296 | Motorola 3352N, 7000, 3342, 2200 instruction

Administrator’s Handbook

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index dst-compare [ nc ne lt le eq gt ge ]

Sets the destination compare operator action for the speciﬁed ﬁlter rule. dst-compareonly displays when the protocol is TCP or UDP.

Operator	Action
nc	No compare
ne	Not equal to
lt	Less than
le	Less than or equal to
eq	Equal to
ge	Greater than or equal to
gt	Greater than

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index src-port value

Speciﬁes the source IP port to match packets (the port on the sending host that originated the packet, if the underlying protocol is TCP or UDP). src-portdoes not display if nc is set for src-compareor dst-com- pare.

set security pkt-ﬁlter ﬁlterset ﬁlterset-name[ input_ﬁlter output_ﬁlter ] index dst-port value

Speciﬁes the destination IP port to match packets (the port on the receiving host that the packet is des- tined for, if the underlying protocol is TCP or UDP). dst-port does not display if nc is set for src-compare or dst-compare.

set security pkt-ﬁlter interface assigned-ﬁlterset ﬁlterset-name

Associates a ﬁlterset with a LAN or WAN interface.

Example:

set security pkt-filter ethernet A assigned-filterset set1

296

Image 296

Motorola 3352N, 7000, 3342, 2200 manual 296

Contents

Administrator’s Handbook Administrator’s Handbook CopyrightPage Administrator’s Handbook Table of Contents Breadcrumb Trail Security Basic Troubleshooting Command Line Interface 223 Administrator’s Handbook Glossary Overview of Major Capabilities Introduction What’s New Administrator’s Handbook About Motorola Netopia Documentation Intended AudienceDocumentation Conventions General Command Line Interface Internal Web Interface Organization Word About Example Screens Administrator’s Handbook Basic Mode Setup Important Safety Instructions Power Supply Installation Bewahren Sie diese Anweisungen auf Wichtige SicherheitshinweiseAchtung Setting up the Motorola Netopia Gateway Microsoft WindowsPage Macintosh MacOS 8 or higher or Mac OS Conﬁguring the Motorola Netopia Gateway MiAVo Vdsl and Ethernet WAN models Quickstart You can skip to Home Page Basic Mode on PPPoE Quickstart Set up the Motorola Netopia Pocket Gateway Page Motorola Netopia Gateway Status Indicator Lights Home Page Basic Mode Down Link Manage My Account Link Status Details Link Enable Remote Management Link Expert Mode Link Update Firmware Link Factory Reset Accessing the Expert Web Interface Open the Web Connection Administrator’s Handbook Home Page Expert Mode Home Page InformationSummary Information Field Status and/or Description VoIP NAT Link Breadcrumb Trail ToolbarNavigating the Web Interface Restart Button Restart Link Alert Symbol Help Button Help Link Quickstart ConﬁgureButton Conﬁgure Administrator’s Handbook Link LAN Administrator’s Handbook Page Administrator’s Handbook Wireless supported models Privacy Page Advanced About Closed System Mode Administrator’s Handbook WPA Version Allowed Multiple SSIDsExamples Administrator’s Handbook Page WiFi Multimedia Wireless MAC Authorization Administrator’s Handbook Use Radius Server Advanced Network Conﬁguration page appears Link WAN PPP over Ethernet interface DHCP/PPPoE/PPPoA Autosensing Advanced RIP-1 compatibility, or RIP-2 with MD5 Ethernet WAN interface Page Other WAN Options AdvancedIP Gateway Available Encapsulation types WAN Ethernet and Vdsl GatewaysAdsl Gateways Administrator’s Handbook Page Sustained Cell Rate SCR Class Transmit Priority Comments Link Advanced Link IP Static Routes IP Static Route Entry page appears Changes link Link IP Static ARP Link Pinholes Gateway Tips for making Pinhole Entries Pinhole Conﬁguration Procedure. Use the following steps Page Administrator’s Handbook Conﬁgure the IPMaps Feature FAQs for the IPMaps Feature IPMaps Block Diagram Motorola Netopia Gateway WAN Interface LAN Interface192.168.1.1 192.168.1.2 Link Default Server Internet Gateway Page Link Differentiated Services Page QoS Setting TOS Bit Value Behavior Link DNS Link Dhcp Server Link Radius Server Link Snmp Page 100 Link Igmp Internet