Netopia® Software User GuideFirmware Version 7.4.2February 2005Netopia® 3300 Series Gatewaysfor eircom broadband
Introduction 10 Introduction curly ({ }) brackets, with values separated with vertical bars (|).Alternative values for an argument are presented in c
100Link: NATWhen you click NAT, the NAT (Games and Other Services) page appears.NAT (Games and Other Services) allows you to host internet application
101Links BarEach time you enable a software service or game your entry will be added to the list of Service Names displayed on the NAT Configuration pa
102F-16, Mig 29 F-22, Lightning 3 Fighter Ace IIFTP GNUtella H.323 compliant (Netmeeting, CUSeeME)Half Life Hellbender for Windows, v 1.0 Heretic IIHe
103Links BarDefine Custom ServiceTo configure a Custom Service, choose whether to use Port Forwarding or Trigger Ports. • Port Forwarding forwards a ran
104Port Forwarding forwards a range of WAN ports to an IP address on the LAN. Enter the fol-lowing information: • Service Name: A unique identifier for
105Links Bar• Service Name: A unique identifier for the Custom Service. • Global Port Range: Range of ports on which incoming traffic will be received.
106Link: Packet FilterWhen you click Packet Filter, the Filter Sets screen appears.Security should be a high priority for anyone administering a netwo
107Links BarNetopia’s packet filters are designed to provide security for the Internet connections made to and from your network. You can customize the
108A filter inspects data packets like a customs inspector scrutinizing packages.Filter priorityContinuing the customs inspectors analogy, imagine the
109Links Barchance to forward or reject it, and so on. Because of this hierarchical structure, each filter is said to have a priority. The first filter h
11 CHAPTER 1 Overview of Major Capabilities The Netopia Gateway offers simplified setup and management features as well as advanced broadband Gateway
110Here is what this rule looks like when implemented as a filter in your Gate-way: To understand this particular filter, look at the parts of a filter.P
111Links BarPort number comparisonsA filter can also use a comparison option to evaluate a packet’s source or destination port number. The comparison o
112• Greater Than or Equal: For the filter to match, the packet’s port number must be greater than or equal to the port number specified in the filter.Ot
113Links Bar• Protocol: The protocol to match. This can be entered as a number (see the table below) or as TCP or UDP if those protocols are used.• Sr
114• Using the tables on page 111, find the destination port and protocol numbers (the local Telnet port):• Protocol = TCP (or 6)• Destination Port = 2
115Links BarFiltering example #2Suppose a filter is configured to block all incoming IP packets with the source IP address of 200.233.14.0, regardless o
116Design guidelinesCareful thought must go into designing a new filter set. You should consider the following guidelines: • Be sure the filter set’s ov
117Links BarWorking with IP Filters and Filter SetsTo work with filters and filter sets, begin by accessing the filter set pages.☛ NOTE:Make sure you un
118Adding a filter setYou can create up to eight different custom filter sets. Each filter set can contain up to 16 output filters and up to 16 input filte
119Links BarAdding filters to a filter setThere are two kinds of filters you can add to a filter set: input and output. Input filters check packets receive
12and branch offices to safely and affordably connect to a remote business network, for effective communication and collaboration.Wide Area Network Ter
120To add a filter, select the Filter Set Name to which you will add a filter, and click the Edit button. The Filter Set page appears.
121Links Bar☛ Note:There are two Add buttons in this page, one for input filters and one for out-put filters. In this section, you’ll learn how to add
122This allows you to further modify the way the filter will match on the source address. Enter 0.0.0.0 to force the filter to match on all source IP ad
123Links BarViewing filtersTo display the table of input or output filters, select the Filter Set Name in the Filter Set page and click the Add or Edit
124Moving filtersTo reorganize the filters in a filter set, select a filter from the table and click the Move Up or Move Down button to place the filter in
125Links BarClick the Ethernet 100BT link.The Ethernet 100BT page appears.From the pull-down menu, select the filter set to associate with this interfa
126Firewall TutorialGeneral firewall terms☛ Note:The basic Firewall (see “Firewall” on page 35) does not make use of the packet filter support and can
127Links BarThis header information is what the packet filter uses to make filtering decisions. It is important to note that a packet filter does not loo
128Example TCP/UDP PortsFirewall design rulesThere are two basic rules to firewall design:• “What is not explicitly allowed is denied.”and• “What is no
129Links Barand a packet goes through these rules destined for FTP, the packet would forward through the first rule (WWW), go through the second rule (
13Wide Area Network TerminationWhile an Always On connection is convenient, it does leave your network permanently con-nected to the Internet, and the
130Example networkItem What it meansNo Compare Does not compare TCP or UDP portNot Equal To Matches any port other than what is definedLess Than Anythi
131 Links Bar Example filtersExample 1 Incoming packet has the source address of 200.1.1.28This incoming IP packet has a source IP address that match
132 Example 4 Incoming packet has the source address of 200.1.1.104.This rule does match and this packet will not be forwarded. Example 5 Incomin
133 Links Bar Policy-based Routing using Filtersets The Netopia Gateway offers the ability to route IP packets using criteria other than the destinat
134 Example: You want packets with the TOS low latency bit to go through VC 2 (via gate-way 127.0.0.3) instead of your normal gate-way. You would se
135 Links Bar Link: QoS When you click QoS , the QoS screen appears.Your Gateway offers Differentiated Services (Diffserv). This feature allows y
136You can then define Custom Flows. If your applications do not provide Quality of Service (QoS) control, Custom Flows allows you to define streams for
137Links BarQoS Setting TOS Bit Value BehaviorOff TOS=000 This custom flow is disabled. You can activate it by selecting one of the two settings below.
