321 | Netopia 2200 instruction

Aggressive Mode. Main mode requires 3 two-way message exchanges while Aggressive mode only requires 3 total message exchanges.

null modem. Cable or connection device used to connect two computing devices directly rather than over a network.

-----P-----

packet. Logical grouping of information that includes a header and data. Compare frame, datagram.

PAP. Password Authentication Protocol. Security protocol within the PPP pro- tocol suite that prevents unauthorized access to network services. See RFC 1334 for PAP speciﬁcations. Compare CHAP.

parity. Method of checking the integrity of each character received over a communication channel.

Peer External IP Address. The Peer External IP Address is the public, or routable IP address of the remote gateway or VPN server you are establish- ing the tunnel with.

Peer Internal IP Network. The Peer Internal IP Network is the private, or Local Area Network (LAN) address of the remote gateway or VPN Server you are communicating with.

Peer Internal IP Netmask. The Peer Internal IP Netmask is the subnet mask of the Peer Internal IP Network.

PFS Enable. Enable Perfect Forward Secrecy. PFS forces a DH negotiation during Phase II of IKE-IPSec SA exchange. You can disable this or select a DH group 1, 2, or 5. PFS is a security principle that ensures that any single key being compromised will permit access to only data protected by that sin- gle key. In PFS, the key used to protect transmission of data must not be used to derive any additional keys. If the key was derived from some other keying material, that material must not be used to derive any more keys.

PING. Packet INternet Groper. Utility program that uses an ICMP echo mes- sage and its reply to verify that one network node can reach another. Often used to verify that two hosts can communicate over a network.

