password to use for authentication when establishing a WAN connection using PPP protocol. 2.
SIEMENS 5890 DSL Router User’s Guide Chapter 3 Easy Setup Select Protocol 5. If you enabled IP routing, optionally select one or more of the following: • NAT Enabled: Network Address Translation (NAT) allows multiple workstations on your LAN to share a single, public IP address. All outgoing traffic appears to originate from the router’s IP address. • Block Net BIOS Traffic: NetBIOS is a PC networking protocol that can keep network connections open inadvertently.
SIEMENS 5890 DSL Router User’s Guide Chapter 3 Easy Setup Select Protocol RFC 1483 (Multiprotocol Encapsulation LLC/SNAP) If you selected RFC 1483 (Multiprotocol Encapsulation LLC/SNAP) from the Wan Interface page, the RFC 1483 Networking page is displayed when you click Next. To configure RFC 1483: 1. Select one or more of the following RFC 1483 networking options: • Bridging Enabled: Forward all traffic for remote hosts that is not routed to the WAN (non-IP).
SIEMENS 5890 DSL Router User’s Guide Chapter 3 Easy Setup Select Protocol RFC 1483 (VC Multiplexing Routed) If you selected RFC 1483 (VC Multiplexing Routed) from the Wan Interface page, the RFC 1483 Networking page is displayed when you click Next. To configure RFC 1483: 1. Select one or more of the following RFC 1483 networking options: • Bridging Enabled: Forward all traffic for remote hosts that is not routed to the WAN (non-IP).
SIEMENS 5890 DSL Router User’s Guide Chapter 3 Easy Setup Select Protocol Point-to-Point Protocol over Ethernet over RFC1483 If you selected Point-to-Point Protocol over Ethernet over RFC 1483 from the Wan Interface page, the Point-to-Point Protocol over Ethernet over RFC 1483 page is displayed when you click Next. To configure Point-to-Point Protocol over Ethernet over RFC 1483: 1. Enter PPPoE User Name and Password to use for authentication when establishing a WAN connection using PPPoE protocol. 2.
SIEMENS 5890 DSL Router User’s Guide Chapter 3 Easy Setup Select Protocol RFC 1483 MAC Encapsulated Routing (MER) If you selected RFC 1483 MAC Encapsulated Routing from the Wan Interface page, the RFC 1483 MER Networking page is displayed when you click Next. To configure RFC 1483 MER Networking: 1. Select one or more of the following RFC 1483 MER Networking options: • Bridging Enabled: Forward all traffic for remote hosts that is not routed to the WAN (non-IP).
SIEMENS 5890 DSL Router User’s Guide Chapter 3 Easy Setup Select Protocol RAW IP If you selected RAWIP from the Wan Interface page, the RAWIP Networking page is displayed when you click Next. To configure RAWIP Networking: 1. Select one or more of the following RAWIP Networking options: • Bridging Enabled: Forward all traffic for remote hosts that is not routed to the WAN (non-IP). If bridging is enabled, you can optionally select Only bridge PPPoE traffic.
SIEMENS 5890 DSL Router User’s Guide Chapter 3 Easy Setup Select Protocol Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) provides a dynamic, “upon request,” IP address to computers and other networked devices. The router can act as a DHCP server for devices on your local network. The router provides the flexibility to use different ranges of IP addresses to be assigned by the DHCP server housed in the router. DHCP configuration is done from the DHCP Configuration page.
SIEMENS 5890 DSL Router User’s Guide Chapter 3 Easy Setup Select Protocol Local Area Network Configuration Local Area Network configuration information is configured on the LAN IP Configuration page. To configure the Local Area Network: 1. In IP Address, enter the network address of the router. This address must be globally unique unless NAT has been enabled. 2. In Subnet Mask, enter the subnet mask to use along with the IP address to determine if specific LAN IP traffic should be forwarded to the WAN.
User Setup Chapter 4 This chapter describes how to set up users on the router and control their access to router functions and to the Internet. The features that control users and their access are listed below. To access one of these options, click the link on the left navigation pane of the Router Information page. User Management Manage user accounts. Change Password Change user password. Access Control Configure remote access to the router configuration settings.
SIEMENS 5890 DSL Router User’s Guide Chapter 4 User Setup User Management Adding/Modifying A User Account User accounts are used to control access to the router and the Internet. To add a user account: 1. Click New User on the User Management page. This displays the Add/Modify User page. (To modify a user, select the desired name in the Select User list and click Edit User to display the Add/ Modify User page.
