CX82310 ADSL Bridge/Router Firmware Web Interface User Guide
Contents
1. gt GS CONEXANTA Status Home PPP ADSL Configuration WAN LAN PPP NAT Virtual Server Bridge Filtering DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Mise Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code RIP System Wide Configuration R Disabled x Border Gateway Enabled M Supply Interval 30 Seconds Expire Timeout 180 Seconds Garbage Timeout 120 Seconds Advanced Co ation Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect RIP This field allows you to Enable or Disable the RIP session The resulting RIP session will monitor all network interfaces that are currently available for messages from other RIP routers RIP is disabled by default Border Gateway RIP implements Border Gateway as specified in RFC 1058 and RFC 1723 This limits all subnet routes and host routes to routers within that same network Updates sent outside that network will only include a single entry representing the entire network including all subnets and host specific routes The Border Gateway is enabled by default Supplier Interval This field allows you to enter the Supplier Interval timer in2. Port This field specifies the Port number to which the policy applies Both the source port SrcPort and destination port DesPort are specified here Prot Short for protocol this is the protocol to which the policy applies Act Short for action this field specifies two possible actions allow or deny Opt Filtering Optional Filtering field specifies the time period to which the policy applies Up Clicking this button will move the corresponding policy up one space in the table E CONEXANTA User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Co tion Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Firewall Dn Short for down clicking this button will move the corresponding policy down one space in the table Note The Inbound Policy works in a Top Down fashion according to the Inbound Policy Table This means that the firewall will apply the policies in order from the top of the table to the bottom It is critical for both security and user accessibility to the WAN to have inbound policies in the correct order See Section 6 9 1 for an example of this Edit Clicking this button will display a table similar to the add table see below to the bottom of
3. User Guide Version 2 0 Contents 1 System Requirement ut A A A A A AI 1 1 ADSL Bridge Router and PC Configuration censo ia 2 1 2 1 ADSL Bridge Router Installation ori coi ii athe eres 2 1 2 2 Computer and NetWork SetuP escoria anar ren Ras id AARSE NEARE ADEE AAE CEA NARASTE UTARA En 2 2 2 3 A E E a A A A eth 2 3 PLC TULSA Pag A SS ame perry rene ee 3 1 3 1 Home Pag s iiinn Aes ld AE aA vl 3 1 3 2 PPP Pages ic aio 3 3 Sao A NN NN 3 5 Configuration Pages anadir 4 1 4 1 MONOS cerrara ii dt ai adamantane arama 4 1 E AAN CO UN ici 4 3 4 2 1 A O NN 4 5 Aa va Examples CBR and UBA oi ii 4 6 4 21 27 Example VBR Mba AE 4 6 4 2 2 DHCP aaa 4 2 3 MAC Spoofing 4 2 4 Static PSetting Seek NR O 4 2 5 O O 43 CLAN Configuration AENEA aie Silva ETNE 4 3 1 DHCP Server 4 3 2 Ethernet Mode Setting 4 4 PPP Config ciar Aide Ea 4 4 1 PPP Account Configura piu oda 4 11 4 4 2 PPP Session Configuration vitara narrar ia 4 13 4 4 3 PPP Disconnect Timer Configuration ccececseecsssteeeseseeeseesaeseeteceeesnsaeaeeneneceeseasaeeneneteeesisaeateteneneeeeaes 4 15 4 4 3 1 Enable Disable Idle Timer Filter ccc eeeeseseeeecseeteesesesceeeeeeneneaeseeneeensaeaeateneneneeessaeatateneneeneneates 4 15 44 32 Filter Application iana a a eines Se ead dle 4 16 4 4 3 3 Filter Details cia at 4 16 4 4 4 PPP Miscellaneous Configuration 0 ceseseecescseetseseeeseecstencseseeesseeeeneaeaseneneceisseasaeenen
4. 5 14 Local Code Image Update The Code Image Update page allows you to upgrade the image code locally User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Code Image Update Image Download Select Image Download to start a Code Image Update After Image Download is selected it will take a few seconds before you can select the file to be downloaded Browse the location of file firmware dlf or bootrom dlf file and click the Upload to start the update The ADSL Bridge Router will reboot as part of the process of updating code 5 24 6 Firewall Configuration E CONEXANTA User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Firewall A Statefull Packet Inspection SPI firewall is an optional feature that may or may not be included in your ADSL Bridge Router A firew
5. CATS Cable 2 ADSL Bridge Router and PC Configuration The following steps will initialize the ADSL Bridge Router making it ready for configuration 2 1 ADSL Bridge Router Installation Connect the ADSL Bridge Router to the PC and ADSL line see Figure 2 1 for some typical configurations 1 Connect the ADSL Bridge Router to the PC LAN port with a Cat 5 cable or to the PC USB port with a USB cable 2 Connect the ADSL Bridge Router to the ADSL line which connects to the ISP Figure 2 1 Typical ADSL Bridge Router Connection 2 1 2 2 Computer and Network Setup 1 Turn PC power on 2 Install USB drivers if you are connecting the ADSL Bridge Router through USB 3 Apply power to the ADSL Bridge Router 4 Set up the Network It is recommended that the network address of the client PC to be configured as a dynamic IP address This will give your DHCP server full control of IP Addresses and DNS Servers Note For Information on Network Setup and IP Address configuration please refer to Appendix D Network Setup Guide 2 2 2 3 Login Levels of Access There are two levels of access rights privileges for the ADSL Bridge Router e Administrator User name admin the administrator account has complete read write access on all pages Status Configuration Admin Privilege and Firewall Configuration Admin account also has FTP server access e User User name user the User account has
6. lo0 indicates the loopback interface ppp1 indicates the PPP interface The Gateway is the learned Gateway Route Table Destination Netmask Gateway Interface 0 0 0 0 0 0 0 0 63 196 247 254 ppp1 10 0 0 0 255 0 0 0 10 0 0 2 br 63 196 247 254 255 255 255 255 63 196 247 252 ppp1 127 0 0 1 255 0 0 0 127 0 0 1 100 System Default Gateway Configuration O None O Auto Select Interface lp Ethemet0 v O Specify IP Route Configuration Destination Netmask Gateway Specify Select Interface IpEthemet0 Ada v Submit Reset Note Save changes to flash to restore on power up Manually Configured Routes Destination Netmask Gateway The Gateway field of the static route entry allows users to either enter a Gateway IP address or select a Network Interface All user defined routes retained in the CPE memory regardless if they are already in the Routing Table are displayed on the same Route Table page All user defined route entries kept in the CPE memory during run time are saved to flash when the user chooses to save and reboot the CPE When the CPE restarts it reloads all saved user defined routes to the CPE memory and tries to apply to the system A user defined route entry is added to the Routing Table whenever the system provides an environment that makes the route entry applicable It is removed from the Routing Table whenever the route entry becomes not applicable e g If
7. to a local PC Under the Multiple User mode default the DHCP server allocates the IP addresses specified by the DHCP address pool Save Configuration Clicking this will link you to the Save Settings Reboot page 4 9 4 3 2 Ethernet Mode Setting The Ethernet Mode configuration page allows you to set the LAN port into the following modes AutoSense The ADSL Bridge Router will automatically sense which mode to use selecting between 100 Mbps Full Duplex 100 Mbps Half Duplex 10 Mbps Full Duplex and 10 Mbps Half Duplex This is the default setting 100 Mbps Full Duplex Data can be transferred and received simultaneously at the transfer rate of 100 Mega bits per second 100 Mbps Half Duplex Data cannot be transferred and received at the same time For example data can be sent and once the transmission is complete data can be received This is done at a transfer rate of 100 Mega bits per second 10 Mbps Full Duplex Data can be transferred and received simultaneously at the transfer rate of 10 Mega bits per second 10 Mbps Half Duplex Data cannot be transferred and received at the same time For example data can be sent and once the transmission is complete data can be received This is done at a transfer rate of 10 Mega bits per second Default is AutoSense DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table
8. 0 0 6 IPRange y DB None y Dest IP Any IP v DB None x Sre Port 20 Single Port y Dest Port Any Port y DB FTP y Transport Protocol AllProtocol Filtering Action Allow lv Time Window Filtering Monday y Sre IP This specifies the Source IP for the Outbound Policy This is the internal LAN side behind the firewall IP address or addresses and Subnet Mask s that will be affected by the policy In this field there are two IP Address entry fields and a dropdown menu The dropdown menu has four options e Any IP Selecting this will cause all IPs to be affected by the policy When this is selected you will be unable to enter any information into the IP Address entry fields e Single IP Selecting this will cause only one IP Address to be affected by the policy This IP Address will need to be specified by the user in the first IP Address entry field e IP Range Selecting this will enable you to select a range of IP Addresses to which the policy will apply The first IP Address in the range must be entered into the first IP Address entry field and the last IP Address in the range must be entered into the second IP Address entry field e Mask Range Selecting this will enable you to select a range of Subnet Masks to which the policy will apply The first Subnet Mask in the range must be entered into the first IP Address entry field and the last Subnet Mask in the range must be entered
9. 1970 00 00 22 gt PPP1 Session is up 01 01 1970 00 00 22 gt DNS Add IP address 206 13 30 12 Auto discovered 01 01 1970 00 00 22 gt DNS Add IP address 206 13 29 12 Auto discovered 01 01 1970 00 00 21 gt No Static Session Information is defined Virtual Server n Bridge Filterin Tf you would like to save the log to a text file right click here and select Save Target As DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Clear Log This field allows you to clear the current contents of the System Log Save Log This field allows you to save the current contents of the System Log by right click HERE and select Save Target As to save it into a text file The System Log records e ADSL Layer ADSL Link detected ADSL Link connected ADSL Link disconnected e ATM Layer ATM detected ATM connected ATM disconnected ATM setting up VPI VCI 5 22 PPP Layer PPP authenticated PPP invalid user name or password PPP unable to connect with PPP server IP Layer IP protocol up PPP IP address PPP Gateway IP address PPP DNS Primary IP address PPP DSN Secondary IP address
10. Connection test does not return PASS and your ADSL modem is configured as PPPoE encapsulation This test also returns SKIPPED if the AAL5 Connection test does not return PASS and your ADSL Bridge Router is configured for PPPOA encapsulation Test IP Connect to PPP This test returns PASS if your ADSL Bridge Router has been assigned a valid IP address by your service provider through DHCP or your ADSL Bridge Router is assigned a valid IP address statically If this test returns FAIL run this test again a few minutes after this test is completed If this test returns FAIL consistently and your ADSL Bridge Router is statically assigned an IP address make sure the IP address is the correct one assigned by your service provider This test returns SKIPPED if the AAL5 Connection test does not return PASS Ping Gateway This test returns PASS if the gateway can be reached through a ping request The gateway is assigned by your service provider or obtained from your service provider by PPP or DHCP negotiation If this test returns FAIL run this test again a few minutes after this test is completed If this test returns FAIL consistently and your ADSL Bridge Router seems not working check to make sure your statically assigned IP address is configured correctly or the DHCP client is enabled on with the current VC This test returns SKIPPED if the IP Assignment test does not return PASS Ping Primary DNS This test returns PASS if the prima
11. RIP Configuration Mise Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Ethernet Mode Ethemet Mode AutoSense v Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect 4 10 4 4 PPP Configuration The PPP Configuration page allows you to configure multiple PPP sessions for each PVC Multiple PPP sessions enables you to set up different connection settings and be able to toggle choose those settings for each PVC The ADSL Bridge Router can support up to total of 16 PPP sessions and each PVC can support up to 8 PPP sessions The multiple PPP sessions may be configured with any combination over 8 PVCs 4 4 1 PPP Account Configuration To begin PPP Session configuration you must first go to the PPP Account Configuration page below to set up an account The link to this page can be found on the PPP Configuration page On the PPP Account Configuration page you must configure the Account ID User Name and Password User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network C
