330 | Motorola 7.7.4 manual

•The encryption and authentication keys

•Lifetime of encryption keys

•The lifetime of the SA

•Replay prevention sequence number and the replay bit table

An arbitrary 32-bit number called a Security Parameters Index (SPI), as well as the destination host’s address and the IPSEC protocol identiﬁer, identify each SA. An SPI is assigned to an SA when the SA is negotiated. The SA can be referred to by using an SPI in AH and ESP transformations. SA is unidirectional. SAs are commonly setup as bundles, because typically two SAs are required for communications. SA management is always done on bundles (setup, delete, relay).

serial communication. Method of data transmission in which data bits are transmitted sequentially over a communication channel

SHA-1.An implementation of the U.S. Government Secure Hash Algorithm; a 160-bit authentication algorithm.

Soft MBytes. Setting the Soft MBytes parameter forces the renegotiation of the IPSec Security Associations (SAs) at the conﬁgured Soft MByte value. The value can be conﬁgured between 1 and 1,000,000 MB and refers to data trafﬁc passed. If this value is not achieved, the Hard MBytes parameter is enforced.

Soft Seconds. Setting the Soft Seconds parameter forces the renegotiation of the IPSec Security Associations (SAs) at the conﬁgured Soft Seconds value. The value can be conﬁgured between 60 and 1,000,000 seconds.

