User`s Manual
Contents
1. systems 1 2 The NAT module provides Virtual Server service through static inbound NAT sessions Each Virtual Server statically maps a local host per service TCP UDP port of the WAN interface Multiple mappings may be mapped to the same local host A static inbound NAT session includes the protocol type TCP or UDP of the incoming packet the public port number the packet is destined to and the IP address and the port number of the virtual server i e the local host Contiguous public ports form a group that can be mapped to a virtual server from the WEB by entering the port range for that group see the Virtual Server configuration page Depending on the memory resource availability up to 20 public ports group can be created However the maximum number of mapped ports is 20 Demilitarized Zone DMZ The NAT module provides the functionality of a NAT box DMZ not a real DMZ The general definition of a real DMZ is a section of a network between exterior and interior firewalls where publicly accessible servers are usually placed A real DMZ provides separation of the servers placed within it and the private network a NAT box DMZ does not 1 2 The DMZ implemented in the NAT module allows one local host to be exposed to the Internet i e Only one DMZ host can be configured in the system When an incoming packet from the public domain cannot be resolved by NAT Sessions and Virtual2. 4 1 Port ADSL Router P114 Note The Outbound Policy works in a Top Down fashion according to the Outbound Policy Table This means that the firewall will apply the policies in order from the top of the table to the bottom It is critical for both security and user accessibility to the WAN to have outbound policies in the correct order See Section below for an example of this Edit Clicking this button will display a table similar to the add table see next page to the bottom of the policy table that will allow you to modify the corresponding policy Delete This will delete the corresponding policy Add Inbound Policy Clicking on this button will bring up a table with all the add configurations as shown below Outbound Policy IPAddress __Port Prot Act Opt Filtering Sees gor sor CENCE Adding New Policy Src IP AnIP x DB None Dest IP AnyIP DB Nore v Src Port Any Pot v Dest Port Any Port DB None v Transport Protocol All Protocol Filtering Action low Time Window Filtering Saiz Add Modify Outbound Policy Src IP This specifies the Source IP for the Outbound Policy This is the internal LAN side behind the firewall IP address or addresses and Subnet Mask s that will be affected by the policy In this field there are two IP Address entry fields and a dropdown menu The d
3. DYNAMI X UM A ADSL Router 4 1 Port User s Manual Copyright Copyright 2002 by this company All rights reserved No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language or computer language in any form or by any means electronic mechanical magnetic optical chemical manual or otherwise without the prior written permission of this company This company makes no representations or warranties either expressed or implied with respect to the contents hereof and specifically disclaims any warranties merchantability or fitness for any particular purpose Any software described in this manual is sold or licensed as is Should the programs prove defective following their purchase the buyer and not this company its distributor or its dealer assumes the entire cost of all necessary servicing repair and any incidental or consequential damages resulting from any defect in the software Further this company reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes 4 1 Port ADSL Router P1 FCC Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against radio interfe
4. Fragmentation Breaking a packet up into smaller packets that is caused either by the transmission medium being unable to support the original size of the packet or the receiving computer not being able to receive a packet of that size Fragmentation occurs when the sender s MTU is larger than the receiver s MRU FTP File Transfer Protocol A standardized internet protocol which is the simplest way to transfer files from one computer to another over the internet FTP uses the Internet s TCP IP protocols to function Full Duplex Data transmission can be transmitted and received on the same signal medium and at the same time Full Duplex lines are bidirectional G dmt Formally G 992 1 G dmt is a form of ADSL that uses Discrete MultiTone DMT technology G dmt incorporates a splitter in its design G lite Formally G 992 2 G lite is a standard way to install ADSL service G lite enables connections speeds up to 1 5 Mbps downstream and 128 kbps upstream G lite does not need a splitter at the user end because splitting is preformed at the remote end telephone company Gateway A point on the network which is an entrance to another network For example a router is a gateway that connects a LAN to a WAN Half Duplex Data transmission can be transmitted and received on the same signal medium but not simultaneously Half Duplex lines are bidirectional HEC Headed Error Control ATM error checking by using a CRC algorithm on t
5. RFC2516 Router Bridged Ethernet over ATM RFC1483 Classical IP over ATM RFC1577 ATM Forum UNI 3 1 4 0 PVC ATM SAR ATM AALS and OFM F4 F5 Support up to 8PVCs PEPE HES gt Router Mode IP Routing RIPv1 and RIPv2 Static Routing DHCP Server and Client Support DNS proxy Support NAT and NAPT functionality Support IPSec L2TP PPTP Pass Through Support ICMP and IGMP PEPE HE EH gt Firewall Statefull Packet Inspection SPI DoS Denial of Service protection Service Filtering Access Policies based on IP Address Service Group Time Inbound Outbound Policy Hacker Log PEP EH 4 1 Port ADSL Router P7 gt Ethernet Standards Built in 4 Port 10 100Mbps Ethernet Switch which compliant with IEEE 802 3x standards Automatic MDI MDI X crossover for 10 100Base T port gt Web Based Management Firmware upgrade via FTP WAN and LAN connection statistics Configuration of static routes and routing table NAT NAPT and VCs PPP user ID and password gt Security Support Hidden by NAT NAT opens a temporary path to the Internet for requests originating from the local network Requests originating from outside the LAN are discarded preventing users out side the LAN from finding and directly accessing the PCs on the LAN Port Forwarding with NAT The 4 Port ADSL Router allows you to direct incoming traffic to specific PCs based on the service port number of the incoming request or to
6. User Name Input Password and Confirm Password then click Save Setting after your configuration Check with your ISP for the VPI VCI setting details li PPPoA LLC If PPPoA LLC mode is selected manually enter your User Name Input Password and Confirm Password then click Save Setting after your configuration Check with your ISP for the VPI VCI setting details 4 1 Port ADSL Router P38 ii PPPoE VC Mux If PPPoE VC Mux mode is selected manually enter your User Name Input Password and Confirm Password then click Save Setting after your configuration Check with your ISP for the VPI VCI setting details iv PPPoE LLC If PPPoE LLC mode is selected manually enter your User Name Input Password and Confirm Password then click Save Setting after your configuration Check with your ISP for the VPI VCI setting details PPP Half Bridge Although the Router mode is capable of terminating the PPP in the modem and hence does not require PPPoE client software on the host PC there are some disadvantages to Router mode when only single user support is required For instance Router mode uses NAT which requires ALG support PPP Half Bridge also terminates the PPP in the modem and does not require a PPPoE client on the PC However PPP Half Bridge does not use NAT and is not limited by ALGs PPP Half Bridge will work with Ethernet interface to the PC
7. min Interval Failure The number of PPP configurations are 1 PPP Account Configuration Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration Example Create a PPP session and connect it to the ISP To create and connect a PPP session follow the steps below First you must create a PPP account To do this go to PPP Configuration page and click on PPP Account Configuration Enter the appropriate Acct ID User Name and Password make sure Add Modify is currently selected in the dropdown menu and click Submit Got back to the PPP Configuration Page by clicking Go back to PPP Configuration Type in an appropriate Session Name and select the account you just created in the Account to Use dropdown menu Everything else has default values which you can modify to suit your needs Make sure Add Modify is currently selected in the dropdown menu and click Submit The PPP session has been created Now you must go to the PPP Status page select the connection session and click Execute The PPP session should then connect Save Configuration Clicking this will link you to the Save Settings Reboot page PPP Account Configuration To begin PPP Session configuration you must first go to the PPP Account Configuration page below to set up an account The link to this page can be found on the PPP Configuration page On the PPP Account Configuration pa
8. Discarded Packets Connections Reset Counters This button allows user to reset the TCP Status counter General Total Packets Data Packets Data Bytes Out of Order Packets Out of Order Bytes Discarded Packets Bad Checksum Bad Offset Header Too Short 4 Connections Initiated Accepted Established Closed 4 1 Port ADSL Router P91 4 3 3 9 Admin Privilege Admin Password Configuration The Admin Password Configuration page allows you to set the password for administrator The Admin password is same as the FTP password so it must have at least 8 characters for the FTP to work The Admin password can be up to 65 characters excluding amp Admin Password Configuration For FTP to work the password for Admin should be at least 8 characters Do not use amp in the password Admin Password Configuration Retype Password submit Reset Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration 4 1 Port ADSL Router P92 4 3 3 10 Admin Privilege Reset To Factory Default The Reset to Factory Default page allows you to reset the ADSL Router to original factory default configuration factory reg Reset settings to factory default and reboot 4 1 Port ADSL Router P93 4 3 3 11 Admin Privilege Diagnostic Test The Diagnostic Test page shows the test results for the connectivity of the physical layer and pr
9. NAT usually blocks all inbound sessions Various implementations may be added to extend the NAT function and enable selective inbound sessions to allow access to local hosts from outside networks 4 1 Port ADSL Router P125 A 1 Basic NAT Basic Network Address Translation NAT enables outbound sessions for the hosts in a private network to gain Oaccess the external network Facts of Basic NAT Basic NAT allows hosts in a private network to transparently access the external network Basic NAT maps only one IP addresses in the private domain to each IP address in the public domain This is known as peer to peer mapping 1x1 For each WAN interface only one local PC IP address can be associated with each WAN interface Translation in Basic NAT is limited to IP addresses alone The number of nodes allowed to simultaneously access the external network is limited by the number of IP addresses assigned in the public domain 4 1 Port ADSL Router P126 A 2 Static NAPT NAPT also known as NAT PAT stands for Network Address Translation and Port Address Translation An extension of Basic NAT NAPT enables outbound sessions so that the hosts in a private network to access the external network Facts of NAPT NAPT multiplexes traffic from the internal network and presents it to the Internet as if it is coming from only one IP address Translation in NAPT is extended to include IP address and Transport identifier such as TCP UDP
10. Note Default is AutoSense Save Configuration Clicking this will link you to the Save Settings Reboot page 4 1 Port ADSL Router P59 A 4 3 2 3 Configuration PPP PPP Configuration The PPP Configuration page allows you to configure multiple PPP sessions for each PVC Multiple PPP sessions enables you to set up different connection settings and be able to toggle choose those settings for each PVC The ADSL Router can support up to total of 16 PPP sessions and each PVC can support up to 8 PPP sessions The multiple PPP sessions may be configured with any combination over 8 PVCs STATUS CONFIGURATION ADMIN PRIVILEGE Back to Simple Mode Session Name This field allows you to enter a Session Name This is user defined to help distinguish different session for different PPP accounts and different PVCs PVC This field allows you to choose the specific PVC for the PPP session Service Name The Service Name of the PPP session is required by some ISPs If the ISP does not provide the Service Name please leave it blank Account to Use You must select an account created in PPP Account Configuration page here Disconnect Timeout The Disconnect Timeout allows you to set the specific period of time in minutes to disconnect from the ISP The default is 0 which means never disconnect from the ISP Note Range for Disconnect Timeout field is 0 32767 default value is 0 PPP Idle Timer Config
11. Single User Mode Only one computer is connected at the LAN side through Ethernet Multi User Mode Multiple computers are connected at the LAN side through Ethernet 4 1 Port ADSL Router P39 4 3 Advanced Mode The Advanced Mode describe the detail instruction on installation configurations for advance user Click Advanced Setup icon to login the configuration setting pages System Information Automatic Setup Manual Setup Advanced Setup Manage Public Server Current Setting System Log 4 1 Port ADSL Router P40 4 3 1 Advanced Setup Status Click Advanced Setup the device Home Page or Main Status window will pop up It shows all the current setting configuration information of the ADSL Router CONF IGURA NON ADMIN PRIV Back to Simple Modu 4 1 Port ADSL Router P41 4 3 1 1 Status Main Status The links under the Main Status column are associated with the pages that represent the status of system computer and ADSL Router and interfaces Connections This includes LAN WAN and ADSL status These pages can be viewed and modified by both user and admin accounts Home Page System Info LAN Total Number of Lan Interfaces 1 Number of ethernet devices connected to the DHCP server 1 A 4 1 Port ADSL Router P42 System Info Firmware Version Shows the firmware version you are using Customer Software Version Shows the software contro
12. This field allows you to enter the Expire Timeout in seconds This timer specifies the expiration time of a route When a route has not been updated for more than the expire period of time it is removed from the Route Table This route is then invalidated and remains in the internal RIP Route Table It will be included in the RIP announcements to let other routers know the changes Note Range for Expire Timeout field is 0 2147483647 default is 180 Garbage Timeout This field allows you to enter the Garbage timer in seconds This timer specifies how long the expired and invalidated routes are kept in the Internal RIP Route Table before they are removed from it Note Range for Garbage Timeout field is O 2147483647 default is 120 4 1 Port ADSL Router P85 I Advance Configuration The RIP Per Interface Configuration page allows you to set the configuration for each Interface PVCs PPP Sessions USB and LAN RIP Per Interface Configuration Enabled Supplier Back to System Wide Configuration Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration Current RIP Settings EE Interface Enabled Supplier Mode Listener Mode id REE Ss Eee aie Interface This field allows you to choose the Interface PVCs PPP Sessions USB and LAN for the RIP to be configured The available selections are IP Ethernet 0 IP USB 0 IP PVCO IP PVC7 IP Brid
13. the DNS proxy will store the DNS server IP addresses obtained from DHCP client or PPP into the table All DNS query messages will be sent to the dynamically obtained DNS server Select this option when the DNS Server address is unknown but provided automatically by the ISP M User Configured Enable Disable When enabled the DNS proxy will use the user configured DNS server All DNS query messages will be sent to the DNS server Enter the DNS IP in the DNS Server field Select this option when the DNS Server address assigned by the ISP is known User Configured is disabled by default DNS Server This is the user defined DNS server URL name and IP Default is Disable M URL Name Add Delete This is the URL name for the DNS server This can be up to 255 characters M Host IP Add Only This is the IP address of the DNS Server Save Setting Clicking this will link the user to the Save Settings page B Router Mode Router Mode is used when there is more than one PC connected to the LAN side Ethernet port This enables the ADSL WAN access to be shared with multiple nodes on the LAN Network Address Translation NAT is supported so that one WAN side IP address can be shared among multiple LAN side devices DHCP is used to serve each LAN side device and IP address There are four encapsulation type for Router Mode i PPPoA VC Mux If PPPoA VC Mux mode is selected manually enter your
14. 1 Port ADSL Router P52 Authentication The different types of available authentications are Auto When auto is selected PAP mode will run by default However if PAP fails then CHAP will run as the secondary protocol This is the default setting PAP Password Authentication Procedure Authentication is done through username and password CHAP Challenge Handshake Authentication Protocol Typically more secure than PAP CHAP uses username and password in combination with a randomly generated challenge string which has to be authenticated using a one way hashing function Automatic Reconnect When it is checked the ADSL Router will reconnect a PPP session when it is terminated by the ISP If a PPP session is terminated under any other conditions i e by Disconnect Timeout or manual disconnect the Automatic Reconnect will not reconnect the session This box is unchecked by default G Bridge Bridge Enable to connect the LAN to the WAN bridge the two connections This is available in Bridge Mode only see Table G Default is Disabled Rx entity Packet Glass TTL Action noes PADSL__ IGMP query 1 reayoememe P_ temPrepot 1 ignore Sid SCS temPteave 1 ignore Sid SCS Generai mucas _ Relay ttoehemet S S Emme IGMP query 1 ignore Si SCS O o Smerep o RelaytoalADSLPVC SS O meae i Reaytoaraosteve Ss General muticastiP a e SSCSCSC S Table G Packet process H IG
15. Conversely if the SNR Margin is decreased bit error rate performance will decrease but the data rate will increase Line Attenuation Attenuation is the decrease in magnitude of the ADSL line signal between the transmitter Central Office DSLAM and the receiver Client ADSL Router measured in dB It is measured by calculating the difference in dB between the signal power level received at the Client ADSL Router and the reference signal power level transmitted from the Central Office DSLAM Errored Seconds During Showtime if any given second contains a CRC error then that second will be declared and recorded as an Errored Second Loss of Signal Loss of signal refers to the ADSL Router losing an ADSL signal not the computer losing a signal with the modem Loss of Signal event is only recorded if the signal is lost while the ADSL Router is in showtime status This field displays the count of ADSL signal loss events Loss of Frame A frame is a unit of data in ATM This field displays the count of ADSL frame loss events A Loss of Frame event is only recorded if the signal is lost while the ADSL Router is in showtime status CRC Errors Cyclic Redundancy Check CRC is a method for checking errors in data transmissions This field displays the number of transmit data frames containing CRC errors Data Rate This field displays the ADSL data rate in kbps Latency Latency synonymously delay is the amount of time it takes for a packet of
16. Flash and the system needs to be rebooted for changes to take effect Save Configuration PPP Disconnect Timer Configuration The PPP Disconnect Timer Configuration page enables you to configure what action will bring a PPP Session out of the Idle state disconnected state and reset the Idle Timer This is done by specifying criteria contained in packets namely IP Protocol and Port The Idle Timer refers to the Disconnect Timeout specified on the PPP Configuration page The PPP Idle Timer is recommended to be disabled Disconnect Timeout 0 on PPP Configuration page if you want an always on connection PPP Disconnect Timer Configuration is intended for users who do not desire an always on connection and or their ISP charge by connection time 4 1 Port ADSL Router P63 I Enable Disable Idle Timer Filter All Traffic will reset Idle Timer ignore filter below Selecting this option will disable the PPP Idle Timeout filter and allow any traffic through any protocol or port to reset the idle timer The only dependency is that the traffic must correspond with the Filter Application Inbound and or Outbound For example if Outbound Traffic Only is selected only traffic in the outbound direction will reset the idle timer When this option is selected all user configured criteria displayed in the filter table is bypassed Only filtered traffic will reset the Idle Timer use filter below Selecting this option will enable the PPP
17. IP Address __Port Prot Act Opt Filtering Seeeesener gor sor CENCE Adding New Policy Src IP AnyIP y DB None Dest IP AnyIP DB Nore Src Port Any Port v Dest Port Any Pot DB None v Transport Protocol All Protocol Filtering Action Allow Time Window Filtering Saiz Add Modify Outbound Policy A table of outbound policies is displayed with the following information If there are no policies then a message stating No Entries in Outbound Policy Database will be displayed in place of the table gt IP Address This field specifies the IP address or addresses to which the policy applies Both the source IP SrcIP and destination IP DesIP are specified here Port This field specifies the Port number to which the policy applies Both the source port SrcPort and destination port DesPort are specified here Prot Short for protocol this is the protocol to which the policy applies Act Short for action this field specifies two possible actions allow and deny Opt Filtering Optional Filtering field specifies the time period to which the policy applies Up Clicking on this button will move the corresponding policy up one space in the table Dn Short for down clicking on this button will move the corresponding policy down one space in the table
18. Mode The NAPT mode implements the NAPT functionality 1 2 Multiple local hosts can access the public domain using the same WAN Network Interface Two types of sessions may be created in this mode dynamic and static Static sessions take priority over dynamic sessions Static session mapping is NOT required for any local host to access the public domain Static session mapping can be configured to fix the WAN Network Interface that a local host must use to access the public domain This does not limit the number of local hosts this WAN Network Interface can serve in the NAPT mode Dynamic session mapping is created automatically When a packet from the LAN is processed and if no existing NAT session can be found then a dynamic session is created on a per packet basis based on the Route Table That is the destination IP address is used to find the appropriate Network Interface to deliver the packet to based on the Route Table If the Network Interface is a WAN interface then the IP address of the WAN interface is used to create the session dynamically and the Address Port translation is performed Thus packets originating from one local host may be mapped to multiple WAN interfaces If the packet cannot be routed based on the Route Table when trying to create a dynamic session then no dynamic session is created and the packet is not processed by NAT This is different than the obsolete one WAN static NAPT mode where a hidden default
