SA-PAM-SAN-ATM-ETH-2W SA-PAM-SAN-ATM
Contents
1. Setup LAN 1 IP_type Address 4 Attrib P share NAT Virtual Range Delete List Global Range Interface Delete List Fixed Modify Interface Delete List PAT Clear Modify Interface List Port Server Protocol Name DMZ Active Begin Address End Firewall Level okt_ filter lt MOre gt y dos_ protection lt M p DHCP Generic Sine y Fixex lt more gt gt List lt more gt gt DHCP proxy Hostname Default S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 78 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access2. Setup LAN 1 IP_type f Address 4 Attrib P share NAT Virtual Range Delete List Global Range Interface Delete List Fixed Modify Interface Delete List PAT _ Clear Modify 1 Interface List o Port Server Protocol Name DMZ Active Begin Address End Firewall Level pkt_filter Ey dos protection lt 20 2 DHCP Generic Sa Fixe lt MOIE gt y List lt m gt y DHCP proxy Hostname Default Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 79 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access baad alles Enable Admin User Clear Modify Attrib Profile List Security Port IP_ pool Modify Clear List SNMP Attrib Edit List Profile Edit List Passwd ID SNTP Method Service Time_serv
3. C WANI Disable F None Enable None C WAN Disable ee None Disable None C WANG Disable m None Disable None C WANA Disable m None Disable None C WANS Disable None Disable None C WANG Disable None Disable None RIP Mode this parameter determines how the product handle RIP Routing information protocol RIP allows it to exchange routing information with other router If set to Disable the gateway does not participate in any RIP exchange with other router If set Enable the router broadcasts the routing table of the router on the LAN and incoporates RIP broadcast by other routers into it s routing table If set silent the router does not broadcast the routing table but it accepts RIP broadcast packets that it receives S Access GmbH Tel 41 44 7003111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 38 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Table of Current Interface RIP Parameter RIP Authentication Poison Authentication Interface Version Mode Required as se Code Disable 23 None J None z Enebe z Enable Te ne Hone Disable None Hone Disable None cs WAN1 WAN WANS Disable WANA Disable None Disable None WANS Disable None Disable None WANG Disable None Di
4. None WANG Disable None Disable None aD al Authentication required None for RIP there is no need of authentication code Password the RIP is protected by password authentication code MD5 The RIP will be decoded by MD5 than protected by password authentication code Table of Current Interface RIP Parameter RIP Authentication Poison Authentication Interface Version Mode Required Reverse E LA N Disable z Disable ii Pa z Mone z None Enable WANI Disable None Disable WAN Disable Hone Hone WANS Disable None Disable Hone WANA Disable None Disable None WANS Disable 2 None Disable None WANG Disable 2 Hone Disable None WAN Disable None Disable None WANG Disable None Disable None ar Poison Reserve is for the purpose of prompily broadcast or multicast the RIP while the route is changed ex shuting down one of the routers in routing table Enable the gateway will actively broadcast or multicast the information Disable the gateway will not broadcast or multicast the information After modifying the RIP parameters press finish The screen will prompt the modified parameter Check the parameters and perss to restart the router or press to setup another parameters S Access GmbH Tel 41 44 7003111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact
5. Configure virtual server FIREWALL Configure firewall security level IP OoS Configure IP QoS m et Q x D E onrat Asa JASSA B sar H wal EH sae B ay Sd S S4 Sd Cao Md Adas Md Dd Sad SNS 1205 Port Based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port Click Port Based VLAN to configure the router S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 36 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Route If the Router is connected to more than one network it may be necessary to set up a static route between them A static route is a pre determined pathway that network information must travel to reach a specific host or network With Dynamic Routing you can enable the Router to automatically adjust to physical changes in the network s layout The Router using the RIP protocol determines the network packets route based on the fewest number of hops between the source and the destination The RIP protocol regularly broadcasts routing information to other routers on the network Click Route to modify the routing information Basic Advanced Status Admin Utility ADVANCED ROUTE Static Route and RIP Parameters u Table of Current Static Route Entries ana Network Address _SubnetMask__ _Gateway 4 0 0
6. S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 85 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Supervisor password and ID The supervisor password and ID are the last door for security but the most important Users who access the router via web browser have to use the ID and password to configure the router and users who access the router via telnet or console mode have to use the password to configure the router Suggest to change the ID and password after the first time of configuration and save it At next time when you access to the router you have to use the new password Command admin passwd lt pass_conf gt Message Please input the following information Input old Supervisor password Input new Supervisor password Re type Supervisor password Command admin id lt pass_conf gt Message Please input the following information Legal user name Enter for default lt root gt test ONTP Time synchronization is an essential element for any business that relies on an IT system The reason for this is that these systems all have clocks that are the source of time for files or operations they handle Without time synchronization time on these systems varies with each other or with the correct time and this can cause virtual server schedule processes to fail and system l
7. Write cnet Reboot Ping Admin User SMOLE yy Security lt more gt SNMP lt more gt gt Passwd ID SNTP SOT se gt Utility Upgrade Exit Backup Restore Status SHDSL WAN Route Interface Show System Config Script Ping Exit S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 76 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access SHDSL Mode i G n 64 Type Clear Margin WAN Protocol Address VPI _ VCI Encap Class Q A ISP 0 O JI IP_type WN O JJ List MBS Bridge Gateway gt Q Q ii gt O a Static Delete LAN1_ Port LAN4_ Port WAN1_Port T i Hi iH WAN8_ Port Modify MAC List VLAN Active LAN1_Port Modi N LAN4 Port ole WAN1_ Port Link_ Mode List WANS8_ Port gt 2 Q Route Static y BARE H Delete List Generic gt zZ Attrib Version Authetication WAN Attrib Version List Authetication S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 77 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access
8. in a Denial of Service attack A smurf attack involves two systems The attacker sends a packet containing a ICMP echo request ping to the network address of one system This system is known as the amplifier The return address of the ping has been faked spoofed to appear to come from a machine on another network the victim The victim is then flooded with responses to the ping As many responses are generated for only one attack the attacker is able use many amplifiers on the same victim DHCP Dynamic Host Configuration Protocol DHCP is a communication protocol that lets network administrators to manage centrally and automate the assignment of Internet Protocol IP addresses in an organization s network Using the Internet Protocol each machine that can connect to the Internet needs a unique IP address When an organization sets up its computer users with a connection to the Internet an IP address must be assigned to each machine Without DHCP the IP address must be entered manually at each computer If computers move to another location in another part of the network a new IP address must be entered DHCP lets a network administrator to supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network To configure DHCP server move the cursor to dhcp and press enter gt gt generic Configure generic DHCP parameters fixed Config
9. setup ip_share pat modify lt 1 10 gt Message Please input the following information Virtual server entry number lt 1 10 gt 1 gt gt interface Active interface port TCP UDP port number server Host IP address and port number protocol Transport protocol name Service name begin The schedule of beginning time end The schedule of ending time Set the active interface number via interface command You can configure the global port number by using port command The local server host IP address and port number are configured via server command The authorized access protocol is setup via protocol command Name command can be used to configure the service name of the host server Begin and end command is used to setup the local server schedule to access S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 96 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access You can view the fixed NAT mapping entry via list command DMZ To setup demilitarized zone move the cursor gt gt to dmz and press enter gt gt active Tigger DMZ host function address Configure virtual IP address and interface You can enable the demilitarized zone via active command After enabling the DMZ shift the cursor to address and press enter Command setup ip_share dmz address lt ip gt lt 1 10 gt Message Please inp
10. 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 84 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Move the cursor gt gt to security and press enter The default legal address is 0 0 0 0 It means that there is no restriction of IP to access the router via telnet gt gt port Configure telnet TCP port ip_pool Legal address IP address pool list Show security profile SNMP Simple Network Management Protocol SNMP is the protocol not only governing network management but also the monitoring of network devices and their functions The router can generate SNMP traps to indicate alarm conditions and it relies on SNMP community strings to implement SNMP security This router support MIB amp II Move the cursor gt gt to snmp and press enter gt gt community Configure community parameter trap Configure trap host parameter 5 SNMP community entry can be configured in this system Move the cursor to community and press enter Command admin snmp community lt 1 5 gt lt more gt Message Please input the following information Community entry number lt 1 5 gt 2 gt gt edit Edit community entry list Show community configuration Command admin snmp trap lt 1 5 gt lt more gt Message Please input the following information Trap host entry number lt 1 5 gt 2 gt gt edit Edit trap host parameter list Show trap configuration
11. 8 gt Message Please input the following information Interface number lt 1 8 gt 1 gt gt protocol Link type protocol address IP address and subnet mask vpi_vci Configure VPI VCI value encap Configure encapsulation type qos Configure VC QoS isp Configure account name password and idle time ip_ type Configure IP type in PPPoA and PPPoE list WAN interface configuration There are four types of protocols IPoA E0A PPPoA and PPPoE which you can setup For dynamic IP of PPPoA and PPPoE you do not need to setup IP address and subnet mask There is an unique VPI and VCI value for Internet connection supported by ISP The range of VIP is from 0 to 255 and VCI from 0 to 65535 There are two types of encapsulation types VC Mux and LLC You can setup virtual circuit quality of service VC QoS using gos command The product supports UBR CBR VBR rt and VBR nrt The peak cell rate can be configured from 64kbps to 2400kbps Move the cursor to qos and press enter gt gt class Configure QoS class pcr Configure peak cell rate kbps scr Configure sustainable cell rate kbps mbs Configure max burst size cell ISP command can configure account name password and idle time Idle time are from 0 minute to 300 minutes Most of the ISP use dynamic IP for PPP connection but some of the ISP use static IP Configure the IP type dynamic or fixed via ip_ type command You can review the WAN interface configuration via list command
12. ATM ETH User Manual Access Rule Order The rules order affects the filtering result The filtering process will proceed from top to bottom changing the order as the different result of filtering Rule___ Source Address__ Destination Address Action Sd Bo 10 7990 72 16 00 Demy _ _ Where 0 at the last eight bits indicates from 1 to 254 0 at any eight bits preceding 0 0 0 or 0 0 0 indicates from 1 to 254 On the other hand 0 and all 0 successive with 0 represents any When the rule is ordered as ABC The rule order will permit 10 1 99 1 to access 172 16 6 1 When the rule is ordered as BAC l ndex Source Address sid ource Address Destination Address Destination Address Action ee ane Deny 5 168 3 4 ie rule order will deny 10 1 99 1 to access 172 6 6 1 S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 55 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Administration BASIC H ADVANCED STATUS ADMIN e SECURITY e SNMP e TIME SYNC e UTILITY This session introduces security and simple network management protocol SNMP and time synchronous S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 56 of 100
13. LAN to LAN interconnection Ethernet y TC PAM 2 or 4 wire Ethernet AccessDSL AccessDSL Bridge Bridge Easy and cost effective Intemet Access Ethernet gt TC PAM 2 or 4 wire Ethernet AccessDSL AccessDSL Router Router No need in SOHO Router S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 8 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Your Firewall A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service It must have at least two network interfaces one for the network it is intended to protect and one for the network it is exposed to A firewall sits at the junction point or gateway between the two networks usually a private network and a public network such as the Internet A firewall examines all traffic routed between the two networks to see if it meets certain criteria If it does it is routed between the networks otherwise it is stopped A firewall filters both inbound and outbound traffic It can also manage public access to private networked resources such as host applications It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted Firewalls can filter packets based on their source and destination addre
14. Mode Disable 802 10 Tag Based VLAN Port Based VLAN WAN Configure WAN interface profile Configure transparent bridging The product support two types of VLAN 802 1Q and Port Based User can configure one of them to the router For setting 802 1Q VLAN click the 802 1Q Tag Based VLAN The screem will prompt as follow ATM G shdsl ROUTER Basic Advanced Status Admin Utility ADVANCED WLAN rin LAW Pee i a hore Pare ib oh C fanesak M gas Tipid LAH i ort wai whe aaa 00240 Tag Paari VLAN Tabie BHIUSE TCETHETHEETHNTHM a oe _ 1 fF Pie a F 2 F FF F F vLaN ar ES Tr r r r r GOW RRIF ELEH JE Pr r ee r E E C E E ACUTE 4 fo r r B B i m m i m aes relic ard i a z f f r i I I Pa td ars is Po a 5 E E zx m a r L aiden Erara Th r E r r r eh o r T C E B B m C r E aL EE nar ce hh E e e e 1 i E mi Te rj ee ot CE el oC f ha E fied T ET EET ECT ata Cer wag VID Virtual LAN ID It is an definite number of ID which number is from 1 to 4094 PVID Port VID which is an untagged member of default VLAN Link Type Access means the port can receive or send untagged packets Link Type Trunk means that the prot can receive or send tagged packets Link Type of the WAN is assigned automatically via which mode of the product is configured If the product works in bridge mode the Link type of WAN will be Trunk tagged port and you can assign
15. SNTP v4 0 service Tab Select lt Enable gt Enable Command admin sntp time_server1 lt string gt Message Please input the following information Time server address Enter for default lt ntp 2 vt edu gt ntp 2 vt edu You can configure three time server in this system Move the cursor to update_rate and press enter Command admin sntp update_rate lt 10 268435455 gt Message Please input the following information Update period secs Enter for default 86400 Move the cursor to time_zone and configure where your router is placed The easiest way to know the time zone offset hour is from your PC clock Double click the clock at the right corner of monitor and check the time zone Command admin sntp time_zone lt 12 12 gt Message Please input the following information GTM time zone offset hours Enter for default 8 Move the cursor to list and review the setting Utility There are three utility tools upgrade backup and restore embedded in the firmware You can update the new firmware via TFTP upgrade tools and backup the configuration via TFTP backup tool and restore the configuration via TFTP restore tool For upgrade TFTP server with the new firmware will be supported by supplier but for backup and restore you must have your own TFTP server to backup and restore the file Move the cursor gt gt to utility and press enter gt gt upgrade Upgrade main software backup Backup system conf
