Home
G.shdsl Router User Manual
Contents
1. 37 G shdsl Router User Manual VER 1 0 8 Advanced Setup Advanced setup contains SHDSL WAN Bridge Route NAT DMZ Virtual BASIC server and firewall parameters ROUTE NAT DOM2 VIRTUAL SERVER FIREWALL STATUS ADMIN UTILITY 38 G shds Router User Manual VER 1 0 8 1 SHDSL You can setup the Annex type data rate and SNR margin for SHDSL BASIC parameters in SHDSL Click SHDS y ADVANCED e SHDSL e WAN BRIDGE e VLAN ROUTE e NAT DMZ e VIRTUAL SERVER e FIREWALL STATUS rr ADMIN UTILITY Annex Type There are two Annex types Annex A ANSI and Annex B ETSI in SHDSL Check with your ISP about it Link Type The product support two link type 4 wire mode with 4 0608Mbps data rate and 2 wire mode with 2 304Mbps data rate Data Rate you can setup the SHDSL data rate in the multiple of 64kbps For adaptive mode you have to setup n 0 The router will adapt the data rate according to the line status Advanced Status Admin ADVANCED SHDSL Basic Utility Operation Mode Setup Operation Mode Annex Type AnnexA Annex B Link Type 4 Wire 2 Wire Data Rate n 64kbps o range 0 36 n 0 for adaptive mode SHDSL SNR margin D range 0 10 SHDSL SNR margin the margin range is from 0 to 10 SNR margin is an index of line connection You can see the actual SNR margin in STATUS SHDSL The larger SNR margin the better line connection If you set SNR margin
2. DENY PERMIT Description Permit for mail server Sre IP Address 0 0 0 0 e g Any 0 0 0 0 Single 10 0 0 1 Dest IP Address 192 168 0 111 Range 192 168 0 1 192 168 0 76 Schedule Always From Day Sunday to Saturday Time 0 y fo z to 23 59 Basic Advanced Status Admin Utility FIREWALL PKT FILTER Packet Filtering Parameters General packet filtering parameter Trigger Packet Filtering Service Disable Enable Access policies Index Enable Protocol Direction Action Source Destination ve E Schedule Description Flag Type ON TON ANY Inbound Permit ia Always Permit for mail server Filtering Rule for SMTP connection Filtering rule will be configured as follow Schedule Any Any 53 G shdsl Router User Manual VER 1 0 Dest Port_ Action Rule 1 Mbound_ 19216834 172 16 1 1 _ TCP___ 25 Permit A 2 Outbound 172 16 1 1 192 168 3 4 TCP_ 1234 Permit B 172 16 1 1 25 192 168 3 4 1234 ah al amp SMTP Server Firewall SMTP Client Dest Port_ Action Rule 3 Outbound _ 172 16 1 1 192 168 3 4 4 Inbound 192 168 3 4 172 16 1 1 TCP 1357 Permit D 172 16 1 1 1357 192 168 3 4 25 0 5 E jji SMIP Client Firewall SMIP Server Dest Port Action Rule 5 Inbound 110 1 2 3 171 16 3 4 TCP 6000 Deny E 6 Outbound 171 16 3 4 10 1 2 3 TC
3. Enable the gateway will actively broadcast or multicast the information Disable the gateway will not broadcast or multicast the information After modifying the RIP parameters press finish Table of Current Interface RIP Parameter VER 1 0 oe ele oe Lee ae LAN Disable 2 7 None Enable Di 2 None Enable None None Disable None WANS Disable None Disable None WAN Disable None Disable None WANS Disable None Disable None WANG Disable None Disable None WAN Disable None Disable None WANG Disable None Disable None Table of Current Interface RIP Parameter ee ee en eee a LAN Disable 2 None Enable 7 WANI Disable il La None Enable ji None i WAN2 Disable None Disable None WANS Disable None Disable None WANA Disable None Disable None WANS Disable None Disable None WANG Disable None Disable None WAN Disable None Disable None WANG Disable None Disable None E a ecco Table of Current Interface RIP Parameter intertace RIP Arata Authentication Poison Authentication Mode Required Reverse Code LAN Disables 23 Enable WANI Disable 2 Enable None WAN2 Disable Disable None WANS Disable Disable None WAN4 Disable Dis
4. A SYN flood attack attempts to slow DoS Protect Parameters your network by request Ng new M Detect SYN Attack SYN Attack Threshold 200 packets per second con nectio Ns but n ot com pleting the M Detect ICMP Flood ICMP Flood Threshold 200 packets per second process to open the con nection i M Detect UDP Flood UDP Flood Threshold jo packets per second Once the buffer for these pend ng M Detect PING of Death Attack connections Is full a server will not Detect Land Attack accept any more connections and F Detect IP Spoofing Attack will be unresponsive diia M Detect Fraggle Attack ICMP Flood A sender transmits a volume of ICMP request packets to Eo Ml ce cause all CPU resources to be consumed serving the phony requests UDP Flood A sender transmits a volume of requests for UDP diagnostic services which cause all CPU resources to be consumed serving the phony requests A ping of death attack attempts to crash your system by sending a fragmented packet when reconstructed is larger than the maximum allowable size Other known variants of the ping of death include teardrop bonk and nestea A land attack is an attempt to slow your network down by sending a packet with identical source and destination addresses originating from your network IP Spoofing is a method of masking the identity of an intrusion by making it appeared that the traffic came from a different computer This is used by intruders to keep their anonymity and can be used
5. G shdsl Router User Manual VER 1 0 7 1 Bridge Mode Bridge BAS a Bae eee Boca se o IP 192 168 0 254 etmask s 3 HUA fi Gateway 192 168 0 254 um ard LAVA Y IP 192 168 0 2 VPI 0 VCI 32 Netmask 255 255 255 0 Encapsulation LLC Gateway 192 168 0 254 Before configuration the router in bridge mode VPI check with your ISP about these information VCI Encapsulation Gateway Host Name if applicable Click and Side to setup Bridging HACER mode of the Router and then click Next for BASIC STEP1 the next setting This product can be setup two SHDSL mode Preration Mode CO Central Office and CPE Customer System Mode C ROUTE 6 BRIDGE Premises Equipment For connection with SHDSL Mode CCO Side CPE Side DSLAM the SHDSL mode is CPE For LAN to LAN connection one side must be Co and E Ms ee the other side must be CPE LAN Parameters Home Basic Advanced Status Admin Utility Enter IP 192 168 0 1 BASIC STEP2 Enter Subnet Mask 255 255 255 0 Enter Gateway 192 168 0 254 ii The Gateway IP is provided by ISP P Address h92 he Lo Li Enter Host Name SOHO Subnet Mask 255 p5 p o Some of the ISP requires the host name as Gateway taz fiee p 25a identification You may check with ISP to HostName SOHO see if your Internet service has been configured with a host name In most cases AS this field can be ignored ve ff ve B2 WAN1 Parameters Encap CVC mux LLC Ente
6. in a Denial of Service attack A smurf attack involves two systems The attacker sends a packet containing a ICMP echo request ping to the network address of one system This system is known as the amplifier The return address of the ping has been faked spoofed to appear to come from a machine on another network the victim The victim is then flooded with responses to the ping As many responses are generated for only one attack the attacker is able use many amplifiers on the same victim IP Spoofing Falsify the IP header information to deceive the destination host Traditional firewall are stateless meaning they have no memory of the connections of data or packets that pass through them Such IP filtering firewalls simply examine header information in each packet and attempt to match it to a set of define rule If the firewall finds a match the prescribe action is taken If no match is found the packet is accepted into the network or dropped depending on the firewall configuration A stateful firewall maintains a memory of each connection and data passing through it Stateful firewall records the context of connections during each session continuously updating state information in dynamic tables With this information stateful firewalls inspect each connection traversing each interface of the firewall testing the validity of data packets throughout each session As data arrives it is checked against the state tables and if the data
7. 1 0 9 Administration This session introduces security and simple network management protocol SNMP and time synchronous BASIC ADVANCED STATUS e SECURITY e SNMP e TIME SYNC UTILITY 58 G shdsl Router User Manual VER 1 0 9 1 Security For system secutiry suggest to change the default user name and password BASIC in the first setup otherwise unauthorized persons can access the router and change the parameters There are three ways to configure the router Web browser telnet and serial ADVANCED console STATUS Press to setup the parameters e TIME SYNC UTILITY For greater security change the Supervisor Home Basic Advanced Status Admin Utility ID and password for the gateway If you don t ADMIN SECURITY set them all users on your network can be able to access the gateway using the default Supervisor Profile and Security Parameters IP and Password root see maculae ea SupervisorID rot You can authorize five legal users to access Supervisor Password the router via telnet or console There are two Password Confirm Ul modes menu driven mode and command mode to configure the router User Profile ID User Name User Password Password Confirm Ul Mode Vfadmin ee Me El Legal address pool will setup the legal IP e as ae ean addresses from which authorized person can SEO anal 4 5 configure the gateway This is the more O Al secure f
8. 1 0 The virtual menu contains range of virtual IP address delete virtual IP address and show virtual IP address gt gt range Edit virtual IP address pool delete Delete virtual IP address pool list Show virtual IP address pool You can create five virtual IP address pool range in range command Command setup ip_share nat virtual range lt 1 5 gt lt ip gt lt 1 253 gt Message Please input the following information NAT local address range entry number lt 1 5 gt 1 Base address 192 168 0 2 Number of address 49 You can delete virtual IP address range from 1 to 5 by using delete command You can view the virtual IP address range via list command To setup global IP address pool move the cursor gt gt to global command and press enter gt gt range Edit global IP address pool interface Bind address pool to specific interface delete Delete global IP address pool list Show global IP address pool You can create five global IP address pool range via range command Command setup ip_share nat global range lt 1 5 gt lt ip gt lt 1 253 gt Message Please input the following information NAT global IP address range entry number lt 1 5 gt 1 Base address 122 22 22 2 Number of address 3 After configuration global IP address range You can bind address pool to specific interface via bind command Command setup ip_share nat global interface lt 1 5 gt lt 1 8 gt Message Please input the following i
9. 4 port switching hub LAN G shdsl 4 wire router bridge with 4 port switching hub LAN VLAN and business class firewall G shdsl Router User Manual VER 1 0 1 3 Applications DSLAM ojojojo ojo jojojo ojo SHDSL Internet SHDSL pus Ethernet LAN CES Connection with DSLAM SHDSL Router SHDSL Router Ethernet SHDSL Ethernet LAN A NAO J LAN LAN to LAN Connection G shdsl Router User Manual VER 1 0 2 Yours Firewall A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service It must have at least two network interfaces one for the network it is intended to protect and one for the network it is exposed to A firewall sits at the junction point or gateway between the two networks usually a private network and a public network such as the Internet A firewall examines all traffic routed between the two networks to see if it meets certain criteria If it does it is routed between the networks otherwise it is stopped A firewall filters both inbound and outbound traffic lt can also manage public access to private networked resources such as host applications lt can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted Firewalls can filter packets based on their source and destination addresses and port number
10. ADVANCED network e SHDSL e WAN With Dynamic Routing you can enable the Router to automatically adjust e BRIDGE to physical changes in the network s layout The Router using the RIP e VLAN protocol determines the network packets route based on the fewest e ROUTE number of hops between the source and the destination The RIP protocol x A een regularly broadcasts routing information to other routers on the network FIREWALL STATUS Click to modify the routing information gt ADMIN UTILITY Home Basic Advanced status Admin Utility ADVANCED ROUTE Static Route and RIP Parameters Table of Current Static Route Entries Index Network Address Subnet Mask Gateway 1 0 0 0 0 0 0 0 0 10 1 2 2 2 I i General RIP Parameter RIP Mode Disable Enable Auto RIP Summary Disable Enable Table of Current Interface RIP Parameter To modify the RIP Routing information protocol Parameters RIP Mode Auto RIP Summary Press Aa LAN Disable 2 None Enable None C WANT Disable 2 None Enable None C WAN2 Disable None Disable None C WANS Disable None Disable None Home Basic Advanced Status Admin Utility General RIP Parameter RIP Mode Disable Enable Auto RIP Summary Disable Enable Table of Current Interface RIP Parameter e el e eee LAN Disable 2 None Enable None
11. C WANI Disable 2 None Enable None WAN2 Disable None Disable None C WANS Disable None Disable None WAN4 Disable None Disable None C WANS Disable None Disable None C WANG Disable None Disable None C WAN Disable None Disable None WANS Disable None Disable None Modity 45 G shdsl Router User Manual RIP Mode this parameter determines how the product handle RIP Routing information protocol RIP allows it to exchange routing information with other router If set to Disable the gateway does not participate in any RIP exchange with other router If set Enable the router broadcasts the routing table of the router on the LAN and incoporates RIP broadcast by other routers into it s routing table If set silent the router does not broadcast the routing table but it accepts RIP broadcast packets that it receives RIP Version It determines the format and broadcasting method of any RIP transmissions by the gateway RIP v1 it only sends RIP vi messages only RIP v2 it send RIP v2 messages in multicast and broadcast format Authentication required None for RIP there is no need of authentication code Password the RIP is protected by password authentication code MD5 The RIP will be decoded by MD5 than protected by password authentication code Poison Reserve is for the purpose of promptly broadcast or multicast the RIP while the route is changed ex shuting down one of the routers in routing table
12. Ethernet for fixed and dynamic IP RFC 2516 PPP over ATM for fixed and dynamic IP RFC 2364 User authentication with PAP CHAP MS CHAP WAN Interface VVVVV SHDSL ITU T G 991 2 Annex A Annex B Encoding scheme 16 TCPAM Data Rate 2 wire mode N x 64Kbps N 0 36 O for adaptive Data Rate 4 wire mode N x 128kbps N 0 36 O for adaptive Impedance 135 ohms G shdsl Router User Manual VER 1 0 LAN Interface gt 4 ports switching hub 4 port router gt 10 100 Base T auto sensing and auto negotiation gt Auto MDIX 4 port router Hardware Interface WAN RJ 11 LAN RJ 45 x 4 4 port router LAN RJ 45 x 1 1 port router Console RS232 female RST Reset button for factory default VVVV V Indicators General PWR WAN LNK ACT LAN 10M ACT 100M ACT 1 port router LAN 1 2 3 4 4 port router SHDSL ALM VVVVV Physical Electrical gt Dimensions 18 7 x 3 3 x 14 5cm WxHxD gt Power 100 240VAC via power adapter gt Power consumption 9 watts max gt Temperature 0 45 C gt Humidity 0 95 RH non condensing Memory gt 2MB Flash Memory 8MB SDRAM Products Information G shdsl 2 wire router bridge with 1 port LAN G shdsl 2 wire router bridge with 1 port LAN VLAN and business class firewall G shdsl 2 wire router bridge with 4 port switching hub LAN G shdsl 2 wire router bridge with 4 port switching hub LAN VLAN and business class firewall G shdsl 4 wire router bridge with
13. Fter 3 Filter 7 Filter 4 Filter g Filter Add Finish Home Basic Advanced Status Admin Utility ADVANCED BRIDGE Bridge Parameters Review To let the configuration that you have changed take effect immediately please click Restart button to reboot the sys continue the setup procedure please click Continue button Generic Bridge Parameter Default Gateway 192 168 0 254 a Static Bridge Parameter No MAC Address LAN WAN1 WAN2 WAN3 WANS WANS WANG WAN7 WANS Fool is Empty 42 G shdsl Router User Manual VER 1 0 8 4 VLAN Virtual LAN VLAN is defined as a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire when in fact they are located on a number of different LAN segments Because VLAN is based on logical instead of physical connections it is extremely flexible Click VLAN to configure VLAN BASIC T ADVANCED e SHDSL e WAN e BRIDGE e VLAN e ROUTE e NAT DMZ e VIRTUAL SERVER e FIREWALL STATUS ADMIN UTILITY The product support two types of VLAN Home Basic Advanced Status Admin Utility 802 1Q and Port Based User can configure ADVANCED VLAN one of them to the router o For setting 802 1Q VLAN click the 802 1Q i Tag Based VLAN The screem will prompt ci n as follow Mode Disable 802 1Q Tag Based VLAN Port Based VLAN VID Virtual LAN ID It is an definite number of