19. This will link you to the PPP Disconnect Timer Configuration page 4 1 Port ADSL Router P60 MRU The MRU Maximum Receive Unit field indicates the maximum size IP packet that the peer of PPP connection this device can receive During the PPP negotiation the peer of the PPP connection will indicate its MRU and will accept any value up to that size The actual MTU of the PPP connection will be set to the smaller of the two MTU and the peer s MRU In the normal negotiation the peer will accept this MRU and will not send packet with information field larger than this value Note Range for MRU field is 0 32767 default value is 1492 MTU Maximum Transmission Unit MTU is the largest size packet that can be sent by the modem If the network stack of any packet is larger than the MTU value then the packet will be fragmented before the transmission During the PPP negotiation the peer of the PPP connection will indicate its MRU and will accept any value up to that size The actual MTU of the PPP connection will be set to the smaller of the two MTU and the peer s MRU Note Range for MTU field is 0 32767 default value is 1492 MSS Maximum Segment Size is the largest size of data that TCP will send in a single unfragmented IP packet The LAN client and the WAN host will indicate their MSS during the TCP connection handshake Note Range for MSS field is 0 32767 default value is 1432 Lcp Echo Interval This is the time interv
20. additional layer of security When there is a suspected packet coming from WAN the firewall will forward this packet to the DMZ host DMZ Host IP The IP address of the DMZ host viewable at the WAN external side 4 1 Port ADSL Router P88 IV DHCP DHCP Relay NONE This will disable the DHCP server Note that this setting will override the DHCP Server Enable Disable on the LAN configuration page DHCP Server default Select this to activate the DHCP server DHCP Relay If it is enabled the DHCP requests from local PCs will forward to the DHCP server runs on WAN side To have this function working properly please disable the NAT to run on router mode only disable the DHCP server on the LAN port and make sure the routing table has the correct routing entry DHCP Relay Target IP If DHCP Relay is enabled DHCP requests are relayed to DHCP Target IP on the WAN side Hn o PPP Half Bridge FEU 0 Connect PPP when ADSL link is up Enabled v SNTP Daylight Saving Time No v Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration vV IGMP Proxy IGMP Proxy This is the global setting for IGMP Proxy If it is enabled then the enabled IGMP Proxy on WAN PVCs will be working Otherwise no WAN PVC can have IGMP Proxy working on it System default is Disabled PPP Half Bridge When PPP Half Bridge is enabled only one PC is able to access t
21. and Print Sharing Description TCP IP is the protocol you use to connect to the Internet and wide area networks Step 3 Select the network adapter installed and click on Properties TCP IP Properties 21x Bindings Advanced Netbios DNS Configuration Gateway WINS Configuration IP Address The first gateway in the Installed Gateway list will be the default The address order in the list will be the order in which these machines are used New gateway a Installed gateways Step 5 Erase all the gateway setting amp Control Panel Fie Edt View Favorites Tools Help Beck gt gt QSeach C Folders PHistoy A OF X A Address Control Panel g F Control Panel Network Configures network hardware and software Modems Sources 32bit Windows Update Technical Support A 9 Passwords Power Options Printers Regional Settings ODBC Data Step 2 Double click the Network icon TCP IP Properties 2 x Bindings Advanced Netbilos DNS Configuration Gateway WINS Configuration IP Address An IP address can be automatically assigned to this computer If your network does not automatically assign IP addresses ask your network administrator for an address and then type it in the space below C Specify an IP address IV Detect connection to network media Step 4 Select Obtain an IP address automat
22. be accessed from All When this field is checked it allows both WAN and LAN access to the Web pages This is the system default Restricted LAN This field allows the Web pages access from LAN side Restricted WAN Specified IP amp Subnet Mask This field allows the Web access from WAN side with a specify IP and subnet mask HTTP Server Port This field allows you to specify the port of the Web access For example when it is changed to 8080 the HTTP server address for the LAN side is http 10 0 0 2 8080 Range for HTTP Server port is 0 32767 default value is 80 4 1 Port ADSL Router P87 II FTP Server FTP server This field allows you to enable or disable the FTP server connection System default is Enabled Disable WAN side FTP access This will disable WAN side access to the FTP server default is Disabled TFTP server This field allows you to enable or disable the TFTP connection System default is Disabled An example for the TFTP client updating the vxworks z product image code is Tf 10 0 0 3 TFIP32 File Options Help Host 10 0 0 2 Port 69 Timeout fia Send timeout to Server Fr l Send Fetch 51 Local File fa hasbaniwxworks z Match Files D Binary M Ea Remote File vxworks z Abort EENE Sent 129536 bytes 17 16 23 25 II DMZ DMZ A DMZ De Militarized Zone is added between a protected network and an external network in order to provide an
23. data to get from one designated point to another This field displays the two mapping modes for latency fast and interleaved 4 1 Port ADSL Router P47 4 3 2 Advanced Setup Configuration The links under Configuration column are associated to the pages that represent the configurations of system and interfaces These pages can be viewed and modified by both user and admin accounts Note When any settings are changed please go to the Save Settings page to save the new setting s and reboot the ADSL Router Changes will not take effect until the settings are saved and the ADSL Router is rebooted If power is lost before saving all new configurations since the last save will be lost even if they were submitted 4 1 Port ADSL Router P48 4 3 2 1 Configuration WAN The WAN configuration page allows you to set the configuration for the WAN ADSL ports Before you enter the WAN Configuration page you will be asked to select an adapter PVCO through PVC7 first Adapter Selection Select Adapter Adapter Submit Virtual Server Bridge Filtering DNS Save Settings Reboot Once you select the adaptor then following page will appear WAN Configuration PVC Settings Pvc 0 Change Adapter Main Setting lt Static IP Settings 0 0 0 oateway ooo Encapsulation PPPoE VC Mux DHCP Client bled 5 Z 4 1 Port ADSL Router P49 Change Adapter Click the Change Adapter tab
24. fully compliant with ANSI T1 413 Issue 2 ITU G992 1 and ITU G992 2 specification This rate adaptive solution is especially designed for Customer Premise Equipment that supports downstream data rates up to 8 Mbps and upstream data rates up to 1 Mbps With minimum setup you can install and use the router within minutes 4 1 Port ADSL Router P6 1 1 Four Port ADSL Router 1 1 1 Features gt The Four Port ADSL Router provides the following features Full rate ANSI T1 413 Issue 2 ITU T G 992 1 and ITU T G 992 2 standards compliant Fully compliant with Annex A B B U R2 ADSL specifications Downstream and Upstream data rates up to 8Mbps and 1 Mbps lt 2 PPPoE PPP protocol for dial up ADSL service Support Firewall functionality Support UPnP Universal Plug and Play specifications Optional Web based setup for installation and management Built in 4 10 100 Mbps Switch port for LAN connection Compliant with IEEE 802 3 802 3u and auto negotiation Support full duplex 802 3 flow control Support packet filtering functionality Flash memory for firmware upgrade Hardware Reset button for fast default setting recovery LEDs indicator indicates connection status gt ADSL Standards Full rate ANSI T1 413 Issue2 ITU T G 992 1 and ITU T G 992 2 standards compliant Downstream and Upstream data rates up to 8Mbps and 1Mbps Support Dying Gasp functionality gt ATM Protocols Support PPPoA RFC2364 Support PPPoE
25. is 0 0 0 0 Encapsulation The different types of encapsulation include i ii iii iv v Vi Vil viii ix PPPoA VC Mux PPPoA LLC 1483 Bridged IP LLC 1483 Routed IP LLC 1483 Bridged IP VC Mux 1483 Routed IP VC Mux Classical IP over ATM PPPoE VC Mux PPPoE LLC PPPoE None 4 1 Port ADSL Router P50 E DHCP Client DHCP Client This is to enable or disable default the ADSL Router WAN as a DHCP client where the ISP would be the DHCP server DHCP Client is generally used in the following encapsulations 1483 Bridged IP LLC 1483 Routed IP LLC 1483 Bridged IP VC MUX 1483 Routed IP VC Mux and Classical IP over ATM This option is for non static dynamic IP addresses Host Name When DHCP Client is Enabled copy the ISP recognized Host Name here The Host Name can be up to 19 characters Service Name qq Password e Lep Echo Maximum Consecutive Failure 6 Auto v Automatic Reconnect Bridge Disabled v IGMP Disabled v MAC Spoofing v Mac Address 00 00 00 00 00 00 TM A Peak Cell Rate o kbps ed Max Burst Size F PPP Advanced PPP Configuration The PPP Advanced PPP Configuration allows you to configure multiple PPP sessions for each PVC Multiple PPP sessions enables you to set up different connection settings and be able to toggle choose those settings for each PVC The ADSL Router can support up to total of 16 PPP sessions and e
26. is used to bridge between the WAN ADSL side and the LAN Ethernet side i e to store and forward There are two encapsulation type for Bridge Mode i 1483 Bridged IP LLC If 1483 Bridged IP LLC mode is selected select Enable or Disable to activate the WAN configuration setting Select Dynamic IP which will automatically assigned by your ISP or Static IP which will be provided by your ISP ii 1483 Bridged IP VC Mux If 1483 Bridged IP VC Mux mode is selected select Enable or Disable to activate the WAN configuration setting Select Dynamic IP which will automatically assigned by your ISP or Static IP which will be provided by your ISP iii 1483 Routed IP LLC If 1483 Router IP LLC mode is selected select Enable or Disable to activate the WAN configuration setting Select Dynamic IP which will automatically assigned by your ISP or Static IP which will be provided by your ISP iv 1483 Routed IP VC Mux If 1483 Routed IP VC Mux mode is selected select Enable or Disable to activate the WAN configuration setting Select Dynamic IP which will automatically assigned by your ISP or Static IP which will be provided by your ISP 4 1 Port ADSL Router P36 For Dynamic IP nothing have to fill in just click Save Setting to activate your configuration For Static IP please check with your ISP to fill in t
27. on 1 LINK ACT Steady green light indicates a valid Ethernet connection Blinking green light indicates active Ethernet session 2 LINK ACT Steady green light indicates a valid Ethernet connection Blinking green light indicates active Ethernet session 3 LINK ACT Steady green light indicates a valid Ethernet connection Blinking green light indicates active Ethernet session 4 LINK ACT Steady green light indicates a valid Ethernet connection Blinking green light indicates active Ethernet session RXD Blinking green light indicates an active WAN session ADSL Steady green light indicates a valid ADSL connection This will light after the ADSL negotiation process has been settled RDY 4 Port ADSL Router system status indicator When blinking indicates ADSL system is alive 4 1 Port ADSL Router P18 2 1 3 Connection Mechanism This section describes the hardware connection mechanism of your 4 Port ADSL Router on your Local Area Network LAN connect to the Internet how to configure 4 Port ADSL Router for Internet access or how to manually configure your Internet connection You need to prepare the following items before you can establish an Internet connection through your 4 Port ADSL Router 1 A computer which must have an installed Ethernet Adaptor and an Ethernet Cable 2 An ADSL service account and configuration information provided by your Internet Service Provider ISP You will need one or more of the follo
28. one designated DMZ host computer Forwarding of single ports or ranges of ports are configurable Support URL Blocking Prevent any LAN clients from accessing specific Internet site by set ting the URL keywords The 4 Port ADSL Router will reject all those web site whose URL names are matched or partially matched with the keywords Support MAC Filtering function This function enable the administrator to control the LAN client computers to access the Internet by the hardware MAC Address gt Content Filtering Blocks unwanted traffic from the Internet to your LAN Blocks access from your LAN to Internet locations or services that you d specified Logs security incidents The 4 Port ADSL Router will log security events such as blocked incoming traffic port scans attacks and administrator logins gt Extensive Protocol Support IP Address Sharing by NAT The 4 Port ADSL Router allows several networked PCs to share an Internet account using only a single IP address which may be statically or dynamically assigned by your Internet service provider ISP Automatic Configuration of DHCP The 4 Port ADSL Router dynamically assigns network configuration information including IP Address WAN Gateway Domain Name Server DNS Addresses etc This greatly simplifies configuration of PCs on your local network Dynamic DNS This is a method of keeping a domain name linked to a changing IP Address as not all computers use Static
29. page select the connection session and click Execute The PPP session should then connect Q5 Where can I download the free software to test IGMP ANS Please go to this link http manimac itd nrl navy mil MGEN 4 1 Port ADSL Router P132 Q6 How do I forward packets with MAC address 000002fa6fab to destination MAC 000003dc8faa through IP protocol ANS First go to the Bridge Filtering page under Configuration Then type 000002fa6fab in the ID Source MAC field 000003dc8faa in the Destination MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Forward and click Submit Q7 How do I block packets from MAC address 000002fa6fab through IP protocol ANS First go to the Bridge Filtering page under Configuration Then type 000002fa6fab in the ID Source MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Block and click Submit Q8 How do I block incoming packets with destination MAC address 000003dc8faa through IP protocol ANS First go to the Bridge Filtering page under Configuration Then type 000003dc8faa in the Destination MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Block and click Submit 4 1 Port ADSL Router P133 Q9 How can I find ve
30. port or ICMP query ID NAPT maps multiple IP addresses and their TCP UDP ports in the private domain to a single IP address and its TCP UDP ports in the public domain This is known as a multiple mapping mechanism For each WAN Interface more than one local PC can be associated with one WAN Interface NAPT allows multiple nodes in a local network to simultaneously access remote networks using the single IP address assigned to their router 4 1 Port ADSL Router P127 A 3 Functional Descriptions This section describes various NAT mechanisms for both outbound and inbound session operations Together they provide a mechanism to connect a realm with private addresses to an external realm with globally unique registered addresses The NAT module allows outbound access with either static or dynamic sessions Inbound access is normally blocked but selective inbound sessions may be enabled 4 1 Port ADSL Router P128 A 3 1 Outbound Access The NAT module implements two modes for outbound sessions NAT mode and NAPT mode NAT Mode NAT mode implements the Basic NAT functionality 1 2 3 If multiple local hosts are mapped to the same WAN Network Interface only the first one Static session mapping is required for any local host to access the public domain Only one local host can be mapped to each WAN Network Interface will take effect All other entries are marked with indicating that the entries will not take effect NAPT
31. reboot process Connection to the Internet is available after the above process Back To Home 4 1 Port ADSL Router P34 4 2 2 Quick Setup Manual Setup Manual Setup allows you to manually configure the ADSL Router step by step by selecting User Configured in the field Click Manual Setup and follow the installation wizard to complete the installation process System Information Firmware Version CX82xxx_4 1 0 13 Customer Software Version 840R_NB_020904 00FA Default Setting ISP BT ADSL UK PPP Status Disconnected Quick Setup Follow these quick steps to install the ADSL Router i Manually configure the ADSL Router step by step ee For professional user only Configure the advanced features of the ADSL Router For professional user only Configure the virtual server features of the ADSL Router Status Show the current device system setting Show events triggered by the system Manually enter the Encapsulation type VPI and VCY setting Check your ISP for the setting configuration details These modes are guidelines for setting up the WAN interface Table below lists the example of the mode configurations Manual Setting Encapsulation PPPoA C Mux v VPI SUES SEBO PPPoA LLC io 1483 Bridged IP LLC 1483 Routed IP LLC 1483 Bridged IP VC Mux 1483 Routed IP C Mux Classical IP over ATM PPPoE C Mux PPPoE LLC PPPoE None 4 1 Port ADSL Router P35 WAN Bridge Mode Router
32. session maps all LAN clients to only one WAN The default route of the Route Table serves a similar purpose through dynamic sessions A dynamic session is deleted dynamically either when the connection is completed or when the inactivity timer expires Thus changes to the Route Table may not change the NAT packet forwarding on existing sessions This may create confusion in some cases For example there are two WAN connections WAN is the default route and goes to internet WANZ has an internal server behind it and a manual route entry is entered to reach that internal server If WAN2 has a dynamic connection such as PPP or DHCP and a LAN client tries to ping that internal server before WAN2 is connected then the ping request is routed to WAN based on the route table While the continuous ping requests keeps going WAN2 is connected However the ping requests are continually forwarded to WANI and they cannot reach the internal server The reason is that when the first ping request was generated NAT creates a dynamic session based on the route table to forward it to WAN1 Since the ping failed the ping session was never completed so the dynamic session stays in NAT until it expires Therefore each ping request refreshes the timer of that dynamic session in NAT so the session never expires In this case stop the 4 1 Port ADSL Router P129 ping for a period of time let the session expire then restart the ping The expiration time di
33. the ADSL Router Manually configure the ADSL Router step by step For professional user only Configure the advanced features of the ADSL Router 2 Manage Public Server For professional user only Configure the virtual server features of the ADSL Router Show the current device system setting Show events triggered by the system The Virtual Server Configuration page allows you to set the configuration of the Virtual Server All UDP TCP ports are protected from intrusion If any specific local PCs need to be mapped to the UDP TCP port on WAN side please input the mappings here Note There can be up to 20 different Virtual Server Configurations Virtual Server Configuration ID P ublic Port Start Public Port End Private Port Port Type Host IP Address A ee Delete This Setting 10 007 Delete This Setting The maximum number of entries above is 20 The maximum number of mapped ports is 20 Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration ID This is the ID number corresponding to the Virtual Server configuration Public Port Start This field allows you to enter the port number of the Public Network WAN or external network If you are entering a range of ports this is the first port Public Port End This field represents the last port number in a port range If you only want one port number no port range simply enter the same numbe
34. will appear after pressing this button The first one states Your settings are being saved and the modem being rebooted Save reboot in progress please wait Followed by Your settings have been saved and the modem has rebooted Done I Reboot Only Two pages will appear after pressing this button The first one states The modem is being rebooted Reboot in progress please wait Followed by The modem is being rebooted Done 4 1 Port ADSL Router P76 4 3 3 Advanced Setup Admin Privilege The links under Admin Privilege are only accessible when user is logged in as Admin Regular user account does not have authorization to view or alter the content on the pages in the Admin Privilege section 4 1 Port ADSL Router P77 4 3 3 1 Admin Privilege WAN Status The WAN Status page shows the information and status of WAN PVCs WAN _ IP Address SubnetMask MAC Address Virtual Circuit Release v WAN This field displays the IP address Subnet Mask and MAC address for the WAN ADSL interface Use the Virtual Circuit selection to select different PVCs for status display Virtual Circuit Select the Virtual Circuit that you want to release renew select the appropriate option on the menu dropdown and click Execute 4 1 Port ADSL Router P78 4 3 3 2 Admin Privilege ATM Status The ATM Status page shows all the statistics information of ATM cells This page contains informat
35. 005 Packet Schedule Z F Itere Protocol TCPAPY instal Ploperthes escnehon bsn DNS seve eckhess stomsiicshy Treexmicion Control ProtcoctIintemet Protocol The detak mije aee revak proloco thet provides communication saos dvem inteconmected nelhorks O Use the biowng DNS server addresses Show inom in nolfiowion aaa when Cormacted eee _ Adrrced OK Cama 4 1 Port ADSL Router P136 D 2 Windows 95 98 98SE Me Click on Start Menu gt Settings gt Control Panel In the Control Panel double click the Network icon Select the TCP IP for the ADSL Router i e TCP IP Conexant USB Network Adapter and click the Properties button Select the IP Address tab and click Obtain an IP address automatically Click OK to close TCP IP Properties and then click OK to close Network Cress USB Neluarh Adapa Conenart USB Network Adaplai Adasia 4 1 Port ADSL Router P 137 D 3 AC OS 7 6 1 or higher Select Control Panels from the Apple Menu and open the TCP IP Control Panel Choose the Connect via Ethernet option Select Configure using DHCP Server option Close and Save 4 1 Port ADSL Router P138 D 4 MAC OS X Launch System Preferences from the Apple Menu and select the Network Preference Pane Choose Show Built in Ethernet Click on the TCP IP tab Choose Configure Using DHCP 6M Quit System Preferences 4 1 Port ADSL Router P139 Appendix E Common Erro