16. Sae4daadgIGIIde se AENA on Select the protocol and configure the parameter STATUS If you want to ban all of the protocol from the IP e g 200 1 1 1 to access the all PCs e g 192 168 0 2 192 168 0 50 in the LAN key in the parameter as S Access GmbH Tel 41 44 7003111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 52 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Protocol ANY Direction INBOUND INBOUND is from WAN to LAN and OUTBOUND is LAN to WAN Description Hacker Src IP Address 200 1 1 1 Dest IP Address 192 168 0 2 192 168 0 50 Press OK to finish ATM G shdsl ROUTER SERII Advanced Status Admin PRT FILTER RULE 1 Packet Fiter Rule Parameters Ps BASIC Filter Rule ADVANCED SHDSL Protocol e VAN BRIDGE Direction INBOUND OUTBOUND e VLAN Action DENY PERMIT e MATOM VWIFETUAL SERWER Src IP Address e FIREWALL e g Any 0 0 0 0 Single 10 0 0 1 er pestae Range 192 168 0 1 ress STATUS 197 166 0 6 Schedule Always ADMIN O From Day Sunday to aca Time O i0 to 23 M 59 UTILITY J ax The screen will prompt the configured parameters Check the parameters Click Restart to restart the gateway or Continue to configure other parameters Filtering Rule for SMTP connection Filtering rule will be configured as follow THe roto
17. WEB http www s access ch SA PAM SAN ATM ETH User Manual security For system secutiry suggest to change the default user name and password in the first setup otherwise unauthorized persons can access the router and change the parameters There are three ways to configure the router Web browser telnet and serial console Press to setup the parameters Basic Advanced Status Admin Utility ADMIN SECURITY Supervisor Profile and Security Parameters a Superisor ID and Password Supervisor ID froot Supervisor Password Password Confirm ie User Profile Ds er Gee _UI Mode _ admin pe pe Menu m Command m Command Command gt na amp we N Command General Parameters Telnet Port 23 Remote Management Host Modify legal management IP address Note an empty pool defaults to a security level that would allow any management connections from any host in LAN but deny all connections from WAN side 4 0 0 0 0 entry in the pool will allow all management connections from any host including the Internet ID IP Address 0 0 0 0 __ m n e w w For greater security change the Supervisor ID and password for the gateway If you don t set them all users on your network can be able to access the gateway using the default I
18. Yahoo Messenger DNS relay and caching RFC1034 1035 DHCP server client and relay RFC2131 2132 Bridging e IEEE 802 1D transparent learning bridge e IEEE 802 1q VLAN e Port based VLAN 4 port router S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 5 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Security e DMZ host Multi DMZ Multi NAT function Virtual server mapping RFC1631 VPN pass through for PPTP L2TP IPSec tunneling Natural NAT firewall Advanced Stateful packet inspection SPI firewall Firewall Router Application level gateway for URL and keyword blocking Firewall Router User access control deny certain PCs access to Internet service Firewall Router Management Easy to use web based GUI for quick setup configuration and management Menu driven interface Command line interface CLI for local console and Telnet access Password protected management and access control list for administration SNMP management with SNMPv1 SNMPv2 RFC1157 1901 1905 agent and MIB II RFC1213 1493 e Software upgrade via web browser TFTP server e Up to 8 PVCs e OAM F5 AIS RDI and loopback e AAL5 ATM QoS e UBR Unspecified bit rate e CBR Constant bit rate e VBR rt Variable bit rate real time e VBR nrt Variable bit rate non real time AAL5 Encapsulation e VC multiplexing and SNAP LLC e Ethernet
19. another PVC you can configure them in WAN 2 to WAN 8 Enter the parameters If WAN protocol is PPPoA or PPPoE with dynamic IP leave the default WAN IP address and Subnet Mask as default setting The system will ingore the IP address and Subnet mask information but deleating or leaving blank the items will cause system error If the WAN protocol is IPoA or EoA leave the ISP parameters as default setting The system will ingore the information but deleating or leaving blank the items will cause system error QoS Quality of Service The Traffic Management Specification V4 0 defines ATM service cataloges that describe both the traffic transmitted by users onto a network as well as the Quailty of Service that the network need to provide for that traffic UBR Unspecified Bit Rate is the simplest service provided by ATM networks There is no guarantee of anything It is a primary service used for transferring Internet traffic over the ATM network CBR Constant Bit Rate is used by connections that requires a static amount of bandwidth that is avilable during the connection life time This bandwidth is characterized by Peak Cell Rate Based on the PCR of the CBR traffic specific cell slots are assigned for the VC in the schedule table The ATM always sends a signle cell duting the CBR connection s assigned cell slot VBR rt Varible Bit Rate real time is intended for real time applications such as compressed voice over IP and video comfere
20. any PVID to WAN except 0 and leaving blank When the product works under routing mode the Link Type of WAN will be Access mode un tagged port S Access GmbH Tel 41 44 7003111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 35 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access J SOHO Router Remote Management and Configuration Microsoft Internet Explorer File Edit view Favorites Tools Help Bak gt A Qsearch GaFavorites pmMedia lt 4 EL 3 w H Address http 10 10 0 20 Go Links ATM G shdsl ROUTER Home ZEEL Advanced Status Admin Utility ADVANCED VLAN Virtual LAN Parameters SHDSL Setup SHDSL operation mode General Parameter Mode Disable 802 10 Tag Based VLAN Port Based VLAN WAN Configure WAN interface profile Port Based VLAN Table BRIDGE No LAN1 LAN2 LAN3 LAN4 WAN1 WAN2 WAN3 WAN4 WANS WANG WAN7 WANS sel transparent ale e e F r r r r e F r F VLAN Tym om us u a lt a a a u Soil apr rrr r r r r or r pe pr ee w j M aur static routing x ot oe oe lo oc ll oc D oc oc table and RIP parameter PP om Po tl fl flo fl s a oc Tl oc lc oc a eee fmt mt me oe oe set ita translation and Py om om oe a oe ol ll oc lo lc oc oc DMZ hast VIRTUAL SERVER
21. cP a Browse the file and press OK button to upgrade The system will reboot automatically after finishing Logout To logout the router press logout Restart For restarting the router click the Restart in UTILITY Basic Advanced Status Admin UTILITY RESTART This page offers you the opportunity to restart your SOHO Router When the restart button be clicked the SOHO Router is restarting and your browser session will be disconnected This may appear as if your browser session is hungup After the server restarts you may either press your browser s reload button or close your browser and re open it several minutes later I Press to reboot the router S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 63 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Status BASIC H ADVANCED STATUS e SHDSL e LAN e WAN e FOUTE e INTERFACE e ADMIN e UTILITY You can monitor the SHDSL status including mode Tx power and Bitrate and Performance information including SNR margin atteunation and CRC error count LAN status will prompt the MAC address IP address Subnet mask and DHCP client table WAN status will display the WAN interface information You can view the routing table in the status of route Interface status inculdes LAN and WAN statistics information Firewall sta
22. fixed NAT mapping interface Bind address pair to specific interface delete Delete fixed NAT mapping list Show fixed IP address mapping Command setup ip_ share nat fixed modify lt 1 10 gt lt ip gt lt ip gt Message Please input the following information Fixed NAT mapping entry number lt 1 10 gt 1 Local address 192 168 0 250 Global address 122 22 22 2 After configuration fixed IP address entry you can bind the entry to specific interface via interface command S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 95 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Command setup ip_share nat fixed interface lt 1 5 gt lt 1 8 gt Message Please input the following information Fixed NAT mapping entry number lt 1 5 gt 1 Active interface number Enter for default lt 1 8 gt 1 You can delete fixed NAT mapping entry from 1 to 5 by using delete command You can view the fixed NAT mapping entry via list command PAT To configure Port Address Translation move the cursor gt gt to pat and press enter gt gt clear Clear virtual server mapping modify Modify virtual server mapping list Show virtual server mapping pool You can delete virtual server mapping entry from 1 to 10 by using clear command You can create up to 10 virtual server mapping entry via modify command Command
23. other is the outside Typically a company maps its local inside network addresses to one or more global outside IP addresses and reverse the global IP addresses of incoming packets back into local IP addresses This ensure security since each Outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request NAT also conserves on the number of global IP addresses that a company needs and lets the company to use a single IP address of its communication in the Internet world DMZ demilitarized zone is a computer host or small network inserted as a neutral zone between a company private network and the outside public network It prevents outside users from getting direct access to a server that has company private data NAT You can configure NAT parameters in nat menu gt gt virtual Virtual IP address pool i eses sssS global Global IP address pool fixed Fixed IP address mapping The virtual menu contains range of virtual IP address delete virtual IP address and show virtual IP address gt gt range tt Edit virtual IP address pool delete Delete virtual IP address pool list Show virtual IP address pool Command setup ip_share nat virtual range lt 1 5 gt lt ip gt lt 1 253 gt Message Please input the following information NAT local address range entry number lt 1 5 gt 1 Base address 192 168 0 2 N
24. setup Press to add the static bridge information If you want to filter the definate MAC address of LAN PC to access Internet press Add to establish the filtering table Key the MAC address in MAC address field and select Filter in LAN field If you want to filter the definate MAC address of WAN PC to access LAN press Add to establish the filtering table Key the MAC address in MAC address field and select Filter in WAN field For example if your VC is setup at WAN 1 select WAN 1 Filter Basic Advanced status Admin Utility ADVANCED BRIDGE Generic Bridge Parameters u General Parameter Default Gateway 192 166 0 254 Static Bridge Parameters Table of Current MAC Entries MAC LAN WAN 4 Address Filter Filter io Filter 1 2 Filter 6 Filter 3 Filter 7 Filter l Filter 8 Filter z ED TD CEOD The screen will prompt the parameters that will be written to the EPROM Check the parameters before writing in EPROM S Access GmbH Tel 4144 700 31 11 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 32 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Basic Advanced Status Admin Utility ADVANCED BRIDGE Bridge Parameters Review To let the configuration that you have changed take effect immediately please click Restart button to reboot the syste
25. users who have two or more global IP addresses assigned by ISP can be used the multi DMZ The table is for the mapping of global IP address and virtual IP address S Access GmbH Tel 4144 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 42 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access 10 want e Multi NaAT 1D Virtual Start IP Address Count Global Start IP Address Count _ Interface Crm a Ip Multi NAT Some of the virtual IP addresses eg 192 168 0 10 192 168 0 50 collectively use two of the global IP addresses eg 69 210 1 9 and 69 210 1 10 The Multi NAT table will be setup as Virtual Start IP Address 192 168 0 10 Count 40 Global Start IP Address 69 210 1 9 Count 2 Press to continue The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Press to restart the router working with new parameters or to configure another parameter S Access GmbH Tel 4144 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 43 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Virtual Server For example Specific ports on the WAN interface are re mapped to services inside the LAN As only 69 210 1 8 e g assigned to WAN from ISP is visible to the Interne
26. 0 0 0 0 0 0 10 1 2 2 a e General RIP Parameter RIP Mode Disable Enable Auto RIP Summary Disable Enable Table of Current Interface RIP Parameter RIP Authentication Poison Authentication Interface Version 5 Mode Required Reverse Code LAN Disable None Enable None C WAHI Disable None Enable None C WAN Disable 2 None Disable None C WAN Disable Ee None Disable None C WANA Disable None Disable None C WANS Disable None Disable None C WANG Disable None Disable None To modify the RIP Routing information protocol Parameters RIP Mode Auto RIP Summary Press Modify S Access GmbH Tel 41 44 7003111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 37 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Basic Advanced Status Admin Utility ADVANCED ROUTE Static Route and RIP Parameters e Table of Current Static Route Entries Index Network Address _ SubnetMask__ __Gateway OE 0 0 0 0 0 0 0 0 10 1 2 a_i _ ee e General RIP Parameter RIP Mode Disable Enable Auto RIP Summary Disable enable Table of Current Interface RIP Parameter aa RIP T Authentication Poison Authentication Mode Required Reverse Code LAN Disable None Enable None
27. 111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 16 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Basic Setup The Basic Setup contains LAN WAN Bridge and Route operation mode User can use it to completely setup the router After successfully completing it you can access Internet This is the easiest and possible way to setup the router Note The advanced functions should be used from qualified users only The incorrect setting of advanced function will affect the system performance or even create errors Click for basic installation Bridge Mode Before configuration the router in bridge mode check with your ISP about these information VPI VCI Encapsulation Gateway Host Name if applicable Click and Side to setup Bridging mode of the Router and then click Next for the next setting Home Basic Advanced Status Admin Utility BASIC STEPI Operation Mode System Mode ROUTE BRIDGE SHDSL Mode CO Side CPE Side D D CD This product can be setup two SHDSL mode CO Central Office and CPE Customer Premises Equipment For connection with DSLAM the SHDSL mode is CPE For LAN to LAN connection one side must be Co and the other side must be CPE LAN Parameters Enter IP 192 168 0 1 Enter Subnet Mask 255 255 255 0 Enter Gateway 192 168 0 254 The Gateway IP is provided by ISP
28. 8907 Wettswil a A Email contact s access ch Switzerland Page 9 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Denial of Service Attack Denial of service DoS attacks typically come in two flavors resource starvation and resource overload DoS attacks can occur when there is a legitimate demand for a resource that is greater than the supply i e too many web requests to an already overloaded web server Software vulnerabilities or system miss configurations can also cause DoS situations The difference between a malicious denial of service and simple system overload is the requirement of an individual with malicious intent attacker using or attempting to use resources specifically to deny those resources to other users Ping of death On the Internet ping of death is a kind of denial of service DoS attack caused by an attacker deliberately sending an IP packet larger than the 65 536 bytes allowed by the IP protocol One of the features of TCP IP is fragmentation it allows a single IP packet to be broken down into smaller segments Attackers began to take advantage of that feature when they found that a packet broken down into fragments could add up to more than the allowed 65 536 bytes Many operating systems didn t know what to do when they received an oversized packet so they froze crashed or rebooted Other known variants of the ping of death include teardrop bonk and nestea SYN Flood The a