14. G shdsl Router User Manual VER 1 0 4 2 Rear Panel The rear panel of SHDSL router is where all of the connections are made Cr IH LIME all CONSOLE 1 d a 4 Rear Panel of SHOSL 4wre 4 port router bridge CONSOLE eME Wo D DC IN LAN 1 2 3 4 CONSOLE LINE RST Rear Panel of SHDSL 2 wire pot router bridge Connectors Description of 2 wire 1 port router Power adaptor inlet Input voltage 9VDC Ethernet 10BaseT for LAN port RJ 45 RS 232C DB9 for system configuration and maintenance SHDSL interface for WAN port RJ 11 Reset button for reboot or load factory default Connectors Description of 4 wire 4 port router Power adaptor inlet Input voltage 9VDC 10 100BaseT auto sensing and auto MDIX for LAN port RJ 45 RS 232C DB9 for system configuration and maintenance SHDSL interface for WAN port RJ 11 Reset button for reboot or load factory default A reset button can be used only in one of two ways 1 Press the Reset Button for one second will cause system reboot 2 Pressing the Reset Button for four seconds will cause the product loading the factory default setting and losing all of yours configuration When you want to change its configuration but forget the user name or password or if the product is having problems connecting to the Internet and you want to configure it again clearing all configurations press the Reset Button for four seconds with a paper clip or sharp pencil 18 G shdsl Route
15. ID which number is from 1 to 4094 PVID Port VID which is an untagged member of default VLAN Link Type Access means the port can receive or send untagged packets Link Type Trunk means that the prot can receive or send tagged packets 43 G shdsl Router User Manual VER 1 0 Basic Advanced Status Admin Utility Lb Virtual LAN Parameters General Parameter Mode Disable 802 1QTag Based VLAN Port Based VLAN 302 10 Tag Based VLAN Table v i e AS am Owam wane wans wana D wans wanz wane se o o o f o o o o o Le f fe fo fe o o j o f o o o o oe e o oe sp i n O r O a O O o E z z Ha Type Access Access Access y Access y Access y Access 7 Access y Access x Access Access Access Access y E oe MT Port Based VLANs are VLANs where Home Basic Advanced Status Admin Utility the packet forwarding decision is based ADVANCED VLAN on the destination MAC address and its ae or associated port General Parameter Click Port Based VLAN to configure the Mode Disable 802 1QTag Based VLAN Port Based VLAN router Port Based VLAN Table 44 G shdsl Router User Manual VER 1 0 8 5 Route If the Router is connected to more than one network it may be necessary BASIC to set up a static route between them A static route is a pre determined pathway that network information must travel to reach a specific host or Y
16. If you want to restore factory default first move the cursor gt gt to default and then press enter Command setup default lt name gt Message Please input the following information Are you sure Y N y G shdsl Router User Manual VER 1 0 Copyright amp Regulatory Information Manual Copyright 2005 This manual described in it is copyrighted with all rights reserved This manual may not be copied in whole or in part without written consent All product names are trademarks and or registered trademarks of their respective companies 106
17. O A IA tet dns eaceectetec 101 Tlo Backers is 101 TALLOS DOS CCOO SS 102 KIO TIPO asi 103 TOU A Guanes ete E eee ee 104 AIOS SOI STONY iaiesaniceactte satan old 105 E A AS leeway E dees 105 A O RA II II II OA 105 G shdsl Router User Manual VER 1 0 1 Descriptions The SHDSL Single Paired High Speed Digital Subscriber Loop routers comply with G 991 2 standard with 10 100 Base T auto negotiation lt provides business class multi range form 64Kbps to 2 304Mbps for 2 wire mode or 128kbps to 4 608Mbps for 4 wire mode payload rates over exiting single pair copper wire The SHDSL routers are designed not only to optimize the service bit rate from central office to customer premises also it integrates high end Bridging Routing capabilities with advanced functions of Multi DMZ virtual server mapping and VPN pass through Because of rapid growth of network virtual LAN has become one of the major new areas in internetworking industry The SHDSL routers support port based and IEEE 802 1q VLAN over ATM network The firewall routers provide not only advanced functions Multi DMZ virtual server mapping and VPN pass through but advanced firewall SPI NAT DoS protection serving as a powerful firewall to protect from outside intruders of secure connection The 4 port routers support four ports 10Base T 100Base T auto negotiation and auto MDIX switching ports to meet the enterprise need The SHDSL routers allow customers to leverage the late
18. STEPS Your ISP will provide it and you need to WAN specify here Subnet mask 255 255 255 0 waite A SS i Subnet Mask 255 255 10 This is the router subnet mask seen by sere SL external users on Internet Your ISP will provide it to you Gateway 10 1 2 2 Your ISP will provide you the default gateway DNS Server 1 168 95 1 1 Your ISP will provide at least one DNS Domain Name System Server IP address Click DNS Server 1 fiss 95 1 1 DNS Server 2 DNS Server 3 36 G shdsl Router User Manual VER 1 0 Basic Advanced Status Admin Utility The screen will prompt the parameters that will be written in EPROM Check the BASIC REVIEW parameters before writing in EPROM REVIEW To let the configuration that you have changed take effect immediately please click Restart button to reb continue the setup procedure please click Continue button System Operation Mode System Mod Route Mode SHDSL Mode CPE Side LAN Interface 7 WAdaress 192 168 0 1 Subnet Mask 255 255 255 0 Trigger DHCP service Enable DHCP server Default gateway 192 168 0 1 255 255 255 0 _ Start IP address 192 168 02 Table of Fixed DHCP Host List Ltd il AN a WANI interface Press Restart to restart the router working with new parameters or press continue to setup another parameter
19. The router can generate SNMP traps to indicate alarm conditions and it relies ADMIN on SNMP community strings to implement SNMP security This router support e SECURITY MIB and MIB II e SNME e IME SYNC Click SNMP to configure the parameters SNMP to configure the p gt UTILITY In the table of current community pool you can Home Basic Advanced Status Admin Utility setup the access authority ADMIN SNMP In the table of current trap host pool you can Oe a S setup the trap host Table of current community pool Index Status Access Right Community Press Modify to modify the community pool 1 Disable 02 Disable 03 Disable C4 Disable C5 Disable Mody Table of current trap host pool Index Version IP Address Community e 4 Disable C2 Disable 03 Disable C4 Disable O5 Disable Modify n pr SNMP status Enable SNMP Community and Trap Parameters Table of current community pool Index Status Access Right Community 1 Disable Deny private E Disable Mm t Oo ho Disable 60 G shdsl Router User Manual Access Right Deny for deny all access Access Right Read for access read only Access Right Write for access read and write Community it serves as password for access right After configuring the community pool press OK SNMP trap is a
20. To setup the DHCP client mode follow the procedure LAN IP Type Click to setup WAN1 parameters Home Basic Advanced Status Admin Utility BASIC STEP2 LAN For NAT Usage IP Type Fixed Dynamic DHCP Cli 1st IP Address 192 1168 lo fi Ist Subnet Mask 255 1255 1255 lo Host Name SOHO Trigger DHCP Service C Disable Server Relay D z For IP Routing Usage IP Routing Usage C Enable Disable 2nd IP Address 192 1168 2nd Subnet Mask 255 31 G shdsl Router User Manual VER 1 0 7 2 3 DHCP relay If you have a DHCP server in LAN and you want to use it for DHCP services the product provides DHCP relay function to meet yours need IP Type Home Basic Advanced status Admin Utility IP Address 192 168 0 1 BASIC STEP2 Subnet Mask 255 255 255 0 LAN Host Name SOHO Some of the ISP requires the host IP Type Fixed Dynamic DHCP Client name as identification You may check Address 192 fee jp IE with ISP to see if your Internet service Subnet Mask 265 fs pss Lp has been configured with a host name Host Name SOHO In most cases this field can be RS ONE OS OR ignored Trigger DHCP Service EE MT Press to setup DHCP server parameter Enter DHCP server IP address in IP Home Basic Advanced Status Admin Utility address field BASIC STEP3 Press DHCP RELAY s Remote DHCP Server Parameter IP address 192 168 0 124 32 G shdsl R
21. and reboot the router to work with new setting The screen will prompt as follow gt gt enable Modify command privilege setup Configure system status Show running system status show View system configuration write Update flash configuration reboot Reset and boot system ping Packet internet groper command admin Setup management features utility TFTP upgrade utility exit Quit system The descriptions of the commands are enable Modify command privilege When you login via serial console or Telnet the router defaults to a program execution read only privileges to you To change the configuration and write changes to nonvolatile RAM NVRAM you must work in enable mode setup To configure the product you have to use the setup command status View the status of product show Show the system and configuration of product write Update flash configuration After you have completed all necessary setting oo make sure to write the new configuration to NVRAM by write command and reboot the system or all of your changes will not take effect reboot Reset and boot system After you have completed all necessary setting make ee a to write the new configuration to NVRAM and reboot the system by reboot command or all of your changes will not take effect ty admin Youcan setup management features in this command utili Upgrade software and backup and restore configuration are done via utility command exit Q
22. attack The attacker attempts to slow your network down by sending a packet with identical source and destination addresses originating from your network Smurf attack Where the source address of a broadcast ping is forged so that a huge number of machines respond back to victim indicated by the address overloading it Broadcast ping request from spoofed IP address Ping response Hacker s System Multiple network Subnet 12 G shdsl Router User Manual VER 1 0 Fraggle Attack A perpetrator sends a large amount of UDP echo packets at IP broadcast addresses all of it having a spoofed source address of a victim IP Spoofing IP Spoofing is a method of masking the identity of an intrusion by making it appeared that the traffic came from a different computer This is used by intruders to keep their anonymity and can be used in a Denial of Service attack 13 G shdsl Router User Manual VER 1 0 3 Yours VLAN Virtual Local Area Network Virtual LAN VLAN is defined as a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire when in fact they are located on a number of different LAN segments Because VLAN is based on logical instead of physical connections it is extremely flexible The IEEE 802 10 defines the operation of VLAN bridges that permit the definition operation and administration of VLAN topologies within a bridged LAN infrastructure VLA
23. can be worked under 2 wire mode You can setup the data rate by the multiple of 64Kbps where n is from O to 32 If you configure n is 0 the product will perform as adaptive mode There are two types of SHDSL Annex type Annex A and Annex B 91 G shdsl Router User Manual VER 1 0 Clear command can clear CRC error count Generally you cannot need to change SNR margin which range is from 0 to 10 SNR margin is an index of line connection You can see the actual SNR margin in STATUS SHDSL The larger SNR margin the better line connection If you set SNR margin in the field as 2 the SHDSL connection will drop and reconnect when the SNR margin is lower than 2 On the other hand the device will reduce the line rate and reconnect for better line connection 14 16 3 WAN The router supports 8 PVC private virtual circuit and so you can setup eight WAN WAN1 to WANS Move the cursor gt gt to wan and press enter To setup WAN1 type 1 Command setup wan lt 1 8 gt Message Please input the following information Interface number lt 1 8 gt 1 gt gt protocol Link type protocol address IP address and subnet mask vpi_vci Configure VPI VCI value encap Configure encapsulation type qos Configure VC QoS isp Configure account name password and idle time ip_type Configure IP type in PPPoA and PPPoE list WAN interface configuration There are four types of protocols IPoA EoA PPPoA and PPPoE which you can setup For d
24. configuration the parameters move the cursor gt gt to admin and press enter gt gt user Manage user profile security Setup system security snmp Configure SNMP parameter passwd Change supervisor password id Change supervisor ID sntp Configure time synchronization 14 13 1 User Profile You can use user command to clear modify and list the user profile You can setup at most five users to access the router via console port or telnet in user profile table however users who have the supervisor password can change the configuration of the router Move the cursor gt gt to user and press enter key gt gt Clear Clear user profile modify Modify the user profile list List the user profile You can delete the user by number using clear command If you do not make sure the number of user you can use list command to check it Modify command is to modify an old user information or add a new user to user profile To modify or add a new user move the cursor to modify and press enter Command admin user modify lt 1 5 gt lt more gt Message Please input the following information Legal access user profile number lt 1 5 gt 2 The screen will prompt as follow gt gt Attrib UI mode Profile User name and password There are two UI mode command and menu mode to setup the product We will not discuss command mode in this manual 86 G shdsl Router User Manual VER 1 0 14 13 2 Security Security command can be
25. configured sixteen legal IP address for telnet access and telnet port number Move the cursor gt gt to security and press enter The default legal address is 0 0 0 0 It means that there is no restriction of IP to access the router via telnet gt gt port Configure telent TCP port ip_pool Legal address IP address pool list Show security profile 14 13 3 SNMP Simple Network Management Protocol SNMP is the protocol not only governing network management but also the monitoring of network devices and their functions The router can generate SNMP traps to indicate alarm conditions and it relies on SNMP community strings to implement SNMP security This router support MIB amp Il Move the cursor gt gt to snmp and press enter gt gt community Configure community parameter trap Configure trap host parameter 5 SNMP community entry can be configured in this system Move the cursor to community and press enter Command admin snmp community lt 1 5 gt lt more gt Message Please input the following information Community entry number lt 1 5 gt 2 The screen will prompt as follow gt gt edit Edit community entry list Show community configuration 5 SNMP trap entry can be configured in this system Move the cursor to trap and press enter Command admin snmp trap lt 1 5 gt lt more gt Message Please input the following information Trap host entry number lt 1 5 gt 2 87 G shdsl Rout
26. for enabling DMZ Network Address Translation and DMZ Hosts Parameters function for the virtual IP address NAT DMZ function NAT DMZ Function Disable Enable Multi DMZ Some users who have two or more global IP addresses assigned by DMZ Host ISP can be used the multi DMZ The table ERARE Disable CEnable a i Virtual IP Address is for the mapping of global IP address ES and virtual IP address a Multi DMZ njej uj Nn 47 ID Virtual IP Address Global IP Address Interface 3 wan 7 i h want 4 want IN i want 3 G shdsl Router User Manual VER 1 0 Multi NAT Some of the virtual IP addresses eg 192 168 0 10 l l 192 168 0 50 collectively use two of the SO IT i global IP addresses eg 69 210 1 9 and WC A want 69 210 1 10 The Multi NAT table will be ne setup as i ID Virtual Start IP Address Count Global Start IP Address Count Interface A a IP Address 192 168 0 10 F 5 Gara 2 fe Ef want gy eas IP Address 69 210 1 9 Bf i r i oe Press to continue F The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Press to restart the router working with new parameters or to configure another parameter 48 G shdsl Router User Manual VER 1 0 8 7 Virtual Server For example Specific p