321

Image 321

Netopia 2200 manual 321

Contents

Netopia Software User Guide Copyright Table of Contents Expert Mode Security 146 Basic Troubleshooting Command Line Interface 221 Table of Contents Glossary Overview of Major Capabilities Index What’s New Introduction Intended Audience About Netopia Documentation Documentation Conventions Command Line InterfaceGeneral Internal Web Interface Bold terminal type User-entered text face Word About Example Screens OrganizationPage Basic Mode Setup Power Supply Installation Important Safety Instructions Wichtige Sicherheitshinweise AchtungBewahren Sie diese Anweisungen auf Microsoft Windows Setting up the Netopia Gateway Then go to Step Macintosh MacOS 8 or higher or Mac OS Proceed to Conﬁguring the Netopia Gateway on Conﬁguring the Netopia Gateway Click the Connect to the Internet button MiAVo Vdsl and Ethernet WAN models Quickstart PPPoE Quickstart Configuring the Netopia Gateway Netopia Gateway Status Indicator Lights Home Page Basic Mode DNS Link Manage My Account Link Status Details Link Enable Remote Management Link Expert Mode Link Update Firmware Link Factory Reset Open the Web Connection Accessing the Expert Web InterfacePage Home Page Expert Mode Home Page Information Summary InformationField Status and/or Description Dhcp Toolbar Navigating the Web InterfaceLink Breadcrumb Trail Button Restart Restart Link Alert Symbol Button Help Help Conﬁgure Button ConﬁgureLink Quickstart Click Connect to the Internet Link LAN Configure Page Wireless supported models Privacy Configure Page Advanced Page About Closed System Mode Page WPA Version Allowed Examples Multiple SSIDs Wireless MAC Authorization Page Configure Use Radius Server Advanced Network Conﬁguration page appears WAN IP Interfaces IP GatewayOther WAN Options Available Multiplexing types Available Encapsulation types Sustained Cell Rate SCR Transmit Priority Comments Class Link Advanced IP Static Route Entry page appears Link IP Static RoutesPage Link Pinholes Link IP Static ARP TCP Tips for making Pinhole Entries Gateway Pinhole Conﬁguration Procedure. Use the following steps Page Configure Link IPMaps Ple static Netopia Gateway WAN Interface LAN Interface IPMaps Block Diagram192.168.1.1 192.168.1.2 Link Default Server NAT LAN STN #2 Internet Gateway Configure Page Link Differentiated Services Page QoS Setting TOS Bit Value Behavior Link Dhcp Server Link DNS Configure Link Radius Server Link Snmp Page Link Igmp Internet Group Management Protocol Page Configure 100 Link UPnP 101 Link LAN Management 102 Link Advanced Ethernet Bridge 103 Conﬁguring for Bridge Mode 104 Enable Concurrent Bridging/Routing checkbox 105 106 Link Vlan 107 Enable Multiple Wireless IDs on 108Vlan Port Conﬁguration screen appears 109 110 111 Link Syslog Parameters 112 Log Event Messages Administration Related Log Messages113 System Log Messages Access-related Log Messages 114DSL Log Messages most common Mented packet 115 Link Internal Servers Link Software Hosting116 List of Supported Games and Software 117 FTP 118 119 Rename a UserPC 120 Link Clear Options 121 Link Time Zone Security Button Security122 123 Link Passwords 124 Link Firewall Conﬁguring for a BreakWater Setting125 Use a Netopia Firewall 126 127 Tips for making your BreakWater Basic Firewall SelectionBasic Firewall Background 128 BreakWater Setting ClearSailing SilentRunning LANdLocked 129 130 Link IPSec 131 SafeHarbour IPSec VPN Conﬁguring a SafeHarbour VPN 132 133 IPSec Tunnel Details Parameter Setup Worksheet Parameter Descriptions on page 136 as required 134 Make the Tunnel Details entries 135 136 Parameter DescriptionsField Description PAT Address 137 Soft MBytes 138 139 Stateful Inspection Firewall installation procedure Link Stateful Inspection140 141 Exposed Addresses 142 143 144 Stateful Inspection Options Open Ports in Default Stateful Inspection Installation 145Port Protocol Description LAN Private WAN Public Interface General ﬁrewall terms Firewall TutorialBasic IP packet components 146 147 Basic protocol types Firewall design rules Example TCP/UDP Ports TCP Port Service148 Firewall Logic Implied rules 149 Example ﬁlter set 150 151 Filter basicsWhat it means Example network Example ﬁlters 152Example 153 154 Link Packet Filter What’s a ﬁlter and what’s a ﬁlter set? How ﬁlter sets work155 How individual ﬁlters work 156Filter priority 157 ﬁltering ruleParts of a ﬁlter 158 Port numbersPort number comparisons 159 Other ﬁlter attributesPutting the parts together Filtering