29. ATUS SHDSL The larger SNR margin the better line connection If you set SNR margin in the field as 2 the SHDSL connection will drop and reconnect when the SNR margin is lower than 2 On the other hand the device will reduce the line rate and reconnect for better line connection The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Basic Advanced Status Admin Utility ADVANCED SHDSL SHDSL Parameters Review To let the configuration that you have changed take effect immediately please click Restart button to reboot the system To continue the setup procedure please click Continue button es SHDSL Mode Annex Type Annex B TE 0 adaptive mode SHR margin 0 acD D Press Restart to restart the router working with new parameters or press continue to setup another parameter S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 29 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access WAN The SHDSL router supports up to 8 PVCs WAN 1 was configured via BASIC except QoS If you want to setup another PVCs 2 to 7 the parameters are setup in WAN On the other hand you must apply two or more Internet Services with ISPs otherwise you do not need to setup WAN The WAN Number 1 will be the parameters setup in Basic Setup If you want to setup
30. E Configure static routing table and RIP parameter NAT DMZ Configure network address translation and DMZ host ED T GD VIRTUAL SERVER Configure virtual server mapping FIREWALL Configure firewall security level IP OoS Configure IP QoS parameters Done SE Local intranet Asn AAE IS Gel sar Ow oa BY sar auf Cad a Gan Cad a Dd ads wd wd Bo BM aa sae BNS ie S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland WEB http www s access ch Page 50 of 100 SA PAM SAN ATM ETH User Manual a SOHO Router Remote Management and Configuration Microsoft Internet Explorer E x Fie Edit Yiew Favorites Tools Help Back amp At Qsearch Favorites PMedia lt 4 E5 amp 4 Address http 10 10 0 20 gt Go Links ATM G shdsl ROUTER Basic Advanced Status Admin Utility FIREWALL DoS PROTECTION DoS Protection Parameters mode if M Detect SYN Attack SYN Attack Threshold 200 packets per second WAN Configure WAN interface M Detect ICMP Flood ICMP Flood Threshold 200 packets per second profile M Detect UDP Flood UDF Flood Threshold 200 packets per second BRIDGE Configure transparent M Detect PING of Death Attack bridging M Detect Land Attack VLAN M Detect IP Spoofing Attack Configure VLAN M Detect Smurf Attack parameters M Detect Fraggle At
31. Enter Host Name SOHO Some of the ISP requires the host name as identification You may check with ISP to see if your Internet service has been configured with a host name In most cases this field can be ignored WAN1 Parameters Enter VPI O Enter VCI 32 S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 17 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Click Click Next Basic Advanced Status Admin BASIC STEP2 LAN IP Address 192 168 fo f Subnet Mask 255 255 _ 255 p Gateway 192 _ 168 p 254 Host Name SOHO WANT VPI i YEI 2 Encap WC mux LLC The screen will prompt the new configured parameters Check the parameters and Click The router will reboot with the new setting or to configure another parameters Basic Advanced Status Admin Utility BASIC REVIEW REVIEW To let the configuration that you have changed take effect immediately please click Restart but setup procedure please click Continue button e System Operation Mode System Mode Bridge Mode SHDSL Mode CPE Side LAN Interface a Fixe CS 192 168 0 1 ST a 255 255 255 0 D 192 168 0 254 e WAH1 interface AALS Encap LLC em S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 18
32. IP Type Fixed Oynamic OHCP Client IP Address 3 T Subnet Mask 2545 Host Mame Trigger DHCP Service Disable Server Relay exp ax Click to setup WAN1 parameters DHCP relay If you have a DHCP server in LAN and you want to use it for DHCP services the product provides DHCP relay function to meet your needs IP Type IP Address 192 168 0 1 Subnet Mask 255 255 255 0 Host Name SOHO Some of the ISP requires the host name as identification You may check with ISP to see if your Internet service has been configured with a host name In most cases this field can be ignored Trigger DHCP Service Press to setup DHCP server parameter S Access GmbH Tel 41 44 700 3111 Fax 41 44 700 31 13 Oberhausenstrasse 47 8907 Wettswil a A Switzerland Email contact s access ch Page 21 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Basic Advanced Status Admin BASIC STEP2 LAN IP Type Fixed Bynamic OHCP Client IP Address Subnet Mask 254 Host Name SOHO Trigger DHCP Service Disable Server Relay bh ii J JJ 1 Enter DHCP server IP address in IP address field Press Basic Advanced Status Admin Utility BASIC STEPS DHCP RELAY Remote DHCP Serer Parameter IP address 192 168 0 124 ae c CTD 2D S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contac
33. IP addresses ask Your network administrator for an address and then type it in the space below Specify an IP address n The window will ask you to restart the PC Click Yes button S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 15 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access After rebooting your PC open IE or Netscape Browser to connect the Router Type http 192 168 0 1 Cannot find server Microsoft Internet Explorer Fil Edt Yiew Favorites Tools Help Back mp r ix a A Search 3 Favorites E History Ehr Address le 192 168 01 The default IP address and sub net mask of the Router is 192 168 0 1 and 255 255 255 0 Because the router acts as DHCP server in your network the router will automatically assign IP address for PC or NB in the network Type User Name root and Password root and then click OK The default user name and password are both root For the system security suggest to change them after configuration Enter Network Password i male e Please type your user name and password Site 192 168 0 1 Realm System Setup User Name root Password ia Save this password in pour password list Cancel Note After changing the User Name and Password strongly recommend to save them on your PC S Access GmbH Tel 41 44 700 3
34. N parameters After knowing the protocol provided by your ISP you have to setup the right protocol Step 5 Install the SHDSL Router To avoid possible damage to this Router do not turn on the router before Hardware Installation e Connect the power adapter to the port labeled DC IN on the rear panel of the product e Connect the Ethernet cable Note If the router is directly connected to PC or NB the Ethernet cable has to be used cross over one If the router is connected to hub or switch be sure that the hub or switch supporting auto sensing If yes both cross over and none cross over Ethernet able are suitable If not only pass through Ethernet cable could be used e Connect the DSL cable to the product and the other side of DSL cable to wall jack e Connect the power adapter to power source e Turn on the PC or NB which is used for configuration the Router S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 13 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Configuration via Web Browser For Win95 98 and ME click the start button Select setting and control panel Favorites oy Documents liters J Folder Vee ae Active Desktop Ry Windows Update Log Off Test Shut Down Double click the network icon HE Control Panel fle Ea ven Go Faw Hep O Back Fonvard Up Cut Copy
35. NITOR RS 232C DB9 for system configuration and maintenance xDSL G SHDSL interface for WAN port RJ 11 Button near xDSL Reset Button 4 Port Switch MONITOR xDSL SA PAM SAN ATM 4ETH FW 4W Connectors Description 12V Power adaptor inlet Input voltage 12VDC Switching HUB 4 Port Ethernet 10Base T for LAN RJ 45 MONITOR RS 232C DB9 for system configuration and maintenance xDSL G SHDSL interface for WAN port RJ 11 2 or 4 wire Button near xDSL Reset Button The reset button can be used only in one of two ways e When you want to change its configuration but you forget the user name or password Press the Reset Button a while with a paper clip or sharp pencil Pressing the Reset Button will cause the product loading the factory default setting and losing all of yours configuration e If the product is having problems connecting to the Internet and you want to configure it again clearing all configurations press the Reset Button with a paper clip or sharp pencil Pressing the Reset Button will cause the product loading the factory default setting and losing all of yours configuration S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 12 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Configuration to the router This guide is designed to lead users through Web Configuration of G shdsl Router in the easi
36. P used to synchronize computer clocks in the Internet SNTP can be used when the ultimate performance of the full NTP implementation For SNTP select SNTP v4 0 SNTP service Enable Time Server All of the time server around the world can be used but suggest to use the timeserver nearby Time Zone you have to choose the right time zone Press Finish to finish the setup The browser will prompt the configured parameters and check it before writing into EPROM S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 61 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Utility F BASIC H ADYANCED STATUS ADMIN UTILITY e SYOTEM INFO e CONFIG TOOL e UPGRADE e LOGOUT e RESTART This section will describe the utility of the product including system information load the factory default configuration upgrade the firmware logout and restart the gateway System Info Click System Info for review the information The browser will prompt the system information Config Tool This configuration tool has three functions load Factory Default Restore Configuration and Backup Configuration Press Config Tool Choose the function and then press finish Basic Advanced Status Admin Utility UTILITY CONFIG TOOL Select Configuration Toot Configuration Tool Load Factory Default Load Factor
37. P Q05 Configure IP Qos parameters Dor Local intranet Asaj ABS m3 hel sar Gord wal lef 2 oul Sac Sd arf Sd Coo Dd Ades wel Dd B wel BM Gad war BNS 14 The screen will prompt the parameters which will be written in EPROM Check the parameters S Access GmbH Tel 4144 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 47 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual 3 SOHO Router Remote Management and Configuration Microsoft Internet Explorer File Edit View Favorites Tools Help Back gt fa Qsearch Favorites Media S A amp H Address http 10 10 0 20 ATM G shdsl ROUTER Basic Advanced Status Admin Utility Firewall Security Level Review To let the configuration that you have changed take effect immediately please click Restart button to reboot the system To continue the setup procedure please click Continue button ea ae eee eae l mode aj Firewall Security Level WAN Security Level Automatic Firewall Security Configure WAN interface profile DoS Protection Parameters Review BRIDGE Configure transparent SYN Attack Threshold 200 packets bridging Detect SYN Attack Enable P per LAN Detect ICMP Flood Enable ICMP esa ce gal aa cad Configure VLAN econd parameters Detect UDP Flood Enab le UDP Flood Threshold 200 packets per second Detect PING of Death Attack m _ ROUTE Con
38. P and Password root You can authorize five legal users to access the router via telnet or console There are two Ul modes menu driven mode and command mode to configure the router Legal address pool will setup the legal IP addresses from which authorized person can configure the gateway This is the more secure function for network administrator to setup the legal address of configuration Configured 0 0 0 0 will allow all hosts on Internet or LAN to access the router Leaving blank of trust host list will cause blocking all PC from WAN to access the router On the other hand only PC in LAN can access the router If you type the excact IP address in the filed only the host can access the router Click to finish the setting S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland WEB http www s access ch Page 57 of 100 SA PAM SAN ATM ETH User Manual Access The browser will prompt the configured parameters and check it before writing into EPROM Press to restart the gateway working with the new parameters and press to setup other parameters SNMP Simple Network Management Protocol SNMP provides for the exchange of messages between a network management client and a network management agent for remote management of network nodes These messages contain requests to get and set variables that exist in network nodes in order to obtai
39. PROM using write command and reboot the router to take affect Move cursor to gt gt to write and press enter Command write lt CR gt Message Please input the following information Are you sure y n y Reboot To reboot the router use reboot command Move cursor to gt gt to write and press enter Command reboot lt CR gt Message Please input the following information Do you want to reboot y n y Ping Ping command will be used to test the connection of router Move cursor gt gt to ping and press enter Command ping lt ip gt 1 65534 t 1 1999 Message Please input the following information IP address lt IP gt 10 0 0 1 Number of ping request packets to send TAB select t Data size 1 1999 32 There are 3 types of number of ping request packet to send default 1 65534 and t Default will send 4 packet and t continuous packet until you key in Ctrl c to stop S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 83 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Administration You can modify the user profile telnet access SNMP Sample Network Management Protocol supervisor information and SNTP Simple Network Time Protocol in admin The route is enable gt admin For configuration the parameters move the cursor gt gt
40. Paste Undo Delete Properties Views Address a Control Panel j dia Accessibility Add New i Hard Control Panel ek Network Configures network hardware and software Microsoft Home Technical Support ultimedi Network ODBC Data Sources 32bit Passwords Printers Regional Scanners and Management Settinas Cameras gs 32 Sounds System Users Telephony Configures network hardware and sol 5 My Computer Ui S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 14 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access In the Configuration window select the TCP IP protocol line that has been associated with your network card and then click property icon Network z Configuration Identification Access Control The following network components are installed m Client for Microsoft Networks D Link DFE 530Ts PCI Fast Ethernet Adapter Rey B Properties Primary Network Logon Client for Microsoft Networks File and Print Sharir Description OK Cancel Choose IP address tab Select Obtain IP address automatically Click OK button TCP IP Properties EJ Bindings Advanced Netplos DAS Configuration Gateway WINS Configuration IF Address An IP address can be automatically assigned to this computer F your network does not automatically assign
41. S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 89 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Bridge You can setup the bridge parameters in bridge command If the product is configured as a router you do not want to setup the bridge parameters Move the cursor gt gt to bridge and press enter gt gt gateway Default gateway Static Static bridging table You can setup default gateway IP via gateway command You can setup 20 sets of static bridge in static command After entering static menu the screen will prompt as below gt gt add Add static MAC entry delete Delete static MAC entry modify Modify static MAC entry list Show static bridging table gt gt mac Configure MAC address lan_port Configure LAN interface bridging type wan1_ port Configure WAN1 interface bridging type wan2_port Configure WAN2 interface bridging type wans3_ port Configure WANS interface bridging type wan4_port Configure WAN4 interface bridging type wand5_ port Configure WANS interface bridging type wan 6_ port Configure WANG interface bridging type wan7_ port Configure WAN7 interface bridging type wan8_port Configure WAN8 interface bridging type list Show static bridging table VLAN Virtual LAN VLAN is defined as a group of devices on one or more LANs that are configured so that they can communicate as if t
42. SA PAM SAN ATM ETH User Manual S Access SA PAM SAN ATM ETH 2W SA PAM SAN ATM ETH FW 2W SA PAM SAN ATM 4ETH FW 4W ATM Based G SHDSL Modem Bridge and Router USER MANUAL Version Version 1 0 Revision 07 December 2005 Document name UM SA PAM SAN_ATM_xEth_Rx doc SA PAM SAN ATM ETH User Manual Access Copyright 2005 by S Access GmbH The contents of this publication may not be reproduced in any part or as a whole transcribed stored in a retrieval system translated into any language or transmitted in any form or by any means electronic mechanical magnetic optical chemical photocopying manual or otherwise without the prior written permission of S Access GmbH Published S Access GmbH All rights reserved S Access GmbH Oberhausenstrasse 47 8907 Wettswil a A Switzerland Tel 41 44 700 31 11 Fax 4144 700 31 13 Email contact s access ch Page 2 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Table of Contents SS CMON OM AEE AAAA EEEE ETA 5 AODIG UON aee E E E etauseeestaase 8 0 ee 9 ol oo ee 9 Application Gateway ee 9 Gelling 10 Tow a pourrie Touer sarr a E E 11 FA Ir e I P E E E A E P AAE E E 12 Configuration to the router ccccccceececeeeeeceeeeeceeeeeceeeeeseeeeeseeesseeeesseeesseeeesaaeees 13 Step 1 Check the Ethernet Adapter in PC or NB cccccsecceceeeeeseeeeeeeeeeeaees 13 Step 2 Check the Terminal Access Program ccccc
