Administrator’s HandbookMotorola Netopia® Embedded Software Version 7.7.4Qwest
Introduction10 Introductioncurly ({ }) brackets, with values separated with vertical bars (|).Alternative values for an argument are presented in curl
100Parameter DescriptionsThe following tables describe SafeHarbour’s parameters that are used for an IPSec VPN tunnel configuration:Table 2: IPSec Conf
101Links BarPAT Address If NAT is enabled, this field appears. You can specify a Port Address Trans-lation (PAT) address or leave the default all-zeroe
102SA Hash Type SA Hash Type refers to the Authentication Hash algorithm used during SA negotiation. Values supported include MD5 and SHA1. N/A will
103Links BarXauth Enable Extended Authentication (XAuth), an extension to the Internet Key Exchange (IKE) protocol. The Xauth extension provides dual
104Link: Router PasswordWhen you click Router Password, the Router Password page appears.By default, your Gateway requires no password to access the a
105Links BarLink: Time ZoneWhen you click the Time Zone link, the Time Zone page appears.You can set your local time zone by selecting your time zone
106Link: VLANWhen you click VLAN, the VLANs page appears.OverviewA Virtual Local Area Network (VLAN) is a network of computers or other devices that b
107Links Bartion parameters can be applied to each individual service, delivering that service to the appropriate peripheral device with the required
108When configuring VLANs you must define how traffic needs to be forwarded:• If traffic needs to be bridged between LAN and WAN you can create a single V
109Links BarAn example of multiple VLANs, using a Motorola Netopia® Gateway with VGx managed switch technology, is shown below:A VLAN Model Combining
11CHAPTER 1 Overview of Major CapabilitiesThe Motorola Netopia® Gateway offers simplified setup and management features as well as advanced broadband G
110To configure VLANs check the Enable checkbox.To create a VLAN select a list item from the main VLAN page and click the Edit button.The VLAN Entry pa
111Links BarYou can create up to 16 VLANs, and you can also restrict any VLAN, and the computers on it, from administering the Gateway.• VLAN Name – A
112• VLAN ID – If you select Global as the VLAN Type, the VLAN ID field appears for you to enter a VID. This must be a unique identifying number betwee
113Links BarThe Port Configuration screen appears.• Port interfaces available for this VLAN are listed in the left hand column. • Displayed port interf
114• When you enable an interface, the Tag, Priority, and Promote checkboxes and an 802.1p Priority Bit pull-down menu appear for that interface.Tag –
115Links Bar• Select an IP Interface for this VLAN. These selections will vary depending on your IP interfaces. For example, if you have set up multip
116You can Edit, Clear, Enable, or Disable your VLAN entries by returning to the VLANs page, and selecting the appropriate entry from the displayed li
117Links BarThe screen expands to display the VLAN settings.
118ExampleYou want to configure a 3347-02 Gateway with two SSIDs (see “Enable Multiple Wireless IDs” on page 136 for more information) for two VLANs, a
119Links Bar2. Check the Enable checkbox, and in the VLAN Name box, enter the name you would like.For example, call it Network A.Since this VLAN will
12Wide Area Network TerminationPPPoE/PPPoA (Point-to-Point Protocol over Ethernet/ATM)The PPPoE specification, incorporating the PPP and Ethernet stand
120In this case, select all the physical Ethernet ports: eth0.1 through eth0.4, and wireless ssid1. Select ip-eth-a, the IP interface for the group. T
121Links BarThe VLAN Name must be given another unique name. For example, call it Network B.Since this is for the second SSID that we don’t want to be
1228. In the Port Configuration for VLAN: 2 page, you add the Port Interfaces you want associated with the VLAN.Select the ip-eth-a port interface and
123Links Bar10. Next, create a VLAN to provide the Inter-Vlan-Groups access to the Internet (WAN).For example, call it WAN VLAN.11. Click the Submit b
124Check the vcc1 checkbox, select the ip-vcc1 IP interface, and check the Inter-Vlan-Group Group-1 and Group-2 checkboxes. Members of Groups 1 and 2
125Links BarLink: Wireless(supported models only)When you click Wireless, the 3-D Reach Wireless configuration page appears.Enable WirelessThe wireless
126• or enter this name on their clients in order to join this wireless LAN.PrivacyThe pull-down menu for enabling Privacy offers four settings: WPA-8
127Links BarAdvanced Configuration Options (optional)When you click the Advanced Configuration Options button, the Advanced 802.11 Wireless screen appea
128Default Channel(1 through 11, for North America) on which the network will broadcast. This is a frequency range within the 2.4Ghz band. Channel sel
129Links BarIf you do not enable Closed System Mode, it is more convenient, but potentially less secure, for clients to access your WLAN by scanning a
13Wide Area Network Termination• Your network may change address with each connection making it more difficult to attack.When you configure Instant On a
130Privacy• OFF - No Privacy: This mode disables privacy on your network, allowing any wireless users to connect to your wireless LAN. Use this option
131Links BarRADIUS Server authenticationRADIUS servers allow external authentication of users by means of a remote authentica-tion database. The remot
132The Configure RADIUS Server screen appears.Enter your RADIUS Server information in the appropriate fields:• RADIUS Server Addr/Name: The default RADI
133Links BarWPA-PSKOne of the easiest ways to enable Privacy on your Wireless network is by selecting WPA-PSK (Wi-Fi Protected Access) from the pull-d
134WEP-ManualAlternatively, you can enable WEP (Wired Equivalent Privacy) encryption by selecting WEP-Manual from the Privacy pull-down menu.You can p
135Links BarWEP - Manual allows you to enter your own encryption keys manually. This is a difficult process, but only needs to be done once. Avoid the
136Enable Multiple Wireless IDsThis feature allows you to add additional network identifiers (SSIDs or Network Names) for your wireless network. To ena
137Links BarPrivacy modes available from the pull-down menu for the multiple SSIDs are: WPA-PSK, WPA-802.1x, or Off-No Privacy.These additional Wirele
138Click the Yes button, and the Gateway will restart with your new settings.☛ NOTES:The Gateway supports up to 4 different SSIDs: • One SSID is broa
139Links BarWiFi MultimediaWiFi Multimedia is an advanced feature that allows you to prioritize various types of data travelling over the wireless net
14Simplified Local Area Network SetupDHCP (Dynamic Host Configuration Protocol) ServerDHCP Server functionality enables the Gateway to assign to your LA
140The screen expands.Router EDCA Parameters (Enhanced Distributed Channel Access) govern wireless data from your Gateway to the client; Client EDCA P
