NB714 UG - Netcomm
Contents
1. ONS Server 192 168 11 DNS Server3 o hease time Tanes NB712 NB714 User Guide YML829 Rev1 33 Mel ONN 8 Advanced Setup Advanced setup contains SHDSL WAN Bridge VLAN Route NAT DMZ Virtual server and firewall parameters BASIC ADVANCED SHDSL WAN BRIDGE VLAN ROUTE NAT DMZ VIRTUAL SERVER FIREWALL ADMIN s UTILITY 34 NB712 NB714 User Guide YML829 Rev1 NEILOMM 8 1 SHDSL BASIC You can setup the Annex type data rate and SNR margin for SHDSL parameters in 7 ADVANCED SHDSL ZHDSL e WAN BRIDGE Click SHDSL VLAN The following screen displays the Advanced SHDSL settings page for the NB712 gt A oodles VIRTUAL SERVER Home Basic Atvanced Status Admin Utility IP ries ADVANCED SHDSL STATUS Operation Mode ADMIN Saup Operada Sheds Ana Type OannexA Annex C S AB UTILITY Dati Rate n hilten 0 range 0 36 n O for adaptive moda Anue 0 range 10 10 The NB714 supports an additional 4 wire mode with 4 0608Mbps data rate The following screen displays the Advanced SHDSL settings page for the NB714 with the option to select the Link Type Home Basic Atvanced Status Admin Utility ADVANCED SHDSL Operation Mode E Setup Operation Mode Ameen Type 0 Anne Anae C Anne AB Link Type C4 Wirg amp 2 VWire Data Rate n tkbos fo rang 036 n O for adaptive mode ANE margin a iranga 1010 Ann2. IP_type address Wers Range Att ersion 7 Guthe Delete List Range Interface Modity Delete Inte face List Delete Level iit kt_filter oS protect Interface Port Server Active Protocal Gatewa Active Name Metmas Address Begin IP_range En Lease time Name _serverl Name _servere Protocol Name servers Dre src_IP dest_IP syng flood Port icmp flood TCP_flag udp flood ICMP_type ing death Description or atto Enable ip_ spo smurt_attack Action fraggle_attack Clear Modify List Attrib Profile Port IP_poo List Modify Method clear Service Time_serverL Community Edit Time_servere Trap ii Time servers Update_rate Time_zone List NB712 NB714 User Guide YML829 Rev1 NEILOMM 14 7 Configuration To setup the router move the cursor gt gt to Enable and press the enter key When the screen appears type the supervisor password The default supervisor password is admin The password will be prompted as a symbol for system security Command enable lt CR gt Message Please input the following information Supervisor password In this sub menu you can setup management features and upgrade software backup the system configuration and restore the system configuration via utility tools Any changes will need to be written to EPROM and the router wi
3. MELUNUM Broadband Solutions NB712 and NB714_ G SHDSL 4 port Modem Route NEICOMM Contents 1 Introduction ioc ccccccccccseccccccuecceceseeeccesuueecccssuuesecssueecccsuueesessuueecccssuuuecccssuueecccuueeuccsueesccsuueeccrsiueesecsiuess 4 ME Ae EE cscs ac ES N ca cei EEE ET as aac a 4 1 2 Package Contents rai sturs cxssesicstnsasecseavsipntergucavieteadin sn Scv dite erindiadieno tates aan deh daesiiabadaasietesprnedadannedn deat arneneerss 4 163 GDCCHICATOM ic cisicassuivusaniassscnsdntonssnisanssastoanapintidessantcaanisdausdantsaneainindsadaniainsennbiasaasniainicaiammaqinsitesaantd 5 1 4 Application ee eee ee eee eee 7 PTI EAE es du cdeen gy ctoees ayau aves avanaeenavaudecy gouteecnaeacave quataventvecaecoeateve ence N 8 a Te SS 6 al 2 et een eee eee eee ee ee 9 2 2 Denial of Service Attack ccccccccccccccccsscccccssseeecccsseeeccessueeuccssuuececsssueecccuueecccsueeuccsuueesestueeesenunesen 10 3 VLAN Virtual Local Area Network cicrsdscsicuivaniisiensiniteaaianmabininnn isasinndeitndyiesisainan ainda datntsinadaiduaandiaieaaunsianaicaisiinaisinas 12 SMES NG o E EE AEE EA E setnamneneee 12 SPAI IEE MIC i E E E EEEE AEEA EAEE AEE ne 12 3 3 Applications cccccccecccssscccssecccsrsescssesccsseeccsseescssuesccueeecsueescssueeccsueescsseescssueecesseeecssuesersueecssieesenieesgs 13 A Net TO KONW TG WOUND sscsiensuisrdienidnciprondeduitsoninin enina E A EA Er AAE Daoin rA Eii 14 A TOO a a AAAA AE A E E T 14 4 2 Rear
4. 14 16 12 DMZ To setup demilitarized zone move the cursor gt gt to dmz and press enter gt gt active Trigger DMZ host function address Configure virtual IP address and interface You can enable the demilitarized zone via active command After enabling the DMZ shift the cursor to address and press enter Command setup ip share dmz address lt ip gt lt 1 10 gt Message Please input the following information Virtual IP address 192 168 1 251 Active interface number Enter for default lt 1 gt 1 14 16 13 Firewall The product supports advanced firewall To setup the advanced firewall you can use firewall to configure gt gt Level Configure firewall security level pkt filter Configure packet filter dos protection Configure DoS protection There are three levels of firewall Level one basic only enables the NAT firewall and the remote management security The NAT firewall will take effect if NAT function is enabled The remote management security is default to block any WAN side connection to the device Non empty legal IP pool in ADMIN will block all remote management connection except those IPs specified in the pool Level two automatic enables basic firewall security all DoS protection and the SPI filter function Level three advanced is an advanced level of firewall where the user can determine the security level for a special purpose environment and or applications by configuring DoS protection and
5. T ADMIN and virtual servers to work in wrong schedule SECURITY Click on TIME SYNC s SNMP TIME SYNC There are two synchronization modes Simple Network Time Protocol SNTP and UTILITY synchronization with PC For synchronization with PC select Sync with PC The gateway will synchronize the time with the connecting PC Home Basic Advanced Status Admin Utility ADMIN TIME SYNC Time Synchronization a SYNC method syne with PC Sync with PC sail System Time 2003 01 01 00 24 33 GMT 8 00 sync Now SNTP is the acronym for Simple Network Time Protocol which is an adaptation of the Network Time Protocol NTP used to synchronize computer clocks in the Internet SNTP can be used to ensure the ultimate performance of full NTP implementation Home Basic Advanced status Admin Utility ADMIN TIME SYNC Time Synchronization a SYNC method SNTP v4 0 u Simple network time protocol Service Disable Enable Time Server 2 ntp drydog com Time Server 3 ntp1 cs wisc edu Time Zone Update Period secs 64 NB712 NB714 User Guide YML829 Rev1 NEILOMM For SNTP select SNTP v4 0 SNTP service Enable Time Server Any time server in the world can be used but it is suggested that you use the nearest timeserver Time Zone You have to choose the right time zone Click on Finish to finish the setup The browser will display the configured parameters Press Restart to restart the gate
6. e VPN pass through for PPTP L2TP IPSec tunnelling e Natural NAT firewall e Advanced Stateful packet inspection SPI firewall e Application level gateway for URL and keyword blocking e User access control deny certain PCs access to Internet service Management e Easy to use web based GUI for quick setup configuration and management e Menu driven interface Commandc line interface CLI for local console and Telnet access e Password protected management and access control list for administration e SNMP management with SNMPv1 SNMPv2 RFC1157 1901 1905 agent and MIB II RFC1213 1493 e Software upgrade via web browser TFTP server AIM e Upto 8 PVCs e QAM F5 AIS RDI and loopback e AAL5 NB712 NB714 User Guide 5 YML829 Rev1 NEILOMM ATM QoS e UBR Unspecified bit rate e CBR Constant bit rate e BR rt Variable bit rate real time e VBR nrt Variable bit rate non real time AAL5 Encapsulation e VC multiplexing and SNAP LLC e Ethernet over ATM RFC 2684 1 483 e PPP over ATM RFC 2364 e Classic IP over ATM RFC 1577 PPP e PPP over Ethernet for fixed and dynamic IP RFC 2516 e PPP over ATM for fixed and dynamic IP RFC 2364 e User authentication with PAP CHAP MS CHAP WAN Interface e SHDSL ITU T G 991 2 Annex A Annex B e Encoding scheme 16 TCPAM e Data Rate 2 wire mode N x 64Kbps N 0 36 O for adaptive e Data Rate 4 wire mode N x 128kbps N 0 36 O for adaptive e Impedance 135 ohms LAN Interface e 4 ports s
7. BASIC ADVANCED STATUS ADMIN UTILITY Click Basic for basic installation NB712 NB714 User Guide 21 YML829 Rev1 NEILOMM 7 1 Bridge Mode Before configuring the router in bridge mode check with your ISP to ensure you have the necessary information Home Basic Advanced Status Admin Utility BASIC STEP1 Operation fode Tudbem Medes ROUTE BAIDGE SHDSL iede OOO Side CFE Side Click Bridge and CPE Side to setup Bridging mode of the Router and then click Next Two SHDSL modes are available CO Central Office and CPE Customer Premises Equipment For a connection with a DSLAM the correct SHDSL mode is CPE For a LAN to LAN connection one side must be CO and the other side must be CPE LAN Parameters Home Basit Advanced Status Admin Utility BASIC STEP2 LAM PAd 197 168 1 1 Li Subnet Mask 785 S e 1 0 Damay 194 1 168 Laa Hon ame SOR WANI VE wt a Enap VC mux LL Enter IP 192 168 1 1 Enter Subnet Mask 255 255 255 0 Enter Gateway 192 168 1 254 The Gateway IP is provided by ISP Enter Host Name SOHO some ISPs will require the host name as identification You may need to check with your ISP to see if your Internet service has been configured with a host name In most cases this field can be ignored 22 NB712 NB714 User Guide YML829 Rev1 Melb OMM WAN1 Parameters Enter VPI 0 Enter VCI 32 Click LLC Click Next The screen will d
8. lt 1 5 gt 1 Base address 122 22 22 2 Number of address 3 After configuring the global IP address range you can bind the address pool to a specific interface via bind command Command setup ip share nat global interface lt 1 5 gt lt 1 8 gt Message Please input the following information NAT global address range entry number lt 1 5 gt 1 Active interface number lt 1 8 gt 1 You can delete global IP address range from 1 to 5 by using delete command You can view the global IP address range via list command NB712 NB714 User Guide 103 YML829 Rev1 NEILOMM To modify fixed IP address mapping move the cursor gt gt to fixed command and press enter gt gt modify Modify fixed NAT mapping interface Bind address pair to specific interface delete Delete fixed NAT mapping list Show fixed IP address mapping You can create up to 10 fixed NAT mapping entries via range command Command setup ip share nat fixed modify lt l lo gt lt ip gt lt ip gt Message Please input the following information Fixed NAT mapping entry number lt 1 10 gt 1 Local address 192 168 1 250 Global address 122 22 22 2 Command Setup ip Share nat fixed interface lt 1 5 gt lt 1 8 gt Message Please input the following information Fixed NAT mapping entry number lt 1 5 gt 1 Active interface number Enter for default lt 1 8 gt 1 You can delete fixed NAT mapping entries from 1 to 5 by using the delete c
9. 45 CONSOLE RS 232C DB9 for system configuration and maintenance LINE SHDSL interface for WAN port RJ 11 RST Reset button to reboot or load factory default The reset button can be used in one of two ways 1 Press the Reset Button for one second to reboot the system only 2 Pressing the Reset Button for four seconds will cause the product to reload the factory default settings thereby losing all of your settings If you forget your user name or password or if the router is having difficulties connecting to the Internet you may want to reconfigure it to clear all previous settings Press the Reset Button and hold for four 4 seconds with a paper clip or sharp pen pencil NB712 NB714 User Guide 15 YML829 Rev1 Melt Omn 5 Connecting your G SHDSL Modem Router This guide is designed to lead users through the Web Configuration of the G SHDSL Modem Router in the easiest and quickest way possible Please follow the instructions carefully Note There are three methods to configure the router serial console Telnet and Web Browser Only one configuration application is used to setup the Modem Router at any given time Select the method you wish to use and continue For Web configuration you can skip step 3 For Serial Console Configuration you can skip step 1 and 2 Step 1 Check the Ethernet Adapter in PC Make sure that an Ethernet Adapter has been installed in the PC that is to be used for configuration of the router TCP
10. Message Please input the following information Port index lt 1 12 gt 1 Port link type Tab select lt Trunk gt Access To view the VLAN table move the cursor to list and press enter 100 NB712 NB714 User Guide YML829 Rev1 Melton You can setup the routing parameters in route command If the product is configured as a bridge you do not want to setup the route parameters Move the cursor gt gt to route and press enter gt gt static Configure static routing table rip Configure RIP tool lf the Router is connected to more than one network it may be necessary to set up a static route between them A Static route is a pre determined pathway that network information must travel to reach a specific host or network With Dynamic Routing you can enable the Router to automatically adjust to physical changes in the network s layout The Cable DSL Firewall Router using the RIP protocol determines the network packets route based on the least number of hops between the source and the destination The RIP protocol regularly broadcasts routing information to other routers on the network You can setup 20 sets of static route in static command After entering static menu the screen will show as follow gt gt add Add static route entry delete Delete static route entry list Show static routing table You can add 20 sets of static route entry by using add command Type the IP information of the static route including
11. Rev1 NEILOMM 2 1 Types of Firewall There are three types of firewall 2 1 1 Packet Filtering In packet filtering only the protocol and the address information of each packet is examined Its contents and context its relation to other packets and to the intended application are ignored The firewall pays no attention to applications on the host or local network and it knows nothing about the source of the incoming data Filtering consists of examining incoming or outgoing packets and allowing or disallowing their transmission on the basis of a set of configurable rules Network Address Translation NAT routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall and offer a level of circuit based filtering Level 5 Application Protocol Source Destination address Source Destination port IP options Connection status Level 4 TCP Level 3 IP Level 2 Data Link Level 1 Physical 192 168 0 5 17216 34 Filter remembers this information UDP SP 3264 SA 192 168 0 5 DP 1525 DA 172 16 3 4 Matches outgoing so allowed UDP SP 1525 SA 172 16 3 4 DP 3264 DA 192 168 0 5 No matches so disallowed UDP SP 1525 SA 172 168 3 4 DP 2049 DA 192 168 0 5 JC 192 100 0 10 1025 192 120 8 5 2205 192 120 8 5 2206 Firewall 192 120 8 5 J Client IP S Internal Port External P
12. YML829 Rev1 NEIGOMMT 9 2 SNMP BASIC simple Network Management Protocol SNMP provides for the exchange of messages between a network management client and a network management agent for remote ADVANCED management of network nodes These messages contain requests to get and set STATUS variables that exist in network nodes in order to obtain statistics set configuration parameters and monitor network events SNMP communications can occur over the ADMIN LAN or WAN connection SECURITY The router can generate SNMP traps to indicate alarm conditions and it relies on one SNMP community strings to implement SNMP security This router support MIB and Bice MIB Il UTILITY Click SNMP to configure the parameters In the table of current community pool you can setup the access authority Home Basic Amance Status Admin Utility ADMIN SNMP SNMP Community and Trap Parameters Table ef currence commoniry peal 1 Drabi Ci BoE a 3 Dees ied ar Chi rsabiu Cs ristile a a aw Bal e Table df cunren irap heti peels inden i E Oz i 03 p O4 z Os 1 ol Baal oe eel Bol In the table of current trap host pool you can setup the trap host Click on the Modify button to modify the community pool NB712 NB714 User Guide 61 YML829 Rev1 Melb OMM SNMP Community and Trap Parameters Table of current community pool Ss p cancel or SNMP status Enable SNMP Community and Tr