12. The default filters are e HTTP TCP Port 80 e FTP TCP Port 20 and 21 e Telnet TCP Port 23 e DNS UDP 53 Action You can add a rule by entering the appropriate information selecting Add on the Action dropdown menu and clicking Submit To delete an entry you can enter the information of an entry that already exists on the table select Delete on the Action dropdown menu and click Submit 4 16 These options can be found on the Miscellaneous Configuration page under Admin PPP Half Bridge When PPP Half Bridge is enabled only one PC is able to access the Internet and the DHCP server will duplicate the WAN IP address from the ISP to the local client PC Only the PC with the WAN IP address can access the Internet System PPP reconnect on WAN access If enabled the PPP session will automatically establish a connection when a packet tries to access the WAN System default is Disabled Connect PPP when ADSL link is up If this option is enabled the bridge router will connect the PPP session whenever an ADSL connection is established If this option is disabled the PPP session will not connect whenever the ADSL Showtime is reached 4 4 4 PPP Miscellaneous Configuration Privilege default is Disabled System default is Enabled 4 4 5 PPPQ amp A Q1 If the PPP session is disconnected after the Disconnect Timeout how can I reconnect it A You have to go to the PPP Status page enter the correct connection number sele
13. This specifies the Transport Transfer protocol for the policy The following protocol options are available All TCP UDP ICMP AH ESP and GRE Filtering Action This specifies what action the policy takes e Allow Selecting this will cause the policy to allow packet transfer from the Sre IP through the Sre Port to travel through the Dest Port to the Dest IP All of these are specified above and must be configured by the user e Deny Selecting this will cause the policy to deny packet transfer from the Sre IP through the Sre Port to travel through the Dest Port to the Dest IP All of these are specified above and must be configured by the user Time Window Filtering This field allows you to select a certain time frame from the Time Group in which this policy will be active See section 6 6 for more information on Time Groups DB Short for Database this field allows you to select a user defined IP Group for the Src IP and Dest IP fields and a user defined Service Group for the Dest Port User defined IP and Service Groups are created in IP Group and Service Group pages sections 6 4 and 6 5 respectively 6 9 1 _ TP Address SrcIP Any IP DesIP Any IP SrcIP Any IP DesIP Any IP SrcIP 204 35 82 1 DesIP Any IP SrcIP 101 64 35 4 DesIP 10 0 0 3 10 0 0 16 SrcIP Any IP DesIP FTP_Server Inbound Outbound Policy Sample Configuration This is a sample Inbound Outbound configuration meant to guide you i
14. allows full bi directional public access and address translation still takes place 4 One popular use of this feature is when inbound connections to a range of ports are required and it is impractical or impossible to accommodate them via port mappings 5 The DMZ opens all ports on this particular local host to all unsolicited traffic therefore posing some security risk This means that the protection of NAT is removed from that local host and external hosts can initiate conversations with it on any port A 3 3 Application Layer Gateways ALGs Application Layer Gateways ALG may also be referred to as Application Specific Gateway or Application Level Gateway Although the address translation itself is application independent it does create complications Some protocols such as FTP DNS and SIP require payload monitoring and alteration to traverse through NAT ALGs are needed to accompany NAT to perform these complicate tasks FTP is the most popular ALG available on NAT devices NAT supports various applications through ALGs Some ALGs are built into NAT and some are implemented as libraries See firmware release notes for specific ALGs supported Note For more on NAT NAPT and Dynamic NAPT please refer to Appendix F Glossary and RFC 3022 Traditional IP Network Address Translator A 5 Appendix B Frequently Asked Questions The Frequently Asked Questions addresses common questions regarding ADSL Bridge Router s
15. and crashing the network Enable ICMP Redirection checking to filter out packets containing the threat Source Routing checking Source routing gives the sender of a packet the ability to determine the exact route that an IP packet takes to get to the destination However source routing can be used for malicious reasons Using a source routed packet the sender could find out important information about nodes in a network making it easy to exploit any weakness Enabling Source Routing checking will cause the firewall to filter out any packet with Source Routing properties WinNuke Attack checking WinNuke exploits a large networking bug found in Windows 95 and NT WinNuke sends erroneous OOB Out of Band data that Windows is unable to process causing the target computer to crash Enable this if you are running an early 95 or NT version of Windows that is vulnerable to this attack 6 4 6 2 Hacker Loy CONEXANTA User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Firewall This page allows you to configure which Protection Policy see previous section violations to log for admin viewing Configuration Firew
16. button e Under the General Tab make sure that the Obtain an IP address automatically and Obtain DNS Server Address Automatically options are selected If they are not selected select them and click the OK button This will make your IP dynamic allowing it to change each time you connect disconnect Internet Protocol TCP IP Properties Ju o General Alternate Configuration Connect using eee cal ES Conexant USB Network Adapter 5 You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask pour network administrator for z the appropriate IP settings This connection uses the following items Obtain an IP address automatically M E Client for Microsoft Networks Use the following IP address v a File and Printer Sharing for Microsoft Networks l M Soos Packet Scheduler 5 M Internet Protocol TCP IP ii ad Description Obtain DNS server address automatically Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Use the following DNS server addresses C Show icon in notification area when connected D 2 Windows 95 98 98SE Me e Click on Start Menu gt Settings gt Control Panel In the Control Panel double click the Network icon e Select the TCP IP for the ADSL Bridge Router i e TCP IP gt Conexant USB Ne
17. enter 4 encryption keys only one of which is enabled at any given time All devices on the network must share the selected key in order to communicate with the ADSL Bridge Router AP The key length for 64 bit is 10 hexadecimal characters and the key length for 128 bit is 26 hexadecimal characters Note Ifyou have the WLAN Security see next section enabled always choose WEP Key ID 2 This will allow the 802 1x client and non 802 1x client to work simultaneously in the 802 1x WLAN security Method 4 28 4 10 Wireless LAN Security This feature is optional and may or may not be supplied by your ADSL Bridge Router IEEE 802 1X defines the architecture that contains three major components Authenticator Supplicant and Authentication Server Authenticator Provides the mechanism to enforce authentication before a user is allowed to access services through a certain port on the device An authenticator can be a Wireless Access Point while the user is a device connected to the Wireless AP such as a laptop The port refers to the wireless channel that the user and authenticator are associated with Supplicant Provides the feature to request for access to the services that are accessed through the authenticator s port A supplicant is a device connected to the Wireless AP such as a laptop Authentication Server Provides the mechanism to check for the supplicant s credentials on behalf of the authenticator 802 1X utilizes the e
18. failure message to the supplicant 4 30 4 11 User Password Configuration The User Password Configuration page allows the user or admin to set the password for the user account User Password Co Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code User Password Configuration Do not use amp in the password User Password Retype Password Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect The User Password can be up to 65 characters excluding amp Note User Account cannot be used to access FTP server 4 31 4 12 Save Settings Reboot The Save Settings Reboot page allows you to either save the new configuration to the flash and reboot the ADSL Bridge Router or simply reboot the ADSL Bridge Router without saving changes SERE 142 3 a3 Bridge Filtering DNS User Password Configuration Save Settings Reboot ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Networ
19. information field larger than this value Range for MRU field is 0 32767 default value is 1492 MTU Maximum Transmission Unit MTU is the largest size packet that can be sent by the modem If the network stack of any packet is larger than the MTU value then the packet will be fragmented before the transmission During the PPP negotiation the peer of the PPP connection will indicate its MRU and will accept any value up to that size The actual MTU of the PPP connection will be set to the smaller of the two MTU and the peer s MRU Range for MTU field is 0 32767 default value is 1492 MSS Maximum Segment Size 1s the largest size of data that TCP will send in a single unfragmented IP packet The LAN client and the WAN host will indicate their MSS during the TCP connection handshake Range for MSS field is 0 32767 default value is 1432 Lep Echo Interval This is the time interval in seconds between PPP session connection attempts Range for Lcp Echo Interval field is 0 32767 default value is 10 Lep Echo Maximum Consecutive Failure This is the number of times a PPP session can fail while trying to connect before stopping If a PPP session fails this number of times you must manually reconnect the PPP session Range for Lcp Echo Maximum Consecutive Failure field is 0 32767 default value is 6 Authentication The different types of available authentications are e Auto When auto is selected PAP mode will run by defau
20. into the second IP Address entry field Dest IP This specifies the Destination IP for the Inbound Policy This is the external WAN side outside of the firewall IP address or addresses and subnet mask s that will be affected by the policy See Sre IP above for configuration detail Sre Port This specifies the Source Port for the Inbound Policy This is the internal LAN side behind firewall port s that will be affected by the policy In this field there are two port entry fields and a dropdown menu The dropdown menu has four options e Any Port Selecting this will cause all Ports to be affected by the policy When this is selected you will be unable to enter any information into the Port entry fields e Single Port Selecting this will cause only one Port to be affected by the policy This Port will need to be specified by the user in the first Port entry field e Port Range Selecting this will enable you to select a range of Ports to which the policy will apply The first Port in the range must be entered in the first Port entry field and the last Port in the range must be entered in the second Port entry field e Safe Ports Any port greater than 1024 1025 65535 is considered a safe port Dest Port This specifies the Destination Port for the Inbound Policy This is the internal WAN side outside of the firewall Port that will be affected by the policy See Sre Port above for configuration detail Transport Protocol
21. navy mil MGEN Encapsulation The different types of encapsulation include PPPoA VC Mux PPPoA LLC 1483 Bridged IP LLC 1483 Routed IP LLC 1483 Bridged IP VC Mux 1483 Routed IP VC Mux Classical IP over ATM PPPoE VC Mux PPPoE LLC and PPPoE None 4 4 4 2 1 ATM VPI Virtual Path Identifier is a virtual path used for cell routing that is identified by an eight bit field in the ATM cell header The VPI field specifies this eight bit identifier for routing Range for VPI field is 0 255 default is 0 VCI A Virtual Channel Identifier is a virtual channel that is identified by a unique numerical tag that is defined by a 16 bit field in the ATM cell header The purpose of the virtual channel is to identify where the cell should travel The VCI field specifies this 16 bit numerical tag that determines the destination Range for VCI field is 0 65535 default is 38 Service Category This field allows you to select from the following service categories with UBR as the default e UBR Unspecified Bit Rate When configured as UBR traffic is delivered with best efforts but with no guarantee This allows for fluctuation in times of temporary increase of available bandwidth For example if a PVC with CBR is temporarily inactive the PVC s with UBR will utilize that bandwidth while it is available UBR is intended for applications that do not require any maximum bound on the transfer delay e CBR Constant Bit Rate When a PV