141Links Bar• cwMax: (Maximum Contention Window) upper limit in milliseconds of the range of determining final random backoff. The value you choose mus
142The screen expands to permit you to add MAC addresses.Click the Add button.Once it is enabled, only entered MAC addresses that have been set to All
143Links BarClick the Submit button.When you are finished adding MAC addresses click the Save Changes button. You will be returned to the 802.11 Wirele
144Link: StatusWhen you click the Status link, the Links Bar expands to display nine statistical sub-head-ings.These screens will vary depending on yo
145Links Bar• SN Margin (db): Signal to noise margin, in decibels. Reflects the amount of unwanted “noise” on the DSL line. • Line Attenuation: Amount
146IP interfaces• Address: Your Router's IP address as seen from your internal network (LAN), and from the public Internet (WAN) • Netmask: The s
147Links BarUSB (supported models only)When you click USB, the USB Statistics page appears.The USB Statistics page:• displays your Router's uniqu
148The CURRENT Router STATUS is displayed for all logs.• To clear the individual logs, click the Clear Log button for that page.• To clear all the log
149Links BarLink: DiagnosticsWhen you click Diagnostics, the Diagnostics page appears.This automated multi-layer test examines the functionality of th
15Simplified Local Area Network SetupUPnP™Universal Plug and Play (UPnP™) is a set of protocols that allows a PC to automatically dis-cover other UPnP
150This sequence of tests takes approximately one minute to generate results. Please wait for the test to run to completion. Each test generates one o
151Links BarLink: Remote AccessWhen you click Remote Access, the Enable Remote Access page appears.This link allows you to authorize a remotely-locate
152Link: Update RouterWhen you click Update Router, the Software Upgrade page appears.Operating System Software is what makes your Router run and occa
153Links BarLink: Reset RouterYou might need to reset your Router to its factory default state, and clear all of your previ-ous settings. The Reset Ro
154Link: Restart RouterWhen the Gateway is restarted, it will disconnect all users, initialize all its interfaces, and copy the Operating System Softw
155Basic ModeBasic ModeWhen you click Basic Mode, you will be returned to the Basic Mode Home Page.
156HelpWhen you click the Help link in the left-hand column of links a page of explanatory informa-tion displays. Help is available for every page in
157CHAPTER 4 Basic TroubleshootingThis section gives some simple suggestions for troubleshooting problems with your Gate-way’s initial configuration.Be
158Status Indicator LightsThe first step in troubleshooting is to check the status indicator lights (LEDs) in the order outlined in the following secti
159Status Indicator LightsLED Function Summary MatrixIf a status indicator light does not look correct, look for these possible problems: Power DSL In
16ManagementEmbedded Web ServerThere is no specialized software to install on your PC to configure, manage, or maintain your Motorola Netopia® Gateway.
160Ethernet• Make sure the you are using the Ethernet cable, not the DSL cable. The Ethernet cable is thicker than the standard telephone cable.• Make
161Factory Reset SwitchFactory Reset SwitchLose your password? This section shows how to reset the Netopia Gateway so that you can access the configura
162
163CHAPTER 5 Command Line InterfaceThe Motorola Netopia® Gateway operating software includes a command line interface (CLI) that lets you access your
164“IP Settings” on page 215 “Syslog” on page 274“Queue Configuration” on page 231 “Wireless Settings (supported models)” on page 277“IPMaps Settings”
165OverviewOverviewThe CLI has two major command modes: SHELL and CONFIG. Summary tables that list the commands are provided below. Details of the ent
166view to show configuration informationvoip to show VoIP infowho to show who is using the shell
167OverviewCONFIG CommandsCommand Verbs Status and/or Descriptiondelete Delete configuration list datahelp Help command optionsave Save configuration da
168Starting and Ending a CLI SessionOpen a telnet connection from a workstation on your network.You initiate a telnet connection by issuing the follow
169Using the CLI Help FacilityEnding a CLI SessionYou end a command line interface session by typing quit from the SHELL node of the command line inte
17Management☛ NOTE:Your Service Provider may request information that you acquire from these var-ious diagnostic tools. Individual tests may be perfo
170About SHELL CommandsYou begin in SHELL mode when you start a CLI session. SHELL mode lets you per form the following tasks with your Motorola Netop
171SHELL CommandsSHELL CommandsCommon Commandsarp nnn.nnn.nnn.nnnSends an Address Resolution Protocol (ARP) request to match the nnn.nnn.nnn.nnn IP ad
172Each test generates one of the following result codes:download [server_address ] [filename] [confirm]This command installs a file of configuration para
173SHELL CommandsThe server_address argument identifies the IP address of the TFTP server on which your Motorola Netopia® Gateway operating software is
174• 5 or failure – Failures; includes messages describing error conditions that may not be recoverable. netstat -i Displays the IP interfaces for you
175SHELL Commandsquit Exits the Motorola Netopia® Gateway command line interface.reset arp Clears the Address Resolution Protocol (ARP) cache on your
176reset heartbeatRestarts the heartbeat sequence.reset ipmapClears the IPMap table (NAT).reset logRewinds the diagnostic log display to the top of th
177SHELL Commandsrestart [seconds]Restarts your Motorola Netopia® Gateway. If you include the optional seconds argument, your Motorola Netopia® Gatewa
178show diffservDisplays the Differentiated Services and QoS values configured in the Motorola Netopia® Gateway.show dslf device-associationDisplays LA
179SHELL CommandsPort Status: Link upDuplex: Full-duplex not activeSpeed: 100BASE-X Transmit OK : 3309 Transmit unicastpkts : 31 Receive
18SecurityRemote Access ControlYou can determine whether or not an administrator or other authorized person has access to configuring your Gateway. Thi
180show ip igmpDisplays the contents of the IGMP Group Address table and the IGMP Report table main-tained by your Motorola Netopia® Gateway.show ip i
181SHELL Commandsshow logDisplays blocks of information from the Motorola Netopia® Gateway diagnostic log. To see the entire log, you can repeat the s
182show vlanDisplays detail of VLAN status and statistics.Example:show vlanDisplaying vlan segment interfaces==== vlan mode ======== segment 0 port ma
183SHELL CommandsSumPort : 00000000-00000000==== segment 8 port masks ====PortPort : 00000000-00000000GlobalPort : 00000000-00000000SumPort :
184 Type : 1 Index : 2 Vid : 3 PortMask : 0000003c-00000000 SwitchMask : 0000003c WirelessMask : 00000000 ==== vlan active link ====