13. defining an extra packet filter with higher priority than the default SPI filter Note that an improper filter policy may degrade the capability of the firewall and or even block the normal network traffic The firewall security level can configure via level command 106 NB712 NB714 User Guide YML829 Rev1 E Meltomn Packet filtering function can be configured by pkt_filter command Move the cursor to pkt_filter and press enter gt gt active Trigger packet filtering function drop flag Drop fragment packets add Add packet filtering rule delete Delete packet filtering rule modify Modify packet filtering rule exchange Exchange the filtering rule list Show packet filtering table To enable the packet filtering function you can use active command Add the packet filtering rule via add command gt gt protocol Configure protocol type Direction Configure direction mode src ip Configure source IP parameter dest ip Configure destination IP parameter port Configure port parameter TCP and UDP only tcp flag Configure TCP flag TCP only icmp type Configure ICMP flag ICMP only description Packet filtering rule description enable Enable the packet filtering rule begin The schedule of beginning time end The schedule of ending time action Configure action mode NB712 NB714 User Guide 107 YML829 Rev1 Meibom 14 16 15 DoS Protection DoS protection parameters can be configured in dos_protection menu Move the cursor to
14. discuss command mode in this manual 14 13 2 Security security command can be configured sixteen legal IP address for telnet access and telnet port number Move the cursor gt gt to security and press enter The default legal address is 0 0 0 0 which means that there is no IP restriction to access the router via telnet gt gt port Configure telent TCP port ip pool Legal address IP address pool list Show security profile 90 NB712 NB714 User Guide YML829 Rev1 NEILOMM simple Network Management Protocol SNMP is the protocol not only governing network management but also the monitoring of network devices and their functions The router can generate SNMP traps to indicate alarm conditions and it relies on SNMP community strings to implement SNMP security This router supports MIB amp Il Move the cursor gt gt to snmp and press enter gt gt community Configure community parameter trap Configure trap host parameter Up to 5 SNMP community entries can be configured in this system Move the cursor to community and press enter Command admin snmp community lt 1 5 gt lt more gt Message Please input the following information Community entry number lt 1 5 gt 2 The screen will prompt as follow gt gt edit Edit community entry list Show community configuration Up to 5 SNMP trap entries can be configured in this system Move the cursor to trap and press enter Command admin snmp t
15. is displayed Command system config Config command displays detailed configuration information script Configuration information will display in the command script 88 NB712 NB714 User Guide YML829 Rev1 Melton 14 10 Write Any changes to the router configuration must be written to EPROM using the write command and the router needs to be rebooted for the changes to take affect Move cursor to gt gt to write and press enter Command write lt CR gt Message Please input the following information Are you sure y n y 14 11 Reboot To reboot the router use reboot command Move cursor to gt gt to write and press enter Command reboot lt CR gt Message Please input the following information Do you want to reboot y n y 14 12 Ping Ping command will be used to test the connection of the router Move cursor gt gt to ping and press enter Command ping lt ip gt 1 65534 t 11999 Message Please input the following information IP address lt IP gt 10 0 0 1 Number of ping request packets to send TAB select t Data size 1 1999 32 There are 3 types of number of ping request packet to send default 1 65534 and t Default will send 4 packet and t continuous packet until you key in Ctrl c to stop 14 13 Administration You can modify the user profile telnet access SNMP Sample Network Management Protocol supervisor information and SNTP Simple Network Time P
16. 100 Category 5 cable Note To prevent loss of signal make sure that the length of any twisted pair connection does not exceed 100 metres RJ 45 Connector Pin Assignment Normal Assignment Input Receive Data 1 2 Input Receive Data 3 Output Transmit Data 6 Output Transmit Data 4 5 7 8 Not used Figure 1 ese re i a axe p Fani RJ 45 plug attached to cable Figure 2 112 NB712 NB714 User Guide YML829 Rev1 NEILOMM straight and crossover cable configuration There are two types of the wiring Straight Through Cables and Crossover Cables Category 5 UTP STP cable has eight wires inside the sheath The wires form four pairs Straight Through Cables has same pinouts at both ends while Crossover Cables has a different pin arrangement at each end In a straight through cable wires 1 2 3 4 5 6 7 and 8 at one end of the cable are still wires 1 8 at the other end In a crossover cable the wires of 1 2 3 6 are reversed so that wire 1 become 3 at the other end of the cable 2 becomes 6 and so forth To determine which wire is wire 1 hold the RJ 45 cable tip with the spring clip facing towards the ground and the end pointing away from you The copper wires exposed upwards to your view The first wire on the far left is wire 1 You can also refer to the illustrations and charts of the internal wiring on the following page straight Through Cabling 12345678 BAOSPEZL Figure 3 1 1 2 2 3 3 6
17. 16 1 1 1357 192 160 3 425 MTF Client Firewall SMTP Server 171 16 3 46000 10 1 2 3 5150 Air 11 Server Firewall Attacker NB712 NB714 User Guide 53 YML829 Rev1 NEILOMM Update Filtering Rule nex Protacot recton Acton Source Destination Source Port pest Por Filtering Result rotocor vecion Acton Source besnaton Source Por Destro CP Index eo 54 NB712 NB714 User Guide YML829 Rev1 NEILOMM Rule Order The order of the rules affects the filtering result The filtering process will proceed from top to bottom changing the order will give a different result For example Rule Source Address Destination Address Action A 10 0 0 0 172 16 6 0 Permit B 10 1 99 0 172 16 0 0 Deny C Any Any Deny Where 0 at the last eight bits indicates from 1 to 254 0 at any eight bits preceding 0 0 0 or 0 0 0 indicates from 1 to 254 On the other hand 0 and all 0 successive with 0 represents any When the rule is ordered as ABC Index Source Address Destination Address Action 10 1 99 1 ATAN Deny B 2 10 1 99 1 172 165 6 1 Permit A 3 10 1 1 1 172 16 6 1 Permit A 4 10 1 1 1 172 16 1 1 Deny C 9 192 168 3 4 172 16 6 1 Deny C The rule order will permit 10 1 99 1 to access 172 16 6 1 When the rule is ordered as BAC Index Source Address Destination Address Action 10 1 99 1 1721611 Deny B 2 10 1 99 1 172
18. 16 6 1 Deny B 3 10 1 1 1 172 16 6 1 Permit A 4 10 1 1 1 172 16 1 1 Deny C 9 192 168 3 4 1 2 16 51 Deny C The rule order will deny 10 1 99 1 to access 172 6 6 1 NB712 NB714 User Guide 55 YML829 Rev1 NEILOMM 8 9 IP Qos BASIC IP QoS allows you to prioritise different types of traffic thereby ensuring Quality of T port hed has service This is particularly useful for Voice over IP VoIP where the amount of bandwidth a WAN can affect the line quality in a phone call penis Select Enable to enable IP QoS and then click on the Add button to set the IP QoS Policy i aeria parameters a VIRTUAL SERVER a TP Qos STATUS ADMIN UTILITY Home Basic Advanced Status Admin Utility ADVANCED IP QoS IF QoS Parameters a General IF eh Parameters Ingge iP Qed damio Disable O Eraba e P O05 Policies Pool i Empty Enter the information to define the Policy Rule and click on the OK button Home Basie Advanced Status Admin tility IP QoS POLICY 1 IP QoS Policy Parameters Pelier Rule Descripoon Local IF Bg Anye0 0 0 0 Singh 10 0 0 1 Bemace IP Range 192 168 0 1 192 168 0 76 Local Port a g Any O 65535 Sanghe hi Remote Port i Range 10274 5050 Pistecal ANY Precedence iO al 56 NB712 NB714 User Guide YML829 Rev1 NEICOMM The screen will display the configured parameters Check the parameters In this example 192 168 1 60 is the highest priority 192 168 1 50 is the
19. 2 18 30 j DS fewe l 1696 11 TS Server 16596 1821 DSS Serer J EN a IP Address 192 168 30 2 Subnet mask 255 255 255 0 Gateway 192 168 30 1 Click Next The screen will display the parameters that will be written to EPROM Check the parameters and click the Restart button to restart the router with the new parameters or press continue to setup other parameters NB712 NB714 User Guide 79 YML829 Rev1 NEILOMM 14 Configuration via Serial Console or Telnet with Menu Driven Interface 14 1 Serial Console Check the connectivity of the RS 232 cable from your computer to the serial port of ROUTER Start your terminal access program with VT100 terminal emulation Configure the serial link with the following value Parameter Value Baudrate 9600 Data Bits 8 Parity Check No Stop Bits 1 Flow control No Press the SPACE key until the login screen appears When you see the login screen you can logon to Router Note You have to use the SPACE key Pressing other keys will not work User admin Password bi Note The factory default user and passwords are both admin 14 2 Telnet Make sure the correct Ethernet cable is used to connect the LAN port of your computer to the Router The LAN LNK indicator on the front panel will glow if the correct cable is used Start your Telnet client with a VT100 terminal emulation and connect to the management IP of Router When the login screen appears enter your User
20. 2 LAN to LAN connection with bridge Mode ETU 00h ETUA GPE LAN IF TEE W T 1 4 LAN BP RG TI Haimi Me W i ia Piima 2A 12 1 CO side Click Bridge and CO Side to setup Bridging mode of the Router and then click Next Home Basic Athanced Status Admin Utility BASIC STEP1 Operation Mode Sytem Mede OROUTE BRIDGE SHDSL Mode amp CO Side CPE Side LAN Parameters Basic Advanced Status Admin Utility BASIC STEP2 LAN masse 192 168 Li 1 Subnet Mask 255 255 255 0 Gateway 192 168 Li 1 Bea Same SOS WANI TA id va 3 Encap O VC rux LLC NB712 NB714 User Guide 13 YML829 Rev1 NEILOMM Enter IP 192 168 1 1 Enter Subnet Mask 209 200 290 0 Enter Gateway 192 168 1 1 Enter Host Name SOHO WAN1 Parameters Enter VPI 0 Enter VCI 32 Encap Click LLC Click Next The screen will display the configured parameters Check the parameters and click Restart The router will reboot with the new settings 74 NB712 NB714 User Guide YML829 Rev1 NEICOMM 12 2 CPE Side Click Bridge and CO Side to setup Bridging mode of the Router and then click Next MEELI Advanced Status Admin Utility BASIC STEP1 Operation Mode iyim Mode ROUTE amp BRIDGE SHDSL Mode CO Side O CPE Side LAN Parameters Basit Arvanced Status Admin Utility BASIC STEP2 LA PAddess 192 168 1 2 obn Mage 255 Z5 I eos Lg Caeway 192 168 SE viz Raw ane SOHO WANI VF
21. 6 Cross Over Cabling 12345678 BLES REEL Figure 4 1 3 2 6 3 i 6 2 Note To prevent loss of signal make sure that the length of any twisted pair connection does not exceed 100 metres NB712 NB714 User Guide 113 YML829 Rev1 NEILOMM SHDSL Line Connector Console Cable 34342 1 Jar 1 No connection 2 RxD 0 3 TxD l 4 No connection 5 GND 6 No connection 7 CTS 0 8 RTS I 9 No connection WA NB712 NB714 User Guide YML829 Rev1 Meibom Appendix B Registration and Warranty Information All NetComm Limited NetComm products have a standard 12 month warranty from date of purchase against defects in manufacturing and that the products will operate in accordance with the specifications outlined in the User Guide However some products have an extended warranty option please refer to your packaging To be eligible for the extended warranty you must supply the requested warranty information to NetComm within 30 days of the original purchase by registering on line via the NetComm web site at www netcomm com au Contact Information If you have any technical difficulties with your product please do not hesitate to contact NetComm s Customer Support Department Email support netcomm com au Fax 612 9424 2010 Web www netcomm com au Copyright Information This manual is copyright Apart from any fair dealing for the purposes of private study research criticism or review as p
22. ANAS NAN NE NSA AEEA EER EEN EEEREN CENNSA EANA 61 EAEE e A T AN A A E A E A S 64 2 NB712 NB714 User Guide YML829 Rev1 NEILOMM TINIE cee cere EE E EA A EA T E EN E E AEA 66 CAT O aa E 67 102 Conid OOla AAEREN ENNA ANEA TENANAN A AAEREN NREN 68 pRa o e E E E N AT E E E 69 CO O est apie A E EE A E A E E A 70 HA FAG SA E A E E buesveaudnd never batebainkwnSanvaninn seniors 71 OSIM E E E EE E E 12 12 LAN to LAN connection wiih Dridge MOOG acocetiuecteatecexecabevecscattveravetecavarabevacecatonsraeetdaueddinduaeblondunarsboresixs 3 TWN acs canes acento see ett cc CA eds tte cn gin eget gpa EE 73 122 Es lO Carey tcandachervsintitveneals duaebodiaoevperidvarthia Da A EAEN 75 13 LAN TOAN Connection wih ROUTING ModE seis sndsinasiancsuccsivatiadcaauniadnsindisawidadsacwnibedsaadiaiediidaiandsaaniandsinninaseds 76 Me WRN ic ac A A A A A A A E E tan deeetees 76 TAGE SUN o a a a arth te E ett Safe E E aE 78 14 Configuration via Serial Console or Telnet with Menu Driven Interface 80 ENES eA OI Sc E dave vin Svaeaboty E E E E E 80 PA O a E E A ata E A A 80 14 3 Operation Interface ccccssessrevescsecsecssevscareverecevseserevecauevsvaressecasevarauevenssevsesarevavarevaveuavenarevanarevenas 81 PA NON SACU e eaa EAE E A E A E E E 82 14 5 Menu Driven Interface COMMANGS icisissscssccrservensisissessseneveassisreersiearvassvsneieapievseecioreasvasnreveneasstenss 83 TSS PAVE O P E E T E TTA E EAE TE EAE E 84 14 7 Configuration ss sssssssr
23. Based VLAN to configure the router and press Reset Hitt Basit l Araneae Fiata Aisin iniy ADVANCED VLAN pied LAS Parmar Cert al Pe imie ia ie a Tipi L CI et ed Ly Ty hen VL foili et ele O UTE a G G e O E a o o a o 1 i i e E cI a s f m 0 o n m o i A r E E S E Cl E i E m E am 7 E El tJ a o a LI iis a i El o a a i a f i l L i i i Te A dt E ree EO Arra E ak A ee ae cre E ed ae ee 4 NB712 NB714 User Guide YML829 Rev1 NEILOMM 8 5 Route BASIC If the Router is connected to more than one network it may be necessary to set up a 7 ADVANCED static route between them A static route is a pre determined pathway that network 5 iri information must travel to reach a specific host or network Bane V With Dynamic Routing you can enable the Router to automatically adjust to physical Te tier changes in the network s layout The Router using the RIP protocol determines the ONA Sear network packets route based on the least number of hops between the source and the Suen destination The RIP protocol regularly broadcasts routing information to other routers BS i a on the network STATUS Click Route to modify the routing information ADMIN To modify the RIP Routing Information Protocol Parameters UTILITY RIP Mode Enable Auto RIP Summary Enable Home Basit Aiwancetl Status Admin Utility e General RIP Porno RIF Mode Disable Enable Ants RIP fuer Disab Ena
24. Enable Enable the DMZ host Function uses the IP address assigned to the WAN for enabling DMZ functions for the virtual IP address Multi DMZ Multi NAT Virtual Start IP Address Count Global Start IP Address Count Press Finish to continue some users who have two or more global IP addresses assigned by their ISP can be used as a multi DMZ The table is for the mapping of global IP address and virtual IP address some of the virtual IP addresses e g 192 168 1 10 192 168 1 50 collectively use two of the global IP addresses e g 69 210 1 9 and 69 210 1 10 The Multi NAT table will be setup as 192 168 1 10 40 69 210 1 9 2 The screen will display the parameters that will be written to EPROM Check the parameters before writing to EPROM Press Restart to restart the router with new parameters or Continue to configure other parameters 46 NB712 NB714 User Guide YML829 Rev1 NEILOMM 8 7 Virtual Server BASIC Virtual Server allows specific ports on the WAN interface to be re mapped to ADVANCED services inside the LAN For example 69 210 1 8 is assigned to WAN by the ISP i PAT and is visible to the Internet but does not actually have any services other than NAT B running on the gateway TCP requests made to 69 210 1 8 80 are remapped to VLAN the server 1 on 192 168 1 2 80 for working days from Monday to Friday 8 AM to Spee 6PM other requests with UDP made to 69 210 1 8 25 are remapped to se
25. HDSL 4 port Security Modem Routers deliver symmetrical DSL services to small and medium size business making them an economical alternative to Leased Line or ISDN services Available in two modem router configurations the NB712 2 wire and NB714 2 or 4 wire selectable are capable of providing data rates from 64kbps to 2 304Mbps NB712 or 128kbps to 4 608Mbps NB714 and fully comply with the ITU T G 991 2 standards The NetComm NB712 and NB714 Modem Routers combine integrated high end Bridging Routing capabilities with advanced functions such as Multi DMZ virtual server mapping and VPN pass through They also support port based VLAN and IEEE802 1q VLAN over an ATM network An advanced Firewall with Stateful Packet Inspection SPI and DoS protection all combine to protect your network from outside intruders With 4 x 10 100 Base T auto sensing auto negotiation and auto MDIX switching ports the NetComm G SHDSL Modem Routers enable you to leverage the latest broadband technology to meet the growing need for high performance data communication 1 1 Features e Easy configuration and management with password control for various applications and environments e Efficient IP routing and transparent learning bridge to support broadband Internet services e VPN pass through for PPTP L2TP IPSec Tunnelling e Virtual LANs VLANs offering significant benefits in terms of efficient use of bandwidth flexibility performance and security e Built