138Link: Router PasswordWhen you click Router Password, the Router Password page appears.By default, your Gateway requires no password to access the a
139Links BarLink: Time ZoneWhen you click the Time Zone link, the Time Zone page appears.You can set your local time zone by selecting the number of h
14Simplified Local Area Network SetupDHCP (Dynamic Host Configuration Protocol) ServerDHCP Server functionality enables the Gateway to assign to your LA
140Link: VLANWhen you click VLAN, the VLANs page appears.A Virtual Local Area Network (VLAN) is a network of computers that behave as if they are conn
141Links BarAn example of multiple VLANs, using a Netopia Gateway with VGx managed switch technol-ogy, is shown below:To create a VLAN, click the Add
142You can create up to 32 VLANs, and you can also restrict any VLAN, and the computers on it, from administering the Gateway.• VLAN ID – This must be
143Links BarFor Netopia VGx technology models, separate Ethernet switch ports are displayed and may be configured.To enable any of them on this VLAN, s
144You can Add, Edit, or Delete your VLAN entries by returning to the VLANs page, and selecting the appropriate entry from the displayed list.
145Links BarLink: StatisticsDSLWhen you click DSL, the DSL Statistics page appears.The DSL Statistics page displays information about the Router'
146IPWhen you click IP, the IP Statistics page appears. The IP Statistics page displays the IP interfaces and routing table information about your net
147Links BarDevices on LANDisplays the IP Address, MAC (hardware) Address, and network Name for each device on your LAN connected to the Router. Wirel
148Select a log from the pull-down menu (the pull-down menu is available from every Log page):• All: Displays the entire system log. • Connection: Dis
149Links BarYour Netopia Gateway reports the following eight event types: Event DetailsDetails on the eight specific event types and the information lo
15ManagementManagementEmbedded Web ServerThere is no specialized software to install on your PC to configure, manage, or maintain your Netopia Gateway.
150would otherwise be transmitted to a subnet broadcast address. The Security Monitoring logs the event.Logged information includes:Illegal Packet Siz
151Links BarExcessive Pings. The PING (Packet InterNet Groper) Utility is used by hackers to iden-tify prospective targets that can be attacked. The S
152Link: DiagnosticsWhen you click Diagnostics, the Diagnostics page appears.This automated multi-layer test examines the functionality of the Router
153Links Bar* PENDING: The test timed out without producing a result. Try running Diagnostics again.* WARNING: The test was unsuccessful. The Service
154Link: Remote AccessWhen you click Remote Access, the Enable Remote Access page appears.This link allows you to authorize a remotely-located person,
155Links BarLink: Update Router☛ This link is not available on the 3342/3352 models, since firmware updates must be upgraded via the USB host driver.W
156You can update your software in either of two ways:From a Server• If an updated version exists, click the Update Software from Server button, and a
157Links BarLink: Reset RouterYou might need to reset your Router to its factory default state, and clear all of your previ-ous settings. The Reset Ro
158Link: Restart RouterWhen the Gateway is restarted, it will disconnect all users, initialize all its interfaces, and copy the Operating System Softw
159Basic ModeBasic ModeWhen you click Basic Mode, you will be returned to the Basic Mode Home Page.