27. i92 he Do LBR Subnet Mask Pas 255 ps fo WAN1 Parameters Gateway fig2 fies f if Enter VPI 0 Host Name SOHO Enter VCI 32 Click VPI J0 Click Next Encap VC mux LLC The screen will prompt the new configured parameters Check the parameters and Click The router will reboot with i ame ae the new setting 71 G shdsl Router User Manual VER 1 0 13 LAN to LAN Connection with Routing Mode ARK lt 7 ie ae A ee ee ee ee ee S i STU C CO STU R CPE f Router Router aio gt IP 192 168 20 1 IPoA or EoA IP 192 168 10 1 4 gt 1 3 Netmask 255 255 255 0 VPI 0 VCI 32 Netmask 255 255 255 0 Ly a pl l Ph a IP 192 168 30 1 IP 192 168 30 2 to Netmask 255 255 255 0 he Netmask 255 255 255 0 4 m Gateway 192 168 30 2 PO Gateway 192 168 30 1 po o A i l IP 192 168 20 100 IP 192 168 10 200 Netmask 255 255 255 0 Netmask 255 255 255 0 ES Gateway 192 163 20 1 f Gateway 192 168 10 1 l 2 SS SS ee A A POO uo di a da ot al Sor liado daa a aaa rie ca beg Pe a a Click ROUTE and CO Side then press Basic Advanced Status Admin Utility Next BASIC STEP1 Operation Mode System Mode ROUTE BRIDGE SHDSL Mode CO Side CPE Side Type LAN parameters Home Basic Advanced Status Admin Utility IP Address 192 168 20 1 BASIC STEP2 Subnet Mask 255 255 25
28. in the field as 2 the SHDSL connection will drop and reconnect when the SNR margin is lower than 2 On the other hand the device will reduce the line rate and reconnect for better line connection The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Advanced Status Admin ADVANCED SHDSL Home Basic Utility SHDSL Parameters Review To let the configuration that you have changed take effect immediately please click Restart button to reb continue the setup procedure please click Continue button SHDSL Mode Press Restart to restart the router Panes type poner Link Type l4 Wire working with new parameters or press ie DERE adaptive moda continue to setup another parameter SNR margin 0 39 G shdsl Router User Manual VER 1 0 8 2 WAN The SHDSL router supports up to 8 PVCs WAN 1 was configured via BASIC BASIC except QoS If you want to setup another PVCs 2 to 7 the parameters are setup in WAN On the other hand you must apply two or Y ADVANCED more Internet Services with ISPs otherwise you do not need to setup WAN SHDSL e WAN e BRIDGE e VLAN e ROUTE e NAT DMZ e VIRTUAL SERVER e FIREWALL STATUS ADMIN UTILITY The WAN Number 1 will be the Home Basic Advanced Status Admin Utility parameters setup in Basic Setup If ADVANCED WAN you want to setup another PVC WAN Interface Parameters you can configure th
29. need to setup the terminal access program with VT100 terminal emulation 5 4 Step 4 Determine Connection Setting Users need to know the Internet Protocol supplied by your Service Provider and determine the mode of setting Protocol Selection RFC1483 Ethernet over ATM RFC1577 Classical Internet Protocol over ATM RFC2364 Point to Point Protocol over ATM RFC2516 Point to Point Protocol over Ethernet 20 G shdsl Router User Manual VER 1 0 The difference Protocol need to setup difference WAN parameters After knowing the Ptorocol provided by ISP you have to ask the necessary WAN parameters to setup it Bridge EoA Encapsulation Gateway Host Name if applicable IPoA Encapsulation IP Address Subnet Mask Gateway DNS Server Host Name if applicable PPPoE VPI VCI Encapsulation User Name Password DNS Server Host Name if applicable IP Address if applicable Route EoA Encapsulation IP Address Subnet Mask Gateway DNS Server Host Name _ if applicable PPPoA VPI VCI Encapsulation User Name Password DNS Server Host Name if applicable IP Address if applicable 5 5 Step 5 Install the SHDSL Router A avoid possible damage to this Router do not turn on the router before Hardware Y Y Installation Connect the power adapter to the port labeled DC IN on the rear panel of the product Connect the Ethernet cable Note If
30. of its communication in the Internet world DMZ demilitarized zone is a computer host or small network inserted as a neutral zone between a company private network and the outside public network It prevents outside users from getting direct access to a server that has company private data VER 1 0 BASIC T ADVANCED e WAN BRIDGE FIREWALL STATUS ADMIN UTILITY In a typical DMZ configuration for an enterprise a separate computer or host receives requests from users within the private network to access via Web sites or other companies accessible on the public network The DMZ host then initiates sessions for these requests to the public network However the DMZ host is not able to initiate a session back into the private network It can only forward packets that have already been requested Users of the public network outside the company can access only the DMZ host The DMZ may typically also have the company s Web pages so these could serve the outside world However the DMZ provides access to no other company data In the event that an outside user penetrated the DMZ host s security the Web pages might be corrupted but no other company information would be exposed Press INAT DMZ to setup the parameters If you want to enable the NAT DMZ Basic Advanced Status Admin Utility functions click Enable Enable the DMZ ADVANCED NAT DMZ host Function is used the IP address assigned to the WAN
31. place 3 Configuring field You will configure the parameters in this field lt parameters gt indicates the parameters you can choose and lt more gt indicates that there have submenu in the title 4 Operation command for help The following table shows the parameters in the brackets lt ip gt An item enclosed in brackets is required If the item is shown in lower case bold it represents an object with special format For example lt ip gt may be 192 168 0 3 lt Route Bridge gt Two or more items enclosed in brackets and separated by vertical bars means that you must choose exactly one of the items If the item is shown in lower case bold with leading capital letter it is a command parameter For example Route is a command parameter in lt Route Bridge gt 1 1999 JAn item enclosed in brackets is optional Two or more items enclosed in brackets and separated by vertical bars means that you can choose one or none of the items 11 G shdsl Router User Manual VER 1 0 145 Menu Driven Interface Commands Before changing the configuration familiarize yourself with the operations list in the following table The operation list will be shown on the window Menu Driven Interface Commands Keystroke Description UP or Move to above field in the same level menu DOWN or K Move to below field in the same level menu LEFT or J Move back to previous menu RIGHT or L Move forward to submenu ENTER Move forwa
32. press enter Command admin snip update_rate lt 10 268435455 gt Message Please input the following information Update period secs Enter for default 86400 Move the cursor to time_zone and configure where your router is placed The easiest way to know the time zone offset hour is from your PC clock Double click the clock at the right corner of monitor and check the time zone Command admin sntp time_zone lt 12 12 gt Message Please input the following information GTM time zone offset hours Enter for default 8 Move the cursor to list and review the setting 89 G shdsl Router User Manual VER 1 0 14 14 Utility There are three utility tools upgrade backup and restore embedded in the firmware You can update the new firmware via TFTP upgrade tools and backup the configuration via TFTP backup tool and restore the configuration via TFTP restore tool For upgrade TFTP server with the new firmware will be supported by supplier but for backup and restore you must have your own TFTP server to backup and restore the file Move the cursor gt gt to utility and press enter gt gt upgrade Upgrade main software backup Backup system configuration Restore Restore system configuration 14 15 Exit If you want to exit the system without saving use exit command to quit system 90 G shdsl Router User Manual VER 1 0 14 16 Setup All of the setup parameters are located in the subdirectories of setup Mo
33. shdsl Router User Manual VER 1 0 After enabling the DMZ shift the cursor to address and press enter Command setup ip share dmz address lt ip gt lt 1 10 gt Message Please input the following information Virtual IP address 192 168 0 251 Active interface number Enter for default lt 1 gt 1 14 16 13 Firewall The product supports advanced firewall To setup the advanced firewall you can use firewall to configure gt gt Level Configure firewall security level pkt_filter Configure packet filter dos protection Configure DoS protection There are three level of firewall which you can setup in this product Level one basic only enables the NAT firewall and the remote management security The NAT firewall will take effect if NAT function is enabled The remote management security is default to block any WAN side connection to the device Non empty legal IP pool in ADMIN will block all remote management connection except those IPs specified in the pool Level two automatic enables basic firewall security all DoS protection and the SPI filter function Level three advanced is an advanced level of firewall where user can determine the security level for special purpose environment and applications by configuring the DoS protection and defining an extra packet filter with higher priority than the default SPI filter Note that an improper filter policy may degrade the capability of the firewall and or even block the normal ne
34. side connection to the device Non empty legal IP poolin ADMIN will block all remote management connection except those IPs specified in the pool C Automatic Firewall Security Hint This level enables basic firewall security all DoS protection and the SPI filter function Advanced Firewall Security Hint A user can determine the security level for special purpose environment and applications by configuring the Dos protection and defining an extra packet filter with higher priority than the default SPI filter Note that an improper filter policy may degrade the capability of the firewall and or even block the normal network traffic except those IPs specified in the pool Press Finish to finish setting of firewall The screen will prompt the parameters which will be written in EPROM Check the parameters Press restart to restart the router or press continue to setup another function Advanced Status Admin Utility ADVANCED FIREWALL Home ETE Firewall Security Level Review To let the configuration that you have changed take effect immediately please click Restart button to reboot the syste1 procedure please click Continue button Firewall security level E Security Level Basic Firewall Security DoS Protection Parameters Review Detect SYN Attack Disable SYN Attack Threshold 200 packets per second o Detect ICMP Flood Disable ICMP Flood Threshold 200 packets per second
35. that of the menu driven interface The only difference is that the menu driven interface shows you all of available commands for you to select You don t need to remember the command syntax and save your time on typing the whole command line The following figure gives you an example of the menu driven interface In the menu you scroll up down by pressing key ll K select one command by key LL and go back to a higher level of menu by key yl For example to show the system information just logon to the ROUTER move down the cursor by pressing key Ki twice and select show command by key U you shall see a submenu and select system command in this submenu then the system will show you the general information COM 1 9600 HyperTerminal E loj x File Edit View Cal Transfer Help SHDSL ROUTER gt gt enable Modify command privilege status Show running system status show View system configuration ping Packet internet groper command exit Quit system Command enable lt CR gt _ Message lt I K gt Move up down lt L J gt Select Unselect lt U 0 gt Move top bottom lt Q gt Help Connected 00 02 22 WT100 e600 B N 1 SCROLL CAPS NUM Capture Print echo 76 G shdsl Router User Manual VER 1 0 144 Window structure From top to bottom the window will be divided into four parts 1 Product name 2 Menu field Menu tree is prompted on this field gt gt symbol indicates the cursor
36. the Router is 192 168 0 1 and 255 255 255 0 Because the router acts as DHCP server in your network the router will automatically assign IP address for PC or NB in the network Type User Name root and Password root and then click OK The default user name and password are both root For the system security suggest to change them after configuration Note After changing the User Name and Password strongly recommend you to save them because another time when you login the User Name and Password have to be used the new one you changed 24 File Edt View Favorites Tools Help qe Bock 3 i search Ls Favorites History Eh Address ES 192 168 0 1 Enter Network Password E xj q Please type pour user name and password Site 192 168 0 1 System Setup Realm User Name root Save this password in pour password list Cancel Password G shdsl Router User Manual 7 Basic Setup The Basic Setup contains LAN WAN Bridge and Route operation mode User can use it to completely setup the router After successfully completing it you can access Internet This is the easiest and possible way to setup the router Note The advanced functions are only for advanced users to setup advanced functions The uncorrect setting of advanced function will affect the performance or system error even disconnection Click for basic installation 25 VER 1 0 ADVANCED STATUS ADMIN UTILITY
37. the 1 port router is directly connected to PC or NB the Ethernet cable has to be used cross over one lf the 1 port router is connected to hub or switch be sure that the hub or switch supporting auto sensing If yes both cross over and none cross over Ethernet cable are suitable If not only pass through Ethernet cable could be used The 4 port router supports auto MDIX switching hub so both through and cross over Ethernet cable SSN can be used Connect the phone cable to the product and the other side of phone cable to wall jack Connect the power adapter to power source Turn on the PC or NB which is used for configuration the Router 21 G shdsl Router User Manual VER 1 0 Cross Over Ethernet Cable DB 9 Cable Power Adapter Wall Jack El Direct Connection with PC or NB for 1 port router File Server G shdsl Workstation ES PC i Mobile Device HUB Switch S Pass Power Through Wireless LAN Adpater Ethernet Cable Wall Jack u s A O cd B Bo aan E as Connection with Hub Switch for 1 port router Server Storage Server Wireless Wireless Access Point Note Book Workstation Switching z Moa Hub E rad Laser _ Pnnter p W Power Adapter Lel 4 Wall Jack Sa 4 port router with complex network topology 22 G shdsl Router User Manual 6 Configuration via Web Browser For Win85 98 and Me click the start button Select setting and co
38. 1034 1035 DHCP server client and relay RFC2131 2132 VVVVVV V G shdsl Router User Manual VER 1 0 Bridging gt IEEE 802 1D transparent learning bridge gt IEEE 802 1q VLAN gt Port based VLAN 4 port router gt Spanning tree protocol Security gt DMZ host Multi DMZ Multi NAT function gt Virtual server mapping RFC1631 gt VPN pass through for PPTP L2TP IPSec tunneling gt Natural NAT firewall gt Advanced Stateful packet inspection SPI firewall Firewall Router gt Application level gateway for URL and keyword blocking Firewall Router gt User access control deny certain PCs access to Internet service Firewall Router Management gt Easy to use web based GUI for quick setup configuration and management gt Menu driven interface Command line interface CLI for local console and Telnet access gt Password protected management and access control list for administration gt SNMP management with SNMPv1 SNMPv2 RFC1157 1901 1905 agent and MIB II RFC1213 1493 gt Software upgrade via web browser TFTP server ATM gt Upto8PVCs gt OAM F5 AIS RDI and loopback gt AALS5 ATM QoS gt UBR Unspecified bit rate gt CBR Constant bit rate gt VBR rt Variable bit rate real time gt VBR nrt Variable bit rate non real time AAL5 Encapsulation VVV WV PPP VV V VC multiplexing and SNAP LLC Ethernet over ATM RFC 2684 1483 PPP over ATM RFC 2364 Classical IP over ATM RFC 1577 PPP over
39. 5 0 niii Host Name SOHO DHCP Service For more DHOP service P Address f92 fee fo ft review DHCP Service Subnet Mask 255 ss pss Lp Host Name SOHO Trigger DHCP Service Disable Enable een Wan Parameters Home Basic Advanced Status Admin Utility VCI 32 BASIC STEP4 AAL5 Encap LLC Protocol EOA or wm p Note The Protocol used in CO and CPE AALS Encap VC mux LLC Protocol have to be the same Click to setup the IP parameters For more understanding about NAT review PPPoE NAT NAT DMZ in page 19 12 G shdsl Router User Manual IP Address 192 168 20 1 Subnet mask 255 255 255 0 Gateway 192 169 30 2 Click Home Basic Advanced WANI IP Address filo LA Subnet Mask 265 55 Gateway fio ft DNS Server 168 9511 DNS Server2 t s DNS Server3 Tq TT VER 1 0 status Admin BASIC STEP5 Utility Back Cancel Reset The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Press Restart to restart the router working with new parameters or press continue to setup another parameter 73 G shds Router User Manual 13 2 CPE side Click ROUTE and CPE Side then press Next Type LAN parameters IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Host Name SOHO DHCP Service For more DHCP service review DHCP Service Type the Wan Paramete