Group Management ProtocolIgmp Version 3 supports 101 Link UPnP 102 Link LAN Management 103 Link Ethernet Bridge 104 Conﬁguring for Bridge Mode 105 106 Overview 107 Ethernet Switching/Policy Setup 108 Vlan Model Combining Bridging and Routing 109 110 Vlan Port Conﬁguration screen appears 111 112 113 114 115 Example 116 117 118 Click the Save and Restart link 119 Supported models only 120 SIP Line Entry 121 Call Features Settings 122 123 Link System 124 Link Syslog Parameters 125 Administration Related Log Messages Log Event MessagesSystem Log Messages DSL Log Messages most common Access-related Log Messages 127 128 Link Internal Servers 129 Link Software Hosting 130 List of Supported Games and Software 131 Rename a UserPC 132 133 Check the Enable Backup Gateway checkboxManual options Automatic options 134 135 Link Ethernet MAC Override 136 Link Clear Options 137 Link Time Zone 138 139 SecurityButton Security Link Passwords 140 141 Conﬁguring for a BreakWater Setting Link FirewallUse a Motorola Netopia Firewall 142 143 Tips for making your BreakWater Basic Firewall SelectionBasic Firewall Background BreakWater Setting ClearSailing SilentRunning LANdLocked 144 145 Link IPSec 146 SafeHarbour IPSec VPN 147 Conﬁguring a SafeHarbour VPN 148 149 Parameter Motorola Netopia Peer Gateway Be sure that you have SafeHarbour VPN enabled 150 151 Parameter DescriptionsField Description 152 Address/Value 153 154 Stateful Inspection Firewall installation procedureLink Stateful Inspection Exposed Addresses 155 156 Open Ports in Default Stateful Inspection Installation Stateful Inspection OptionsPort Protocol Description LAN Private WAN Public Interface 157 Firewall Tutorial General ﬁrewall termsBasic IP packet components Basic protocol types Example TCP/UDP Ports TCP Port Service Firewall design rulesFirewall Logic 159 160 Implied rulesExample ﬁlter set Filter basics Example ﬁltersWhat it means Example network 162 163 Link Packet FilterWhat’s a ﬁlter and what’s a ﬁlter set? 164 How ﬁlter sets workFilter priority How individual ﬁlters work ﬁltering ruleParts of a ﬁlter Port numbers 166 Port number comparisonsOther ﬁlter attributes 167 Putting the parts togetherFiltering example #1 168 169 Design guidelinesFiltering example #2 An approach to using ﬁlters 170 171 Working with IP Filters and Filter SetsAdding a ﬁlter set Adding ﬁlters to a ﬁlter set 172 173 Enter the Source Mask for the source IP address 174 Deleting a ﬁlter set 175 Associating a Filter Set with an Interface 176 177 Policy-based Routing using FiltersetsTOS ﬁeld matching 178 179 Using the Security Monitoring LogLink Security Log 180 TCP Timestamp Background 181 182 InstallButton Install Link Install Software Required FilesBackground 183 Install the Motorola Netopia ﬁrmware Image Motorola Netopia ﬁrmware Image FileConﬁrm Motorola Netopia Firmware Image Files 184 Verify the Motorola Netopia Firmware Release 185 186 Link Install Key Use Motorola Netopia Software Feature KeysObtaining Software Feature Keys Procedure Install a New Feature Key File 188 To check your installed features 189 Link Install Certiﬁcate 190 191 Administrator’s Handbook 192 Basic Troubleshooting 193 Status Indicator Lights ActionEthernet 194 Model 2241N only 195 Ethernet 1, 2, 3 196 Wireless 197 198 Special patterns 199 LAN 1, 2, 3 200 Wireless Link 201 202 DSL 1 & 2 ADSL2+Models only Ethernet 1, 2, 3 203 LED Function Summary Matrix 204 Wireless Unlit ActiveTrafﬁc Link Factory Reset Switch Advanced Troubleshooting 207 Home 208 209 Device Gateway 210 Expert ModeButton Troubleshoot Link System Status 211 Link Ports Ethernet 212 Link Ports DSL 213 Link IP Interfaces 214 Link DSL Circuit Conﬁguration 215 Link System Log Entire 216 Link Diagnostics 217 Link Network Tools 218 219 If Ping is not successful, possible causes are 220 221 Administrator’s Handbook 222 Command Line Interface 223 Overview 224 225 Command Verbs Status and/or DescriptionKeywords Using the CLI Help Facility Saving SettingsStarting and Ending a CLI Session Logging About Shell Commands Shell Command ShortcutsShell Prompt 227 Shell Commands Common Commands 229 License keyLoglevel