SIEMENS 5890 DSL Router User’s Guide Chapter 4 User Setup User Management Deleting A User Account To delete a user account: 1. Select the name of the account you want to delete in the Select User list on the User Management page, then click Delete User. 2. When prompted, click OK to confirm the account deletion.
SIEMENS 5890 DSL Router User’s Guide Chapter 4 User Setup User Management User Lookup User authentication verification is performed when an access request is made to the system. The router checks the user database to verify the user account by username and password, supplied by the user when making the access request. You can specify where user authentication/identification is performed from the User Lookup Configuration page.
SIEMENS 5890 DSL Router User’s Guide Chapter 4 User Setup User Management Secure Mode Configuration You can enable secure mode to control whether an interface is trusted or untrusted. To configure Secure Mode: 1. Click Secure Mode Configuration on the left navigation pane of the User Management page. This displays the Secure Mode Configuration page. 2. Do one of the following for Secure Mode: • Click the box next to Enabled so a check mark appears. This enables secure mode.
SIEMENS 5890 DSL Router User’s Guide Chapter 4 User Setup User Management Configure the Radius Server Remote Authentication Dial In User Service (RADIUS) is client-server based access control and authentication feature. The RADIUS client resides locally on the router and works in conjunction with a variety of RADIUS Server applications. • The client is responsible for passing user information to designated RADIUS servers, then acting on the returned response.
SIEMENS 5890 DSL Router User’s Guide Chapter 4 User Setup User Management Configure the TacPlus Server Tacplus allows access control and user authentication to be managed from a remote server.To configure the Tacplus Server: 1. Click Configure Tacplus Server on the left navigation pane of the User Management page. This displays the Tacplus Server Configuration page. 2. In Timeout, enter the number of seconds to between retry attempts when the Tacplus Server cannot be reached. 3.
Chapter 4 User Setup User Management SIEMENS 5890 DSL Router User’s Guide Management Classes All system operations, are partitioned into functional groups called management classes. Management classes group functions into the following categories. Class Functional Areas Voice Network System Security Admin Debug Voice operations and shared network functions. File system, System Interfaces, SNMP, DHCP, NAT, remote commands. Various system administrative tasks. SSH, L2TP, IPSec, Firewall.
SIEMENS 5890 DSL Router User’s Guide Chapter 4 User Setup Change Password Change Password User passwords are changed from the Change Password page. To change a user password: 1. Click Change Password from the left navigation pane on the Router Information page. This displays the Change Password page. 2. Enter the new password for the Current User in Enter New Password and New Password (again) boxes. 3. Click Apply to save the new password.
SIEMENS 5890 DSL Router User’s Guide Chapter 4 User Setup Access Control Access Control Restrict administrative control of the router to a specific set of IP addresses. Each remote access method (Telnet, Web, and SNMP) can be configured separately. To set Access Control parameters: 1. Click Access Control from the left navigation pane of the Router Information page. This displays the Access Control page. 2.
Chapter 5 Advanced Setup This chapter describes how to configure advanced features on the router. Advanced features are listed below. To configure one of these features, click the link on the left navigation pane of the Router Information page. SIEMENS WAN Selection Select WAN physical layer mode. Remote File Configuration Add, delete, and modify remote routers to which the target router can connect DMZ Configure unrestricted two-way communication with servers or individual users on the internet.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup WAN Selection WAN Selection The router can be connected to the internet using IDSL, SDSL, or SHDSL. The connection mode is usually dictated by your service provider. Only one selection is compatible with your ISP’s central office equipment. To specify the WAN connection mode compatible with your ISP: 1. Click WAN Selection on the left navigation pane of the Router Information page. This displays the WAN Physical Layer Selection page. 2.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup Remote File Configuration Remote File Configuration Using the Remote File Configuration option to add, modify, or delete a remote file. Each remote file represents a connection to a remote router. It is possible that multiple remote files are used in conjunction for a single connection. To create a remote file: 1. Click Remote File Configuration on the left navigation pane of the Router Information page.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup DMZ DMZ One computer on your local network can be configured to allow unrestricted two-way communication with servers or individual users on the Internet. This provides the ability to run programs that are incompatible with firewalls.This feature is primarily used for gaming.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup DMZ 6. To change the server status, select enable or disable from DMZ DHCP Server Status. Disabled, the router will not act as a DHCP server. 