40. C Press to reboot the router ADVANCED STATUS ADMIN vy UTILITY e SYSTEM INFO e CONFIG TOOL e UPGRADE LOGOUT e RESTART Home Basic Advanced Status Admin Utility UTILITY RESTART This page offers you the opportunity to restart your SOHO Router When the restart button be clicked t restarting and your browser session will be disconnected This may appear as if your browser session is 1 restarts you may either press your browser s reload button or close your browser and re open it severa 68 G shdsl Router User Manual 11 Status You can monitor the SHDSL status including mode Tx power and Bitrate and Performance information including SNR margin atteunation and CRC error count LAN status will prompt the MAC address IP address Subnet mask and DHCP client table WAN status will display the WAN interface information You can view the routing table in the status of route Interface status inculdes LAN and WAN statistics information Firewall status display DoS protection status and dropped packets statistics 69 VER 1 0 BASIC r ADVANCED WAN ROUTE INTERFACE FIREWALL ADMIN UTILITY G shdsl Router User Manual VER 1 0 12 LAN to LAN connection with bridge Mode Y PP aM oO aM i aM i 4 STU C CO E IP 192 168 0 1 Netmask 255 255 255 0 QD IP 192 168 0 100 Netmask 255 255 255 0 Gateway 192 168 0 1 NoLa LL A ees se a Y 12 1 CO side Click
41. D 30 VID 20 SS ue 16 G shdsl Router User Manual VER 1 0 4 Getting to know about the router This section will introduce hardware of the router 4 1 Front Panel The front panel contains LED which show status of the router Front Panel of SHDSL 4 wire 4 port router bridge PWR LNK ACT 10M ACT 100M ACT ALM Front Panel of SHDSL 2 wire 1 port router bridge LED status of 4 wire 4 port router LEDs Active Description PWR On Power on LNK On SHDSL line connection is established WAN Blink SHDSL handshake ACT On Transmit or received data over SHDSL link On Ethernet cable is connected to LAN 1 Blink Transmit or received data over LAN 1 On Ethernet cable is connected to LAN 2 LAN e Blink Transmit or received data over LAN 2 3 On Ethernet cable is connected to LAN 3 Blink Transmit or received data over LAN 3 4 On Ethernet cable is connected to LAN 4 Blink Transmit or received data over LAN 4 ALM On SHDSL line connection is dropped Blink SHDSL self test LED status of 2 wire 1 port router LEDs Active Description PWR On Power adaptor is connected to the router LNK On SHDSL line connection is established WAN Blink SHDSL handshake ACT Blink Transmit or received data over SHDSL link OM ACT On LAN port connect with 10M NIC Blink LAN port acts in 10M On LAN port connect with 100M NIC 100M ACT Blink LAN port acts in 100M ALM On SHDSL line connection is dropped Blink SHDSL self test LAN 17
42. Detect UDP Flood Disable UDP Flood Threshold 200 packets per second Detect PING of Death Attack Disable wee Detect Land Attack Disable wee D Detect IP Spoofing Attack Disable Detect Smurf Attack Disable wee Detect Fraggle Attack Disable wee Packet Filtering Parameters Review General packet filtering parameter Trigger Packet Filtering Service Disable Access policies nr Pr sn Ain Sos its E Sta ei Pool is Empty 50 G shdsl Router User Manual This level enables basic firewall security all DoS protection and the SPI filter function Press Finsih to finish setting firewall Home VER 1 0 Advanced Status Admin ADVANCED FIREWALL Basic Utility Firewall Security Level Firewall security level security Level Basic Firewall Security Hint This level only enables the NAT firewall and the remote management security The NAT firewall will take effect if NAT function is enabled The remote management security is default to block any WAN side connection to the device Non empty legal IP poolin ADMIN will block all remote management connection except those IPs specified in the pool Automatic Firewall Security Hint This level enables basic firewall security all DoS protection and the SPI filter function C Advanced Firewall Security Hint A user can determine the security level for special purpose environment and ap
43. DetectLandAttack Enable o Detect IP Spoofing Attack Enable 0000 eee Detect Smurf Attack Enable 000 wet Detect Fraggle Attack Enable o Packet Filtering Parameters Review General packet filtering parameter Trigger Packet Filtering Service Disable Access policies Pool is Empty Advanced Status Admin Utility ADVANCED FIREWALL Firewall Security Level Firewall security level Security Level Basic Firewall Security Hint This level only enables the NAT firewall and the remote management security The NAT firewall will take effect if NAT function is enabled The remote management security is default to block any WAN side connection to the device Non empty legal IP poolin ADMIN will block all remote management connection except those IPs specified in the pool C Automatic Firewall Security Hint This level enables basic firewall security all DoS protection and the SPI filter function goosescsose Hint A user can determine the security level for special purpose environment and applications by configuring the DoS protection and defining an extra packet filter with higher priority than the default SPI filter Note that an improper filter policy may degrade the capability of the firewall and or even block the normal network traffic 51 G shdsl Router User Manual VER 1 0 Click Advanced Firewall Security and O or Admin Utility MEN PrESSIRICA FIREWALL DoS PROTECT
44. G shdsl Router User Manual G shdsl Router User Manual VER 1 0 Table of Contents E DESCRIPTIONS lt dd dass loto do 4 1 1 FEATURE a ee eo NI O II ne ere ee reer 4 1 2 SPECI CANTON coen ee to nen ee ete rk eee ee Et dae da 4 1 3 APPLICATIONS SA a das 7 Z VOCUS FIREWALL Lona adi ida 2 1 TYPES OF FHREWALL ecoin eE OET na nor na nnonanccnaniss 8 7 PAELLA PCT AA AA S 22 Cren ELO 110 a RCP Cn O 10 A i PDP ICA ON GOLCW OV ec a mavens 10 Dp DENIAL OF SERVICE ATTACK cccescecescececcscesccceccececescecscsccescesescecscssusescesescecs 11 3 YOURS VLAN VIRTUAL LOCAL AREA NETWORK cssccsseeees 14 3 1 SPECIFE ATO cesar eeepc mses tres ea seach create sree See ate leases ieee 14 3 2 FRAME SPECIFICATION cccccececcececccceccsceccscecescecccecuctscecescecescecesescecescucescececees 14 3 3 APPLICATIONS cet e created an see de arte dl at cache esis 15 4 GETTING TO KNOW ABOUT THE ROUTER 2 ceccccescecssceccecees 17 4 1 PRONG PAN Plis e ideal tes 17 4 2 REAR 6151 EF DR nata a o adi ne eer ree 18 4 3 SHDSL LINE CONNECTOR cccsceccececcsceccscecescsccescesescecescecescscsescecesceceseeceses 19 4 4 CONSOLE CABI anna a a a a 19 5 CONFIGURATION TO THE ROUTER ssccsesesecesesesesecesesecececececsecsecoeocceceseseceoe 20 dal STEP 1 CHECK THE ETHERNET ADAPTER IN PC OR NB cece ceccececeececeececees 20 52 STEP 2 CHECK THE WEB BROWSER IN PC OR NB ccc ccecec
45. N architecture benefits include Increased performance Improved manageability Network tuning and simplification of software configurations Physical topology independence Increased security options AS As DSL over ATM links are deployed more and more extensively and popularly it is rising progressively to implement VLAN VLAN to PVC over DSL links and hence it is possible to be a requirement of ISPs We discuss the implementation of VLAN to PVC only for bridge mode operation i e the VLAN spreads over both the COE and CPE sides where there is no layer 3 routing involved 3 1 Specification 1 The unit supports up to 8 active VLANs with shared VLAN learning SVL bridge out of 4096 possible VLANs specified in IEEE 802 1Q 2 Each port always belongs to a default VLAN with its port VID PVID as an untagged member Also a port can belong to multiple VLANs and be tagged members of these VLANs 3 Aport must not be a tagged member of its default VLAN 4 lf anon tagged or null VID tagged packet is received it will be assigned with the default PVID of the ingress port 5 Ifthe packet is tagged with non null VID the VID in the tag will be used 6 The look up process starts with VLAN look up to determine whether the VID is valid If the VID is not valid the packet will be dropped and its address will not be learned If the VID is valid the VID destination address and source address lookups are performed 7 The VID and des
46. P 5150 Deny E 1 1 16 3 4 6000 10 1 2 3 5150 yl A gaj gt IE E A X11 Server Firewall Attacker Update Filtering Rule index Protocol Direction ection Source Pestinaton _tSourge Port Dest Port 25 z hee Ouod Pemi mena extemal TS Filtering Result 4 TCP __ Inbound_ Permit D 192 168 3 4 Deny E 6000 6 TCP___ Outbound Deny E 6000 54 G shdsl Router User Manual VER 1 0 Rule Order The rules order affects the filtering result The filtering process will proceed from top to bottom changing the order as the different result of filtering Source Address Destination Address 10 0 0 0 172 16 6 0 B__ 101 990 172 16 0 0 Where 0 at the last eight bits indicates from 1 to 254 0 at any eight bits preceding 0 0 0 or 0 0 0 indicates from 1 to 254 On the other hand 0 and all 0 successive with 0 represents any When the rule is ordered as ABC The rule order will permit 10 1 99 1 to access 172 16 6 1 When the rule is ordered as BAC Source Address Destination Address 1 110 1 99 1 172 16 1 1 Deny B 2 110 1 99 1 172 16 6 1 Deny B 3 110 1 1 1 172 16 6 1 Permit A 4 110 1 1 1 172 16 1 1 Deny C 5 192 168 3 4 172 16 6 1 Deny C The rule order will deny 10 1 99 1 to access 172 6 6 1 55 G shdsl Router User Manual VER 1 0 8 9 IP QoS IP QoS is a good function to decide which PCs can get the priorities to un
47. able None WANS Disable Disable None WANG Disable Disable None WAN Disable Disable None WANA Disable sm Disable None E MC ce m Table of Current Interface RIP Parameter tc a e cece domme Ea LAN Disable y 2 None WANI Disable 2 None None WAN2 Disable None e None WANS Disable None Disable None WANS Disable None Disable None WANS Disable None Disable None WANG Disable None Disable None WAN Disable None Disable None WANS Disable None Disable None E I oe The screen will prompt the modified parameter Check the parameters and perss to restart the router or press to setup another parameters 46 G shdsl Router User Manual 8 6 NAT DMZ NAT Network Address Translation is the translation of an Internet Protocol address IP address used within one network to a different IP address known within another network One network is designated the inside network and the other is the outside Typically a company maps its local inside network addresses to one or more global outside IP addresses and reverse the global IP addresses of incoming packets back into local IP addresses This ensure security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request NAT also conserves on the number of global IP addresses that a company needs and lets the company to use a single IP address
48. anced Status Admin Utility Finish ADVANCED VIRTUAL SERVER Virtual Server Mapping Parameters Press to restart the router or press 7 Virtual Server 1 continue to setup another function Protocol ies Interface WANT Service Name SY Private IP Private Port o Public Port o Schedule Always C From Day Sunday Y to Saturday Time 0 o gt to 23 y 59 49 G shdsl Router User Manual 8 8 Firewall A firewall is a set of related programs that protects the resources of a VER 1 0 BASIC private network from other networks It is helpful to users that allow preventing hackers to access its own private data resource accidentally This level only enables the ADVANCED e SHDSL e WAR e BRIDGE e VLAN e NAT DMZ e VIRTUAL SERVER gt STATUS ADMIN UTILITY NAT firewall end the remote ANE CI EC A management security The ADVANCED FIREWALL NAT firewall will take effect Firewall Security Level if NAT function is enabled The remote management security is default to block any WAN side connection to the device Non empty legal IP pool in ADMIN will block all remote management connection Firewall security level Security Level Basic Firewall Security Hint This level only enables the NAT firewall and the remote management security The NAT firewall will take effect if NAT function is enabled The remote management security is default to block any WAN
49. and CO Side to setup Bridging mode of the Router and then click Next LAN Parameters Enter IP 192 168 0 1 Enter Subnet Mask 255 255 255 0 Enter Gateway 192 168 0 1 Enter Host Name SOHO WAN1 Parameters Enter VPI 0 Enter VCI 32 Click Click The screen will prompt the new configured parameters Check the parameters and Click The router will reboot with the new setting VPI 0 VCI Encapsulation LLC Home 32 Netmask 255 255 255 0 mes IP 192 168 0 2 Netmask 255 255 255 0 a IP 192 168 0 200 Gateway 192 168 0 2 ie le Basic Atvanced Status Admin Utility Operation Mode system Mode SHDSL Mode CO Side poceccsesse Soncsosseed BASIC STEP1 CPE Side Home LAN IP Address 192 Subne Basic Advanced Status Admin Utility qa 3 1T 5 68 nm et Mask 1255 g No ho h Gateway BASIC STEP2 ho il 55 Host Name SOHO WANI VPI lo VCI 32 Encap V C mux LLC 70 G shdsl Router User Manual VER 1 0 12 2 CPE Side Click and Side to setup Home Basic Advanced Status Admin Utility Bridging mode of the Router and then click BASIC STEP1 Next Operation Mode poarcoecess AS SHDSL Mode CO Side 6 CPE Side LAN Parameters Home Basic Advanced Status Admin Utility Enter Subnet Mask 255 255 255 0 Enter Gateway 192 168 0 2 ai Enter Host Name SOHO IPAddress
50. anual VER 1 0 10 Utility This section will describe the utility of the product including system information load the factory default configuration upgrade the firmware BASIC logout and restart the gateway ADVANCED STATUS gt ADMIN e SYSTEM INFO e CONFIG TOOL e UPGRADE e LOGOUT e RESTART 63 G shdsl Router User Manual 10 1 System Info Click for review the information The browser will prompt the system information 64 VER 1 0 BASIC ADVANCED STATUS ADMIN Y UTILITY e CONFIG TOOL e UPGRADE e LOGOUT e RESTART G shdsl Router User Manual VER 1 0 10 2 Contig Tool This configuration tool has three functions load Factory Default Restore Configuration and Backup Configuration Press Config Tool ADVANCED Choose the function and then press finish gt Load Factory Default function it will load the factory default STATUS parameters to the gateway BASIC ADMIN Note All of the settings will be changed to factory default On the other hand you will lose all the configured parameters Y UTILITY e SYSTEM INFO gt Restore Configuration Sometime the configuration will be crushed oe he ne l i e UPGRADE unintentionally Restore configuration will help you to recover the LOGOUT backup configuration easily RESTART Click Finish after selecting Restore Configuration Browse the route of backup file then press finish The router will automatically restor
51. cececcececescecescecees 20 5 3 STEP 3 CHECK THE TERMINAL ACCESS PROGRAM cccecescececcececcececescecescececes 20 5 4 STEP 4 DETERMINE CONNECTION SETTING ccccccsceccsceccscecscscescececescecscececes 20 5 5 STEP 5 INSTALL THE SHDSL ROUTER c ccceccsceccscecescecescscesescecescecesceceses 21 6 CONFIGURATION VIA WEB BROWSER ccccccccccccccccccccccccccccccccccces 23 DT BASICO SE UP o Sd 25 7 1 BRIDGE MODE dirias 26 Ta ROUTING MODE cata ee ar ale depto lb T N 28 Tae PEG PN eee ED 29 LD DIC RC TM a a e tl o 3 es DECRETA an 32 G shdsl Router User Manual VER 1 0 ME PPPOP OF PERE OD inners cae e e 33 Vans TROASO Dd o wear els 36 o ADVANCED SETUP ui aa 38 8 1 SS A ETAT 39 8 2 A A A A AO IN NI RAN E A IRA 40 8 3 A TA one RA RE nny oa ie TE eo eR eee a 42 8 4 A a a O a O tac 43 8 5 A O ccs nc es ae se aces arene pade eee aes 45 8 6 NAAA OE Re A O A 47 8 7 VIRTUAL SERVER 7 NN nt em Pee re O 49 8 8 AS A E E 50 8 9 POO caia 56 9 ADMINISTRATION ani 58 9 1 AA AA A 59 9 2 AAA A II A A A 60 9 3 OEE A O A A A RS EA E hee 62 10 A A A A PEAN ATES 63 POEM SS YSTEMIINCO a o a o hie eee is e Ls 64 PO CONIO TOO ect nc ane eee Peete dere eat 65 MOSS A cee cased ate tae earner eda ae a e a 66 WA TEOG OWT A a oe ee ec es 67 EL SD esas eiatataee 68 Mt Rd G s Oh eee ee ee e O e nee ee Se Ree fe eee 69 12 LAN TO LAN CONNECTION WITH BRIDGE MODE 000 70 a COS 9 ieee eee S