26. I E wt a Emap OVGmux ALLE IP Address Enter192 168 1 2 Subnet Mask Enter 255 255 255 0 Gateway Enter 192 168 1 2 Host Name Enter SOHO WAN1 Parameters VPI 0 VCI 32 Encap LLC Click Next The screen will display the configured parameters Check the parameters and click Restart The router will reboot with the new settings NB712 NB714 User Guide 15 YML829 Rev1 NELCOMMT 13 LAN to LAN Connection with Routing Mode 13 1 CO side Click ROUTE and CO Side then press Next Home Basit BASIC STEP1 Operation Mole iiien Made ROUTE BRIDGE SHUG Aedes HCOSice COCPE Side LAN parameters IP Address 192 168 20 1 Subnet Mask 299 200 200 0 Host Name SOHO DHCP Service For more DHCP service review DHCP Service Basic BASIC STEP2 Type G Fiad O Dyramic DHCP Clie Adine roe ree io i Subnet task 255 oes izes o Haw Kane SOHO Trigger DHCP Serde C Disable G Sener Raley 76 NB712 NB714 User Guide YML829 Rev1 NEILOMM WAN Parameters Basic BASIC STEP4 WANI nE vel 32 AALS Eneap OVC LLC mog PA PPP ae ane T VPI 0 VCI 32 AAL5 Encap LLC Protocol IPoA EoA IPoA NAT or EoA NAT Note The Protocol used in CO and CPE have to be the same BASIC STEPS WAS IL F Ae 10 hed I ah hag thit E m L ZE 0 anser ie ie e LE D eee eS CESS Garver 162 Se VE CESS brie Click Next to setup the IP parameters Refer to the section NAT DMZ for more info
27. IP Unnumbered IP Type IP Address Click Next 30 BASIC STEPS iced ELEL LEEI 10 mutis test test test Your ISP will provide the user name and password 10 If you want your Internet connection to remain on at all times enter 0 in the Idle Time field There are three IP types Dynamic Fixed and IP Unnumbered which you can setup The default IP type is Dynamic It means that ISP PPP server will provide IP information including a dynamic IP address when a SHDSL connection is established l e you do not need to type the IP address of WAN1 Some ISPs will provide fixed IP address over PPP Fixed 192 168 1 1 IP Unnumbered 192 168 168 1 NB712 NB714 User Guide YML829 Rev1 NEILOMM Note For security the password will be displayed as asterisk characters Don t forget to enable LAN For IP Routing Usage and type IP address on STEP 2 The screen will display the parameters that will be written to EPROM Check the parameters before writing to EPROM Press Restart to restart the router with the new parameters or press Continue to setup other parameters NB712 NB714 User Guide 31 YML829 Rev1 NEICOMM 7 2 5 IPoA or EoA Before configuring the router Type the Wan Parameters VPI VCI AAL5 Encap Protocol check with your ISP to ensure you have the correct parameters 0 33 LLC IPoA E0A IPoA NAT or EoA NAT Click Next to setup the IP parameters For more infor
28. IP address subnet mask and gateway You can delete the static route information via delete command You can review the static route entry by using list command To configure Routing Information Protocol RIP you can use rip command to setup the parameters Move the cursor gt gt to rip and press enter gt gt generic Configure operation and auto summery mode lan Configure LAN interface RIP parameters wan Configure WAN interface RIP parameters list Show RIP configuration Generic command can setup RIP mode and auto summery mode lf there are any routers in your LAN you can configure LAN interface RIP parameters via lan command The product supports 8 PVCs and you can configure the RIP parameters of each WAN via wan command Move the cursor gt gt to wan and press enter Command setup route rip wan lt 1 8 gt lt more gt Message Please input the following information Active interface number lt 1 8 gt 1 The screen will display the following gt gt attrib Operation authentication and Poison reverse mode version RIP protocol version authe Authentication code Attrib command can configure RIP mode authentication type and Poison reverse mode Version command can configure RIP protocol version Authe command can configure authentication code You can review the list of RIP parameters via list command NB712 NB714 User Guide 101 YML829 Rev1 Melton 14 16 8 LAN LAN interface parameters can be conf
29. IP protocol is necessary for web configuration so please check that the PC has TCP IP protocol installed Step 2 Check the Web Browser in PC For Web Configuration ensure that the PC has a Web Browser installed such as IE or Netscape Note Suggest IE5 0 Netscape 6 0 or above and 800x600 screen resolution or above Step 3 Check the Terminal Access Program For Serial Console and Telnet Configuration users need to setup the terminal access program with VT100 terminal emulation Step 4 Determine Connection Setting Users need to know the Internet Protocol supplied by your Service Provider and determine the mode of setting Protocol Selection RFC1483 Ethernet over ATM RFC1577 Classical Internet Protocol over ATM CLIP RFC2364 Point to Point Protocol over ATM PPPoA RFC2516 Point to Point Protocol over Ethernet PPPoE Different Protocols are required to setup different WAN parameters Your ISP will advise the correct protocol and the necessary WAN parameters to configure your Modem Router 16 NB712 NB714 User Guide YML829 Rev1 NEILOMM Bridge EoA WPI VICI Encapsulation Gateway Host Mame _ if applicable Route EoA VPI VICI Encapsulation IF Address Subnet Mask Gateway ONS Server Host Name _ it applicable IPoA VPI VICI Encapsulation IF Address Subnet Mask Gateway DNS Server Host Mame _ ff applicable PPPoA WPI VET Encapsulation User Name Passw
30. Menu Driven Interface Commands Before changing the configuration familiarize yourself with the operations list in the following table The Keystroke list are also displayed on the window Menu Driven Interface Commands Keystroke Description UP or Move to above field in the same level menu DOWN or K Move to below field in the same level menu LEFT or J Move back to previous menu RIGHT or L Move forward to submenu ENTER Move forward to submenu TAB To choose another parameters Ctrl C To quit the configuring item Ctrl Q For help NB712 NB714 User Guide 83 YML829 Rev1 NEILOMM 14 6 Menu Tree The menu tree is shown below All configuration commands are included in the Enable directory and are protected by a supervisor password Unauthorized users can view the status and configuration of the router but cannot change any configuration information 84 User Mame Password a ge es E Enable Enable Setup Status Show Write Reboot Ping Admin Utility Exit Status Mode SHOSL iW AN Bridge VLAN Route Firewall DH CP Default User Security SAM P Password ID SMTP Upgrade Backup Restore DNS proxy Hostname Show Ping Exit Mode SHDSL Cita i Wook L m Route script YPI VCI Type Interface Encap Clear Firewall Margin Gateway st atic RIP
31. Panel ccccccccccscccccsssseecccseeseccsseseccesseeeesesseeeeeuessesecsesaueeeseseeeesueseeeesecesseusesseseesessneeeseseneeens 15 9 Connecting your GSAHDSL Modem ROUTOT scsinivsaacnieinseanwnanaaienisinisaann deanna iania iiia aia i iai 16 6 Configuration via Web BrOWSET vascxsicersscsneesessnsgutaivansinetsennipateiuninesatcnsitan ounnibuisiunatavesansinnissesnibedabaivgetaeannitelskevaver 19 7 Basic Setup cccccccccccsccccsseeccsssceccsseeccseesccsueeccsseescssuesccsueeccsstescsuesecsueeeecsseesessuesccsueecsseesessuesecsitesstseesenss 21 PV TEM TN tect ican cl cet erty ei Kanab E dat dela Aen hand gan ded A EAE E 22 FAV ac 610 C G O Renee er ne nee nen ee re Tee ea Tr ee e 24 o PAC GUI aisun iina iaaii 34 SAE a E E E A EEE E TS 35 EW EN cacao cca detainee A E AA E E or CMe UN ctype acter facee eagles A EEE A hn sesh ore ws eeu E EE N A 39 CP sched rhachis he enna ttn dt de cafes dd arp ended ota oor asnnatna dietetic 41 O A E A E naa heniauenaeenens 43 OON TON eeii a i dastbmaabets teenies 45 C T N E a ceeds cus enecaue cue saascuee ensenaetesueasentteaaecsaauseanseza 47 8 8 Firewall arainn ENANA EEEE AE GEENEEN ENANA ENEAN 48 OIF OO ane EE E A AAE E 56 9 Administration ceca se ends cwasas eudeerunsceeediew scales wnsacsaioawasrcaniectntivneiban aun agindwetacessbena de esudan Soeetansseecyindtesbenniesatecsiesteusbeeieaeeavedies 58 ATEU aeaaaee E tne eaten E i 59 9 2 ONM P isisssinsasnsiasen nnn nanain asa A NNAS NaN AAS NANASI A ASN AN
32. The SHDSL router supports up to 8 PVCs WAN 1 was configured via BASIC except QoS If you want to setup other PVCs 2 to 8 the parameters are setup in WAN I e you must apply two or more Internet Services with ISPs otherwise you do not need to setup WAN The WAN Number 1 will be the parameters setup in Basic Setup If you want to setup another PVC you can configure them in WAN 2 to WAN 8 BASIC 7 ADVANCED SHOSI TAD BRIDGE WLAN ROUTE NAT OM2 VIRTUAL SERVER IP Qos STATUS ADMIN Enter the parameters Home Basie Advanced Status Admin Utility ADVANCED WAN WAN Interface Parameters Tolle Cone WA mieri aramee porte UP ever ATM w wex Ij ee Peel Power ATM aa F aia a g ay Mite eee me 255 255 355 g AALS LASS iir al Pieced Fst TTT 1 lx Cle UAR kia Tim 10 Damm ag P Typa ynamit E Goi A En mans f Bei Py uu Disable x WRI 4 Wiehe isai 1E k ija ao TE Wa a Pte Per Scar Lae 255 355 355 w AALS Enar Li F ka Parsa Goof TTT F et Claw eR ow hl Tima 10 Goo PCA Sul e Typa Dynamit ma Saa EZRA PF 5 2400 Sas nas 1 If the WAN protocol is PPPoA or PPPoE with dynamic IP leave the default WAN IP address and Subnet Mask as default settings The system will ignore the IP address and Subnet mask information but deleting or leaving blank the items will cause system error NB712 NB714 User Guide 3 YML829 Rev1 NEILOMM If the WAN protocol
33. VANCED SHDSL WAN BRIDGE VEAN ROUTE NAT DMZ VIRTUAL SERVER FIREWALL IP Qos STATUS ADMIN e UTILITY Two types of VLAN are supported either 802 1Q or Port Based Note that only one type of VLAN can be configured at a time Home TERE Advanced Status Admin Utility ADVANCED VLAN Virtual LAN Parameters General Parameter Mode Disable 802 10 Tag Based VLAN Port Based VLAN For setting 802 1Q VLAN click the 802 1Q Tag Based VLAN and click Reset The screen will display as follows NB712 NB714 User Guide 4 YML829 Rev1 NEICOMM Basit Advanced Giat Pliit Piit ADVANCED VLAN Virraal LA Parametera a Ganel eime iiie Oka EAn Tape a CP LAN a iD Top Hiimi VLEN Tahke Ea WO EAA fo a m a g o m o a afo o o o o o o m o o lafo g o m o o o a g a sio o o o o a o a o o si o o o o o o o o m a ja o o o c o o o m o ri o o a o o oO o o a fa fc a o o o o o o o a eo 1 1 1 1 1 1 1 i 1 OMe TE Accasa Aecara Access Accoss Ancara Ancara l Access Acisi Apaia VID Virtual LAN ID is a defined ID number from 1 to 4094 PVID Port VID is an untagged member of a default VLAN Link Type Access means the port can receive or send untagged packets Link Type Trunk means that the port can receive or send tagged packets Port Based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port Click Port
34. ablish the filtering table Enter the MAC address in the MAC address field and select Filter in the LAN field If you want to filter the MAC address of WAN PC to access the LAN press Add to establish the filtering table Enter the MAC address in the MAC address field and select Filter in the WAN field For example if your VC is setup at WAN 1 select WAN 1 Filter NB712 NB714 User Guide 39 YML829 Rev1 NEILOMM The screen will display the parameters that will be written to EPROM Check the parameters before writing to EPROM Home Basic Achancet Status Admin Utility ADVANCED BRIDGE Brolge Parameters Review To ket the configuration that you have changed take effect mamediately please click Restart button to reboot the sv the setup procedime please check Conte button e Generic Bridge Parmer E 192 168 1254 y ee nani cri a a rah ee y 1 ANT WANZ WANI WANA Pool m Expy Press Restart to restart the router with the new parameters or press Continue to setup other parameters NB712 NB714 User Guide YML829 Rev1 NEIGOMMT 8 4 VLAN Virtual LAN VLAN is defined as a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire when in fact they are located on a number of different LAN segments Because VLAN is based on logical instead of physical connections it is extremely flexible Click VLAN to configure VLAN BASIC T AD
35. and automatically send a new IP address when a computer is plugged into a different place in the network If the DHCP server is enabled you have to setup the following parameters for processing DHCP requests from clients The embedded DHCP server assigns network configuration information for up to 253 users accessing the Internet at the same time IP type Fixed IP Address 192 168 1 1 Subnet Mask 200 200 000 Host Name SOHO Some ISPs require the host name as identification Check with your ISP to see if your Internet service has been configured with a host name In most cases this field can be ignored 26 NB712 NB714 User Guide YML829 Rev1 NEILOMM The default setup is Enable DHCP server If you want to turn off the DHCP service choose Disable For example If the LAN IP address is 192 168 1 1 the IP range of LAN is 192 168 1 2 to 192 168 1 51 The DHCP server assigns the IP form Start IP Address to End IP Address The legal IP address range is form O to 255 but 0 and 255 are reserved for broadcast so the legal IP address range is from 1 to 254 On the other hand you cannot assign an IP greater than 254 or less then 1 Lease time 72 hours indicates that the DHCP server will reassign IP information every 72 hours Trigger DHCP Service Server DNS Server Your ISP will provide at least one Domain Name Service Server IP You can type the router IP in this field The router will act as DNS server relay function You
36. ap Parameters Table of current community pool Disable Disable 4 Disable Disable Senet or Access Right Deny for deny all access Access Right Read for access read only Access Right Write for access read and write Community Serves as password for access right Click on the OK button to submit the changes a Table of current trap host pool J mes 1 2 3 EE 5 Caa NA EE eel 62 NB712 NB714 User Guide YML829 Rev1 NEILOMM SNMP trap is an informational message sent from an SNMP agent to a manager Click Modify to modify the trap host pool Version select version for trap host SNMP v1 or SNMP v2 IP Type the trap host IP Community Type the community password The community is setup in community pool Click on OK to finish the setup The browser will display the configured parameters Press Restart to restart the gateway with the new parameters or press Continue to setup other parameters NB712 NB714 User Guide 63 YML829 Rev1 NEICOMM 9 3 Time Sync BASIC Time synchronization is an essential element for any business that relies on an IT system ADVANCED The reason for this is that these systems all have clocks that are the source of time for files or operations they handle Without time synchronization time on these systems can vary STATUS and cause firewall packet filtering schedule processes to fail security to be compromised
37. are specifications for connecting multiple See computer users on an Ethernet local area network to a remote ONS Server site through common customer premises equipment which Host Name __fif applicable is the telephone company s term for a modem and similar IP address f applicable devices Users share a common Digital Subscriber Line DSL cable modem or wireless connection to the Internet PPPoE and PPPoA combine the Point to Point Protocol PPP commonly used in dialup connections with the Ethernet protocol or ATM protocol which supports multiple users in a local area network The PPP protocol information is encapsulated within an Ethernet frame or ATM frame Before configuring the router check with your ISP to ensure you have the correct information Home Basic Advanced Status Admin Utility BASIC STEP4 WANI AALS Encap OOVC mux LLC Protocal Key in the WAN1 parameters VPI 0 VCI 33 AAL5 Encap LLC Protocol PPPoA NAT or PPPoE NAT Click Next to setup the User name and password For more information refer to the section on NAT DMZ NB712 NB714 User Guide 29 YML829 Rev1 NEILOMM Home Basic Advanced Status Admin Utility ISP 1 Ls eerie Pade arod Password Cordia le Tone CP Typs IF Added Type the ISP1 parameters Username Password Password Confirm Idle Time IP Type For fixed IP address IP Type IP Address Click Next For