16☛ NOTE:Your Service Provider may request information that you acquire from these var-ious diagnostic tools. Individual tests may be performed at th
160HelpWhen you click the Help link in the left-hand column of links a page of explanatory infor-mation displays. Help (in English only) is available
161CHAPTER 4 Basic TroubleshootingThis section gives some simple suggestions for troubleshooting problems with your Gate-way’s initial configuration.Be
162Status Indicator LightsThe first step in troubleshooting is to check the status indicator lights (LEDs) in the order outlined in the following secti
163Status Indicator LightsNetopia Gateway 3341/3351 series status indicator lightsEthernet LinkEthernet TrafficDSL TrafficDSL SyncUSB ActivePowerPower
164Netopia Gateway 3346/3356 series status indicator lightsPower - Flashes green when trainingSolid green when connectedSolid green when trainedto eac
165Status Indicator LightsNetopia Gateway 3342/3352 status indicator lights☛ Special patterns:• Both LEDs are off during boot (power on boot or warm
166LED Function Summary MatrixIf a status indicator light does not look correct, look for these possible problems:PowerUSB ActiveDSL SyncDSL TrafficEth
167Status Indicator Lights EN Link UnlitNote: EN Link light is inactive if only using USB.• Make sure the you are using the Ethernet cable, not the DS
168Wireless LinkUnlit• Make sure your client PC(s) have their wireless cards correctly installed and configured.• Check your client PC(s) TCP/IP settin
169Factory Reset SwitchFactory Reset Switch(optional on some models; 3342/3352 models do not have a reset switch)Lose your password? This section show
17SecuritySecurityRemote Access ControlYou can determine whether or not an administrator or other authorized person has access to configuring your Gate
1702. Carefully insert the point of a pen or an unwound paperclip into the opening.3. Hold the button in until the “Power” LED turns RED and then hold
171CHAPTER 5 Command Line InterfaceThe Netopia Gateway operating software includes a command line interface (CLI) that lets you access your Netopia Ga
172OverviewThe CLI has two major command modes: SHELL and CONFIG. Summary tables that list the commands are provided below. Details of the entire comm
173OverviewCONFIG CommandsCommand Verbs Status and/or Descriptiondelete Delete configuration list datahelp Help command optionsave Save configuration da
174Starting and Ending a CLI SessionOpen a telnet connection from a workstation on your network.You initiate a telnet connection by issuing the follow
175Using the CLI Help FacilitySaving SettingsIn CONFIG mode, the save command saves the working copy of the settings to the Gate-way. The Gateway auto
176The only commands you cannot truncate are restart and clear. To prevent accidental interruption of communications, you must enter the restart and c
177SHELL CommandsEach test generates one of the following result codes:download [server_address ] [filename] [confirm]This command installs a file of con
178license [key]This command installs a software upgrade key. An upgrade key is a purchased item, based on the serial number of the gateway.Software F
179SHELL CommandsExample:Netopia-3000/11171732> license Xf94J84bXThe Gateway will respond with:Feature Key Successfully stored, ready to restart.3.
18• When NAT is OFF, a Netopia Gateway acts as a traditional TCP/IP router, all LAN com-puters/devices are exposed to the Internet.A diagram of a typi
180☛ NOTE:The new Enterprise Class operating system software changes the IP address of your Gateway. It also removes the Web-based user interface and
181SHELL Commands•4 or warning – Warnings or greater; includes recoverable error conditions and useful operator information.•5 or failure – Failures;
182quit Exits the Netopia Gateway command line interface.reset arp Clears the Address Resolution Protocol (ARP) cache on your unit.reset crash Clears
183SHELL Commandsreset wan-users [all | ip-address]This function disconnects the specified WAN User to allow for other users to access the WAN. This fu
184show ip interfacesDisplays the IP interfaces for your Netopia Gateway.show ip ipsecDisplays IPSec Tunnel statistics.show ip firewallDisplays firewall
185SHELL Commandsshow statusDisplays the current status of a Netopia Gateway, the device's hardware and software revi-sion levels, a summary of e
186WAN Commandsatmping vccn [ segment | end-to-end ]Lets you check the ATM connection reachability and network connectivity. This command sends five Op
187About CONFIG Commandsshow dslDisplays DSL port statistics, such as upstream and downstream connection rates and noise levels. show ppp [{ stats | l
188Netopia-3000/9437188 (top)>> quitNetopia-3000/9437188 >• Moving from top to a subnode — You can navigate from the top node to a subnode by
189About CONFIG CommandsEntering Commands in CONFIG ModeCONFIG commands consist of keywords and arguments. Keywords in a CONFIG command specify the ac
19SecurityNetopia Gateways provide special gaming and other service configuration tools that enable you to establish NAT-protected LAN layouts that sti
190If a command is ambiguous or miskeyed, the CLI prompts you to enter additional informa-tion. For example, you must specify which virtual circuit yo
191CONFIG CommandsNetopia-3000/9437188 (top)>> set system...system name (“Netopia-3000/9437188”): Mycroft Diagnostic Level (High): mediumSte
192set atm [vcc n] option {on | off } Selects the virtual circuit for which further parameters are set. Up to eight VCCs are sup-ported; the maximum n
193CONFIG Commandsthe Peak Cell Rate after which the ATM VC transmission rate must drop to the Sustained Cell Rate.set atm [vcc n] vpi { 0 ... 255 }
194set atm [vccn] pppoe-sessions { 1 ... 8 }Select the number of PPPoE sessions to be configured for VCC 1, up to a total of eight. The total number o
195CONFIG Commandsset bridge ethernet option { on | off } Enables or disables bridging services for the specified virtual circuit using Ethernet fram-i
196set dhcp lease-time lease-time If you selected server, specifies the default length for DHCP leases issued by the Netopia Gateway. Enter lease time
197CONFIG CommandsDomain Name System SettingsDomain Name System (DNS) is an information service for TCP/IP networks that uses a hierarchical naming sy
198set dynamic-dns ddns-user-password myuserpasswordEnables or disables dynamic DNS services. The default is off. If you specify dyndns.org, you must
199CONFIG Commandsset ip dsl vccn broadcast broadcast_addressSpecifies the broadcast address for the TCP/IP network connected to the virtual circuit. I
2 Copyright Copyright © 2005 Netopia, Inc. V 7.4.2-EIRAll rights reserved. Netopia, Inc. Netopia and the Netopia logo are registered trademarks belon
20IP-PassthroughThe Netopia Gateway now offers an IP passthrough feature. The IP passthrough feature allows a single PC on the LAN to have the Gateway
200an extension of RIP-2 that increases security by requiring an authentication key when routes are advertised.Depending on your network needs, you ca
201CONFIG CommandsThe broadcast address for most networks is the network number followed by 255. For example, the broadcast address for the 192.168.1.