185SHELL Commands• The hostname argument is the name of the device to which you want to connect; for example, telnet ftp.netopia.com.• The ip_address
186Use the segment argument to ping a neighbor switch.Use the end-to-end argument to ping a remote end node.reset dhcp client release [ vcc-id ]Releas
187About CONFIG Commandsshow ppp [{ stats | lcp | ipcp }]Displays information about open PPP links. You can display a subset of the PPP statistics by
188prompt and pressing RETURN. For example, you move to the IP subnode by entering ip and pressing RETURN.Netopia-3000/9437188 (top)>> ipNetopia
189About CONFIG Commandsset ip ethernet A 192.31.222.57Guidelines: CONFIG CommandsThe following table provides guidelines for entering and formatting
19SecurityThe Motorola Netopia® Gateway tracks which local hosts are communicating with which remote hosts. It routes packets received from remote net
190then enter the configuration values appropriate for your site without having to enter com-plete CLI commands.When you are in step mode, the command
191CONFIG CommandsCONFIG CommandsThis section describes the keywords and arguments for the various CONFIG commands.Remote ATA Configuration CommandsMot
192set ata profile [ 0... 3 ] ata-dhcpc-vid stringSpecifies a vendor ID for the specified profile when ata-dhcpc-vid-enable is on.set ata profile [ 0...
193CONFIG Commandsset ata profile [ 0... 3 ] ata-outproxy-port portSpecifies an outbound proxy server port, typically 5060, for the specified profile.set
194DSL CommandsATM Settings. You can use the CLI to set up each ATM virtual circuit. set atm option {on | off } Enables the WAN interface of the Motor
195CONFIG Commandsset atm [vcc n] qos sustained-cell-rate { 1 ...n }If QoS class is set to vbr, then specify the sustained-cell-rate that should apply
196set atm [vccn] pppoe-sessions { 1 ... 8 }Select the number of PPPoE sessions to be configured for VCC 1, up to a total of eight. The total number o
197CONFIG Commands☛ NOTE:A filterset can only be configured for the bridge if the system bridge or concur-rent bridging/routing is enabled.set bridge e
198DHCP SettingsAs a Dynamic Host Control Protocol (DHCP) server, your Motorola Netopia® Gateway can assign IP addresses and provide configuration info
199CONFIG Commandschoose what group of gen-options is to be served to a particular DHCP Client. See “DHCP Generic Options” on page 200 and “DHCP Optio
2 Copyright Copyright © 2007 by Motorola, Inc.All rights reserved. No part of this publication may be reproduced in any form or by any means or used
20Motorola Netopia® Advanced Features for NATUsing the NAT facility provides effective LAN security. However, there are user applications that require
200DHCP Generic OptionsYou can specify DHCP Generic Options which allow you to configure the content to be served for particular option numbers.set dhc
201CONFIG Commands28 IP address 4 Yes29 - 31 Flag 1 Yes32 IP address 4 Yes33 IP address and mask list Multiples of 8 Yes34 Flag 1 Yes35 Unsigned 4 byt
20264 String (up to 100 characters) N Yes65 IP address list Multiples of 4 Yes66 - 67 String (up to 100 characters) N Yes68 - 76 IP address list Multi
203CONFIG Commandsset dhcp gen-option data-type [ ascii | hex | dotted-decimal ]Specifies the DHCP gen-option data type: ascii, hex or dotted-decimal.s
204DHCP Option FilteringBeginning with Firmware Version 7.7, support for DHCP option filtering is provided via the filterset settings.set dhcp filterset
205CONFIG Commands [ pass | discard | continue ] Assigns an absent action to the filterset. If set to pass the absent-pool address is hid-den.set
206192.168.6.100set dhcp filterset name "settopbox" rule 1 absent-pool 0.0.0.0Netopia-3000/9450000 (dhcp)>>set dhcp assigned-filterset
207CONFIG CommandsDMT SettingsDSL Commandsset dmt dsl-annex-support [ off | on ]This controls whether other annex support (just as Annex M) is enabled
208(inner or outer pair) are in use on your phone line. Specifying tip_ring forces the inner pair to be used; and A_A1 the outer pair.set dmt metallic
209CONFIG Commandsset dns secondary-address ip_addressSpecifies the IP address of the secondary DNS name server. Enter 0.0.0.0 if your network does not
21Security☛ WARNING:NAT Bypass configuration allows inbound access to the specified LAN station. Contact your Network Administrator for LAN security qu
210Dynamic DNS SettingsDynamic DNS support allows you to use the free services of www.dyndns.org. Dynamic DNS automatically directs any public Interne
211CONFIG CommandsIGMP SettingsMulticasting is a method for transmitting large amounts of information to many, but not all, computers over an internet
212• IGMP Snooping – enables the Motorola Netopia® Gateway to “listen in” to IGMP traf-fic. The Gateway discovers multicast group membership for the pu
213CONFIG Commandsaddress. When a leave message is received, the querier can check its internal table to see if there are any more clients on this gro
214set igmp version [ 1 | 2 | 3 ]Sets the IGMP querier version: version 1, version 2, or version 3. If you know you will be communicating with other h
215CONFIG CommandsIP SettingsYou can use the command line interface to specify whether TCP/IP is enabled, identify a default Gateway, and to enter TCP
216set ip dsl vccn broadcast broadcast_addressSpecifies the broadcast address for the TCP/IP network connected to the virtual circuit. IP hosts use the
217CONFIG CommandsPPPoE/PPPoA causes the Gateway to attempt to connect by trying these protocols in par-allel, and using the first one that is successf
218If you specify v2-MD5, you must also specify a rip-send-key. Keys are ASCII strings with a maximum of 31 characters, and must match the other route
219CONFIG Commandsset ip ethernet A netmask netmaskSpecifies the subnet mask for the local Ethernet inter face. The subnet mask specifies which bits of
22A typical VPN IPSec Tunnel pass through is diagrammed below:☛ NOTE:Typically, no special configuration is necessary to use the IPSec pass through fe
220set ip ethernet A rip-receive { off | v1 | v2 | v1-compat | v2-MD5 }Specifies whether the Motorola Netopia® Gateway should use Routing Information P
221CONFIG Commandsremote network. If you specify ppp, the Motorola Netopia® unit uses the default gateway being used by the remote PPP peer.IP-over-PP
222The default value for the ip_address argument is 0.0.0.0, which indicates that the vir-tual PPP interface will accept the IP address returned by th
223CONFIG Commandswith MD5 authentication is an extension of RIP-2 that increases security by requiring an authentication key when routes are advertis
224set ip ip-ppp vccn dns acquired-dns-priority [ 0 - 255 ]Sets the priority for DNS acquired via PPP. See “Domain Name System Settings” on page 208 f
225CONFIG CommandsStatic ARP SettingsYour Motorola Netopia® Gateway maintains a dynamic Address Resolution Protocol (ARP) table to map IP addresses to
226IP Prioritizationset ip prioritize [ off | on ]Allows you to support traffic that has the TOS bit set. This defaults to off.