22. read write access to pages under the Status and Configuration sections The following steps will enable you to log into the ADSL Bridge Router 1 Launch the Web browser Internet Explorer Netscape etc 2 Enter the LAN port default IP address default gateway http 10 0 0 2 in the address bar 3 Entry of the username and password will be prompted Enter the default login User Name and Password e The default login User Name of the administrator is admin and the default login Password is epicrouter e The default login User Name for the non administrator is user and the default login Password is password 4 Remember my password checkbox By default this box is not checked Users can check this box so that Internet Explorer will remember the User name and Password for future logins It is recommended to leave this box unchecked for security purposes gt Connect to 10 0 0 2 du Home Gateway User name a admin i x Password eccccccece Remember my password Admin and User passwords can be changed after login Refer to Section 4 11 for User Password configuration and Section 5 10 for Admin Password configuration for further instruction 2 3 3 Status Pages The links under the Status column are associated with the pages that represent the status of system computer and ADSL Bridge Router and interfaces connections This includes LAN WAN DHCP PPP and ADSL status These pa
23. residing in the private network is considered an inbound session NAT usually blocks all inbound sessions Various implementations may be added to extend the NAT function and enable selective inbound sessions to allow access to local hosts from outside networks A 1 A 1 Basic NAT Basic Network Address Translation NAT enables outbound sessions for the hosts in a private network to gain Oaccess the external network Facts of Basic NAT e Basic NAT allows hosts in a private network to transparently access the external network e Basic NAT maps only one IP addresses in the private domain to each IP address in the public domain This is known as peer to peer mapping 1x1 For each WAN interface only one local PC IP address can be associated with each WAN Interface e Translation in Basic NAT is limited to IP addresses alone e The number of nodes allowed to simultaneously access the external network is limited by the number of IP addresses assigned in the public domain A 2 Static NAPT NAPT also known as NAT PAT stands for Network Address Translation and Port Address Translation An extension of Basic NAT NAPT enables outbound sessions so that the hosts in a private network to access the external network Facts of NAPT e NAPT multiplexes traffic from the internal network and presents it to the Internet as if it is coming from only one IP address e Translation in NAPT is extended to include IP address and Transport
24. the route entry s Gateway is associated with a dynamic Network Interface but the connection is not established then the route entry does not appear in the Routing Table When that interface comes up later the route entry is then added 5 4 e Ifthe selected Network Interface is static or dynamic and the connection is already up then the route entry appears in the Routing Table immediately If there is a Gateway associated with the selected Network Interface then that Gateway s IP address appears in the Gateway field of the route entry If the selected Network Interface is dynamic but the connection is not established then the route entry does not appear in the Routing Table When the interface comes up later the route entry is then added 5 4 1 System Default Gateway Configuration The system wide Default Gateway provides three options Auto default User selected Network Interface and None None This field allows you to choose to have no Default Gateway in the CPE Auto This field allows you to enable the Bridge Router to automatically decide the Default Gateway User selected Network Interface This field allows you to select a Network Interface from a list PVCs PPP Sessions USB and LAN This option allows you to associate the system wide Default Gateway to a Network Interface static or dynamic and provides a way to fix the Default Gateway to a dynamic Network Interface before the interface is established The op
25. 4900 Read Community This is the password to access public information The Read Community can be up to 127 characters Default is public Write Community This is the password to access private information The Write Community can be up to 127 characters Default is private Trap Community This is the password to access and view SNMP traps The Trap Community can be up to 127 characters Default is trap community Trap SNMP Version Select from Version 1 or Version 2 Default is Version 1 Trap IP This is the IP address to which SNMP traps are sent There can be up to 5 different SNMP trap destination IP addresses Trap Port This is the corresponding port for the SNMP trap see Trap IP above Range for Trap Port field is 0 32767 5 8 Miscellaneous Configuration The Miscellaneous Configuration page allows you to set miscellaneous configurations for the following HTTP FTP TFTP DMZ Command Line Interface DHCP PPP IGMP and SNTP Bridge Filtering DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Settings need to be saved to Flash and the system needs to be rebooted for change
26. 92 1492 1432 10 6 Auto Enabled session 0 account 0 a Pvc0 PPPoE NONE PER 0 1492 1492 1432 10 6 Auto Disabled Session 1 Account 1 Session Name This field allows you to enter a Session Name This is user defined to help distinguish different session for different PPP accounts and different PVCs PVC This field allows you to choose the specific PVC for the PPP session Service Name The Service Name of the PPP session is required by some ISPs If the ISP does not provide the Service Name please leave it blank Account to Use You must select an account created in PPP Account Configuration page here Disconnect Timeout The Disconnect Timeout allows you to set the specific period of time in minutes to disconnect from the ISP The default is 0 which means never disconnect from the ISP Range for Disconnect Timeout field is 0 32767 default value is 0 PPP Idle Timer Config This will link you to the PPP Disconnect Timer Configuration page see Section 4 4 3 4 13 MRU The MRU Maximum Receive Unit field indicates the maximum size IP packet that the peer of PPP connection this device can receive During the PPP negotiation the peer of the PPP connection will indicate its MRU and will accept any value up to that size The actual MTU of the PPP connection will be set to the smaller of the two MTU and the peer s MRU In the normal negotiation the peer will accept this MRU and will not send packet with
27. Address and ends at the User Defined End Address The maximum pool size can be 253 IP addresses 255 total IP addresses 1 broadcast address 1 LAN port IP address User Defined Start Address This is the starting IP address of the DHCP pool for User Defined DHCP Address Pool Selection Range for User Defined Start Address is x x x x where 0 lt x lt 255 default value is 10 0 0 4 User Defined End Address This is the last IP address in the DHCP pool User Defined DHCP Address Pool Selection Range for User Defined End Address is x x x x where 0 lt x lt 255 default value is 10 0 0 15 DHCP Gateway Selection The default setting for the DHCP Gateway Selection is Automatic You can select User Defined and specify User Defined Gateway Address The DHCP server will issue the User Defined Gateway Address to the LAN DHCP clients User Defined Gateway Address The purpose for the User Defined Gateway Address is to have two gateway addresses as the LAN IP Address at the top of the LAN Configuration page is also a gateway address Lease time The Lease time is the amount of time a network user will be allowed to connect with DHCP server If all fields are 0 the allocated IP addresses will be effective forever Ranges for Lease Time fields Days 0 36500 Hours 0 23 Minutes 0 59 Seconds 0 59 default value is 1 days 0 hours 0 minutes 0 seconds User mode Under the Single User mode the DHCP server only allocates one IP address
28. Bridge Filtering DNS User Password Configuration Save Settings Reboot ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Firewall The Inbound Policy allows you to filter inbound from the WAN into the user side LAN packets based on a set of rules This enables you to deny access from different sources and thus increase security Inbound Policy TP Address Port Prot Act Opt Filtering SrcIP Any IP SrcPort Any Port At Deny Ue Edit DesIP Any IP DesPort Any Port x Dn Delete SrcIP Any IP SrcPort 80 Up Edit TC DesIP Any IP DesPort HTTP Allow Dn Delete SreIP 204 35 82 1 SrePort 80 Up Edit All Deny rea DesIP Any IP DesPort 80 Dn Delete SreIP 101 64 35 4 SrePort 20 A Allow Time Weekend Up Edt DesIP DHCP_Clients DesPort FTP Dn Delete Add Inbound Policy A table of inbound policies is displayed with the following information If there are no policies then a message stating No Entries in Inbound Policy Database will be displayed in place of the table IP Address This field specifies the IP address or addresses to which the policy applies Both the source IP SrcIP and destination IP DesIP are specified here
29. C is specified as a CBR that PVC is guaranteed a certain bandwidth characterized by the Peak Cell Rate PCR The CBR does not have to transmit with a peak cell rate and when it does it is only when the bandwidth specified by the PCR is guaranteed e VBR nrt Variable Bit Rate non real time An PVC enabled with VBR nrt can transmit a cell only if the PVC has a token available The PVC accumulates tokens at the rate of the Sustainable Cell Rate and the PVC can only accumulate a maximum of the value specified by Maximum Burst Size tokens When a PVC has a token available it can transmit cells at the rate of PCR After a cell is transmitted the PVC loses the token it has accumulated Note In the case of multiple PVCs CBR specified PVCs will have higher priority than PVCs with UBR For example the CBR PVCs will take their bandwidth and the remaining bandwidth will be split among the UBR PVCs In the case of total PVC CBR bandwidth exceeding ADSL upstream the total upstream bandwidth will be shared proportionally to the bandwidth allocated for each CBR PVC Peak Cell Rate This value specifies the maximum and in some cases guaranteed cell rate for CBR and VBR nrt Peak Cell Rates are typically measured in Cells Second however the user entered value is in kbps and is then converted by the firmware Range for Peak Cell Rate field is 0 32767 default is 0 Sustainable Cell Rate This is the sustained rate at which a PVC enabled with VBR
30. CP UDP Port TCP v Add Modiify this entry Service Entry Name This is the name you assign to the group containing the port number The Service Name Entry can be up to 19 characters TCP UDP This specifies whether the port goes through TCP or UDP Port This is the port number associated with the group name Range for Port is 1 65535 6 6 Time Window CONEXANTA User Password Configuration Save Settings Reboot ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Firewall The Time Window lets you specify certain time periods and assign them to a group name for easy use when configuring inbound and outbound policies for the firewall Configuration Firewall Time Group Time Window Name from Mondey to Monday Time Period lx 01 m 00 o am xo y 01 x 00 x Aam x Add Modify this entry Time Window Name This is the name you assign to the group that is given the time designation The Time Window Name can be up to 19 characters Time Period This field allows you to specify the time period for both start time and end time by selecting the day hour minute and AM PM 6 7 Inbound Policy E CONEXAN TA
31. Filtering VPI 0 Service Name User Password Configuration Save Settings Reboot ve ES Username enslpas Admin Privilege Service Category UBR_ m Password ee WAN Stat A ATM Status Peak Cell Rate 0 kbps Disconnect Timeout 0 minutes Max 32767 ADSL Configuration Sustainable Cell Rate 0 kbps PPP Disconnect Timer Config Route Table Leamed MAC Table Max Burst Size 0 MRU 1492 RIP Configuration Misc Configuration MTU 1492 TCP Status E f T Admin Password Configuration DHCE Client Disabled v MSS 1432 Reset to Factory Default Host Name Diagnostic Test Lep Echo Interval 10 seconds System Log Local Code Image Update Lep Echo Maximum Consecutive Failure 6 Network Code Image Update MAC Spoofing Disabled w Firmware Authentication Auto M Boot Code Mac Address 00 00 00 00 00 00 i Automatic Reconnect Y Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Save Co ation Virtual Circuit Select Enable to activate the current PVC configuration The current PVC is displayed at the top of the page in parenthesis Default is Enabled for PVCO and Disabled for PVC1 PVC7 Bridge Enable to connect the LAN to the WAN bridge the two connections This is available in Bridge Mode only see Table 4 2 Default is Disabled IGMP IGMP Internet Group Management Protocol relay proxy specification and environment default is Disabled IGMP is available in all modes and all encapsul