example #1 160 161 Filtering example #2 162 An approach to using ﬁlters Design guidelines163 Working with IP Filters and Filter Sets Adding a ﬁlter set164 165 Adding ﬁlters to a ﬁlter set Netopia Router 166 167 Enter the Source Mask for the source IP address 168 Viewing ﬁlters 169 170 Deleting a ﬁlter setModifying ﬁlters Deleting ﬁlters 171 Associating a Filter Set with an Interface 172 Policy-based Routing using Filtersets TOS ﬁeld matching173 174 175 Using the Security Monitoring Log Link Security Log176 177 Timestamp Background 178 Install Button Install179 180 Link Install Software Required Files Netopia ﬁrmware Image File181 182 Click the Install Software button Verify the Netopia Firmware Release 183 Use Netopia Software Feature Keys Link Install KeysObtaining Software Feature Keys Procedure Install a New Feature Key File 185 186 To check your installed features 187 188 Link Install Certiﬁcate 189 190 191 Basic Troubleshooting 192 Status Indicator LightsAction Ethernet Ethernet 1, 2, 3 193 194 Wireless DSL Sync 195 196 Special patterns 197 LAN 1, 2, 3 198 DSL Sync 199 200 Front View 201 LED Function Summary Matrix EN Link Unlit 202Active Link 203 Factory Reset Switch 2247NWG 3397GP3347W/3357W 2240N 205 Advanced Troubleshooting 206 Home Status of Connection 207 Expert Mode Button Troubleshoot208 209 Link System Status 210 Link Ports Ethernet 211 Link Ports DSL 212 Link IP Interfaces 213 Link DSL Circuit Conﬁguration 214 Link System Log Entire 215 Link Diagnostics 216 Link Network Tools 217 If Ping is not successful, possible causes are 218 219 220 221 Command Line Interface 222 Overview Command Verbs Status and/or Description 223Keywords Logging Starting and Ending a CLI SessionEnding a CLI Session 224 About Shell Commands Using the CLI Help FacilitySaving Settings Shell Command Shortcuts Common Commands Shell Commands Download serveraddress ﬁlename conﬁrm DiagnoseDownload -cert serveraddress ﬁlename conﬁrm 227 License key Install serveraddress ﬁlename conﬁrmLoglevel level 228 Netstat Netstat -r229 Reset atm Reset arpReset crash Reset dhcp server Reset log Reset ipmapReset security-log Reset wan-users all ip-address Show conﬁg Show featuresShow crash Show dhcp agent Show ip interfaces Show ip igmpShow ip ipsec Show ip ﬁrewall Show wireless clients MACaddress Show wireless allShow log Show memory all View conﬁg Upload serveraddress ﬁlename conﬁrmWho 235 WAN Commands About Config Commands Config Mode PromptNavigating the Config Hierarchy 238 Netopia-3000/9437188 top quit Set ip ethernet a ipaddress Entering Commands in Config ModeSet ip ethernet a 239 Displaying Current Gateway Settings Guidelines Config CommandsStep Mode a CLI Conﬁguration Technique 240 241 Validating Your Conﬁguration DSL Commands Config Commands Set atm vcc n qos max-burst-size 1 ...n Set atm vcc n qos sustained-cell-rate 1 ...nSet atm vcc n vpi 0 Set atm vcc n vci 0 Set atm vccn pppoe-sessions 1 Bridging SettingsSet bridge sys-bridge on off Set bridge concurrent-bridging-routing on off Dhcp Settings Set bridge table-timeout 30Set bridge ethernet option on off Set bridge dsl vccn option on off Set dhcp end-address ipaddress Set dhcp start-address ipaddressSet dhcp lease-time lease-time Set dhcp server-address ipaddress Set dmt wiringMode auto tipring AA1 DMT SettingsSet dmt metallic-termination auto disabled alwayson Set dmt autoConﬁg off on Set dns proxy-enable Domain Name System SettingsSet dns domain-name domain-name Set dns primary-address ipaddress Set igmp snooping off on Igmp SettingsSet igmp robustness value Set igmp query-intvl value Set ip arp-timeout 60 IP SettingsSet ip option on off Set ip dsl vccn address ipaddress Set ip dsl vccn netmask netmask Set ip dsl vccn restriction admin-disabled noneSet ip dsl vccn addr-mapping on off Set ip dsl vccn rip-send off v1 v2 v1-compat v2-MD5 Set ip ethernet a option on off Set ip dsl vccn rip-receive Off v1 v2 v1-compat v2-MD5Set ip ethernet a address ipaddress Set ip ethernet a broadcast broadcastaddress Set ip ethernet a netmask netmask Set ip ethernet a restrictions none admin-disabledSet ip ethernet a rip-send Off v1 v2 v1-compat v2-MD5 253 Set ip gateway option on off Set ip ethernet a rip-receive off v1 v2 v1-compat v2-MD5Set ip gateway interface ip-address ppp-vccn Set ip ip-ppp vccn option on off Set ip ip-ppp vccn address ipaddress Set ip ip-ppp vccn restriction admin-disabled noneSet ip ip-ppp vccn peer-address ipaddress Set ip ip-ppp vccn addr-mapping on off Set ip ip-ppp vccn