330

Image 330

Motorola 7.7.4 manual 330

Contents

Administrator’s Handbook Copyright Table of Contents Advanced Setup Index Table of Contents Introduction Organization Documentation Conventions Bold terminal type User-entered text face Overview of Major Capabilities PPPoE/PPPoA Point-to-Point Protocol over Ethernet/ATM Instant-On PPP Wide Area Network Termination Dhcp Dynamic Host Conﬁguration Protocol Server DNS Proxy UPnP Diagnostics Embedded Web Server Management Remote Access Control Password ProtectionNetwork Address Translation NAT NAT Motorola Netopia Gateway Internal Servers Motorola Netopia Advanced Features for NATDefault Server Combination NAT Bypass Conﬁguration IP-Passthrough VPN IPSec Pass Through VPN IPSec Tunnel Termination Dynamic DNS Stateful Inspection Firewall Page Basic Mode Setup Important Safety Instructions Set up the Motorola Netopia Gateway Microsoft Windows Set up the Motorola Netopia Gateway Macintosh MacOS 9 or higher or Mac OS Conﬁgure the Motorola Netopia Gateway Page Configure the Motorola Netopia Gateway Motorola Netopia Gateway Status Indicator Lights Accessing the Web User Interface Links Bar Home Home Page Information Home Page Links Enable Wireless Wireless ID Ssid Privacy Operating Mode Advanced Conﬁguration Options optional Default Channel About Closed System Mode and Wireless Encryption Privacy Radius Server authentication Page WPA-PSK WEP-Manual Examples Enable Multiple Wireless IDs Home Page WiFi Multimedia Page Wireless MAC Authorization optional Page Home Link Gaming Supported Games and Software Http Deﬁne Custom Service Page Static NAT Page Link Advanced Setup Link Status ATM LAN Wireless supported models only User List Link Diagnostics Link Help Advanced Setup Open the Web ConnectionPage Home Page Advanced Setup Summary Information Advanced Setup Conﬁgure Link Conﬁgure Link Connection Select the IP Type Links Bar Link Dhcp Server Additional IP Subnets Page Link IP Passthrough Click Enable Link NAT Page Supported Games and Software Nntp Deﬁne Custom Service Page Static NAT Link IPSec IPSec VPN Conﬁguring an IPSec VPN Tunnel Parameter Motorola Netopia Peer Gateway Tunnel Conﬁguration page appears Click the Submit button Links Bar 100 Parameter Descriptions 101 PAT Address 102 Soft MBytes 103 Link Router Password 104 Link Time Zone 105 Overview 106 Ethernet Switching/Policy Setup 107 108 109 110 111 112 Multiple Wireless IDs on 113 114 115 116 117 118 Example 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 Link Status 144 Ethernet 145 Wireless 146 Logs 147 User List 148 149 150 Result Meaning Link Remote Access 151 From a Server 152 Link Reset Router 153 Link Restart Router 154 155 Help 156 Basic Troubleshooting 157 Status Indicator Lights 158 LED Function Summary Matrix 159 160 Thicker than the standard telephone cable Rear View 161 162 Command Line Interface 163 164 Overview 165 166 Config Commands 167 Logging 168 Saving Settings Ending a CLI Session169 Shell Command Shortcuts Shell Prompt170 Common Commands Download serveraddress ﬁlename conﬁrm 172 License key Loglevel level173 Netstat Netstat -r174 Reset cdmode Reset arpReset atm Reset crash Reset log Reset heartbeatReset ipmap Reset security-log Show all-info Show backupRestart seconds Show bridge interfaces Show enet all Show diffservShow dslf device-association 178 Show group-mgmt Show featuresShow etheroam ah Show ip arp Show ip ipsec Show ip igmpShow ip interfaces Show ip ﬁrewall Show pppoe Show logShow memory all Show rtsp Show vlan 182 183 Show wireless all Show wireless clients MACaddress184 View conﬁg WAN CommandsUpload serveraddress ﬁlename conﬁrm Who Reset dsl Reset dhcp client release vcc-idReset dhcp client renew vcc-id Reset ppp vccn Show ppp stats lcp ipcp Config Mode PromptNavigating the Config Hierarchy Start ppp vccn Entering Commands in Config Mode Set ip ethernet a ipaddress188 Step Mode a CLI Conﬁguration Technique Guidelines Config CommandsDisplaying Current Gateway Settings 189 Validating Your Conﬁguration 190 Remote ATA Conﬁguration Commands Set ata proﬁle 0.. ata-static-wan-subnet-mask subnetmask Set ata proﬁle 0.. ata-dhcpc-vid stringSet ata proﬁle 0.. ata-static-wan-ip ipaddr Set ata proﬁle 0.. ata-static-wan-gateway ipaddr Set ata proﬁle 0.. ata-auth-id value Set ata proﬁle 0.. ata-user-password stringSet ata proﬁle 0.. ata-outproxy-port port Set ata proﬁle 0.. ata-user-name string Set atm option on off DSL CommandsSet atm vcc n qos service-class cbr ubr vbr Set atm vcc n option on off Set atm vcc n vpi 0 Set atm vcc n qos sustained-cell-rate 1 ...nSet atm vcc n qos max-burst-size 1 ...n Set atm vcc n vci 0 Set bridge sys-bridge on off Bridging SettingsSet atm vccn pppoe-sessions 1 Set bridge