43. SL Mode co Side CPE Side Click and CO Side to setup Bridging mode of the Router and then click Next Basic Advanced Status Admin Utility BASIC STEP2 LAH IP 4ddress fio o A Subnet Mask 255 f ip lp Gateway fi92 fes o ps4 Host Name ISOHO Walt VPI 0 Wilt 2 Encap O WYC mux LLC S Access GmbH Tel 4144 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 66 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access LAN Parameters Enter IP 192 168 0 2 Enter Subnet Mask 255 255 255 0 Enter Gateway 192 168 0 2 Enter Host Name SOHO WAN1 Parameters Enter VPI 0 Enter VCI 32 Click Click The screen will prompt the new configured parameters Check the parameters and Click The router will reboot with the new setting S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 67 of 100 WEB http www s access ch SA PAM SAN ATM ETH Basic User Manual LAN to LAN Connection with Routing Mode CO side Advanced status Admin Utility Operation Mode System Mode SHDSL Mode BASIC STEPI ROUTE BRIDGE cO Side CPE Side Click ROUTE and CO Side then press Next Basic Advanced Status Admin Utility LAN IP Type IP Address Subnet Mask Host Name Trigger DHCP Servi
44. ad only privileges to you To change the configuration and write changes to nonvolatile RAM NVRAM you must work in enable mode setup To configure the product you have to use the setup command status View the status of product show Show the system and configuration of product write Update flash configuration After you have completed all necessary setting make sure to write the new configuration to NVRAM by write command and reboot the system or all of your changes will not take effect reboot Reset and boot system After you have completed all necessary setting make sure to write the new configuration to NVRAM and reboot the system by reboot command or all of your changes will not take effect Packet internet groper command admin You can setup management features in this command utility Upgrade software and backup and restore configuration are done via utility command exit Quit system S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 81 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Status You can view running system status of SHDSL WAN route and interface via status command Move cursor gt gt to status and press enter gt gt shdsl Show SHDSL status wan Show WAN interface status route Show routing table interface Show interface statist
45. aking it appeared that the traffic came from a different computer This is used by intruders to keep their anonymity and can be used in a Denial of Service attack S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 10 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Getting to know about the router This section will introduce the hardware of the router Front Panel The front panel contains LED which show status of the router LOCAL REMOTE LINK O O O LOCAL Red SHDSL self test Light SHDSL line connection is dropped Blink SHDSL handshake Yellow Light SHDSL line connection is established Green Blink Transmit or received data over SHDSL link REMOTE Green valiow LAN port connect with 100M NIC ACT LINK Blink _ LAN port acts in 10M Breen LAN port connect with 100M NIC LAN port acts in 100M S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 11 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Rear Panel The rear panel of SHDSL router is where all of the connections are made MONITOR xDSL o SA PAM SAN ATM ETH 2W and SA PAM SAN ATM ETH FW 2W Connectors Description Power adaptor inlet Input voltage 12VDC Ethernet 10Base T for LAN port RJ 45 MO
46. al S Access Basic Advanced Status Admin Utility BASIC STEPS fo ps Le Lp IE i a a VON 1 IP Address Subnet Mask Gateway DNS Server 1 168 95 1 1 DNS Server 2 168 95 192 1 DAS Server 3 ID as The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Tel 41 44 700 31117 S Access GmbH Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch WEB http www s access ch Switzerland Page 26 of 100 SA PAM SAN ATM ETH User Manual S Access Basic Advanced Status Admin Utility BASIC REVIEW REVIEW To let the configuration that you have changed take effect immediately please click Restart but click Continue button e System Operation Mode System Mode Route Mode SHDSL Mode CPE Side LAWN Interface a Fixe L IPAddress 10 0 01 1 E 255 0 0 0 T SOHO E DHCP Relay e DHCP relay DHCP Server IP address 192 168 0 124 e VWAN1 interface AALS Encap e a Pon a 10 0 81 1 TES 255 0 0 0 o Gateway OR L DNSSeweri 168 95 1 1 E its a5 132 1 DNSSewer3 Press Restart to restart the router working with new parameters or press continue to setup another parameter S Access GmbH Tel 41 447003111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 27 of 100 WEB http www s acc
47. app IP Type Dynamic gt Gos MES Disable IF Address 10 0 81 1 Subnet Mask 255 0 0 0 Username ltest Fassword Fassword Confirm ro lle Time fio E DPE Dynamic WPI booo ao YC 7 LS Encap LLC Gos Class UER Gos PCR 3400 Gos SCR 3400 fi DoS MES WPI Cl Ba L Encap LUC Username Fassword z Fassword Confirm Idle Time fio ETE Dynamic Disable IP Address f10 0 81 1 Subnet Mask 255 0 0 0 Gos Class UBR bao Gos SCR aoo o fi Gos MES Disable i IF Address f10 0 61 1 Subnet Mask 255 0 0 0 Username ltest Fassword lice Fassyword Confirm Es Idle Time fio eS Dynamic WEI i 3 L5 Encap oec Boo bao QoS Class UBR Gos PCR 3400 The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Press Restart to restart the router working with new parameters or press continue to setup another parameter S Access GmbH Tel 41 44 7003111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 31 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Bridge If your router is setup in bridge mode and you want to setup advanced filter function you can use BRIDGE menu to setup the filter function blocking function Click to
48. ce Type LAN parameters IP Address 192 168 20 1 Subnet Mask 255 255 255 0 Host Name SOHO BASIC STEP2 Fixed DynamiciDHCP Client F 1 J T 255 SOHO Disable Server Relay DHCP Service For more DHCP service review DHCP Service S Access GmbH Oberhausenstrasse 47 8907 Wettswil a A Switzerland Tel 41 44 700 31 11 Fax 41 44 700 31 13 Email contact s access ch Page 68 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Basic Advanced Status Admin Utility WON 1 WPI WEI AALS Encap Protocol BASIC STEP3 gt s O wvC mux LLC IPoAtNAT e PPRPoAtNAT PFPRoE NAT Basic Advanced Status Admin Utility Want IP Address Subnet Mask Gateway DNS Server 1 DNS Server 2 DMS Server 3 BASIC STEP4 168 95 192 1 Type the Wan Parameters VPI 0 VCI 32 AAL5 Encap LLC Protocol IPoA IPoA NAT or EoA NAT Note The Protocol used in CO and CPE have to be the same Click to setup the IP parameters For more understanding about NAT review NAT DMZ in page 19 S Access GmbH Oberhausenstrasse 47 8907 Wettswil a A Switzerland Tel 41 44 700 31117 Fax 41 44 700 31 13 Email contact s access ch Page 69 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access IP Address 192 168 20 1 Subnet mask 255 255 255 0 Gateway 192 169 30 2 Cli
49. cess read only Access Right Write for access read and write Community it serves as password for access right After configuring the community pool press OKI u Table of current community pool rae Access Right Disable Disable private Disable Disable ma po Disable a u Table of current trap host pool Index Version IP Address Disable 192 166 0254 private ersion 1 ersion 2 oe ons Disable Pra Catal tk ta mn 5 sae o a a t SNMP rap is an informational message sent from an SNMP agent to a manager Click Modify to modify the trap host pool Version select version for trap host SNMP v1 or SNMP v2 IP type the trap host IP Community type the community password The community is setup in community pool Press OK to finish the setup S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 59 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access The browser will prompt the configured parameters and check it before writing into EPROM Press Restart to restart the gateway working with the new parameters and press to setup other parameters Time Sync Time synchronization is an essential element for any business that relies on an IT system The reason for this is that these systems all have clock
50. ck The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Press Restart to restart the router working with new parameters or press continue to setup another parameter CPE side Basic Advanced Status Admin Utility BASIC STEP Operation Mode System Mode ROUTE BRIDGE SHDSL Mode co Side CPE Side Click ROUTE and CPE Side then press Next Basic Advanced Status Admin Utility BASIC STEP2 LAH IP Type Fixed Dynamic DHCP Client IP Address fio fD Bi fi Subnet Mask J255 f i 0 f Host Name SOHO Trigger DHCP Service Disable Server Relay S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 70 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Type LAN parameters IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Host Name SOHO DHCP Service For more DHCP service review DHCP Service Basic Advanced Status Admin Utility BASIC STEPS WAN 1 WPI i YEL f2 AAL5 Encap O wC mus LLC Protocol EnA z IPoA IPoA NAT PRPPoE NAT Type the Wan Parameters VPI 0 VCI 32 AAL5 Encap LLC Protocol IPoA NAT or EoA NAT Note The Protocol used in CO and CPE have to be the same Click to setup the IP parameters For more understanding about NAT review NAT DMZ in
51. col Direction Action Source Destination _JDest Port Schedule Perni men a ea a 2 rcp a extemal gt 1053 Awan Packet Direction Source _ Destination _ Protocol Dest Port Action Rule 1 inbound 192 168 3 4 172 16 1 1 TCP 25s Permit A 2 Outbound 172 16 1 1 192 168 3 4 1234 Permit B S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 53 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access 172 16 1 1 25 192 168 3 4 1234 SMTP Server Firewall P 3 Outbound 172 16 1 1 192 168 3 4 Permit C 192 168 3 4 172 16 1 1 1357 Permit D SMTP Client Firewall SMTP Server Dest Port Action Rule 5 Inbound 110 1 2 3 171 16 3 4 TCP 16000 Deny E 6 Outbound 171 16 3 4 10 1 2 3 TCP 5150 Deny E 171 16 3 4 6000 10 1 2 3 5150 JG I X11 Server Firewall Attacker piii Update Filtering Rule Filtering Result index Erotocol Direction Motion Source restate Goure Port_ Dest Port 1 TCP ___ Inbound _ Permit A CATE 171 146 1 1 1234 J25 2 TCP__ Outbound Permit B 171 16 1 1 192 168 34 a 1234 6 TCP __ Outbound Deny E 171 16 3 4 10 123 6000 5150 5 Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 54 of 100 WEB http www s access ch SA PAM SAN
52. ctions Multi DMZ virtual server mapping and VPN pass through but advanced firewall SPI NAT DoS protection serving as a powerful firewall to protect from outside intruders of secure connection The SHDSL routers allow customers to leverage the latest in broadband technologies to meet their growing data communication needs Through the power of SHDSL products you can access superior manageability and reliability Features e Easy configuration and management with password control for various application environments e Efficient IP routing and transparent learning bridge to support broadband Internet services e VPN pass through for safeguarded connections e Virtual LANs VLANs offer significant benefit in terms of efficient use of bandwidth flexibility performance and security e Build in advanced SPI firewall Firewall router DMZ host Multi DMZ Multi NAT enables multiple workstations on the LAN to access the Internet for the cost of IP address Fully ATM protocol stack implementation over SHDSL PPPoA and PPPoE support user authentication with PAP CHAP MS CHAP SNMP management with SNMPv1 SNMPv2 agent and MIB II Getting enhancements and new features via Internet software upgrade Specification Routing e Support IP TCP UDP ARP ICMP IGMP protocols IP routing with static routing and RIPv1 RIPv2 RFC1058 2453 IP multicast and IGMP proxy RFC1112 2236 Network address translation NAT PAT RFC1631 NAT ALGs for ICQ Netmeeting MSN
53. d for broadcast so the legal IP address range is from 1 to 254 On the other hand you cannot assign an IP greater than 254 or less then 1 Lease time 72 hours indicates that the DHCP server will reassign IP information in every 72 hours Basic Advanced Status Admin Utility BASIC STEP3 DHCP SERVER s General DHCP Parameter Start IP Address 10 0 81 Po End IF Address 10 0 81 1 DNS Server 1 9216801 DNS Server 2 DNS Server a pO Lease Time p2 hours Table of Fixed DHCP Host Entries Hint The format of the MAC Address is 12 34 56 79 94 BC index a IP Adaress a EE E SS EE F St Ss Mean 5 DNS Server Your ISP will provide at least one Domain Name Service Server IP You can type the router IP in this field The router will act as DNS server relay function S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 20 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual You may assign fixed IP addresses to some devices while using DHCP provided that the fixed IP address are not within the range used by the DHCP server Press to setup WAN1 parameters DHCP Client Some of the ISP provides DHCP server service by which the PC in LAN can access IP information automatically To setup the DHCP client mode follow the procedure LAN IP Type Basic status Admin Utility Advanced BASIC STEP2 LAN
54. dsl and press enter gt gt mode Configure SHDSL mode n 64 Configure SHDSL data rate type Configure SHDSL annex type clear Clear current CRC error count margin Configure SHDSL SNR margin There are two types of SHDSL mode STU R and STU C STU R means the terminal of central office and STU C customer premises equipment You can setup the data rate by the multiple of 64Kbps where n is from 0 to 32 If you configure n is 0 the product will perform as adaptive mode There are two types of SHDSL Annex type Annex A and Annex B Clear command can clear CRC error count S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 88 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Generally you cannot need to change SNR margin which range is from 0 to 10 SNR margin is an index of line connection You can see the actual SNR margin in STATUS SHDSL The larger SNR margin the better line connection If you set SNR margin in the field as 2 the SHDSL connection will drop and reconnect when the SNR margin is lower than 2 On the other hand the device will reduce the line rate and reconnect for better line connection WAN The router supports 8 PVC private virtual circuit and so you can setup eight WAN WAN1 to WANS Move the cursor gt gt to wan and press enter To setup WAN1 type 1 Command setup wan lt 1
55. e Port bo Public Port oC Schedule Always From Day Sunday to Saturday Time E to 23 59 P Back TLD Type the necessary parameters then click Finish Press to restart the router or press to setup another function Firewall A firewall is a set of related programs that protects the resources of a private network from other networks It is helpful to users that allow preventing hackers to access its own private data resource accidentally This level only enables the NAT firewall and the remote management security The NAT firewall will take effect if NAT function is enabled The remote management security is default to block any WAN side connection to the device Non empty legal IP pool in ADMIN will block all remote management connection except those IPs specified in the pool Press Finish to finish setting of firewall The screen will prompt the parameters which will be written in EPROM Check the parameters S Access GmbH Tel 4144 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 45 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual ATM G shds ROUTER Home Basic Advanced Status Admin Utility ADVANCED FIREWALL Firewall Security Level Coanhigure transparent iaiia ii rl i a Frewall Security Levet bndang i y pen Basit Firewall Security WLAN ee a l OREN Configure VLAN Hint This level only enables
56. elnet with Manu Driven Interface 73 Configuration via Serial Console or Telnet ccccceccccseeeeeeeeeeeeeeesaeeeesaeeesaaeees 74 WV GOW S TUCU C iach en A 15 COMM UPA OU seeren EEE EEEE E EEEE I E EEEE 81 StatuS cratrcneucmarpeniaaaneesnenanonchenananchaqunuashandeanshani anehsasnraumenanepehaniuaesasavavaremamtunennenaned 82 NON e E E R 83 WV FING APE E A PE TEE EEA AE AE E A A E T 83 PONS O e E EE E R 84 ELELE d EIEI AAE E AA E OT ETE 88 Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 4 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Description The SHDSL Single Paired High Speed Digital Subscriber Loop routers comply with G 991 2 standard with 10 100 Base T auto negotiation It provides business class multi range form 64Kbps to 2 304Mbps payload rates over exiting single pair copper wire The SHDSL routers are designed not only to optimize the service bit rate from central office to customer premises also it integrates high end Bridging Routing capabilities with advanced functions of Multi DMZ virtual server mapping and VPN pass through Because of rapid growth of network virtual LAN has become one of the major new areas in internetworking industry The SHDSL routers support port based and IEEE 802 1q VLAN over ATM network The firewall routers provide not only advanced fun