36. ADSL Port for connecting the 1 Port ADSL Router to the ADSL Service Provider RESET Restore the 1 Port ADSL Router s factory default setting LAN Ethernet Port for connecting the 1 Port ADSL Router to the network devices such as PCs AC Jack 12VAC 1A or 9VAC 1A Power adapter outlet ON OFF Power Switch to ON OFF the 1 Port ADSL Router Press the Reset button will Reboot amp Restore the ADSL Router s factory defaults and clear all the setting 4 1 Port ADSL Router P21 2 2 2 Front Panel The 1 Port ADSL Router s LEDs indicators display information about the device s status LINK ACT RXD ADSL RDY PWR Steady green light indicates the router is powered on LINK ACT Steady green light indicates a valid Ethernet connection Blinking green light indicates active Ethernet session RXD Blinking green light indicates an active WAN session ADSL Steady green light indicates a valid ADSL connection This will light after the ADSL negotiation process has been settled RDY 1 Port ADSL Router system status indicator When blinking indicates ADSL system is alive 4 1 Port ADSL Router P22 2 2 3 Connection Mechanism This section describes the hardware connection mechanism of your 1 Port ADSL Router on your Local Area Network LAN connect to the Internet how to configure 1 Port ADSL Router for Internet access or how to manually configure your Internet connection You need to pre
37. C can only accumulate a maximum of the value specified by Maximum Burst Size tokens When a PVC has a token available it can transmit cells at the rate of PCR After a cell is transmitted the PVC loses the token it has accumulated 4 1 Port ADSL Router P54 Note In the case of multiple PVCs CBR specified PVCs will have higher priority than PVCs with UBR For example the CBR PVCs will take their bandwidth and the remaining bandwidth will be split among the UBR PVCs In the case of total PVC CBR bandwidth exceeding ADSL upstream the total upstream bandwidth will be shared proportionally to the bandwidth allocated for each CBR PVC Peak Cell Rate This value specifies the maximum and in some cases guaranteed cell rate for CBR and VBR nrt Peak Cell Rates are typically measured in Cells Second however the user entered value is in kbps and is then converted by the firmware Note Range for Peak Cell Rate field is 0 32767 default is 0 Sustainable Cell Rate This is the sustained rate at which a PVC enabled with VBR nrt can transmit ATM cells Sustainable Cell Rate SCR can be considered as the true reserved bandwidth for a PVC Note Range for Sustainable Cell Rate field is 0 32767 default is 0 Max Burst Size This is the number of cells a PVC enabled with VBR nrt can transmit continuously at peak cell rate PCR Note Range for Max Burst Size field is 0 32767 default is 0 Example CBR and UBR This example is provi
38. Disable When the DNS Proxy is Disabled the LAN port does not process the DNS query message For the DHCP requests from local PCs the DHCP server will set the user configured DNS server as the DNS server Then all DNS query messages will be directly sent to the DNS servers DNS Proxy is enabled by default Auto Discovered When enabled default the DNS proxy will store the DNS server IP addresses obtained from DHCP client or PPP into the table All DNS query messages will be sent to the dynamically obtained DNS server Select this option when the DNS Server address is unknown but provided automatically by the ISP User Configured When enabled the DNS proxy will use the user configured DNS server All DNS query messages will be sent to the DNS server Enter the DNS IP in the DNS Server field Select this option when the DNS Server address assigned by the ISP is known User Configured is disabled by default Auto Discovery User Configured Selecting both options will cause the DNS proxy s table to have all the IP addresses of dynamically obtained and user configured DNS servers DNS Server This is the user defined DNS server URL name and IP Default is Disabled URL Name Add Delete This is the URL name for the DNS server This can be up to 255 characters Host IP Add Only This is the IP address of the DNS Server DNS Proxy Setting This is a table of all DNS server IP addresses DNS Server Setting This is a table of all DNS seve
39. IP addresses Typically when a user connects to the Internet the user s ISP assigns an unused IP address from a pool of IP addresses and this address is used only for the duration of that specific connection 4 1 Port ADSL Router P8 PPP over Ethernet PPPoE PPPoE is a method for the encapsulation of PPP packets over Ethernet frames from the user to the ISP over the Internet One reason PPPoE is preferred by ISPs is because it provides authentication username and password in addition to data transport A PPPoE session can be initiated by either a client application residing on a PC or by client firmware residing on a modem or router PPTP Point to Point Tunneling Protocol PPTP is a protocol set of communication rules that allows corporations to extend their own corporate network through private Tunnels over the public Internet Effectively a corporation uses a wide area network as a single large local area network A company no longer needs to lease its own lines for wide area communication but can securely use the public networks This kind of interconnection is known as a virtual private network gt Easy Installation and Management ka ka Quick Setup The Quick Setup is meant to help you install the product quickly and easily Browser based management Browser based configuration allows you to easily configure your router from almost any type of personal computer such as Windows Macintosh or Linux Visual monitor
40. Idle Timeout filter and only allow traffic specified in the filter table to reset the idle timer The traffic specified in the filter table must also correspond with the Filter Application selection For example outbound traffic with criteria matching that of the filter table will only be allowed to pass if either Outbound Traffic Only or Inbound and Outbound Traffic is selected Note PPP reconnect on WAN access must be enabled for the Idle Timer to reconnect a PPP Session when a request is made from the LAN to the WAN Click Execute to activate your setting Il Apply Filter The Filter Application consists of three options that determine which sources LAN and or WAN will be able to reset the Idle Timer and reconnect the PPP session Inbound Traffic Only Selecting this option will allow PPP requests from the WAN side to reset the Disconnect Timeout timer Note that requests from the WAN side cannot bring a PPP Session out of Idle state This is because when a PPP Session is in Idle state the connection is down if they match the filter table criteria Outbound Traffic Only When this option is selected default PPP sessions can only be activated Idle Timeout when a request is made on the LAN side to the WAN side The disconnect timer will reset when outbound traffic is detected if they match the filter table criteria Inbound and Outbound Traffic Selecting this will allow both WAN and LAN source packets to rese
41. L connection is down Showtime This indicates that a connection has been established between the ADSL Router and the CO Modulation This field displays the ADSL modulation status which can either be G dmt or T1 413 Annex Mode This field displays the ADSL annex mode which can either be Annex A or Annex B 4 1 Port ADSL Router P46 Startup Attempts This field displays the number of ADSL connection attempts after loss of showtime A connection attempt is recorded only if showtime is attained Max TX Power This field displays the transmit output power level of the CPE Customer Premise Equipment which is the transmit output power level of the ADSL Router CO Vendor This field displays the Central Office CO DSLAM vendor name if available If the ADSL Router is not connected to an ADSL vendor then UNUSED_VENDOR_0 will appear in this field Elapsed Time This field displays the time of the ADSL Router has been in operation This is the amount of time the ADSL Router is on not the amount of time it is connected to the PC or in ADSL status SNR Margin Signal to Noise Ratio SNR is the measure of signal intensity relative to the background noise The SNR Margin is the amount of increased noise that can be tolerated while maintaining the designated BER bit error rate The SNR Margin is set by Central Office DSLAM If the SNR Margin is increased bit error rate performance will improve but the data rate will decrease
42. Log This field allows you to clear the current contents of the System Log Save Log This field allows you to save the current contents of the System Log by right click HERE and select Save Target As to save it into a text file The System Log records ADSL Layer E ADSL Link detected E ADSL Link connected E ADSL Link disconnected ATM Layer E ATM detected E ATM connected E ATM disconnected E ATM setting up VPI VCI PPP Layer E PPP authenticated E PPP invalid user name or password E PPP unable to connect with PPP server IP Layer m IP protocol up E PPP IP address E PPP Gateway IP address PPP DNS Primary IP address E PPP DSN Secondary IP address 4 1 Port ADSL Router P98 4 3 3 13 Admin Privilege Local Code Image Update The Code Image Update page allows you to upgrade the image code locally Browse the location of file firmware dlf or bootrom dlf file and click the Upload to start the update The ADSL Router will reboot as part of the process of updating code Code Image Update Image Download Select Image Download to start a Code Image Update After Image Download is selected it will take a few seconds before you can select the file to be downloaded 4 1 Port ADSL Router P99 4 3 3 14 Admin Privilege Network Firmware Image Update The Network Firmware Image Update page allows you to upgrade the image code from the remote FTP server Assume an FTP server stores the updated image fir
43. MP IGMP IGMP Internet Group Management Protocol relay proxy specification and environment default is Disabled IGMP is available in all modes and all encapsulations Support IGMP proxy relay function for ADSL Router based on the following requirement and cases On CO side there must be at least one IGMP querier router present IGMP querier will send IGMP query packet The ADSL Router is responsible to relay these IGMP queries to Ethernet End user multicast application device sends IGMP report while receiving IGMP query or being activated by the user The ADSL Router should be responsible to proxy that is change source IP to ADSL Router s WAN IP the IGMP report to ADSL WAN side including all PVCs The same case is for IGMP leave packet 4 1 Port ADSL Router P53 Not necessary to relay multicast routing between two ADSL PVCs or two interfaces in LAN side Special purpose multicast packet such as RIP 2 packet should run without Interference Note Before the IGMP mode is enabled please go to the Miscellaneous Configuration page to enable the IGMP proxy Otherwise the IGMP selection will not be valid Q Where can I download the free software to test IGMP A Please go to this link http manimac itd nrl navy mil MGEN MAC Spoofing MAC Spoofing Enable MAC Spoofing to make a different MAC Address appear on the WAN side This is also used to solve the scenario where the ISP only recognizes one MAC Ad
44. Mode Router Mode Router Mode Half Bridge Configuration PPPoA PPPoE Dynamic IP Static IP IP address N A Automatically Automatically Provided by ISP Automatically assigned by ISP assigned by ISP assigned by ISP Subnet Mask N A Automatically Automatically Provided by ISP Automatically assigned by ISP assigned by ISP assigned by ISP Gateway N A Automatically Automatically Provided by ISP Automatically assigned by ISP assigned by ISP assigned by ISP Encapsulation 1483 Bridged IP PPPoA LLC 1483 Bridged 1483 Bridged PPPoA LLC LLC VC Mux Routed IP LLC Routed IP LLC VC Mux 1483 Bridged IP PPPoE LLC 1483 Bridged 1483 Bridged PPPoE LLC VC Mux VC Mux Routed VC Mux Routed VC Mux VC Mux Classical IP over Classical IP over ATM ATM Enabled Disabled Disabled Disabled PPP Service Provided by ISP Provided by ISP PPP Password Provided by ISP Provided by ISP DHCP Client Unchecked Unchecked Checked Unchecked Unchecked enable PPP Half Bridge Disabled Disabled Disabled Disabled Enabled automatically configured the DHCP Server NAT and DNS Proxy DHCP Server__ Disabled Enabled NAT Disabled Enabled Dynamic Enabled Dynamic Enabled Dynamic Disabled NAPT NAPT NAPT DNS Proxy Disabled Enabled Enabled Enabled Disabled IA JA PPP Username N A Provided by ISP Provided by ISP i JA JA A Bridge Mode Bridge Mode is used when there is one PC connected to the LAN side Ethernet port IEEE 802 1D method of transport bridging
45. Network IKE from External Network RIP from External Network 2 DHCP from External Network 4 1 Port ADSL Router P 106 4 3 3 16 2 1 Firewall Databases IP Group The IP Group lets you specify IP Addresses Single or Range and Subnet Masks and assign them to a group name for easy use when configuring inbound and outbound policies for the firewall Configuration Firewall IP Group IP Entry Name IP Address IPiMask P Enty Name IP adari Padar IPMask Ss ee A E Aao ociiy this entry Single IP IP Range Subnet Mask IP Entry Name This is the name you assign to the group of IP addresses and subnet masks The IP Entry Name can be up to 19 characters IP addr 1 This is the IP address or subnet mask you are specifying when creating a group IP addr 2 This field is only active if you select to group a range of IP addresses or subnet masks in which case this is the end address of that range whereas the IP addr 1 is the first address of that range IP Mask This field allows you to specify the address type assigned to the group Single IP This will let you specify one IP address for a given group IP Range This will let you specify a range of IP addresses for a given group starting with IP addr 1 and ending with IP addr 2 Subnet Mask This will let you specify a range of subnet masks for a given group 4 1 Port ADSL Router P107 4 3 3 16 2 2 Firewall Dat
46. S DUS Prompt Computer NIC MAC Address Conexant USB Network Adaptor MAC Address Erhernst 4 1 Port ADSL Router P 134 Appendix C Troubleshooting Guide The Troubleshooting Guide provides answers to common problems regarding the ADSL Router settings connections and computer settings I changed the LAN IP Address in the LAN configuration page and my PC is no longer able to detect the ADSL Router After changing the LAN IP Address of the ADSL Router you must do one of the following things before a PC is able to recognize the ADSL Router Open the MS DOS prompt and run ipconfig release followed by ipconfig renew Reboot the computer Disconnect the ADSL Router from the computer and then reconnect it Turn off the ADSL Router and then turn it back on Only one computer can connect to the ADSL Router or my ADSL Router can only recognize one computer There are several things to check Make sure that the DHCP server is in Multiple User mode To do this go to the LAN Configuration page and under the User Mode field select Multi User Make sure that the NAT is configured for multiple User IPs To do this go to the NAT configuration Page and change the NAT type of the particular session to Dynamic NAPT If the problem persists make sure that the computer that cannot connect has the appropriate network settings 4 1 Port ADSL Router P135 Appendix D Network Setup Guide To configure your comp
47. Servers it is forwarded to this default host Note that it allows full bi directional public access and address translation still takes place One popular use of this feature is when inbound connections to a range of ports are required and it is impractical or impossible to accommodate them via port mappings The DMZ opens all ports on this particular local host to all unsolicited traffic therefore posing some security risk This means that the protection of NAT is removed from that local host and external hosts can initiate conversations with it on any port 4 1 Port ADSL Router P131 Appendix B Frequently Asked Questions The Frequently Asked Questions addresses common questions regarding ADSL Router settings Some of these questions are also found throughout the guide in the sections to which they reference Q1 How do I determine if a link between the Ethernet card NIC and the ADSL Router has been established ANS A ping test would determine if a connection is established between your ADSL Router and computer Using the ping command ping the IP address of the ADSL Router in this case 10 0 0 2 default For more information on Ping Testing refer to Appendix C Troubleshooting Guide Alternatively if the Ethernet LINK LED is solidly on then the Ethernet link is established Q2 How do I determine if a link between the ADSL Router and the Internet has been established ANS Similar to the previous question a ping test
48. _4 1 0 13 Customer Software Version 840R_NB_020904 00FA Default Setting ISP BT ADSL UK PPP Status Disconnected Quick Setup Follow these quick steps to install the ADSL Router Manually configure the ADSL Router step by step Advanced Mode For professional user only Configure the advanced features of the ADSL Router For professional user only Configure the virtual server features of the ADSL Router Status Show the current device system setting Show events triggered by the system Current Setting VPI 0 VCI 100 Encapsulation PPPoA LLC 4 1 Port ADSL Router P122 4 4 2 Status System Log The System Log page shows the events triggered by the system This page contains information that is dynamic and will refresh every 5 seconds Disconnected Automatic Setup Manual Setup Advanced Setup Manage Public Server Current Setting System Log 01701 1970 00 00 00 gt CfoMor Washer dlz module loaded 01 01 1970 00 00 00 gt CfgMgr Shtm dlz module loaded 01 01 1970 00 00 00 gt Initialized Dynamic NAPT 01 01 1970 00 00 00 gt ATM Setting up vcecO YPI 0 YCI 100 01 01 1970 00 00 00 gt ATM Detected 01 01 1970 00 00 00 gt Ethernet Device 0 Detected Clear Log Back To Home Clear Log This field allows you to clear the current contents of the System Log Save Log This field allows you to save the current contents of the System Log by right click HERE and select Sav
49. abases Service Group The Service Group lets you specify a Port and assign it to a group name for easy use when configuring inbound and outbound policies for the firewall Configuration Firewall Service Group Service Entry Name TCP UDP Modi Moai Moai Service Entry Name TCP UDP o C Asi Mocity this entry Service Entry Name This is the name you assign to the group containing the port number The Service Name Entry can be up to 19 characters TCP UDP This specifies whether the port goes through TCP or UDP Port This is the port number associated with the group name Range for Port is 1 65535 4 1 Port ADSL Router P 108 4 3 3 16 2 3 Firewall Databases Time Window The Time Window lets you specify certain time periods and assign them to a group name for easy use when configuring inbound and outbound policies for the firewall Configuration Firewall Time Group Time Window Name 5 Add Modify this entry Time Window Name This is the name you assign to the group that is given the time designation The Time Window Name can be up to 19 characters Time Period This field allows you to specify the time period for both start time and end time by selecting the day hour minute and AM PM 4 1 Port ADSL Router P109 4 3 3 16 3 1 Inbound Outbound Policies Inbound Policy The Inbound Policy allows you to filter inbound from the WAN into the user side LAN packets based on a
50. abled Handshake Protocol This field allows you to select from the following ADSL handshake protocols Autosense G dmt first default Autosense T1 413 first G dmt G lite T1 413 G dmt and G lite Wiring Selection This field allows you to enter the wiring selection for the RJ 11 Tip Ring is the default for the ADSL Router without the inner outer pair relay Available types are Auto Tip Ring default and A A1 where Tip Ring is the inner most pair of wires on the RJ11 and A A1 is the second inner most pair Bit Swapping This field allows you to enable or disable the upstream bit swapping Bit Swapping is disabled by default 4 1 Port ADSL Router P80 4 3 3 4 Admin Privilege Route Table The Route Table page displays the routing table and allows you to manually enter a routing entry The routing table will display the routing status of Destination Netmask Gateway and Interface The interface brO indicates the USB interface 100 indicates the loopback interface ppp1 indicates the PPP interface The Gateway is the learned Gateway Route Table 10 0 0 0 255 0 0 0 10 0 0 2 eroon 255 0 0 0 Teno e System Default Gateway Configuration Auta O specify IP Doo Route Configuration Destination Netmask Gateway DO Oo E O o o OO oo O Select Interface PIEU Submit Note Save changes to flash to restore on power up Settings need to be saved to Flash and the system needs to be rebooted for c
51. ach PVC can support up to 8 PPP sessions The multiple PPP sessions may be configured with any combination over 8 PVCs 4 1 Port ADSL Router P51 Service Name The Service Name of the PPP session is required by some ISPs If the ISP does not provide the Service Name please leave it blank User Name Enter the PPP user name provided by the ISP The User Name can be up to 127 characters Note You cannot have two different user accounts with the same account name If a different User Name with an already existing Account ID is submitted it will replace the previous account with that Account ID You can have the same User Name and Password for two different accounts Account ID Password Enter the PPP password provided by the ISP The Password is not needed to delete or modify the account The Password can be up to 127 characters Disconnect Timeout The Disconnect Timeout allows you to set the specific period of time in minutes to disconnect from the ISP The default is 0 which means never disconnect from the ISP Note Range for Disconnect Timeout field is 0 32767 default value is 0 MRU The MRU Maximum Receive Unit field indicates the maximum size IP packet that the peer of PPP connection this device can receive During the PPP negotiation the peer of the PPP connection will indicate its MRU and will accept any value up to that size The actual MTU of the PPP connection will be set to the smaller of the two MTU and the pee
52. ailable Sessions p Session Name nterface Number of Sessions 0 NAT Use this field to Enable Disable NAT Default is Enable Mode Options for the NAT dropdown menu are NAT Static peer to peer mode 1x1 NAPT Static multiple mapping mode 1xN Dynamic NAPT Dynamic multiple mapping mode NxN This is the default setting 4 1 Port ADSL Router P67 Session Name This field allows you to select the session from the configured NAT Session Name Configuration User s IP This field allows you to assign the IP address to map the corresponding NAT NAPT sessions Number of NAT Configurations This field displays the total number of NAT Sessions entered Note NAT allows only one entry User IP per session while NAPT allows many entries User IPs per session Available Sessions This table will be displayed at the bottom of the page to show all the available Session Names with their corresponding WAN Interface Number of Sessions This field displays the total number of NAT Sessions entered II NAT Session Name Configuration NAT Session Name Configuration OOOO I ce a Session Name Interface Go back to NAT Configuration Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration Number of NAT Sessions 0 Session Name This field allows you to enter a Session Name to help distinguish different NAT Sessions for different int