38. at which you expect to transmit data voice and video Consider PCR and MBS as a means of reducing lantency not increasing bandwidth The range of PCR is 64kbps to 2400kbps The sustained rate at which you expect to transmit data voice and video Consider SCR to be the true bandwidth of a VC and not the long term average traffic rate The range of SCR is 64kbps to 2400kbps The amount of time or the duration at which the router sends at PCR The range of MBS is 1 cell to 255 cells The screen will display the parameters that will be written to EPROM Check the parameters before writing to EPROM Press Restart to restart the router with the new parameters or press Continue to setup other parameters 38 NB712 NB714 User Guide YML829 Rev1 Melb ONN 8 3 Bridge If your router is setup in bridge mode and you want to setup advanced filter functions you can use the BRIDGE menu to setup the filter and blocking functions Click Bridge to setup Press Add to add the static bridge information Basic Advanced Status Admin Utility ADVANCED BRIDGE Genere Bridge Parameters s General Parameter Default Gateway 182 168 1254 Static Bridge Parameters Table of Cuorremt SLAC Esiritti te ME 00 00 00 00 00 00 Finer ay Finer mls Finer i 2 Fiter Mig For E 3 Pater oe 7 Faber a 4 Fier 8 Fiker m EZE ee CoE Be oe If you want to filter the MAC address of a LAN PC to access the Internet press Add to est
39. d and idle time ip type Configure IP type in PPPoA and PPPOE list WAN interface configuration There are four types of protocols IPoA EoA PPPoA and PPPoE which you can setup For dynamic IP of PPPoA and PPPoE you do not need to setup the IP address and subnet mask There is an unique VPI and VCI value for Internet connection supported by ISP The range of VIP is from O to 255 and VCI from 0 to 65535 There are two types of encapsulation types VC Mux and LLC You can setup virtual circuit quality of service VC QoS using gos command The product supports UBR CBR VBR rt and VBR nrt The peak cell rate can be configured from 64kbps to 2400kbps Move the cursor to gos and press enter gt gt class Configure QoS class per Configure peak cell rate kbps SCE Configure sustainable cell rate kbps mbs Configure max burst size cell ISP command can configure account name password and idle time Idle time can be from O minute to 300 minutes Most ISPs use dynamic IP for PPP connection but some will use static IP Configure the IP type dynamic or fixed via ip_type command You can review the WAN interface configuration via the list command NB712 NB714 User Guide 97 YML829 Rev1 NEILOMM 14 16 4 Bridge You can setup the bridge parameters in bridge command If the product is configured as a router you do not want to setup the bridge parameters Move the cursor gt gt to bridge and press enter gt gt ga
40. de STU R and STU C STU R means the terminal of central office and STU C customer premises equipment Link type will be 2 wire or 4 wire mode according to the product 4 wire product can be worked under 2 wire mode You can set the data rate in multiples of 64Kbps where n is from O to 32 If you configure n to O the product will perform in adaptive mode There are two types of SHDSL Annex type Annex A and Annex B Clear command can clear CRC error count Generally you do not need to change the SNR margin which ranges from O to 10 The SNR margin is an index of line connection You can see the actual SNR margin in STATUS SHDSL The larger the SNR margin the better the line connection If you set SNR margin in the field as 2 the SHDSL connection will drop and reconnect when the SNR margin is lower than 2 l e the device will reduce the line rate and reconnect for better line connection 96 NB712 NB714 User Guide YML829 Rev1 NEILOMM The router supports up to 8 PVCs private virtual circuits and so you can setup up to 8 WANs WAN1 to WAN8 Move the cursor gt gt to wan and press enter To setup WAN1 type 1 Command setup wan lt 1 8 gt Message Please input the following information Interface number lt 1 8 gt 1 gt gt protocol Link type protocol address IP address and subnet mask ypi vci Configure VPI VCI value encap Configure encapsulation type qos Configure VC QoS isp Configure account name passwor
41. dos_protection and press enter gt gt syn flood Enable protection SYN flood attack icmp flood Enable protection ICMP flood attack udp_flood Enable protection UDP lood attack ping death Enable protection ping of death attack land_attack Enable protection land attack ip Sport Enable protection IP spoofing attack _ smurf attack Enable protection smurf attack 4 _ fraggle attack Enable protection fraggle attack A SYN flood attack attempts to slow your network by requesting new connections but not completing the process to open the connection Once the buffer for these pending connections is full a server will not accept any more connections and will be unresponsive ICMP Flood A sender transmits a volume of ICMP request packets to cause all CPU resources to be consumed serving the phony requests UDP Flood A sender transmits a volume of requests for UDP diagnostic services which cause all CPU resources to be consumed serving the phony requests A ping of death attack attempts to crash your system by sending a fragmented packet when reconstructed is larger than the maximum allowable size Other known variants of the ping of death include teardrop bonk and nestea A land attack is an attempt to slow your network down by sending a packet with identical source and destination addresses originating from your network IP Spoofing is a method of masking the identity of an intrusion by making it appeared that the traffic ca
42. ermitted under the Copyright Act no part may be reproduced stored in a retrieval system or transmitted in any form by any means be it electronic mechanical recording or otherwise without the prior written permission of NetComm Limited NetComm Limited accepts no liability or responsibility for consequences arising from the use of this product Please note that the images used in this document may vary slightly from those of the actual product Specifications are accurate at the time of the preparation of this document but are subject to change without notice NetComm Limited reserves the right to change the specifications and operating details of this product without notice NetComm is a registered trademark of NetComm Limited All other trademarks are acknowledged the property of their respective owners Customer Information ACA Australian Communications Authority requires you to be aware of the following information and warnings 1 This unit shall be connected to the Telecommunication Network through a line cord which meets the requirements of the ACA TS008 Standard 2 This equipment has been tested and found to comply with the Standards for C Tick and or A Tick as set by the ACA These standards are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio noise and if not installed and used in accordance with the instructions detailed wit
43. ex Type There are three Annex types Annex A ANSI Annex B ETSI or Annex AB in SHDSL Check with your ISP Link Type The router supports two link types 4 wire mode with 4 0608Mbps data rate and 2 wire mode with 2 304Mbps data rate Data Rate You can set the SHDSL data rate in multiples of 64kbps For adaptive mode n 0 The router will adapt the data rate according to the line status NB712 NB714 User Guide 35 YML829 Rev1 NEICOMM SHDSL SNR margin The margin range is from 0 to 10 SNR margin is an index of line connection You can see the actual SNR margin in STATUS SHDSL The larger the SNR margin the better the line connection If you set the SNR margin in the field to 2 the SHDSL connection will drop and reconnect when the SNR margin is lower than 2 l e the device will reduce the line rate and reconnect for better line connection The screen will display the parameters that will be written to EPROM Check the parameters before writing to EPROM Basic Adwanced Status Admin Utility ADVANCED SHDSL SHDSL Parameters Review Tet let the confgarasan thar you have changed take effect mamediataly pleace chek Feran burton to r the setup procedure please cick Continue button a SHDSL Mode Annex Type Annex B Data Rate O adapine mode Press Restart to restart the router with the new parameters or press Continue to setup other parameters 36 NB712 NB 14 User Guide YML829 Rev1 NEIGOMMT 8 2 WAN
44. has been used for any purposes other than that for which it is sold or in any way other than in strict accordance with the user manual supplied 5 Your product has been repaired or modified or attempted to be repaired or modified other than by a qualified person at a service centre authorised by NetComm and 6 The serial number has been defaced or altered in any way or if the serial number plate has been removed Limitations of Warranty The Trade Practices Act 1974 and corresponding State and Territory Fair Trading Acts or legalisation of another Government the relevant acts in certain circumstances imply mandatory conditions and warranties which cannot be excluded This warranty is in addition to and not in replacement for such conditions and warranties To the extent permitted by the Relevant Acts in relation to your product and any other materials provided with the product the Goods the liability of NetComm under the Relevant Acts is limited at the option of NetComm to e Replacement of the Goods or e Repair of the Goods or e Payment of the cost of replacing the Goods or e Payment of the cost of having the Goods repaired 116 NB712 NB714 User Guide YML829 Rev1 f2 NET OMM LIMITED Ae 25 02 290 455 IA OH PO Bow 1700 Lane Cave MSW 2006 Auetrca P oraid Sor F ed oot Broseband Solutions E salesinatcomm com au We waw netsomm Ai
45. hin this manual may cause interference to radio communications However there is no guarantee that interference will not occur with the installation of this product in your home or office If this equipment does cause some degree of interference to radio or television reception which can be determined by turning the equipment off and on we encourage the user to try to correct the interference by one or more of the following measures e Change the direction or relocate the receiving antenna e Increase the separation between this equipment and the receiver e Connect the equipment to an alternate power outlet on a different power circuit from that to which the receiver TV is con nected e Consult an experienced radio TV technician for help 3 The power supply that is provided with this unit is only intended for use with this product Do not use this power supply with any other product or do not use any other power supply that is not approved for use with this product by NetComm Failure to do so may cause damage to this product fire or result in personal injury NB712 NB714 User Guide 115 YML829 Rev1 Melton Product Warranty The warranty is granted on the following conditions 1 This warranty extends to the original purchaser you and is not transferable 2 This warranty shall not apply to software programs batteries power supplies cables or other accessories supplied in or with the product 3 The customer complies
46. ho packets at IP broadcast addresses all of it having a spoofed source address of a victim IP Spoofing is a method of masking the identity of an intrusion by making it appear that the traffic came from a different computer This is used by intruders to keep their anonymity and can be used in a Denial of Service attack Melb omu 3 VLAN Virtual Local Area Network Virtual LAN VLAN is defined as a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire when in fact they are located on a number of different LAN segments Because VLAN is based on logical instead of physical connections it is extremely flexible The IEEE 802 1Q defines the operation of VLAN bridges that permit the definition operation and administration of VLAN topologies within a bridged LAN infrastructure VLAN architecture benefits include 1 Increased performance 2 Improved manageability 3 Network tuning and simplification of software configuration 4 Physical topology independence 5 Increased security options As DSL over ATM links are deployed more and more extensively VLAN VLAN to PVC over DSL links is becoming a popular requirement of networks The following section will discuss the implementation of VLAN to PVC only for bridge mode operation i e the VLAN spreads over both the COE and CPE sides where there is no layer 3 routing involved 3 1 Specification 1 The unit supp
47. igured LAN IP address subnet mask and NAT network type gt gt address LAN IP address and subnet mask attrib NAT network type 14 16 9 IP share You can configure Network Address Translation NAT Port Address Translation PAT and Demilitarized Zone parameters in ip_share menu Move the cursor gt gt to ip_share then press enter gt gt nat Configure network address translation pat Configure port address translation dmz Configure DMZ host function NAT Network Address Translation is the translation of an Internet Protocol address IP address used within one network to a different IP address known within another network One network is designated the inside network and the other is the outside Typically a company maps its local inside network addresses to one or more global outside IP addresses and reverse the global IP addresses of incoming packets back into local IP addresses This ensure security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request NAT also conserves on the number of global IP addresses that a company needs and lets the company to use a single IP address of its communication in the Internet world DMZ demilitarized zone is a computer host or small network inserted as a neutral zone between a company private network and the outside public network It prevents outside users fr
48. in IP address automatically Click the OK button The window will ask you to restart the PC Click Yes button After rebooting your PC open your web browser and type http 192 168 1 1 to connect to the Router Address http 192 168 0 1 The default IP address and sub net mask of the Router is 192 168 1 1 and 255 255 255 0 Because the router acts as DHCP server in your network the router will automatically assign an IP address for the PC in the network Type User Name admin and Password admin and then click OK The default user name and password are both admin For the system security we suggest you change them after configuration Note After changing the User Name and Password it is strongly recommended that you record them somewhere as a reminder for the next time you login If you cannot remember the User Name and Password you will need to reset the Modem Router which will lose any previous configuration 20 NB712 NB714 User Guide YML829 Rev1 Mel ONN Basic Setup The Basic Setup contains LAN WAN Bridge and Router operation modes This section can be used to completely setup the router After successfully completing it you can access the Internet This is the easiest and quickest way to setup the router Note The advanced functions are only for advanced users The incorrect settings of advanced functions can affect the performance of the network and cause a system error or disconnection
49. in advanced SPI firewall e Four 10 100Mbps Auto negotiation and Auto MDIX switching port for flexible local area network connectivity e DMZ host Multi DMZ Multi NAT enables multiple workstations on the LAN to access the Internet e Full ATM protocol stack implementation over SHDSL e PPPoA and PPPoE support user authentication with PAP CHAP MS CHAP e SNMP management with SNMPv1 SNMPv2 agent and MIB II e Obtain enhancements and new features via Internet software upgrade 1 2 Package Contents The following items are included in your G SHDSL Modem Router pack e NB712 2 wire 14 2 or 4 wire selectable G SHDSL Router e 15VAC 1 0 Amp power supply e RS232 Console Cable e RJ11 ADSL line connection cable e RJ45 10 100 Ethernet cable e User Guide CD If any of the above items are missing or damaged please content NetComm immediately 4 NB712 NB 14 User Guide YML829 Rev1 Meibom 1 3 Specification Routing e Supports IP TCP UDP ARP ICMP IGMP protocols e P routing with static routing and RIPv1 RIPv2 RFC1058 2453 e P multicast and IGMP proxy RFC1112 2236 e Network address translation NAT PAT RFC1631 e NAT ALGs for ICQ Netmeeting MSN Yahoo Messenger e DNS relay and caching RFC1034 1035 e DHCP server client and relay RFC2131 2132 Bridging e EEE 802 1D transparent learning bridge e EEE 802 1q VLAN e Port based VLAN e Spanning tree protocol security e DMZ host Multi DMZ Multi NAT function e Virtual server mapping RFC1631
50. is IPoA or EoA leave the ISP parameters as default setting The system will ignore the information but deleting or leaving blank fields will cause a system error QoS Quality of Service UBR Unspecified Bit Rate CBR Constant Bit Rate VBR rt Variable Bit Rate real time PCR Peak Cell Rate in kbps SCR Sustained Cell Rate MBS Maximum Burst Size Click Finish to finish setting The Traffic Management Specification V4 0 defines ATM service catalogues that describe both the traffic transmitted by users onto a network as well as the Quality of Service that the network needs to provide for that traffic UBR is the simplest service provided by ATM networks There is no guarantee of any rate It is a primary service used for transferring Internet traffic over the ATM network CBR is used by connections that require a static amount of bandwidth that is available during the connection life time This bandwidth is characterized by Peak Cell Rate Based on the PCR of the CBR traffic specific cell slots are assigned for the VC in the schedule table The ATM always sends a single cell during the CBR connection s assigned cell slot VBR rt is intended for real time applications such as compressed voice over IP and video conferencing that require tightly constrained delays and delay variation VBR rt is characterized by a peak cell rate PCR sustained cell rate SCR and maximum burst rate MBR The maximum rate