227CONFIG CommandsDifferentiated Services (DiffServ)set diffserv option [ off | on ]Turns the DiffServ option off (default) or on. on enables the serv
228set diffserv custom-flows name name protocol [ TCP | UDP | ICMP | other ] direction [ outbound | inbound | both ] start-port
229CONFIG Commands• qos – Allows you to specify the Quality of Service for the flow: off, assure, expedite or network-control. These are used both to m
23SecurityDynamic DNSDynamic DNS support allows you to use the free services of www.dyndns.org. Dynamic DNS automatically directs any public Internet
230set diffserv qos dscp-map-1 [ best-effort | assured | expedite | network-control ]...set diffserv qos dscp-map-31 [ best-effort | assur
231CONFIG CommandsQueue ConfigurationBeginning with Firmware Version 7.7.4, the queuing characteristics of all “N” and “-02” model Gateway’s WAN interf
232set queue name queue_name option [ on | off ] type [ basic | wfq | priority | funnel ]Creates a queue named queue_name and assign
233CONFIG CommandsWeighted Fair Queueset queue name wfq option [ on | off ]set queue name wf_queue_name type wfqset queue name wf_queue_name weight-ty
234set queue name "wfq" entry 3 weight 30000set queue name "wfq" entry 3 share-bw offset queue name "wfq" entry 4 input
235CONFIG CommandsPriority Queueset queue name priority_queue_name option [ off | on ]set queue name priority_queue_name type priorityset queue name p
236Funnel QueueA funnel queue is used to limit the rate of the transmission below the actual line rate:set queue name funnel_queue_name option [ on |
237CONFIG CommandsSIP Passthroughset ip sip-passthrough [ on | off ]Turns Session Initiation Protocol application layer gateway client passthrough on
238set ip static-routes destination-network net_address netmask netmaskSpecifies the subnet mask for the IP network at the other end of the stati
239CONFIG Commandsdelete ip static-routes destination-network net_addressDeletes a static route. Deleting a static route removes all information assoc
240Network Address Translation (NAT) Default SettingsNAT default settings let you specify whether you want your Motorola Netopia® Gateway to forward N
241CONFIG CommandsTo set up NAT pinholes, you identify the type(s) of traffic you want to redirect by port num-ber, and you specify the internal host t
242set pinhole name name internal-port [ 0 - 65535 ]Specifies the port number your Motorola Netopia® Gateway should use when forwarding traffic of the s
243CONFIG Commandsset ppp module [vccn] protocol-compression { on | off }Specifies whether you want the Motorola Netopia® Gateway to compress the PPP P
244set ppp module [vccn] terminate-max integerSpecifies the maximum number of unacknowledged termination requests that your Motor-ola Netopia® Gateway
245CONFIG CommandsConfiguring Port Authentication. You can use the following command to specify how your Motorola Netopia® Gateway should respond when
246PPPoE with IPoE SettingsEthernet WAN platformsset wan-over-ether pppoe [ on | off ]Enables or disables PPPoE on the Ethernet WAN interface.set wan-
247CONFIG Commandsset ip ip-ppp enet-B option onset ip ip-ppp enet-B address 0.0.0.0set ip ip-ppp enet-B peer-address 0.0.0.0set ip ip-ppp enet-B rest
248set ip ip-ppp vcc1 mcast-fwd [ on | off }Enables or disables multi-cast forwarding on the specified interface. If set to on, this inter-face acts as
249CONFIG Commands802.3ah Ethernet OAM Settings802.3ah Ethernet in the First Mile (EFM) Operations Administration and Maintenance (OAM) is a group of
25CHAPTER 2 Basic Mode SetupMost users will find that the basic Quickstart configuration is all that they ever need to use. This section may be all that
250set ethernet oam ah discovery-timer [ 1 - 300 ]Specifies the discovery timer value for continuity check in seconds. Range is 1 – 300 sec-onds. Defau
251CONFIG CommandsCommand Line Interface Preference SettingsYou can set command line interface preferences to customize your environment. set preferen
252Port Renumbering SettingsIf you use NAT pinholes to forward HTTP or telnet traffic through your Motorola Netopia® Gateway to an internal host, you m
253CONFIG CommandsSecurity SettingsSecurity settings include the Firewall, Packet Filtering, Stateful Inspection, and IPSec parameters. Some of the se
254TIPS for making your BreakWater Basic Firewall Selection Basic Firewall BackgroundAs a device on the Internet, a Motorola Netopia® Gateway requires
255CONFIG CommandsThis table shows how inbound traffic is treated. Inbound means the traffic is coming from the WAN into the WAN side of the Gateway. Th
256☛ NOTE:The Gateway’s WAN DHCP client port in SilentRunning mode is enabled. This feature allows end users to continue using DHCP-served IP address
257CONFIG Commandsset security ipsec tunnels name "123"The name of the tunnel can be quoted to allow special characters and embedded spaces.