rip-send off v1 v2 v1-compat v2-MD5 Set ip ip-ppp vccn rip-receive off v1 v2 v1-compat v2-MD5256 Set ip igmp-forwarding off on Set ip static-arp ip-addressipaddressSet ip ipsec-passthrough off on 257 Set diffserv option off on Set ip prioritize off onSet diffserv lohi-ratio 60 100 percent 258 259 Set ip sip-passthrough on off Set ip static-routes destination-networknetaddress260 261 Delete ip static-routes destination-network netaddress Network Address Translation NAT Default Settings IPMaps Settings Network Address Translation NAT Pinhole Settings Set nat-default host-hardware-address MACaddressSet pinhole name name Set pinhole name name protocol-select tcp udp PPPoE /PPPoA Settings Set ppp module vccn magic-number on off Set ppp module vccn mru integerSet ppp module vccn protocol-compression on off Set ppp module vccn lcp-echo-requests on off Set ppp module vccn conﬁgure-max integer Set ppp module vccn restart-timer integerSet ppp module vccn terminate-max integer Set ppp module vccn connection-type instant-on always-on Set ppp module vccn port-authentication password password Set ppp module vccn port-authentication username usernameEthernet Port Settings Command Line Interface Preference Settings 268 Set preference more lines Set servers web-http 1 Port Renumbering SettingsSet servers telnet-tcp 1 269 Set security ipsec option off on off Security SettingsSet security ipsec tunnels name 270 271 Set security ipsec tunnels name 123 tun-enable on on off 272 Set security ipsec tunnels name 123 IKE-mode DH-group 1 1 2 Set security ipsec tunnels name 123 xauth password password Set security ipsec tunnels name 123 xauth enable off onSet security ipsec tunnels name 123 nat-enable on off Set security ipsec tunnels name 123 xauth username username Set security ipsec tunnels name 123 local-id idvalue Set security ipsec tunnels name 123 remote-id idvalue274 275 276 Set security state-insp tcp-timeout 30 Set security state-insp udp-timeout 30 Set security state-insp xposed-addr exposed-address# n277 278 Packet Filtering Settings 279 280 281 Snmp Settings Set snmp notify type v1-trap v2-trap inform System SettingsSet system name name 283 Set system username administrator name user name Set system idle-timeout telnet 1...120 http 1Set system log-size 10240 Set system persistent-log off on Set system password admin user Sleep Contact-email string@domainname location string285 286 Set system zerotouch option on off Set system zerotouch redirect-url redirection-URL287 Syslog Set security state-insp eth B option on 289 Wireless Settings supported models Set wireless mode both-b-and-g b-only g-only Set wireless multi-ssid option on off291 292 Set wireless no-bridging off on Set wireless tx-power full medium fair low minimal293 Set wireless network-id privacy pre-shared-key string Set wireless network-id privacy default-keyid294 295 Example 40bit key 02468ACE02Example 256bit key Set radius radius-name servernamestring Set wireless mac-auth option on offSet radius radius-secret sharedsecret Set radius alt-radius-name servernamestring Set radius radius-port portnumber Set vlan name string297 To make the Vlan vlan1 routable add the port lan-uplink 298 Set upnp option on off Set dslf-lanmgmt option off on299 300 301 302 Vdsl Settings 303 Vdsl Parameter Defaults Vdsl Parameters Accepted Values 304 Parameter 305 Etsi M2 CAB 306 307 308 309 310 311 Glossary 312 313 314 315 Ethernet crossover cable. See crossover cable 316 317 318 319 320 321 322 323 324 325 326 327 Description Software and protocols 328 329 Agency approvalsNorth America International 330 Manufacturer’s Declaration of Conformance Declaration for Canadian users 331 Australian Safety Information Important Safety InstructionsTelecommunication installation cautions 332 333 CFR Part 68 Information 334 Electrical Safety Advisory 335 Overview of Major Capabilities PPPoE/PPPoA Point-to-Point Protocol over Ethernet/ATM Wide Area Network TerminationInstant-On PPP 336 Dhcp Dynamic Host Conﬁguration Protocol Server Simpliﬁed Local Area Network SetupDNS Proxy 337 Management DiagnosticsEmbedded Web Server 338 Password Protection Remote Access Control339 Network Address Translation NAT 340 Netopia Gateway 341 Netopia Advanced Features for NATInternal Servers Pinholes Default Server 342Combination NAT Bypass Conﬁguration 343 IP-PassthroughVPN IPSec Pass Through VPN IPSec Tunnel Termination 344Stateful Inspection Firewall SSL Certiﬁcate Support 345 Index 346 347 NAT 255, 262 348 NTP 349 350