202set ip ethernet A rip-send { off | v1 | v2 | v1-compat | v2-MD5 }Specifies whether the Netopia Gateway should use Routing Information Protocol
203CONFIG Commandsset ip gateway interface { ip-address | ppp-vccn }Specifies how the Netopia Gateway should route information to the default Gateway.
204set ip ip-ppp [vccn] peer-address ip_addressSpecifies the IP address of the peer on the other end of the PPP link. If you specify an IP address othe
205CONFIG CommandsIf you specify v2-MD5, you must also specify a rip-send-key. Keys are ASCII strings with a maximum of 31 characters, and must match
206IGMP Forwardingset ip igmp-forwarding [ off | on ]Turns IP IGMP forwarding off or on. The default is off.IPsec Passthroughset ip ipsec-passthrough
207CONFIG Commandsset diffserv lohi-assymetry [ 60 - 100 percent ]Sets a percentage between 60 and 100 used to regulate the level of packets allowed t
208set diffserv custom-flows name name protocol [ TCP | UDP | ICMP | other ] direction [ outbound | inbound | both ] start-port
209CONFIG CommandsSIP Passthroughset ip sip-passthrough [ on | off ]Turns Session Initiation Protocol application layer gateway client passthrough on
21SecurityA typical VPN IPSec Tunnel pass through is diagrammed below:☛ NOTE:Typically, no special configuration is necessary to use the IPSec pass th
210set ip static-routes destination-network net_address gateway-address gate_addressSpecifies the IP address of the Gateway for the static route.
211CONFIG Commandsset ip static-routes destination-network net_address rip-advertise [ SplitHorizon | Always | Never ]Specifies whether the gatew
212Network Address Translation (NAT) Default SettingsNAT default settings let you specify whether you want your Netopia Gateway to forward NAT traffic
213CONFIG CommandsNetwork Address Translation (NAT) Pinhole SettingsNAT pinholes let you pass specific types of network traffic through the NAT interfac
214set pinhole name name internal-ip internal-ipSpecifies the IP address of the internal host to which traffic of the specified type should be transferre
215CONFIG Commandsset PPP module [vccn] magic-number { on | off }Enables or disables LCP magic number negotiation.set PPP module [vccn] protocol-compr
216set PPP module [vccn] connection-type { instant-on | always-on }Specifies whether a PPP connection is maintained by the Netopia Gateway when i
217CONFIG CommandsThe username argument is 1- 255 alphanumeric characters. The information you enter must match the username configured in the PPP peer
218Port Renumbering SettingsIf you use NAT pinholes to forward HTTP or telnet traffic through your Netopia Gateway to an internal host, you must change
219CONFIG CommandsSecurity SettingsSecurity settings include the Firewall, Stateful Inspection, and IPSec parameters. IPSec security functionality is
22Dynamic DNSDynamic DNS support allows you to use the free services of www.dyndns.org. Dynamic DNS automatically directs any public Internet request
220Stateful InspectionStateful inspection options are accessed by the security state-insp tag.Stateful inspection is a security feature that prevents
221CONFIG Commandsset security state-insp [ ip-ppp | dsl ] vccn tcp-seq-diff [ 0 - 65535 ]set security state-insp ethernet [ A | B ] tcp-seq-diff
222set security state-insp [ ip-ppp | dsl ] vccn deny-fragments [ off | on ]set security state-insp ethernet [ A | B ] deny-fragments [ off
223CONFIG Commands32 exposed addresses can be created. The range for exposed address numbers are from 1 through 32.set security state-insp xposed-addr
224 router-accessdefault-mapping (onoff) [ off | on ]: tcp-seq-diff (0) [ 0 - 65535 ]: deny-fragments (off) [ off | on ]:For RFC1483
225CONFIG CommandsNetopia-3000/10114104 (xposed-addr)>> set xposed-addr (xposed-addr) node list ... "1" "3" Sele
226IPSec SettingsIPSec VPN is a tunnel between the local network and another geographically dispersed net-work that is interconnected over the Interne
227CONFIG Commandsset security ipsec tunnels name "123" dest-int-network ip-addressSpecifies the IP address of the destination computer or in
228Peer Internal IP NetmaskThe Peer Internal IP Netmask is the subnet mask of the Peer Internal IP Network.PFS Enable Perfect Forward Secrecy (PFS) is
229CONFIG Commandsset security ipsec tunnels name "123" encrypt-protocol (ESP) { ESP | none }Sets the encryption protocol for the spe
23CHAPTER 2 Basic Mode SetupMost users will find that the basic Quickstart configuration is all that they ever need to use. This section may be all that