32. LAN clients to only one WAN The default route of the Route Table serves a similar purpose through dynamic sessions A dynamic session is deleted dynamically either when the connection is completed or when the inactivity timer expires Thus changes to the Route Table may not change the NAT packet forwarding on existing sessions This may create confusion in some cases For example there are two WAN connections WAN1 is the default route and goes to internet WAN2 has an internal server behind it and a manual route entry is entered to reach that internal server If WAN2 has a dynamic connection such as PPP or DHCP and a LAN client tries to ping that internal server before A 3 A 3 2 WAN is connected then the ping request is routed to WAN1 based on the route table While the continuous ping requests keeps going WAN2 is connected However the ping requests are continually forwarded to WANI and they cannot reach the internal server The reason is that when the first ping request was generated NAT creates a dynamic session based on the route table to forward it to WAN Since the ping failed the ping session was never completed so the dynamic session stays in NAT until it expires Therefore each ping request refreshes the timer of that dynamic session in NAT so the session never expires In this case stop the ping for a period of time let the session expire then restart the ping The expiration time differs from protocol to prot
33. Length O 64 bit O 128 bit G bytes for 64 bit or 13 bytes for 128 bit Key0 c6774663dd Key 1 af bd13ecd Key2 Be33tb2bfl 000 Key 3 cf12611e1d SSID The Service Set Identifier SSID is a unique name for your wireless network If you have other wireless access points in your network they must share the same SSID The SSID can be up to 31 characters Channel Select the appropriate channel to correspond with your network settings between 1 and 14 All access points and wireless PC adaptors must share the same channel to interoperate Range is for Channel field is 1 14 default is 6 If any number greater than 14 is entered the field will default to the value 11 4 27 Security The ADSL Bridge Router provides a security encryption tool known as WEP Wired Equivalent Privacy WEP is designed to provide security and privacy equivalent to that found in a wired network This is done by encrypting the data packets sent between client and host with an encryption key Both the client PC and the host access point router must have the same WEP key in order to communicate The available WEP settings are 64 bit and 128 bit The higher the bit value on the encryption the more secure the data transmission Select Enable Encryption to activate this feature Key Length Choose between 64 bit default and 128 bit 128 bit offers more security but at the cost of slower packet processing Key 0 4 You are able to
34. PPP ADSL Configuration Virtual Server Bridge Filtering DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Diagnostic Test The Diagnostic Test page shows the test results for the connectivity of the physical layer and protocol layer for both LAN and WAN sides This page will continually refresh every 2 seconds until all tests are complete Diagnostic Test Test Complete Checking LAN Connection Testing Ethernet LAN connection Checking ADSL Connection Testing ADSL Synchronization Checking Circuit 0 far Netwark Connection Test ATM OAM Segment Loop Back Test ATM OAM End to End Loop Back Test Ethernet connect to ATM Test PPPoPvc 0 PPPOE connection Test PPPoPwe 0 PPP layer connection Test PPPoPve 0 IP connect to PPP Testing Internet Connection ing default gateway 63 196 247 254 ing primary DNS 206 13 29 12 Query DNS for www conexant com Ping www conexant com Testing Ethernet LAN Connection This test passes if the Ethernet LAN interface is working properly Testing ADSL Synchronization This test checks your ADSL Bridge Router to see if it can successfully negotiate and establi
35. Select this option when the DNS Server address assigned by the ISP is known User Configured is disabled by default 4 25 Auto Discovery User Configured Selecting both options will cause the DNS proxy s table to have all the IP addresses of dynamically obtained and user configured DNS servers DNS Server This is the user defined DNS server URL name and IP Default is Disabled e URL Name Add Delete This is the URL name for the DNS server This can be up to 255 characters e Host IP Add Only This is the IP address of the DNS Server DNS Proxy Setting This is a table of all DNS server IP addresses DNS Server Setting This is a table of all DNS sever URL names Save Configuration Clicking this will link the user to the Save Settings Reboot page 4 26 4 9 Wireless Configuration For Wireless Model Only Wireless is an optional feature that may or may not be supplied by your ADSL Bridge Router This page allows you to configure basic wireless properties and security User Password Configuration Save Settings Reboot ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Wireless SSID WAP_1 Channel 6 Security Enable Encryption Disable Encryption Key
36. Server port is 0 32767 default value is 80 FTP server This field allows you to enable or disable the FTP server connection System default is Enabled e Disable WAN side FTP access This will disable WAN side access to the FTP server default is Disabled TFTP server This field allows you to enable or disable the TFTP connection System default is Disabled An example for the TFTP client updating the vxworks z product image code is F 10 0 0 3 TFTP32 ile ES File Options Help Host 10 0 0 2 Port 69 meout to Server Block Size Send Fetch 512 y Local File d hasbanitvxworks z Match Files P Binary M Es Remote File Jvxworks 2 Abort EHAE Sent 129536 bytes 17 16 29 29 DMZ A DMZ De Militarized Zone is added between a protected network and an external network in order to provide an additional layer of security When there is a suspected packet coming from WAN the firewall will forward this packet to the DMZ host DMZ Host IP The IP address of the DMZ host viewable at the WAN external side DHCP e NONE This will disable the DHCP server Note that this setting will override the DHCP Server Enable Disable on the LAN configuration page e DHCP Server default Select this to activate the DHCP server e DHCP Relay If it is enabled the DHCP requests from local PCs will forward to the DHCP server runs on WAN side To have this function working properly please disa
37. TM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Virtual Server Configuration ID Public Port Start Public Port End Private Port Port Type Host IP Address 21 a a To 100056 2 80 81 81 TCP 10 0 0 7 Delete This Setting 3 ae Add This Setting Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect The maximum number of entries above is 20 The maximum number of mapped ports is 20 ID This is the ID number corresponding to the Virtual Server configuration Public Port Start This field allows you to enter the port number of the Public Network WAN or external network If you are entering a range of ports this is the first port Public Port End This field represents the last port number in a port range If you only want one port number no port range simply enter the same number here as in the Public Port Start field The maximum number of the mapped Port is 20 Private Port This field allows you to enter the port number of the Private Network LAN or internal network In most cases the private port number is same as public port number This port number cannot be seen from the WAN side 4 21 Host IP Address This field allows you to enter
38. There are three available methods of WLAN Security e 802_1X This option uses 802 1X for authentication with the RADIUS server while using WEP encryption e WPA RADIUS This option uses 802 1X for authentication with RADIUS server while using TKIP encryption e WPA PSK This option uses a pre shared key for authentication while using TKIP encryption WPA Pre Shared Key This is the pre shared key for use in WPA PSK security method WPA Group Key Timeout sec This is the time out value for the WPA Group Key RADIUS Re Auth Timeout sec When this value is timed out 802 1 X will re authenticate every associated client Note With WLAN Security enabled select Enable Encryption and choose WEP Key ID 2 on the Wireless Page see previous section This will allow the 802 1x client and non 802 1x client to work simultaneously in the 802 1x WLAN security Method 4 10 1 Primary and Secondary RADIUS Servers Status This is the status of the primary RADIUS server Shared Secret This is the password shared between an 802 11 access point and the RADIUS server IP Address This is the IP address of the RADIUS server Port Number This is the UDP port of the RADIUS server Response Time 3 180 sec This is the amount of time the 802 11 access point will wait before it retries Maximum Retry 1 5 This is the maximum amount of retry attempts to connect to the RADIUS server before the server responds with and authentication
39. You can select yes to activate Daylight Savings Time User defined Time server This is the time server from which the ADSL Bridge Router retrieves the time 5 9 TCP Status The TCP Status page shows the statistics for all TCP connections This page contains information that is dynamic and will refresh every 2 seconds User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code TCP STATUS Reset Counters General Discarded Packets Connections Transmit Receive Bad Checksum 0 Initiated 0 Total Packets 1970 1608 Bad Header Offset 0 Accepted 235 Data Packets 1264 235 Too Short 0 Established 235 Data Bytes 1024426 112181 Closed 234 Out of Order Packets N A 233 Out of Order Bytes NA 0 Reset Counters This button allows user to reset the TCP Status counter General Total Packets Data Packets Data Bytes Out of Order Packets Out of Order Bytes Discarded Packets Bad Checksum Bad Offset Header Too Short Connections Initiated Accepted Established Closed 5 10 Admin Password Configuration The Admin Password Configuration page allows you to set the password for administrator User Pass
40. able Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code WAN This field displays the IP address Subnet Mask and MAC address for the WAN ADSL interface Use the Virtual Circuit selection to select different PVCs for status display Virtual Circuit Select the Virtual Circuit that you want to release renew select the appropriate option on the menu dropdown and click Execute 5 1 5 2 ATM Status The ATM Status page shows all the statistics information of ATM cells This page contains information that is dynamic and will refresh every 2 seconds User Password Co Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code ATM STATUS Tx Bytes 33 Rx Bytes 0 Tx Cells 1 Rx Cells 0 Rx HEC Errors 0 Tx Mgmt Cells 1 Rx Mgmt Cells 0 Tx CLPO Cells 1 Rx CLPO Cells 0 Tx CLP1 Cells 0 Rx CLP1 Cells 0 Rx Errors 0 Tx Errors 0 Rx Misrouted Cells 0 Reset Counters This button allows user to reset the ATM Status counter ATM Status Fields Tx Byt
41. all Hacker Log Alert Log Log Database Properties SYN Flooding Log Frequency Every 100 records event Ping of Death TP Spoofing Win Nuke General Log General Attacks Deny Policies Allow Policies Alert Log Enable Disable for SYN Flooding Ping of Death IP Spoofing and Win Nuke all of these are explained in the previous section Enable to log violations of individual policies General Log e Deny Policies Enabling this will add Deny Policy violations to the log Deny Policies are discussed later in the Inbound Outbound policy section e Allow Policies Enabling this will add Allow Policy acceptances to the log Allow Policies are discussed later in the Inbound Outbound policy section Log Database Properties e Log Frequency This field lets you specify how many records to keep of each event Default is 100 Range for Log Frequency Field is 1 65535 6 5 6 3 Service Filtering CONEXAN TA User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Mise Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Firewall Service Filtering allows you to disable service requests from certain sources Co
42. all is a method of implementing common as well as user defined security policies in an effort to keep intruders out Firewalls work by analyzing and filtering out IP packets that violate a set of rules defined by the firewall administrator The firewall is located at the point of entry for the network All data inbound and outbound must pass through the firewall for inspection Configuration Firewall Conexant Firewall Version 3 2 1 Conexant firewall allows users to configure various databases firewall options and Inbound Outbound policies for controlling Inbound Outbound traffic Advanced Options The following firewall options are configurable for advanced firewall feature Protection Policy Hacker Log Service Filtering Firewall Databases The following databases are configurable for setting inbound outbound policies IP Group Service Group Time Window Inbound Outbound Policies The following policies are configurable for controlling traffic Inbound Policy Outbound Policy Firewall Enabled y Advanced Options This section contains options for protecting against particular well known attacks as well as documenting those attacks as they occur Firewall Databases This section allows you to create groups based on IP addresses subnet masks ports and time These groups are used when creating inbound and outbound policies 6 1 Inbound Outbound Policies This section allows you to create rul