258set security ipsec tunnels name "123" IKE-mode pre-shared-key ("") {hex string}See page 94 for details about SafeHarbour
259CONFIG Commandsset security ipsec tunnels name "123" IKE-mode PFS-enable { off | on }See page 94 for details about SafeHarbour IPsec
26Important Safety InstructionsPOWER SUPPLY INSTALLATIONConnect the power supply cord to the power jack on the Motorola Netopia® Gateway. Plug the pow
260set security ipsec tunnels name "123" local-id id_valueSpecifies the NAT local ID value as specified in the local-id-type for the specified
261CONFIG CommandsInternet Key Exchange (IKE) SettingsThe following four IPsec parameters configure the rekeying event.set security ipsec tunnels name
262Stateful InspectionStateful inspection options are accessed by the security state-insp tag.set security state-insp [ ip-ppp | dsl ] vccn option [ o
263CONFIG Commandsset security state-insp udp-timeout [ 30 - 65535 ]Sets the stateful inspection UDP timeout interval, in seconds.set security state-i
264 exposed-address# "n" protocol [ tcp | udp | both | any ]Sets the protocol for the stateful inspection feature for the exposed addr
265CONFIG CommandsSNMP SettingsThe Simple Network Management Protocol (SNMP) lets a network administrator monitor problems on a network by retrieving
266You must put the location_info argument in double-quotes if it contains embedded spaces.SNMP Notify Type Settingsset snmp notify type [ v1-trap | v
267CONFIG Commandsset snmp v3 ro-account security-name stringAdds the specified 1 – 32 character name string as the name of the Read-Only user.set snmp
268set snmp v3 rw-account security-name stringAdds the specified 1 – 32 character name string as the name of the Read-Write user.set snmp v3 rw-account
269CONFIG Commandsshow snmp v3 engine-idDisplays the router’s SNMP Engine ID. This is not editable.System SettingsYou can configure system settings to
27Set up the Motorola Netopia® GatewaySet up the Motorola Netopia® GatewayRefer to your Quickstart Guide for instructions on how to connect your Motor
270• medium - Medium-level informational messages or greater; includes status messages that can help monitor network traffic.• high - High-level inform
271CONFIG Commandsset system ftp-server option [ off | on ]Enables or disables a simple FTP server in the Gateway. If enabled, the Gateway will accept
272set system password { admin | user }Specifies the administrator or user password for a Motorola Netopia® Gateway. When you enter the set system pass
273CONFIG Commandsout, each heartbeat sequence will send out a total 20 heartbeats, spaced at 30 second intervals, and then sleep for 30 minutes. So t
274http://<domain-name OR IP address>/optionalPathhttps://<domain-name OR IP address>/optionalPath:porthttps://<domain-name OR IP addre
275CONFIG CommandsDefault syslog installation procedure1. Access the router via telnet from the private LAN.DHCP server is enabled on the LAN by defau
276 set system ntp alt-server-address <ip-addr>5. Type the command to save the configuration• Type save• Exit the configuration interface by typi
277CONFIG CommandsWireless Settings (supported models)set wireless option ( on | off )Administratively enables or disables the wireless interface.set
278set wireless mode { both-b-and-g | b-only | g-only }Specifies the wireless operating mode for connecting wireless clients: both-b-and-g, b-only, or
279CONFIG Commandsset wireless multi-ssid second-ssid-wpa-ver { all | WPA1-only | WPA2-only }set wireless multi-ssid third-ssid-wpa-ver { all |
28Microsoft Windows: Step 1. Navigate to the TCP/IP Properties Control Panel.a. Windows 98, ME. and 2000 versions follow a path like this:Start menu -
280set wireless no-bridging [ off | on ]When set to on, this will block wireless clients from communicating with other wireless cli-ents on the LAN si
281CONFIG CommandsWireless Multi-media (WMM) SettingsRouter EDCA Parameters (Enhanced Distributed Channel Access) govern wireless data from your Gatew
282set wireless wmm router-edca video { aifs 1... 255 } set wireless wmm router-edca video { cwmin value } set wireless wmm router-edca video { cwmax
283CONFIG Commandsset wireless wmm client-edca background { aifs 1... 255 } set wireless wmm client-edca background { cwmin value } set wireless wmm c
284Wireless Privacy Settingsset wireless network-id privacy option { off | WEP | WPA-PSK | WPA-802.1x }Specifies the type of privacy enabled on
285CONFIG CommandsFor simplicity, it is easiest to have both the Gateway and the client transmit with the same key. The default is 1.set wireless netw
286set wireless mac-auth wrlss-MAC-list mac-addressMAC-address_stringEnters a new MAC address into the MAC address authorization table. The format for
287CONFIG CommandsRADIUS Server Settingsset radius radius-name "server_name_string"Specifies the default RADIUS server name or IP address.set
288VLAN SettingsYou can create up to 8 VLANs, and you can also restrict any VLAN, and the computers on it, from administering the Gateway. See “VLAN”
289CONFIG Commandsset vlan name name ports port tag [ off | on ]If set to on, packets transmitted from this port through this VLAN must be tagged with
29Set up the Motorola Netopia® Gatewayc. Windows Vista is set to obtain an IP address automatically by default. You may not need to configure it at all
290Example 1:•A simple example using the “Step” method – Navigate to the VLAN item:Netopia-3000/9437188 (top)>> vlanNetopia-3000/9437188 (vlan)&
291CONFIG CommandsExample 2:•An example of a “Triple-Play” setup:set vlan name "LanPorts" type by-portset vlan name "LanPorts" adm
292set vlan name "Voip_217" ip-interfaces ip-eth-a option offset vlan name "Voip_217" inter-vlan-routing group-1 onset vlan name &
293CONFIG Commandsset vlan name "Video_31" type globalset vlan name "Video_31" id 31set vlan name "Video_31" admin-restr
294VoIP settings(supported models only)Voice-over-IP (VoIP) refers to the ability to make voice telephone calls over the Internet. This differs from t
295CONFIG Commandsset voip phone [ 0 | 1 ] sip-registrar-setting sip-expires-time [ 0 - 65535 ]Specifies the SIP registration server time-out dur