57. erl Time_server2 Time_server3 Update_rate Time_zone List S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 80 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Configuration To setup the router move the cursor gt gt to enable and press enter key While the screen appears type the supervisor password The default supervisor password is root The password will be prompted as symbol for system security Command enable lt CR gt Message Please input the following information Supervisor password In this sub menu you can setup management features and upgrade software backup the system configuration and restore the system configuration via utility tools For any changes of configuration you have to write the new configuration to EPROM and reboot the router to work with new setting The screen will prompt as follow gt gt enable Modify command privilege setup Configure system status Show running system status show View system configuration write Update flash configuration reboot Reset and boot system ping Packet internet groper command admin Setup management features utility TFTP upgrade utility exit Quit system The description of the commands are enable Modify command privilege When you login via serial console or Telnet the router defaults to a program execution re
58. es of link access and trunk Trunk link will send the tagged packet form the port and access link will send un tagged packet form the port Port index 1 to 4 represents LAN1 to LAN4 respectively According to the operation mode of the device link type of WAN port is automatically configured If the product operates in bridge mode the WAN link type will be trunk and in routing mode access Command setup vlan link_mode lt 1 4 gt lt Access Trunk gt Message Please input the following information Port index lt 1 4 gt 1 Port link type Tab select lt Trunk gt Access To view the VLAN table move the cursor to list and press enter Route You can setup the routing parameters in route command If the product is configured as a bridge you do not want to setup the route parameters Move the cursor gt gt to route and press enter gt gt static Configure static routing table 00 rip Configure RIP tool If the Router is connected to more than one network it may be necessary to set up a static route between them A static route is a pre determined pathway that network information must travel to reach a specific host or network With Dynamic Routing you can enable the Router to automatically adjust to physical changes in the network s layout The Cable DSL Firewall Router using the RIP protocol determines the network packets route based on the fewest number of hops between the source and the destination The RIP pr
59. ess ch SA PAM SAN ATM ETH User Manual Access Advanced Setup H BASIC ADVANCED SHDSL e VAN BRIDGE ROUTE e NAT OMZ e VIRTUAL SERWER STATUS H ADMIN UTILITY Advanced setup contains SHDSL WAN Bridge Route NAT DMZ Virtual server and firewall parameters SHDSL BASIC ADVANCED SHDSL e WWAN BRIDGE ROUTE e NAT DOMZ e VIRTUAL SERWER STATUS P ADMIN H UTILITY You can setup the Annex type data rate and SNR margin for SHDSL parameters in SHDSL Click SHDS Annex Type There are two Annex types Annex A ANSI and Annex B ETSI in SHDSL Check with your ISP about it Data Rate you can setup the SHDSL data rate in the multiple of 64kbps For adaptive mode you have to setup n 0 The router will adapt the data rate according to the line status SHDSL SNR margin the margin range is from 0 to 10 S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 28 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Basic Advanced Status Admin Utility ADVANCED SHDSL Operation Mode a Setup Operation Mode Annex Type Annex 4A Annex B Annex AB Data Rate n 64kbps f irange 0 36 n 0 for adaptive mode SNR margin i irange 10 10 cD D TED SNR margin is an index of line connection You can see the actual SNR margin in ST
60. est and quickest way possible Please follow the instructions carefully Note There are three methods to configure the router serial console Telnet and Web Browser Only one configuration application is used to setup the Router at any given time Users have to choose one method to configure it For Web configuration you can skip step 2 For Serial Console Configuration you can skip step 1 and 3 Step 1 Check the Ethernet Adapter in PC or NB Make sure that Ethernet Adapter had been installed in PC or NB used for configuration of the router TCP IP protocol is necessary for web configuration so please check the TCP IP protocol whether it has been installed Step 2 Check the Terminal Access Program For Serial Console and Telnet Configuration users need to setup the terminal access program with VT100 terminal emulation Step 3 Check the Web Browser in PC or NB According to the Web Configuration the PC or NB need to install Web Browser IE or Netscape Note Suggest to use IE5 0 Netscape 6 0 or above and 800x600 resolutions or above Step 4 Determine Connection Setting Users need to know the Internet Protocol supplied by your Service Provider and determine the mode of setting Protocol Selection RFC1483 Ethernet over ATM RFC1577 Classical Internet Protocol over ATM RFC2364 Point to Point Protocol over ATM RFC2516 Point to Point Protocol over Ethernet The different protocols are needed to setup the difference WA
61. fect immediately please click Restart button to reboot the system To continue the mode setup procedure please click Continue button WAN Configure WAN interface profile a Firewall Security Level BRIDGE Security Level Automatic Firewall Security Configure transparent bridging DoS Protection Parameters Review VLAN Configure VLAN Detect SYN Attack Sor en E AE parameters Detect ICMP Flood Ba tater ata r ie torre reeindycier prot __Detect PING of Death Attack E Detect Land Attack 25300 __Detect IP Spoofing Attack __ E OO ___ Detect Smurf Attack R300 Detect Fraggle Attack __ E ROUTE Configure static routing table and RIP parameter NAT DMZ Configure network address translation and DMZ host VIRTUAL SERVER Configure virtual server mapping Packet Filtering Parameters Review FIREWALL Sao Configure fi gure firewall security General Packet Filtering Parameter level IP Q05 Configure IP QoS parameters a Access Policies a e Done hal E Local intranet Asa Be AA B sar Q wel R sae of Sd S arf Sd Gio Dd Adje Nd D B eo ada NMS ts User can determine the security level for special purpose environment and applications by configuring the DoS protection and defining an extra packet filter with higher priority than the default SPI filter Note that an improper filter policy may degrade the capability of the firewall and or even block the normal network tra
62. ffic S Access GmbH Tel 4144 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 49 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual 3 SOHO Router Remote Management and Configuration Microsoft Internet Explorer File Edit Tools Help Bak gt amp ay Search jFavorites Media B amp H Address a http 10 10 0 20 gt Go Links View Favorites ATM G shdsl ROUTER Advanced Status Admin Basic Utility ADVANCED FIREWALL Firewall Security Level ee ee et mode WAN Configure WAN interface profile BRIDGE Configure transparent bridging YLAN Configure VLAN parameters al a Firewall Security Level Security Level Basic Firewall Security Hint This level only enables the NAT firewall and the remote management security The NAT firewall will take effect if NAT function is enabled Automatic Firewall Security Hint This level enables basic firewall security all DoS protection and the SPI filter function Advanced Firewall Security Hint amp user can determine the security level for special purpose environment and applications by configuring the DoS protection and defining an extra packet filter with higher priority than the default SPI filter Note that an improper filter policy may degrade the capability of the firewall and or even block the normal network traffic ROUT
63. figure static routing Detect Land Attack Enab ES e OR EAE Detect IP Spoofing Attack Enable NAT DMZ Detect Smurf Attack Enable a Configure network Detect Fraggle Attack Enable s address translation and Packet Filtering Parameters Review DMZ host VIRTUAL SERVER Configure virtual server mapping FIREWALL Trigger Packet Filtering Service Disable Configure firewall security Drop Fragmented Packets Disable level IP OoS Access Policies Configure IP QoS iia mmm Direction Action Source Destination TCP Flag ICMP Type Schedule om oo o Bn AA H al E oe Ed oul ad ae anf Cad cao DTE d Dd Sl wl E ad sae General Packet Filtering Parameter Press restart to restart the router or press Continue to setup another function S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 48 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access J SOHO Router Remote Management and Configuration Microsoft Internet Explorer File Edit view Favorites Tools Help Bak gt A A Asearch Favorites Zmeda B 3 fal a Address http 10 10 0 20 gt Go Links ATM G shdsl ROUTER Basic Advanced Status Admin Utility ADVANCED FIREWALL Firewall Security Level Review mesae m e we pre ees aj To let the configuration that you have changed take ef
64. following figures All of the configuration commands are placed in the subdirectories of Enable protected by supervisor password On the other hand unauthorized user cannot change any configurations but viewing the status and configuration of the router and using ping command to make sure the router is worked S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 75 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual a Enable Enable Setup Mode SHDSL lt more gt gt WAN STMOTS ose gt Bridge lt mMore gt gt VLAN lt more gt y Route lt more gt gt LAN lt more gt gt P share lt more gt _y Firewall ge DHCP TOS wise gt DHCP proxy Hostname Default Status SHDSL WAN Route Interface Show System Config
65. hey were attached to the same wire when in fact they are located on a number of different LAN segments Because VLAN is based on logical instead of physical connections it is extremely flexible The specification of VLAN function is as follow e The unit supports up to 8 active VLANs with shared VLAN learning SVL bridge out of 4096 possible VLANs specified in IEEE 802 1Q e Each port always belongs to a default VLAN with its port VID PVID as an untagged member Also a port can belong to multiple VLANs and be tagged members of these VLANs e A port must not be a tagged member of its default VLAN e lf anon tagged or null VID tagged packet is received it will be assigned with the default PVID of the ingress port e Ifthe packet is tagged with non null VID the VID in the tag will be used e The look up process starts with VLAN look up to determine whether the VID is valid If the VID is not valid the packet will be dropped and its address will not be learned If the VID is valid the VID destination address and source address lookups are performed e The VID and destination address lookup determines the forwarding ports If it fails the packet will be broadcasted to all members of the VLAN except the ingress port S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 90 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Acce
66. ics status firewall Show firewall status Command Description shdsl The SHDSL status includes line rate SNR margin TX power attenuation and CRC error of the product and SNR margin attenuation and CRC error of remote side The product access remote side information via EOC embedded operation channel wan WAN status shows the 8 PVC information which are configured route You can see the routing table via route command interface The statistic status of WAN and LAN interface can be monitor by interface command firewall The current and history status of firewall are shown in this command Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 82 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Show You can view the system information configuration and configuration in command script by show command Move cursor gt gt to show and press enter gt gt system Show general information config Show all configuration script Show all configuration in command script Command Description system The general information of the system will show in system command Iconfig Config command can display detail configuration information script Configuration information will prompt in command script Write For any changes of configuration you must write the new configuration to E
67. iguration Restore Restore system configuration Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 87 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Exit If you want to exit the system without saving use exit command to quit system Setup All of the setup parameters are located in the subdirectories of setup Move the cursor gt gt to setup and press enter gt gt mode Switch system operation mode shdsl Configure SHDSL parameters wan Configure WAN interface profile bridge Configure transparent bridging vlan Configure virtual LAN parameters route Configure routing parameters lan Configure LAN interface profile ip_share Configure NAT PAT parameters firewall Configure Firewall parameters dhcp Configure DHCP parameters dns_proxy Configure DNS proxy parameters hostname Configure local host name default Restore factory default setting Mode The product can act as routing mode or bridging mode The default setting is routing mode You can change the system operation mode by using mode command Move the cursor gt gt to mode and press enter Command setup mode lt Route Bridge gt Message Please input the following information System operation mode TAB select lt Route gt Route SHDSL You can setup the SHDSL parameters by the command shdsl Move the cursor gt gt to sh
68. ll records the context of connections during each session continuously updating state information in dynamic tables With this information stateful firewalls inspect each connection traversing each interface of the firewall testing the validity of data packets throughout each session As data arrives it is checked against the state tables and if the data is part of the session it is accepted Stateful firewalls enable a more intelligent flexible and robust approach to network security while defeating most intrusion methods that exploit state less IP filtering firewalls If you want to configure the Packet Filtering Parameters choose Enable and press Add E SOHO Router Remote Management and Configuration Microsoft Internet Explorer x File Edit wiew Favorites Tools Help qaBack ft Gisearch Favorites FlfMedia 64 Es 5 Address hetp 10 10 0 20 Go Links ATM G shdsl ROUTER Basic Advanced Status Admin Utility FIREWALL PKT FILTER Packet Filtering Parameters BASIC s General Packet Filtering Parameter Trigger Packet Filtering Service Disable Enable TAO EE Drop Fragmented Packets amp Disable Enabl ay isable nable e WAN ANN BRIDGE e Access Policies e VLAN ROUTE Index Enable Protocol Direction Acton Source Destination raul type Semel e NAT OMZ e VIRTUAL SERVER BOOM SE MpEve e FIREWALL e IP QoS i dD CID F Done m E fa Local intranet 2en J0e50
69. lls but can also hide the IP addresses of computers behind the firewall and offer a level of circuit based filtering Circuit Gateway Also called a Circuit Level Gateway this is a firewall approach that validates connections before allowing data to be exchanged What this means is that the firewall doesn t simply allow or disallow packets but also determines whether the connection between both ends is valid according to configurable rules then opens a session and permits traffic only from the allowed source and possibly only for a limited period of time Application Gateway The Application Level Gateway acts as a proxy for applications performing all data exchanges with the remote system in their behalf This can render a computer behind the firewall all but invisible to the remote system It can allow or disallow traffic according to very specific rules for instance permitting some commands to a server but not others limiting file access to certain types varying rules according to authenticated users and so forth This type of firewall may also perform very detailed logging of traffic and monitoring of events on the host system and can often be instructed to sound alarms or notify an operator under defined conditions Application level gateways are generally regarded as the most secure type of firewall They certainly have the most sophisticated capabilities S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13
70. m To continue the setup procedure please click Continue button e Generic Bridge Parameter Default Gateway 197 168 0 254 e Static Bridge Parameter MAC OT LAN WAN WANS WANA WAN Address Pool is Empty El Press to restart the router working with new parameters or press to setup another parameter S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 33 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access VLAN Virtual LAN VLAN is defined as a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire when in fact they are located on a number of different LAN segments Because VLAN is based on logical instead of physical connections it is extremely flexible The IEEE 802 1Q defines the operation of VLAN bridges that permit the definition operation and administration of VLAN topologies within a bridged LAN infrastructure VLAN architecture benefits include Increased performance Improved manageability Network tuning and simplification of software configurations Physical topology independence Increased security options The specification of VLAN function is as follow e The unit supports up to 8 active VLANs with shared VLAN learning SVL bridge out of 4096 possible VLANs specified in IEEE 802 1Q e Each port alwa