51. isplay the new parameters Check the parameters and click Restart The router will reboot with the new settings Select Continue to configure other parameters Home Basic Advanced status Admin Utility BASIC REVIEW REVIEW To let the configuraten that you have changed take effect mumechately please chck Feson button to 1 the setup procedure please cick Conme button a Sodom Operation Mede SymemMode Didge Moda a LAN lmieriie Piye Fixe E e T 192 ia i 284 a soo e WAN mieri SSS SS NB712 NB714 User Guide 23 YML829 Rev1 NEIGOMMT 7 2 Routing Mode Routing mode includes DHCP server DHCP client DHCP relay Point to Point Protocol over ATM and Ethernet and IP over ATM and Ethernet over ATM The type of Internet protocol is provided by your ISP Click ROUTE and CPE Side then press Next Home Basic Advanced status Admin Utility BASIC STEP1 Operation Mode bym Mode ROUTE BRIDGE SHDSL Mode OF CO Side CPE Side Two SHDSL modes are available CO Central Office and CPE Customer Premises Equipment For connection with a DSLAM the SHDSL mode is CPE For a LAN to LAN connection one side must be CO and the other side must be CPE 24 NB712 NB714 User Guide YML829 Rev1 Netcom some ISPs provide a DHCP server service whereby the PC in the LAN can access IP information automatically To setup the DHCP client mode follow
52. ll need to be rebooted to work with the new settings The screen will prompt as follow gt gt enable Modify command privilege setup Configure system status Show running system status show View system configuration write Update flash configuration reboot Reset and boot system ping Packet internet groper command admin Setup management features utility TFTP upgrade utility exit Quit system The description of the commands are Command Description enable Modify command privilege When you login via serial console or Telnet the router defaults to a program execution read only privileges To change the configuration and write changes to nonvolatile RAM NVRAM you must work in enable mode setup To configure the product you have to use the setup command status View the status of product show Show the system and configuration of product write Update flash configuration After you have completed all necessary settings write the new configuration to NVRAM by the write command and reboot the system or all of your changes will not take effect reboot Reset and boot system After you have completed all necessary changes write the new configuration to NVRAM and reboot the system by reboot command or all of your changes will not take effect NB712 NB714 User Guide 85 YML829 Rev1 Melt UMN ping Packet internet groper command admin You can set management features with this command utility Upgrade soft
53. m Command enable ORD Message lt 1 K gt Hove up down lt L J gt Select Unselect lt U O gt Hove top bottom lt Q gt Help NB712 NB714 User Guide 81 YML829 Rev1 Meibom 14 4 Window structure From top to bottom the window will be divided into four parts 1 Product name 2 Menu field Menu tree is prompted on this field gt gt symbol indicates the cursor place 3 Configuring field You will configure the parameters in this field lt parameters gt indicates the parameters you can choose and lt more gt indicates that there have submenu in the title 4 Operation command for help The following table shows the parameters in the brackets Command Description lt ip gt An item enclosed in brackets is required If the item is shown in lower case bold it represents an object with special format For example lt ip gt may be 192 168 1 3 lt RoutelBridge gt Two or more items enclosed in brackets and separated by vertical bars means that you must choose exactly one of the items If the item is shown in lower case bold with leading capital letter it is a command parameter For example Route is a command parameter in lt RoutelBridge gt 1 1999 An item enclosed in brackets is optional 1 65534l t Two or more items enclosed in brackets and separated by vertical bars means that you can choose one or none of the items 82 NB712 NB714 User Guide YML829 Rev1 NEILOMM 14 5
54. mation refer to the section on NAT DMZ WANI IP Address Basic Advanced Status Admin Utility BASIC STEP5 Subnet Mask 2 Gateway DNS Server DNS Server 2 DNS Server 3 IP Address Subnet mask Gateway DNS Server 1 Click Next 32 PIPE as wii EC 168 95 1 1 168 95 192 1 10 1 2 1 The router s IP address as seen from the Internet Your ISP will provide it and you need to specify it here 700 29 9 2 00 0 This is the router subnet mask seen by external users on the Internet Your ISP will provide it to you 10 1 2 2 Your ISP will provide you the default gateway 168 95 1 1 Your ISP will provide at least one DNS Domain Name System Server IP address NB712 NB714 User Guide YML829 Rev1 EPROM Press Restart to restart the router with the new parameters or press Continue to setup other parameters Home Basit Adwanced Status Melb OMM The screen will display the parameters that will be written to EPROM Check the parameters before writing to Admin Utility BASIC REVIEW REVIEW To ler the i H the sctup seit plete click Coatione button e riiim Operation ede a that you have changed take effect immed ely please cick Restart button to 1 SHDSE Mode 7 CPE Side WP Adaress E S 255 255 255 CO Homama SoHo Trigger DHCP sorview DHCP Soner e DHCP server o 255 255 255 0 o 192 160 12 muna sir 192 169 151
55. may assign fixed IP addresses to some devices while using DHCP provided that the fixed IP address is not within the range used by the DHCP server Click Next to setup WAN1 parameters NB712 NB714 User Guide 27 YML829 Rev1 NEICOMM 7 2 3 DHCP relay If you already have a DHCP server on your LAN and you want to use it for DHCP services the router provides a DHCP relay function Home Basic Advanced Status Admin Utility BASIC STEP2 LAN IP Type Fixed Dynamic DHCP Client PAddess a2 168 1 E Subnet Mask 255 255 255 o Trigger DHCP Service Disable Server Relay IP Type Fixed IP Address 192 168 1 1 Subnet Mask 200 2 3 2 0050 Host Name SOHO Some ISPs require the host name as identification Check with your ISP to see if your Internet service has been configured with a host name In most cases this field can be ignored Trigger DHCP Service Relay Home Basic Advanced Status Admin Utility BASIC STEP3 DHCP RELAY Remote DHCP Server Parameter IF address 192 166 1 124 Click Next to setup DHCP server parameters Enter the DHCP server IP address in IP address field Press Next 28 NB712 NB714 User Guide YML829 Rev1 NEILOMM 7 2 4 PPPoE or PPPoA PPPoA point to point protocol over ATM and PPPoE point to a a point protocol over Ethernet are authentication and connection VICI protocols used by many service providers for broadband ae Internet access These
56. me from a different computer This is used by intruders to keep their anonymity and can be used in a Denial of Service attack A smurf attack involves two systems The attacker sends a packet containing a ICMP echo request ping to the network address of one system This system is known as the amplifier The return address of the ping has been faked spoofed to appear to come from a machine on another network the victim The victim is then flooded with responses to the ping As many responses are generated for only one attack the attacker is able use many amplifiers on the same victim 108 NB712 NB714 User Guide YML829 Rev1 Melton IP QoS is a function to decide the priorities of setting IPs to transfer packets under the situation of overloading bandwidth To configure IP QoS function move the cursor to IPQoS and press enter gt gt Active Trigger IP QoS function Add Add IP QoS policy Delete Delete IP QoS policy Modify Modify IP QoS policy list Show IP QoS policy table You can enable the IPQoS function via active command The add parameters of IPQoS can be configured via add command gt gt Protocol Configure protocol local ip Configure local IP parameter remote ip Configure remote IP parameter Port Configure port parameter description Policy description Enable Enable the policy Precedence Configure precedence parameter The port type is configured by protocol command The local ip range is configured by local_ip co
57. me via hostname command Move cursor gt gt to hostname and press enter Command setup hostname lt name gt Message Please input the following information Local hostname ENTER for default lt SOHO gt test 14 16 20 Default If you want to restore factory default first move the cursor gt gt to default and then press enter Command setup default lt name gt Message Please input the following information Are you sure Y N y NB712 NB714 User Guide 111 YML829 Rev1 NEICOMM Appendix A Cable Information This cable information is provided for your reference only Please ensure you only connect the appropriate cable into the correct socket on either this product or your computer If you are unsure about which cable to use or which socket to connect it to please refer to the hardware installation section in this manual If you are still not sure about cable connections please contact a professional computer technician or NetComm for further advice RJ 45 Network Ports RJ 45 Network Ports can connect any networking devices that use a standard LAN interface such as a Hub Switch Hub or Router Use unshielded twisted pair UTP or shield twisted pair STP cable to connect the networking device to the RJ 45 Ethernet port Depending on the type of connection 10Mbps or 100Mbps use the following Ethernet cable as prescribed 10Mbps Use EIA TIA 568 100 Category 3 4 or 5 cable 100Mbps Use EIA TIA 568
58. mmand The remote ip range is configured by remote_ip command The port range is configured by port command To define the description of policy is configured by description command To enable the policy is configured by enable command To define the priority of the policy is configured by precedence command To delete the policy is configured by delete command To modify the policy is configured by modify command You can view the IPQoS configuration via list command NB712 NB714 User Guide 109 YML829 Rev1 Melton 14 16 17 DHCP Dynamic Host Configuration Protocol DHCP is a communication protocol that lets network administrators to manage centrally and automate the assignment of Internet Protocol IP addresses in an organization s network Using the Internet Protocol each machine that can connect to the Internet needs a unique IP address When an organization sets up its computer users with a connection to the Internet an IP address must be assigned to each machine Without DHCP the IP address must be entered manually at each computer If computers move to another location in another part of the network a new IP address must be entered DHCP lets a network administrator to supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network To configure DHCP server move the cursor to dhcp and press enter gt gt generic Co
59. name and Password User admin kkkkk Password Note The default IP address is 192 168 1 1 80 NB712 NB714 User Guide YML829 Rev1 NEILOMM 14 3 Operation Interface For serial console and Telnet management the Router implements two operational interfaces command line interface CLI and menu driven interface The CLI mode provides users with a simple command line interface The menu driven interface is a more user friendly interface for general operations The command syntax for CLI is the same as that of the menu driven interface The only difference is that the menu driven interface displays all available commands for you to select This means that you don t need to remember the command syntax and can save you time by not requiring you to type the whole command line The following figure gives you an example of the menu driven interface In the menu you scroll up down by pressing key K select one command by key L and go back to a higher level of menu by key J For example to show the system information just logon to the Router move down the cursor by pressing key K twice and select show command by pressing key L you shall see a submenu and select system command in this submenu then the system will display the general information SHIS ROUTER gt gt enable Modify commend privilege status Shoe running system slatus shos View systes configuration ping Packet internet groper command exit Quit syste
60. nfigure generic DHCP parameters fixed Configure fixed host IP address list Leer Show DHCP configuration The generic DHCP parameters can be configured via generic command gt gt active Trigger DHCP function gateway Default gateway for DHCP client netmask Subnet mask for DHCP client ip range Dynamic assigned IP address range lease time Configure max lease time name Server Domain name serverl name server2 Domain name server2 name server3 Domain name server3 Active the DHCP function with active command set the default gateway vie gateway command The subnet mask for DHCP client is configured by netmask command lp_range command is to configure dynamic assigned IP address range The dynamic IP maximum lease time is configured by lease_time command You can setup 3 domain name servers via name_server commands Fixed Host IP Address list are setup via fixed command gt gt add Add a fixed host entry delete Delete a fixed host entry You can view the DHCP configuration via list command 110 NB712 NB714 User Guide YML829 Rev1 NEILOMM You can setup three DNS servers in the router The number 2 and 3 DNS servers are optional Move cursor gt gt to dns_proxy and press enter Command setup dns proxy lt IP gt IP IP Message Please input the following information DNS server 1 ENTER for default lt 168 95 1 1 gt 10 0 10 1 DNS server 2 10 10 10 1 DNS server 3 14 16 19 Host name Enter local host na
61. nie a Tabl of Convent Interface RIP Parameter triacs a Norton Rea e code LAM Disable 2 Hane Enmsbte Hona WANA Dis aGhe d Ihre nabs Paget CIWAN Disable Hana Dick ab lis Hang CIWAN Disable Hong Digable Hone WANG Lis abe Homi BEE fai Hone CI wane Disabhe Homi Lis alii Mori WANA Disable hore Disable hore at Wahl isst Hont Hisahles Hone CI WAND Dis Abbe z H i LHE 35l Mor CE eel Press Modify RIP Mode This parameter determines how RIP Routing Information Protocol is handled RIP allows it to exchange routing information with other routers If set to Disable the gateway does not participate in any RIP exchange with other routers If set to Enable the router broadcasts the routing table of the router on the LAN and incorporates RIP broadcasts by other routers into it s routing table If set to silent the router does not broadcast the routing table but it accepts RIP broadcast packets that it receives NB712 NB714 User Guide 43 YML829 Rev1 Melton RIP Version It determines the format and broadcasting method of any RIP transmissions by the gateway RIP v1 it only sends RIP v1 messages only RIP v2 it send RIP v2 messages in multicast and broadcast format Authentication required None for RIP there is no need of authentication code Password the RIP is protected by password authentication code MD5 The RIP will be decoded by MD5 rather than be protected by password au
62. nts could add up to more than the allowed 65 536 bytes Many operating systems didn t know what to do when they received an oversized packet so they froze crashed or rebooted Other known variants of the ping of death include teardrop bonk and nestea The attacker sends TCP connections faster than the victim machine can process them causing it to run out of resources and dropping legitimate connections A new defence against this is to create SYN cookies Each side of a connection has its own sequence number In response to a SYN the attacked machine creates a special sequence number that is a cookie of the connection and forgets everything it knows about the connection It can then recreate the forgotten information about the connection where the next packets come in from a legitimate connection The attacker transmits a volume of ICMP request packets to cause all CPU resources to be consumed serving the phony requests The attacker transmits a volume of requests for UDP diagnostic services which cause all CPU resources to be consumed serving the phony requests The attacker attempts to slow your network down by sending a packet with identical source and destination addresses Originating from your network Where the source address of a broadcast ping is forged so that a huge number of machines respond back to the victim indicated by the address thereby overloading it A perpetrator sends a large amount of UDP ec