230set security ipsec tunnels name "123" IKE-mode pre-shared-key-type (hex) {ascii | hex}Sets the IKE mode pre-shared key type for the
231CONFIG Commandsset security ipsec tunnels name "123" IKE-mode isakmp-SA-hash (MD5) {MD5 | SHA1}Sets the IKE mode ISAKMP Security As
232set security ipsec tunnels name "123" local-id id_valueSpecifies the NAT local ID value as specified in the local-id-type for the specified
233CONFIG Commands ipsec-soft-seconds (82800) {60-1000000}set security ipsec tunnels name "123" IKE-mode ipsec-hard-mbytes (1200)
234SNMP SettingsThe Simple Network Management Protocol (SNMP) lets a network administrator monitor problems on a network by retrieving settings on rem
235CONFIG CommandsSNMP Notify Type SettingsSNMP Notify Type is supported beginning with Firmware Version 7.4.2.set snmp notify type [ v1-trap | v2-tra
236 { off | low | medium | high | alerts | failures }Specifies the types of log messages you want the Netopia Gateway to record. All messages with
237CONFIG Commands url-server ("server_name") interval (00:00:00:20) contact-email ("string@domain_name") loca
238set system syslog log-violations [ off | on ]Specifies whether violations are logged or ignored.set system syslog log-accepted [ off | on ]Specifies
239CONFIG Commands set system syslog log-violations on set system syslog log-accepted on set system syslog log-attempts on4. Set NTP parameters• Ty
24Important Safety InstructionsPOWER SUPPLY INSTALLATIONConnect the power supply cord to the power jack on the Netopia Gateway. Plug the power supply
240Wireless Settings (supported models)set wireless option ( on | off )Administratively enables or disables the wireless interface.set wireless ssid {
241CONFIG Commandsset wireless no-bridging [ off | on ]When set to on, this will block wireless clients from communicating with other wireless cli-ent
242cessfully decode. Note that a client allows you to choose which of its keys it will use to transmit. Therefore, you must have an identical key in t
243CONFIG CommandsWireless MAC Address Authorization Settingsset wireless mac-auth option { on | off }Enabling this feature limits the MAC addresses t
244☛ Note:To make a set of VLANs non-routable, the lan-uplink port must be included in at least one VLAN and must be excluded from any VLANs that are
245CONFIG CommandsDSL Forum settingsTR-064 is a LAN-side DSL CPE configuration specification and TR-069 is a WAN-side DSL CPE Management specification.se
247CHAPTER 6 Glossary10Base-T. IEEE 802.3 specification for Ethernet that uses unshielded twisted pair (UTP) wiring with RJ-45 eight-conductor plugs at
248adapter. Board installed in a computer system to provide net-work communication capability to and from that computer sys-tem.address mask. See subn
249-----B-----backbone. The segment of the network used as the primary path for transporting traffic between network segments.baud rate. Unit of signal
25Set up the Netopia GatewaySet up the Netopia GatewayRefer to your Quickstart Guide for instructions on how to connect your Netopia Gateway to your p
250graph and Telephone. An international organization responsible for developing telecommunication standards.CD. Carrier Detect.CHAP. Challenge-Handsh
251DCE. Digital Communication Equipment. Device that connects the communication circuit to the network end node (DTE). A modem and a CSU/DSU are examp
252organization (.GOV, .COM, .EDU) or geographical location (.US, .SE).domain name server. Network computer that matches host names to IP addresses in
253Parameter values supported include NONE or ESP.encryption. The application of a specific algorithm to a data set so that anyone without the encrypti
254frame. Logical grouping of information sent as a link-layer unit. Compare datagram, packet.FTP. File Transfer Protocol. Application protocol that l
255HMAC. Hash-based Message Authentication Codehop. A unit for measuring the number of routers a packet has passed through when traveling from one net
256internet address. IP address. A 32-bit address used to route packets on a TCP/IP network. In dotted decimal notation, each eight bits of the 32-bit
257LQM Link Quality Monitoring. Optional facility that lets PPP make policy decisions based on the observed quality of the link between peers. Documen
258MTU. Maximum Transmission Unit. The maximum packet size, in bytes, that can be sent over a network interface. MULTI-LAYER. The Open System Intercon
259-----P-----packet. Logical grouping of information that includes a header and data. Compare frame, datagram.PAP. Password Authentication Protocol.