43. and connect it to the ISP A To create and connect a PPP session follow the steps below e First you must create a PPP account To do this go to PPP Configuration page and click on PPP Account Configuration Enter the appropriate Acct ID User Name and Password make sure Add Modify is currently selected in the dropdown menu and click Submit e Got back to the PPP Configuration Page by clicking Go back to PPP Configuration Type in an appropriate Session Name and select the account you just created in the Account to Use dropdown menu Everything else has default values which you can modify to suit your needs Make sure Add Modify is currently selected in the dropdown menu and click Submit e The PPP session has been created Now you must go to the PPP Status page select the connection session and click Execute The PPP session should then connect B 1 Where can I download the free software to test IGMP A Please go to this link http manimac itd nrl navy mil MGEN How do I forward packets with MAC address 000002fa6fab to destination MAC 000003 dc8faa through IP protocol A First go to the Bridge Filtering page under Configuration Then type 000002fa6fab in the ID Source MAC field 000003dc8faa in the Destination MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Forward and click Submit How do I block packets from MAC add
44. and received on the same signal medium but not simultaneously Half Duplex lines are bidirectional Headed Error Control ATM error checking by using a CRC algorithm on the fifth octet in the ATM cell header to generate a check character Using HEC either a single bit error in the header can be corrected or multiple bit errors in the header can be detected Home Network Processor In context of Internet Protocol a host computer is one that has full two way access to other computers on the Internet Integrated Access Device A device that multiplexes and de multiplexes communications in the CPE onto and out of a single telephone line for transmission to the CO Internet Protocol The method by which information is sent from one computer to another through the Internet Each of these host computers have a unique IP address which distinguishes it from all the other computers on the internet Each packet of data sent includes the sender s IP address and the receiver s IP address Local Area Network A group of computers typically covering a small geographic area that share devices such as printers hard disk drives scanners and optical drives Computers in a LAN typically share an internet connection through some sort of router that connects the computers to a WAN Logical Link Control Provides an interface point to the MAC sublayer LLC Encapsulation is needed when several protocols are carried over the same Virtual Circuit Me
45. as been idle for a while meaning it has accumulated a MBS of 22 cells and it just has two packets of the same size 1000 bytes to send It can transmit the first packet of size 1000 bytes in 20ms 1000 bytes 8bit byte 4000kbps Immediately after the first second packet is transmit it will take about 80ms to transmit the second packet because the PVC can only transmit the second packet at SCR 100kbps 4 6 4 2 2 DHCP Client DHCP Client This is to enable or disable default the ADSL Bridge Router WAN as a DHCP client where the ISP would be the DHCP server DHCP Client is generally used in the following encapsulations 1483 Bridged IP LLC 1483 Routed IP LLC 1483 Bridged IP VC MUX 1483 Routed IP VC Mux and Classical IP over ATM This option 1s for non static dynamic IP addresses Host Name When DHCP Client is Enabled copy the ISP recognized Host Name here The Host Name can be up to 19 characters 4 2 3 MAC Spoofing MAC Spoofing Enable MAC Spoofing to make a different MAC Address appear on the WAN side This is also used to solve the scenario where the ISP only recognizes one MAC Address Default is Disabled MAC Address When MAC Spoofing is enabled copy the ISP recognized MAC address here Format for MAC address is six pairs of hexadecimal numbers 0 9 A F separated by colons Default is 00 00 00 00 00 00 4 2 4 Static IP Settings Static IP Settings are for users who have a Static IP Address WAN s
46. assword Con ition Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Bridge Filtering Enable Bridge Filtering O Yes No ID Sre MAC Dest MAC Type 1 000002a6fab 000003dc8fae 0800 Block OForward 2 000002fa6fab 000007bafaac 0800 OBlock Forward 3 Block O Forward MAC address Should look like 000002fa6fab Ethernet type Should look like a5 Number of Bridge Filters 2 Source MAC This is the Source MAC to block or from which to forward See the next page for instructions on how to configure this The Source MAC must consist of 12 hexadecimal characters Destination MAC This is the Destination MAC to block or to forward to See the next page for instructions on how to configure this The Destination MAC must consist of 12 hexadecimal characters Type Enter the hexadecimal number for the Ethernet type field in Ethernet_II packets For example 0800 is for IP protocol The Type must consist of 4 hexadecimal characters Block When block is selected everything from the Source MAC with destination Destination MAC will be blocked Forward When forward is selected everything from the Source MAC will be forwarded to the Destination MAC 4 23 Q1 How do I forward packets with MAC address 000002fa6fab to destination MAC 000003 dc8faa through IP protocol A First go to the Bridge Filtering page und
47. at one WAN side IP address can be shared among multiple LAN side devices DHCP is used to serve each LAN side device and IP address SubNetwork Attachment Point Simple Network Management Protocol Used to govern network management and monitor devices on the network SNMP is formally described in RFC 1157 Signal to Noise Ratio Measured in decibels SNR is a calculated ratio of signal strength to background noise The higher this ratio the better the signal quality Short for SUBNETwork Mask subnet mask is a technique used by the IP protocol to filter messages into a particular network segment called a subnet The subnet mask consists of a binary pattern that is stored in the client computer server or router This pattern is compared with the incoming IP address to determine whether to accept or reject the packet Transfer Control Protocol Works together with Internet Protocol for sending data between computers over the Internet TCP keeps track of the packets making sure that they are routed efficiently Trivial File Transfer Protocol A simple version of FTP protocol that has no password authentication or directory structure capability An advanced method of FEC Forward Error Correction When enabled it makes for better error checking at the cost of slower packet transmission Setting Trellis Code to Disabled will cause increased packet transmission with decreased error correction Time To Live A value in an IP packet tha
48. ations Support IGMP proxy relay function for ADSL Bridge Router based on the following requirement and cases e OnCO side there must be at least one IGMP querier router present IGMP querier will send IGMP query packet The ADSL Bridge Router is responsible to relay these IGMP queries to Ethernet e End user multicast application device sends IGMP report while receiving IGMP query or being activated by the user The ADSL Bridge Router should be responsible to proxy that is change source IP to ADSL Bridge Router s WAN IP the IGMP report to ADSL WAN side including all PVCs The same case is for IGMP leave packet e Not necessary to relay multicast routing between two ADSL PVCs or two interfaces in LAN side e Special purpose multicast packet such as RIP 2 packet should run without Interference Table 4 2 Packet Process Rx Entity Packet Class TTL Action Notes ADSL IGMP query 1 Relay to Ethernet IGMP report 1 Ignore IGMP leave 1 Ignore General Multicast IP Relay it to Ethernet Ethernet IGMP query 1 Ignore IGMP report 1 Relay to all ADSL PVC IGMP leave 1 Relay to all ADSL PVC General Multicast IP Ignore Note Before the IGMP mode is enabled please go to the Miscellaneous Configuration page to enable the IGMP proxy Otherwise the IGMP selection will not be valid Q Where can I download the free software to test IGMP A Please go to this link http manimac itd nrl
49. ble the NAT to run on router mode only disable the DHCP server on the LAN port and make sure the routing table has the correct routing entry DHCP Relay Target IP If DHCP Relay is enabled DHCP requests are relayed to DHCP Target IP on the WAN side IGMP Proxy This is the global setting for IGMP Proxy If it is enabled then the enabled IGMP Proxy on WAN PVCs will be working Otherwise no WAN PVC can have IGMP Proxy working on it System default is Disabled PPP Half Bridge When PPP Half Bridge is enabled only one PC is able to access the Internet and the DHCP server will duplicate the WAN IP address from the ISP to the local client PC Only the PC with the WAN IP address can access the Internet System default is Disabled PPP reconnect on WAN access If enabled the PPP session will automatically establish a connection when a packet tries to access the WAN System default is Enabled Connect PPP when ADSL link is up If this option is enabled the bridge router will connect the PPP session whenever an ADSL connection is established If this option is disabled the PPP session will not connect whenever the ADSL Showtime is reached System default is Enabled Note For more information clarification please refer to Section 4 4 PPP Configuration SNTP Simple Network Time Protocol is a efficient method of obtaining the time from a Time Server Time Zone This specifies the time zone geographical location Daylight Saving Time
50. bound NAT sessions Each Virtual Server statically maps a local host per service TCP UDP port of the WAN interface Multiple mappings may be mapped to the same local host A static inbound NAT session includes the protocol type TCP or UDP of the incoming packet the public port number the packet is destined to and the IP address and the port number of the virtual server i e the local host Contiguous public ports form a group that can be mapped to a virtual server from the WEB by entering the port range for that group see the Virtual Server configuration page in Section 4 6 Depending on the memory resource availability up to 20 public ports group can be created However the maximum number of mapped ports is 20 A 4 Demilitarized Zone DMZ The NAT module provides the functionality of a NAT box DMZ not a real DMZ The general definition of a real DMZ is a section of a network between exterior and interior firewalls where publicly accessible servers are usually placed A real DMZ provides separation of the servers placed within it and the private network a NAT box DMZ does not 1 The DMZ implemented in the NAT module allows one local host to be exposed to the Internet 1 e Only one DMZ host can be configured in the system 2 When an incoming packet from the public domain cannot be resolved by NAT Sessions and Virtual Servers it is forwarded to this default host 3 Note that it
51. cast e V2 MC The supplier transmits in RIPv2 Multicast Listener This field allows you to select the Listener Mode RIP Receive e V1 The listener receives the RIPv1 only e V2 The listener receives the RIPv2 only e V1 V2 This listener receives the both RIPv1 and RIPv2 Current RIP Settings This field displays the each interface s RIP status Note Supplier and Listener are based on Section 4 1 Compatibility Switch in RFC 1723 5 7 SNMP Configuration Simple Network Management Protocol SNMP is an optional feature that may or may not be supported by your ADSL Bridge Router SNMP is an application layer protocol that is used for managing networks SNMP is an optional feature that may or may not be in the specific firmware that you are working with There are several components that make up the SNMP structure including agents network management stations NMS network management protocols and a management information base MIB An SNMP agent is a node that resides on the network typically a computer or a router The SNMP agent is controlled and configured by the NMS by sending SNMP messages between one another SNMP agents are logged and identified in a Management Information Base MIB in which they are identified by an object identifier OID One feature of SNMP is SNMP traps SNMP traps are used to notify network managers of significant events that have taken place in the network These traps are sent to