concurrent-bridging-routing on off Set bridge dsl vccn option on off Set bridge table-timeout 30Set bridge ethernet option on off 197 Dhcp Settings Set dhcp range 2.. start-address ipaddress Set dhcp default-option-group nameSet dhcp server-address ipaddress Set dhcp range 2.. end-address ipaddress Set dhcp gen-option name name Set dhcp gen-option option 1200 201 Option Data Format Data Size Can Bytes Conﬁgure 202 Set dhcp gen-option data-type ascii hex dotted-decimal Set dhcp gen-option data data203 Set dhcp ﬁlterset name string rule n dhcp-option 0 Set dhcp ﬁlterset name string rule n absent-action204 Set dhcp ﬁlterset name string rule n match-pool ipaddress Pass discard continueSet dhcp ﬁlterset name string rule n match-str matchstring Set dhcp ﬁlterset name string rule n absent-pool ipaddress Set dhcp assigned-ﬁlterset string 206 Set dmt wiringMode auto tipring AA1 DMT SettingsSet dmt dmt dying-gasp default off on Set dmt dsl-annex-support off on Set dns proxy-enable Set dmt metallic-termination auto disabled alwaysonDomain Name System Settings Set dns domain-name domain-name Set dns secondary-address ipaddress Set dns conﬁgured-dns-priority 0209 210 Igmp Settings 211 212 Set igmp query-intvl value Set igmp snooping off onSet igmp robustness value Set igmp query-response-intvl value Set igmp version 1 2 Set igmp wireless-m2u on offSet igmp log-enable on off Set igmp last-member-query-intvl value Set ip option on off IP SettingsSet ip arp-timeout 60 Set ip dsl vccn address ipaddress Set ip dsl vccn netmask netmask Set ip dsl vccn restrictions admin-disabled noneSet ip dsl vccn broadcast broadcastaddress Set ip dsl vccn addr-mapping on off Set ip dsl vccn unnumbered on off Set ip dsl vccn mcast-fwd on offSet ip dsl vccn igmp-null-source-addr on off Set ip dsl vccn rip-send off v1 v2 v1-compat v2-MD5 Set ip ethernet a address ipaddress Set ip dsl vccn rip-receive Off v1 v2 v1-compat v2-MD5Set ip ethernet a option on off Set ip ethernet a broadcast broadcastaddress Set ip ethernet a rip-send Off v1 v2 v1-compat v2-MD5 Set ip ethernet a restrictions none admin-disabledSet ip ethernet a netmask netmask 219 Set ip ethernet a subnet n address ipaddress Set ip ethernet a rip-receive off v1 v2 v1-compat v2-MD5Set ip ethernet a subnet 2 .. option on off Set ip ethernet a subnet n netmask netmask Set ip ip-ppp vccn peer-address ipaddress Set ip ip-ppp vccn option on offSet ip ip-ppp vccn address ipaddress 221 Set ip ip-ppp vccn auto-sensing off dhcp/pppoe pppoe/pppoa Set ip ip-ppp vccn restrictions admin-disabled noneSet ip ip-ppp vccn addr-mapping on off Set ip ip-ppp vccn rip-send off v1 v2 v1-compat v2-MD5 Set ip ip-ppp vccn mcast-fwd on off Set ip ip-ppp vccn rip-receive off v1 v2 v1-compat v2-MD5Set ip ip-ppp vccn igmp-null-source-addr on off Set ip ip-ppp vccn unnumbered on off Set ip ip-ppp vccn dns acquired-dns-priority 0 224 Set ip ipsec-passthrough off on Set ip static-arp ip-addressipaddressSet ip igmp-forwarding off on 225 Set ip prioritize off on 226 Set diffserv option off on Set diffserv lohi-ratio 60 100 percent227 Qos off assure expedite network-control 228 Set diffserv qos dscp-map default custom 229 By default, the following settings are used in custom mode 230 Queue Conﬁguration 231 232 Set queue name wfq weight-type bps 233 234 Set queue name priorityqueuename default-inputqueuename 235 Rate-limiting weighted fair queue to 100Kbps 236 Set ip static-routes destination-networknetaddress Set ip sip-passthrough on offSet ip ethernet B rtsp-passthrough off on 237 238 Set ip-maps name name internal-ip ip address IPMaps SettingsDelete ip static-routes destination-network netaddress Set ip-maps name name external-ip ip address Network Address Translation NAT Default Settings Network Address Translation NAT Pinhole Settings Set pinhole name name external-port-start 0 Set pinhole name nameSet pinhole name name protocol-select tcp udp Set pinhole name name external-port-end 0 PPPoE /PPPoA Settings Set ppp module vccn echo-period integer Set ppp module vccn protocol-compression on offSet ppp module vccn lcp-echo-requests on off Set ppp module vccn lost-echoes-max integer Set ppp module vccn connection-type instant-on always-on Set ppp module vccn restart-timer integerSet ppp module vccn terminate-max integer Set ppp module vccn time-out integer Set ppp module vccn port-authentication username username Set ppp module vccn port-authentication password password245 Set wan-over-ether pppoe-with-ipoe on off PPPoE with IPoE SettingsSet wan-over-ether pppoe on off Set wan-over-ether ipoe-sessions 1 Set atm vcc n encap pppoe-llc 247 Set ip ip-ppp vcc1 igmp-null-source-addr off on Ethernet Port SettingsSet ip ip-ppp vcc1 mcast-fwd