53. al in seconds between PPP session connection attempts Note Range for Lcp Echo Interval field is 0 32767 default value is 10 Lcp Echo Maximum Consecutive Failure This is the number of times a PPP session can fail while trying to connect before stopping If a PPP session fails this number of times you must manually reconnect the PPP session Note Range for Lcp Echo Maximum Consecutive Failure field is 0 32767 default value is 6 Authentication The different types of available authentications are Auto When auto is selected PAP mode will run by default However if PAP fails then CHAP will run as the secondary protocol This is the default setting PAP Password Authentication Procedure Authentication is done through username and password CHAP Challenge Handshake Authentication Protocol Typically more secure than PAP CHAP uses username and password in combination with a randomly generated challenge string which has to be authenticated using a one way hashing function Automatic Reconnect When it is checked the ADSL Router will reconnect a PPP session when it is terminated by the ISP If a PPP session is terminated under any other conditions i e by Disconnect Timeout or manual disconnect the Automatic Reconnect will not reconnect the session This box is unchecked by default 4 1 Port ADSL Router P61 z Disconnect rs Session Service Account Authentication Name Adapter Naratlite Use Timeout MRU MTU
54. ally assigned primary DNS IP address is configured correctly or DHCP client is enabled with the current VC This test returns N A if there is no DNS configured 4 1 Port ADSL Router P96 Query DNS for www conexant com This test returns PASS if the host name can be resolved to an IP address though your domain name servers This test returns FAIL if the host name can not be resolved successfully If this test returns FAIL run this test again a few minutes after this test is completed Ping www conexant com This test returns PASS if the host specified by your ISP can be reached through a ping request If this test returns FAIL run this test again a few minutes after this test is completed This test returns SKIPPED if the host name can not be resolved to an IP address 4 1 Port ADSL Router P97 4 3 3 12 Admin Privilege System Log The System Log page shows the events triggered by the system This page contains information that is dynamic and will refresh every 5 seconds System Log 01 01 1970 00 00 00 gt CfoMer Washer dlz module loaded 01 01 1970 00 00 00 gt CfoMer Shtm dlz module loaded 01 01 1970 00 00 00 gt Initialized Dynamic NAPT 01 01 1970 00 00 00 gt ATM Setting up yvecO YPI 0 YCI 100 01 01 1970 00 00 00 gt ATM Detected 01 01 1970 00 00 00 gt Ethernet Device O Detected Clear Log If you would like to save the log to a text file right click here and select Save Target As Clear
55. along with the appendices at the end of the guide 4 1 Port ADSL Router P13 1 4 Audience This document is prepared for use by those customers who purchasing ADSL ROUTER and using the firmware It assumes the reader has a basic knowledge of ADSL and networking 4 1 Port ADSL Router P14 1 5 Document Structure Chapter 1 Chapter 2 Chapter 3 Chapter 4 Appendix A Appendix B Appendix C Appendix D Appendix E Appendix F Introduction provides a brief introduction to the product and user guide Getting to know your ADSL Router provides device specifications and hardware connection mechanism Administrator s computer setting provides Windows system Network s configurations Device Administrator describes the pages found under the Configuration menu These pages allow the user to view update and save the ADSL ROUTER configurations Network Address Translation provides an introduction to Network Address Translation NAT Frequently Asked Questions is a compilation of useful questions regarding ADSL Router setup Troubleshooting Guide is a compilation of questions and answers relating to common problems dealing with Windows Networking and the ADSL ROUTER Configuration Network Setup Guide provides additional support on setting up Windows and Mac OS networks Common Error Messages provides an explanation and solution of some common error messages that may occur while configuring
56. an be configured based on your specific need Basic Protection C Ping of Death checking O Ressambly Attack checking Advanced Protection CO ICMP Redirection checking O Winnuke Attack checking Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration Basic Protection IP Spoofing checking IP spoofing is when an unauthorized user inserts the IP address of an authorized user into the IP packets in order to gain access to a network Selecting this option will allow the firewall to check for and filter out this discrepancy Ping of Death checking Ping of Death is a type of DoS attack that uses a malformed ICMP data packet that contains unusually large amounts of data that causes TCP IP to crash or behave irregularly Enabling this will allow the firewall to filter out packets containing Ping of Death properties Land Attack checking Land attack is a type of DoS attack that works by sending a spoofed packet containing the same source and destination IP address and port the victim s IP address This packet contains a connection request resulting in a handshake process At the end of the handshake the victim sends out an ACK ACKnowledge request Since the source and the destination are the same the victim receives the ACK request it just sent out The received data does not match what the victim is expecting so it retransmits the ACK request This process repea
57. and security arises when exposing IP addresses in a private network to the public domain NAT automatically provides firewall style protection by only allowing connections originated from the private network and not allowing attackers on the public domain to distinguish individual IP addresses of computers internal to the network Administrating external network topology changes Without NAT when the network topology of the public domain changes the address assignment for the local domain would be forced to change accordingly NAT separates the private network from the public domain Thus changes of public domain network topology can be hidden from users within the private domain NAT operation is based on where the traffic is initiated instead of the physical packet direction Outbound sessions are initiated from the private network accessing the external network For example an FTP session initiated from a host in the private network to access the FTP server through the internet is considered an outbound session This session includes bi directional packet exchange The primary NAT function allows outbound sessions so that hosts in a private network can transparently access the external network Inbound sessions are initiated from the external network accessing the private network For example an FTP session initiated by a host from the external network to access the FTP server residing in the private network is considered an inbound session
58. be effective forever Note Ranges for Lease Time fields Days 0 36500 Hours 0 23 Minutes 0 59 Seconds 0 59 default value is 1 days 0 hours 0 minutes 0 seconds User mode Under the Single User mode the DHCP server only allocates one IP address to a local PC Under the Multiple User mode default the DHCP server allocates the IP addresses specified by the DHCP address pool 4 1 Port ADSL Router P58 C Ethernet Mode Setting The Ethernet Mode configuration page allows you to set the LAN port into the following modes AutoSense The ADSL Router will automatically sense which mode to use selecting between 100 Mbps Full Duplex 100 Mbps Half Duplex 10 Mbps Full Duplex and 10 Mbps Half Duplex This is the default setting 100 Mbps Full Duplex Data can be transferred and received simultaneously at the transfer rate of 100 Mega bits per second 100 Mbps Half Duplex Data cannot be transferred and received at the same time For example data can be sent and once the transmission is complete data can be received This is done at a transfer rate of 100 Mega bits per second 10 Mbps Full Duplex Data can be transferred and received simultaneously at the transfer rate of 10 Mega bits per second 10 Mbps Half Duplex Data cannot be transferred and received at the same time For example data can be sent and once the transmission is complete data can be received This is done at a transfer rate of 10 Mega bits per second
59. ction This test returns PASS if your ADSL Router can see the PPPoE server If this test returns FAIL run this test again a few minutes after this test is completed especially if your PPPOE connection has just been improperly disconnected If this test consistently returns FAIL make sure that the PPPoE settings are in the correct configuration as instructed by your service provider make sure the VPI and the VCI settings 4 1 Port ADSL Router P95 of the current VC are configured correctly This test returns SKIPPED if the AAL5 Connection test does not return PASS Test PPP Layer Connection This test returns PASS if your login name and password have passed authentication with your service provider If this test returns FAIL run this test again a few minutes after this test is completed especially if your PPP connection has just been improperly disconnected If this test consistently fails first make sure your login name and password are correct Remember that login names and passwords are case sensitive This test returns SKIPPED if the PPPoE Connection test does not return PASS and your ADSL modem is configured as PPPoE encapsulation This test also returns SKIPPED if the AALS Connection test does not return PASS and your ADSL Router is configured for PPPOA encapsulation Test IP Connect to PPP This test returns PASS if your ADSL Router has been assigned a valid IP address by your service provider through DHCP or
60. d Help Local Area Connection Properties Gene Autherticaton Advanced Qu OF Perr Ere en MP Reatek ATLE 39 Famdy PCI Fast Etheret NIC Aatrets Network Connections Network Tasks This connection uses the followeng tems Chent tor Microsott Netware Fite and Panie Shanng tor Miciosolt Networks Veate a new sonnection k Set up a home or small wile rretweeh v Disable ths network kvos Q aopa thes connector Bridge Connections W Reneme this connection Wows status of thes connection E Change settings of the connection Descrpton Tranamenon Comino Protocol Iinternet Protocol The detak wade area network protocol thet prowides communication Sto versa interconnected networks Create Tortut Renane Cl Show icon n notification mea when connected Step 3 Right Click on the Local Area Connection and select Properties ox _coreet _ Internet Protocol TCP IP Properties AE Step 4 Select Internet Protocol Geneva Alemale Corfigwsion TCP IP and click Properties You can get IP settings assigned automaticaly your network supports this capablty Othenase you need to ask your network administrator for the appropiate IP settings Step 5 Select Obtain and IP address automatically and NObtain DNS server roe 2 address automatically Then Click on OK Use the folowing DNS server addeesses 4 1 Port ADSL Router P28 e Chapter 4 Device Administratio
61. ded to further explain the dynamics of UBR and CBR and how different PVCs with different service category specifications coexist In this example the ADSL upstream is 900 kbps Sample Configuration Po o os S 7 Scenario Actual Adjusted Bandwidth Usage PVCO is busy PVCO uses 400 kbps PVC 1 is idle PVC2 uses 250 kbps PVC2 and PVC3 are busy PVC3 uses 250 kbps PVCO is idle PVC1 uses 800 kbps PVC1 is busy PVC2 uses 50 kbps PVC2 and PVC3 are busy PVC3 uses 50 kbps PVCO is busy PVCO uses 300 kbps PVC1 is busy PVC1 uses 600 kbps PVC2 and PVC3 are busy PVC2 uses 0 kbps PVC3 uses 0 kbps 4 1 Port ADSL Router P55 B Example VBR nrt This example is provided to further explain the dynamics of VBR nrt A PVC has a service category of VBR nrt with the following parameters 1 PCR 400 kbps 2 SCR 100 kbps 3 MBS 22 cells Note that 22 cells 48 bytes cell 1056 bytes If the PVC has been idle for a while meaning it has accumulated a MBS of 22 cells and it just has two packets of the same size 1000 bytes to send It can transmit the first packet of size 1000 bytes in 20ms 1000 bytes 8bit byte 4000kbps Immediately after the first second packet is transmit it will take about 80ms to transmit the second packet because the PVC can only transmit the second packet at SCR 100kbps Click Save Setting after configuration setting to activate your ADSL Router 4 1 Port ADSL Router P56 4 3 2 2 Con
62. down menu The dropdown menu has four options Any Port Selecting this will cause all Ports to be affected by the policy When this is selected you will be unable to enter any information into the Port entry fields Single Port Selecting this will cause only one Port to be affected by the policy This Port will need to be specified by the user in the first Port entry field Port Range Selecting this will enable you to select a range of Ports to which the policy will apply The first Port in the range must be entered in the first Port entry field and the last Port in the range must be entered in the second Port entry field Safe Ports Any port greater than 1024 1025 65535 is considered a safe port Dest Port This specifies the Destination Port for the Inbound Policy This is the internal WAN side outside of the firewall Port that will be affected by the policy See Src Port above for configuration detail Transport Protocol This specifies the Transport Transfer protocol for the policy The following protocol options are available All TCP UDP ICMP AH ESP and GRE Filtering Action This specifies what action the policy takes Allow Selecting this will cause the policy to allow packet transfer from the Sre IP through the Sre Port to travel through the Dest Port to the Dest IP All of these are specified above and must be configured by the user Deny Selecting this will cause the policy to deny packe
63. dress Note Default is Disabled MAC Address When MAC Spoofing is enabled copy the ISP recognized MAC address here Format for MAC address is six pairs of hexadecimal numbers 0 9 A F separated by colons Note Default is 00 00 00 00 00 00 ATM Asynchronous Transfer Mode A method of transfer in which data is organized into 53 byte cell units ATM cells are processed asynchronously in relation to other cells Service Category This field allows you to select from the following service categories with UBR as the default UBR Unspecified Bit Rate When configured as UBR traffic is delivered with best efforts but with no guarantee This allows for fluctuation in times of temporary increase of available bandwidth For example if a PVC with CBR is temporarily inactive the PVC s with UBR will utilize that bandwidth while it is available UBR is intended for applications that do not require any maximum bound on the transfer delay CBR Constant Bit Rate When a PVC is specified as a CBR that PVC is guaranteed a certain bandwidth characterized by the Peak Cell Rate PCR The CBR does not have to transmit with a peak cell rate and when it does it is only when the bandwidth specified by the PCR is guaranteed VBR nrt Variable Bit Rate non real time An PVC enabled with VBR nrt can transmit a cell only if the PVC has a token available The PVC accumulates tokens at the rate of the Sustainable Cell Rate and the PV
64. dress causing it to send the request back to itself This causes the broadcast address to send it out to all the network nodes in the broadcast area usually the entire LAN In turn all those recipients resend it back to the broadcast The process repeats itself gaining more amplitude through each iteration and eventually causing a traffic overload and crashing the network Enable ICMP Redirection checking to filter out packets containing the threat Source Routing checking Source routing gives the sender of a packet the ability to determine the exact route that an IP packet takes to get to the destination However source routing can be used for malicious reasons Using a source routed packet the sender could find out important information about nodes in a network making it easy to exploit any weakness Enabling Source Routing checking will cause the firewall to filter out any packet with Source Routing properties WinNuke Attack checking WinNuke exploits a large networking bug found in Windows 95 and NT WinNuke sends erroneous OOB Out of Band data that Windows is unable to process causing the target computer to crash Enable this if you are running an early 95 or NT version of Windows that is vulnerable to this attack 4 1 Port ADSL Router P104 4 3 3 16 1 2 Advanced Options Hacker Log This page allows you to configure which Protection Policy see previous section violations to log for admin viewing Configuration Firewa
65. e Target As to save it into a text file 4 1 Port ADSL Router P123 The System Log records ADSL Layer E ADSL Link detected E ADSL Link connected E ADSL Link disconnected ATM Layer E ATM detected E ATM connected E ATM disconnected E ATM setting up VPI VCI PPP Layer E PPP authenticated m PPP invalid user name or password m PPP unable to connect with PPP server IP Layer IP protocol up E PPP IP address E PPP Gateway IP address PPP DNS Primary IP address E PPP DSN Secondary IP address 4 1 Port ADSL Router P124 Appendix A Network Address Translation Network Address Translation NAT translates the IP address a network LAN to a different IP address known by another network WAN This gives an outside network the ability to distinguish and communicate with a device on the inside network as the inside network has a private set of IP addresses assigned by the DHCP server which are not know to the outside network The rise of NAT and increasing use of NAT come from several factors World shortage of IP Addresses Public IP addresses need to be used in the public domain However the limited supply of public IP addresses cannot satisfy the increasing demand NAT allows multiple IP nodes in the private domain to share one public IP address This conserves the pool of public IP address and makes private IP addresses reusable in other private domains Privacy Security Concern in privacy
66. eeeeseessteeesneeeeness 71 4 3 2 7 COntieuratiOn DNS si Acasa et ace ache eack Unt ais stated anetalas 73 4 3 2 8 Configuration User Password Configuration 0 0 cceeeeee 75 4 3 2 9 Configuration Save Setting ReEDOOC ceccececcseecsteeesseeseteeesneeseeees 76 4 3 3 Advanced Setup Admin Privilege ceeceecccecsseecssessseeseseeesseeeeneeesneeseeess 77 4 3 3 1 Admin Privilege WAN Status 78 4 3 3 2 Admin Privilege ATM Status 79 4 3 3 3 Admin Privilege ADSL Configuration 000 ccceeeeeeseeeeteeeeee 80 4 3 3 4 Admin Privilege Route Table sssrin 81 4 3 3 5 Admin Privilege Learned MAC Table 0 cccceecceeesteessteseeeeeee 83 4 3 3 6 Admin Privilege RIP Configuration ceeceeceecteeeeessteeeeneeeeees 84 4 3 3 7 Admin Privilege Misc Configuration 0 ccecceeccesceeeeeessteeeeneeesees 87 4 3 3 8 Admin Privilege TCP Status 91 4 3 3 9 Admin Privilege Admin Password Configuration cc00 92 4 3 3 10 Admin Privilege Reset To Factory Default 93 4 3 3 11 Admin Privilege Diagnostic TeSt c cece ecsseesseesstessteesseessees 94 4 3 3 12 Admin Privilege System LOG eee eessseesseessseeesseessneeesneeeseess 98 4 3 3 13 Admin Privilege Local Code Image Update 99 4 3 3 14 Admin Privilege Network Firmware Image Update 100 4 3 3 15 Admin Privilege Boot Code Image Update 101 4 3 3 16 Admin Privilege Firewall i
67. electing Add on the Action dropdown menu and clicking Submit To delete an entry you can enter the information of an entry that already exists on the table select Delete on the Action dropdown menu and click Submit IP Protocol Protocol Number of Entries is 5 Clear All Restore to Default Well Known Ports Application CO Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration 4 1 Port ADSL Router P66 4 3 2 4 Configuration NAT The NAT Configuration page allows you to set the configuration for the Network Address Translation The NAT module provides Dynamic Network Address and Port Translation Dynamic NAPT capability between LAN and multiple WAN connections and the LAN traffic is routed to appropriate WAN connections based on the destination IP addresses and the Route Table This eliminates the need for the static NAT session configuration between multiple LAN clients and multiple WAN connections When Dynamic NAPT is chosen default there is no need to configure the NAT Session and NAT Session Name Configuration I NAT Configuration NAT Configuration NAT Enable Mode Dynamic NAPT v AELG D o submit Reset p oo Session Name User s IP Number of NAT Configurations 0 Session Name Configuration Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration Av
68. erfaces among different PPP sessions and PVCs The Session Name can be up to 31 characters and there can be up to 16 different NAT session names Interface This field allows you to choose specific WAN Interfaces PVC or PPP Session for NAT Session The options for this field are PVCO PVC7 and any PPP session that was created by the user NAT Session Name Status This table is displayed at the bottom of this page to show all the NAT Session Names with their corresponding WAN Interfaces 4 1 Port ADSL Router P68 4 3 2 5 Configuration Virtual Server Virtual Servers are used for port forwarding from the WAN to LAN networks The Virtual Server Configuration page allows you to set the configuration of the Virtual Server All UDP TCP ports are protected from intrusion If any specific local PCs need to be mapped to the UDP TCP port on WAN side please input the mappings here Note There can be up to 20 different Virtual Server Configurations Virtual Server Configuration ID Public Port Start Public Port End Private Port Port Type HostIPAddress The maximum number of entries above is 20 The maximum number of mapped ports is 20 Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration ID This is the ID number corresponding to the Virtual Server configuration Public Port Start This field allows you to enter the port number of the Public Netwo
69. ersion number and Multicast Version Multicast RIP Messages Received Vi Vig VEC FF ON V2 BC amp VC MC N The RIP Configuration page allows you to set the configuration for the system wide configuration of RIP The actual RIP configuration is in the RIP Per Interface Configuration 4 1 Port ADSL Router P84 RIP System Wide Configuration RIP System Wide Configuration Border Gateway Enabled v Suppy merat Expire Timeout 180 Seconds Advanced Configuration Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration RIP This field allows you to Enable or Disable the RIP session The resulting RIP session will monitor all network interfaces that are currently available for messages from other RIP routers RIP is disabled by default Border Gateway RIP implements Border Gateway as specified in RFC 1058 and RFC 1723 This limits all subnet routes and host routes to routers within that same network Updates sent outside that network will only include a single entry representing the entire network including all subnets and host specific routes The Border Gateway is enabled by default Supplier Interval This field allows you to enter the Supplier Interval timer in seconds This timer specifies how often the RIP sends announcements as a RIP Supplier Note Range for Supplier Interval field is 0 2147483647 default value is 30 Expire Timeout
70. es LAN IP through any source or destination port and through all protocols Allow access from any Src WAN IP to any Des LAN IP through port 80 HTTP through TCP Deny access from Src WAN IP 204 35 82 1 to any Des LAN IP through port 80 HTTP through TCP Allow access from Src WAN IP 101 64 35 4 to Des LAN IP 10 0 0 3 10 0 0 6 through port 20 FTP through TCP Deny access from any Src WAN IP to DB FTP defined as IP through any source or destination protocol and through all protocols during time period WEEKEND where WEEKEND is defined in the Time Group as Saturday 12 00AM to Sunday 11 59PM It does not matter which order you input these in as long as you sort them into the correct order once you are finished 4 1 Port ADSL Router P117 The configuration should look like the following when complete Inbound Policy IP Opt Up Edit Dn Delete Up Edit Dn Delete Edit Delete Add Inbound Policy Note It should be clear now how critical it is to sort the policies in the correct order For example if policies one and two were switched there would be NO HTTP access to any computer in the LAN This would make web browsing impossible B Outbound Policy Sample Configuration You want to deny all access to the WAN except for the following HTTP access from any IP through TCP Any access from 10 0 0 3 through any protocol FTP Access from 10 0 0 3 10 0 0 6 through any protocol Convert