296 [ 1 | 2 | 3 | 4 | 5 | 6 | 7 | none ]Assigns a priority to the ulaw codec, the common analog voice encoding method used in North America.set v
297CONFIG Commands• inband: sends the DTMF digits as a normal inband tone.• rfc2833: sends the DTMF digits as an event as part of the RTP packet heade
298set voip phone [ 0 | 1 ] sip-advanced-setting call-feature call-waiting-option [ off | on ]call-waiting-option – enables or disables call
299CONFIG Commands echo-max-attenuation [ 0 - 65535 ]echo-max-attenuation – specifies the maximum attenuation level at which to invoke echo ca
3 Table of Contents Table of Contents Copyright . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Introduction
30Macintosh MacOS 9 or higher or Mac OS X: Step 1. Access the TCP/IP or Network control panel. a. Mac OS 9 follows a path like this:Apple Menu -> C
300set voip phone: 0 auth-id "4004"set voip phone: 0 codec G711A priority 1set voip phone: 0 codec G711U priority 2set voip phone: 0 codec G
301CONFIG Commandsset voip phone: 1 sip-advanced-setting sip-dtmf-mode rfc2833set voip phone: 1 sip-advanced-setting sip-end-of-dial-marker offset voi
302DSL Forum settingsTR-064 is a LAN-side DSL CPE configuration specification and TR-069 is a WAN-side DSL CPE Management specification.TR-064DSL Forum L
303CONFIG CommandsThe auto-config server is specified by URL and port number. The format for the ACS URL is as follows:http://some_url.com:port_numberor
304Backup IP Gateway SettingsThe purpose of Backup is to provide a recovery mechanism in the event that the primary connection fails. A failure can be
305CONFIG Commandsset backup ping-host [ 1 | 2 ] [ name hostname | ip-address ip_address ]Specifies an IP address or resolvable DNS name for the Gatewa
306VDSL Settings☛ CAUTION!These settings are for very advanced users and lab technicians. Exercise extreme caution when modifying any of these settin
307CONFIG CommandsVDSL Parameter DefaultsParameter Default Meaningsys-option 0x00 VDSL system option(bit0=ntr, 1=margin, 2=ini, 3=pbo, 4=tlan, 5=pbo)
308VDSL Parameters Accepted ValuesParameter Accepted Valuessys-option Bit[0]: NTR_DISABLEBit[1]: ALW_MARGIN_ADJUST.1: the SNR margin for the optional
309CONFIG Commandssys-bandplan BP1_998_3 (0x00)BP2_998_3 (0x01)BP998_3B_8_5M (0x01) BP3_998_4 (0x02)BP998_4B_12M (0x02)BP4_997_
31Configure the Motorola Netopia® GatewayConfigure the Motorola Netopia® Gateway1. Run your Web browser application, such as Firefox or Microsoft Inter
310psd-mask-level 0x00 -- default mask (old gains from before)0x01 -- ANSI M1 CAB0x02 -- ANSI M2 CAB0x03 -- ETSI M1 CAB0x04 -- ETSI M2 CAB0x05 -- ITU-
311CONFIG Commandsport-bandplan BP1_998_3 (0x00)BP2_998_3 (0x01)BP998_3B_8_5M (0x01) BP3_998_4 (0x02)BP998_4B_12M (0x02)BP4_997
312framing-mode HDLC – 0x80AUTO – 0x90ATM – 0x00band-mod Bit 0, 1: Tx Cfg band1- All tones on2- All tones below 640 Khz are turned off3- All tones bel
313CONFIG Commandsrx-filter 0: using internal filter in Rx path1: using K1 external filter in Rx path(for Korea VLR Application)2: using U1 external filte
314
315CHAPTER 6 Glossary10Base-T. IEEE 802.3 specification for Ethernet that uses unshielded twisted pair (UTP) wiring with RJ-45 eight-conductor plugs at
316adapter. Board installed in a computer system to provide net-work communication capability to and from that computer sys-tem.address mask. See subn
317-----B-----backbone. The segment of the network used as the primary path for transporting traffic between network segments.baud rate. Unit of signal
318and Telephone. An international organization responsible for developing telecommunication standards.CD. Carrier Detect.CHAP. Challenge-Handshake Au
319datagram. Logical grouping of information sent as a network-layer unit. Compare frame, packet.DCE. Digital Communication Equipment. Device that con
32When you connect to your Gateway as an Administrator, you enter “admin” as the User-Name and the Password you just created.The browser displays the
320domain name. Name identifying an organization on the Inter-net. Domain names consists of sets of characters separated by periods (dots). The last s
321encapsulation. Technique used to enclose information format-ted for one protocol, such as AppleTalk, within a packet format-ted for a different pro
322ity, the modem signals the computer to stop while it catches up on processing the data in the buffer. See CTS, RTS, xon/xoff.fragmentation. Process
323hardware handshake. Method of flow control using two con-trol lines, usually Request to Send (RTS) and Clear to Send (CTS).header. The portion of a
324inbound access, and verifying down to the packet level that the network traffic is only what the customer chooses. The Motor-ola Netopia® Gateway wo
325-----L-----LCP. Link Control Protocol. Protocol responsible for negotiating connection configuration parameters, authenticating peers on the link, d
326modem. Modulator/demodulator. Device used to convert a dig-ital signal to an analog signal for transmission over standard telephone lines. A modem
327two-way message exchanges while Aggressive mode only requires 3 total message exchanges.null modem. Cable or connection device used to connect two
328PFS, the key used to protect transmission of data must not be used to derive any additional keys. If the key was derived from some other keying mat
329RIP. Routing Information Protocol. Protocol responsible for dis-tributing information about available routes and networks from one router to anothe
33Configure the Motorola Netopia® GatewayOnce you enter your User Name and Password here, you will no longer need to enter them whenever you access th
330• The encryption and authentication keys• Lifetime of encryption keys• The lifetime of the SA• Replay prevention sequence number and the replay bit
331SPI . The Security Parameter Index is an identifier for the encryption and authentication algorithm and key. The SPI indi-cates to the remote firewal
332twisted pair. Cable consisting of two copper strands twisted around each other. The twisting provides protection against electromagnetic interferen
333DescriptionCHAPTER 7 Technical Specifications and Safety InformationDescriptionDimensions: Smart Modems: 13.5 cm (w) x 13.5 cm (d) x 3.5 cm (h); 5.