52. connectivity of the RS 232 cable from your computer to the serial port of ROUTER Start your terminal access program with VT100 terminal emulation Configure the serial link with the following value Parameter Value Baudrate 9600 Data Bits 8 Parity Check No Stop Bits 1 Flow control No Press the SPACE key until the login screen appears When you see the login screen you can logon to Router Note You have to use SPACE key Pressing other keys does not work User admin Password Note The factory default user and passwords are both admin 14 2 Telnet Make sure the correct Ethernet cable is used for connecting the LAN port of your computer to ROUTER The LAN LNK indicator on the front panel shall light if a correct cable is used Starting your Telnet client with VT100 terminal emulation and connecting to the management IP of Router wait for the login screen appears When you see the login screen you can logon to Router User admin Password Note The default IP address is 192 168 0 1 75 G shdsl Router User Manual VER 1 0 14 3 Operation Interface For serial console and Telnet management the ROUTER implements two operational interfaces command line interface CLI and menu driven interface The CLI mode provides users a simple interface which is better for working with script file The menu driven interface is a user friendly interface to general operations The command syntax for CLI is the same as
53. d_attack Enable protection land attack ip_spoff Enable protection IP spoofing attack smurf_attack Enable protection smurf attack fraggle_ attack Enable protection fraggle attack A SYN flood attack attempts to slow your network by requesting new connections but not completing the process to open the connection Once the buffer for these pending connections is full a server will not accept any more connections and will be unresponsive ICMP Flood A sender transmits a volume of ICMP request packets to cause all CPU resources to be consumed serving the phony requests UDP Flood A sender transmits a volume of requests for UDP diagnostic services which cause all CPU resources to be consumed serving the phony requests A ping of death attack attempts to crash your system by sending a fragmented packet when reconstructed is larger than the maximum allowable size Other known variants of the ping of death include teardrop bonk and nestea A land attack is an attempt to slow your network down by sending a packet with identical source and destination addresses originating from your network IP Spoofing is a method of masking the identity of an intrusion by making it appeared that the traffic came from a different computer This is used by intruders to keep their anonymity and can be used in a Denial of Service attack 102 G shdsl Router User Manual VER 1 0 A smurf attack involves two systems The attacker sends a packet containing a ICMP echo r
54. dergo the over full bandwidth situation ADVANCED SHDSL WAN BRIDGE WLAN ROUTE NAT DMZ VIRTUAL SERVER FIREWALL IP Gos This is enable option to choose if you want to enable it Home Basic Advanced Status Admin Utility ADVANCED IP QoS IP QoS Parameters u General IP QoS Parameters Trigger IP Qo8 Service Disable Enable u IP QoS Policies Index Enable Protocol Local Remote Precedence Description Pool is Empty Set the policy to action 56 G shdsl Router User Manual VER 1 0 Home Basic Advanced Status Admin Utility IP QoS POLICY 1 IP QoS Policy Parameters u Policy Rule Description A Lol O eg An0 0 0 0 Single 10 0 0 Remote IP fo range 192 168 0 1 192 168 0 76 Local Port sd e g Any 0 65535 Single 80 Remote Port po range 1024 5050 Protocol ANY Precedence lo E This is an example for your reference Home Basic Advanced Status Admin Utility ADVANCED IP QoS IP Qos Parameters a Genewal IP Qu Parameters TriggesPQo8Serdte Disable Enable a IF QoS Pubeies Index Enable Protocol L aal Remate Preced eae Description 61 org a a OT piye Boo a ea fon aw 2 onno 0 0 0 0 vy ciao a pa Oc Foe A E e 192 168 1 60 Is the highest priority to undergo the over full bandwidth situation 192 168 1 50 is the second high priority 192 168 1 40 is the third high priority and so on 57 G shdsl Router User Manual VER
55. dsl Router User Manual VER 1 0 7 2 1 DHCP Server Dynamic Host Configuration Protocol DHCP is a communication protocol that lets network administrators to manage centrally and automate the assignment of Internet Protocol IP addresses in an organization s network Using the Internet Protocol each machine that can connect to the Internet needs a unique IP address When an organization sets up its computer users with a connection to the Internet an IP address must be assigned to each machine Without DHCP the IP address must be entered manually at each computer If computers move to another location in another part of the network a new IP address must be entered DHCP lets a network administrator to supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network If the DHCP server is Enable you have to setup the following parameters for processing itas DHCP server The embedded DHCP server assigns network configuration information at most 253 users accessing the Internet in the same time IP type IP Address 192 168 0 1 Subnet Mask 255 255 255 0 Host Name SOHO Some of the ISP requires the host name as identification You may check with ISP to see if your Internet service has been configured with a host name In most cases this field can be ignored Trigger DHCP Service The default setup is Enable DHCP server If you want to tur
56. e the saved configuration Basic Advanced Status Admin Utility gt Backup Configuration After configuration suggest using the UTILITY CONFIGURATION TOOL function to backup your router Klock Taiana Todt parameters in the PC Select the Backup Configuration and Configuration Tool Load Factory Default y T Load Factory Default then press Finish Restore Configuration Browse the place of backup file Backup Configuration MEE named backup Press Finish The router will automatically backup the configuration 65 G shdsl Router User Manual VER 1 0 10 3 Upgrade You can upgrade the gateway using the upgrade function BASIC Press Upgrade ADVANCED STATUS ADMIN Y UTILITY SYSTEM INFO CONFIG TOOL mm e UPGRADE RES TART Browse the file and press OK button to Home Basic Advanced Status Admin Utility upgrade The system will reboot UTILITY FIRMWARE UPGRADE automatically after finishing Firmware Upgrade Please select the firmware file that you want and press Ok button to upgrade the system then the system will restart a Browse 66 G shdsl Router User Manual 10 4 Logout To logout the router press logout 67 VER 1 0 BASIC ADVANCED STATUS ADMIN 7 UTILITY e SYSTEM INFO e CONFIG TOOL e UPGRADE e LOGOUT e RESTART G shdsl Router User Manual 10 5 Restart VER 1 0 For restarting the router click the in UTILITY BASI
57. ed in IEEE 802 1Q Move the cursor gt gt to vlan and press enter gt gt mode Trigger virtual LAN function modify Modify virtual LAN rule pvid Modify port default ID link_mode Modify port link type list Show VLAN configuration To active the VLAN function move the cursor gt gt to mode and press enter The products support two types of VLAN 802 11q and Port Based The IEEE 802 1Q defines the operation of VLAN bridges that permit the definition operation and administration of VLAN topologies within a bridged LAN infrastructure Port Based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port 14 16 6 802 11Q VLAN Follow the following steps to configure 802 11q VLAN Command setup vlan active lt Disable 8021Q Port gt Message Please input the following information Tigger VLAN function Tab select lt Disable gt 8021Q Command setup vlan modify lt 1 8 gt lt 1 4094 gt lt string gt Message Please input the following information Rule entry index lt 1 8 gt 1 VLAN ID Enter for default lt 1 gt 10 VLAN port status Enter for default 11001 For each VLAN VLAN ID is a unique number among 1 4095 94 G shdsl Router User Manual VER 1 0 VLAN port status is a 12 digit binary number whose bit 1 location indicates the VLAN port membership in which 4MSBs and 8MSB represents LAN ports and WAN port respectively For example the abo
58. een O ae 70 A A 71 13 LAN TO LAN CONNECTION WITH ROUTING MODE 0esee0 72 EAN T2 52 C PESIDE str A a a A teen 74 14 CONFIGURATION VIA SERIAL CONSOLE OR TELNET WITH MANU PRIVEN INTERFACE uan a 75 IAT SERIADO ON SOLE ea do tats 75 WA A OS PONE 75 143 OPERATION INTERFACE und sind 76 G shdsl Router User Manual VER 1 0 HA IWNINDOW STRUCTURE said T1 14 5 MENU DRIVEN INTERFACE COMMANDS ssssccccccsssecceeeeeseeeeeeaaeeeeseeeseaeneeeees 78 AO VEERING REE nro 78 AT CONCURA NON inr e a 80 S STATUS enaA TOEN ETOT 81 149 SO Wena ts 82 14 10 NR tada 83 14 11 REBOOT aio 84 14 12 PP O o susdaaawinn tanto oiaanenaas 85 14 13 ADMINISTRATION aayega E Mate aktad EN 86 14 13 1 WSOP PIOI oa a E ene A SO 14 13 2 A O ase a ese 87 14 13 3 OND E T E E N E 87 14 13 4 Supervisor Password and AD wisccsetsci sesame carhsnistessdenceseaintecd E e 88 14 13 5 E A O eereti Aveda 88 14 14 A pice sehr E E E E O select st T ES E 90 14 15 PAM een arene reer ene nee en erener a reer enter art 90 14 16 A nee ese E et a On Pe ee TE 91 14 16 1 MOT caida 9 14 16 2 SA mans cicmcacaamecedaaastncateneecan 9 14 16 3 WAN rro 92 14 16 4 BD E A E ANA 93 14 16 5 VEAN A nee oni ote E 94 14 16 6 SOUZALO VEAN A ad 94 14 16 7 ROW rica 95 14 16 8 O O nated eat anata eget aed ea 97 14 16 9 TT ITC Gia ctericts cee hee tase II ele eee 97 PTO TO A Leaian ace cauuadeeie sea ase 97 AAA tica 99 e O A A O II ORE R RST Serre av TES 100 E o A A
59. em in WAN 2 to WAN 8 a Table of Current WAN Interface Parameter Enter the parameters No WAN T YC ISP 1 Protocol IP overATM y VPI B f Username test ts If WAN protocol is PPPoA or eae fisted repr PPPoE with dynamic IP leave the pee bit um nr pa default WAN IP address and i a e aon a Subnet Mask as default setting aos scr Dao The system will ingore the IP aos mes p address and Subnet mask Protocol Disable CO vei Usemame egy information but deleating or leaving IP Address 155 168 21 ve Bg Password Free blank the items will cause system Subnet Mask 255 255 255 0 AALS Encap LLC x Password Confirm p error 2 QoS Class BR Idle Time lio i QoS PCR Pao o IP Type Dynamic If the WAN protocol is IPoA or EoA leave the ISP parameters as default setting The system will ingore the information but deleating or leaving blank the items will cause system error QoS Quality of Service The Traffic Management Specification V4 0 defines ATM service cataloges that describe both the traffic transmitted by users onto a network as well as the Quailty of Service that the network need to provide for that traffic UBR Unspecified Bit Rate is the simplest service provided by ATM networks There is no guarantee of anything It is a primary service used for transferring Internet traffic over the ATM network CBR Constant Bit Rate is used by connections that requires a static amount of bandwidth that is av
60. equest ping to the network address of one system This system is known as the amplifier The return address of the ping has been faked spoofed to appear to come from a machine on another network the victim The victim is then flooded with responses to the ping As many responses are generated for only one attack the attacker is able use many amplifiers on the same victim 14 16 16 IPQoS IP QoS is a function to decide the priorities of setting IPs to transfer packets under the situation of overloading bandwidth To configure IP QoS function move the cursor to IPQoS and press enter gt gt Active Trigger IP QoS function Add Add IP QoS policy Delete Delete IP QoS policy Modify Modify IP QoS policy list Show IP QoS policy table You can enable the IPQoS function via active command The add parameters of IPQoS can be configured via add command gt gt Protocol Configure protocol local_ip Configure local IP parameter remote_ip Configure remote IP parameter Port Configure port parameter description Policy description Enable Enable the policy Precedence Configure precedence parameter The port type is configured by protocol command The local ip range is configured by local_ip command The remote ip range is configured by remote_ip command The port range is configured by port command To define the description of policy is configured by description command To enable the policy is configured by enable command To defi
61. er User Manual VER 1 0 The screen will prompt as follow gt gt edit Edit trap host parameter list Show trap configuration 14 13 4 Supervisor Password and ID The supervisor password and ID are the last door for security but the most important Users who access the router via web browser have to use the ID and password to configure the router and users who access the router via telnet or console mode have to use the password to configure the router Suggest to change the ID and password after the first time of configuration and save it At next time when you access to the router you have to use the new password Command admin passwd lt pass_conf gt Message Please input the following information Input old Supervisor password Input new Supervisor password Re type Supervisor password Command admin id lt pass_conf gt Message Please input the following information Legal user name Enter for default lt root gt test 14 13 5 SNTP Time synchronization is an essential element for any business that relies on an IT system The reason for this is that these systems all have clocks that are the source of time for files or operations they handle Without time synchronization time on these systems varies with each other or with the correct time and this can cause virtual server schedule processes to fail and system log exposures with wrong data There are two methods to synchronize time synchronize w
62. erver works in STATUS wrong schedule lick TIME SYNC T ADMIN ome SECURITY UTILITY There are two synchronization modes Sample Network Time Protocol SNTP and synchronization with PC For synchronization with PC select Sync Time Synchronization Home Basic Advanced Status Admin Utility ADMIN TIME SYNC with PC The gateway will synchronize id the time with the connecting PC Syne with PC E NTP v4 0 a PARA Fearon with client System Time 0000 00 00 00 00 00 SNTP is the acronym for Simple Basic Advanced Status Admin Utility Network Time Protocol which is an ADMIN TIME SYNC adaptation of the Network Time Protocol NTP used to synchronize Time Synchronization computer clocks in the Internet SNTP SYNC method can be used when the ultimate SNP w 0 y performance of the full NTP a Simple m trark tine preek implementation Service Disable Enable Time Server 1 ntp 2 t edu Time Server 2 nt drydog com For SNTP select SNTP v4 0 4 Y XA SNTP service Enable Time Zone GMT 08 00 PACIFIC TIME US amp CANADA TIJUANA Me Time Server All of the time server Update Period secs 60S around the world can be used but suggest to use the timeserver nearby Time Zone you have to choose the TZ ZA right time zone Press Finish to finish the setup The browser will prompt the configured parameters and check it before writing into EPROM 62 G shdsl Router User M
63. ext lto setup User name and ARRE SIA password For more understanding about NAT PPPoA NAT review NAT DMZ PPPoE NAT 33 G shdsl Router User Manual VER 1 0 Home Basic Advanced Status Admin Utility BASIC STEP5 ISP1 Username lest Password a Password Confirm Idle Time MO minutes IP Type Unnumbered IP Address Type the ISP1 parameters Username test Password test Password Confirm test Your ISP will provide the user name and password Idle Time 10 You want your Internet connection to remain on at all time enter 0 in the Idle Time field There are three IP types Dynamic Static and IP Unnumbered which you can setup The default IP type is Dynamic It means that ISP PPP server will provide IP information including dynamic IP address when SHDSL connection is established On the other hand you do not need to type the IP address of WAN1 Some of the ISP will provide fixed IP address over PPP For fixed IP address IP Type IP Address 192 168 1 1 Click Next IP Type IP Unnumbered IP Address 192 168 168 1 Click Next Don t forget to enable LAN For IP Routing Usage and type IP address on STEP 2 Home Basic Advanced Status Admin Utility BASIC STEP2 LAN For NAT Usage IP Type Fixed Dynamic DHCP Client Ist IP Address 192 168 o a Ist Subnet Mask 255 205 259 Lo Host Name SOHO Trigger DHCP Service C Disable Server Relay For IP Ro
64. ifier TPID is of 0x8100 and it identifies the frame as a tagged frame The Tag Control Information TCI consists of the following elements 1 User priority allows the tagged frame to carry user priority information across bridged LANs in which individual LAN segments may be unable to signal priority information e g 802 3 Ethernet segments 2 The Canonical Format Indicator CFI is used to signal the presence or absence of a Routing Information Field RIF field and in combination with the Non canonical Format Indicator NCFI carried in the RIF to signal the bit order of address information carried in the encapsulated frame 3 The VID uniquely identifies the VLAN to which the frame belongs 3 3 Applications Port based VLAN Lah LAN LANs LAM 4 WAM Group 1 Group 2 Group 3 802 1q VLAN LAN1 DE i i S J SHDSL connection with 2PVC 15 G shdsl Router User Manual VER 1 0 SHDSL Router oS e eo N J a LAN 1 A LAN 2 LAN 3 LAN 4 i AA gt I 1 I LE I fF Ly ay e Ve t a 7 J VI