52. computer and then reconnect it Turn off the ADSL Bridge Router and then turn it back on Only one computer can connect to the ADSL Bridge Router or my ADSL Bridge Router can only recognize one computer There are several things to check Make sure that the DHCP server is in Multiple User mode To do this go to the LAN Configuration page and under the User Mode field select Multi User Make sure that the NAT is configured for multiple User IPs To do this go to the NAT configuration Page and change the NAT type of the particular session to Dynamic NAPT If the problem persists make sure that the computer that cannot connect has the appropriate network settings C 1 Appendix D Network Setup Guide To configure your computer to connect to the Internet through a LAN refer to the instructions or help guide provided with your Operating System It is recommended that the network address of the client PC to be configured as a dynamic IP address This will give your DHCP server full control of IP Addresses and DNS Servers D 1 Windows XP 2000 Ah L E General Authentication Advanced e Click on Start Menu gt Setting gt Control Panel In the Control Panel double click on the Network Connections Network and Dial up Connections in Windows 2000 icon e Double click the Local Area Connection icon Under the General Tab click the Properties button e Select Internet Protocol TCP IP and click the Properties
53. ct the Connect option in the dropdown menu and then click Execute This will restart the PPP secession Q2 What can I do to ensure an always on connection with my PPP session A There are two things you should do 1 Make sure you have 0 in the Disconnect Timeout field This will make sure that the PPP session is not disconnected from the user side 2 Make sure the Automatic Reconnect box is checked This will cause the ADSL Bridge Router to automatically reconnect if the connection is severed from either the ISP side or the user side Action Manual PPP PPP Timeout PPP Always On Fee Based Fee Based Connect PPP when ADSL link is up Disabled Enabled Enabled Disconnect Timeout 0 Set Timeout 0 PPP Reconnect on WAN Access Disabled Enabled Disabled Automatic Reconnect Disabled Disabled Enabled Q3 What is the difference between PPP Connect on WAN Access and the Automatic Reconnect A For the PPP connect on WAN access the PPP will be automatically reconnected when an URL is entered in the browser packet interested in going out the WAN For the Automatic Reconnect it will reconnect the PPP session whenever it is terminated by ISP 4 5 NAT Configuration Pages The NAT Configuration page allows you to set the configuration for the Network Address Translation The NAT module provides Dynamic Network Address and Port Translation Dynamic NAPT capability between LAN and multiple WAN conn
54. ction e IP Spoofing checking IP spoofing is when an unauthorized user inserts the IP address of an authorized user into the IP packets in order to gain access to a network Selecting this option will allow the firewall to check for and filter out this discrepancy e Ping of Death checking Ping of Death is a type of DoS attack that uses a malformed ICMP data packet that contains unusually large amounts of data that causes TCP IP to crash or behave irregularly Enabling this will allow the firewall to filter out packets containing Ping of Death properties 6 3 Land Attack checking Land attack is a type of DoS attack that works by sending a spoofed packet containing the same source and destination IP address and port the victim s IP address This packet contains a connection request resulting in a handshake process At the end of the handshake the victim sends out an ACK ACKnowledge request Since the source and the destination are the same the victim receives the ACK request it just sent out The received data does not match what the victim is expecting so it retransmits the ACK request This process repeats until the network crashes Enabling this will allow the firewall to filter out possible Land Attack packets Reassembly Attack checking Reassembly Attack is a type of DoS attack that exploits the weakness of the IP protocol reassembly process As discussed earlier in this user guide packets undergo fragmentation when t
55. d by ISP N A N A Provided by ISP PPP User name N A Provided by ISP N A N A Provided by ISP PPP Password N A Provided by ISP N A N A Provided by ISP DHCP Client Unchecked Unchecked Checked Unchecked Unchecked enable PPP Half Bridge Disabled Disabled Disabled Disabled Enabled automatically configured the DHCP Server NAT and DNS Proxy DHCP Server Disabled Enabled Enabled Enabled Enabled NAT Disabled Enabled Dynamic Enabled Dynamic Enabled Dynamic Disabled NAPT NAPT NAPT DNS Proxy Disabled Enabled Enabled Enabled Disabled 4 1 Explanations for the different modes are provided below Bridge Mode Bridge Mode is used when there is one PC connected to the LAN side Ethernet or USB port IEEE 802 1D method of transport bridging is used to bridge between the WAN ADSL side and the LAN Ethernet or USB side i e to store and forward Router Mode Router Mode is used when there is more than one PC connected to the LAN side Ethernet and or USB port This enables the ADSL WAN access to be shared with multiple nodes on the LAN Network Address Translation NAT is supported so that one WAN side IP address can be shared among multiple LAN side devices DHCP is used to serve each LAN side device and IP address PPP Half Bridge Although the Router mode is capable of terminating the PPP in the modem and hence does not require PPPoE client software on the host PC there are some disadvantages to Router mode when only single user sup
56. date Downstream Upstream SNR Margin 14 4 23 0 Line Attenuation 53 6 31 5 Errored Seconds 0 0 Loss of Signal 0 Loss of Frame 0 ETA CRC Errors 0 Data Rate Latency Restart Stop Execute This allows you to stop or restart the ADSL connection by selecting the appropriate action and clicking Execute Showtime Firmware Version This field displays the ADSL data pump firmware version number ADSL Line Status This field displays the ADSL connection process and status The different states for this field are as follows e Activation The ADSL Bridge Router is in this state when it is attempting to start the activation process e Initialization The ADSL Bridge Router is initializing handshake with the CO e Training This is a part of the handshake process with the CO e Channel Analysis This is a part of the handshake process with the CO e Exchange This is a part of the handshake process with the CO e Down This indicates that the ADSL connection is down e Showtime This indicates that a connection has been established between the ADSL Bridge Router and the CO ADSL Modulation This field displays the ADSL modulation status which can either be G dmt or T1 413 ADSL Annex Mode This field displays the ADSL annex mode which can either be Annex A or Annex B ADSL Startup Attempts This field displays the number of ADSL connection attempts after loss of showtime A connection attempt is recorded only if showt
57. de implements the NAPT functionality 1 Multiple local hosts can access the public domain using the same WAN Network Interface Two types of sessions may be created in this mode dynamic and static Static sessions take priority over dynamic sessions Static session mapping is NOT required for any local host to access the public domain Static session mapping can be configured to fix the WAN Network Interface that a local host must use to access the public domain This does not limit the number of local hosts this WAN Network Interface can serve in the NAPT mode Dynamic session mapping is created automatically When a packet from the LAN is processed and if no existing NAT session can be found then a dynamic session is created on a per packet basis based on the Route Table That is the destination IP address is used to find the appropriate Network Interface to deliver the packet to based on the Route Table Ifthe Network Interface is a WAN interface then the IP address of the WAN interface is used to create the session dynamically and the Address Port translation is performed Thus packets originating from one local host may be mapped to multiple WAN interfaces If the packet cannot be routed based on the Route Table when trying to create a dynamic session then no dynamic session is created and the packet is not processed by NAT This is different than the obsolete one WAN static NAPT mode where a hidden default session maps all
58. dia Access Control Address A unique hardware number on a computer or device that identifies it and relates it to the IP address of that device Multicast Communication involving a single sender and multiple specific receivers in a network Maximum Receive Unit MRU Maximum Receive Unit MRU is the largest size packet that can be received by the modem During the PPP negotiation the peer of the PPP connection will indicate its MRU and will accept any value up to that size The actual MTU of the PPP connection will be set to the smaller of the two MTU and the peer s MRU In the normal negotiation the peer will accept this MRU and will not send packet with information field larger than this value Maximum Segment Size The largest size of data that TCP will send in a single unfragmented IP packet When a connection is established between a LAN client and a host in the WAN side the LAN client and F 3 MTU NAPT NAT PAP PDU Ping PPP Proxy PVC RIPv1 RIPv2 the WAN host will indicate their Maximum Segment Size during the TCP connection handshake Maximum Transmission Unit The largest size packet that can be sent by the modem If the network stack of any packet is larger than the MTU value then the packet will be fragmented before the transmission During the PPP negotiation the peer of the PPP connection will indicate its MRU and will accept any value up to that size The actual MTU of the PPP conn
59. eceesisasaeateneneneeeeees 4 17 4 4 5 AERA E E a 4 17 Alb NAT Configuration Pads tibia 4 18 4 67 Virtual Server Configura d a 4 21 4 7 A a E E O E E aerate aes 4 8 DNS Configuration 4 9 Wireless Configuration 4 10 Wireless LAN Security 4 10 1 Primary and Secondary RADIUS Servers c sccseesssssesesceeeestsseseeceeeeeeasseeesceneeasaseeeeenenensasaseseneneteeasasenees 4 30 4 11 User Password Configuration 4 12 Save Settings Reboot oo cece 5 Admin Privilege cios 5 1 WAN Stallone ia AS ESL AE E a cada 5 3 ADSL Configuration 5 4 Route Table iii arcas 5 4 1 System Default Gateway Configuration ccecececseetseseseseeceteteeseeseeestseasseeeeseseeeeensaseseeeneieesseseeeteneeees 5 5 5 4 2 Route Configurations ios a oa 5 5 Bibs l Eeamed MAG Table tacita ir bb 5 6 5 6 RIP COntigU Miri Ea dad a act 5 7 5 6 1 RIP Per Interface Configurati0N acionioononin ara 5 9 57 SNMP ContiqUrat Mirian AR Aaa 5 11 5 8 Miscellaneous COn aia 5 13 5 9 TGP Status rica ia a a AE i a ia A ade eens 5 16 5 10 Admin Password Configuration tii iia 5 17 5 11 Resetto Factory Detalla ri A io o ias 512 Diagnostic Testisi neen A A Aia TO 5 14 Local Code Image Update 6 1 Protection Policy 6 2 Hacker Lai A Ae eli 6 3 Service Filtering 64 o PGOU rat atras T A OE E OA AAAA ANA 0 07 Ser ICO Oro UD TE AST E A A EAS 6 6 Mime WII Wicca AA E E A 6 7 Inbound Policy a a atria pnt tena eect ahve 6 8 Outb
60. ecting the two ATM stations each protocol must be carried over a separate VC Virtual Path Identifier Virtual path for cell routing indicated by an eight bit field in the ATM cell header Wide Area Network A WAN covers a large geographical area A WAN is consisted of LANs and the Internet is consisted of WANs F 6
61. ection will be set to the smaller of the two MTU and the peer s MRU Network Address and Port Translation An extension of NAT NAPT maps many private internal addresses into one IP address The outside network WAN can see this one IP address but it cannot see the individual device IP addresses translated by the NAPT Network Address Translation The translation of an IP address of one network to a different IP address known by another network This gives an outside WAN network the ability to distinguish a device on the inside LAN network as the inside network has a private set of IP address assigned by the DHCP server not known to the outside network Password Authentication Protocol An authentication protocol in which authorization is done through a user name and password Protocol Data Unit A frame of data transmitted through the data link layer 2 Packet Internet Groper A utility used to determine whether a particular device is online or connected to a network by sending test packets and waiting for a response Point to Point Protocol A method of transporting and encapsulating IP packets between the user PC and the ISP PPP is full duplex protocol that is transmitted through a serial interface A device that closes a straight connection from an outside network WAN to an inside network LAN All transmissions must go through the proxy to get into or out of the LAN This makes the internal addresses of the devices in