71. n t need to remember the command syntax and save your time on typing the whole command line The following figure gives you an example of the menu driven interface In the menu you scroll up down by pressing key K select one command by key and go back to a higher level of menu by key UJ For example to show the system information just logon to the ROUTER move down the cursor by pressing key K twice and select show command by key L you shall see a submenu and select system command in this submenu then the system will show you the general information COM 1 9600 HyperTerminal i H o x File Edit View Call Transfer Help SHDSL ROUTER gt gt enable Modify command privilege status Show running system status show View system configuration ping Packet internet groper command exit Quit system Command enable lt CR gt _ Message Connected 00 02 22 WT 100 9600 8 N 1 SCRO S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 74 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Window structure From top to bottom the window will be divided into four parts 1 Product name 2 Menu field Menu tree is prompted on this field gt gt symbol indicates the cursor place 3 Configuring field You will configure the parameters in this field lt parameters gt i
72. n Tab select lt Disable gt 8021Q Command setup vlan modify lt 1 8 gt lt 1 4094 gt lt string gt Message Please input the following information Rule entry index lt 1 8 gt 1 VLAN ID Enter for default lt 1 gt 10 VLAN port status Enter for default 11001 For each VLAN VLAN ID is a unique number among 1 4095 VLAN port status is a 5 digit binary number whose bit 1 location indicates the VLAN port membership in which 4MSBs and 1MSB represents LAN ports and WAN port respectively For example the above setting means that the VID 20 member port includes LAN1 LAN2 and WAN The member ports are tagged members Use PVID command to change the member port to untagged members S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 91 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access To assign PVID Port VID move the cursor gt gt to PVID and press enter The port index 1 to 4 represents LAN1 to LAN4 respectively and port index 5 represents WAN VID value is the group at which you want to assign the PVID of the port PVID is Command setup vlan pvid lt 1 5 gt lt 1 4094 gt Message Please input the following information Port index lt 1 1 gt 1 VID Value Enter for default lt 10 gt 10 To modify the link type of the port move the cursor to link mode and press enter There are two typ
73. n IP spoofing attack smurf _attack Enable protection smurf attack fraggle _attack Enable protection fraggle attack A SYN flood attack attempts to slow your network by requesting new connections but not completing the process to open the connection Once the buffer for these pending connections is full a server will not accept any more connections and will be unresponsive ICMP Flood A sender transmits a volume of ICMP request packets to cause all CPU resources to be consumed serving the phony requests UDP Flood A sender transmits a volume of requests for UDP diagnostic services which cause all CPU resources to be consumed serving the phony requests S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 98 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access A ping of death attack attempts to crash your system by sending a fragmented packet when reconstructed is larger than the maximum allowable size Other known variants of the ping of death include teardrop bonk and nestea A land attack is an attempt to slow your network down by sending a packet with identical source and destination addresses originating from your network IP Spoofing is a method of masking the identity of an intrusion by making it appeared that the traffic came from a different computer This is used by intruders to keep their anonymity and can be used
74. n statistics set configuration parameters and monitor network events SNMP communications can occur over the LAN or WAN connection The router can generate SNMP traps to indicate alarm conditions and it relies on SNMP community strings to implement SNMP security This router support MIB and MIB II Click SNMP to configure the parameters In the table of current community pool you can setup the access authority In the table of current trap host pool you can setup the trap host SEEI Advanced Status Admin Utility ADMIN SNMP SNMP Community and Trap Parameters a Table of current community pool Index Status Access Right Community 1 Disable m Si ce Disable C3 Disable C4 Disable C5 Disable Reset Table of current trap host pool Index Se IP Address Community fo 4 Disable ae C2 Disable C3 Disable C4 Disable C5 Disable Reset Press Modify to modify the community pool SNMP status Enable S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 58 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access u Table of current community pool Index Status __ Access Right Disable a Deny private po E exmeamp Access Right Deny for deny all access Access Right Read for ac
75. nagement and Configuration Microsoft Internet Explorer File Edit view Favorites Tools Help Back gt ay A Search G Favorites PMedia 3 Es X Address http 10 10 0 20 gt G0 Links ATM G shds ROUTER Basic Advanced Status Admin Utility ADVANCED FIREWALL Firewall Security Level mode if Firewall Security Level WAN Security nee Configure WAN interface Level Basic Firewall Security profile Hint This level only enables the NAT firewall and the remote management security The NAT firewall will take effect if NAT function is enabled BRIDGE G lt a ee 2 Configure transparent Automatic Firewall Security bridging Hint This level enables basic firewall security all DoS protection and the SPI filter function VLAN Advanced Firewall Security Configure VLAN Hint 4 user can determine the security level for special purpose environment and applications by configuring the DoS parameters protection and defining an extra packet filter with higher priority than the default SPI filter Note that an improper filter policy may degrade the capability of the firewall and or even block the normal network traffic ROUTE Configure static routing table and RIP parameter NAT DMZ Cancel Reset _ Finish Configure network i address translation and DMZ host VIRTUAL SERVER Configure virtual server mapping FIREWALL Configure firewall security level I
76. ncing that require tightly constrained delays and delay variation VBR rt is characterized by a peak cell rate PCR substained cell rate SCR and maximun burst rate MBR VBR nrt Varible Bit Rate non real time PCR Peak Cell Rate in kops The maximum rate at which you expect to transmit data voice and video Consider PCR and MBS as a menas of reducing lantency not increasing bandwidth The range of PCR is 64kbps to 2400kbps SCR Substained Cell Rate The sustained rate at which you expect to transmit data voice and video Consider SCR to be the true bandwidth of a VC and not the lone term average traffic rate The range of SCR is 64kbps to 2400kbps MBS Maximum Burst Size The amount of time or the duration at which the router sends at PCR The range of MBS is 1 cell to 255 cells Press to finish setting S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 30 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Home Basic Advanced _ Status Admin Utility ADVANCED WAN WAH Interface Parameters Table of Current WAH Interface Parameter No wAn SP Protocol fip poyer ATH VPI po Username lest IP Address oot WEI B20 Password e Subnet Mask 265 000 L5 Encap fe gt Password Confirm jE Gos Class UBR Idle Ti me io bao bao fi Bes PER D
77. nd setup route rip wan lt 1 8 gt lt more gt Message Please input the following information Active interface number lt 1 8 gt 1 gt gt attrib Operation authentication and Poison reverse mode version RIP protocol version authe Authentication code Attrib command can configure RIP mode authentication type and Poison reverse mode Version command can configure RIP protocol version Authe command can configure authentication code You can review the list of RIP parameters via list command LAN LAN interface parameters can be configured LAN IP address subnet mask and NAT network type gt gt address LAN IP address and subnet mask attrib NAT network type IP share You can configure Network Address Translation NAT Port Address Translation PAT and Demilitarized Zone parameters in ip_share menu Move the cursor gt gt to ip_ share then press enter S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 93 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual gt gt nat Configure network address translation pat Configure port address translation dmz Configure DMZ host function NAT Network Address Translation is the translation of an Internet Protocol address IP address used within one network to a different IP address known within another network One network is designated the inside network and the
78. ndicates the parameters you can choose and lt more gt indicates that there have submenu in the title 4 Operation command for help The following table shows the parameters in the brackets lt ip gt An item enclosed in brackets is required If the item is shown in lower case bold it represents an object with special format For example lt ip gt may be 192 168 0 3 lt Route Bridge gt Two or more items enclosed in brackets and separated by vertical bars means that you must choose exactly one of the items If the item is shown in lower case bold with leading capital letter it is a command parameter For example Route is a command parameter in lt Route Bridge gt 1 1999 JAn item enclosed in brackets is optional Two or more items enclosed in brackets and separated by vertical bars means that you can choose one or none of the items Menu Driven Interface Commands Before changing the configuration familiarize yourself with the operations list in the following table The operation list will be shown on the window Menu Driven Interface Commands Keystroke Description UP or Move to above field in the same level menu DOWN or K Move to below field in the same level menu LEFT or J Move back to previous menu RIGHT or L Move forward to submenu ENTER Move forward to submenu TAB To choose another parameters Ctrl C To quit the configuring item Ctrl Q For help Menu Tree The menu three are as
79. ng it appeared that the traffic came from a different computer This is used by intruders to keep their anonymity and can be used in a Denial of Service attack A smurf attack involves two systems The attacker sends a packet containing a ICMP echo request ping to the network address of one system This system is known as the amplifier The return address of the ping has been faked spoofed to appear to come from a machine on another network the victim The victim is then flooded with responses to the ping As many responses are generated for only one attack the attacker is able use many amplifiers on the same victim S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 51 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access IP Spoofing Falsify the IP header information to deceive the destination host Traditional firewall are stateless meaning they have no memory of the connections of data or packets that pass through them Such IP filtering firewalls simply examine header information in each packet and attempt to match it to a set of define rule If the firewall finds a match the prescribe action is taken If no match is found the packet is accepted into the network or dropped depending on the firewall configuration A stateful firewall maintains a memory of each connection and data passing through it Stateful firewa
80. of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Routing Mode Routing mode contains DHCP server DHCP client DHCP relay Point to Point Protocol over ATM and Ethernet and IP over ATM and Ethernet over ATM You have to clarify which Internet protocol is provided by ISP Click ROUTE and CPE Side then press Next This product can be setup two SHDSL mode CO Central Office and CPE Customer Premises Equipment For connection with DSLAM the SHDSL mode is CPE For LAN to LAN connection one side must be Co and the other side must be CPE Basic Advanced status Admin Utility BASIC STEPI Operation Mode System Mode ROUTE BRIDGE SHDSL Mode co Side CPE Side DHCP Server Dynamic Host Configuration Protocol DHCP is a communication protocol that lets network administrators to manage centrally and automate the assignment of Internet Protocol IP addresses in an organization s network Using the Internet Protocol each machine that can connect to the Internet needs a unique IP address When an organization sets up its computer users with a connection to the Internet an IP address must be assigned to each machine that can be connected Without DHCP the IP address must be entered manually at each computer If computers move to another location in another part of the network a new IP address must be entered DHCP lets a network administrator to supervise and distribute IP addresses f
81. og exposures with wrong data There are two methods to synchronize time synchronize with PC or SNTPv4 If you choose synchronize with PC the router will synchronize with PC If you choose SNTPv4 the router will use the protocol to synchronize with the time server Synchronization with time server SNTP v4 needs to configure service time_server and time_zone Synchronization with PC does not need to configure the above parameters Move the cursor gt gt to sntp and press enter gt gt method Select time synchronization method service Tigger SNTP v4 0 service time_server1 Configure time server 1 time_server2 Configure time server 2 time_server3 Configure time server 3 updaterate Configure update period time_zone Configure GMT time zone offset list Show SNTP configuration To configure SNTP v4 time synchronization follow the below procedures move the cursor to method and press enter Command admin sntp method lt SNTPv4 SyncWithPC gt Message Please input the following information SYNC method Enter for default lt SyncWithPC gt SNTPv4 S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 86 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Move the cursor to service and press enter Command admin sntp service lt Disable Enable gt Message Please input the following information Active
82. otocol regularly broadcasts routing information to other routers on the network You can setup 20 sets of static route in static command After entering static menu the screen will show as follow gt gt add Add static route entry delete Delete static route entry list Show static routing table You can add 20 sets of static route entry by using add command Type the IP information of the static route including IP address subnet mask and gateway S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 92 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access You can delete the static route information via delete command You can review the static route entry by using list command To configure Routing Information Protocol RIP you can use rip command to setup the parameters Move the cursor gt gt to rip and press enter gt gt generic Configure operation and auto summery mode lan Configure LAN interface RIP parameters wan Configure WAN interface RIP parameters list Show RIP configuration Generic command can setup RIP mode and auto summery mode If there are any routers in your LAN you can configure LAN interface RIP parameters via lan command The product supports 8 PVCs and you can configure the RIP parameters of each WAN via wan command Move the cursor gt gt to wan and press enter Comma
83. over ATM RFC 2684 1483 e PPP over ATM RFC 2364 e Classical IP over ATM RFC 1577 PPP e PPP over Ethernet for fixed and dynamic IP RFC 2516 e PPP over ATM for fixed and dynamic IP RFC 2364 e User authentication with PAP CHAP MS CHAP WAN Interface e SHDSL ITU T G 991 2 Annex A Annex B e Encoding scheme 16 TCPAM e Data Rate N x 64Kbps N 0 36 0O for adaptive e Impedance 135 ohms LAN Interface e 10 100 Base T auto sensing and auto negotiation Hardware Interface e WAN Ru 11 e LAN RJ 45 x 1 e Console RS232 female e RST Reset button for factory default S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 6 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Indicators e General PWR e WAN LNK ACT e LAN 10M ACT 100M ACT e SHDSL ALM Physical Electrical e Dimensions 18 7 x 3 3 x 14 5cm WxHxD e Power 100 240VAC via power adapter e Power consumption 9 watts max e Temperature 0 45 C e Humidity 0 95 RH non condensing Memory e 2MB Flash Memory 8MB SDRAM S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 7 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Applications Application with DSLAM WAN Internet Routes Switch 210 0 0 0 8 Point to Point Application