65. ilable during the connection life time This bandwidth is characterized by Peak Cell Rate Based on the PCR of the CBR traffic specific cell slots are assigned for the VC in the schedule table The ATM always sends a signle cell duting the CBR connection s assigned cell slot VBR rt Varible Bit Rate real time is intended for real time applications such as compressed voice over IP and video comferencing that require tightly constrained delays and delay variation VBR rt is characterized by a peak cell rate PCR substained cell rate SCR and maximun burst rate MBR VBR nrt Varible Bit Rate non real time PCR Peak Cell Rate in kbps The maximum rate at which you expect to transmit data voice and video Consider PCR and MBS as a menas of reducing lantency not increasing bandwidth The 40 G shdsl Router User Manual VER 1 0 range of PCR is 64kbps to 2400kbps SCR Substained Cell Rate The sustained rate at which you expect to transmit data voice and video Consider SCR to be the true bandwidth of a VC and not the lone term average traffic rate The range of SCR is 64kbps to 2400kbps MBS Maximum Burst Size The amount of time or the duration at which the router sends at PCR The range of MBS is 1 cell to 255 cells Press to finish setting The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Press Restart to restart the router working with new parameters o
66. is part of the session it is accepted Stateful firewalls enable a more intelligent flexible and robust approach to network security while defeating most intrusion methods that exploit state less IP filtering firewalls 52 G shdsl Router User Manual If you want to configure the Packet Filtering Parameters choose Enable and press Add Select the protocol and configure the parameter If you want to ban all of the protocol from the IP e g 200 1 1 1 to access the all PCs e g 192 168 0 2 192 168 0 50 in the LAN key in the parameter as Protocol ANY Direction INBOUND INBOUND is from WAN to LAN and OUTBOUND is LAN to WAN Description Hacker Src IP Address 200 1 1 1 Dest IP Address 192 168 0 2 192 168 0 50 Press OK to finish The screen will prompt the configured parameters Check the parameters Click Restart to restart the gateway or Continue to configure another parameters Home Basic VER 1 0 Advanced Status Admin Utility FIREWALL PKT FILTER Packet Filtering Parameters General packet filtering parameter pecsecesese Access policies TCP ICMP Index Enable Protocol Direction Action Source Destination Fl Schedule Description ag Type Pool is Empty Home Basic Advanced Status Admin Utility PKT FILTER RULE 1 Packet Filter Rule Parameters Filter rule Protocol ANY Direction INBOUND OUTBOUND Action
67. ith PC or SNTPv4 If you choose synchronize with PC the router will synchronize with PC If you choose SNTPv4 the router will use the protocol to synchronize with the time server Synchronization with time server SNTP v4 needs to configure service time_server and time_zone Synchronization with PC does not need to configure the above parameters Move the cursor gt gt to sntp and press enter gt gt method Select time synchronization method service Tigger SNTP v4 0 service time_server1 Configure time server 1 time_server2 Configure time server 2 time_server3 Configure time server 3 updaterate Configure update period time_zone Configure GMT time zone offset list Show SNTP configuration 88 G shdsl Router User Manual VER 1 0 To configure SNTP v4 time synchronization follow the below procedures move the cursor to method and press enter Command admin sntp method lt SNTPv4 SyncWithPC gt Message Please input the following information SYNC method Enter for default lt SyncWithPC gt SNTPv4 Command admin snip service lt Disable Enable gt Message Please input the following information Active SNTP v4 0 service Tab Select lt Enable gt Enable Command admin sntp time_server1 lt string gt Message Please input the following information Time server address Enter for default lt ntp 2 vt edu gt ntp 2 vt edu You can configure three time server in this system Move the cursor to update_rate and
68. k Subnet mask for DHCP client ip_range Dynamic assigned IP address range lease time Configure max lease time name server Domain name server name server2 Domain name server2 name_server3 Domain name server3 Active the DHCP function with active command Set the default gateway vie gateway command The subnet mask for DHCP client is configured by netmask command Ip range command is to configure dynamic assigned IP address range 104 G shdsl Router User Manual VER 1 0 The dynamic IP maximum lease time is configured by lease_time command You can setup 3 domain name servers via name_server commands Fixed Host IP Address list are setup via fixed command gt gt add Add a fixed host entry delete Delete a fixed host entry You can view the DHCP configuration via list command 14 16 18 DNS proxy You can setup three DNS servers in the product The number 2 and 3 DNS servers are option Move cursor gt gt to dns_ proxy and press enter Command setup dns_ proxy lt IP gt IP IP Message Please input the following information DNS server 1 ENTER for default lt 168 95 1 1 gt 10 0 10 1 DNS server 2 10 10 10 1 DNS server 3 14 16 19 Host name Enter local host name via hostname command Move cursor gt gt to hostname and press enter Command setup hostname lt name gt Message Please input the following information Local hostname ENTER for default lt SOHO gt test 14 16 20 Default
69. lso called a Circuit Level Gateway this is a firewall approach that validates connections before allowing data to be exchanged What this means is that the firewall doesn t simply allow or disallow packets but also determines whether the connection between both ends is valid according to configurable rules then opens a session and permits traffic only from the allowed source and possibly only for a limited period of time Level 5 Application D destination IP address and or port 14 ICP source IP address and or port time of day protocol Level 3 IP user password Level 2 Data Link Level 1 Physical NA 2 1 3 Application Gateway The Application Level Gateway acts as a proxy for applications performing all data exchanges with the remote system in their behalf This can render a computer behind the firewall all but invisible to the remote system It can allow or disallow traffic according to very specific rules for instance permitting some commands to a server but not others limiting file access to certain types varying rules according to authenticated users and so forth This type of firewall may also perform very detailed logging of traffic and monitoring of events on the host system and can often be instructed to sound alarms or notify an operator under defined conditions Application level gateways are generally regarded as the most secure type of firewall They certainly have the most sophisticated capabilities 10 G
70. mmand script 82 G shdsl Router User Manual VER 1 0 14 10 Write For any changes of configuration you must write the new configuration to EPROM using write command and reboot the router to take affect Move cursor to gt gt to write and press enter Command write lt CR gt Message Please input the following information Are you sure y n y 83 G shdsl Router User Manual VER 1 0 14 11 Reboot To reboot the router use reboot command Move cursor to gt gt to write and press enter Command reboot lt CR gt Message Please input the following information Do you want to reboot y n y 84 G shdsl Router User Manual VER 1 0 14 12 Ping Ping command will be used to test the connection of router Move cursor gt gt to ping and press enter Command ping lt ip gt 1 65534 t 1 1999 Message Please input the following information IP address lt IP gt 10 0 0 1 Number of ping request packets to send TAB select t Data size 1 1999 32 There are 3 types of number of ping request packet to send default 1 65534 and t Default will send 4 packet and continuous packet until you key in Ctrl c to stop 85 G shdsl Router User Manual VER 1 0 14 13 Administration You can modify the user profile telnet access SNMP Sample Network Management Protocol supervisor information and SNTP Simple Network Time Protocol in admin The route is enable gt admin For
71. n informational message sent from an SNMP agent to a manager Click Modify to modify the trap host pool Version select version for trap host SNMP v1 or SNMP v2 IP type the trap host IP Community type the community password The community is setup in community pool Press OK to finish the setup VER 1 0 SNMP Community and Trap Parameters Table of current community pool Index Status Access Right Community 1 Disable private 2 Disable a Disable 4 Disable 5 Disable Table of current trap host pool Index Version IP Address Community 4 Disable 192 168 0 254 private 2 gt pe 3 i 4 Disable 5 Disable The browser will prompt the configured parameters and check it before writing into EPROM Press Restart to restart the gateway working with the new parameters and press to setup other parameters 61 G shdsl Router User Manual VER 1 0 9 3 Time Sync Time synchronization is an essential element for any business that relies ao BASIC on an IT system The reason for this is that these systems all have clocks that are the source of time for files or operations they handle Without time synchronization time on these systems varies with each other or withthe ADVANCED correct time and this can cause firewall packet filtering schedule processes to fail security to be compromised virtual s
72. n off the DHCP service choose Disable 29 G shdsl Router User Manual VER 1 0 For example If the LAN IP address is 192 168 0 1 the IP range of LAN is 192 168 0 2 to 192 168 0 51 The DHCP server assigns the IP form Start IP Address to End IP Address The legal IP address range is form 0 to 255 but O and 255 are reserved for broadcast so the legal IP address range is from 1 to 254 On the other hand you cannot assign an IP greater than 254 or less then 1 Lease time 72 hours indicates that the DHCP server will reassign IP information in every 72 hours DNS Server Your ISP will provide at least one Domain Name Service Server IP You can type the router IP in this field The router will act as DNS server relay function You may assign fixed IP addresses to some devices while using DHCP provided that the fixed IP address are not within the range used by the DHCP server Press to setup WAN1 parameters Home Basic Advanced Status Admin Utility BASIC STEP3 DHCP SERVER General DHCP Parameter Start IP Address 192 168 0 2 End IP Address 492 168 0 51 DNS Server1 192 168 01 DNS Server2 is DNS Server3 Lease Time P2 hours Table of Fixed DHCP Host Entries Index MAC Address IP Address al 30 G shdsl Router User Manual VER 1 0 7 2 2 DHCP Client Some of the ISP provides DHCP server service by which the PC in LAN can access IP information automatically
73. ne the priority of the policy is configured by precedence command To delete the policy is configured by delete command 103 G shdsl Router User Manual VER 1 0 To modify the policy is configured by modify command You can view the IPQoS configuration via list command 14 16 17 DHCP Dynamic Host Configuration Protocol DHCP is a communication protocol that lets network administrators to manage centrally and automate the assignment of Internet Protocol IP addresses in an organization s network Using the Internet Protocol each machine that can connect to the Internet needs a unique IP address When an organization sets up its computer users with a connection to the Internet an IP address must be assigned to each machine Without DHCP the IP address must be entered manually at each computer If computers move to another location in another part of the network a new IP address must be entered DHCP lets a network administrator to supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network To configure DHCP server move the cursor to dhcp and press enter gt gt generic Configure generic DHCP parameters fixed Configure fixed host IP address list list Show DHCP configuration The generic DHCP parameters can be configured via generic command gt gt active Tigger DHCP function gateway Default gateway for DHCP client netmas
74. nfigured as a bridge you do not want to setup the route parameters Move the cursor gt gt to route and press enter gt gt static Configure static routing table rip Configure RIP tool If the Router is connected to more than one network it may be necessary to set up a static route between them A static route is a pre determined pathway that network information must travel to reach a specific host or network With Dynamic Routing you can enable the Router to automatically adjust to physical changes in the network s layout The Cable DSL Firewall Router using the RIP protocol determines the network packets route based on the fewest number of hops between the source and the destination The RIP protocol regularly broadcasts routing information to other routers on the 95 G shdsl Router User Manual VER 1 0 network You can setup 20 sets of static route in static command After entering static menu the screen will show as follow gt gt add Add static route entry delete Delete static route entry list Show static routing table You can add 20 sets of static route entry by using add command Type the IP information of the static route including IP address subnet mask and gateway You can delete the static route information via delete command You can review the static route entry by using list command To configure Routing Information Protocol RIP you can use rip command to setup the parameters Move the cur
75. nformation NAT global ddress range entry number lt 1 5 gt 1 Active interface number lt 1 8 gt 1 98 G shdsl Router User Manual VER 1 0 You can delete global IP address range from 1 to 5 by using delete command You can view the global IP address range via list command To modify fixed IP address mapping move the cursor gt gt to fixed command and press enter gt gt modify Modify fixed NAT mapping interface Bind address pair to specific interface delete Delete fixed NAT mapping list Show fixed IP address mapping You can create up to 10 fixed NAT mapping entry via range command Command setup ip_share nat fixed modify lt 1 10 gt lt ip gt lt ip gt Message Please input the following information Fixed NAT mapping entry number lt 1 10 gt 1 Local address 192 168 0 250 Global address 122 22 22 2 After configuration fixed IP address entry you can bind the entry to specific interface via interface command Command setup ip_ share nat fixed interface lt 1 5 gt lt 1 8 gt Message Please input the following information Fixed NAT mapping entry number lt 1 5 gt 1 Active interface number Enter for default lt 1 8 gt 1 You can delete fixed NAT mapping entry from 1 to 5 by using delete command You can view the fixed NAT mapping entry via list command 14 16 11 PAT To configure Port Address Translation move the cursor gt gt to pat and press enter gt gt clear Clear vir
76. nsmission or acceptance on the basis of a set of configurable rules Network Address Translation NAT routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall and offer a level of circuit based filtering G shdsl Router User Manual Level 5 Application Level 4 TCP Protocol Source Destination address Source destination port IP options connection status Level 3 IP Level 2 Data Link Level 1 Physical SS Stateful Inspection R Filter remember this information UDP SP 3264 SA 192 168 0 5 DP 1525 DA 172 16 3 4 172 16 3 4 192 168 0 5 atches outgoing so allows UDP SP 1525 SA 172 16 3 4 DP 3264 DA 192 168 0 5 Nomatches so disallows in UDP SP 1525 SA 172 168 3 4 DP 2049 DA 192 168 0 5 Firewall 192 120 8 5 Internet i IP External IP 192 168 0 10 192 120 8 5 192 109 011 019212083 192 168 0 11 Intemal Protected Network Extemal Unprotected Network NAT Network Address Translation y VER 1 0 G shdsl Router User Manual VER 1 0 PAT Port Address Translation y Internet Firewall 192 168 0 10 1 192 120 8 5 192 120 8 5 2205 192 120 8 5 2206 Client IP Internal Pot External Port 192 168 0 10 1025 2205 192 168 0 11 4406 2206 Intemal Protected Network Extemal Unprotected Network 192 168 0 11 4406 2 1 2 Circuit Gateway A