26Microsoft Windows: Step 1. Navigate to the TCP/IP Properties Control Panel.a. Windows 98, ME. and 2000 versions follow a path like this:Start menu -
260PING. Packet INternet Groper. Utility program that uses an ICMP echo message and its reply to verify that one network node can reach another. Often
261RJ-45. Eight-pin connector used for 10BaseT (twisted pair Ethernet) networks.route. Path through a network from one node to another. A large intern
262An arbitrary 32-bit number called a Security Parameters Index (SPI), as well as the destination host’s address and the IPSEC protocol identifier, id
263STATEFUL. The Netopia Gateway monitors and maintains the state of any network transaction. In terms of network request-and-reply, state consists of
264-----U-----UTP. Unshielded twisted pair cable. -----V-----VJ. Van Jacobson. Abbreviation for a compression standard documented in RFC 1144. -----W-
265DescriptionCHAPTER 7 Technical Specifications and Safety InformationDescriptionDimensions: Smart Modems: 13.5 cm (w) x 13.5 cm (d) x 3.5 cm (h); 5.
266Relative storage humidity: 20 to 80% noncondensingSoftware and protocolsSoftware media: Software preloaded on internal flash memory; field upgrades d
267Agency approvalsAgency approvalsNorth AmericaSafety Approvals: United States – UL 60950, Third Edition Canada – CSA: CAN/CSA-C22.2 No. 60950-00EM
268The Netopia 3300 Series complies with the following EU directives: Low Voltage, 73/23/EEC EMC Compatibility, 89/336/EEC, conforming to EN 55 022M
269Manufacturer’s Declaration of Conformance☛ ImportantThis product was tested for FCC compliance under conditions that included the use of shielded
27Set up the Netopia GatewayMacintosh MacOS 9 or higher or Mac OS X: Step 1. Access the TCP/IP or Network control panel. a. Mac OS 9 follows a path li
270Important Safety InstructionsAustralian Safety InformationThe following safety information is provided in conformance with Australian safety requir
27147 CFR Part 68 Information47 CFR Part 68 InformationFCC Requirements1. The Federal Communications Commission (FCC) has established Rules which perm
272d) The REN is used to determine the number of devices that may be connected to a telephone line. Excessive RENs on a telephone line may result in t
273IndexSymbols!! command 176Numerics3-D Reach WirelessConfiguration 39, 73AAccess Control Login 63Access Controls 85Access the GUI 65Address resoluti
274Level 235Diagnostics 15DNS 197DNS Proxy 14Documentationconventions 9Domain Name System(DNS) 197DSL 59, 145DSL Forum settings 245Dynamic Addressing
275IP 60, 146IP address 198, 200Default 65IP interfaces 184IP Passthrough 98IP routes 184IP Source AddressSpoofing 149IPSec Tunnel 184IPSec VPN 226KKe
276PPPoE 12Primary nameserver 197Prompt, CLI 175, 187Protocol compression 215QQoS 135qos max-burst-size 192qos peak-cell-rate 192qos service-class 192
277SHELL level 187SHELL mode 175Show ppp 187Simple Network ManagementProtocol (SNMP) 234SIP Passthrough 209SMTP 212SNMP 212, 234SNMP Notify Typesettin
278
Netopia 3300 seriesNetopia, Inc.6001 Shellmound StreetEmeryville, CA 94608www.netopia.comNetopia Europe2 rue du Docteur Lombard 92130 Issy Les Mouline
28Configure the Netopia Gateway1. Run your Web browser application, such as Firefox or Microsoft Internet Explorer, from the computer connected to the
29Configure the Netopia Gateway3. Congratulations! Your installation is complete. You can now surf to your favorite Web sites by typing an URL in your
3 Table of Contents Table of Contents Copyright . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Introduction
30Netopia Gateway Status Indicator LightsColored LEDs on your Netopia Gateway indicate the status of various port activity. Different Gateway models h
31Netopia Gateway Status Indicator LightsNetopia Gateway 3342/3352 status indicator lights☛ Special patterns:• Both LEDs are off during boot (power o
32Accessing the Web User InterfaceAfter you have performed the basic Quickstart configuration, any time you log in to your Netopia Gateway you will acc