71. ffers from protocol to protocol 7 With dynamic WAN interfaces the Route table changes as links go up and down Since NAPT is based on Route Table NAT packet forwarding may behave differently from time to time Static Session Mapping Static session mapping is used in both NAT mode and NAPT mode 1 The static session mapping used in NAT mode and NAPT mode are the same except for one difference Only one session mapping is effective per WAN Network Interface in the NAT mode while there is no limit in the NAPT mode 2 Session mapping maps a local host IP address to a WAN Network Interface You must first create a Session Name and associate it with the intended WAN Network Interface Then you can map local host IP addresses to that Session Name 3 Depending on the memory resource availability 1 Up to 64 Session Names can be created for each WAN Network Interface il Up to 64 Session Names can be created in the system ii Up to 253 Local host IP mappings can be created for each Session Name iv Up to 253 Local host IP mappings can be crated in the system 4 1 Port ADSL Router P130 A 3 2 Inbound Access Inbound access is normally blocked however selective inbound sessions may be enabled The NAT module implements two types of inbound access control Virtual Server and Demilitarized Zone DMZ Virtual Server The term Virtual Server came from the concept of subdividing one physical system into multiple virtual
72. figuration LAN The LAN configuration allows you to set the configuration for the LAN port A LANIP LAN IP Address amp Subnet Mask The LAN IP Address is what the computer uses to identify and communicate with the ADSL Router this is the address you enter in the address bar of Internet Explorer to access these pages You can change this to another private IP address and subnet mask such as 192 168 1 2 and 255 255 255 0 Note Range for IP Address and Subnet Mask is x x x x where 0 S x 255 the default is 10 0 0 2 and 255 0 0 0 respectively STATUS CONFIGURATION ADMIN PRIVILEGE Back to Simple Mode Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Says Configuiation 4 1 Port ADSL Router P57 B DHCP Server Dynamic Host Configuration Protocol DHCP is a communications protocol that allows network administrators to manage and assign IP addresses to computers within the network DHCP provides a unique address to a computer in the network which enables it to connect to the Internet through Internet Protocol IP DHCP is controlled by the DHCP Server The following settings allow you to configure the DHCP server DHCP Server Select Enabled default to activate DHCP Server DHCP Address Pool Selection Two types of Address Pool selections are available with System Allocated as the default System Allocated The DHCP address pool is based on LAN port IP addres
73. ge you must configure the Account ID User Name and Password Account ID This field allows you to create an account ID to help distinguish different accounts up to 16 maximum The Account ID can be up to 31 characters User Name Enter the PPP user name provided by the ISP The User Name can be up to 127 characters Note You cannot have two different user accounts with the same account name If a different User Name with an already existing Account ID is submitted it will replace the previous account with that Account ID You can have the same User Name and Password for two different accounts Account ID 4 1 Port ADSL Router P62 Password Enter the PPP password provided by the ISP The Password is not needed to delete or modify the account The Password can be up to 127 characters PPP Account Configuration Status table will be displayed at the bottom of this page to show all the accounts Table headings Account Name and User Name The status table does not display the password The Number of PPP Accounts This field displays the total number of PPP Accounts entered Save Configuration Clicking this will link you to the Save Settings Reboot page PPP Account Configuration PPP Account Configuration User Name Add Modify submit Reset fe Account Name UserName 1 simplepppaccountPveO The number of PPP accounts is 1 Go back to PPP Configuration Settings need to be saved to
74. geMux 0 and any PPP user defined sessions maximum of 16 Enable This field allows you to Enable Yes or Disable No the specified interface for RIP Supplier This field allows you to select the Supplier Mode RIP Transmit Disabled The supplier transmit is disabled V1 BC The supplier transmits in RIPv1 Broadcast 1 2 3 V2BC The supplier transmits in RIPv2 Broadcast 4 V2 MC The supplier transmits in RIPv2 Multicast Listener This field allows you to select the Listener Mode RIP Receive 1 V1 The listener receives the RIPv1 only 2 V2 The listener receives the RIPv2 only 3 V1 V2 This listener receives the both RIPv1 and RIPv2 Current RIP Settings This field displays the each interface s RIP status 4 1 Port ADSL Router P86 4 3 3 7 Admin Privilege Misc Configuration The Miscellaneous Configuration page allows you to set miscellaneous configurations for the following HTTP FTP TFTP DMZ Command Line Interface DHCP PPP IGMP and SNTP Miscellaneous Configuration All Restricted LAN C WAN Specify IP 10 0 3 10 Subnet Mask 255 0 0 0 HTTP server port 80 HTTP Password Protection Enabled v FTP server Enabled v Disable WAN side FTP access a TFTP server Disabled v a DMZ Disabled v DMZ HOST IP 0 0 0 0 DHCP Relay DHCP Server v DHCP Relay Target IP 0 0 0 0 7 I HTTP Server Access This field allows you to configure where these Web pages can
75. hanges to take effect Save Configuration The Gateway field of the static route entry allows users to either enter a Gateway IP address or select a Network Interface All user defined routes retained in the CPE memory regardless if they are already in the Routing Table are displayed on the same Route Table page All user defined route entries kept in the CPE memory during run time are saved to flash when the user chooses to save and reboot the CPE When the CPE restarts it reloads all saved user defined routes to the CPE memory and tries to apply to the system 4 1 Port ADSL Router P81 A user defined route entry is added to the Routing Table whenever the system provides an environment that makes the route entry applicable It is removed from the Routing Table whenever the route entry becomes not applicable e g If the route entry s Gateway is associated with a dynamic Network Interface but the connection is not established then the route entry does not appear in the Routing Table When that interface comes up later the route entry is then added If the selected Network Interface is static or dynamic and the connection is already up then the route entry appears in the Routing Table immediately If there is a Gateway associated with the selected Network Interface then that Gateway s IP address appears in the Gateway field of the route entry If the selected Network Interface is dynamic but the connection is n
76. he Internet and the DHCP server will duplicate the WAN IP address from the ISP to the local client PC Only the PC with the WAN IP address can access the Internet System default is Disabled PPP reconnect on WAN access If enabled the PPP session will automatically establish a connection when a packet tries to access the WAN System default is Disabled 4 1 Port ADSL Router P89 Connect PPP when ADSL link is up If this option is enabled the bridge router will connect the PPP session whenever an ADSL connection is established If this option is disabled the PPP session will not connect whenever the ADSL Showtime is reached System default is Enabled Note For more information clarification please refer to PPP Configuration section VI SNTP SNTP Simple Network Time Protocol is a efficient method of obtaining the time from a Time Server Time Zone This specifies the time zone geographical location Daylight Saving Time You can select yes to activate Daylight Savings Time User defined Time server This is the time server from which the ADSL Router retrieves the time 4 1 Port ADSL Router P90 4 3 3 8 Admin Privilege TCP Status The TCP Status page shows the statistics for all TCP connections This page contains information that is dynamic and will refresh every 2 seconds TCP STATUS Reset Counters General ransmit eceive otal Packets Data Packets Out of Order Packets Out of Order Bytes
77. he fifth octet in the ATM cell header to generate a check character Using HEC either a single bit error in the header can be corrected or multiple bit errors in the header can be detected HNP Home Network Processor Host In context of Internet Protocol a host computer is one that has full two way access to other computers on the Internet 4 1 Port ADSL Router P142 IAD Integrated Access Device A device that multiplexes and demultiplexes communications in the CPE onto and out of a single telephone line for transmission to the CO IP Internet Protocol The method by which information is sent from one computer to another through the Internet Each of these host computers have a unique IP address which distinguishes it from all the other computers on the internet Each packet of data sent includes the sender s IP address and the receiver s IP address LAN Local Area Network A group of computers typically covering a small geographic area that share devices such as printers hard disk drives scanners and optical drives Computers in a LAN typically share an internet connection through some sort of router that connects the computers to a WAN LLC Logical Link Control Provides an interface point to the MAC sublayer LLC Encapsulation is needed when several protocols are carried over the same Virtual Circuit MAC Address Media Access Control Address A unique hardware number on a computer or device that identifies it and re
78. he necessary setting before clicking Save Setting to activate your configuration Choose mode Enabled w IP mode static IP v Set IP 0 0 0 subnet Mask 0 0 0 0 0 0 0 DNS Proxy Enabled w User Configuration DNS Server DNS Server i Host Ip 3 Set IP Static IP Settings are for users who have a Static IP Address WAN side from their ISP M Static IP Address This is the static IP Address given by the ISP Range for IP Address is x x x y where 0 S xS 255 and1 S ys 254 default is 192 168 241 101 M Subnet Mask This is the subnet mask given by the ISP Range for Subnet Mask is x x x x where 0 S x 3S 255 default is 255 255 255 0 M Gateway This is the Gateway given by the ISP Range for Gateway is x x x y where 0 S x 255and1 S ys 254 default is 0 0 0 0 4 1 Port ADSL Router P37 DNS Proxy The DNS proxy on the ADSL Router records the available DNS servers and forwards DNS query messages to one of DNS servers M DNS Proxy Enable Disable When the DNS Proxy is Disabled the LAN port does not process the DNS query message For the DHCP requests from local PCs the DHCP server will set the user configured DNS server as the DNS server Then all DNS query messages will be directly sent to the DNS servers DNS Proxy is enabled by default M Auto Discovered Enable Disable When enabled default
79. he table gt 6M Dn Short for down clicking this button will move the corresponding policy down one space in the table 4 1 Port ADSL Router P110 Note The Inbound Policy works in a Top Down fashion according to the Inbound Policy Table This means that the firewall will apply the policies in order from the top of the table to the bottom It is critical for both security and user accessibility to the WAN to have inbound policies in the correct order See Section next section for an example of this Edit Clicking this button will display a table similar to the add table see below to the bottom of the policy table that will allow you to modify the corresponding policy Delete This will delete the corresponding policy Add Inbound Policy Clicking this button will bring up a table with all the add configurations as shown below Inbound Policy IPAddress ss Port Prot Act Opt Filtering 1 Demiayip Bester ayeon A Alow Y EI E IEEE SrcIP Any IP SrcPort 20 2 DesIP Any IP DesPort 0 ad o Dn Edit _ Adding New Policy Src IP _ la anyIP DB None Dest IP Bi AnP DB None Src Port Any Pot v Dest Port Any Pot x DB None Transport Protocol A l Protocol Filtering Action Alow Time Window Filtering Nore Add Modify Inbound Policy Src IP This specifies the Source IP for the Inbound Policy Thi
80. hrough the Sre Port to travel through the Dest Port to the Dest IP All of these are specified above and must be configured by the user Deny Selecting this will cause the policy to deny packet transfer from the Sre IP through the Sre Port to travel through the Dest Port to the Dest IP All of these are specified above and must be configured by the user 4 1 Port ADSL Router P112 Time Window Filtering This field allows you to select a certain time frame from the Time Group in which this policy will be active See section 4 3 3 16 2 3 for more information on Time Groups DB Short for Database this field allows you to select a user defined IP Group for the Src IP and Dest IP fields and a user defined Service Group for the Dest Port User defined IP and Service Groups are created in IP Group and Service Group pages in this user guide Note Source and Destination IP Addresses Subnet Masks and Ports are reversed between Inbound Policy and Outbound Policy For Inbound Policy the source is on the WAN side and the destination is on the LAN side For Outbound policy the source is on the LAN side and the destination is on the LAN side 4 1 Port ADSL Router P113 4 3 3 16 3 2 Inbound Outbound Policies Outbound Policy The Outbound Policy allows you to filter outbound from the user side LAN to the WAN packets based on a set of rules This enables you to deny access to different sources and thus increase security Outbound Policy
81. ically CPAP Properies TES Bindings Advanced Netbios DNS Configuration Gateway WINS Configuration IP Address gt t Enable DNS Host Domain DNS Server Search Order ere emoye Domain Suffiz Search Order Sa Aaa Step 6 Select Disable DNS then click OK 4 1 Port ADSL Router P26 Control Panel Windows 2000 Professional Step 1 Click Start Setting Step 2 Double click the Network and Control Panel Dial up Connections icon Local Area Connection Properties Network and Dial up Connections Network and Dial up Connections Status Enabled Realtek RTLSISNA PCI Fast Ethernet Adapter Step 3 Right Click on the Local Area Step 4 Select Internet Protocol Connection and select Properties TCP IP and click Properties Internet Protocol TCP IP Properties T Step 5 Select Obtain and IP address automatically and NObtain DNS server address automatically Then Click on OK 4 1 Port ADSL Router P27 Click Switch to Classic i My Documents 2 My Recent Documents 5 My Pictures M fia and Senhings Transtar g3 oe Windows Madia Plover 3 My Computer Tour Windows xP xi HSN Explorer O E Windows Mowe Maher g Control Panel g e All Programs gt Step 2 Double click the Network Connections icon Step 1 Click Start Control Panel gt Network Connections Fie Ech Wew Favorites Took Advance
82. ing The 4 Port ADSL Router s front panel s LEDs provide an easy way to monitor the connection status and activity 4 1 Port ADSL Router P9 1 2 One Port ADSL Router 1 2 1 Features gt The One Port ADSL Router provides the following features Full rate ANSI T1 413 Issue 2 ITU T G 992 1 and ITU T G 992 2 standards compliant k Fully compliant with Annex A B B U R2 ADSL specifications Downstream and Upstream data rates up to 8Mbps and 1Mbps lt 2 PPPoE PPP protocol for dial up ADSL service Support Firewall functionality Support UPnP Universal Plug and Play specifications Optional Web based setup for installation and management k Support packet filtering functionality Flash memory for firmware upgrade Hardware Reset button for fast default setting recovery LEDs indicator indicates connection status gt ADSL Standards Fullrate ANSI T1 413 Issue2 ITU T G 992 1 and ITU T G 992 2 standards compliant Downstream and Upstream data rates up to 8Mbps and 1 Mbps Support Dying Gasp functionality gt ATM Protocols Support PPPoA RFC2364 Support PPPoE RFC2516 Router Bridged Ethernet over ATM RFC1483 Classical IP over ATM RFC1577 ATM Forum UNI 3 1 4 0 PVC ATM SAR ATM AALS and OFM F4 F5 Support up to 8PVCs PPP PPP gt Router Mode IP Routing RIPv1 and RIPv2 Static Routing DHCP Server and Client Support DNS proxy Support NAT and NAPT functionality Suppo
83. ing the access requirements from above so that the Outbound Policy can understand them yields the following Deny all access from any Src LAN IP to any Des WAN IP through any source or destination port and through any protocol Allow access from Src LAN IP 10 0 0 3 to any Des WAN IP through any port through any protocol Allow access from any Src LAN IP to any Des WAN IP through port 80 HTTP through TCP 4 1 Port ADSL Router P118 Allow access from Src LAN IP range 10 0 0 3 10 0 0 6 to any Des WAN IP through port 20 FTP through any protocol The configuration should look like the following when complete Outbound Policy IP Address Port Prot Act Opt Filtering Ses ow CEM Bue on Edit Delete OSES Stas ee OBE Gu on Edit Delete Adding New Policy Src IP AnyIP DB None v Dest IP Any IP DB Noe Src Port Any Pot v Dest Port Any Pot v DB None v Transport Protocol All Protocol Filtering Action Allow Time Window Filtering Nore Add Modify Outbound Policy 4 1 Port ADSL Router P119 4 3 4 Advanced Mode Manage Public Servers The Manage Public Severs are used for port forwarding from the WAN to LAN networks System Information Menu Follow these quick steps to install
84. ion that is dynamic and will refresh every 2 seconds ATM STATUS Reset Counters ATM Status Me EEE SS ReBytes TxCels SSS Rx HEC Errors 0 Tx Mgmt Cells Reset Counters This button allows user to reset the ATM Status counter ATM Status Fields Tx Bytes Rx Bytes Tx Cells Rx Cells Rx HEC Errors Tx Mgmt Cells Tx CLPO Cells Rx CLPO Cells Tx CLP1 Cells Rx CLP1 Cells Rx Errors Tx Errors and Rx Misrouted Cells Note For more information on HEC Cell CLPO and CLP 1 please refer to Appendix F Glossary 4 1 Port ADSL Router P79 4 3 3 3 Admin Privilege ADSL Configuration The ADSL Configuration page allows you to set the configuration for ADSL protocols ADSL Configuration ADSL Configuration Arneodo Auo Desa User Selected Annex Mode Annex A vy Handshake Protocol Autosense G dmt first v wing Seeson NNN Toe Wiring Selection Disabled v Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect i Save Configuration Annex Mode Config This allows you to manually configure the ADSL Router for Annex A or Annex B mode by selecting User Configured and choosing the Annex Mode in the next field User Selected Annex Mode This allows you to select from Annex A and Annex B Trellis Trellis Code is an advanced method of FEC Forward Error Correction This field allows you to enable or disable the Trellis Code By default it is always en
85. is usually used in file transfers email etc UBR can vary depending on the data type 4 1 Port ADSL Router P144 USB Universal Serial Bus A standard interface between a computer and a peripheral printer external drives digital cameras scanners network interface devices modems etc that allows a transfer rate of 12Mbps UDP User Datagram Protocol A protocol that is used instead of TCP when reliable delivery is not required Unlike TCP UDP does not require an acknowledgement handshake from the receiving end UDP sends packets in one way transmissions VBR nrt Variable Bit Rate non real time With VBR nrt cell transfer is variable upon certain criteria VC Virtual Circuit A virtual circuit is a circuit in a network that appears to be a physically discrete path but is actually a managed collection of circuit resources that allocates specific circuits as needed to satisfy traffic requirements VCI Virtual Channel Identifier A virtual channel identified by a unique numerical tag that is defined by a 16 bit field in the ATM cell header The purpose of the virtual channel is to identify where the cell should travel VC Mux Virtual Circuit based Multiplexing In VC Based Multiplexing the interconnect protocol of the carried network is identified implicitly by the VC Virtual Circuit connecting the two ATM stations each protocol must be carried over a separate VC VPI Virtual Path Identifier Virtual path for cel
86. iss caida ndaenduwadnoates 102 4 3 3 16 1 1 Advanced Options Protection Policy cccccccccscccesceceseeeesseeeesseeeeses 103 4 3 3 16 1 2 Advanced Options Hacker LO cccccccccceeseecesscecssececesecessseeeesseeeesas 105 4 3 3 16 1 3 Advanced Options Service Filtering cccccccccccesceceseceesseeeesseeeeses 106 4 3 3 16 2 1 Firewall Databases IP Group 0 0 c ccccccceescccesscecesececssececseeeeseeeeseeeesas 107 4 3 3 16 2 2 Firewall Databases Service Group ccccccccccessceessececeseceesseeeeseeeenes 108 4 3 3 16 2 3 Firewall Databases Time Window 00 ec ceeceeseesseceeeceeeeeeneecnneenseeneees 109 4 3 3 16 3 1 Inbound Outbound Policies Inbound Policy 0 cccccceesseeeseeeeeees 110 4 1 Port ADSL Router P4 4 3 3 16 3 2 Inbound Outbound Policies Outbound Policy 00 cece eeteees 114 4 3 4 Advanced Mode Manage Public Servers c ccceccccesseesseesseesseeeees 120 ASA Status onana a aane OaE ET a e aaae eaaa 122 4 4 1 Status Current SCUinO sctcss sca ennnnnndind duaaiiasinnadadeh 122 4 4 2 Status System OSGi cosh sia Aiea A ales Mehl IA na oka 123 Appendix A Network Address Translation cccssss 125 Ad BOSC NA Trt oe EAEE EE E EERE OEA 126 AZ Slate NAPT iiiaae a R A a S 127 A 3 Functional Descriptions ss sssssessesssseseoesssssseoecesssooecesssooeesessesccesesssooe 128 A 3 1 Ou
87. l code from WAN IP Address Shows the ADSL Router s IP Address The default value is 10 0 0 2 Subnet Mask Shows the Subnet Mask of the WAN ADSL Interface MAC Address Shows the WAN MAC Address of the WAN ADSL Interface LAN Shows the ADSL Router s IP Address The default value is IP Address 10 0 0 2 Subnet Mask Shows the Subnet Mask of the LAN Interface MAC Address Shows the WAN MAC Address of the LAN Interface LAN Hes Shows the number of Ethernet device connected to the ADSL Router IP Address Shows the ADSL Router s IP Address The default value is 10 0 0 2 MAC Address Shows the WAN MAC Address of the LAN Interface 4 1 Port ADSL Router P43 4 3 1 2 Status PPP The PPP Status page shows the status of each PPP session for each PPP interface This page contains information that is dynamic and will refresh every 8 seconds Note PPP interfaces can be created modified and deleted in the PPP Configuration page PPP CRS Lemme cei EES Sheol Bea ee 4 PPPoPye 0 PycQO PPPoE Not Connected N A If a appears under Mode column you need to check the WAN configuration to make sure the VC has the correct encapsulation Connection E e PPP Point to Point Protocol The table displays the following fields gt 6M Connection Name This is user defined User defined connections for PPP can be created in PPP Configuration page I
88. l routing indicated by an eight bit field in the ATM cell header WAN Wide Area Network A WAN covers a large geographical area A WAN is consisted of LANs and the Internet is consisted of WANs 4 1 Port ADSL Router P145