84. page 19 S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 71 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Basic Advanced Status Admin Utility BASIC STEP4 fot ps p b Lp A es Want IP Address Subnet Mask Gateway DNS Server 1 168 95 1 1 DNS Server 2 168 95 192 1 DAIS Server 3 Gre CD CTD CD IP Address 192 168 30 2 Subnet mask 255 255 255 0 Gateway 192 169 30 1 Click Next The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Press Restart to restart the router working with new parameters or press continue to setup another parameter Tel 41 44 700 31117 S Access GmbH Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch WEB http www s access ch Switzerland Page 72 of 100 SA PAM SAN ATM ETH User Manual Access Configuration via Serial Console or Telnet with Manu Driven Interface Serial Console Check the connectivity of the RS 232 cable from your computer to the serial port of ROUTER Start your terminal access program with VT100 terminal emulation Configure the serial link with the following value Parameter Value Baudrate 9600 Data Bits 8 Parity Check No Stop Bits 1 Flow control No Press the SPACE key until the login screen appears When
85. rom a central point and automatically sends a new IP address when a computer is plugged into a different place in the network If the DHCP server is Enable you have to setup the following parameters for processing itas DHCP server The embedded DHCP server assigns network configuration information at most 253 users accessing the Internet in the same time IP type IP Address 192 168 0 1 Subnet Mask 255 255 255 0 Host Name SOHO Some of the ISP requires the host name as identification You may check with ISP to see if your Internet service has been configured with a host name In most cases this field can be ignored Trigger DHCP Service The default setup is Enable DHCP server If you want to turn off the DHCP service choose Disable S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 19 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Basic Advanced Status Admin BASIC STEP2 LAN IP Type Fixed Dynamic DHCP Client fi D IP Address s Subnet Mask be m7 im T ili Host Name cI E I5 O Trigger DHCP Service Disable Server Relay For example If the LAN IP address is 192 168 0 1 the IP range of LAN is 192 168 0 2 to 192 168 0 51 The DHCP server assigns the IP form Start IP Address to End IP Address The legal IP address range is form 0 to 255 but O and 255 are reserve
86. rotocol gt lt gt aD PPPoA NAT PPPoE NAT For more understanding about NAT review NAT DMZ S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 23 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Type the ISP1 parameters Username test Password test Password Confirm test Your ISP will provide the user name and password Basic Advanced Status Admin Utility BASIC STEPS z ISP 1 Username ket Password nes Password Confirm o Idle Time fio minutes IP Type Dynamic gt IF Address hoosi Back Reset Next lt ZED idle Time 10 You want your Internet connection to remain on at all time enter 0 in the Idle Time field There are two IP types Dynamic and Static which you can setup The default IP type is Dynamic It means that ISP PPP server will provide IP information including dynamic IP address when SHDSL connection is established On the other hand you do not need to type the IP address of WAN1 Some of the ISP will provide fixed IP address over PPP For fixed IP address IP Type IP Address 192 168 1 1 Click Next Note For your safety the password will prompt a star symbol The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Press Restart to restart the router working with new parameters or pres
87. s access ch Switzerland Page 40 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access NAT DMZ NAT Network Address Translation is the translation of an Internet Protocol address IP address used within one network to a different IP address known within another network One network is designated the inside network and the other is the outside Typically a company maps its local inside network addresses to one or more global outside IP addresses and reverse the global IP addresses of incoming packets back into local IP addresses This ensure security since each Outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request NAT also conserves on the number of global IP addresses that a company needs and lets the company to use a Single IP address of its communication in the Internet world DMZ demilitarized zone is a computer host or small network inserted as a neutral zone between a company private network and the outside public network It prevents outside users from getting direct access to a server that has company private data In a typical DMZ configuration for an enterprise a separate computer or host receives requests from users within the private network to access via Web sites or other companies accessible on the public network The DMZ host then initiates sessions for these requests to
88. s ch Switzerland Page 97 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Packet Filtering Packet filtering function can be configured by pkt_filter command Move the cursor to pkt_filter and press enter gt gt active Tigger packet filtering function add Add packet filtering rule delete Delete packet filtering rule modify Modify packet filtering rule exchange Exchange the filtering rule list Show packet filtering table To enable the packet filtering function you can use active command Add the packet filtering rule via add command gt gt protocol Configure protocol type direction Configure direction mode src_ip Configure source IP parameter dest_ip Configure destination IP parameter port Configure port parameter TCP and UDP only tcp_flag Configure TCP flag TCP only icmp_type Configure ICMP flag ICMP only description Packet filtering rule description enable Enable the packet filtering rule begin The schedule of beginning time end The schedule of ending time action Configure action mode DoS Protection DoS protection parameters can be configured in dos_protection menu Move the cursor to dos_protection and press enter gt gt syn_flood Enable protection SYN flood attack icmp_ flood Enable protection ICMP flood attack udp flood Enable protection UDP flood attack ping_death Enable protection ping of death attack land_attack Enable protection land attack ip_ spoff Enable protectio
89. s continue to setup another parameter S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 24 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access IPoA or EoA Before your configure the router check the information below with your ISP VPI VCI Encapsulation IP Address Subnet Mask Gateway DNS Server Host Name if applicable Type the Wan Parameters VPI O VCI 33 AAL5 Encap LLC Protocol IPoA NAT or EoA NAT Click to setup the IP parameters SEI Advanced Status Admin BASIC STEP4 WANT vei fp ver j2 44 5 Encap O wC mus LLC Protocol E0A PRPPoAt NAT PRPoE NAT For more understanding about NAT review NAT DMZ IP Address 10 1 2 1 lt is router IP address seem from Internet Your ISP will provide it and you need to specify here Subnet mask 255 255 255 0 This is the router subnet mask seen by external users on Internet Your ISP will provide it to you Gateway 10 1 2 2 Your ISP will provide you the default gateway DNS Server 1 168 95 1 1 Your ISP will provide at least one DNS Domain Name System Server IP address Click S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 25 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manu
90. s that are the source of time for files or operations they handle Without time synchronization time on these systems varies with each other or with the correct time and this can cause firewall packet filtering schedule processes to fail security to be compromised virtual server works in wrong schedule Click TIME SYNC Basic Advanced Status Admin Utility ADMIN TIME SYNC Time Synchronization se SHC method Sync with PC SMTP v4 0 Ue with client System Time 2002 01 01 01 49 36 GMT 8 00 There are two synchronization modes Sample Network Time Protocol SNTP and synchronization with PC For synchronization with PC select Sync with PC The gateway will synchronize the time with the connecting PC S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 60 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Basic Advanced status Admin Utility ADMIN TIME SYNC Time Synchronization e SHC method SNTP v4 0 u Simple network time protocol Service Disable Enable Time Server 1 ntp 2 vt edu Time Server 2 ntp drydog com Time Server 3 ntpt cs wisc edu Time Zone GMT 08 00 HONG KONG PERTH SINGAPORE TAIPEI a Update Period secs 3600 SNTP is the acronym for Simple Network Time Protocol which is an adaptation of the Network Time Protocol NT
91. sable None WAN Disable os None Disable None WANG Disable a None Disable None arm Table of Current Interface RIP Parameter Mode Required Reverse Code tan oisebie 2 None enabie WANS Disable o None Disable None WAN Disable None Disable None WANS Disable T None Disable None WANG Disable None Disable None WAN Disable None Disable None WANG Disable None Disable None a gt RIP Version It determines the format and broadcasting method of any RIP transmissions by the gateway RIP v1 it only sends RIP v1 messages only RIP v2 it send RIP v2 messages in multicast and broadcast format S Access GmbH Tel 41 44 7003111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 39 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Table of Current Interface RIP Parameter e RIP Varcian Authentication Poison Authentication Mode Required Reverse Code LAN Disable 2 z Enable WAN Disable tala Enable None Password WAN Disable MDS Disable None WANS Disable a Hone Disable Hone WANA Disable None Disable None WANS Disable None Disable None WANG Disable None Disable None WAN Disable None Disable
92. seececseeeeseeeeesaeeeesaeeesaees 13 Step 3 Check the Web Browser in PC or NB cccccseeccceeeeeeeeeeesseeeesaaeeeeeaees 13 Step 4 Determine CONNECTION Setting cccceeccccseeecceeeeeeeeesseesesseeeesaeeeesaeees 13 Soe rr 13 Configuration via Web BrowSel cccccscccccssececeeeeeseeeeeeeeeeseeesesseeeessaeeesaeeeesaees 14 BASIS CUD ea E E 17 BAOG MOGO cirera enne EEA EEE E E E ERT 17 ROUINO MOGO esena E EE 19 DAOP OVET a a E E E 19 DROP CIONT serere A ee EEE 21 ae E a ad S A ee ee A E E EES 23 FORO EON eo E E EE E E E E E 25 POV AQNICSO OUN oee eE rE E E E EEE ATE EE EAEE E E EEE 28 AA A RSN E E E A A A TT 30 BIGOO eere 32 VEAN error an E 34 o EET E A A A E E 37 NAT DNIZ eers iseer EEEE E E EE E EE E EEE 41 Val VGT oiana EE E EEEE E 44 Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 3 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual AMNIS TAO E nvsvnves epsusaneavaesayene messes dusausn gas 56 MI E cette sce vetoes tee basen dce A EO EAA 62 LLU S ese E A ET EE E E TE 64 LAN to LAN connection with bridge Mode cccsccccseeeeeeeeeeeeeeeeeeeeeeesseeeeneeeens 65 CS a ccfacaepe andes see ase E A E 66 LAN to LAN Connection with Routing Mode ccccccccsseeeeseeeeeseeeeeseeesaeeesaees 68 OP SI E sartanansagenaa nen aena tnmananaia EAE EE Ea 70 Configuration via Serial Console or T
93. ss e Frames are sent out tagged or untagged depend on if the egress port is a tagged or untagged member of the VLAN that frames belong to e lf VID and source address look up fails the source address will be learned You can setup the Virtual LAN VLAN parameters in vlan command The router support the implementation of VLAN to PVC only for bridge mode operation i e the VLAN spreads over both the COE and CPE sides where there is no layer 3 routing involved The unit supports up to 8 active VLANs with shared VLAN learning SVL bridge out of 4096 possible VLANs specified in IEEE 802 1Q Move the cursor gt gt to vlan and press enter gt gt mode Trigger virtual LAN function modify Modify virtual LAN rule pvid Modify port default ID link_mode Modify port link type list Show VLAN configuration To active the VLAN function move the cursor gt gt to mode and press enter The products support two types of VLAN 802 11q and Port Based The IEEE 802 1Q defines the operation of VLAN bridges that permit the definition operation and administration of VLAN topologies within a bridged LAN infrastructure Port Based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port 802 11Q VLAN Follow the following steps to configure 802 11q VLAN Command setup vlan active lt Disable 8021Q Port gt Message Please input the following information Tigger VLAN functio
94. sses and port numbers This is known as address filtering Firewalls can also filter specific types of network traffic This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used for example HTTP ftp or telnet Firewalls can also filter traffic by packet attribute or state An Internet firewall cannot prevent individual users with modems from dialing into or out of the network By doing so they bypass the firewall altogether Employee misconduct or carelessness cannot be controlled by firewalls Policies involving the use and misuse of passwords and user accounts must be strictly enforced These are management issues that should be raised during the planning of any security policy but that cannot be solved with Internet firewalls alone Types of Firewall There are three types of firewall Packet Filtering In packet filtering only the protocol and the address information of each packet is examined Its contents and context its relation to other packets and to the intended application are ignored The firewall pays no attention to applications on the host or local network and it knows nothing about the sources of incoming data Filtering consists of examining incoming or outgoing packets and allowing or disallowing their transmission or acceptance on the basis of a set of configurable rules Network Address Translation NAT routers offer the advantages of packet filtering firewa
95. t but does not actually have any services other than NAT of course running on gateway it is said to be a virtual server Request with TCP made to 69 210 1 8 80 are remapped to the server 1 on 192 168 0 2 80 for working days from Monday to Friday 8 AM to 6PM other requests with UDP made to 69 210 1 8 25 are remapped to server 2 on 192 168 0 3 25 and always on You can setup the router as Index 1 protocol TCP interface WAN1 service name test1 private IP 192 168 0 2 private port 80 public port 80 schedule from Day Monday to Friday and time 8 0 to 16 0 and index 2 protocol UDP interface WAN1 service name test2 private IP 192 168 0 3 private port 25 public port 25 schedule always Click Virtual Server to configure the parameters Basic Advanced Status Admin Utility ADVANCED VIRTUAL SERVER Virtual Server Mapping Parameters e Table of Current Virtual Server Entries Index _ServiceName__ Interface Private IP Protocol Schedule CED ED Press Modify for modify 1 S Access GmbH Tel 41 44 7003111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 44 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Basic Advanced Status Admin Utility ADVANCED VIRTUAL SERVER Virtual Server Mapping Parameters e Virtual Server 1 Protocol DISABLE Interface WANT Service Name ss Private IP Privat
96. t s access ch Switzerland Page 22 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access PPPoE or PPPoA PPPoA point to point protocol over ATM and PPPoE point to point protocol over Ethernet are authentication and connection protocols used by many service providers for broadband Internet access These are specifications for connecting multiple computer users on an Ethernet local area network to a remote site through common customer premises equipment which is the telephone company s term for a modem and similar devices PPPoE and PPPoA can be used to office or building Users share a common Digital Subscriber Line DSL cable modem or wireless connection to the Internet PPPoE and PPPoA combine the Point to Point Protocol PPP commonly used in dialup connections with the Ethernet protocol or ATM protocol which supports multiple users in a local area network The PPP protocol information is encapsulated within an Ethernet frame or ATM frame Before your configure the router check the information below with your ISP VPI VCI Encapsulation User Name Password DNS Server Host Name if applicable IP address if applicable Key in the WAN1 parameters VPI O VCI 32 AAL5 Encap LLC Protocol PPPoA NAT or PPPoE NAT Click Nextlto setup User name and password Basic Advanced Status Admin Utility BASIC STEP4 WAN VPI 0 YEL f2 AALS Encap wC mus LLC P