77. ntrol panel Double click the network icon VER 1 0 S E S Accessibility AddNew Add Remove Options Hardware Programs Control Panel P x Network Game Configures network c i hardware and software e ontrollers Microsoft Home sa Technical Support Mouse Multimedia a a Power Printers Management B 3 System Telephony In the Configuration window select the TCP IP protocol Hr line that has been associated with your network card and then click property icon yr l RE Client far Microsoft Networks 23 mare Date Time amp Internet Options s Network Regional Settings E ODBC Data Sources 32bit Scanners and Cameras G shdsl Router User Manual VER 1 0 Choose IP address tab Select Obtain IP address automatically Click OK button TCP IP Properties ed ES Bindings Advanced MeBlos DNS Configuration Gateway WINS Configuration IP Address An F address can be automatically assigned to this computer IF your network does not automatically assign IP addresses ask pour network administrator for an address and then type it in the space below Specify an IP address ade auber kask The window will ask you to restart the PC Click Yes button After rebooting your PC open IE or Netscape 3 Cannot find server Microsoft MENEE EMISE Browser to connect the Router Type http 192 168 0 1 The default IP address and sub net mask of
78. ore than the allowed 65 536 bytes Many operating systems didn t know what to do when they received an oversized packet so they froze crashed or rebooted Other known variants of the ping of death include teardrop bonk and nestea 11 G shdsl Router User Manual VER 1 0 Ping of Death Packet 112 000 bytes Normal reassembled Packets bytes from 1 1500 bytes from 1501 3000 bytes from 3000 4500 Reassembled teardrop packets i p nea ar eer bytes from 1300 3200 bytes from 2800 4800 SYN Flood The attacker sends TCP SYN packet which start connections very fast leaving the victim waiting to complete a huge number of connections causing it to run out of resources and dropping legitimate connections A new defense against this is the SYN cookies Each side of a connection has its own sequence number In response to a SYN the attacked machine creates a special sequence number that is a cookie of the connection then forgets everything it knows about the connection It can then recreate the forgotten information about the connection where the next packets come in from a legitimate connection TCP SYN TCP SYN ACK Packets ICMP Flood The attacker transmits a volume of ICMP request packets to cause all CPU resources to be consumed serving the phony requests UDP Flood The attacker transmits a volume of requests for UDP diagnostic services which cause all CPU resources to be consumed serving the phony requests Land
79. orts on the WAN interface are re mapped to services inside the LAN As only 69 210 1 8 e g assigned to WAN from ISP is visible to the Internet but does not actually have any services other than NAT of course running on gateway it is said to be a virtual T ae server Request with TCP made to 69 210 1 8 80 are remapped to the E WAN server 1 on 192 168 0 2 80 for working days from Monday to Friday 8 AM BRIDGE to 6PM other requests with UDP made to 69 210 1 8 25 are remapped to VLAN server 2 on 192 168 0 3 25 and always on e ROUTE e NAT DMZ BASIC You can setup the router as Index 1 protocol TCP interface WAN1 service name test1 private IP 192 168 0 2 private port 80 public port 80 EMOL schedule from Day Monday to Friday and time 8 0 to 16 0 and index 2 STATUS protocol UDP interface WAN1 service name test2 private IP 192 168 0 3 private port 25 public port 25 schedule always ADMIN Click Virtual Server to configure the parameters UTILITY Press for modify 1 Home Basic Advanced Status Admin Utility ADVANCED VIRTUAL SERVER Virtual Server Mapping Parameters a Table of Curreni Virtual Server Entries imtos Service Mama Interface Private IP Protocol Schedule 1 Disable mz nts Digable C3 an a on Disable Ca na z Disable Ox Dus lblo FE Disabbo E7 a z Disable C Digable Cu an Disable 4g Disable Type the necessary parameters then click Home Basic Adv
80. outer User Manual VER 1 0 7 2 4 PPPoE or PPPoA PPPOA point to point protocol over ATM and PPPoE point to point protocol over Ethernet are authentication and connection protocols used by many service providers for broadband Internet access These are specifications for connecting multiple computer users on an Ethernet local area network to a remote site through common customer premises equipment which is the telephone company s term for a modem and similar devices PPPoE and PPPoA can be used to office or building Users share a common Digital Subscriber Line DSL cable modem or wireless connection to the Internet PPPoE and PPPoA combine the Point to Point Protocol PPP commonly used in dialup connections with the Ethernet protocol or ATM protocol which supports multiple users in a local area network The PPP protocol information is encapsulated within an Ethernet frame or ATM frame Bridge BAS N IP o oan i IP 192 168 0 254 etmask A Gateway 192 168 0 254 u IP 192 168 0 2 VPI 0 VCI 32 Netmask 255 255 255 0 Encapsulation LLC Gateway 192 168 0 254 Before configuration the router check with your ISP about these information VPI VCI Encapsulation User Name Password DNS Server Host Name if applicable IP address if applicable pa n the WAN1 parameters Basic Advanced Status Admin Utility VCI 33 BASIC STEP4 AAL5 Encap LLC WANI Protocol or w p NAT ver p2 Click N
81. plications by configuring the DoS protection and defining an extra packet filter with higher priority than the default SPI filter Note that an improper filter policy may degrade the capability of the firewall and or even block the normal network traffic The screen will prompt the parameters which will be written in EPROM Check the parameters Press restart to restart the router or press Continue to setup another function User can determine the security level for special purpose environment and applications by configuring the DoS protection and defining an extra packet filter with higher priority than the default SPI filter Note that an improper filter policy may degrade the capability of the firewall and or even block the normal network traffic Home Basic Home Basic Advanced Status Admin Utility ADVANCED FIREWALL Firewall Security Level Review To let the configuration that you have changed take effect immediately please click Restart button to reboot the system procedure please click Continue button Firewall security level Security Level Automatic Firewall Security DoS Protection Parameters Review Detect SYN Attack Enable SYN Attack Threshold 200 packets per second DetectICMP Flood Enable ICMP Flood Threshold 200 packets per second E Detect UDP Flood Enable UDP Flood Threshold 200 packets per second Detect PING of Death Attack Enable 00 wee
82. r User Manual VER 1 0 4 3 SHDSL Line Connector a mb Front View Front View 4 4 Console Cable Pin Number Description Figure 1 Noconnection 4 Nocomnecti on_______________ l CTS O RTS 1 1 4 6 _ Noconnection 8 EAS 19 G shdsl Router User Manual VER 1 0 5 Configuration to the router This guide is designed to lead users through Web Configuration of G shdsl Router in the easiest and quickest way possible Please follow the instructions carefully Note There are three methods to configure the router serial console Telnet and Web Browser Only one configuration application is used to setup the Router at any given time Users have to choose one method to configure it For Web configuration you can skip step 3 For Serial Console Configuration you can skip step 1 and 2 5 1 Step 1 Check the Ethernet Adapter in PC or NB Make sure that Ethernet Adapter had been installed in PC or NB used for configuration of the router TCP IP protocol is necessary for web configuration so please check the TCP IP protocol whether it has been installed 5 2 Step 2 Check the Web Browser in PC or NB According to the Web Configuration the PC or NB need to install Web Browser IE or Netscape Note Suggest to use IE5 0 Netscape 6 0 or above and 800x600 resolutions or above 5 3 Step 3 Check the Terminal Access Program For Serial Console and Telnet Configuration users
83. r VPI 0 Enter VCI 32 E MA Ma Click Click Next 26 G shdsl Router User Manual The screen will prompt the new configured parameters Check the parameters and Click The router will reboot with the new setting or to configure another parameters VER 1 0 Home Basic Advanced Status Admin Utility BASIC REVIEW REVIEW To let the configuration that you have changed take effect immediately please click Restart button to reb lt continue the setup procedure please click Continue button System Operation Mode System Mode Bridge Mlode SHDSL Mode CPE Side LAN Interface IP Address 192 168 0 1 Subnet Mask 255 255 255 0 Gateway 192 168 0 254 Hostname SOHO WANI interface VPI D CI 32 E AAL5 Encap LLC 2I G shdsl Router User Manual VER 1 0 7 2 Routing Mode Ad gee ps ion ane i Home Basic Advanced Status Admin Utility client relay Point to Poin E Protocol over ATM and Ethernet and IP BASIC STEP1 over ATM and Ethernet over ATM You Operation Mode have to clarify which Internet protocol is E ns SAS provided by ISP SHDSL Mode CCO Side CPE Side Click and then press met ce ee IL This product can be setup two SHDSL mode CO Central Office and CPE Customer Premises Equipment For connection with DSLAM the SHDSL mode is CPE For LAN to LAN connection one side must be Co and the other side must be CPE 28 G sh
84. r press continue to setup another parameter 41 G shdsl Router User Manual 8 3 Bridge VER 1 0 If your router is setup in bridge mode and you want to setup advanced BASIC filter function you can use BRIDGE menu to setup the filter function blocking function Click to setup Press Add to add the static bridge information If you want to filter the definate MAC address of LAN PC to access Internet press Add to establish the filtering table Key the MAC address in MAC address field and select Filter in LAN field If you want to filter the definate MAC address of WAN PC to access LAN press to establish the filtering table Key the MAC address in MAC address field and select Filter in WAN field For example if your VC is setup at WAN 1 select WAN 1 Filter The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Press to restart the router working with new parameters or press to setup another parameter T ADVANCED e SHDSL e WAN MAT DMIZ VIRTUAL SERWER FIREWALL STATUS ADMIN UTILITY Home Basic Advanced status Admin Utility ADVANCED BRIDGE Generic Bridge Parameters General Parameter Default Gateway 192 168 0 254 Static Bridge Parameters Table of Current MAC Entries MAC No Addon LAN WAN1 4 WANS 8 00 00 00 00 00 00 Filter y 1 Filter 5 Filter y 2 Eiter 6
85. rd to submenu TAB To choose another parameters Ctrl C To quit the configuring item Ctrl Q For help 14 6 Menu Tree The menu three are as following figures All of the configuration commands are placed in the subdirectories of Enable protected by supervisor password On the other hand unauthorized user cannot change any configurations but viewing the status and configuration of the router and using ping command to make sure the router is worked 78 G shdsl Router User Manual VER 1 0 _ User Name d Password E Enable Status Show E Ping Exit Enable Setup Protocol tatus S Show M PELT write Ny Protocol Direction src_IP dest_IP sync_flood icmp_flood udp_flood 3iIng deatr Method Service Time_serverl 79 G shdsl Router User Manual VER 1 0 14 7 Configuration To setup the router move the cursor gt gt to enable and press enter key While the screen appears type the supervisor password The default supervisor password is root The password will be prompted as symbol for system security Command enable lt CR gt Message Please input the following information Supervisor password In this sub menu you can setup management features and upgrade software backup the system configuration and restore the system configuration via utility tools For any changes of configuration you have to write the new configuration to EPROM
86. re menu Move the cursor gt gt to ip_share then press enter gt gt nat Configure network address translation pat Configure port address translation dmz Configure DMZ host function NAT Network Address Translation is the translation of an Internet Protocol address IP address used within one network to a different IP address known within another network One network is designated the inside network and the other is the outside Typically a company maps its local inside network addresses to one or more global outside IP addresses and reverse the global IP addresses of incoming packets back into local IP addresses This ensure security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request NAT also conserves on the number of global IP addresses that a company needs and lets the company to use a single IP address of its communication in the Internet world DMZ demilitarized zone is a computer host or small network inserted as a neutral zone between a company private network and the outside public network lt prevents outside users from getting direct access to a server that has company private data 14 16 10 NAT You can configure NAT parameters in nat menu gt gt virtual Virtual IP address pool global Global IP address pool fixed Fixed IP address mapping 97 G shdsl Router User Manual VER
87. reen will prompt as below gt gt add Add static MAC entry delete Delete static MAC entry modify Modify static MAC entry list Show static bridging table After enter add menu the screen will prompt as follow gt gt mac Configure MAC address lan_port Configure LAN interface bridging type wan1_port Configure WAN1 interface bridging type wan2_port Configure WANZ2 interface bridging type wan3_port Configure WANS interface bridging type wan4_port Configure WAN4 interface bridging type wan5_port Configure WANS interface bridging type wan6_port Configure WAN6 interface bridging type wan7_port Configure WAN7 interface bridging type wan8_port Configure WAN8 interface bridging type list Show static bridging table 93 G shdsl Router User Manual VER 1 0 14 16 5 VLAN Virtual LAN VLAN is defined as a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire when in fact they are located on a number of different LAN segments Because VLAN is based on logical instead of physical connections it is extremely flexible You can setup the Virtual LAN VLAN parameters in vlan command The router support the implementation of VLAN to PVC only for bridge mode operation i e the VLAN spreads over both the COE and CPE sides where there is no layer 3 routing involved The unit supports up to 8 active VLANs with shared VLAN learning SVL bridge out of 4096 possible VLANs specifi
88. rs VPI 0 VCI 32 AAL5 Encap LLC Protocol IPoA EOA PoA NAT or E0A Note The Protocol used in CO and CPE have to be the same Click Next to setup the IP parameters For more understanding about NAT review NAT DMZ in page 19 IP Address 192 168 30 2 Subnet mask 255 255 255 0 Gateway 192 169 30 1 Click Home Basic Operation Mode Advanced System Mode ROUTE BRIDGE SHDSL Mode CO Side CPE Side Home LAN Basic IP Address VER 1 0 Status Admin BASIC STEP1 Advanced Status Admin BASIC STEP2 Subnet Mask 255 y 255 i 255 t fo Host Name SOHO Trigger DHCP Service Disable Enable Home Home WANI IP Address fig Subnet Mask ml Basic Utility Utility Advanced VPI lo VCI 32 AALS Encap VC mux LLC Protocol Pa E PPPoA NAT PPPoE NAT Basic Gateway 110 DNS Server 1 fiss 95 1 1 DNS Server 2 DNS Server 3 Advanced Status Admin BASIC STEP4 Status Admin BASIC STEP5 la niall TT Utility Utility The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Press Restart to restart the router working with new parameters or press continue to setup another parameter 74 G shdsl Router User Manual VER 1 0 14 Configuration via Serial Console or Telnet with Manu Driven Interface 14 1 Serial Console Check the
89. s This is known as address filtering Firewalls can also filter specific types of network traffic This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used for example HTTP ftp or telnet Firewalls can also filter traffic by packet attribute or state An Internet firewall cannot prevent individual users with modems from dialling into or out of the network By doing so they bypass the firewall altogether Employee misconduct or carelessness cannot be controlled by firewalls Policies involving the use and misuse of passwords and user accounts must be strictly enforced These are management issues that should be raised during the planning of any security policy but that cannot be solved with Internet firewalls alone Firewall Access to Specific A Allowed Traffic yo g EEr Unknown Trafic Specified Allowed Traffic Ilmi Local User Internet 2 1 Types of Firewall There are three types of firewall 2 1 1 Packet Filtering In packet filtering only the protocol and the address information of each packet is examined Its contents and context its relation to other packets and to the intended application are ignored The firewall pays no attention to applications on the host or local network and it knows nothing about the sources of incoming data Filtering consists of examining incoming or outgoing packets and allowing or disallowing their tra