334Relative storage humidity: 20 to 80% noncondensingSoftware and protocolsSoftware media: Software preloaded on internal flash memory; field upgrades d
335Agency approvalsAgency approvalsNorth AmericaSafety Approvals: United States – UL 60950, Third Edition Canada – CSA: CAN/CSA-C22.2 No. 60950-00EM
336The Motorola Netopia® 2200 and 3300 Series complies with the following EU directives: Low Voltage, 73/23/EEC EMC Compatibility, 89/336/EEC, confo
337Manufacturer’s Declaration of Conformance☛ ImportantThis product was tested for FCC compliance under conditions that included the use of shielded
338Important Safety InstructionsAustralian Safety InformationThe following safety information is provided in conformance with Australian safety requir
33947 CFR Part 68 Information47 CFR Part 68 InformationFCC Requirements1. The Federal Communications Commission (FCC) has established Rules which perm
34Motorola Netopia® Gateway Status Indicator LightsColored LEDs on your Motorola Netopia® Gateway indicate the status of various port activ-ity. Also,
340d) The REN is used to determine the number of devices that may be connected to a telephone line. Excessive RENs on a telephone line may result in t
341Copyright AcknowledgmentsCopyright AcknowledgmentsBecause Motorola has included certain software source code in this product, Motorola includes the
342RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this dis-tribution is covered by the same copyright terms e
343Copyright AcknowledgmentsTHIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLU
344 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributi
345IndexSymbols!! command 170Numerics3-D Reach WirelessConfiguration 39, 125AAccess the GUI 73Address resolution table 179Administrativerestrictions 2
346denial of service 331DHCP 198DHCP filtering 204DHCP lease table 175DHCP option filtering 204DHCP Server 82Diagnostic log 176, 181Level 269Diagnosti
347Location, SNMP 265Log 181Logging in 168Logs 69, 147lost echoes 243MMagic number 242Memory 181Metric 238multi-cast forwarding 217,248multiple subnet
348rtsp-passthrough 237SSafety Instructions 26Secondary nameserver 208Session InitiationProtocol 294Set bncp command 194,195, 196Set bridge commands 1
349Supported Games andSoftware 59, 89System contact, SNMP 265System diagnostics 269system idle-timeout 271TTelnet 168, 240Telnet command 184Telnet tra
35Accessing the Web User InterfaceAccessing the Web User InterfaceAfter you have performed the basic Quickstart configuration, any time you log in to y
350
Motorola Netopia® 2200-, 3300- or 7000-seriesMotorola, Inc.6001 Shellmound StreetEmeryville, CA 94608October, 2007
36Links BarThe Links Bar is the frame at the left-hand side of the page con-taining the major navigation links. These links are available from almost
37HomeHomeHome Page InformationThe Home page displays information about the following categories:• Connection Information• Router Information• Local N
38Home Page LinksThe links in the left-hand column of the Home page access a series of pages to allow you to monitor, diagnose, and update your router
39HomeLink: Wireless(supported models only)When you click Wireless, the 3-D Reach Wireless configuration page appears.Enable WirelessThe wireless funct
Table of Contents 4 CHAPTER 3 Advanced Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Access the Exp
40• or enter this name on their clients in order to join this wireless LAN.PrivacyThe pull-down menu for enabling Privacy offers four settings: WPA-80
41HomeAdvanced Configuration Options (optional)When you click the Advanced Configuration Options button, the Advanced 802.11 Wireless screen appears. Th
42Default Channel(1 through 11, for North America) on which the network will broadcast. This is a frequency range within the 2.4Ghz band. Channel sele
43HomeClosed System mode is an ideal way to increase wireless security and to prevent casual detection by unwanted neighbors, office users, or maliciou
44Privacy• OFF - No Privacy: This mode disables privacy on your network, allowing any wireless users to connect to your wireless LAN. Use this option
45HomeRADIUS Server authenticationRADIUS servers allow external authentication of users by means of a remote authentica-tion database. The remote auth
46Enter your RADIUS Server information in the appropriate fields:• RADIUS Server Addr/Name: The default RADIUS server name or IP address that you want
47HomeWPA-PSKOne of the easiest ways to enable Privacy on your Wireless network is by selecting WPA-PSK (Wi-Fi Protected Access) from the pull-down me
48WEP-ManualAlternatively, you can enable WEP (Wired Equivalent Privacy) encryption by selecting WEP-Manual from the Privacy pull-down menu.You can pr
49HomeWEP - Manual allows you to enter your own encryption keys manually. This is a difficult process, but only needs to be done once. Avoid the tempta
5 Table of Contents CHAPTER 6 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 CHAPTER 7
50Enable Multiple Wireless IDsThis feature allows you to add additional network identifiers (SSIDs or Network Names) for your wireless network. To enab
51HomePrivacy modes available from the pull-down menu for the multiple SSIDs are: WPA-PSK, WPA-802.1x, or Off-No Privacy.These additional Wireless IDs
52Click the Yes button, and the Gateway will restart with your new settings.☛ NOTES:The Gateway supports up to 4 different SSIDs: • One SSID is broad
53HomeWiFi MultimediaWiFi Multimedia is an advanced feature that allows you to prioritize various types of data travelling over the wireless network.