97. tack ROUTE Configure static routing table and RIP parameter ED GD Configure network address translation and DMZ host VIRTUAL SERVER Configure virtual server mapping FIREWALL Configure firewall security level IP Q05 Configure IP Qos parameters P E Done Local intranet E Astr 4 A es B sar rd veal E iar a ad Sd Car Gif S Ad dfs Dd eal S A IM Gad ar NS ss Click Advanced Firewall Security and then press Finish A SYN flood attack attempts to slow your network by requesting new connections but not completing the process to open the connection Once the buffer for these pending connections is full a server will not accept any more connections and will be unresponsive ICMP Flood A sender transmits a volume of ICMP request packets to cause all CPU resources to be consumed serving the phony requests UDP Flood A sender transmits a volume of requests for UDP diagnostic services which cause all CPU resources to be consumed serving the phony requests A ping of death attack attempts to crash your system by sending a fragmented packet when reconstructed is larger than the maximum allowable size Other known variants of the ping of death include teardrop bonk and nestea A land attack is an attempt to slow your network down by sending a packet with identical source and destination addresses originating from your network IP Spoofing is a method of masking the identity of an intrusion by maki
98. the NAT firewall and the remote management Security The NAT firewall parameters will take efect f MAT funchon is enabled Autoriatic Firewall Security Configura static muting Hint This level enables basic frewall security all DoS protection and the SP fiker function eee C Advanced Firewall Security NAT DM Hirt user can determine the s curity lewel for special purpose erwironment and Appheatiors by Configure network configuring the DoS proteron anc defining an extra packet filter with higher priority than the default siiis kandit ad zP filter Habe that an mproper fiber policy may degrade the capability of the firewall and or even DMZ het block the normal network traffic VIRTUAL SERVER Configure virtual server mapping p aes Canhiqure firewall sequnty e SOHO Router Remote Management and Configuration Microsoft Internet Explorer a x File Edit view Favorites Tools Help Back amp A A Asearch Ga Favorites Media 3D 3 w a Address http 10 10 0 20 ATM G shds ROUTER Basic Advanced Status Admin Utility ADVANCED FIREWALL Firewall Security Level Review colder Li aka an aloha aj To let the configuration that you have changed take effect immediately please click Restart button to reboot the system To continue the mode setup procedure please click Continue button WAN Configure WAN interface Firewall Security Level profile Security Level Basic Security Only BRIDGE Configure
99. the public network However the DMZ host is not able to initiate a session back into the private network It can only forward packets that have already been requested Users of the public network outside the company can access only the DMZ host The DMZ may typically also have the company s Web pages so these could serve the outside world However the DMZ provides access to no other company data In the event that an outside user penetrated the DMZ host s security the Web pages might be corrupted but no other company information would be exposed Press INAT DMZ to setup the parameters S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 41 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access Basic Advanced Status Admin Utility ADVANCED NAT DM Network Address Translation and DMZ Hosts Parameters e NAT DM function NAT OM2 Function Disable Enable es DMZ Host DMZ Host Function amp Disable Enable Virtual IP Address Active Interface WAN e Multi DM ID Virtual IP Address Global IP Address Interface _ A e nang i E i E Ti E Ti E i E Ti rari Ti rari es ee If you want to enable the NAT DMZ functions click Enable Enable the DMZ host Function is used the IP address assigned to the WAN for enabling DMZ function for the virtual IP address Multi DMZ Some
100. to admin and press enter gt gt user Manage user profile security Setup system security snmp Configure SNMP parameter passwd Change supervisor password id Change supervisor ID sntp Configure time synchronization User Profile You can use user command to clear modify and list the user profile You can setup at most five users to access the router via console port or telnet in user profile table however users who have the supervisor password can change the configuration of the router Move the cursor gt gt to user and press enter key gt gt clear Clear user profile modify Modify the user profile list List the user profile You can delete the user by number using clear command If you do not make sure the number of user you can use list command to check it Modify command is to modify an old user information or add a new user to user profile To modify or add a new user move the cursor to modify and press enter Command admin user modify lt 1 5 gt lt more gt Message Please input the following information Legal access user profile number lt 1 5 gt 2 gt gt Attrib Ul mode Profile User name and password There are two Ul mode command and menu mode to setup the product We will not discuss command mode in this manual security Security command can be configured sixteen legal IP address for telnet access and telnet port number S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44
101. transparent _ bridging DoS Protection Parameters Review VLAN Configure VLAN Detect SYN Attack Disable Sacer a as per parameters Detect ICMP Flood Disable ICMP Flood Threshold 200 packets per ROUTE second Configure static routing table and RIP parameter Detect UDP Flood Disable Oto Toate 200 peeks pe tote Detect PING of Death Attack Disable NAT DMZ Detect Land Attack Disable a eae Detect P Spooting Arock c a E address translation and Detect IP Spoofing Attack DMZ host Detect Smurf Attack Disable VIRTUAL SERVER Detect Fraggle Attack Disable Configure virtual server mapping Packet Filtering Parameters Review FIREWALL ae g Configure firewall security General Packet Filtering Parameter level Configure IP QoS Tr Fragmented ae Disable parameters Access Policies z zi im z l s Local intranet a Asr AASMA hel ae 4 eal Blo wae 5 Cac Cad Can Cao Cao Dd ads Md eal wa lr al war NRE 110 Press restart to restart the router or press continue to setup another function This level enables basic firewall security all DoS protection and the SPI filter function S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 46 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Press Finish to finish setting firewall 3 SOHO Router Remote Ma
102. ttacker sends TCP SYN packet which start connections very fast leaving the victim waiting to complete a huge number of connections causing it to run out of resources and dropping legitimate connections A new defense against this is the SYN cookies Each side of a connection has its own sequence number In response to a SYN the attacked machine creates a special sequence number that is a cookie of the connection then forgets everything it knows about the connection It can then recreate the forgotten information about the connection where the next packets come in from a legitimate connection ICMP Flood The attacker transmits a volume of ICMP request packets to cause all CPU resources to be consumed serving the phony requests UDP Flood The attacker transmits a volume of requests for UDP diagnostic services which cause all CPU resources to be consumed serving the phony requests Land attack The attacker attempts to slow your network down by sending a packet with identical source and destination addresses originating from your network Smurf attack Where the source address of a broadcast ping is forged so that a huge number of machines respond back to victim indicated by the address overloading it Fraggle Attack A perpetrator sends a large amount of UDP echo packets at IP broadcast addresses all of it having a spoofed source address of a victim IP Spoofing IP Spoofing is a method of masking the identity of an intrusion by m
103. tus display DoS protection status and dropped packets statistics S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 64 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access LAN to LAN connection with bridge Mode CO side Basic Advanced status Admin Utility BASIC STEPI Operation Mode System Mode ROUTE BRIDGE SHDSL Mode CO Side CPE Side Click and CO Side to setup Bridging mode of the Router and then click Next Basic Advanced Status Admin Utility BASIC STEP2 LAN IP Address fio f aT a Subnet Mask 265 f f 0 Gateway 192 168 fo 254 Host Name SOHO WAH 1 WPI i VEL 32 Encap YC rmux LLC LAN Parameters Enter IP 192 168 0 1 Enter Subnet Mask 255 255 255 0 Enter Gateway 192 168 0 1 Enter Host Name SOHO S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 65 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access WAN1 Parameters Enter VPI 0 Enter VCI 32 Click Click The screen will prompt the new configured parameters Check the parameters and Click The router will reboot with the new setting CPE Side Basic Advanced Status Admin Utility BASIC STEP1 Operation Mode System Mode ROUTE BRIDGE SHD
104. umber of address 49 You can delete virtual IP address range from 1 to 5 by using delete command You can view the virtual IP address range via list command To setup global IP address pool move the cursor gt gt to global command and press enter S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 94 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual gt gt range Edit global IP address pool interface Bind address pool to specific interface delete Delete global IP address pool list Show global IP address pool Command setup ip_share nat global range lt 1 5 gt lt ip gt lt 1 253 gt Message Please input the following information NAT global IP address range entry number lt 1 5 gt 1 Base address 122 22 22 2 Number of address 3 After configuration global IP address range You can bind address pool to specific interface via bind command Command setup ip_ share nat global interface lt 1 5 gt lt 1 8 gt Message Please input the following information NAT global ddress range entry number lt 1 5 gt 1 Active interface number lt 1 8 gt 1 You can delete global IP address range from 1 to 5 by using delete command You can view the global IP address range via list command To modify fixed IP address mapping move the cursor gt gt to fixed command and press enter gt gt modify Modify
105. ure fixed host IP address list list Show DHCP configuration gt gt active Tigger DHCP function gateway Default gateway for DHCP client netmask Subnet mask for DHCP client lp range Dynamic assigned IP address range lease_time Configure max lease time name_server1 Domain name server1 name_server2 Domain name server2 name_server3 Domain name server3 Active the DHCP function with active command Set the default gateway vie gateway command The subnet mask for DHCP client is configured by netmask command Ip range command is to configure dynamic assigned IP address range S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 99 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Access The dynamic IP maximum lease time is configured by lease_time command You can setup 3 domain name servers via name_server commands Fixed Host IP Address list are setup via fixed command gt gt add Add a fixed host entry delete Delete a fixed host entry You can view the DHCP configuration via list command DNS proxy You can setup three DNS servers in the product The number 2 and 3 DNS servers are option Move cursor gt gt to dns_proxy and press enter Command setup dns_proxy lt IP gt IP IP Message Please input the following information DNS server 1 ENTER for default lt 168 95 1 1 gt 10 0 10 1 DNS ser
106. ut the following information Virtual IP address 192 168 0 251 Active interface number Enter for default lt 1 gt 1 Firewall The product supports advanced firewall To setup the advanced firewall you can use firewall to configure gt gt Level Configure firewall security level pkt_filter Configure packet filter dos_protection Configure DoS protection There are three level of firewall which you can setup in this product Level one basic only enables the NAT firewall and the remote management security The NAT firewall will take effect if NAT function is enabled The remote management security is default to block any WAN side connection to the device Non empty legal IP pool in ADMIN will block all remote management connection except those IPs specified in the pool Level two automatic enables basic firewall security all DoS protection and the SPI filter function Level three advanced is an advanced level of firewall where user can determine the security level for special purpose environment and applications by configuring the DoS protection and defining an extra packet filter with higher priority than the default SPI filter Note that an improper filter policy may degrade the capability of the firewall and or even block the normal network traffic The firewall security level can configure via level command S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s acces
107. ver 2 10 10 10 1 DNS server 3 Host name Enter local host name via hostname command Move cursor gt gt to hostname and press enter Command setup hostname lt name gt Message Please input the following information Local hostname ENTER for default lt SOHO gt test Default lf you want to restore factory default first move the cursor gt gt to default and then press enter Command setup default lt name gt Message Please input the following information Are you sure Y N y S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 100 of 100 WEB http www s access ch
108. y Default Restore Configuration Backup Configuration CED e Load Factory Default function it will load the factory default parameters to the gateway S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 4144 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 62 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Note All of the settings will be changed to factory default On the other hand you will lose all the configured parameters e Restore Configuration Sometime the configuration will be crushed unintentionally Restore configuration will help you to recover the backup configuration easily e Click Finish after selecting Restore Configuration e Browse the route of backup file then press finish The router will automatically restore the saved configuration e Backup Configuration After configuration suggest using the function to backup your router parameters in the PC e Select the Backup Configuration and then press Finish e Browse the place of backup file named backup Press Finish The router will automatically backup the configuration Upgrade You can upgrade the gateway using the upgrade function Press Upgradel Basic Advanced Status Admin Utility UTILITY FRMWARE UPGRADE Firmware Upgrade Please select the firmware file that you want and press Ok button to upgrade the system then the system will restart automatically Browse
109. you see the login screen you can logon to Router Note You have to use SPACE key Pressing other keys does not work User admin Password Note The factory default user and passwords are both admin Telnet Make sure the correct Ethernet cable is used for connecting the LAN port of your computer to ROUTER The LAN LNK indicator on the front panel shall light if a correct cable is used Starting your Telnet client with VT100 terminal emulation and connecting to the management IP of Router wait for the login screen appears When you see the login screen you can logon to Router User admin Password Note The default IP address is 192 168 0 1 S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 73 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual S Access Configuration via Serial Console or Telnet For serial console and Telnet management the ROUTER implements two operational interfaces command line interface CLI and menu driven interface The CLI mode provides users a simple interface which is better for working with script file The menu driven interface is a user friendly interface to general operations The command syntax for CLI is the same as that of the menu driven interface The only difference is that the menu driven interface shows you all of available commands for you to select You do
110. ys belongs to a default VLAN with its port VID PVID as an untagged member Also a port can belong to multiple VLANs and be tagged members of these VLANs e A port must not be a tagged member of its default VLAN e lf anon tagged or null VID tagged packet is received it will be assigned with the default PVID of the ingress port e lf the packet is tagged with non null VID the VID in the tag will be used e The look up process starts with VLAN look up to determine whether the VID is valid If the VID is not valid the packet will be dropped and its address will not be learned If the VID is valid the VID destination address and source address lookups are performed e The VID and destination address lookup determines the forwarding ports If it fails the packet will be broadcasted to all members of the VLAN except the ingress port e Frames are sent out tagged or untagged depend on if the egress port is a tagged or untagged member of the VLAN that frames belong to e lf VID and source address look up fails the source address will be learned Click VLANI to configure VLAN S Access GmbH Tel 41 44 700 3111 Oberhausenstrasse 47 Fax 41 44 700 31 13 8907 Wettswil a A Email contact s access ch Switzerland Page 34 of 100 WEB http www s access ch SA PAM SAN ATM ETH User Manual Basic Advanced Status Admin Utility ADVANCED VLAN Virtual LAN Parameters SHDSL Setup SHDSL operation mode General Parameter
Download Pdf Manuals
Related Search