7. To define the start and ending address range of the IP address pool, enter the starting address in First IP Address and the ending address in Last IP Address. 8. Click Apply.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup Router Clock Router Clock Use the Router Clock option to set the date and time on the router. To set the current date and time on the router: 1. Click Router Clock on the left navigation pane of the Router Information page. This displays the Current Date and Time page. 2. The current date and time from your PC are displayed in the field labeled Current Date and Time.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup DHCP DHCP Dynamic Host Configuration Protocol (DHCP) is a communication protocol that allocates IP address automatically to any DHCP client requesting an IP address. A DHCP client can be any device attached to your network, for example, a PC. (Note that DHCP is effective only if the TCP/IP is installed on the DHCP client.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup DHCP 3. Click Apply. 4. When a PC boots and asks for an IP address, the DHCP server assigns it an address from a pool of addresses assigned to the subnetwork where the client request originated. To specify the start and ending address range of the IP address pool, enter the starting address in First IP Address and the ending address in Last IP Address. 5. Click Apply.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup QoS QoS Quality of Service actively manages network resources to sustain service levels for priority applications. Mission-critical and real-time Internet applications demand a network that provides high bandwidth and low latency. Such applications cannot tolerate unpredictable degradations of network services. Therefore, network services must contain features that provide adequate assurance of sustained service levels.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup QoS • Priority. Priority determines the order in which packets will be processed by the router. • Weight. Weight determines the amount of bandwidth to be allocated to a given application. The router supports four priority levels; High, Medium, Normal and Low. A weight value can be assigned to each of these priority levels from a minimum of 1 to a maximum of 255. To configure QoS: 1.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup QoS Configure QoS Policy QoS policies control how QoS manages network resources. To configure a QoS policy: 1. Click QoS Policy Page from the left navigation pane of the QoS Configuration page. This displays the QoS Policy Setting page. 2. Click Create. This expands the QoS Policy Setting page. (To modify or delete an existing policy, select the policy in the IP Policy List drop-down menu and click Modify or Delete.) 3.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup QoS 5. In Source IP, select one of the following: • From/To: Enables source address checking. Specify the source IP address or range of IP addresses that must match for this policy to be used. • Do not care: Disables source address checking. 6. In Dest IP, select one of the following: • From/To: Enables destination address checking. Specify the destination IP address or range of IP addresses that must match for this policy to be used.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup QoS Reorder QoS Policies To move a QoS policy: 1. On the QoS Policy Setting page, select the policy you want to move in the IP Policy List drop-down menu and click Move. This expands the QoS Policy Setting page. 2. To specify the new location, select one of the following: • to the end: Moves the policy to the end of the policy list.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup Routing Table Configuration Routing Table Configuration Every host has a default routing table that it uses to determine which physical interface address to use for outgoing IP traffic. The router supports virtual routing, which allows you to define multiple routing tables for a single host. Each routing table added has a defined range of IP source addresses that use that table.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup Dial Backup Dial Backup Dial Backup provides a backup to the Internet through an asynchronous modem connection when the default WAN link service experiences interruption. The modem connection can be provided through either an internal V.90 modem or an external V.90 or ISDN modem connected to the MGMT Console port. Dial Backup is intended for customers with critical applications for which continuous Internet access is vital.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup ATM Traffic Shaping ATM Traffic Shaping An ATM network provides Virtual Path (VP) or Virtual Circuit (VC) connections with distinct levels of service. ATM Traffic Shaping defines the level of service to use for each configured interface. To configure Traffic Shaping: 1. Select Traffic Shaping or ATM Traffic Shaping from the left navigation pane of the Router Information page. This displays the ATM Traffic Shaping Configuration page. 2.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup ATM Traffic Shaping 4. Select one of the following Service Types. • Constant Bit Rate: Requests a static amount of bandwidth that is continuously available for the lifetime of the connection.This bandwidth amount is characterized by a Peak Cell Rate value. • Real-Time Variable Bit Rate: Used for applications that require tightly constrained delay and delay variation, but not necessarily a fixed cell rate.