62. ections and the LAN traffic is routed to appropriate WAN connections based on the destination IP addresses and the Route Table This eliminates the need for the static NAT session configuration between multiple LAN clients and multiple WAN connections When Dynamic NAPT is chosen default there is no need to configure the NAT Session and NAT Session Name Configuration User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Cos ition Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code NAT Session Name Configuration Session Name Interface Action NAT2 lp Pve2 Waua y Session Name Interface 1 NATI Ip Pvc 0 2 NAT2 Ip Pvc 1 Go back to NAT Co ation Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Number of NAT Sessions 2 Session Name This field allows you to enter a Session Name to help distinguish different NAT Sessions for different interfaces among different PPP sessions and PVCs The Session Name can be up to 31 characters and there can be up to 16 different NAT session names Interface This field allows you to choose specific WAN Interfaces PVC or PPP Session for NAT Session The options for this fi
63. eld allows you to enable or disable the Trellis Code By default it is always enabled Handshake Protocol This field allows you to select from the following ADSL handshake protocols Autosense G dmt first default Autosense T1 413 first G dmt G lite T1 413 G dmt and G lite Wiring Selection This field allows you to enter the wiring selection for the RJ 11 Tip Ring is the default for the ADSL Bridge Router without the inner outer pair relay Available types are Auto Tip Ring default and A A1 where Tip Ring is the inner most pair of wires on the RJ11 and A A1 is the second inner most pair Bit Swapping This field allows you to enable or disable the upstream bit swapping Bit Swapping is disabled by default 5 4 Route Table E CONEXAN TA Status Home PPP ADSL Configuration Virtual Server Bridge Filtering DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code The Route Table page displays the routing table and allows you to manually enter a routing entry The routing table will display the routing status of Destination Netmask Gateway and Interface The interface br0 indicates the USB interface
64. eld are PVCO PVC7 and any PPP session that was created by the user NAT Session Name Status This table is displayed at the bottom of this page to show all the NAT Session Names with their corresponding WAN Interfaces 4 18 Number of NAT Configurations This field displays the total number of NAT Sessions entered Note NAT allows only one entry User IP per session while NAPT allows many entries User IPs per session E CONEXANTA BREE BRE E R l 5 E j EREE lt E E E Bridge Filtering DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Co ion Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code NAT Configuration NAT Enable vy Mode Dynamic NAPT m Session Name User s IP Action NATI v 10 0 0 4 Add x Session Name User s IP 1 NATI 10 0 0 3 2 NAT2 10 0 0 4 Number of NAT Configurations 2 Session Name Cot ation Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Available Sessions Session Name Interface 1 NATI Ip Pvc 0 2 NAT2 Ip Pvc 1 Number of Sessions 2 NAT Use this field to Enable Disable NAT Default is Enable Mode Options for
65. er Configuration Then type 000002fa6fab in the ID Source MAC field 000003dc8faa in the Destination MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Forward and click Submit Q2 How do I block packets from MAC address 000002fa6fab through IP protocol A First go to the Bridge Filtering page under Configuration Then type 000002fa6fab in the ID Source MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Block and click Submit Q3 How do I block incoming packets with destination MAC address 000003dc8faa through IP protocol A First go to the Bridge Filtering page under Configuration Then type 000003dc8faa in the Destination MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Block and click Submit 4 24 4 8 DNS Configuration The DNS Configuration page allows you to set the configuration of the DNS proxy For the DHCP requests from local PCs the DHCP server will set the LAN port IP as the default DNS server Thus all DNS query messages will come into LAN port first The DNS proxy on the ADSL Bridge Router records the available DNS servers and forwards DNS query messages to one of DNS servers User Password Configuration Save Setting
66. er private domains e Privacy Security Concern in privacy and security arises when exposing IP addresses in a private network to the public domain NAT automatically provides firewall style protection by only allowing connections originated from the private network and not allowing attackers on the public domain to distinguish individual IP addresses of computers internal to the network e Administrating external network topology changes Without NAT when the network topology of the public domain changes the address assignment for the local domain would be forced to change accordingly NAT separates the private network from the public domain Thus changes of public domain network topology can be hidden from users within the private domain NAT operation is based on where the traffic is initiated instead of the physical packet direction Outbound sessions are initiated from the private network accessing the external network For example an FTP session initiated from a host in the private network to access the FTP server through the internet is considered an outbound session This session includes bi directional packet exchange The primary NAT function allows outbound sessions so that hosts in a private network can transparently access the external network Inbound sessions are initiated from the external network accessing the private network For example an FTP session initiated by a host from the external network to access the FTP server
67. es Rx Bytes Tx Cells Rx Cells Rx HEC Errors Tx Mgmt Cells Tx CLPO Cells Rx CLPO Cells Tx CLP1 Cells Rx CLP1 Cells Rx Errors Tx Errors and Rx Misrouted Cells Note For more information on HEC Cell CLP0 and CLP please refer to Appendix F Glossary 5 2 5 3 ADSL Configuration The ADSL Configuration page allows you to set the configuration for ADSL protocols Bridge Filtering DNS User Password Configuration Save Settings Reboot ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code ADSL Configuration Annex Mode Config AnnexA y User Selected Annex Mode Enabled x Trellis Autosense G dmtfirst w Handshake Protocol Tip Ring x Wiring Selection Disabled x Bit Swapping No system reboot needed Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Annex Mode Config This allows you to manually configure the ADSL Bridge Router for Annex A or Annex B mode by selecting User Configured and choosing the Annex Mode in the next field User Selected Annex Mode This allows you to select from Annex A and Annex B Trellis Trellis Code is an advanced method of FEC Forward Error Correction This fi
68. es for incoming and outgoing IP packets The IP packets are compared against the rules and are allowed or denied accordingly Firewall Enable Disable This option enables disables all the protection provided on these pages 6 2 6 1 Protection Policy E CONEXANTA Status Home User Password Configuration Save Settings Reboot WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Firewall Protection Policies defend against common methods of attacking a network and computers within the network Some of these attacks are classified as a DoS Denial of Service DoS is an attack in which a network or components of a network are disabled usually by overloading traffic on the network in order to prevent authorized and legitimate users to access network resources Configuration Firewall Protection Policy The Advanced firewall attacks can be configured based on your specific need Basic Protection TP Spoofing checking Ping of Death checking Land Attack checking Ressambly Attack checking Advanced Protection SYN Flooding checking ICMP Redirection checking Source Routing checking Winnuke Attack checking Basic Prote
69. ession Configuration Once you set up a PPP Account you can begin PPP Session configuration either by clicking the Go back to PPP Configuration link on the PPP Account Configuration page or clicking on PPP under the Configuration menu on the left hand side of the The number of PPP configurations are 2 PPP Account Co ation browser C gt PPP Configuration gt see ae paras CS Session Name PPP Session 1 Status Home PVC 0 m PPP ADSL Service Name PPPoE only Configuration VETA AN Account to Use PPP Account 1 y LAN PPP Disconnect Timeout 0 minutes Max 32767 NAT Virtual Server PPP Disconnect Timer Config Bridge Filtering DNS MRU 1492 User Password Configuration pave setings Reboot Save Settings Reboot MTU 1492 Admin Privilege WAN Status MSS 1432 ATM Status ADSL Configuration Route Table LCP Echo Interval 10 Learned MAC Table E R E RIP Configuration Lcp Echo Maximum Consecutive Failure 6 Misc Configuration TCP Status Authentication Auto ly Admin Password Configuration Reset to Factory Default Automatic Reconnect Diagnostic Test System Log Add Modify y Submit Reset Local Code Image Update Network Code Image Update ee Lcp LCP Echo oot Code A r ae Session Adapter Mode Service Account Disconnect MRU MTU MSS Echo Consec Authentication Auto Name Name to Use Timeout min Failure Mode Reconnect Interval Max simple simple 1 ppp PvcO PPPoE NONE PPP 0 14
70. ettings Some of these questions are also found throughout the guide in the sections to which they reference 1 How do I determine if a link between the Ethernet card NIC and the ADSL Bridge Router has been established A A ping test would determine if a connection is established between your ADSL Bridge Router and computer Using the ping command ping the IP address of the ADSL Bridge Router in this case 10 0 0 2 default For more information on Ping Testing refer to Appendix C Troubleshooting Guide Alternatively if the Ethernet LINK LED is solidly on then the Ethernet link is established 2 How do I determine if a link between the ADSL Bridge Router and the Internet has been established A Similar to the previous question a ping test would determine whether or not a connection is established However this time use a URL instead of and IP Address such as www google com Alternatively if the ADSL LED is solidly on then the ADSL link is established 3 What can I do to ensure an always on connection with my PPP session A There are two things you should do 1 Make sure you have 0 in the Disconnect Timeout field This will make sure that the PPP session is not disconnected from the User side 2 Make sure the Automatic Reconnect box is checked This will cause the ADSL Bridge Router to automatically reconnect if the connection is severed from either the ISP side or the user side 4 How do I create a PPP session
71. ges can be viewed and modified by both user and admin accounts 3 1 Home Page The Home page shows the firmware versions LAN WAN and DHCP interface status and USB Ethernet connection status Home Page Firmware Version CXS2xxx_ 4 1 0 9 Customer Software Version 4 1 0 9 WAN TP Address Subnet Mask MAC Address 63 196 247 252 255 0 0 0 00 30 CD 00 07 05 User Password Configuration Save Settings Reboot LAN Admin Privilege WAN Status ATM Status TP Address Subnet Mask MAC Address ADSL Configuration Route Table Learned MAC Table 10 0 0 2 255 0 0 0 00 30 CD 00 07 04 RIP Configuration Misc Configuration TCP Status Total Number of Lan Interfaces 1 Admin Password Configuration eee ae Defantt Number of ethernet devices connected to the DHCP server 1 System Log Local Code Image Update Network Code Image Update IP Address MAC Address Firmware Boot Code 1 10 0 0 7 00 0B DB 0D AB 55 Ethernet Link Status UP USB Link Status DOWN Firmware Version This field displays the firmware version WAN These fields display the IP address Subnet Mask and MAC address for the WAN ADSL interface LAN These fields display the IP address Subnet Mask and MAC address for the LAN interface Total Number of LAN Interfaces This field displays the total number of available interfaces for the LAN interface The total number of available interfaces is the amount of computers that are able to hook up to the DHCP Se
72. he IP Entry Name can be up to 19 characters IP addr 1 This is the IP address or subnet mask you are specifying when creating a group IP addr 2 This field is only active if you select to group a range of IP addresses or subnet masks in which case this is the end address of that range whereas the IP addr 1 is the first address of that range 6 7 IP Mask This field allows you to specify the address type assigned to the group e Single IP This will let you specify one IP address for a given group e IP Range This will let you specify a range of IP addresses for a given group starting with IP addr 1 and ending with IP addr 2 e Subnet Mask This will let you specify a range of subnet masks for a given group 6 8 6 5 Service Group The Service Group lets you specify a Port and assign it to a group name for easy use when configuring inbound and outbound policies for the firewall CONEXANTA Status Home PPP ADSL Configuration WAN LAN PPP NAT Virtual Server Bridge Filtering DNS User Password Configuration Save Settings Reboot ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Mise Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Firewall Configuration Firewall Service Group Service Entry Name T