63. ocol and configure the parameters If you want to ban all of the protocol from the IP e g 200 1 1 1 to access the all PCs e g 192 168 1 2 192 168 1 50 in the LAN key in the parameter as Protocol ANY Direction INBOUND INBOUND is from WAN to LAN and OUTBOUND is LAN to WAN Description Hacker Src IP Address 200 1 1 1 Dest IP Address 192 168 1 2 192 168 1 50 Press OK to finish The screen will display the configured parameters Check the parameters Basic Aivenced Status timin Utility FIREWALL PKT FILTER Parbet Fitterang Porameteri Gesell Pria inreg Peer Tapp Fe be f beia a C E Crap mpi Pira ej lai i a rpms Paih 24 F iol ZZ B pary t i ie LS pE Fel a a moj hide Enable Prosesi Dunaion Action Somes Dinimi TCP MF asada Doaiyiaa raat TAM Laie fared Geeta i te Tix eal a aT n Bana H Ta HH 13 aS n mima P TES TEE 1 23 Aan ee Click Restart to restart the gateway or Continue to configure another parameters 52 NB712 NB714 User Guide YML829 Rev1 MELOUN Filtering Rule for SMTP connection Filtering rule will be configured as follow roioco recon Actin Source Destination Dest Pot Soheaue CP 1 aw emer foen ay ay ay ays 2 Outbound 172 1611 192 168 3 4 TcP 1234 Permit B 172 156 1 1 132 160 3 4 1254 P od res SWP Server Firewall SMMP Client 3 Outbound 172 16 1 1 192 168 3 4 Permit C 172
64. om getting direct access to a server that has company private data 102 NB712 NB714 User Guide YML829 Rev1 NEICOMM 14 16 10 NAT You can configure NAT parameters in nat menu gt gt virtual Virtual IP address pool global Global IP address pool fixed Fixed IP address mapping The virtual menu contains range of virtual IP address delete virtual IP address and show virtual IP address gt gt range Edit virtual IP address pool delete Delete virtual IP address pool list Show virtual IP address pool You can create up to five virtual IP address pool ranges in range command Command setup ip share nat virtual range lt 1 5 gt lt ip gt lt 1 2353 gt Message Please input the following information NAT local address range entry number lt 1 5 gt 1 Base address 192 168 1 2 Number of address 49 You can delete virtual IP address range from 1 to 5 by using delete command You can view the virtual IP address range via list command To setup global IP address pool move the cursor gt gt to global command and press enter gt gt range Edit global IP address pool interface Bind address pool to specific interface delete Delete global IP address pool list Show global IP address pool You can create five global IP address pool range via range command Command setup ip share nat global range lt 1 5 gt lt ip gt lt 1 253 gt Message Please input the following information NAT global IP address range entry number
65. ommand You can view the fixed NAT mapping entry via list command 104 NB712 NB714 User Guide YML829 Rev1 Melton 14 16 11 PAT To configure Port Address Translation move the cursor gt gt to pat and press enter gt gt clear Clear virtual server mapping modify Modify virtual server mapping list Show virtual server mapping pool You can delete virtual server mapping entry from 1 to 10 by using clear command You can create up to 10 virtual server mapping entry via modify command Command setup ip share pat modify lt 1 10 gt Message Please input the following information Virtual server entry number lt 1 10 gt 1 After key in enter the screen will prompt as below gt gt interface Active interface port TCP UDP port number server Host IP address and port number protocol Transport protocol name Service name begin The schedule of beginning time end The schedule of ending time Set the active interface number via interface command You can configure the global port number by using port command The local server host IP address and port number are configured via server command The authorized access protocol is setup via protocol command Name command can be used to configure the service name of the host server Begin and end command is used to setup the local server schedule to access You can view the fixed NAT mapping entry via list command NB712 NB714 User Guide 105 YML829 Rev1 Melton
66. ord DMS Server Host Mame _ f applicablel IF Address Mf applicable NB712 NB714 User Guide YML829 Rev1 NEILOMM PPPoe WPI VICI Encapsulation User Name Password DNS Server Host Name _ if applicable IF Address if applicable Step 5 Install the SHDSL Router Do not turn on the Modem Router until you have completed the Hardware Installation e Connect the power adapter to the port labelled DC IN on the rear panel of the product e Connect the Ethernet cable to the PC Note The 4 port modem router supports auto MDIX switching so both straight and cross over Ethernet cables can be used e Connect the phone cable to the product and the other side of the phone cable to the wall jack e Connect the power adapter to the power source e Turn on the PC which will be used to configure the Router 4 port router with network topology y We 4 NB714 or NB712 G SHDSL Modem Router Note NB714 model shown Firewall NB 712 NB714 User Guide YML829 Rev1 Melb OMM 6 Configuration via Web Browser For Win95 98 and Me click the start button Select Setting and Control Panel 1 iowa ips 7 Double click the Network icon s iE i He LR ee ee ee In the Configuration window select the TCP IP protocol line associated with your network card and then click the Properties button NB712 NB714 User Guide 19 YML829 Rev1 Melb OMM Choose IP Address tab Select Obta
67. ork or dropped depending on the firewall configuration Howe Basie Aangel Status Almin itility FIREWALL PKT FILTER Packet Filtemng Parameters e Gemeral Packet Pilmring Parameter Trager Pacini Senace eae CI Enable Drop Framed Facka E Digas O Enab E Apper PHiier Pool is Empty A stateful firewall maintains a memory of each connection and data passing through it A stateful firewall records the context of connections during each session continuously updating state information in dynamic tables With this information stateful firewalls inspect each connection traversing each interface of the firewall testing the validity of data packets throughout each session As data arrives it is checked against the state tables and if the data is part of the session it is accepted Stateful firewalls enable a more intelligent flexible and robust approach to network security while defeating most intrusion methods that exploit state less IP filtering firewalls NB712 NB714 User Guide 51 YML829 Rev1 NEILOMM If you want to configure the Packet Filtering Parameters choose Enable and press Add Home Basit Mancen Status Admin Utility PKT FILTER RULE 1 Packet Filter Rale Parameters Pose ANY m Dar INBOUND QO OUTBOUND Ace OER OFERT De Eon Src P Addbers ag Amigi Sing 10 0 0 1 Deal F Addonics Rara 197 168 0 1 197 E90 TE Schedule Ahiya CiFree Day Senda Meg Senedd M Tiere 0 0 Sa M Select the prot
68. ort 192 100 0 11 4433 192 68 0 10 1025 2205 192 168 0 11 4406 2206 Internal Protected External Unprotected Network Network NB712 NB714 User Guide 9 YML829 Rev1 NEILOMM 2 1 2 Circuit Gateway Also called a Circuit Level Gateway this is a firewall approach that validates connections before allowing data to be exchanged What this means is that the firewall doesn t simply allow or disallow packets but also determines whether the connection between both ends is valid according to configurable rules then opens a session and permits traffic only from the allowed source and possibly only for a limited period of time Level 5 Application Destination IP address and or source IP address and or time of day Level 4 TCP Level 3 IP protocol user Level 2 Data Link password Level 1 Physical 2 1 3 Application Gateway The Application Level Gateway acts as a proxy for applications performing all data exchanges with the remote system on their behalf This can render a computer behind the firewall all but invisible to the remote system It can allow or disallow traffic according to very specific rules permitting some commands to a server but not others limiting file access to certain types varying rules according to authenticated users and so forth This type of firewall may also perform very detailed logging of traffic and monitoring of events on the host system and can often be instructed to sound alarms or notif
69. ort Also priority tagged frames which by definition carry no VLAN identification information are treated the same as untagged frames AVLAN tagged frame carries an explicit identification of the VLAN to which it belongs i e it carries a tag header that carries a non null VID This results in a minimum tagged frame length of 68 octets Such a frame is classified 12 NB712 NB 14 User Guide YML829 Rev1 NEILOMM as belonging to a particular VLAN based on the value of the VID that is included in the tag header The presence of the tag header carrying a non null VID means that some other device either the originator of the frame or a VLAN aware bridge has mapped this frame into a VLAN and has inserted the appropriate VID The following figure shows the difference between a untagged frame and VLAN tagged frame where the Tag Protocol Identifier TPID is of 0x8100 and it identifies the frame as a tagged frame The Tag Control Information TCI consists of the following elements 1 User priority allows the tagged frame to carry user priority information across bridged LANs in which individual LAN segments may be unable to signal priority information e g 802 3 Ethernet segments 2 The Canonical Format Indicator CFI is used to signal the presence or absence of a Routing Information Field RIF field and in combination with the Non canonical Format Indicator NCFI carried in the RIF to signal the bit order of address information car
70. orts up to 8 active VLANs with shared VLAN learning SVL bridge out of 4096 possible VLANs specified in IEEE 802 1Q 2 Each port always belongs to a default VLAN with its port VID PVID as an untagged member Also a port can belong to multiple VLANs and be tagged members of these VLANs 3 A port must not be a tagged member of its default VLAN 4 Ifa non tagged or null VID tagged packet is received it will be assigned with the default PVID of the ingress port 5 If the packet is tagged with non null VID the VID in the tag will be used 6 The look up process starts with VLAN look up to determine whether the VID is valid If the VID is not valid the packet will be dropped and its address will not be learned If the VID is valid the VID destination address and source address lookups are performed 7 The VID and destination address lookup determines the forwarding ports If it fails the packet will be broadcast to all members of the VLAN except the ingress port 8 Frames are sent out tagged or untagged depending on if the egress port is a tagged or untagged member of the VLAN that the frames belong to 9 If VID and source address look up fails the source address will be learned 3 2 Frame Specification An untagged frame or a priority tagged frame does not carry any identification of the VLAN to which it belongs such frames are classified as belonging to a particular VLAN based on parameters associated with the receiving p
71. ory Default function Will reload the factory default parameters to the gateway Note All of the settings will be changed to factory default On the other hand you will lose all the configured parameters Restore Configuration Will help you to recover your backup configuration Click Finish after selecting Restore Configuration Browse the router for the backup file and then click Finish The router will automatically restore the saved configuration Backup Configuration Any changes to the default configuration should be backed up Use this function to backup your router parameters on a PC select Backup Configuration and then press Finish Browse the place of backup file named backup Press Finish The router will automatically backup the configuration 68 NB712 NB 14 User Guide YML829 Rev1 NEILOMM 10 3 Upgrade BASIC You can upgrade the gateway using the upgrade function ADVANCED Press Upgrade STATUS Browse the file and press OK button to upgrade The system will reboot automatically after ADMIN finishing Home Basic Advanced Firmware Upgrade rt I E SYSTEM INFO Status Adin Utility CONFIG TOOL i errepa UPGRADE UTILITY FIRMWARE UPGRADE es LOGOUT RESTART Firan eebect the Gone fie Che ed a eed goena i en ot ee the ye Ce he ee wi ee ee LBrows Ee eel NB712 NB714 User Guide YML829 Rev1 69 NEILOMM 10 4 Logout BASIC To logout the ro
72. ou can configure up to three time servers in this system Move the cursor to update_rate and press enter Command admin sntp update rate lt 10 268435455 gt Message Please input the following information Update period secs Enter for default 86400 NB712 NB714 User Guide 93 YML829 Rev1 NEILOMM Move the cursor to time_zone and configure where your router is placed The easiest way to know the time zone offset hour is from your PC clock Double click the clock at the right corner of monitor and check the time zone Command admin sntp time zone lt L2 12 gt Message Please input the following information GTM time zone offset hours Enter for default 8 Move the cursor to list and review the setting 94 NB712 NB714 User Guide YML829 Rev1 NEILOMM 14 14 Utility There are three utility tools upgrade backup and restore embedded in the firmware You can update the new firmware via TFTP upgrade tools and backup the configuration via TFTP backup tool and restore the configuration via TFTP restore tool For upgrade TFTP server with the new firmware will be supported by supplier but for backup and restore you must have your own TFTP server to backup and restore the file Move the cursor gt gt to utility and press enter gt gt upgrade Upgrade main software backup Backup system configuration Restore Restore system configuration 14 15 Exit If you want to exit the system without saving
73. pport the implementation of VLAN to PVC only for bridge mode operation i e the VLAN spreads over both the COE and CPE sides where there is no layer 3 routing involved The unit supports up to 8 active VLANs with shared VLAN learning SVL bridge out of 4096 possible VLANs specified in IEEE 802 1Q Move the cursor gt gt to vlan and press enter gt gt mode Trigger virtual LAN function modify Modify virtual LAN rule pvid Modify port default ID link mode Modify port link type list Show VLAN configuration To active the VLAN function move the cursor gt gt to mode and press enter The router supports two types of VLAN 802 119 and Port Based The IEEE 802 1Q defines the operation of VLAN bridges that permit the definition operation and administration of VLAN topologies within a bridged LAN infrastructure Port Based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port NB712 NB714 User Guide 99 YML829 Rev1 NEILOMM 14 16 6 802 11Q VLAN Follow the following steps to configure 802 11q VLAN Command setup vlan active lt Disable 8021Q Port gt Message Please input the following information Tigger VLAN function Tab select lt Disable gt 80210 Command setup vlan modify lt 1 8 gt lt 1 4094 gt lt string gt Message Please input the following information Rule entry index lt 1 8 gt 1 VLAN ID Enter for default lt 1 gt 10 VLAN por
74. r Bec ee ee ee ee ee Ee So ey ee pees ce eas Ee peer oe ce Gee eel a ee eo ae aa ee This level only enables the NAT firewall and the remote management security The NAT firewall will take effect if the NAT function is enabled The default remote management security is to block any WAN side connection to the device Non empty legal IP pool in ADMIN will block all remote management connection except those IPs specified in the pool Press Finish to finish setting up the firewall The screen will display the parameters which will be written to EPROM Check the parameters Press restart to restart the router or press continue to setup another function _ Home Hi Basic Aiwanced Status Admin Utility ADVANCED FIREWALL Ce bet er cereus Set ee hee chee Se le eee peer es Bei ee a eet he pee cee ee pry peace ria pit cht L eee ee a imei hme Level Pimi ry es Fa EEA anei Tiesha p pajer pa eal E G F ep Thinis CU a pR i T pari esdas A yebe pja eet Faikan hreg Tirimmr Meins Canal Peir Enmig Pitari toe Pacha fang aie Ea EEn hee m Deng peed oe E Ama palile Prai im Lmg 48 NB712 NB714 User Guide YML829 Rev1 NEILOMM Automatic Firewall Security Home Basic Advanced Statics Aibmin ailit ADVANCED FIREWALL Firer eariy Lar e aral biimu Deal lear les C far lemmi feo Em Tia A tt m e KAT nid ml fer aa a y T AT l E i e AT S TaS Gi Aaa Pines ary Ene Tim Wi egi bey er Gee p