89. lates it to the IP address of that device MC Multicast Communication involving a single sender and multiple specific receivers in a network MRU Maximum Receive Unit MRU Maximum Receive Unit MRU is the largest size packet that can be received by the modem During the PPP negotiation the peer of the PPP connection will indicate its MRU and will accept any value up to that size The actual MTU of the PPP connection will be set to the smaller of the two MTU and the peer s MRU In the normal negotiation the peer will accept this MRU and will not send packet with information field larger than this value MSS Maximum Segment Size The largest size of data that TCP will send in a single unfragmented IP packet When a connection is established between a LAN client and a host in the WAN side the LAN client and the WAN host will indicate their Maximum Segment Size during the TCP connection handshake MTU Maximum Transmission Unit The largest size packet that can be sent by the modem If the network stack of any packet is larger than the MTU value then the packet will be fragmented before the transmission During the PPP negotiation the peer of the PPP connection will indicate its MRU and will accept any value up to that size The actual MTU of the PPP connection will be set to the smaller of the two MTU and the peer s MRU NAPT Network Address and Port Translation An extension of NAT NAPT maps many private internal addresses i
90. lation there are two available IP mode i Bridge Mode Click Enable or Disable for the connection mode Check your ISP for the connection setting details Automatic Setting Country Finland y fie Helsinki v Encapsulation 1483 Bridged LLC VPI 0 VCI 100 Bridge mode Enabled v IP mode Dynamic PE il IP Mode Click Dynamic IP or Static IP for the connection mode Check your ISP for the connection setting details If Static IP mode is chosen more terms need to be filled before any Internet access is available Check your ISP for the setting configuration details 4 1 Port ADSL Router P32 Choose mode Bridge mode Enabled IP mode ArI v C a Static IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Gateway 0 0 0 0 DNS Proxy Enabled v User Configuration Disabled v DNS Server Add v NS Server DNS Server Disabled v Url Name Host Ip Add w For PPPoA VC Mux and PPPoE LLC encapsulation Manually enter your Service Name User Name and Password which will be provided by your ISP Check your ISP for the details Automatic Setting Country N SBE France Telecom w Encapsulation PPPoA VC MUX SEIE 8 VCI 35 Set PPP Password Service Name User Name Input Password Comfirm Password 4 1 Port ADSL Router P33 STEP 2 Click Save Setting after your choice The ADSL Router system will reboot and activate your setting Click Back To Home after the
91. ll Hacker Log Alert Log erT T i Log Database Properties Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration Alert Log Enable Disable for SYN Flooding Ping of Death IP Spoofing and Win Nuke all of these are explained in the previous section Enable to log violations of individual policies General Log Deny Policies Enabling this will add Deny Policy violations to the log Deny Policies are discussed later in the Inbound Outbound policy section Allow Policies Enabling this will add Allow Policy acceptances to the log Allow Policies are discussed later in the Inbound Outbound policy section Log Database Properties Log Frequency This field lets you specify how many records to keep of each event Default is 100 Range for Log Frequency Field is 1 65535 4 1 Port ADSL Router P105 4 3 3 16 1 3 Advanced Options Service Filtering Service Filtering allows you to disable service requests from certain sources Configuration Firewall Service Filtering The following services can be configured based on your specific need Service Filtering Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration These are the Service Request sources that can be disabled Ping from External Network Telnet from External Network FTP from External Network DNS from External
92. mware dlf on Internet Click Image Download to initiate the updating The ADSL Router will reboot as part of the process of updating code Network Firmware Update Image Download Upgrading Firmware Obtaining connection to server 4 1 Port ADSL Router P100 4 3 3 15 Admin Privilege Boot Code Image Update Assume an FTP server stores the updated image boorom dlf on Internet Click Image Download to initiate the updating The ADSL Router will reboot as part of the process of updating code Image Download 4 1 Port ADSL Router P101 4 3 3 16 Admin Privilege Firewall Configuration Firewall Conexant Firewall Version 3 2 1 Conexant firewall allows users to configure various databases firewall options and Inbound Outbound policies for controlling Inbound Outbound traffic Advanced Options The following firewall options are configurable for advanced firewall feature Protection Policy Service Filtering Firewall Databases The following databases are configurable for setting inbound outbound policies IP Group Service Group Time Window Inbound Outbound Policies The following policies are configurable for controlling traffic Inbound Policy Outbound Policy Firewall Enabled v Note A Statefull Packet Inspection SPI firewall is an optional feature that may or may not be included in your ADSL Router A firewall is a method of implementing common as well as user defined security p
93. n For your convenience an Administrative Utility has been programmed into the ADSL Router This chapter will explain all the functions in this utility All ADSL Router based administrative tasks are performed through this web utility 4 1 Login Levels of Access There are two levels of access rights privileges for the ADSL Router Administrator User name admin the administrator account has complete read write access on all pages Status Configuration Admin Privilege and Firewall Configuration Admin account also has FTP server access User User name user the User account has read write access to pages under the Status and Configuration sections The following steps will enable you to log into the ADSL Router 1 Launch the Web browser Internet Explorer Netscape etc Enter the LAN port default IP address default gateway http 10 0 0 2 in the address bar Entry of the username and password will be prompted Enter the default login User Name and Password The default login User Name of the administrator is admin and the default login Password is epicrouter The default login User Name for the non administrator is user and the default login Password is password Remember my password check box By default this box is not checked Users can check this box so that Internet Explorer will remember the User name and Password for future logins It is recommended to leave thi
94. nd also check with your service provider to see if your service is activated If this test returns FAIL all other tests will be skipped II Checking Circuit 0 For Network Connection Test ATM OAM Segment Loop Back This test sends ATM OAM F5 Segment loop back request cells to the CO This test will pass if a response cell is received Since some service providers might not support this test it could still work even if this test fails If this test fails consistently and the ADSL Router seems not working make sure the VPI and VCI are configured correctly This test returns FAIL if the ADSL synchronization test failed Test ATM OAM End to End Loop Back This test sends ATM OAM F5 End to End loop back request cells to the central office equipment through your ADSL connection This test returns PASS if response cell is received Since your service provider might not support this test your ADSL Router could still be working properly even if this test fails If this test returns FAIL consistently and your ADSL Router seems to not be working check to make sure the VPI and VCI are configured correctly This test returns SKIPPED if the ADSL synchronization test failed Test Ethernet Connect to ATM This test returns PASS if the ATM AAL5 module is loaded correctly in your ADSL Router If this test returns FAIL an internal error has occurred This test returns SKIPPED if the ADSL synchronization does not return PASS Test PPPoE Conne
95. ne CPE Customer Premises Equipment This specifies equipment on the customer or LAN side CRC Cyclic Redundancy Checking A method for checking errors in a data transmission between two computers CRC applies a polynomial function 16 or 32 bit to a block of data The result of that polynomial is appended to the data transmission Upon receipt the destination computer applies the same polynomial to the block of data If the host and destination computer share the same result the transmission was successful Otherwise the sender is notified to re send the data block DHCP Dynamic Host Configuration Protocol A communications protocol that allows network administrators to manage and assign IP addresses to computers within the network DHCP provides a unique address to a computer in the network which enables it to connect to the Internet through Internet Protocol IP DHCP can lease and IP address or provide a permanent static address to those computers who need it servers etc DMZ Demilitarized Zone A computer Host or network that acts as a neutral zone between a private network and a public network A DMZ prevents users outside of the private network from getting direct access to a server or any computer within the private network The outside user sends requests to the DMZ and the DMZ initiates sessions in the public network based on these requests A DMZ cannot 4 1 Port ADSL Router P141 initiate a session in the private netw
96. nostic process will turn the LED indicators ON and OFF during 13 Turn on your computer 14 Refer to the next chapter to setup or configure your Network Adaptor 4 1 Port ADSL Router P24 Chapter 3 Administrator s Computer Setting The instruction in this section will help you configure your computers to be able to communicate with this ADSL Router Computers access the Internet using a protocol called TCP IP Transmission Control Protocol Internet Protocol Each computer on your network must have TCP IP installed and selected as its networking protocol If a Network Interface Card NIC is already installed in your PC then TCP IP is probably already installed as well The following description assumes the ADSL Router been set to factory default If not please hold the reset button down for 10 seconds The default ADSL Router s LAN IP is 10 0 0 2 Follow the procedures below to set your computer function as a DHCP Client 4 1 Port ADSL Router P25 Windows Update Programs Documents Step 1 Click Start Setting gt Control Panel xi Configuration Identification Access Control The following network components are installed 2 Client for Microsoft Networks Dial Up Adapter if Realtek RTL8139 4 PCI Fast Ethernet Adapter Y TCP IP gt Realtek R 4 PCI Fast Ethernet Adapter b gt Primary Network Logon Client for Microsoft Networks z Eile
97. not exist Click Check the WAN configuration will show you all the detail WAN setting configuration of this ADSL Router Refer to Section 4 3 2 for details 4 1 Port ADSL Router P45 4 3 1 3 Status ADSL The ADSL Status page shows the ADSL physical layer or link status The information displayed on this page is either inherent to the ADSL Router or set by the ADSL Central Office CO DSLAM neither of which cannot be changed by the user This page contains information that is dynamic and will refresh every 2 seconds ADSL STATUS ADSL Status Infomation Showtime Firmware Version 300 Line State DOWN Modulation NR Annex Mode ANNEX Startup Attempts 0 Max Tx Power SB ABMVHZ A T Downstream Upstream TOO C nomaron O MCN ON Errorea Seconds Mr llc Cs tess ofrrame SSN a MCG lc CC MM ll katen Showtime Firmware Version This field displays the ADSL data pump firmware version number Line State This field displays the ADSL connection process and status The different states for this field are as follows Activation The ADSL Router is in this state when it is attempting to start the activation process Initialization The ADSL Router is initializing handshake with the CO Training This is a part of the handshake process with the CO Channel Analysis This is a part of the handshake process with the CO Exchange This is a part of the handshake process with the CO Down This indicates that the ADS
98. nother host computer every X seconds where X is the supply interval The receiving host computer will in turn repeat the same process by sending the same information to another host computer The process is repeated until all host computers in a given network share the same routing knowledge There are several components to RIP including the authenticator supplier and listener Authenticator Authentication is only available for RIPv2 When it is disabled RIPv2 messages containing authentication entries are discarded When it is enabled all RIPv2 messages must have proper authentication entries and all RIPv2 messages without verified authentication entries and all RIPv1 messages are automatically rejected Supplier The RIP Supplier has two functions I It transmits route updates over every RIP Supplier interface at the interval specified by Supply Interval see below Il It transmits route updates in response to specific requests from other routers Listener The RIP Listener listens and processes all RIP messages it receives from other RIP routers and updates the host routing tables accordingly The RIP Listener is always enabled when RIP is enabled By default RIP is disabled The announcement messages RIP sends are based on two configuration parameters RIP Version number and Multicast Version Multicast Announcements Sent The RIP messages that can be received and processed are based on two configuration parameters RIP V
99. nt Filtering Blocks unwanted traffic from the Internet to your LAN Blocks access from your LAN to Internet locations or services that you d specified Logs security incidents The 1 Port ADSL Router will log security events such as blocked incoming traffic port scans attacks and administrator logins gt Extensive Protocol Support IP Address Sharing by NAT The 1 Port ADSL Router allows several networked PCs to share an Internet account using only a single IP address which may be statically or dynamically assigned by your Internet service provider ISP Automatic Configuration of DHCP The 1 Port ADSL Router dynamically assigns network configuration information including IP Address WAN Gateway Domain Name Server DNS Addresses etc This greatly simplifies configuration of PCs on your local network Dynamic DNS This is a method of keeping a domain name linked to a changing IP Address as not all computers use Static IP addresses Typically when a user connects to the Internet the user s ISP assigns an unused IP address from a pool of IP addresses and this address is used only for the duration of that specific connection PPP over Ethernet PPPoE PPPoE is a method for the encapsulation of PPP packets over Ethernet frames from the user to the ISP over the Internet One reason PPPoE is preferred by ISPs is because it provides authentication username and password in addition to data transport A PPPoE session can be ini
100. ntage of Bits that contain errors relative to the total number of bits transmitted Bridge A device that connects two networks and decides which network the data should go to Bridge Mode Bridge Mode is used when there is one PC connected to the LAN side Ethernet or USB port IEEE 802 1D method of transport bridging is used to bridge between the WAN ADSL side and the LAN Ethernet or USB side i e to store and forward CBR Constant Bit Rate A constant transfer rate that is ideal for streaming executing while still downloading data such as audio or video files Cell A unit of transmission in ATM consisting of a fixed size frame containing a 5 octet header and a 48 octet payload CHAP Challenge Handshake Authentication Protocol Typically more secure than PAP CHAP uses username and password in combination with a randomly generated challenge string which has to be authenticated using a one way hashing function CLP Cell Loss Priority ATM cells have two levels of priority CLPO and CLP1 CLPO is of higher priority and in times of high traffic congestion CLP1 error cells may be discarded to preserve the Cell Loss Ratio of the CLPO cells CO Central Office In a local loop a Central Office is where home and office phone lines come together and go through switching equipment to connect them to other Central Offices The distance from the Central Office determines whether or not an ADSL signal can be supported in a given li
101. nterface States the interface that is being used PVCO PVC7 Mode There are two available modes for the connection PPP over Ethernet PPPoE PPP over ATM PPPoA Status States whether PPP connection is Connected or Not Connected Packets Sent Number of packets sent by a particular PPP Connection Packets Received Number of packets received by a particular PPP Connection Bytes Sent Number of bytes sent by a particular PPP Connection Bytes Received Number bytes received by a particular PPP Connection Connect and Disconnect This field allows you to manually connect disconnect the PPP connection for each PPP interface In other words each PPP session can be connected and disconnected individually Connection Specifies the PPP session to be connected disconnected Connect Disconnect Execute Press this button to either connect or disconnect Connection status dialog will be displayed below the Execute button after it is pressed Sample dialog with explanation 4 1 Port ADSL Router P44 PPP X Connecting This is displayed while the PPP session is attempting to connect to the ISP PPP X Connect ERROR This is displayed when a connection cannot be made due to an error PPP X is currently not connected This is displayed when a disconnect attempt is made on a session that is not currently connected PPP X does not exist This is displayed when a connect or disconnect attempt is made on a session number that does
102. nto one IP address The outside network WAN can see this one IP address but it cannot see the individual device IP addresses translated by the NAPT NAT Network Address Translation The translation of an IP address of one network to a different IP address known by another network This gives an outside WAN network the ability to distinguish a device on the inside LAN network as the inside network has a private set of IP address assigned by the DHCP server not known to the outside network PAP Password Authentication Protocol An authentication protocol in which authorization is done through a user name and password PDU Protocol Data Unit A frame of data transmitted through the data link layer 2 Ping Packet Internet Groper A utility used to determine whether a particular device is online or connected to a network by sending test packets and waiting for a response PPP Point to Point Protocol A method of transporting and encapsulating IP packets between the user PC and the ISP PPP is full duplex protocol that is transmitted through a serial interface 4 1 Port ADSL Router P143 Proxy A device that closes a straight connection from an outside network WAN to an inside network LAN All transmissions must go through the proxy to get into or out of the LAN This makes the internal addresses of the devices in the LAN private PVC Permanent Virtual Circuit A software defined logical connection in a network A Virtual Circ
103. o set the configuration of MAC filtering There can be up to 4 different Bridge Filtering configurations Source MAC This is the Source MAC to block or from which to forward See the next page for instructions on how to configure this The Source MAC must consist of 12 hexadecimal characters Destination MAC This is the Destination MAC to block or to forward to See the next page for instructions on how to configure this The Destination MAC must consist of 12 hexadecimal characters Type Enter the hexadecimal number for the Ethernet type field in Ethernet_II packets For example 0800 is for IP protocol The Type must consist of 4 hexadecimal characters Block When block is selected everything from the Source MAC with destination MAC will be blocked Forward When forward is selected everything from the Source MAC will be forwarded to the Destination MAC Bridge Filtering Enable Bridge Filtering Yes No HID __ sSrcMAC DestMAC Types eBioek Forward ESE MAC address should looks like O0O0002fa6fab TYPE is Ethernet type should looks like a5ff Number of Bridge Filters 0 Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration 4 1 Port ADSL Router P71 Example Q1 How do I forward packets with MAC address 000002fa6fab to destination MAC 000003dc8faa through IP protocol ANS First go to the Bridge Filtering page under Configura
104. olicies in an effort to keep intruders out Firewalls work by analyzing and filtering out IP packets that violate a set of rules defined by the firewall administrator The firewall is located at the point of entry for the network All data inbound and outbound must pass through the firewall for inspection Advanced Options This section contains options for protecting against particular well known attacks as well as documenting those attacks as they occur Firewall Databases This section allows you to create groups based on IP addresses subnet masks ports and time These groups are used when creating inbound and outbound policies Inbound Outbound Policies This section allows you to create rules for incoming and outgoing IP packets The IP packets are compared against the rules and are allowed or denied accordingly Firewall Enable Disable This option enables disables all the protection provided on these pages 4 1 Port ADSL Router P102 4 3 3 16 1 1 Advanced Options Protection Policy Protection Policies defend against common methods of attacking a network and computers within the network Some of these attacks are classified as a DoS Denial of Service DoS is an attack in which a network or components of a network are disabled usually by overloading traffic on the network in order to prevent authorized and legitimate users to access network resources Configuration Firewall Protection Policy The Advanced firewall attacks c
105. ork it can only forward packets to the private network as they are requested DNS Domain Name System A method to locate and translate Domain Names into Internet Protocol IP addresses where a Domain Name is a simple and meaningful name for an Internet address DSL Digital Subscriber Line A technology that provides broadband connections over standard phone lines DSLAM Digital Subscriber Line Access Multiplexer Using multiplexing techniques a DSLAM receives signals from customer DSL lines and places the signals on a high speed backbone line DSLAMS are typically located at a telephone company s CO Central Office Encapsulation The inclusion of one data structure within another For example packets can be encapsulated in an ATM frame during transfer FEC Forward Error Correction An error correction technique in which a data packet is processed through an algorithm that adds extra error correcting bits to the packet If the transmitted message is received in error these bits are used to correct the errored bits without retransmission Firewall A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out Firewalls work by analyzing and filtering out IP packets that violate a set of rules defined by the firewall administrator The firewall is located at the point of entry for the network All data inbound and outbound must pass through the firewall for inspection