level Netstat Netstat -rQuit 230 Reset arp Reset atmReset cdmode Reset crash Reset security-log Reset wan-users all ip-addressReset wan Reset wepkeys Show crash Show dhcp agentShow dhcp server leases Show diffserv Show features Show etheroam ahShow group-mgmt Show ip arp Show ip ﬁrewall Show ip lan-discoveryShow ip routes Show ip state-insp Show status Show summaryShow vlan 236 237 Show wireless all Show wireless clients MACaddressUpload serveraddress ﬁlename conﬁrm View conﬁg WAN Commands About Config Commands Config Mode PromptNavigating the Config Hierarchy Show ppp stats lcp ipcp Entering Commands in Config Mode Guidelines Config CommandsSet ip ethernet a ipaddress 241 Displaying Current Gateway Settings Step Mode a CLI Conﬁguration TechniqueValidating Your Conﬁguration 242 Config Commands Remote ATA Conﬁguration Commands Set ata proﬁle 0.. ata-user-password string Set ata proﬁle 0.. ata-static-wan-gateway ipaddrSet ata proﬁle 0.. ata-proxy-server ipaddr Set ata proﬁle 0.. ata-proxy-port port DSL Commands Bridging Settings Set atm vcc n vpi 0Set atm vcc n vci 0 Set atm vccn pppoe-sessions 1 Set bridge table-timeout 30 Set bridge sys-bridge on offSet bridge concurrent-bridging-routing on off Set bridge dhcp-ﬁlterset string Dhcp Settings Set dhcp range 2.. start-address ipaddress Set dhcp range 2.. end-address ipaddressSet dhcp gen-option name name Set dhcp gen-option option 1 Option Data Format Data Size Can Bytes Conﬁgure 250 251 Set dhcp gen-option data-type ascii hex dotted-decimalSet dhcp gen-option data data 252 Set dhcp ﬁlterset name string rule n dhcp-option 0Set dhcp ﬁlterset name string rule n match-str matchstring Set dhcp ﬁlterset name string rule n match-pool ipaddress Set dhcp ﬁlterset name string rule n absent-pool ipaddressSet dhcp assigned-ﬁlterset string 253 DMT Settings Domain Name System Settings 256 Igmp Settings 257 Set igmp snooping off on Set igmp robustness valueSet igmp query-intvl value Set igmp query-response-intvl value IP Settings Set ip dsl vccn restrictions admin-disabled none Set ip dsl vccn netmask netmaskSet ip dsl vccn addr-mapping on off Set ip dsl vccn auto-sensing off dhcp/pppoe pppoe/pppoa Set ip dsl vccn rip-send off v1 v2 v1-compat v2-MD5 Set ip dsl vccn rip-receive Off v1 v2 v1-compat v2-MD5Set ip ethernet a option on off Set ip ethernet a address ipaddress Set ip ethernet a restrictions none admin-disabled Set ip ethernet a netmask netmaskSet ip ethernet a rip-send Off v1 v2 v1-compat v2-MD5 Set ip ethernet a rip-receive off v1 v2 v1-compat v2-MD5 Set ip ethernet a subnet n address ipaddress Set ip ethernet a subnet n netmask netmaskSet ip gateway option on off Set ip gateway interface ip-address ppp-vccn Set ip ip-ppp vccn restrictions admin-disabled none Set ip ip-ppp vccn peer-address ipaddressSet ip ip-ppp vccn addr-mapping on off Set ip ip-ppp vccn auto-sensing off dhcp/pppoe pppoe/pppoa Set ip ip-ppp vccn rip-receive off v1 v2 v1-compat v2-MD5 Set ip ip-ppp vccn igmp-null-source-addr on offSet ip ip-ppp vccn mcast-fwd on off Set ip ip-ppp vccn unnumbered on off Set ip static-arp ip-addressipaddress Set ip igmp-forwarding off onSet ip ipsec-passthrough off on Set ip prioritize off on 267 Set diffserv option off onSet diffserv lohi-ratio 60 100 percent Qos off assure expedite network-control 268 Set diffserv qos dscp-map default custom 269 270 Queue Conﬁguration 271 272 Set queue name wfq weight-type bps 273 Set queue name priorityqueuename default-inputqueuename 274 Rate-limiting weighted fair queue to 100Kbps 275 Set ip sip-passthrough on off Set ip ethernet B rtsp-passthrough off onSet ip static-routes destination-networknetaddress 276 IPMaps Settings Delete ip static-routes destination-network netaddressSet ip-maps name name internal-ip ip address Set ip-maps name name external-ip ip address Network Address Translation NAT Default Settings Network Address Translation NAT Pinhole Settings PPPoE /PPPoA Settings Set ppp module vccn restart-timer integer Set ppp module vccn magic-number on offSet ppp module vccn protocol-compression on off Set ppp module vccn lcp-echo-requests on off Set ppp module vccn