75. rap lt 1 5 gt lt more gt Message Please input the following information Trap host entry number lt 1 5 gt 2 The screen will prompt as follow gt gt edit Edit trap host parameter list Show trap configuration NB712 NB714 User Guide 91 YML829 Rev1 NEILOMM 14 13 4 Supervisor Password and ID The supervisor password and ID are the last door for security but the most important Users who access the router via web browser have to use the ID and password to configure the router and users who access the router via telnet or console mode have to use the password to configure the router Change the ID and password after configuration and save it When you access to the router again you have to use the new password 92 Command admin passwd lt pass_conf gt Message Please input the following information Input old Supervisor password Input new Supervisor password x xx Re type Supervisor password x Command admin id lt pass_ conf gt Message Please input the following information Legal user name Enter for default lt root gt test NB712 NB714 User Guide YML829 Rev1 NEILOMM Time synchronization is an essential element for any business that relies on an IT system The reason for this is that these systems all have clocks that are the source of time for files or operations they handle Without time synchronization time on these systems can vary and this can cause virtual server sched
76. rea ees a Loe m FARRERES Sap u mr opm deren Thi seoa aE few qei ae rere el pp ae A rare ee r akaa aiia pac Dm ria h pe a e a PY le Se te ee E eee a piin f he rl i ee ee ee eee rE Select Automatic Firewall Security This level enables basic firewall security as well as all DoS protection and the SPI filter function Press Finish to finish setting up the firewall The screen will display the parameters which will be written to EPROM Check the parameters Home Basic Advanced Status Admin Utility ADVANCED FIREWALL Firewall Security Level Review To let the configuration that you have changed take effect immediately please click Restart button to reboot the sy procedure please click Continue button u Firewall Security Level Automatic Firewall Security DoS Protection Parameters Review Enable UDP Flood Threshold 200 oe per second i amm Press restart to restart the router or press nila to setup another function NB712 NB714 User Guide 49 YML829 Rev1 NEILOMM Advanced Firewall Security You can determine the security level for special purpose environment and applications by configuring DoS protection and defining an extra packet filter with higher priority than the default SPI filter Note that an improper filter policy may degrade the capability of the firewall and or even block the normal network traffic Home Basic Advanced Status Amin Wtility ADVANCED FIREWALL Pere Se
77. rer Lnirl a Perel Severity Lovet a Gea Fees eo Em ir me ee ty ee ee ee eee ee om Li fate Forte eee re ee gu 1 acl ed pee meee he ee OS gee Prroni imas 8 ee a eed le Se ge se ee epee ig fe Dh pe Ea A i 4 ra a j i j Primaj e ha bF k p s pr Tae T ri ii ilke E j A pern AF eee add bE pa Ol k i EN eo l hi iid h I et Ee eo Click Advanced Firewall Security and then press Finish Basic Advanced Status Admin Utility FIREWALL DoS PROTECTION The Prevecclon Porameers E Detect SYN Attack SYM Anek Teresbeld 200 packets per second Dasect FOP Fd CAD Flee irmied a packels pm picia F Deet UDF Fhood UDP Placed Timbaki 200 packets per ond Eel Dert PING of Daath Anak fe Derr Land Akk e Deac TP Speco Aitik er Deet imeri Arek Ge Dret Froe Artak SYN Attack A SYN flood attack attempts to slow your network by requesting new connections but not completing the process to open the connection Once the buffer for these pending connections is full a server will not accept any more connections and will be unresponsive ICMP Flood A sender transmits a volume of ICMP request packets to cause all CPU resources to be consumed serving the phony requests UDP Flood A sender transmits a volume of requests for UDP diagnostic services which cause all CPU resources to be consumed serving the phony requests 50 NB712 NB714 User Guide YML829 Rev1 MELOUN Ping of Death A ping of death at
78. ried in the encapsulated frame 3 The VID uniquely identifies the VLAN to which the frame belongs 3 3 Applications SHDSL Router SHDSL Router Ethernet SHDSL IC aK J LAN LAN SHDSL Router LAN SHDSL NB712 NB714 User Guide ia YML829 Rev1 NEICOMM 4 Getting to know the router This section will introduce the hardware of the router 4 1 Front Panel The front panel contains LEDs which show the status of the SHDSL router Note The front panel LEDs of the NB712 2 wire and NB714 2 or 4 wire selectable are identical The NB714 is shown below LED status LEDs Active Description PWR On Power on WAN LNK On SHDSL line connection is established Blink SHDSL handshake ACT On Transmit or received data over SHDSL link LAN 1 On Ethernet cable is connected to LAN 1 Blink Transmit or received data over LAN 1 2 On Ethernet cable is connected to LAN 2 Blink Transmit or received data over LAN 2 3 On Ethernet cable is connected to LAN 3 Blink Transmit or received data over LAN 3 4 On Ethernet cable is connected to LAN 4 Blink Transmit or received data over LAN 4 ALM On SHDSL line connection is dropped Blink SHDSL self test Mo NB712 NB714 User Guide YML829 Rev1 Melb ONN 4 2 Rear Panel The rear panel of the SHDSL router is where all of the cable connections are made Connectors Description DC IN Power adaptor inlet Input voltage 9VDC LAN 1 2 3 4 10 100BaseT auto sensing and auto MDIX for LAN port RJ
79. rmation IP Address 192 168 30 1 Subnet mask 299 200 200 0 Gateway 192 169 30 2 Click Next The screen will display the parameters that will be written to EPROM Check the parameters before writing to EPROM Press Restart to restart the router with the new parameters or press continue to setup other parameters NB712 NB714 User Guide T1 YML829 Rev1 MELOUN 13 2 CPE side Click ROUTE and CPE Side then press Next Home Basit Operation Mode BASIC STEP1 Syrtem Mlode ROUTE BRIDGE SHDSL Mode ICO Sede LAN parameters CPE Sede Home Basic LAN cP Type IP Address cbnr Laak Hest Nee ingan ACP Hiatt IP Address Subnet Mask Host Name DHOP Service WAN Parameters BASIC STEP2 Fined ODynamic DHCP Clienti haa fws Lio Li 255 258 ass 0 somo Disable G Serner Relay 192 168 10 1 255 255 255 0 SOHO For more DHCP service review DHCP Service BASIC STEP4 WANI weg vor ja AAL Em OYGA LL Brocsest PaA 18 ae NB712 NB714 User Guide YML829 Rev1 NEILOMM VPI 0 VCI 32 AAL5 Encap LLC Protocol IPoA EoA IPoA NAT or EoA NAT Note The Protocol used in CO and CPE have to be the same Click Next to setup the IP parameters Refer to the section NAT DMZ for more information BASIC STEP5 WANI PP Address i2 f L0 2 Subnet Maie 355 i255 255 p Gateway 19
80. rnet world r ADMIN DMZ demilitarized zone is a computer host or small network inserted as a neutral UTILITY zone between a company private network and the outside public network It prevents outside users from getting direct access to a server that has company private data Basic fired Status Amin itility ADVANCED NAT OM2Z Speer bikes Tigaki ond IMEF lei FH SGU Amri e l few mw Waie MaE Lf ft ft A ay ea oe ee iy kT Waste co ee oe e In a typical DMZ configuration for an enterprise a separate computer or host receives requests from users within the private network to access Web sites or other companies accessible on the public network The DMZ host then initiates sessions for these requests to the public network However the DMZ host is not able to initiate a session back into the private network It can only forward packets that have already been requested NB712 NB714 User Guide 45 YML829 Rev1 Melton Users of the public network outside the company can access only the DMZ host The DMZ may typically also have the company s Web pages so these could serve the outside world However the DMZ provides access to no other company data In the event that an outside user penetrated the DMZ host s security the Web pages might be corrupted but no other company information would be exposed Press NAT DMZ to setup the parameters If you want to enable the NAT DMZ functions click
81. rotocol in admin The route is enable gt admin For configuration the parameters move the cursor gt gt to admin and press enter gt gt user Manage user profile security Setup system security snmp Configure SNMP parameter passwd Change supervisor password id Change supervisor ID sntp Configure time synchronization NB712 NB714 User Guide 89 YML829 Rev1 Melton 14 13 1 User Profile You can use the user command to clear modify and list the user profiles You can define up to five users to access the router via console port or telnet in user profile table however users who have the supervisor password can change the configuration of the router Move the cursor gt gt to user and press enter key gt gt clear Clear user profile modify Modify the user profile list List the user profile You can delete the user by number using the clear command Make sure the number of the user is correct You can use list command to check it Modify command is to modify any user information or add a new user to user profile To modify or add a new user move the cursor to modify and press enter Command admin user modify lt 1 5 gt lt more gt Message Please input the following information Legal access user profile number lt 1 5 gt 2 The screen will prompt as follow gt gt Attrib UI mode Profile User name and password There are two Ul mode command and menu mode to setup the product We will not
82. rssrrrssrrnsnriukrrnnkrnnkktntktt nekt natnra Nku NN EENEREEEEEEENEEENEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE EEEE EEE 85 M Te ANG ars orice aca tc eapnectve N A ben leave N AT A T 8 TAS SOV Scans pus r a a A E aren coe mace A TO 88 14 40 Write ooo cccccccccsccssccssecsssescseescsuscssuecseuecsuuevsauesenuescaueseseuscsuuecceeuecsuuevuuevsussceeseneusstsnessanens 89 MAW Me OOOO e A A A A Kade dete 89 T P aeei E E E done indvaedies 89 A O A E E E E AE E EA S 89 ANT sce AE EE NEEE E E E E E E E TE 95 E AE E E E E E E A R E NEA A N E 95 TA U e E E E a ioheanlaneates 95 Appendix A Cable IMTOMMATION csssnessssstnsaseintntawsinaciadsadabiabaiaanindesdhteadaddecindasdbndeduddanaieadoaainddeassntadeaaneigedianiae 2 Fr NotWOIK FONG sicateastetsecteasctvedadae tara ls Gana sin hades aE AEAEE AEA A RE 112 Straight and crossover cable configuration c cccccsessssecsersesersersessectscrsersssresssersersensestseusersenreseareers TIo M o AU aa a tae asa plc AAA EANG 113 Cross Over Cabling s rvcnsaansvanenaneeeriacuneensaanneimanancaninared ainiadnsamanansvanindodansadninaninameiwantniuaniaaeseimmnaniuninining Tio SHDSL Une AON srianan anaE ASAA AAE AEO EEO AAAA 114 CE AE 0 e E E E E TE E EE T 114 Appendix B Registration and Warranty Information ccccccccccccsseeccsseeecsseeecsseeeccsseeccsseesessuesessueeesseesensaes o NB712 NB714 User Guide 3 YML829 Rev1 NEILOMM 1 Introduction NetComm s NB712 2 wire and NB714 2 or 4 wire selectable G S
83. rver 2 on a VIRTUAL SERVER 192 168 1 3 25 which is always on FIREWALL IP QoS You can setup the router as Index 1 protocol TCP interface WAN1 service name test1 private IP 192 168 1 2 private port 80 public port 80 schedule from STATUS Day Monday to Friday and time 8 0 to 16 0 and index 2 protocol UDP interface ADMIN WAN1 service name test2 private IP 192 168 1 3 private port 25 public port 25 schedule always UTILITY Click Modify to configure the parameters Home Basic Advanced Status Admin Utility ADVANCED VIRTUAL SERVER Virtual Server Mapping Parameters Virtual Server 1 Protocol Intertace Service Name Private IP Private Port Public Port Schedule Press Restart to restart the router or press continue to setup another function NB712 NB714 User Guide 47 YML829 Rev1 NEILOMM 8 8 Firewall A firewall is a set of related programs that protect the resources of a private network from other networks It prevents unauthorised users from accessing private data and resources accidentally Basic Firewall Security Advanced Status Admin utility ADVANCED FIREWALL Home Basic Fivwwall tiaara mah irel emir Leal feo Lee Ema Ferrel tect Hii Ea Tia Aa a eats e SAT e a le e ee ee ee AT ee ee a et TET biia 1 rele D iure Tee ay Em Tia Ai eih hii fed a a ht pee ed he D e ete D feed Fri bhay Em A ie ee eerie Ser ee el r ec ee ee el ee peg r Dot eee el rg m min pi
84. second high priority 192 168 1 40 is the third highest priority and so on Basic Advanced Status l Admin Utility ADVANCED IP QoS e Geaccel iP DaS Paraneeiers Trigger FOeS Service C Diable Enable IP QoS Palicis gsc ANY m iron g wuri 5 e2 foal eima pano irony 5 es fou a ar ea malaon a fpa cja aw p a paia es fE i eae pity 2 i re oar E ane ce aoao gt pry 1 NB712 NB714 User Guide YML829 Rev1 of NEILOMM 9 Administration BASIC This section details security simple network management protocol SNMP and time t ADVANCED synchronous STATUS SNMP TIME SYNC UTILITY 58 NB712 NB714 User Guide YML829 Rev1 NEICOMM 9 1 Security For system security it is suggested that the default user name and password is changed from the default There are three ways to configure the route Web browser telnet and serial console Press Security to setup the parameters For greater security define the Supervisor ID and password for the gateway If you don t set them all users on your network will be able to access the gateway You can authorize up to five users to access the router via telnet or console There are two Ul modes menu driven mode and command mode to configure the router Home Basic Advanced Status Admin ADMIN SECURITY Supervisor Profile and Security Parameters a Supervisor ID and Password Supervi
85. sor ID root Supervisor Password Password Confirm it a User Profile i e eoo Oooo a Command Ea sf O ETI Command Command General Parameters Telnet Port NB712 NB714 User Guide YML829 Rev1 t BASIC ADVANCED STATUS ADMIN SECURITY SNMP TIME SYNC UTILITY Utility 99 NEILOMM Trusted Host address pool will setup the IP addresses from which authorized users can configure the gateway This is the most secure way to setup and control authorised access to the router Configured 0 0 0 0 will allow all hosts on Internet or LAN to access the router Leaving blank the Trust Host List will block all PCs from WAN to access the router l e only PCs on the LAN would be able to access the router If you type the exact IP address in the field only that host can access the router Basic Avance Status Admin Utility a Remote Management Host etd legal management IF address Sete an empty pool defaults te a cecunty level that would allow amy host in LAN but deny all commections from WAN side A DODO enory in the pool wii allow all management machadaig the biter ID IP Address 1 oo00 EE Bo Soo Click Finish to finish the setting The browser will display the configured parameters and check it before writing them to EPROM Press Restart to restart the gateway working with the new parameters and press Continue to setup other parameters 60 NB712 NB 14 User Guide
86. t status Enter for default 11001 For each VLAN VLAN ID is a unique number among 1 4095 VLAN port status is a 12 digit binary number whose bit 1 location indicates the VLAN port membership in which AMSBs and 8MSB represents LAN ports and WAN port respectively For example the above setting means that the VID 20 member port includes LAN1 LAN2 and WAN The member ports are tagged members Use PVID command to change the member port to untagged members To assign PVID Port VID move the cursor gt gt to PVID and press enter The port index 1 to 4 represents LAN1 to LAN4 respectively and port index 5 to 12 represents WAN1 to WANS VID value is the group at which you want to assign the PVID of the port PVID is Command setup vlan pvid lt 1 12 gt lt 1 4094 gt Message Please input the following information Port index lt 1 12 gt 1 VID Value Enter for default lt 10 gt 10 To modify the link type of the port move the cursor to link mode and press enter There are two types of link access and trunk Trunk link will send the tagged packet form the port and access link will send un tagged packet form the port Port index 1 to 4 represents LAN1 to LAN4 respectively According to the operation mode of the device link tyoe of WAN port is automatically configured If the product operates in bridge mode the WAN link type will be trunk and in routing mode access Command setup vlan link mode lt l 1z gt lt Access Trunk gt
87. tack attempts to crash your system by sending a fragmented packet when reconstructed is larger than the maximum allowable size Other known variants of the ping of death include teardrop bonk and nestea Land Attack A land attack is an attempt to slow your network down by sending a packet with identical source and destination addresses originating from your network IP Spoofing IP Spoofing is a method of masking the identity of an intrusion by making it appeared that the traffic came from a different computer This is used by intruders to keep their anonymity and can be used in a Denial of Service attack Smurf Attack A smurf attack involves two systems The attacker sends a packet containing a ICMP echo request ping to the network address of one system This system is known as the amplifier The return address of the ping is faked spoofed to appear to come from a machine on another network the victim The victim is then flooded with responses to the ping As many responses are generated for only one attack the attacker is able use many amplifiers on the same victim Traditional firewalls are stateless meaning they have no memory of the connections of data or packets that pass through them Such IP filtering firewalls simply examine header information in each packet and attempt to match it to a set of defined rule If the firewall finds a match the prescribed action is taken If no match is found the packet is accepted into the netw