Chapter 5 Advanced Setup Switch Management SIEMENS 5890 DSL Router User’s Guide Switch Management Each router provides four or eight Ethernet 10/100 switching ports for connection to the local area network (LAN). These RJ-45 ports are located on the rear panel and have individual Link Status LEDs to provide port status and link activity. Labeling is provided for port identification.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup Switch Management Switch Mirror Configuration The router supports traffic mirroring on the Ethernet switch. Port mirroring “mirrors” the traffic on one (or more) Ethernet ports to a target (or capture) port where the traffic can be studied. This is useful for unobtrusive monitoring of network traffic for the purposes of detecting intrusions, diagnosing problems, or monitoring switch performance.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup Switch Management Switch Age Time When a switch receives a message, the originating MAC address and the originating port is saved in the switch’s MAC address table. The switch uses the message’s destination MAC address and previous entries in the MAC address table to select a specific port to use to transmit the message to its destination. Entries remain in the MAC address table based on the “switch age time”.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup Command Line Interface Command Line Interface Use the Command Line Interface option to use the web interface to enter CLI commands. (Refer to the Command Line Interface Guide for available commands.) To execute a CLI command from the web interface: 1. Click Command Line Interface on the left navigation pane of the Router Information window. This displays the Execute a CLI command page. 2. In the field provided, enter the desired command. 3.
SIEMENS 5890 DSL Router User’s Guide Chapter 5 Advanced Setup File Editor File Editor Use the File Editor to create and edit files stored on the router. These files contain configuration and other data used by the router. For advanced users who understand the file formats and syntax, this method may be more efficient than configuring the router with commands or the web interface, particularly when the amount of data is large or complex. To use the File Editor: 1.
Chapter 6 Security Setup This chapter describes how to configure security features on the router. Security features are listed below. To configure one of these features, click the link on the left navigation pane of the Router Information page. SIEMENS NAT Network Address Translation provides a level of security by hiding the private IP addresses of your LAN behind a single public IP address of your router.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup NAT NAT Network Address Translation (NAT) provides a level of security by hiding the private IP addresses of your LAN behind the single public IP address of your router. All connections pass through the router and are translated by NAT. Network addresses on inbound traffic are translated from public to private IP addresses; while addresses on outbound traffic are translated from private IP addresses to the router’s public IP address.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup NAT NAT Server Configuration For incoming messages, NAT converts the global address to the local IP address. 1. To configure the Wan side for NAT functionality, click NAT Server from the left navigation pane. This displays the NAT Server Settings page. 2. From the Source Interface, drop-down menu, select the interface you are configuring. 3.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup NAT NAT Host Mapping Typically, a local network address (internal) is translated to one or more global (external) addresses for outgoing messages. 1. To configure a one to one mapping of LAN IP addresses to WAN IP addresses, click NAT Host Mapping from the left navigation pane. This displays the NAT Host Settings page. 2. Select the interface you are configuring from the Interface drop-down menu. 3.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup SNMP SNMP The Simple Network Management Protocol (SNMP) is a standard protocol that communicates management information between network management stations and their managed objects or agents (for example, routers and switches). By using this protocol, network equipment produced by different manufacturers can be managed by a single program.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup SNMP 5. In Trap Enable, select Enable or Disable. SNMP agents also have the ability to send (unrequested) messages to SNMP managers; these messages are called traps and notify the SNMP managers that an event has happened on the system. 6. If you enabled Trap Enable, in Trap Manager[1-4] specify the IP address for a node that will receive a Trap event from the router. You can specify up to four trap managers. 7. Click Apply. 8.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup SNMP SNMP Password An SNMP password is used to authenticate an SNMP Manager. Once authenticated, SNMP set requests will be performed. To set the SNMP Password: 1. Click SNMP Password from the SNMP Configuration page. This displays the SNMP Password page. 2. Enter the New Password and New Password (again). 3. Click Apply.
Chapter 6 Security Setup Secure Shell SIEMENS 5890 DSL Router User’s Guide Secure Shell Secure Shell (SSH) secures network services (such as remote terminal sessions, remote command execution, secure FTP type file transfers, and secure tunneling of TCP traffic between two networks) over an insecure network, such as the public Internet. SSH creates an encrypted and authenticated channel between hosts for all communication. An SSH server, by default, listens on the standard TCP port 22.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup Secure Shell Configure SSH To configure Secure Shell settings: 1. Click Configure SSH from the Secure Shell (SSH) Configuration List page. This displays the Configure Secure Shell (SSH) page. 2. For Status, select Enable or Disable to enable or disable the SSH feature. Before enabling SSH, a private/public key pair should be loaded on the router using either the Key Generator or Load Keys option. 3.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup Secure Shell Load Keys Diffie-Hellman is the key exchange system used for authentication in the establishment and maintenance of SSH connections. The key exchange requires a Public Key and a Private Key. This key pair can either be loaded from a source file or generated by the router. This section describes how to load the key pair from a source file. Refer to the section title Key Generator for details on generating the key pair on the router.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup Secure Shell Key Generator Diffie-Hellman is the key exchange system used for authentication in the establishment and maintenance of SSH connections. The Key exchange requires a Public key and a Private key. This key pair can either be loaded from a source file or generated by the router. This section describes how to generate the key pair on the router. Refer to the section titled Load Keys for details on loading the key pair from a file.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup Firewall Scripts Firewall Scripts A firewall is any combination of hardware and software that secures a network and traffic to prevent interception or intrusion. The router has built-in firewall capabilities to secure your network and data communications. The router is equipped with predefined scripts that can be modified or used “as is” to construct firewalls.
