Manuals / Motorola / Cell Phone / Cell Phone

Motorola 3352N, 7000, 3342, 2200 manual 291

Models: 2200 3342 3352N 3352 7000

1 368

Download 368 pages 62.68 Kb

Page 291

Internet Key Exchange (IKE) Settings

The following four IPsec parameters conﬁgure the rekeying event.

set security ipsec tunnels name "123" IKE-mode ipsec-soft-mbytes (1000) {1-1000000}

set security ipsec tunnels name "123" IKE-mode ipsec-soft-seconds (82800) {60-1000000}

set security ipsec tunnels name "123" IKE-mode ipsec-hard-mbytes (1200) {1-1000000}

set security ipsec tunnels name "123" IKE-mode

ipsec-hard-seconds (86400) {60-1000000}

•The soft parameters designate when the system begins to negotiate a new key. For example, after 82800 seconds (23 hours) or 1 Gbyte has been transferred (whichever comes ﬁrst) the key will begin to be renegotiated.

•The hard parameters indicate that the renegotiation must be complete or the tunnel will be disabled. For example, 86400 seconds (24 hours) means that the renegotiation must be complete within one day.

Both ends of the tunnel set parameters, and typically they will be the same. If they are not the same, the rekey event will happen when the longest time period expires or when the largest amount of data has been sent.