106. ot established then the route entry does not appear in the Routing Table When the interface comes up later the route entry is then added System Default Gateway Configuration The system wide Default Gateway provides three options Auto default User selected Network Interface and None None This field allows you to choose to have no Default Gateway in the CPE Auto This field allows you to enable the Bridge Router to automatically decide the Default Gateway User selected Network Interface This field allows you to select a Network Interface from a list PVCs PPP Sessions USB and LAN This option allows you to associate the system wide Default Gateway to a Network Interface static or dynamic and provides a way to fix the Default Gateway to a dynamic Network Interface before the interface is established Note The options for this field are IP PVCO IP PVC7 IP Ethernet 0 IP BridgeMux0 and any PPP session that was created by the user Specify IP This field allows you to specify the IP address of the default gateway Route Configuration Destination This field allows you to enter the remote network or host IP address for the static routing Netmask This field allows you to enter the Subnet Mask for the static routing Gateway This field allows you to enter the IP address of the gateway device that allows the router to contact the remote network or the host for Specified IP or select an Interface for the Ga
107. otocol layer for both LAN and WAN sides This page will continually refresh every 2 seconds until all tests are complete Diagnostic Test Test Complete Checking LAN Connection Testing Ethernet LAN connection PASS HELP Checking ADSL Connection Testing ADSL Synchronization FAIL HELP Checking Circuit 0 for Network Connection Test ATM OAM Segment Loop Back SKIPPED HELP Test ATM OAM End to End Loop Back SKIPPED HELP Test Ethernet connect to ATM SKIPPED HELP Test PPPoPvc 0 PPPOE connection UNKNOWN HELP Test PPPoPvc 0 PPP layer connection SKIPPED HELP Test PPPoPvc 0 IP connect to PPP SKIPPED HELP Testing Internet Connection Ping primary DNS SKIPPED HELP Query DNS for www conexant com SKIPPED HELP Ping www conexant com SKIPPED HELP 4 1 Port ADSL Router P94 I Checking LAN Connection Testing Ethernet LAN Connection This test passes if the Ethernet LAN interface is working properly Il Checking ADSL Connection Testing ADSL Synchronization This test checks your ADSL Router to see if it can successfully negotiate and establish an ADSL connection with your service provider The test returns PASS if an ADSL connection is established If this test returns FAIL please try the test again a few minutes after this test is completed Your ADSL Router needs up to one minute to establish the ADSL connection depending on your phone line quality If this test returns FAIL make sure your phone line is connected to your ADSL Router secured a
108. overn network management and monitor devices on the network SNMP is formally described in RFC 1157 SNR Signal to Noise Ratio Measured in decibels SNR is a calculated ratio of signal strength to background noise The higher this ratio the better the signal quality Subnet Mask Short for SUBNETwork Mask subnet mask is a technique used by the IP protocol to filter messages into a particular network segment called a subnet The subnet mask consists of a binary pattern that is stored in the client computer server or router This pattern is compared with the incoming IP address to determine whether to accept or reject the packet TCP Transfer Control Protocol Works together with Internet Protocol for sending data between computers over the Internet TCP keeps track of the packets making sure that they are routed efficiently TFTP Trivial File Transfer Protocol A simple version of FTP protocol that has no password authentication or directory structure capability Trellis Code An advanced method of FEC Forward Error Correction When enabled it makes for better error checking at the cost of slower packet transmission Setting Trellis Code to Disabled will cause increased packet transmission with decreased error correction TTL Time To Live A value in an IP packet that indicates whether or not the packet has been propagating through the network too long and should be discarded UBR Unspecified Bit Rate A transfer mode that
109. pare the following items before you can establish an Internet connection through your Port ADSL Router 3 A computer which must have an installed Ethernet Adaptor and an Ethernet Cable 4 An ADSL service account and configuration information provided by your Internet Service Provider ISP You will need one or more of the following configuration parameters to connect your Port ADSL Router to the Internet VPI VCI parameters Multiplexing Method Host and Domain Names ISP Login Name and Password ISP Domain Name Server DNS Address Fixed or Static IP Address mono gp Figure below shows the overall hardware connection mechanism of your 1 Port ADSL Router RJ 45 RJ 11 RJ 11 Cable Ethernet Cable ADSL Connection Connection mr oa a J gt Splitter fa The LAN port of the 1 Port ADSL Router supports auto crossover capability 4 1 Port ADSL Router P23 Follow the following steps or instructions for connecting your Port ADSL Router 8 Turn off your computer Connect the ADSL port of your 1 Port ADSL Router to the splitter DSL port with a RJ 11 cable 10 Connect the Ethernet cable RJ 45 from your 1 Port ADSL Router to the Ethernet Adaptor in your computer 11 Connect the Power adaptor to the 1 Port ADSL Router and plug the other end into a Power outlet 12 Turn on your 1 Port ADSL Router The Power light will lit after turning on the 1 Port ADSL Router Auto and self diag
110. r s MRU In the normal negotiation the peer will accept this MRU and will not send packet with information field larger than this value Note Range for MRU field is 0 32767 default value is 1492 MTU Maximum Transmission Unit MTU is the largest size packet that can be sent by the modem If the network stack of any packet is larger than the MTU value then the packet will be fragmented before the transmission During the PPP negotiation the peer of the PPP connection will indicate its MRU and will accept any value up to that size The actual MTU of the PPP connection will be set to the smaller of the two MTU and the peer s MRU Note Range for MTU field is 0 32767 default value is 1492 MSS Maximum Segment Size is the largest size of data that TCP will send in a single unfragmented IP packet The LAN client and the WAN host will indicate their MSS during the TCP connection handshake Note Range for MSS field is 0 32767 default value is 1432 Lcp Echo Interval This is the time interval in seconds between PPP session connection attempts Note Range for Lcp Echo Interval field is 0 32767 default value is 10 Lcp Echo Maximum Consecutive Failure This is the number of times a PPP session can fail while trying to connect before stopping If a PPP session fails this number of times you must manually reconnect the PPP session Note Range for Lcp Echo Maximum Consecutive Failure field is 0 32767 default value is 6 4
111. r 4 Device AGMIMISTrATION cc sssesssssssssssssnsesssssnsesssesnes 29 Ds TAO OU ETE E A A EE E E E E beitats 29 AD Q ick Setup niaaa aeaa a aaa iaaa i 31 4 2 1 Quick Setup Automatic Setting oo cccsesssessseesseesseesseesseesstecsteesseessees 32 4 2 2 Quick Setup Manual Setup cia cavacsnus dun ecenmionindawarciad 35 4 1 Port ADSL Router P3 4 3 Advanced Mode oo ssossenessssoosssesssssosssecssecesssscossscoseccsssscosescossecossseosseseso 40 4 3 1 Advanced Setup Status ccccccccccssssssesssesssssssesssecssscssscssecsseesseecssessueeeneeenees 41 4 3 1 1 Status VES CCUG ass scdcthegassstscechssathocertencnstirased cabergenaatequssast onnnsserelonnenettes 42 AbD NZ ey Se EP Pa ccc Ge cae anaes cis ede ot eed AE cance cate accae Ds ese eae 44 daha SCAU SSS Marte ce ess dest nites Pad ean aaa 46 4 3 2 Advanced Setup Configuration ccccccccccccccssessssssseesseesseesseesstecseesneessees 48 4 3 2 1 ComfiguratiON WAN on cecccccsssessseesssesssesssecssscsssecssecssecssscssscsssccssecsueceseeesees 49 4 3 2 2 Configuration LAN 3 cadre tlt a c late ike al as ala dati 57 43 23 COMMS Uta ON P PP asec os csessecneietdtae a denesmnadurpeaennsies eRe r Sie 60 4 3 2 4 Configuration NAT sera ciedeiseeran ts screbasatantansteeridieevbe no huleioamretoaa aes 67 4 3 2 5 Configuration Virtual Server o ceccccecccecsssesssseeesseeesseeesseeesseesenneeeen 69 4 3 2 6 Configuration Bridge Filtering oe ceecceecseecsseeess
112. r Messages This Appendix provides a library of common error messages explaining how each one is obtained and how to keep them error from reoccurring 1 Server Error 401 Unauthorized Access Denied EY bitp WOT 00 Beene berrat Cipier r a a gt i Ow n d O Pues fyren Sue E RaP DESS Server Error 401 Unauthorized Access denied doc index htm This error occurs when an Invalid Login attempt is made This is caused by an invalid user name and or password 2 Server Error 403 Forbidden Access Denied Server Error 405 Forbidden Access dented dec wan htm This error occurs when the standard user account non admin attempts to load pages under the Admin Privilege section This error message can vary depending on the access attempt In the variations the bottom line doc wan htm may be replaced with something else 4 1 Port ADSL Router P140 Appendix F Glossary The Glossary provides an explanation of terms and acronyms discussed in this user guide AP Access Point A station that transmits and receives data in a WLAN Wireless Local Area Network An access point acts as a bridge for wireless devices into a LAN ATM Asynchronous Transfer Mode A method of transfer in which data is organized into 53 byte cell units ATM cells are processed asynchronously in relation to other cells BC Broadcast Communication in which a sender transmits to everyone in the network BER Bit Error Rate Perce
113. r URL names Save Configuration Clicking this will link the user to the Save Settings Reboot page 4 1 Port ADSL Router P73 Apply f Reset __ DNS Proxy Setting sce mabe DNS Server Setting l 4 1 Port ADSL Router P74 4 3 2 8 Configuration User Password Configuration The User Password Configuration page allows the user or admin to set the password for the user account The User Password can be up to 65 characters excluding amp Note User Account cannot be used to access FTP server User Password Configuration Do not use amp in the password User Password Configuration Retype Password Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Configuration Save Configuration Clicking this will link the user to the Save Settings Reboot page 4 1 Port ADSL Router P75 4 3 2 9 Configuration Save Setting Reboot The Save Settings Reboot page allows you to either save the new configuration to the flash and reboot the ADSL Router or simply reboot the ADSL Router without saving changes Reboot router without saving settings Reboot Only Save settings and reboot Save amp Reboot Save amp Reboot Click this to apply all changes Reboot Only Do this to discard all changes since last save After either one of these buttons are clicked the ADSL Router will do the following I Save amp Reboot Two pages
114. r here as in the Public Port Start field Note The maximum number of the mapped Port is 20 4 1 Port ADSL Router P120 Private Port This field allows you to enter the port number of the Private Network LAN or internal network In most cases the private port number is same as public port number This port number cannot be seen from the WAN side Host IP Address This field allows you to enter the private network IP address for the particular server Well known TCP IP ports are listed in Table below Pot e a Fite Transfer Protocol FTP Data___ _ __x o 21 FtPCommanss SSCS Sid CS COo fea oo S i X Domain Name System DNS eo Trivial Fie Transfer Protocol FTP OO OOO Tooo O o fom o ooo a E Angee E a A a GS FR e E S n SUN Remote Procedure cariera T o eo USO E a me Network News Transfer Protocol nnr O x OOo 123 Network Time Protocol NTe SCSC dT SxX CdS CC a a EE GT 161 Simple Network Management Protocol SNMP __ x OS A E 170 Border Gateway Proosa eP x ooo E E Sid CS F513 rogn SSCS xX CdS CCS OO E S 517 520 Routing information Protocol RIP x x x 4 1 Port ADSL Router P121 4 4 Status Shows all the Configuration Setting Status of the ADSL Router 4 4 1 Status Current Setting Click Current Setting to display the current Configuration Setting of the ADSL Router System Information Firmware Version CX82xxx
115. rence in a residential environment This equipment can generate use and radiate radio frequency energy and if not installed and used in accordance with the instructions in this manual may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which is found by turning the equipment ON and OFF the user is encouraged to try to reduce the interference by one or more of the following measures Adjust or relocate the receiving antenna Increase the separation between the equipment or device Consult a dealer or an experienced technician for assistance CE Declaration of Conformity This is to certify that this device complies the essential protection requirements of the European Council Directive 89 336 EEC Article 4a Conformity is declared by the application of EN 55 022 Class B CISPR 22 Compliance with the applicable regulations is dependent upon the use of shielded cables It is the responsibility of the user to procure the appropriate cables 4 1 Port ADSL Router P2 Contents Chapter 1 Introduction ceecscssssssseussssnesreessnssesseusssemesieessmeseesseussvines 6 1 1 Four Port ADSL ROU Or iciccicccecesciscecesseevecessencssovescsscesesecsoasscscecescssoseesseee 7 A TS AG FSG 2 stent ne siete at EEA E eva E R 7 1 2 One Port ADSL Router ccicccascssecsdinsis
116. rify my ADSL Router and or computer Ethernet MAC Address ANS Follow the following instructions for the appropriate operating system Windows NT 2000 XP Click on Start Menu All Programs Accessories Command Prompt MS DOS Prompt in NT Once in the command prompt type ipconfig all and press enter There should be at least 3 Tables of information The first one should be labeled Windows IP Configuration The other two are for your Network Interface Card NIC and your ADSL Router You should be able to find out which one is which by looking at the Description field The respective MAC addresses will be located in the Physical Address field Windows 95 98 98SE Me Click on Start Menu Run Type winipcfg and click OK Click more info To check the MAC Address for the ADSL mode select the ADSL Router on the dropdown menu The MAC Address is labeled as the Adaptor Address To find the computer NIC address select the NIC device The MAC Address is labeled as the Adaptor Address Mac OS 7 6 1 and above Not OS X Click on the Apple menu gt Apple System Profiler Click the Network Overview arrow and then the AppleTalk arrow The E MAC Address is the 12 character Hardware Address Mac OS X Click on the Dock System Preferences Then click on Network Under the Configure drop down tab choose Built in Ethernet or Ethernet Select the TCP IP Tab The E MAC Address is the 12 digit Hardware Address Click on Save and close the Network pane GIN
117. rk WAN or external network If you are entering a range of ports this is the first port Public Port End This field represents the last port number in a port range If you only want one port number no port range simply enter the same number here as in the Public Port Start field Note The maximum number of the mapped Port is 20 Private Port This field allows you to enter the port number of the Private Network LAN or internal network In most cases the private port number is same as public port number This port number cannot be seen from the WAN side Host IP Address This field allows you to enter the private network IP address for the particular server Well known TCP IP ports are listed in Table below 4 1 Port ADSL Router P69 Por S Srotocod SCS o 0 1 3 5 3 3 0 9 43 Domain Name System DNS C mo Network News Transfer Protocol NNTP x 161 Simple Network Management Protocol SNMP x SS T T 179 Border Gateway Protocol GP sid x CCS 443 E Sx EE e E S Psa fee J xd CS tak ise a a N a C 520 Routing information Protocor RIP x C i70 Layer 2 Tunneling Protocol zTe x F 2000 Openwindows SSC dC CS 2049 Network File System nF x dS CS 4 1 Port ADSL Router P70 4 3 2 6 Configuration Bridge Filtering Bridge Filtering allows packets to be forwarded or blocked depending on the MAC address The Bridge Filtering configuration page allows you t
118. ropdown menu has four options Any IP Selecting this will cause all IPs to be affected by the policy When this is selected you will be unable to enter any information into the IP Address entry fields Single IP Selecting this will cause only one IP Address to be affected by the policy This IP Address will need to be specified by the user in the first IP Address entry field 4 1 Port ADSL Router P115 IP Range Selecting this will enable you to select a range of IP Addresses to which the policy will apply The first IP Address in the range must be entered into the first IP Address entry field and the last IP Address in the range must be entered into the second IP Address entry field Mask Range Selecting this will enable you to select a range of Subnet Masks to which the policy will apply The first Subnet Mask in the range must be entered into the first IP Address entry field and the last Subnet Mask in the range must be entered into the second IP Address entry field Dest IP This specifies the Destination IP for the Inbound Policy This is the external WAN side outside of the firewall IP address or addresses and subnet mask s that will be affected by the policy See Src IP above for configuration detail Src Port This specifies the Source Port for the Inbound Policy This is the internal LAN side behind firewall port s that will be affected by the policy In this field there are two port entry fields and a drop
119. rt IPSec L2TP PPTP Pass Through Support ICMP and IGMP PHP PRE EH gt Firewall Statefull Packet Inspection SPI DoS Denial of Service protection Service Filtering Access Policies based on IP Address Service Group Time Inbound Outbound Policy Hacker Log PEP EH gt Web Based Management Firmware upgrade via FTP 4 WAN and LAN connection statistics 4 1 Port ADSL Router P10 ka Configuration of static routes and routing table NAT NAPT and VCs PPP user ID and password gt Security Support Hidden by NAT NAT opens a temporary path to the Internet for requests originating from the local network Requests originating from outside the LAN are discarded preventing users out side the LAN from finding and directly accessing the PCs on the LAN Port Forwarding with NAT The 1 Port ADSL Router allows you to direct incoming traffic to specific PCs based on the service port number of the incoming request or to one designated DMZ host computer Forwarding of single ports or ranges of ports are configurable Support URL Blocking Prevent any LAN clients from accessing specific Internet site by set ting the URL keywords The 1 Port ADSL Router will reject all those web site whose URL names are matched or partially matched with the keywords Support MAC Filtering function This function enable the administrator to control the LAN client computers to access the Internet by the hardware MAC Address gt Conte
120. s box unchecked for security purposes Enter Network Password E 2 x Please type your user name and password Site 10 0 0 2 Realm Home Gateway User Name admin Password XXXXXXXXX 4 Save this password in your password list Cancel 4 1 Port ADSL Router P29 Admin and User passwords can be changed after login Refer to Section 4 3 2 8 for User Password configuration and Section 4 3 3 9 for Admin Password configuration for further instruction Upon entering the address into the web browser the configurable main page with all the device status information will pop up as shown in Figure below System Information Follow these quick steps to install the ADSL Router Manually configure the ADSL Router step by step For professional user only Configure the advanced features of the ADSL Router For professional user only Configure the virtual server features of the ADSL Router Stat EE Show the current device system setting Show events triggered by the system 1 System Information Show the current ADSL Router Firmware version Customer Software version Current ISP setting and PPP Status 2 Menu Describe the way to Setup Configuration your ADSL Router A Quick Setup The Quick Setup is meant to help you install the ADSL Router Quickly and easily i Automatic Setup Automatic Setup by selecting country and ISP from the list step by step ii Manual Setup Entering all the se
121. s is the external WAN side outside of the firewall IP address or addresses and Subnet Masks that will be affected by the policy In this field there are two IP Address entry fields and a dropdown menu The dropdown menu has four options Any IP Selecting this will cause all IPs to be affected by the policy When this is selected you will be unable to enter any information into the IP Address entry fields Single IP Selecting this will cause only one IP Address to be affected by the policy This IP Address will need to be specified by the user in the first IP Address entry field 4 1 Port ADSL Router P111 IP Range Selecting this will enable you to select a range of IP Addresses to which the policy will apply The first IP Address in the range must be entered into the first IP Address entry field and the last IP Address in the range must be entered into the second IP Address entry field Mask Range Selecting this will enable you to select a range of Subnet Masks to which the policy will apply The first Subnet Mask in the range must be entered into the first IP Address entry field and the last Subnet Mask in the range must be entered into the second IP Address entry field Dest IP This specifies the Destination IP for the Inbound Policy This is the internal LAN side behind the firewall IP address or addresses and Subnet Mask s that will be affected by the policy See Src IP above for configuration detail Src Port This
122. s plus 12 IP addresses For example when the LAN IP address is 10 0 0 2 the DHCP address pool the range from 10 0 0 3 to 10 0 0 14 User Defined When User Defined is selected the DHCP address pool starts at the User Defined Start Address and ends at the User Defined End Address The maximum pool size can be 253 IP addresses 255 total IP addresses 1 broadcast address 1 LAN port IP address User Defined Start Address This is the starting IP address of the DHCP pool for User Defined DHCP Address Pool Selection Note Range for User Defined Start Address is x x x x whereO S x5 255 default value is 10 0 0 4 User Defined End Address This is the last IP address in the DHCP pool User Defined DHCP Address Pool Selection Note Range for User Defined End Address is x x x x where 0 x 255 default value is 10 0 0 15 DHCP Gateway Selection The default setting for the DHCP Gateway Selection is Automatic You can select User Defined and specify User Defined Gateway Address The DHCP server will issue the User Defined Gateway Address to the LAN DHCP clients User Defined Gateway Address The purpose for the User Defined Gateway Address is to have two gateway addresses as the LAN IP Address at the top of the LAN Configuration page is also a gateway address Lease time The Lease time is the amount of time a network user will be allowed to connect with DHCP server If all fields are 0 the allocated IP addresses will
123. set of rules This enables you to deny access from different sources and thus increase security Inbound Policy IPAddress Port Act Opt Filtering Prot I ERSE a atoe Arop aon P E E EEEE Adding New Policy Src IP Any IP v DB None v Dest IP Any IP DB None Src Port Any Pot v Dest Port Any Port DB None v Transport Protocol A l Protocol v Filtering Action low v Time Window Filtering None Add Modify Inbound Policy A table of inbound policies is displayed with the following information If there are no policies then a message stating No Entries in Inbound Policy Database will be displayed in place of the table IP Address This field specifies the IP address or addresses to which the policy applies Both the source IP SrcIP and destination IP DesIP are specified here Port This field specifies the Port number to which the policy applies Both the source port SrcPort and destination port DesPort are specified here Prot Short for protocol this is the protocol to which the policy applies Act Short for action this field specifies two possible actions allow or deny Opt Filtering Optional Filtering field specifies the time period to which the policy applies Up Clicking this button will move the corresponding policy up one space in t