88. teway static Default gateway Static bridging table You can setup default gateway IP via gateway command You can define 20 sets of static bridge in static command After entering static menu the screen will prompt as below gt gt add delete modify list gt gt mac 98 lan port wanl port wan2 port wan3 port wan4 port wanS port wan6 port wan port wan8 port LISE Add static MAC entry Delete static MAC entry Modify static MAC entry Show static bridging table After enter add menu the screen will prompt as follow MAC address LAN interface bridging type Configure Configure Configure Configure Configure Configure Configure Configure Configure Configure WAN1 WAN2 WAN3 WAN4 WANS WAN6 WAN WAN8 interface interface interface interface interface interface interface interface bridging bridging bridging bridging bridging bridging bridging bridging Show static bridging table type type type type type type type type NB712 NB714 User Guide YML829 Rev1 NEILOMM Virtual LAN VLAN is defined as a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire when in fact they are located on a number of different LAN segments Because VLAN is based on logical instead of physical connections it is extremely flexible You can setup the Virtual LAN VLAN parameters in vlan command The router su
89. the procedure Home TERE Atvanced Status Admin Utility BASIC STEP2 LAN IP Type Fixed Dynamic DHCP Client Adds 160768 1 _ 1 Subnet Mask 255 255 255 o Trigger DHCP Service Disable Server O Relay LAN IP Type Dynamic Click Next to setup WAN1 parameters NB712 NB714 User Guide 25 YML829 Rev1 NEILOMM 7 2 2 DHCP Server Dynamic Host Configuration Protocol DHCP is a communication protocol that allows network administrators to centrally manage and automate the assignment of Internet Protocol IP addresses in an organization s network Internet Protocol requires that each machine that can connect to the Internet has a unique IP address When an organization sets up its computer users with a connection to the Internet an IP address must be assigned to each Home Basie Advanced Status Admin Utility BASIC STEP3 DHCP SERVER E Genre DACP Parsee Start P Address 453 468 4 2 End P Address 999 768 1 51 DNS Server 1 192 168 1 1 Dis Serer 2 LAS fee d Lease Time 72 2 ours e lable of Fined DHCP Hoir Emtrici Hint The famat of the MAC Ades ip SSE TESA Index MAC Address IP Address i z Z machine Without DHCP the IP address must be entered manually for each computer If computers move to another location in another part of the network a new IP address must be entered DHCP lets a network administrator supervise and distribute IP addresses from a central point
90. thentication code Poison Reverse Poison Reverse promptly broadcasts or multicasts the RIP while the route is changed e g shutting down one of the routers in routing table Enable the gateway will actively broadcast or multicast the information Disable the gateway will not broadcast or multicast the information After modifying the RIP parameters press finish The screen will display the modified parameters Check the parameters and press Restart to restart the router or press Continue to setup other parameters 44 NB712 NB714 User Guide YML829 Rev1 NEILOMM 8 6 NAT DMZ ta NAT Network Address Translation is the translation of an Internet Protocol address T ADVANCED IP address used within one network to a different IP address known within another eee network One network is designated as the inside network and the other is the BRIDGE outside Typically a company maps its local inside network addresses to one or more hea global outside IP address and changes the global IP addresses of incoming packets a NAT OMZ back into local IP addresses This ensures security since each outgoing or incoming eu request must go through a translation process that also offers the opportunity IP Gos to qualify or authenticate the request or match it to a previous request NAT also te conserves the number of global IP addresses that a company needs and lets the company use a single IP address for its communication in the Inte
91. tween the two networks to see if it meets certain criteria If it does it is routed between the networks otherwise it is stopped A firewall filters both inbound and outbound traffic It can also manage public access to private networked resources such as host applications It can log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted Firewalls can filter packets based on their source and destination addresses and port numbers This is known as address filtering Firewalls can also filter specific types of network traffic This is Known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used for example HTTP ftp or telnet Firewalls can also filter traffic by packet attribute or state It is important to note that an Internet firewall cannot prevent individual users with modems from dialling into or out of the network By doing so they bypass the firewall altogether and open the network to attack However these are management issues that should be raised during the planning of any security policy and cannot be solved with Internet firewalls alone Unknown Traffic f lg f Specified Allowed Traffic Out to Internet AT NB714 or NB712 G SHDSL Modem Router Access to Specific Destination Note NB714 model shown _ Allowed Traffic Restricted Traffic 3 Firewall ma ic l l Ss PC PC PG 8 NB712 NB714 User Guide YML829
92. ule processes to fail and system log exposures with wrong data There are two methods to synchronize time synchronize with a PC or SNTPv4 If you choose synchronize with PC the router will synchronize with a PC If you choose SNTPv4 the router will use the protocol to synchronize with the time server Synchronization with time server SNTP v4 needs to configure service time_server and time_zone Synchronization with PC does not require the above parameters Move the cursor gt gt to sntp and press enter gt gt method Select time synchronization method service Tigger SNTP v4 0 service time server Configure time server 1 time server2 Configure time server 2 time Servers Configure time server 3 updaterate Configure update period time Zone Configure GMT time Zone offset list Show SNTP configuration To configure SNTP v4 time synchronization follow the procedures detailed below Move the cursor to method and press enter Command admin sntp method lt SNTPv4 SyncWithPC gt Message Please input the following information SYNC method Enter for default lt SyncWithPC gt SNTPv4 Command admin sntp service lt Disable Enable gt Message Please input the following information Active SNTP v4 0 service Tab Select lt Enable gt Enable Command admin sntp Lime serverl lt string gt Message Please input the following information Time server address Enter for default lt ntp 2 vt edu gt ntp 2 vt edu Y
93. use exit command to quit system 14 16 Setup All of the setup parameters are located in the subdirectories of setup Move the cursor gt gt to setup and press enter gt gt mode Switch system operation mode shds1 Configure SHDSL parameters wan Configure WAN interface profile bridge Configure transparent bridging vlan Configure virtual LAN paramters route Configure routing parameters lan Configure LAN interface profile ip share Configure NAT PAT parameters firewall Configure Firewall parameters dhcp Configure DHCP parameters dns proxy Configure DNS proxy parameters hostname Configure local host name default Restore factory default setting 14 16 1 Mode The product can act as routing mode or bridging mode The default setting is routing mode You can change the system operation mode by using mode command Move the cursor gt gt to mode and press enter Command Message System operation mode setup mode lt Route Bridge gt Please input the following information TAB select lt Route gt Route NB712 NB714 User Guide YML829 Rev1 95 Melton 14 16 2 SHDSL You can setup the SHDSL parameters by the command shdsl Move the cursor gt gt to shdsl and press enter gt gt mode Configure SHDSL mode Link Configure SHDSL link n 64 Configure SHDSL data rate type Configure SHDSL annex type clear Clear current CRC error count margin Configure SHDSL SNR margin There are two types of SHDSL mo
94. uter press logout e ADVANCED STATUS ADMIN CONFIG TOOL UPGRADE a LOGOUT RESTART 70 NB712 NB714 User Guide YML829 Rev1 NEILOMM 10 5 Restart BASIC To restart the router select Restart in UTILITY ADVANCED Click on the Restart button to reboot the router STATUS ADMIN UTILITY SYSTEM INFO CONFIG TOOL Home Basic Advanced Status Admin Utility pE UTILITY RESTART RESTART Th page offer woe the oppa terested poe SOR Plager Wira the restart bore be koel the SOHO Aran m raat and your barsa an will be discemmected The may eepeae oo A your bene seamen h leap Ae the eerver HIE en Sey as pace tear berae a proce Lease of cleat paa loner Geel pce A eel ei ey rf EZIN NB712 NB714 User Guide 71 YML829 Rev1 Melb ON 11 Status You can monitor the following 12 SHDSL status including mode Tx power Bitrate and Performance information including SNR margin attenuation and CRC error count LAN status will display the MAC address IP address Subnet mask and DHCP client table WAN status will display the WAN interface information Route status will display the routing table of router Interface status includes LAN and WAN statistics information Firewall status display DoS protection status and dropped packets Statistics BASIC ADVANCED STATUS SHDSL LAN WAN ROUTE INTERFACE IP QoS ADMIN UTILITY NB712 NB714 User Guide YML829 Rev1 MeO 1
95. ware and backup and restore configuration are done via utility command exit Quit system Boo NB712 NB714 User Guide YML829 Rev1 14 8 Status NEILOMM You can view the status of SHDSL WAN route and interface via the status command Move cursor gt gt to status and press enter gt gt shds1 wan route interface firewall Command shdsl wan route interface firewall NB712 NB714 User Guide YML829 Rev1 Show Show Show Show Show SHDSL status WAN interface status routing table interface statistics status firewall status Description The SHDSL status includes line rate SNR margin TX power attenuation and CRC error of the product and SNR margin attenuation and CRC error of remote side The product access remote side information via EOC embedded operation channel WAN status shows the 8 PVC information which are configured You can see the routing table via the route command The statistic status of WAN and LAN interface can be monitor by interface command The current and history status of firewall are shown in this command 87 NEILOMM 14 9 Show You can view the system information configuration and configuration via the show command Move cursor gt gt to show and press enter gt gt system Show general information contig Show all configuration script Show all configuration in command script Description The general information of the system
96. way with the new parameters or press Continue to setup other parameters NB712 NB714 User Guide YML829 Rev1 65 66 NEILOMAT 10 Utility pissin This section describes the utility of the router including system information loading the factory default configuration upgrading the firmware logout and restarting the gateway STATUS ADMIN SYSTEM INFO CONFIG TOOL a LOGOUT RESTART NB712 NB714 User Guide YML829 Rev1 Melb OMM 10 1 System Info BASIC Click on System Info to review the information ADVANCED The browser will display your system information on the screen STATUS Home Basic Advanced Status Admin Utility UTILITY SYSTEM INFO General System Information Product Moai No712 1458 0000 15309D7 1 1456 MO0 A040EB3 G22aT 108 0816T 2002701701 00 29 03 GMT 8 00 ODAYOHR SMIN NB712 NB714 User Guide YML829 Rev1 67 Meibom 10 2 Config Tool BASIC This configuration tool has three functions Load Factory Default Restore Configuration and ADVANCED Backup Configuration STATUS Press Config Tool gt ADMIN Choose the function and then click on Finish UTILITY a SYSTEM INFO CONFIG TOOL a UPGRADE a LOGOUT RESTART Home Basic Advanced Status Admin Utility UTILITY CONFIG TOOL Select Configuration Tool Configuration Took Load Factory Default si Load Factory Default Restore Configuration Backup Configuration Load Fact
97. witching hub 4 port router e 10 100 Base T auto sensing and auto negotiation e Auto MDIX 4 port router Hardware Interface e WAN RJ 11 e LAN RJ 45 x 4 e Console RS232 female e RST Reset button for factory default Indicators e General PWR e WAN LNK ACT e LAN 1 2 3 4 e SHDSL ALM NB712 NB714 User Guide YML829 Rev1 Melb Om Physical Electrical e Dimensions 18 7 x 3 3 x 14 5cm WxHxD e Power 100 240VAC via power adapter e Power consumption 9 watts max e Temperature 0 45 C e Humidity 0 95 RH non condensing Memory e 2MB Flash Memory 8MB SDRAM Product Information e G shdsl 2 wire router bridge with 4 port switching hub LAN VLAN and business class firewall e G shdsl 2 or 4 wire selectable router bridge with 4 port switching hub LAN VLAN and business class firewall 1 4 Application lh NB714 or NB712 G SHDSL Modem Router Note NB714 model shown 1 Firewall NB712 NB714 User Guide 7 YML829 Rev1 NEILOMM 2 Firewall A firewall protects networked computers from an intrusion that could compromise confidentiality or result in data corruption or denial of service It must have at least two network interfaces one for the network it is intended to protect and one for the network it is exposed to A firewall sits at the junction point or gateway between the two networks usually a private network and a public network such as the Internet A firewall examines all traffic routed be
98. with all of the terms of any relevant agreement with NetComm and any other reasonable requirements of NetComm including producing such evidence of purchase as NetComm may require The cost of transporting product to and from NetComm s nominated premises is your responsibility and NetComm does not have any liability or responsibility under this warranty where any cost loss injury or damage of any kind whether direct indirect consequential incidental or otherwise arises out of events beyond NetComm s reasonable control This includes but is not limited to acts of God war riot embargoes acts of civil or military authorities fire floods electricity outages lightning power surges or shortages of materials or labour 6 The customer is responsible for the security of their computer and network at all times Security features may be disabled within the factory default settings NetComm recommends that you enable these features to enhance your security The warranty is automatically voided if 1 You or someone else use the product or attempts to use it other than as specified by NetComm 2 The fault or defect in your product is the result of a voltage surge subjected to the product either by the way of power supply or communication line whether caused by thunderstorm activity or any other cause s The fault is the result of accidental damage or damage in transit including but not limited to liquid spillage Your product
99. y an operator under defined conditions Application level gateways are generally regarded as the most secure type of firewall Level 5 Application Level 4 TCP Level 3 IP Level 2 Data Link Level 1 Physical 2 2 Denial of Service Attack Denial of service DoS attacks typically come in two varieties resource starvation and resource overload DoS attacks can occur when there is a legitimate demand for a resource that is greater than the supply i e too many web requests to an already overloaded web server Software vulnerability or system misconfigurations can also cause DoS situations The difference between a malicious denial of service and simple system overload is the requirement of an individual with malicious intent attacker using or attempting to use resources specifically to deny those resources to other users 10 NB712 NB714 User Guide YML829 Rev1 Ping of death SYN Flood ICMP Flood UDP Flood Land attack Smurf attack Fraggle Attack IP Spoofing NB712 NB714 User Guide YML829 Rev1 NEILOMM On the Internet ping of death is a kind of denial of service DoS attack caused by an attacker deliberately sending an IP packet larger than the 65 536 bytes allowed by the IP protocol One of the features of TCP IP is fragmentation it allows a single IP packet to be broken down into smaller segments Attackers began to take advantage of that feature when they found that a packet broken down into fragme
Download Pdf Manuals
Related Search