291

Image 291

Motorola 3352N, 7000, 3342, 2200 manual 291

Contents

Administrator’s Handbook Copyright Administrator’s HandbookPage Administrator’s Handbook Table of Contents Breadcrumb Trail Security Basic Troubleshooting Command Line Interface 223 Administrator’s Handbook Glossary Overview of Major Capabilities What’s New IntroductionAdministrator’s Handbook General About Motorola Netopia DocumentationIntended Audience Documentation ConventionsInternal Web Interface Command Line InterfaceWord About Example Screens OrganizationAdministrator’s Handbook Basic Mode Setup Power Supply Installation Important Safety InstructionsWichtige Sicherheitshinweise AchtungBewahren Sie diese Anweisungen auf Microsoft Windows Setting up the Motorola Netopia GatewayPage Macintosh MacOS 8 or higher or Mac OS MiAVo Vdsl and Ethernet WAN models Quickstart Conﬁguring the Motorola Netopia GatewayYou can skip to Home Page Basic Mode on PPPoE Quickstart Set up the Motorola Netopia Pocket Gateway Page Motorola Netopia Gateway Status Indicator Lights Home Page Basic Mode Down Link Manage My Account Link Status Details Link Enable Remote Management Link Expert Mode Link Update Firmware Link Factory Reset Open the Web Connection Accessing the Expert Web InterfaceAdministrator’s Handbook Field Status and/or Description Home Page Expert ModeHome Page Information Summary InformationNAT VoIPToolbar Navigating the Web InterfaceLink Breadcrumb Trail Button Restart RestartLink Alert Symbol Button Help HelpConﬁgure Button ConﬁgureLink Quickstart Administrator’s Handbook Link LAN Administrator’s Handbook Page Administrator’s Handbook Wireless supported models Privacy Page Advanced About Closed System Mode Administrator’s Handbook Multiple SSIDs ExamplesWPA Version Allowed Administrator’s Handbook Page WiFi Multimedia Wireless MAC Authorization Administrator’s Handbook Use Radius Server Advanced Network Conﬁguration page appears PPP over Ethernet interface Link WANDHCP/PPPoE/PPPoA Autosensing RIP-1 compatibility, or RIP-2 with MD5 AdvancedEthernet WAN interface Page Advanced IP GatewayOther WAN Options WAN Ethernet and Vdsl Gateways Adsl GatewaysAvailable Encapsulation types Administrator’s Handbook Page Sustained Cell Rate SCR Transmit Priority Comments ClassLink Advanced IP Static Route Entry page appears Link IP Static RoutesChanges link Link IP Static ARP Link Pinholes Tips for making Pinhole Entries GatewayPinhole Conﬁguration Procedure. Use the following steps Page Administrator’s Handbook FAQs for the IPMaps Feature Conﬁgure the IPMaps Feature192.168.1.2 IPMaps Block DiagramMotorola Netopia Gateway WAN Interface LAN Interface 192.168.1.1Link Default Server Internet Gateway Page Link Differentiated Services Page QoS Setting TOS Bit Value Behavior Link DNS Link Dhcp Server Link Radius Server Link Snmp Page Link Igmp Internet Group Management Protocol Igmp Version 3 supports100 101 102 Link UPnP103 Link LAN Management104 Link Ethernet Bridge105 Conﬁguring for Bridge Mode106 107 Overview108 Ethernet Switching/Policy Setup109 Vlan Model Combining Bridging and Routing110 111 Vlan Port Conﬁguration screen appears112 113 114 115 116 Example117 118 119 Click the Save and Restart link120 Supported models only121 SIP Line Entry122 Call Features Settings123 124 Link System125 Link Syslog ParametersDSL Log Messages most common Administration Related Log MessagesLog Event Messages System Log Messages127 Access-related Log Messages128 129 Link Internal Servers130 Link Software Hosting131 List of Supported Games and Software132 Rename a UserPCCheck the Enable Backup Gateway checkbox Manual options133 134 Automatic options135 136 Link Ethernet MAC Override137 Link Clear Options138 Link Time ZoneSecurity Button Security139 140 Link Passwords141 142 Conﬁguring for a BreakWater SettingLink Firewall Use a Motorola Netopia FirewallTips for making your BreakWater Basic Firewall Selection Basic Firewall Background143 144 BreakWater Setting ClearSailing SilentRunning LANdLocked145 146 Link IPSec147 SafeHarbour IPSec VPN148 Conﬁguring a SafeHarbour VPNParameter Motorola Netopia Peer Gateway 149150 Be sure that you have SafeHarbour VPN enabledParameter Descriptions Field Description151 Address/Value 152153 Stateful Inspection Firewall installation procedure Link Stateful Inspection154 155 Exposed Addresses156 157 Open Ports in Default Stateful Inspection InstallationStateful Inspection Options Port Protocol Description LAN Private WAN Public InterfaceBasic protocol types Firewall TutorialGeneral ﬁrewall terms Basic IP packet components159 Example TCP/UDP Ports TCP Port ServiceFirewall design rules Firewall LogicImplied rules Example ﬁlter set160 Example network Filter basicsExample ﬁlters What it means162 Link Packet Filter What’s a ﬁlter and what’s a ﬁlter set?163 How ﬁlter sets work Filter priority164 Port numbers How individual ﬁlters workﬁltering rule Parts of a ﬁlterPort number comparisons Other ﬁlter attributes166 Putting the parts together Filtering example #1167 168 Design