Chapter 6 Security Setup Stateful Firewall SIEMENS 5890 DSL Router User’s Guide Stateful Firewall A firewall is a program or hardware device that filters the information coming through the Internet connection into your private network or computer system designed to prevent unauthorized access to or from a private network. If an incoming packet of information is flagged by the filters, it is not allowed through.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup Stateful Firewall Configure Stateful Firewall To configure the Stateful Firewall: 1. Click Stateful Firewall from the left navigation pane of the Router Information page. This displays the Stateful Firewall Configuration page. 2. For Firewall Status, select On or Off to turn Stateful Firewall on or off. 3. For Watch Setting, select On or Off to control whether or not messages are printed to the console whenever a packet is accepted or dropped.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup Stateful Firewall View Dropped Packets To view the most recent dropped packets: 1. Click Dropped Packets from the left navigation pane of the Stateful Firewall Configuration page. This displays the Firewall Dropped Packet List page. 2. Do one of the following: • Specify the number of dropped packets to view from 1 to 200. Netscape 4 users, may have to wait a very long time to get the complete list of 200 displayed.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup Stateful Firewall Configure Firewall Rules To configure firewall rules: 1. Click Firewall Rules from the left navigation pane of the Stateful Firewall Configuration page. This displays the Firewall Rule Configuration page. When firewall rules are created, they are specified as Allow or Deny rules. When a packet is evaluated, the Deny rules are applied first, then the Allow rules. 2.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup Stateful Firewall 5. For Target, select one of the following to specify the characteristics a packet must have in order to match the firewall rule: • Protocol/Port Specifies the protocol or port that applies to the rule. This can be one of the following: - tcp to specify TCP protocol for this rule. You can specify a source and destination port or port range.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup Stateful Firewall Delete Firewall Rules To delete firewall rules: 1. Click Firewall Rules from the left navigation pane of the Stateful Firewall Configuration page. This displays the Firewall Rule Configuration page. 2. Click Delete. This expands the Firewall Rule Configuration page. 3. Select the rule list(s) or range of rules you want to delete. To delete a single rule, only enter a number in the from field.
Chapter 6 Security Setup IKE/IPSec Configuration SIEMENS 5890 DSL Router User’s Guide IKE/IPSec Configuration IPSec (Internet Protocol Security) is an open standard that defines optional authentication and encryption methods at the IP packet level. IPSec can only handle IP packets. IPsec is especially useful for implementing Virtual Private Networks and for remote user access through dialup connections to private networks.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup IKE/IPSec Configuration Easy IKE/IPSec Setup Internet Key Exchange (IKE) is a means of dynamically creating secure IP (IPSec) connections, which uses encryption and authentication to virtual private networks over an insecure network. The Easy IKE/IPSec Setup form is used to create a default IKE configuration. To perform Easy IKE/IPSec setup: 1. Click Easy IKE/IPSec Setup from the left navigation pane of the IKE/IPSec Information page.