33Links BarLinks BarThe Links Bar is the frame at the left-hand side of the page containing the major navigation links. These links are available from
34HomeHome Page InformationThe Home page displays information about the following categories:• Connection Information• Router Information• Local Netwo
35HomeLink: FirewallWhen you click the Firewall link, the Firewall selection page appears.The Medium setting is recommended, but for special circumsta
36Firewall BackgroundThe following table gives some tips for Firewall settings:As a device on the Internet, a Netopia Gateway requires an IP address i
37HomeThis table shows how inbound traffic is treated. Inbound means the traffic is coming from the WAN into the WAN side of the Gateway. This table sho
38☛ NOTES:• The Gateway’s WAN DHCP client port in Medium mode is enabled. This fea-ture allows end users to continue using DHCP-served IP addresses f
39HomeLink: Wireless(supported models only)When you click Wireless, the 3-D Reach Wireless configuration page appears.Enable WirelessThe wireless funct
Table of Contents 4 Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 CHAPTER 3 Expert
40PrivacyBy default, Privacy is set to On - Manual. This setting uses a preconfigured encryption key for your convenience.IT IS STRONGLY RECOMMENDED TH
41HomeEnable Multiple Wireless IDsThis feature allows you to add additional network identifiers (SSIDs or Network Names) for your wireless network. To
42These additional Wireless IDs are “Closed System Mode” Wireless IDs (see below) that will not be shown by a client scan, and therefore must be manua
43HomeWireless ID in Closed System mode, the Router’s wireless LAN will not appear as an avail-able network when scanned for by wireless-enabled compu
44Enabling WPA and WEP EncryptionWEP Security is a Privacy option that is based on encryption between the Router and any PCs (“clients”) you have with
45Homesure that the client wireless PC is also using the same matching key. The default is key #1.• WPA-802.1x provides RADIUS server authentication s
46• RADIUS Server Addr/Name: The default RADIUS server name or IP address that you want to use.• RADIUS Server Secret: The RADIUS secret key used by t
47HomeWPA-PSKOne of the easiest ways to enable Privacy on your Wireless network is by selecting WPA-PSK (Wi-Fi Protected Access) from the pull-down me
48You can provide a level of data security by enabling WEP (Wired Equivalent Privacy) for encryption of network data. You can enable 40-, 128-, or 256
49HomeSelect Enabled from the pull-down menu.The screen expands to permit you to add MAC addresses.Click the Add button.Once it is enabled, only enter
5 Table of Contents SHELL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176About CONFIG Commands . . . . . . . . . . .
50Click the Submit button.When you are finished adding MAC addresses click the Done button. You will be returned to the 802.11 Wireless page. You can A
51HomeLink: GamingWhen you click Gaming, the NAT (Games and Other Services) page appears.NAT (Games and Other Services) allows you to host internet ap
52Each time you enable a software service or game your entry will be added to the list of Service Names displayed on the NAT Configuration page.To remo
53HomeF-16, Mig 29 F-22, Lightning 3 Fighter Ace IIFTP GNUtella H.323 compliant (Netmeeting, CUSeeME)Half Life Hellbender for Windows, v 1.0 Heretic I
54Define Custom ServiceTo configure a Custom Service, choose whether to use Port Forwarding or Trigger Ports. • Port Forwarding forwards a range of WAN
55HomePort Forwarding forwards a range of WAN ports to an IP address on the LAN. Enter the fol-lowing information: • Service Name: A unique identifier
56• Service Name: A unique identifier for the Custom Service. • Global Port Range: Range of ports on which incoming traffic will be received. • Local Tr
57HomeLink: Expert ModeExpert Mode allows you to configure a wide variety of specific Router and networking set-tings. Expert Mode is for advanced users
58Link: TroubleshootWhen you click the Troubleshoot link, the Links Bar expands to offer two troubleshooting sub-headings: Diagnostics and Statistics.