guidelines Filtering example #2169 170 An approach to using ﬁltersWorking with IP Filters and Filter Sets Adding a ﬁlter set171 172 Adding ﬁlters to a ﬁlter set173 174 Enter the Source Mask for the source IP address175 Deleting a ﬁlter set176 Associating a Filter Set with an InterfacePolicy-based Routing using Filtersets TOS ﬁeld matching177 178 Using the Security Monitoring Log Link Security Log179 TCP 180181 Timestamp BackgroundInstall Button Install182 183 Link Install SoftwareRequired Files Background184 Install the Motorola Netopia ﬁrmware ImageMotorola Netopia ﬁrmware Image File Conﬁrm Motorola Netopia Firmware Image Files185 Verify the Motorola Netopia Firmware Release186 Procedure Install a New Feature Key File Link Install KeyUse Motorola Netopia Software Feature Keys Obtaining Software Feature Keys188 189 To check your installed features190 Link Install Certiﬁcate191 Administrator’s Handbook 192 193 Basic Troubleshooting194 Status Indicator LightsAction Ethernet195 Model 2241N only196 Ethernet 1, 2, 3197 Wireless198 199 Special patterns200 LAN 1, 2, 3201 Wireless LinkDSL 1 & 2 ADSL2+ Models only Ethernet 1, 2, 3202 203 204 LED Function Summary MatrixLink Wireless UnlitActive TrafﬁcFactory Reset Switch 207 Advanced Troubleshooting208 HomeDevice Gateway 209Expert Mode Button Troubleshoot210 211 Link System Status212 Link Ports Ethernet213 Link Ports DSL214 Link IP Interfaces215 Link DSL Circuit Conﬁguration216 Link System Log Entire217 Link Diagnostics218 Link Network Tools219 220 If Ping is not successful, possible causes are221 Administrator’s Handbook 222 223 Command Line Interface224 OverviewCommand Verbs Status and/or Description Keywords225 Logging Using the CLI Help FacilitySaving Settings Starting and Ending a CLI Session227 About Shell CommandsShell Command Shortcuts Shell PromptCommon Commands Shell CommandsLicense key Loglevel level229 230 NetstatNetstat -r QuitReset crash Reset arpReset atm Reset cdmodeReset wepkeys Reset security-logReset wan-users all ip-address Reset wanShow diffserv Show crashShow dhcp agent Show dhcp server leasesShow ip arp Show featuresShow etheroam ah Show group-mgmtShow ip state-insp Show ip ﬁrewallShow ip lan-discovery Show ip routes236 Show statusShow summary Show vlan237 View conﬁg Show wireless allShow wireless clients MACaddress Upload serveraddress ﬁlename conﬁrmWAN Commands Show ppp stats lcp ipcp About Config CommandsConfig Mode Prompt Navigating the Config Hierarchy241 Entering Commands in Config ModeGuidelines Config Commands Set ip ethernet a ipaddress242 Displaying Current Gateway SettingsStep Mode a CLI Conﬁguration Technique Validating Your ConﬁgurationRemote ATA Conﬁguration Commands Config CommandsSet ata proﬁle 0.. ata-proxy-port port Set ata proﬁle 0.. ata-user-password stringSet ata proﬁle 0.. ata-static-wan-gateway ipaddr Set ata proﬁle 0.. ata-proxy-server ipaddrDSL Commands Set atm vccn pppoe-sessions 1 Bridging SettingsSet atm vcc n vpi 0 Set atm vcc n vci 0Set bridge dhcp-ﬁlterset string Set bridge table-timeout 30Set bridge sys-bridge on off Set bridge concurrent-bridging-routing on offDhcp Settings Set dhcp gen-option option 1 Set dhcp range 2.. start-address ipaddressSet dhcp range 2.. end-address ipaddress Set dhcp gen-option name name250 Option Data Format Data Size Can Bytes ConﬁgureSet dhcp gen-option data-type ascii hex dotted-decimal Set dhcp gen-option data data251 Set dhcp ﬁlterset name string rule n dhcp-option 0 Set dhcp ﬁlterset name string rule n match-str matchstring252 253 Set dhcp ﬁlterset name string rule n match-pool ipaddressSet dhcp ﬁlterset name string rule n absent-pool ipaddress Set dhcp assigned-ﬁlterset stringDMT Settings Domain Name System Settings 256 257 Igmp SettingsSet igmp query-response-intvl value Set igmp snooping off onSet igmp robustness value Set igmp query-intvl valueIP Settings Set ip dsl vccn auto-sensing off dhcp/pppoe pppoe/pppoa Set ip dsl vccn restrictions admin-disabled noneSet ip dsl vccn netmask netmask Set ip dsl vccn addr-mapping on offSet ip ethernet a address ipaddress Set ip dsl vccn rip-send off v1 v2 v1-compat v2-MD5Set ip dsl vccn rip-receive Off v1 v2 v1-compat v2-MD5 Set ip ethernet a option on offSet ip ethernet a rip-receive off v1 v2 v1-compat v2-MD5 Set ip ethernet a restrictions none admin-disabledSet ip ethernet a netmask netmask Set ip ethernet a rip-send Off v1 v2 v1-compat v2-MD5Set ip gateway interface ip-address ppp-vccn Set ip ethernet a subnet n address ipaddressSet ip ethernet a subnet n netmask netmask Set ip gateway option on offSet ip ip-ppp vccn auto-sensing off dhcp/pppoe pppoe/pppoa Set ip ip-ppp vccn restrictions admin-disabled noneSet ip ip-ppp vccn peer-address ipaddress Set ip ip-ppp vccn addr-mapping on offSet ip ip-ppp vccn unnumbered on off Set ip ip-ppp vccn rip-receive off v1 v2 v1-compat v2-MD5Set ip ip-ppp vccn igmp-null-source-addr on off Set ip ip-ppp vccn mcast-fwd on offSet ip prioritize off on Set ip static-arp ip-addressipaddressSet ip igmp-forwarding off on Set ip