Chapter 6 Security Setup IKE/IPSec Configuration SIEMENS 5890 DSL Router User’s Guide Advanced IKE/IPSec Setup The Advanced IKE/IPSec Setup page presents information about current IKE and IPSec peers, policies and proposals. To perform Advanced IKE/IPSec setup, click Advanced IKE/IPSec Setup from the left navigation pane of the IKE/IPSec Information page. This displays the Advanced IKE/IPSec Configuration page.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup IKE/IPSec Configuration IKE Peers Definition IKE peers are those devices known to your internal modem as capable of participating in IKE connections. To define a new IKE Peer: 1. Click Create next to IKE Peers from the Advanced IKE/IPSec Setup page. This displays the IKE Peer Definition page. 2. In IKE Peer Name, enter a logical name for an IKE Peer. This name is of no importance to the remote IKE peer. Choose a name that is meaningful to you.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup IKE/IPSec Configuration IKE Proposals Definition IKE I proposals specify how packets will be encrypted/authenticated for Phase I. To define a new IKE proposal: 1. Click Create next to IKE Proposals from the Advanced IKE/IPSec Setup page. This displays the IKE Proposal Definition page. 2. In IKE Proposal Name, enter a logical name for the IKE Proposal Definition. This name is of no importance to the remote IKE peer. 3.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup IKE/IPSec Configuration IKE IPSec Proposals Definition IKE IPSec Proposals specify how packets will be encrypted/authenticated for the final SA. IPSec uses SAs (Security Associations) for making connections between two devices. An SA is an instance of a security policy and keying material applied to a data flow. SAs are negotiated between the two connection endpoints and contain information on sequence numbering.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup IKE/IPSec Configuration 3. Select one of the following security protocols: • AH (Authentication Header ) method, a security protocol that authenticates the sender of each data packet. If the AH protocol is selected, only packet authentication can be performed, not encryption.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup IKE/IPSec Configuration IKE IPSec Policies Definition IPSec policies are criteria for packets that IPSec will recognize, and actions that IPSec will take upon recognition. To define a new IKE IPSec policy: 1. Click Create next to IKE IPSec Policies from the Advanced IKE/IPSec Setup page. This displays the IKE IPSec Policy Definition page. 2. In IPSec Policy Name, enter a logical name for the IPSec policy.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup IKE/IPSec Configuration 9. In Destination IP Address, enter the IP address of the remote private network to which your router will connect using this policy. 10. In Destination Subnet Mask, enter the subnet mask of the remote private network to which your router will connect using this policy. 11. In Source Port, enter the port that will be the source of TCP/UDP traffic under this policy.
SIEMENS 5890 DSL Router User’s Guide Chapter 6 Security Setup VPN Log On VPN Log On VPN Log On starts an IPSec session. IPSec sessions are initiated through Security Associations (SAs), which allow peers to negotiate a common set of security attributes that assures source authenticity, data integrity and confidentiality of IP packets, providing the level of security required by Virtual Private Networks (VPNs). To start an IPSec session: 1.
Chapter 7 Monitoring Router This chapter describes how to monitor the health of your router connections. Router health can be monitored using the following functions. System Summary View status and statistical information. Diagnostics Run diagnostic programs to determine potential problems. System Summary To view system summary information, click System Summary on the left navigation pane of the Router Information page. This displays the System Summary page.
SIEMENS 5890 DSL Router User’s Guide Chapter 7 Monitoring Router System Summary Ethernet Interface Information Click Ethernet Info on the left navigation pane of the System Summary page to display information about the Ethernet interface. Remote Connection Information Click Remote Info on the left navigation pane of the System Summary page to display information about remote connections for all entries in the Remote Router database.
SIEMENS 5890 DSL Router User’s Guide Chapter 7 Monitoring Router System Summary IP Routing Information Click IP Routing Info on the left navigation pane of the System Summary page to display information about the active interfaces in the IP routing table. System Information Click System Info on the left navigation pane of the System Summary page to display general information for select system settings.
SIEMENS 5890 DSL Router User’s Guide Chapter 7 Monitoring Router Diagnostics Diagnostics The Diagnostic feature provides information about various components of your system that might help in diagnosing a problem. To run diagnostics, click Diagnostics on the left navigation pane of the Router Information page. This displays the Run Diagnostics page.
SIEMENS 5890 DSL Router User’s Guide Chapter 7 Monitoring Router Diagnostics Interface Information Select Interface information from the drop down menu and click Execute to display interface information. ATM Statistics Select ATM Statistics from the drop down menu and click Execute to display ATM statistics.
SIEMENS 5890 DSL Router User’s Guide Chapter 7 Monitoring Router Diagnostics Routing Table Information Select Routing Table information from the drop down menu and click Execute to display information about the configured routing tables. Files Information Select Files information from the drop down menu and click Execute to display files store on the router.
SIEMENS 5890 DSL Router User’s Guide Chapter 7 Monitoring Router Diagnostics Memory Usage Select Memory usage from the drop down menu and click Execute to display memory usage information. List All Configuration Data Select List all configuration data from the drop down menu and click Execute to display configuration information.
SIEMENS 5890 DSL Router User’s Guide Chapter 7 Monitoring Router Diagnostics TCP/IP Statistics Select TCP/IP statistics from the drop down menu and click Execute to display TCP/IP information.