54The screen expands.Router EDCA Parameters (Enhanced Distributed Channel Access) govern wireless data from your Gateway to the client; Client EDCA Pa
55Home• cwMax: (Maximum Contention Window) upper limit in milliseconds of the range of determining final random backoff. The value you choose must be h
56The screen expands to permit you to add MAC addresses.Click the Add button.Once it is enabled, only entered MAC addresses that have been set to Allo
57HomeClick the Submit button.When you are finished adding MAC addresses click the Save Changes button. You will be returned to the 802.11 Wireless pag
58Link: GamingWhen you click Gaming, the NAT (Games and Other Services) page appears.NAT (Games and Other Services) allows you to host internet applic
59HomeEach time you enable a software service or game your entry will be added to the list of Service Names displayed on the NAT Configuration page.To
Table of Contents 6
60Close Combat III: The Russian Front, v 1.0Combat Flight Sim: WWII Europe Series, v 1.0Combat Flight Sim 2: WWII Pacific Thr, v 1.0Dark Reign Delta Fo
61HomeDefine Custom ServiceTo configure a Custom Service, choose whether to use Port Forwarding or Trigger Ports. • Port Forwarding forwards a range of
62Port Forwarding forwards a range of WAN ports to an IP address on the LAN. Enter the fol-lowing information: • Service Name: A unique identifier for
63HomeTrigger Ports forwards a range of ports to an IP address on the LAN only after specific out-bound traffic “triggers” the feature. Enter the follow
64This feature allows you to direct unsolicited or non-specific traffic to a designated LAN sta-tion. With NAT “On” in the Router, these packets normall
65HomeLink: Advanced SetupAdvanced Setup allows you to configure a wide variety of specific Router and networking settings. Advanced Setup is for advanc
66Link: StatusWhen you click the Status link, the Links Bar expands to display nine statistical sub-head-ings.These screens will vary depending on you
67Home• SN Margin (db): Signal to noise margin, in decibels. Reflects the amount of unwanted “noise” on the DSL line. • Line Attenuation: Amount of red
68IP interfaces• Address: Your Router's IP address as seen from your internal network (LAN), and from the public Internet (WAN) • Netmask: The su
69HomeWireless (supported models only)When you click Wireless, the Wireless Statistics page appears.The Wireless Statistics page:• displays your Route
Introduction 7 Intended Audience Introduction Intended Audience This guide is targeted primarily to residential service subscribers. Advanced section
70Some browsers, such as Internet Explorer for Windows XP, require that you specify the Motorola Netopia® Gateway’s URL as a “Trusted site” in “Intern
71HomeLink: DiagnosticsThis automated multi-layer test examines the functionality of the Router from the physical connections to the data traffic being
72Link: HelpWhen you click the Help link in the left-hand column of links a page of explanatory infor-mation displays. Help (in English only) is avail
73Access the Expert Web InterfaceCHAPTER 3 Advanced SetupUsing the Web-based user interface for the Motorola Netopia® 2200 and 3300-series Gateway you
743. Click on the Advanced Setup link in the left-hand column of links.The Home Page opens in Advanced Setup.
75Access the Expert Web InterfaceHome Page - Advanced SetupThe Advanced Setup Home Page is the summary page for your Motorola Netopia® Gate-way. The l
76Home Page - InformationThe Home Page contains a summary of the Gateway’s configuration settings and status.Summary Information Field Status and
77Links BarLinks BarThe Links Bar is the frame at the left-hand side of the page containing the major navigation links. These links are available from
78Link: ConfigureWhen you click Configure, the Links bar expands to display the con-figuration options available.Advanced options are intended for experi
79Links BarLink: ConnectionWhen you click Connection, the Connection Configuration page appears.Note: The appearance of this page will vary based on th
Introduction 8 Introduction Organization This guide consists of seven chapters, including a glossary, and an index. It is organized as follows: • “In
80• VPI/VCI: These values depend on the way your ISP's equipment is configured. The default setting is 8/35. With this setting, the router will ma
81Links BarAlways On: This setting provides convenience, but it leaves your network permanently connected to the Internet. On-Demand: Furnishes almost
82Link: DHCP ServerWhen you click DHCP Server, the DHCP Server Configuration page appears.This feature simplifies network administration because the Rou
83Links Bar• Subnet Mask: Specifies the subnet mask of the Router itself. Defaults to the common Class C subnet. • DHCP Start Address: Specifies the firs
84Check the Enabled checkbox and click the Submit button. The screen expands to allow you to enter subnet information. If DHCP Server (see below) is n
85Links BarLink: IP PassthroughWhen you click IP Passthrough, the IP Passthrough Configuration page appears.The IP passthrough feature allows a single
86address and subnet mask. If the WAN interface does not have a suitable subnet mask that is usable, for example when using PPP or PPPoE, the DHCP sub
87Links BarLink: NATWhen you click NAT, the NAT (Games and Other Services) page appears.NAT (Games and Other Services) allows you to host internet app
882. Select a PC to host the software from the Select Host Device pull-down menu and click Enable.Each time you enable a software service or game your
89Links BarSupported Games and Software Age of Empires, v.1.0 Age of Empires: The Rise of Rome, v.1.0Age of WondersAsheron's Call Baldur's G
Introduction 9 Documentation Conventions Documentation Conventions General This manual uses the following conventions to present information: Interna
90Motocross Madness 2, v 2.0 Motocross Madness, v 1.0 MSN Game ZoneMSN Game Zone (DX7 an 8 Play)Need for Speed 3, Hot Pursuit Need for Speed, PorscheN
91Links BarDefine Custom ServiceTo configure a Custom Service, choose whether to use Port Forwarding or Trigger Ports. • Port Forwarding forwards a rang
92• Service Name: A unique identifier for the Custom Service. • Global Port Range: Range of ports on which incoming traffic will be received. • Base Hos
93Links BarStatic NATThis feature allows you to:• Direct your Router to forward all externally initiated IP traffic (TCP and UDP protocols only) to a d
94Link: IPSecWhen you click on the IPSec link, the IPSec configuration screen appears.Your Gateway can support two mechanisms for IPSec tunnels:• IPSec
95Links BarConfiguring an IPSec VPN TunnelUse the following procedure to configure your IPSec tunnel.1. Obtain your configuration information from your n
96Table 1: IPSec Tunnel Details Parameter Setup WorksheetParameterMotorola Netopia® GatewayPeer GatewayNamePeer Internal NetworkPeer Internal NetmaskN
97Links Bar3. Check the Enable IPSec checkbox.4. Click Add.The Tunnel Configuration page appears.5. Enter the tunnel Name.This parameter does not have
987. Click the Submit button.The Tunnel Details screen appears.8. Make the Tunnel Details entries.Enter or select the required settings.Soft MBytes, S
99Links BarYou will be returned to the IPSec configuration screen where your entries are displayed in a list. You can return to this screen at any time
Commentaires sur ces manuels