ipsec-passthrough off onSet diffserv option off on Set diffserv lohi-ratio 60 100 percent267 268 Qos off assure expedite network-control269 Set diffserv qos dscp-map default custom270 271 Queue Conﬁguration272 273 Set queue name wfq weight-type bps274 Set queue name priorityqueuename default-inputqueuename275 Rate-limiting weighted fair queue to 100Kbps276 Set ip sip-passthrough on offSet ip ethernet B rtsp-passthrough off on Set ip static-routes destination-networknetaddressSet ip-maps name name external-ip ip address IPMaps SettingsDelete ip static-routes destination-network netaddress Set ip-maps name name internal-ip ip addressNetwork Address Translation NAT Pinhole Settings Network Address Translation NAT Default SettingsPPPoE /PPPoA Settings Set ppp module vccn lcp-echo-requests on off Set ppp module vccn restart-timer integerSet ppp module vccn magic-number on off Set ppp module vccn protocol-compression on offSet ppp module vccn time-out integer Set ppp module vccn port-authentication username usernameSet ppp module vccn port-authentication password password Set ppp module vccn connection-type instant-on always-onSet wan-over-ether ipoe-sessions 1 PPPoE with IPoE SettingsSet wan-over-ether pppoe on off Set wan-over-ether pppoe-with-ipoe on offSet ip ip-ppp vcc1 igmp-null-source-addr off on Ethernet Port SettingsSet atm vcc n encap pppoe-llc Set ip ip-ppp vcc1 mcast-fwd on off802.3ah Ethernet OAM Settings 285 Command Line Interface Preference SettingsSet preference verbose on off Set preference more lines286 Port Renumbering SettingsSet servers web-http 1 Set servers telnet-tcp 1Set security ipsec tunnels name Security SettingsSet security ipsec tunnels name 123 tun-enable on on off Set security ipsec option off on off288 Set security ipsec tunnels name 123 IKE-mode DH-group 1 1 2Set security ipsec tunnels name 123 xauth username username Set security ipsec tunnels name 123 xauth enable off onSet security ipsec tunnels name 123 xauth password password Set security ipsec tunnels name 123 nat-enable on offSet security ipsec tunnels name 123 local-id idvalue Set security ipsec tunnels name 123 remote-id idvalue290 291 292 Set security state-insp tcp-timeout 30Set security state-insp udp-timeout 30 Set security state-insp dos-detect off on293 Set security state-insp xposed-addr exposed-address# n294 Packet Filtering Settings295 Operator296 Snmp Settings System Settings Set system name name298 Set system ftp-server option off on Set system idle-timeout telnet 1...120 http 1Set system username administrator name user name Set system password admin userSleep Contact-email string@domainname location string Set system zerotouch option on off300 Syslog 302 Default syslog installation procedureWireless Settings supported models 304 Set wireless no-bridging off on Set wireless tx-power full medium fair low minimal305 306 Set wireless wmm option off on307 Set wireless network-id privacy pre-shared-key string Set wireless network-id privacy default-keyid308 Set wireless mac-auth option on off Example 40bit key 02468ACE02309 Set radius alt-radius-secret sharedsecret Set radius radius-name servernamestringSet radius radius-secret sharedsecret Set radius alt-radius-name servernamestringVlan Settings Set vlan name name ports port port-pbits 0 Set vlan name name ip-interface ipinterface312 313 Assign an IP interfaceSet vlan name PPPoE11 id 314Set vlan name Video31 ports eth1 tag on 315VoIP settings Set voip phone 0 1 auth-id string Set voip phone 0 1 sip-user-password passwordSet voip phone 0 1 sip-user-display-name name Set voip phone 0 1 sip-user-name username318 Set voip phone 0 1 codec G72640 priority 1 2 3 4 5 6 7 none319 320 DSL Forum settings UPnP settings322 TR-069Backup IP Gateway Settings 324 Set ip backup-gateway default ipaddress325 Vdsl Settings326 327 Vdsl Parameters Accepted Values328 Parameter329 Accepted Values330 331 Glossary332 333 334 Ethernet crossover cable. See crossover cable335 336 337 338 339 340 341 Administrator’s Handbook 342 343 DescriptionInternational Agency approvalsManufacturer’s Declaration of Conformance North America345 Declaration for Canadian users346 Important Safety InstructionsAustralian Safety Information Telecommunication installation cautions347 CFR Part 68 InformationElectrical Safety Advisory Copyright Acknowledgments348 349 350 Wide Area Network Termination PPPoE/PPPoA Point-to-Point Protocol over Ethernet/ATM351 352 Simpliﬁed Local Area Network SetupInstant-On PPP Dhcp Dynamic Host Conﬁguration Protocol ServerEmbedded Web Server DiagnosticsManagement DNS Proxy354 Remote Access ControlPassword Protection Network Address Translation NAT355 Motorola Netopia Advanced Features for NATMotorola Netopia Gateway Internal ServersIP-Passthrough Default ServerPinholes Combination NAT Bypass ConﬁgurationVPN IPSec Pass Through VPN IPSec Tunnel Termination357 358 Stateful Inspection FirewallSSL Certiﬁcate Support VLANs359 Index360 Config361 362 NAT 264, 278363 PPP364 Shell365 VPN366 367 Administrator’s Handbook 368