124. specifies the Source Port for the Inbound Policy This is the external WAN side outside of the firewall port s that will be affected by the policy In this field there are two port entry fields and a dropdown menu The dropdown menu has four options Any Port Selecting this will cause all Ports to be affected by the policy When this is selected you will be unable to enter any information into the Port entry fields Single Port Selecting this will cause only one Port to be affected by the policy This Port will need to be specified by the user in the first Port entry field Port Range Selecting this will enable you to select a range of Ports to which the policy will apply The first Port in the range must be entered in the first Port entry field and the last Port in the range must be entered in the second Port entry field Safe Ports Any port greater than 1024 1025 65535 is considered a safe port Dest Port This specifies the Destination Port for the Inbound Policy This is the internal LAN side behind the firewall Port that will be affected by the policy See Src Port above for configuration detail Transport Protocol This specifies the Transport Transfer protocol for the policy The following protocol options are available All TCP UDP ICMP AH ESP and GRE Filtering Action This specifies what action the policy takes Allow Selecting this will cause the policy to allow packet transfer from the Sre IP t
125. t the idle timer Click Execute to activate your setting 4 1 Port ADSL Router P64 PPP Disconnect Timer Configuration The settings on this page are used to determine the traffic that will 1 Reset the PPP disconnect timer counter 2 Re establish a PPP connection only if PPP Reconnect on WAN Access is enabled Enable Disable Idle Timer Filter execute Apply Filter execute Filter Details Protocol ox submit Reset II Filter Details The table displayed in the Filter Details section of the page shows all the current Idle Filters Traffic must match the criteria of one of these filters in order to cause an Idle Timeout unless All Traffic will reset Idle Timer is selected As a default and starting point for configuration WWW browsing HTTP FTP and Telnet related packets are part of the filter table IP Protocol This is the IP Protocol name corresponding to the Protocol Number Protocol This is the IP protocol number through which the PPP session can be activated The Protocol Numbers for filters are TCP Protocol Number 6 UDP Protocol Number 17 ICMP Protocol Number 1 IGMP Protocol Number 2 4 1 Port ADSL Router P65 Port This is the Port through which the PPP session can be activated The default filters are HTTP TCP Port 80 FTP TCP Port 20 and 21 Telnet TCP Port 23 DNS UDP 53 Action You can add a rule by entering the appropriate information s
126. t transfer from the Sre IP through the Src Port to travel through the Dest Port to the Dest IP All of these are specified above and must be configured by the user 4 1 Port ADSL Router P116 Time Window Filtering This field allows you to select a certain time frame from the Time Group in which this policy will be active See section 6 6 for more information on Time Groups DB Short for Database this field allows you to select a user defined IP Group for the Src IP and Dest IP fields and a user defined Service Group for the Dest Port User defined IP and Service Groups are created in IP Group and Service Group pages Example Inbound Outbound Policies Sample Configuration This is a sample Inbound Outbound configuration meant to guide you in making your own configurations This configuration does not necessarily provide proper security it is meant only as a sample to display the functionality of the Inbound and Outbound Policies A Inbound Policy Sample Configuration You want your firewall to have the following properties Accept all http IP addresses except for 204 35 82 1 Grant FTP access from 101 64 35 4 external to 10 0 0 3 10 0 0 4 10 0 0 5 and 10 0 0 6 all internal Deny all access to FTP Server 10 0 0 6 on the weekend Converting the access requirements from above so that the Inbound Policy can understand them yields the following Deny access from any Src WAN IP to any D
127. tbound ACCESS sssssssssssssssesssssssssssrissisisisiriiirirririsrsrsrsssssssnsnssssnsssststsrsrsttrertrn 129 AD TOUR ACCESS nine a ants a cass micelaMenetsn 131 Appendix B Frequently Asked Questions uu 132 Appendix C Troubleshooting Guide 135 Appendix D Network Setup Guide ccs 136 DL Windows APZ 00O soetan E AE EEE ES 136 D 2 Windows 95 9S OSSE Me orr a EAEAN RR N 137 D 3 AC OS 7 6 1 or higher ssssessssessseseesseesssssesosooeoscesssssososooeoceessessssooeo 138 DA MAC OSA ora EE E E IE 139 Appendix E Common Error Message cccceccssssssessssssesee 140 Appendix F Glossary eccscesssssssssunssssssssnssassssssaessnesssssaessnssssssaesne 141 4 1 Port ADSL Router P5 e hapter 1 Intr tion Congratulations on your purchase of this outstanding ADSL Router ADSL is a transmission technology used to carry user data over a single twisted pair line between the Central Office and the Customer Premises The downstream data rates can go up to 8 Mbps The upstream data rates can go up to 1Mbps This asymmetric nature lends itself to applications such as Internet access and video delivery ADSL Router is a Four One Port Ethernet ADSL Router combines an Always On high speed Asymmetric Digital Subscriber Line ADSL connection to the Telephone Line and 10 100BASE T Ethernet Switch connection to a host PC or other Ethernet device to enable the widest array of host connectivity This Ethernet ADSL Router device set is
128. teway Manually Configured Routes This field displays the static route entries entered by the user 4 1 Port ADSL Router P82 4 3 3 5 Admin Privilege Learned MAC Table Network bridges operate at the physical network layer The purpose of a bridge is to connect two or more networks and enable packet sharing between them Bridges are different from routers because they forward packets based on physical addresses whereas routers use IP address to forward packets Bridges must learn all the physical MAC addresses of the devices so it can forward the packets reliably The purpose of the Learned MAC Table is to store and display these bridge recognized MAC addresses The Learned MAC Table page shows the current learned Bridge MAC table This page contains information that is dynamic and will refresh every 8 seconds Bridge MAC Table po MAC Address Expiration 00 C0 9F 2D 85 E9 100 Aging Timeout 190 Seconds Submit Reset Aging Timeout This field allows you to enter the update period for the MAC table Have this number lower if you want a more frequent refresh rate Note Range for Aging Timeout field is 0 32767 default is 100 4 1 Port ADSL Router P83 4 3 3 6 Admin Privilege RIP Configuration RIP Routing Information Protocol is a management protocol that ensures that all hosts in a particular network share the same information about routing paths In a RIP a host computer will send its entire routing table to a
129. the ADSL ROUTER Glossary provides definitions of terms and acronyms 4 1 Port ADSL Router P15 1 6 System Requirement Se oe dh A oe oe Oe ad Personal computer PC Pentium II compatible processor and above Internet Browser 64 MB RAM or more 50 MB of free disk space minimum Ethernet Network Interface Controller NIC RJ45 Port Ethernet CATS Cable Power adaptor for ADSL Router CD ROM drive 4 1 Port ADSL Router P16 Chapter 2 Getting To Know Your ADSL Router 2 1 For Four Port ADSL Router 2 1 1 Back Panel The back panel of the 4 Port ADSL Router contains WAN LAN Connection USB Port Connection and Power Switch ADSL Port for connecting the 4 Port ADSL Router to the ADSL Service Provider RESET Restore the 4 Port ADSL Router s factory default setting Ports 1 4 Four 10 100Mbps Ethernet Port for connecting the 4 Port ADSL Router to the network devices such as PCs AC Jack 12VAC 1A or 9VAC 1A Power adapter outlet ON OFF Power Switch to ON OFF the 4 Port ADSL Router Press the Reset button will Reboot amp Restore the ADSL Router s tory defaults and clear all the setting 4 1 Port ADSL Router P17 2 1 2 Front Panel The 4 Port ADSL Router s LEDs indicators display information about the device s status PWR 4 x 10 100Mbps Fast Ethernet Switch RXD ADSL RDY PWR Steady green light indicates the router is powered
130. tiated by either a client application residing on a PC or by client firmware residing on a modem or router PPTP Point to Point Tunneling Protocol PPTP is a protocol set of communication rules that allows corporations to extend their own corporate network through private Tunnels over the public Internet Effectively a corporation uses a wide area network as a single large local area network A company no longer needs to lease its own lines for wide area communication but can securely use the public networks This kind of interconnection is known as a virtual private network 4 1 Port ADSL Router P11 gt Easy Installation and Management ka ka Quick Setup The Quick Setup is meant to help you install the product quickly and easily Browser based management Browser based configuration allows you to easily configure your router from almost any type of personal computer such as Windows Macintosh or Linux Visual monitoring The 1 Port ADSL Router s front panel s LEDs provide an easy way to monitor the connection status and activity 4 1 Port ADSL Router P12 1 3 Scope This document provides the descriptions and usages for the ADSL Router s Web pages that are used in the configuration and setting process Both basic and advanced descriptions and concepts are discussed To help the reader understand more about these Web pages some questions and answers Q amp A are appended after the definition of each Web page
131. tion Then type 000002fa6fab in the ID Source MAC field 000003dc8faa in the Destination MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Forward and click Submit Q2 How do I block packets from MAC address 000002fa6fab through IP protocol ANS First go to the Bridge Filtering page under Configuration Then type 000002fa6fab in the ID Source MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Block and click Submit Q3 How do I block incoming packets with destination MAC address 000003dc8faa through IP protocol ANS First go to the Bridge Filtering page under Configuration Then type 000003dc8faa in the Destination MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Block and click Submit 4 1 Port ADSL Router P72 4 3 2 7 Configuration DNS The DNS Configuration page allows you to set the configuration of the DNS proxy For the DHCP requests from local PCs the DHCP server will set the LAN port IP as the default DNS server Thus all DNS query messages will come into LAN port first The DNS proxy on the ADSL Router records the available DNS servers and forwards DNS query messages to one of DNS servers 6M DNS Proxy Enable
132. to select the PVC Setting Click Submit after your choice to view the setting configurations details Main Setting Virtual Circuit Select Enable to activate the current PVC configuration The current PVC is displayed at the top of the page in parenthesis Default is Enabled for PVCO and Disabled for PVCI1 PVC7 VPI Virtual Path Identifier is a virtual path used for cell routing that is identified by an eight bit field in the ATM cell header The VPI field specifies this eight bit identifier for routing Range for VPI field is 0 255 default is 0 VCI A Virtual Channel Identifier is a virtual channel that is identified by a unique numerical tag that is defined by a 16 bit field in the ATM cell header The purpose of the virtual channel is to identify where the cell should travel The VCI field specifies this 16 bit numerical tag that determines the destination Range for VCI field is 0 65535 default is 35 Static IP Settings Static IP Settings are for users who have a Static IP Address WAN side from their ISP IP Address This is the static IP Address given by the ISP Range for IP Address is x x x y where 0 S xS 255andl S ys 254 default is 192 168 241 101 Subnet Mask This is the subnet mask given by the ISP Range for Subnet Mask is x x x x where 0 S x5 255 default is 255 255 255 0 Gateway This is the Gateway given by the ISP Range for Gateway is x x x y whereO S x5 255and1 S y5 254 default
133. ts until the network crashes Enabling this will allow the firewall to filter out possible Land Attack packets 4 1 Port ADSL Router P103 Reassembly Attack checking Reassembly Attack is a type of DoS attack that exploits the weakness of the IP protocol reassembly process As discussed earlier in this user guide packets undergo fragmentation when they exceed a certain maximum size Certain criteria define the packet fragmentation process so that packets can be reassembled properly In Reassembly Attack the subpackets have malformed criteria fragment offset which can easily cause a system to crash freeze or reboot Enable this option to check for and filter out Reassembly Attack packets Advanced Protection SYN Flooding checking SYN Flooding is a type of DoS attack that is accomplished by not sending the final acknowledgement to the receiving server s SYN ACK SYNchronize ACKnowledge in the final part of the handshake process This causes the serve to keep signaling until it is timed out When a flood many of these attacks are sent simultaneously the server will probably overload and crash Enable SYN Flooding checking to filter out possible SYN flood packets ICMP Redirection checking Also known as an ICMP storm attack or smurf attack ICMP Redirection is another form of DoS This attack is performed by sending ICMP echo requests to a broadcast network node The return IP address is spoofed and replaced by the victim s own ad
134. tting configuration manually Check your ISP for the setting details B Advanced Mode The Advanced Mode describe the detail instruction on installation configurations for advance user No changes should be made to this section without a thorough understanding of networking concepts i Advanced Setup For professional user ONLY No changes should be made to this section without a thorough understanding of networking concepts ii Manage Public Server For professional user ONLY No changes should be made to this section without a thorough understanding of networking concepts C Status Display the ADSL Router s current or previous connection setting and configuration status All the information provided under the Status tab are read only and can be changed upon setting configuration of the ADSL Router i Current Setting Shows the current setting configuration status i System Log Shows the System connection information 4 1 Port ADSL Router P3 Oo 4 2 Quick Setup The Quick Setup is meant to help you install the ADSL Router quickly and easily Click Automatic Setup and follow the steps describe below to complete your installation System Information Automatic Setup Manual Setup Advanced Setup Manage Public Server Current Setting System Log 4 1 Port ADSL Router P31 4 2 1 Quick Setup Automatic Setting STEP 1 Select the presetting country form the list For 1483 Bridged LLC encapsu
135. uit that is permanently available to the user RIP Routing Information Protocol A management protocol that ensures that all hosts in a particular network share the same information about routing paths In a RIP a host computer will send its entire routing table to another host computer every X seconds where X is the supply interval The receiving host computer will in turn repeat the same process by sending the same information to another host computer The process is repeated until all host computers in a given network share the same routing knowledge RIPv1 RIP Version 1 One of the first dynamic routing protocols introduced used in the internet RIPv1 was developed to distribute network reach ability information for what is now considered simple topologies RIPv2 RIP Version 2 Shares the same basic concepts and algorithms as RIPv with added features such as subnet masks authentication external route tags next hop addresses and multicasting in addition to broadcasting Router Mode Router Mode is used when there is more than one PC connected to the LAN side Ethernet and or USB port This enables the ADSL WAN access to be shared with multiple nodes on the LAN Network Address Translation NAT is supported so that one WAN side IP address can be shared among multiple LAN side devices DHCP is used to serve each LAN side device and IP address SNAP SubNetwork Attachment Point SNMP Simple Network Management Protocol Used to g
136. uter to connect to the Internet through a LAN refer to the instructions or help guide provided with your Operating System It is recommended that the network address of the client PC to be configured as a dynamic IP address This will give your DHCP server full control of IP Addresses and DNS Servers D 1 Windows XP 2000 Click on Start Menu Setting Control Panel In the Control Panel double click on the Network Connections Network and Dialup Connections in Windows 2000 icon Double click the Local Area Connection icon Under the General Tab click the Properties button Select Internet Protocol TCP IP and click the Properties button Under the General Tab make sure that the Obtain an IP address automatically and Obtain DNS Server Address Automatically options are selected If they are not selected select them and click the OK button This will make your IP dynamic allowing it to change each time you connect disconnect Pr i p gt EAD j erent emer Internet Protocol TCP IP Properties AF Ce inn Bense Akera Configuration owed uing Bp Cowi USO Network Adapter 5 You can get IP settings signed sulometicaly f poa remak supporta his capeb lhy ODlhams o pou mad io ack you network oderiskalo lo o Fa appropiate IP saning Conkgse sie Benenson aes re farang aie Obtain an IP akties automatioaby A BB Ghent tor Microsoft Networks O Une the folowing IP addis MGB Rie and Printer Sharing for Mcsosoit Networks A
137. vouyceendanstevecdncesescsdgess vdaswsnuveossenoadees 10 OST AUIS set ho TTE E E EE id 10 DD SCOPE scsstac esi iaus devsatsu las catcdediede e a a e Raia 13 BOW GLE Gd 1 REASON io EIDE RED PRR EIT AR PROPRIO ADV AR er POR CU nya T Oe 14 1 5 Document Structure sossesesssssosssesssescssecossecosseccsssccosscecssecossesooseseosese 15 1 6 System RequiremMent sesessssseseeessseseeessseseccsssssocecssssooecesssooecessssseeeees 16 Chapter 2 Getting To Know Your ADSL Routev 17 2 1 For Four Port ADSL ROUGE cocccccovcscsscscosssoscscosscesssscvoessvoccessvensessooesesees 17 214l Back AIM es irs a nl A RI ET a RA EAS 17 A2 Front Pane xicastense muere ea a a a ete ctaetogiteiedes 18 2 1 3 Connection Mechanism sssssissesissiisisssisssrsirsirninsnisninrirnrsnirnrns 19 2 2 For One Port ADSL Router ccccccccccssssccccssscccccsscccccsscccccssccccssceeees 21 22l Back P he hrener anera annaa ates taped alates tan evaciaatua ieee 21 2 2 2 Front Pape a r aS E AE EE caren SRE 22 2 2 3 Connection NIC C IANS TN Secs psccxce tines eee etal nosso be neice canter Ghote a cucseeniawetic staat 23 Chapter 3 Administrator s Computer Setting u 25 3 1 Windows 98 ME sesssssssesessssoosesesssscosssecosecessssoossccossecossscooseccossscossseossecoo 26 3 2 Windows 2000 osseesseeeessescosssessseccssscossseossecesssecossscoosecosssscossseosseeso 27 Bid WINDOWS XL e ee e aeei aeai 28 Chapte
138. wing configuration parameters to connect your ADSL Router to the Internet VPI VCI parameters Multiplexing Method Host and Domain Names ISP Login Name and Password ISP Domain Name Server DNS Address Fixed or Static IP Address mono gp Figure below shows the overall hardware connection mechanism of your 4 Port ADSL Router RJ 45 RJ 11 Cable Ethernet ADSL Connection Connection Splitter mr mh The LAN port of the 4 Port ADSL Router supports auto crossover capability 4 1 Port ADSL Router P19 Follow the following steps or instructions for connecting your 4 Port ADSL Router 1 Turn off your computer 2 Connect the ADSL port of your 4 Port ADSL Router to the splitter DSL port with a RJ 11 cable 3 Connect the Ethernet cable RJ 45 from your 4 Port ADSL Router to the Ethernet Adaptor in your computer 4 Connect the Power adaptor to the 4 Port ADSL Router and plug the other end into a Power outlet 5 Turn on your 4 Port ADSL Router The Power light will lit after turning on the 4 Port ADSL Router Auto and self diagnostic process will turn the LED indicators ON and OFF during 6 Turn on your computer 7 Refer to the next chapter to setup or configure your Network Adaptor 4 1 Port ADSL Router P20 2 2 For One Port ADSL Router 2 2 1 Back Panel The back panel of the 1 Port ADSL Router contains WAN LAN Connection USB Port Connection and Power Switch
139. would determine whether or not a connection is established However this time use a URL instead of and IP Address such as www google com Alternatively if the DSL LED is solidly on then the ADSL link is established Q3 What can I do to ensure an always on connection with my PPP session ANS There are two things you should do 1 Make sure you have 0 in the Disconnect Timeout field This will make sure that the PPP session is not disconnected from the User side 2 Make sure the Automatic Reconnect box is checked This will cause the ADSL Router to automatically reconnect if the connection is severed from either the ISP side or the user side Q4 How do I create a PPP session and connect it to the ISP ANS To create and connect a PPP session follow the steps below First you must create a PPP account To do this go to PPP Configuration page and click on PPP Account Configuration Enter the appropriate Acct ID User Name and Password make sure Add Modify is currently selected in the dropdown menu and click Submit Got back to the PPP Configuration Page by clicking Go back to PPP Configuration Type in an appropriate Session Name and select the account you just created in the Account to Use dropdown menu Everything else has default values which you can modify to suit your needs Make sure Add Modify is currently selected in the dropdown menu and click Submit The PPP session has been created Now you must go to the PPP Status
140. your ADSL Router is assigned a valid IP address statically If this test returns FAIL run this test again a few minutes after this test is completed If this test returns FAIL consistently and your ADSL Router is statically assigned an IP address make sure the IP address is the correct one assigned by your service provider This test returns SKIPPED if the AALS Connection test does not return PASS IV Testing Internet Connection Ping Gateway This test returns PASS if the gateway can be reached through a ping request The gateway is assigned by your service provider or obtained from your service provider by PPP or DHCP negotiation If this test returns FAIL run this test again a few minutes after this test is completed If this test returns FAIL consistently and your ADSL Router seems not working check to make sure your statically assigned IP address is configured correctly or the DHCP client is enabled on with the current VC This test returns SKIPPED if the IP Assignment test does not return PASS Ping Primary DNS This test returns PASS if the primary DNS can be reached through a ping request The primary DNS is assigned by your service provider or obtained from your service provider by PPP or DHCP negotiation If this test returns FAIL run this test again a few minutes after this test is completed If this test returns FAIL consistently and your ADSL Router seems to not be working check to make sure your static
Download Pdf Manuals
Related Search