90. shdsl Router User Manual VER 1 0 5 Application Level 4 TCP Level 3 IP Level 2 Data Link Level 1 Physical Proxy Application li Gia a vrai i Extemal Intemal HE Interface Interface Proxy Server i Public Server 3 Request Page 3 Check URL y Request Page Retum Page Filter Content Retum Page 2 2 Denial of Service Attack Denial of service DoS attacks typically come in two flavors resource starvation and resource overload DoS Si Pi attacks can occur when there is a legitimate demand for a resource that is greater than the supply i e too many Tntumopton web requests to an already overloaded web server Software vulnerabilities or system misconfigurations can also cause DoS situations The difference between a malicious denial of service and simple system overload is the requirement of an individual with malicious intent attacker using or attempting to use resources specifically to deny those resources to other users Ping of death On the Internet ping of death is a kind of denial of service DoS attack caused by an attacker deliberately sending an IP packet larger than the 65 536 bytes allowed by the IP protocol One of the features of TCP IP is fragmentation it allows a single IP packet to be broken down into smaller segments Attackers began to take advantage of that feature when they found that a packet broken down into fragments could add up to m
91. sor gt gt to rip and press enter gt gt generic Configure operation and auto summery mode lan Configure LAN interface RIP parameters wan Configure WAN interface RIP parameters list Show RIP configuration Generic command can setup RIP mode and auto summery mode If there are any routers in your LAN you can configure LAN interface RIP parameters via lan command The product supports 8 PVCs and you can configure the RIP parameters of each WAN via wan command Move the cursor gt gt to wan and press enter Command setup route rip wan lt 1 8 gt lt more gt Message Please input the following information Active interface number lt 1 8 gt 1 The screen will prompt as follow gt gt attrib Operation authentication and Poison reverse mode version RIP protocol version authe Authentication code 96 G shdsl Router User Manual VER 1 0 Attrib command can configure RIP mode authentication type and Poison reverse mode Version command can configure RIP protocol version Authe command can configure authentication code You can review the list of RIP parameters via list command 14 16 8 LAN LAN interface parameters can be configured LAN IP address subnet mask and NAT network type gt gt address LAN IP address and subnet mask attrib NAT network type 14 16 9 IP share You can configure Network Address Translation NAT Port Address Translation PAT and Demilitarized Zone parameters in ip_sha
92. st in broadband technologies to meet their growing data communication needs Through the power of SHDSL products you can access superior manageability and reliability 1 1 Features lt gt Easy configuration and management with password control for various application environments lt Efficient IP routing and transparent learning bridge to support broadband Internet services lt gt VPN pass through for safeguarded connections lt gt Virtual LANs VLANs offer significant benefit in terms of efficient use of bandwidth flexibility performance and security lt gt Build in advanced SPI firewall Firewall router lt gt Four 10 100Mbps Auto negotiation and Auto MDIX switching port for flexible local area network connectivity 4 port router lt DMZ host Multi DMZ Multi NAT enables multiple workstations on the LAN to access the Internet for the cost of IP address lt gt Fully ATM protocol stack implementation over SHDSL lt gt PPPoA and PPPoE support user authentication with PAP CHAP MS CHAP lt gt SNMP management with SNMPv1 SNMPv2 agent and MIB II lt gt Getting enhancements and new features via Internet software upgrade 1 2 Specification Routing Support IP TCP UDP ARP ICMP IGMP protocols IP routing with static routing and RIPv1 RIPv2 RFC1058 2453 IP multicast and IGMP proxy RFC1112 2236 Network address translation NAT PAT RFC1631 NAT ALGs for ICQ Netmeeting MSN Yahoo Messenger DNS relay and caching RFC
93. tination address lookup determines the forwarding ports If it fails the packet will be broadcasted to all members of the VLAN except the ingress port 8 Frames are sent out tagged or untagged depend on if the egress port is a tagged or untagged member of the VLAN that frames belong to 9 If VID and source address look up fails the source address will be learned 3 2 Frame Specification An untagged frame or a priority tagged frame does not carry any identification of the VLAN to which it belongs Such frames are classified as belonging to a particular VLAN based on parameters associated with the receiving port Also priority tagged frames which by definition carry no VLAN identification information are treated the same as untagged frames A VLAN tagged frame carries an explicit identification of the VLAN to which it belongs e it carries a tag header that carries a non null VID This results in a minimum tagged frame length of 68 octets Such a frame is classified as belonging to a particular VLAN based on the value of the VID that is included in the tag header The presence of the tag header carrying a non null VID 14 G shdsl Router User Manual VER 1 0 means that some other device either the originator of the frame or a VLAN aware bridge has mapped this frame into a VLAN and has inserted the appropriate VID The following figure shows the difference between a untagged frame and VLAN tagged frame where the Tag Protocol Ident
94. tual server mapping modify Modify virtual server mapping list Show virtual server mapping pool You can delete virtual server mapping entry from 1 to 10 by using clear command You can create up to 10 virtual server mapping entry via modify command 99 G shdsl Router User Manual VER 1 0 Command setup ip_share pat modify lt 1 10 gt Message Please input the following information Virtual server entry number lt 1 10 gt 1 After key in enter the screen will prompt as below gt gt interface Active interface port TCP UDP port number server Host IP address and port number protocol Transport protocol name Service name begin The schedule of beginning time end The schedule of ending time Set the active interface number via interface command You can configure the global port number by using port command The local server host IP address and port number are configured via server command The authorized access protocol is setup via protocol command Name command can be used to configure the service name of the host server Begin and end command is used to setup the local server schedule to access You can view the fixed NAT mapping entry via list command 14 16 12 DMZ To setup demilitarized zone move the cursor gt gt to dmz and press enter gt gt active Tigger DMZ host function address Configure virtual IP address and interface You can enable the demilitarized zone via active command 100 G
95. twork traffic The firewall security level can configure via level command 14 16 14 Packet Filtering Packet filtering function can be configured by pkt_filter command Move the cursor to pkt_filter and press enter gt gt active Tigger packet filtering function drop_flag Drop fragment packets add Add packet filtering rule delete Delete packet filtering rule modify Modify packet filtering rule exchange Exchange the filtering rule list Show packet filtering table To enable the packet filtering function you can use active command 101 G shdsl Router User Manual VER 1 0 Add the packet filtering rule via add command gt gt protocol Configure protocol type Direction Configure direction mode src_ip Configure source IP parameter dest_ip Configure destination IP parameter port Configure port parameter TCP and UDP only tcp_flag Configure TCP flag TCP only icmp_type Configure ICMP flag ICMP only description Packet filtering rule description enable Enable the packet filtering rule begin The schedule of beginning time end The schedule of ending time action Configure action mode 14 16 15 DoS Protection DoS protection parameters can be configured in dos_protection menu Move the cursor to dos_protection and press enter gt gt syn_flood Enable protection SYN flood attack icmp_ flood Enable protection ICMP flood attack udp_ flood Enable protection UDP flood attack ping_death Enable protection ping of death attack lan
96. uitsystem 80 G shdsl Router User Manual VER 1 0 148 Status You can view running system status of SHDSL WAN route and interface via status command Move cursor gt gt to status and press enter gt gt shdsl Show SHDSL status wan Show WAN interface status route Show routing table interface Show interface statistics status firewall Show firewall status shdsl The SHDSL status includes line rate SNR margin TX power attenuation and CRC error of the product and SNR margin attenuation and CRC error of remote side The product access remote side information via EOC embedded operation channel wan WAN status shows the 8 PVC information which are configured route lYou can see the routing table via route command interface The statistic status of WAN and LAN interface can be monitor by interface command firewall The current and history status of firewall are shown in this command 81 G shdsl Router User Manual VER 1 0 149 Show You can view the system information configuration and configuration in command script by show command Move cursor gt gt to show and press enter gt gt system Show general information config Show all configuration script Show all configuration in command script system The general information of the system will show in system command config Config command can display detail configuration information script Configuration information will prompt in co
97. unction for network administrator to IO mall setup the legal address of configuration General Parameters Configured 0 0 0 0 will allow all hosts on Telnet Port 23 Internet or LAN to access the router a Trust Host List Warning the special trust host IP of 0 0 0 0 allows the access from any hosts on internet Leaving blank of trust host list will cause blocking all PC from WAN to access the router On the other hand only PC in LAN can access the router D IP Address ono If you type the excact IP address in the filed ol SN oo om amp wl nm 17 si a 15 sl si only the host can access the router id of id Click to finish the setting E Ma Me The browser will prompt the configured parameters and check it before writing into EPROM Press to restart the gateway working with the new parameters and press to setup other parameters 59 G shdsl Router User Manual VER 1 0 9 2 SNMP Simple Network Management Protocol SNMP provides for the exchange of messages between a network management client and a network BASIC management agent for remote management of network nodes These messages contain requests to get and set variables that exist in network ADVANCED nodes in order to obtain statistics set configuration parameters and monitor dele SNMP communications can occur over the LAN or WAN STATUS
98. uting Usage IP Routing Usage Enable Disable 2nd IP Address 192 168 1168 2nd Subnet Mask 1255 G shdsl Router User Manual VER 1 0 Note For safety the password will be prompt as star symbol The screen will prompt the parameters that will be written in EPROM Check the parameters before writing in EPROM Press Restart to restart the router working with new parameters or press continue to setup another parameter 35 G shdsl Router User Manual VER 1 0 7 2 5 IPoA or EoA rc A A A A A A a ee IP 10 1 2 1 Router Netmask 255 255 255 0 BAS IP 192 168 0 1 gt Gateway 10 1 2 2 4 Netmask 255 255 255 0 DNS 168 95 1 1 Era IP 10 1 2 2 Netmask 255 255 255 0 AAA ETT eee IP 192 168 0 2 51 Netmask 255 255 255 0 Gateway 192 168 0 1 VPI 0 VCI 33 Encapsulation LLC me a M Before configuration the router check with your ISP about these information VPI VCI Encapsulation IP Address Subnet Mask Gateway DNS Server Host Name if applicable or Wan Parameters Home Basic Advanced Status Admin Utility VCI 33 BASIC STEP4 AAL5 Encap a Protocol PoA EA IPoA NAT or oA wm p Click Next to setup the IP parameters AALSEacap OVC mux LLC Protocol Pa H For more understanding about NAT review NAT DMZ IP Address 10 1 2 1 Home Basic Advanced Status Admin Utility It is router IP address seem from Internet BASIC
99. ve setting means that the VID 20 member port includes LAN1 LAN2 and WAN The member ports are tagged members Use PVID command to change the member port to untagged members To assign PVID Port VID move the cursor gt gt to PVID and press enter The port index 1 to 4 represents LAN1 to LAN4 respectively and port index 5 to 12 represents WAN1 to WANS VID value is the group at which you want to assign the PVID of the port PVID is Command setup vian pvid lt 1 12 gt lt 1 4094 gt Message Please input the following information Port index lt 1 12 gt 1 VID Value Enter for default lt 10 gt 10 To modify the link type of the port move the cursor to link mode and press enter There are two types of link access and trunk Trunk link will send the tagged packet form the port and access link will send un tagged packet form the port Port index 1 to 4 represents LAN1 to LAN4 respectively According to the operation mode of the device link tyoe of WAN port is automatically configured If the product operates in bridge mode the WAN link type will be trunk and in routing mode access Command setup vlan link_mode lt 1 12 gt lt Access Trunk gt Message Please input the following information Port index lt 1 12 gt 1 Port link type Tab select lt Trunk gt Access To view the VLAN table move the cursor to list and press enter 14 16 7 Route You can setup the routing parameters in route command If the product is co
100. ve the cursor gt gt to setup and press enter gt gt mode Switch system operation mode shdsl Configure SHDSL parameters wan Configure WAN interface profile bridge Configure transparent bridging vlan Configure virtual LAN paramters route Configure routing parameters lan Configure LAN interface profile lp share Configure NAT PAT parameters firewall Configure Firewall parameters dhcp Configure DHCP parameters dns_ proxy Configure DNS proxy parameters hostname Configure local host name default Restore factory default setting 14 16 1 Mode The product can act as routing mode or bridging mode The default setting is routing mode You can change the system operation mode by using mode command Move the cursor gt gt to mode and press enter Command setup mode lt Route Bridge gt Message Please input the following information System operation mode TAB select lt Route gt Route 14 16 2 SHDSL You can setup the SHDSL parameters by the command shdsl Move the cursor gt gt to shdsl and press enter gt gt mode Configure SHDSL mode Link Configure SHDSL link n 64 Configure SHDSL data rate type Configure SHDSL annex type clear Clear current CRC error count margin Configure SHDSL SNR margin There are two types of SHDSL mode STU R and STU C STU R means the terminal of central office and STU C customer premises equipment Link type will be 2 wire or 4 wire mode according to the product 4 wire product
101. ynamic IP of PPPoA and PPPoE you do not need to setup IP address and subnet mask There is an unique VPI and VCI value for Internet connection supported by ISP The range of VIP is from O to 255 and VCI from 0 to 65535 There are two types of encapsulation types VC Mux and LLC You can setup virtual circuit quality of service VC QoS using gos command The product supports UBR CBR VBR rt and VBR nrt The peak cell rate can be configured from 64kbps to 2400kbps Move the cursor to qos and press enter gt gt class Configure QoS class pcr Configure peak cell rate kbps scr Configure sustainable cell rate kbps mbs Configure max burst size cell 92 G shdsl Router User Manual VER 1 0 ISP command can configure account name password and idle time Idle time are from 0 minute to 300 minutes Most of the ISP use dynamic IP for PPP connection but some of the ISP use static IP Configure the IP type dynamic or fixed via ip_ type command You can review the WAN interface configuration via list command 14 16 4 Bridge You can setup the bridge parameters in bridge command If the product is configured as a router you do not want to setup the bridge parameters Move the cursor gt gt to bridge and press enter gt gt gateway Default gateway static Static bridging table You can setup default gateway IP via gateway command You can setup 20 sets of static bridge in static command After entering static menu the sc
Download Pdf Manuals
Related Search
Related Contents
Samsung SGH-D880 Vartotojo vadovas パスバッテリーボックスアッセンブリ 取扱説明書 適 応 機 種 NAB EFTPOS User Guide PayPal Express Checkout - 2009 User Guide Philips AZ1310 User's Manual Linear DUAL-824 User's Manual MG8000 ニコン用 HP 20bw Quick Setup Poster Copyright © All rights reserved.
Failed to retrieve file