port-authentication username username Set ppp module vccn port-authentication password passwordSet ppp module vccn connection-type instant-on always-on Set ppp module vccn time-out integer PPPoE with IPoE Settings Set wan-over-ether pppoe on offSet wan-over-ether pppoe-with-ipoe on off Set wan-over-ether ipoe-sessions 1 Ethernet Port Settings Set atm vcc n encap pppoe-llcSet ip ip-ppp vcc1 mcast-fwd on off Set ip ip-ppp vcc1 igmp-null-source-addr off on 802.3ah Ethernet OAM Settings Command Line Interface Preference Settings Set preference verbose on offSet preference more lines 285 Port Renumbering Settings Set servers web-http 1Set servers telnet-tcp 1 286 Security Settings Set security ipsec tunnels name 123 tun-enable on on offSet security ipsec option off on off Set security ipsec tunnels name Set security ipsec tunnels name 123 IKE-mode DH-group 1 1 2 288 Set security ipsec tunnels name 123 xauth enable off on Set security ipsec tunnels name 123 xauth password passwordSet security ipsec tunnels name 123 nat-enable on off Set security ipsec tunnels name 123 xauth username username 290 Set security ipsec tunnels name 123 local-id idvalueSet security ipsec tunnels name 123 remote-id idvalue 291 Set security state-insp tcp-timeout 30 Set security state-insp udp-timeout 30Set security state-insp dos-detect off on 292 Set security state-insp xposed-addr exposed-address# n 293 Packet Filtering Settings 294 Operator 295 296 Snmp Settings 298 System SettingsSet system name name Set system idle-timeout telnet 1...120 http 1 Set system username administrator name user nameSet system password admin user Set system ftp-server option off on 300 Sleep Contact-email string@domainname location stringSet system zerotouch option on off Syslog Default syslog installation procedure 302 Wireless Settings supported models 304 305 Set wireless no-bridging off onSet wireless tx-power full medium fair low minimal Set wireless wmm option off on 306 307 308 Set wireless network-id privacy pre-shared-key stringSet wireless network-id privacy default-keyid 309 Set wireless mac-auth option on offExample 40bit key 02468ACE02 Set radius radius-name servernamestring Set radius radius-secret sharedsecretSet radius alt-radius-name servernamestring Set radius alt-radius-secret sharedsecret Vlan Settings 312 Set vlan name name ports port port-pbits 0Set vlan name name ip-interface ipinterface Assign an IP interface 313 314 Set vlan name PPPoE11 id 315 Set vlan name Video31 ports eth1 tag on VoIP settings Set voip phone 0 1 sip-user-password password Set voip phone 0 1 sip-user-display-name nameSet voip phone 0 1 sip-user-name username Set voip phone 0 1 auth-id string Set voip phone 0 1 codec G72640 priority 1 2 3 4 5 6 7 none 318 319 320 UPnP settings DSL Forum settings TR-069 322 Backup IP Gateway Settings Set ip backup-gateway default ipaddress 324 Vdsl Settings 325 326 Vdsl Parameters Accepted Values 327 Parameter 328 Accepted Values 329 330 Glossary 331 332 333 Ethernet crossover cable. See crossover cable 334 335 336 337 338 339 340 341 Administrator’s Handbook 342 Description 343 Agency approvals Manufacturer’s Declaration of ConformanceNorth America International Declaration for Canadian users 345 Important Safety Instructions Australian Safety InformationTelecommunication installation cautions 346 CFR Part 68 Information 347 348 Electrical Safety AdvisoryCopyright Acknowledgments 349 350 351 Wide Area Network TerminationPPPoE/PPPoA Point-to-Point Protocol over Ethernet/ATM Simpliﬁed Local Area Network Setup Instant-On PPPDhcp Dynamic Host Conﬁguration Protocol Server 352 Diagnostics ManagementDNS Proxy Embedded Web Server Remote Access Control Password ProtectionNetwork Address Translation NAT 354 Motorola Netopia Advanced Features for NAT Motorola Netopia GatewayInternal Servers 355 Default Server PinholesCombination NAT Bypass Conﬁguration IP-Passthrough 357 VPN IPSec Pass ThroughVPN IPSec Tunnel Termination Stateful Inspection Firewall SSL Certiﬁcate SupportVLANs 358 Index 359 Config 360 361 NAT 264, 278 362 PPP 363 Shell 364 VPN 365 366 367 Administrator’s Handbook 368