59HomeEach test generates one of the following result codes:StatisticsWhen you click the Statistics link, the Links Bar expands to display seven stati
Table of Contents 6
60ATMWhen you click ATM, the ATM Statistics page appears.The ATM Statistics page displays detailed statistics about the upstream and downstream data t
61HomeNetwork Routing Table and Host Routing TableThe Routing tables display all of the IP routes currently known to your Router.LANWhen you click LAN
62LogsWhen you click Logs, the Logs page appears.Select a log from the pull-down menu (the pull-down menu is available from every Log page):• All: Dis
63HomeLink: Access Control LoginIf you have configured the onboard Access Control feature (see “Access Control” on page 85) your authorized users must
64Link: HelpWhen you click the Help link in the left-hand column of links a page of explanatory infor-mation displays. Help (in English only) is avail
65Access the Expert Web InterfaceCHAPTER 3 Expert ModeUsing the Web-based user interface for the Netopia 3300-series Gateway you can config-ure, troubl
663. Click on the Expert Mode link in the left-hand column of links.You are challenged to confirm your choice.Click OK.The Home Page opens in Expert Mo
67Access the Expert Web InterfaceHome Page - Expert ModeThe Expert Mode Home Page is the summary page for your Netopia Gateway. The links bar at the l
68Home Page - InformationThe Home Page contains a summary of the Gateway’s configuration settings and status.Summary Information Field Status and
69Links BarLinks BarThe Links Bar is the frame at the left-hand side of the page con-taining the major navigation links. These links are available fro
Introduction 7 Intended Audience Introduction Intended Audience This guide is targeted primarily to residential service subscribers. Advanced section
70Link: ConfigureWhen you click Configure, the Links bar expands to display the configu-ration options available.When you click the Advanced button, even
71Links BarLink: ConnectionWhen you click Connection, the Connection Configuration page appears.Here you can set up or change the way you connect to yo
72• User ID and Password: Provided by your ISP. • Confirm Password: Repeat your Password entry for confirmation • Static IP Address: Your service provid
73Links BarLink: Wireless(supported models only)When you click Wireless, the 3-D Reach Wireless configuration page appears.Enable WirelessThe wireless
74PrivacyBy default, Privacy is set to On - Manual. This setting uses a preconfigured encryption key for your convenience.IT IS STRONGLY RECOMMENDED TH
75Links BarEnable Multiple Wireless IDsThis feature allows you to add additional network identifiers (SSIDs or Network Names) for your wireless network
76These additional Wireless IDs are “Closed System Mode” Wireless IDs (see below) that will not be shown by a client scan, and therefore must be manua
77Links BarWireless ID in Closed System mode, the Router’s wireless LAN will not appear as an avail-able network when scanned for by wireless-enabled
78Enabling WPA and WEP EncryptionWEP Security is a Privacy option that is based on encryption between the Router and any PCs (“clients”) you have with
79Links Barsure that the client wireless PC is also using the same matching key. The default is key #1.• WPA-802.1x provides RADIUS server authenticat
Introduction 8 Introduction Organization This guide consists of six chapters, including a glossary, and an index. It is organized as follows: • “Intr
80• RADIUS Server Addr/Name: The default RADIUS server name or IP address that you want to use.• RADIUS Server Secret: The RADIUS secret key used by t
81Links BarWPA-PSKOne of the easiest ways to enable Privacy on your Wireless network is by selecting WPA-PSK (Wi-Fi Protected Access) from the pull-do
82You can provide a level of data security by enabling WEP (Wired Equivalent Privacy) for encryption of network data. You can enable 40-, 128-, or 256
83Links BarSelect Enabled from the pull-down menu.The screen expands to permit you to add MAC addresses.Click the Add button.Once it is enabled, only
84Click the Submit button.When you are finished adding MAC addresses click the Done button. You will be returned to the 802.11 Wireless page. You can A
85Links BarLink: Access ControlBasic Access Controls prevent designated users from accessing certain types of undesir-able Internet content. You can d
86Check the Enable Access Control checkbox and click the Submit button.Return to the Access Control configuration page. Click the Setup link in Access
87Links BarHere you can add the names and passwords of authorized users, and set their “Maturity Level” from the pull-down menu. Available maturity le
88After you have added your users and configured their access control settings, you can return to the Access Control pages at any time to add more user
89Links BarThe Edit User Profiles screen appears.• Manage Users – returns you to the previous screen.• User Profile – takes you to the User Profile scree
Introduction 9 Documentation Conventions Documentation Conventions General This manual uses the following conventions to present information: Interna
90Web Filter ProfileWhen you click the Web Filter Profile link, the Block/Allow Websites screen appears.The Web Filter Profile allows you to Block or All
91Links BarChat Filter ProfileWhen you click the Chat Filter Profile link, the Chat Filtering screen appears.Chat Filtering allows you to choose whether
92• Messaging Privileges Selection – Choose whether or not this user may use any instant messaging (chat) service. The default privilege is May not us
93Links BarEmail Filter ProfileWhen you click the Email Filter Profile link, the Email Filtering screen appears.Email Filtering allows you to choose whe
94You can limit email sources to an approved list of email servers, such as those used by the family, or further, to an approved list of individuals,
95Links BarDelete User ProfileWhen you click the Delete User Profile link, the Confirm Deletion of User screen appears.
96Link: DHCP ServerWhen you click DHCP Server, the DHCP Server Configuration page appears.This feature simplifies network administration because the Rou
97Links Bar• DHCP Lease: Specifies the default length for DHCP leases issued by the Router. Enter lease time in dd:hh:mm:ss (days/hours/minutes/seconds
98Link: IP PassthroughWhen you click IP Passthrough, the IP Passthrough Configuration page appears.The IP passthrough feature allows a single PC on the
99Links BarIf you select “User Configured PC”, you must then configure a local PC to have the pub-lic WAN IP address. 2. Click Enable.You will be remind
Commentaires sur ces manuels