on off 248 Set ethernet oam ah option off on 802.3ah Ethernet OAM SettingsSet ethernet oam ah mode active passive Set ethernet oam ah pass-through off on Etheroam ah ping Set ethernet oam ah discovery-timer 1Set ethernet oam ah keepalive-timer 5 250 Set preference more lines Command Line Interface Preference SettingsSet preference verbose on off 251 Set servers telnet-tcp 1 Port Renumbering SettingsSet servers web-http 1 252 Security Settings 253 254 Application Select this Level Other Considerations 255 Port Session Type Port State Set security ipsec option off on off 256 Set security ipsec tunnels name 123 tun-enable on on off Set security ipsec tunnels name257 Set security ipsec tunnels name 123 IKE-mode DH-group 1 1 2 258 Set security ipsec tunnels name 123 nat-enable on off Set security ipsec tunnels name 123 xauth enable off onSet security ipsec tunnels name 123 xauth password password Set security ipsec tunnels name 123 xauth username username Set security ipsec tunnels name 123 local-id idvalue Set security ipsec tunnels name 123 remote-id idvalue260 261 Set security state-insp tcp-timeout 30 262 Set security state-insp xposed-addr exposed-address# n Set security state-insp udp-timeout 30Set security state-insp dos-detect off on Set security state-insp xposed-addr Exposed-address# n protocol tcp udp both any 264 Snmp Settings Set snmp v3 enable off on Set snmp notify type v1-trap v2-trap inform266 Set snmp v3 ro-account security-name string Set snmp v3 ro-account auth-passwordSet snmp v3 ro-account priv-password Set snmp v3 ro-account security-model none auth auth+priv Set snmp v3 rw-account security-name string Set snmp v3 rw-account auth-passwordSet snmp v3 rw-account priv-password Set snmp v3 rw-account security-model none auth auth+priv Set system name name System SettingsShow snmp v3 engine-id 269 270 Set system ftp-server option off on Set system idle-timeout telnet 1...120 http 1Set system username administrator name user name Set system log-size 10240 Set system password admin user Sleep Contact-email string@domainname location string272 Set system zerotouch option on off Set system zerotouch redirect-url redirection-URL273 Syslog Default syslog installation procedure 275 Type save 276 Wireless Settings supported models Set wireless mode both-b-and-g b-only g-only Set wireless multi-ssid option on off278 279 Set wireless no-bridging off on Set wireless tx-power full medium fair low minimal280 Set wireless wmm option off on 281 282 283 Set wireless network-id privacy pre-shared-key string Set wireless network-id privacy default-keyid284 Set wireless mac-auth option on off 285 286 Set radius alt-radius-name servernamestring Set radius radius-name servernamestringSet radius radius-secret sharedsecret Set radius alt-radius-secret sharedsecret Vlan Settings Set vlan name name ports port promote off on Set vlan name name ports port tag off onSet vlan name name ports port priority off on Set vlan name name ports port port-pbits 0 290 Assign an IP interface An example of a Triple-Play setup 291 292 Set vlan name PPPoE11 id 293 Set voip phone 0 1 sip-proxy-server servername ipaddress VoIP settingsSet voip phone 0 1 sip-option off on Set voip phone 0 1 sip-proxy-server-domain domainname Set voip phone 0 1 sip-out-proxy-server Set voip phone 0 1 sip-registrar-setting sip-expires-time 0Set voip phone 0 1 sip-user-password password Set voip phone 0 1 sip-user-display-name name Set voip phone 0 1 codec G72616 priority 1 2 3 4 5 6 7 none 3 4 5 6 7 noneSet voip phone 0 1 codec G729A priority 1 2 3 4 5 6 7 none Set voip phone 0 1 codec G72624 priority 1 2 3 4 5 6 7 none 297 Set voip phone 0 1 sip-advanced-setting dsp-settings 298 Echo-max-attenuation 0 299 300 Set upnp log off on UPnP settingsSet upnp option on off Set upnp read-only off on DSL Forum settings Set dslf-lanmgmt option off on302 303 Set backup failure-timeout 1 Backup IP Gateway SettingsSet backup option disabled manual automatic Set backup ping-host 1 2 name address Set ip backup-gateway option on off Set backup auto-recovery off onSet backup recovery-timeout 1 Set ip backup-gateway interface ip-address Vdsl Settings 306 Vdsl Parameter Defaults 307 308 Vdsl Parameters Accepted Values 309 Parameter 310 Etsi M2 CAB 311 312 313 314 Glossary 315 316 317 318 319 320 Ethernet crossover cable. See crossover cable 321 322 323 324 325 326 327 328 329 330 331 332 Description 333 334 Software and protocols Agency approvals 335 Manufacturer’s Declaration of Conformance 336 337 Declaration for Canadian users Important Safety Instructions 338 CFR Part 68 Information 339 Electrical Safety Advisory 340 Copyright Acknowledgments 341 342 343 344 Index DSL 66 248 NTP VPI/VCI 350