73. hey exceed a certain maximum size Certain criteria define the packet fragmentation process so that packets can be reassembled properly In Reassembly Attack the sub packets have malformed criteria fragment offset which can easily cause a system to crash freeze or reboot Enable this option to check for and filter out Reassembly Attack packets Advanced Protection SYN Flooding checking SYN Flooding is a type of DoS attack that is accomplished by not sending the final acknowledgement to the receiving server s SYN ACK SYNchronize ACKnowledge in the final part of the handshake process This causes the serve to keep signaling until it is timed out When a flood many of these attacks are sent simultaneously the server will probably overload and crash Enable SYN Flooding checking to filter out possible SYN flood packets ICMP Redirection checking Also known as an ICMP storm attack or smurf attack ICMP Redirection is another form of DoS This attack is performed by sending ICMP echo requests to a broadcast network node The return IP address is spoofed and replaced by the victim s own address causing it to send the request back to itself This causes the broadcast address to send it out to all the network nodes in the broadcast area usually the entire LAN In turn all those recipients resend it back to the broadcast The process repeats itself gaining more amplitude through each iteration and eventually causing a traffic overload
74. ialog with explanation e PPP X Connecting This is displayed while the PPP session is attempting to connect to the ISP e PPPX Connect ERROR This is displayed when a connection cannot be made due to an error e PPP X is currently not connected This is displayed when a disconnect attempt is made on a session that is not currently connected e PPP X does not exist This is displayed when a connect or disconnect attempt is made on a session number that does not exist 3 4 3 3 ADSL Status Page The ADSL Status page shows the ADSL physical layer or link status The information displayed on this page is either inherent to the ADSL Bridge Router or set by the ADSL Central Office CO DSLAM neither of which cannot be changed by the user This page contains information that is dynamic and will refresh every 2 seconds ADSL STATUS E CONEXAN TA Showtime Firmware Version 3 30 Line State SHOWTIME Modulation G dmt Annex Mode ANNEX_A Bridge Filtering DNS User Password Configuration Save Settings Reboot Admin Privilege Startup Attempts Max Tx Power CO Vendor Elaspsed Time 1 38 dBm Hz ALCATEL_NETWORK 0 days O hours 9 minutes 40 seconds WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Up
75. ide from their ISP IP Address This is the static IP Address given by the ISP Range for IP Address is x x x y where 0 lt x lt 255 and I lt y lt 254 default is 0 0 0 0 Subnet Mask This is the subnet mask given by the ISP Range for Subnet Mask is x x x x where 0 lt x lt 255 default is 0 0 0 0 Gateway This is the Gateway given by the ISP Range for Gateway is x x x y where 0 x lt 255 and 1 lt y lt 254 default is 0 0 0 0 4 2 5 PPP Configuration For PPP Configuration details refer to Section 4 4 4 7 4 3 LAN Configuration The LAN configuration page allows you to set the configuration for the LAN port User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code LAN Configuration TP Address 10 0 0 2 Subnet Mask 255 0 0 0 DHCP Server Enabled x DHCP address pool selection System Allocated x User Defined Start Address 10 0 0 4 User Defined End Address 10 0 0 15 DHCP Gateway Selection Automatic M User Defined Gateway Address Lease Time 1 days 0 hours 9 minutes 0 seconds User Mode Multi User y Ethernet Mode Setting Settings need to be saved to Flash and the system
76. identifier such as TCP UDP port or ICMP query ID e NAPT maps multiple IP addresses and their TCP UDP ports in the private domain to a single IP address and its TCP UDP ports in the public domain This 1s known as a multiple mapping mechanism For each WAN Interface more than one local PC can be associated with one WAN Interface e NAPT allows multiple nodes in a local network to simultaneously access remote networks using the single IP address assigned to their router A 2 A 3 Functional Descriptions This section describes various NAT mechanisms for both outbound and inbound session operations Together they provide a mechanism to connect a realm with private addresses to an external realm with globally unique registered addresses The NAT module allows outbound access with either static or dynamic sessions Inbound access is normally blocked but selective inbound sessions may be enabled A 3 1 Outbound Access The NAT module implements two modes for outbound sessions NAT mode and NAPT mode NAT Mode NAT mode implements the Basic NAT functionality 1 2 3 Static session mapping is required for any local host to access the public domain Only one local host can be mapped to each WAN Network Interface If multiple local hosts are mapped to the same WAN Network Interface only the first one will take effect All other entries are marked with indicating that the entries will not take effect NAPT Mode The NAPT mo
77. ified on the PPP Configuration page The PPP Idle Timer is recommended to be disabled Disconnect Timeout 0 on PPP Configuration page if you want an always on connection PPP Disconnect Timer Configuration is intended for users who do not desire an always on connection and or their ISP charge by connection time Bridge Filtering DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code PPP Disconnect Timer Configuration The settings on this page are used to determine the traffic that will 1 Reset the PPP disconnect timer counter 2 Re establish a PPP connection only if PPP Reconnect on WAN Access is enabled Enable Disable Idle Timer Filter All Traffic will reset Idle Timer ignore filter below Only filtered traffic will reset Idle Timer use filter below Apply Filter To Inbound Traffic Only Outbound Traffic Only O Inbound and Outbound Traffic Filter Details Protocol Port Action 0 0 Delete x IP Protocol Protocol Port 1 TCP 6 80 2 UDP 17 53 Number of Entries is 2 Clear All II Restore to Default Well Known Ports 4 4 3 1 Enable Disable Idle T
78. ignal power level transmitted from the Central Office DSLAM Errored Seconds During Showtime if any given second contains a CRC error then that second will be declared and recorded as an Errored Second Loss of Signal Loss of signal refers to the ADSL Bridge Router losing an ADSL signal not the computer losing a signal with the modem Loss of Signal event is only recorded if the signal is lost while the ADSL Bridge Router is in showtime status This field displays the count of ADSL signal loss events Loss of Frame A frame is a unit of data in ATM This field displays the count of ADSL frame loss events A Loss of Frame event is only recorded if the signal is lost while the ADSL Bridge Router is in showtime status CRC Errors Cyclic Redundancy Check CRC is a method for checking errors in data transmissions This field displays the number of transmit data frames containing CRC errors Data Rate This field displays the ADSL data rate in kbps Latency Latency synonymously delay is the amount of time it takes for a packet of data to get from one designated point to another This field displays the two mapping modes for latency fast and interleaved 3 6 4 Configuration Pages 4 1 The links under Configuration column are associated to the pages that represent the configurations of system and interfaces These pages can be viewed and modified by both user and admin accounts Note Modes When any settings are cha
79. ime is attained ADSL Max TX Power This field displays the transmit output power level of the CPE Customer Premise Equipment which is the transmit output power level of the ADSL Bridge Router ADSL CO Vendor This field displays the Central Office CO DSLAM vendor name if available If the ADSL Bridge Router is not connected to an ADSL vendor then UNUSED VENDOR _ 0 will appear in this field Elapsed Time This field displays the time of the ADSL Bridge Router has been in operation This is the amount of time the ADSL Bridge Router is on not the amount of time it is connected to the PC or in showtime status SNR Margin Signal to Noise Ratio SNR is the measure of signal intensity relative to the background noise The SNR Margin is the amount of increased noise that can be tolerated while maintaining the designated BER bit error rate The SNR Margin is set by Central Office DSLAM If the SNR Margin is increased bit error rate performance will improve but the data rate will decrease Conversely if the SNR Margin is decreased bit error rate performance will decrease but the data rate will increase Line Attenuation Attenuation is the decrease in magnitude of the ADSL line signal between the transmitter Central Office DSLAM and the receiver Client ADSL Bridge Router measured in dB It is measured by calculating the difference in dB between the signal power level received at the Client ADSL Bridge Router and the reference s
80. imer Filter All Traffic will reset Idle Timer ignore filter below Selecting this option will disable the PPP Idle Timeout filter and allow any traffic through any protocol or port to reset the idle timer The only dependency is that the traffic must correspond with the Filter Application Inbound and or Outbound For example if Outbound Traffic Only is selected only traffic in the outbound direction will reset the idle timer When this option is selected all user configured criteria displayed in the filter table is bypassed Only filtered traffic will reset the Idle Timer use filter below Selecting this option will enable the PPP Idle Timeout filter and only allow traffic specified in the filter table to reset the idle timer The traffic specified in the filter table must also correspond with the Filter Application selection For example outbound traffic with criteria matching that 4 15 of the filter table will only be allowed to pass if either Outbound Traffic Only or Inbound and Outbound Traffic is selected Note PPP reconnect on WAN access must be enabled for the Idle Timer to reconnect a PPP Session when a request is made from the LAN to the WAN See Section 5 8 for more information 4 4 3 2 Filter Application The Filter Application consists of three options that determine which sources LAN and or WAN will be able to reset the Idle Timer and reconnect the PPP session Inbound Traffic Only Selecting this option
81. in which this policy will be active See section 6 6 for more information on Time Groups DB Short for Database this field allows you to select a user defined IP Group for the Src IP and Dest IP fields and a user defined Service Group for the Dest Port User defined IP and Service Groups are created in IP Group and Service Group pages sections 6 4 and 6 5 respectively in this user guide Note Source and Destination IP Addresses Subnet Masks and Ports are reversed between Inbound Policy and Outbound Policy For Inbound Policy the source is on the WAN side and the destination is on the LAN side For Outbound policy the source is on the LAN side and the destination is on the LAN side 6 14 6 8 Outbound Policy E CONEXAN TA Status Home Virtual Server Bridge Filtering DNS User Password Configuration Save Settings Reboot WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Firewall The Outbound Policy allows you to filter outbound from the user side LAN to the WAN packets based on a set of rules This enables you to deny access to different sources and thus increase security Outbound Policy TP Address Por
82. k Code Image Update Firmware Boot Code Save settings and reboot Save amp Reboot Reboot modem without saving settings Reboot Only Save amp Reboot Click this to apply all changes Reboot Only Do this to discard all changes since last save After either one of these buttons are clicked the ADSL Bridge Router will do the following e Save amp Reboot Two pages will appear after pressing this button The first one states Your settings are being saved and the modem being rebooted Save reboot in progress please wait Followed by Your settings have been saved and the modem has rebooted Done e Reboot Only Two pages will appear after pressing this button The first one states The modem is being rebooted Reboot in progress please wait Followed by The modem is being rebooted Done 4 32 5 Admin Privilege The links under Admin Privilege are only accessible when user is logged in as Admin Regular user account does not have authorization to view or alter the content on the pages in the Admin Privilege section 5 1 WAN Status The WAN Status page shows the information and status of WAN PVCs WAN CONEXAN TA TP Address Subnet Mask MAC Address Status 63 196 247 252 255 0 0 0 00 30 CD 00 07 05 Virtual Circuit 0 Bridge Filtering DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route T
83. ld look like the following when complete Port Prot Act Opt Filtering SrcPort Any Port Ue Edit All ID A DesPort Any Port d Dn Delete SrcPort 80 Up Edit DesPort 80 TCE a Dn Delete SrcPort 80 Up Edit DesPort 80 TSE Di Dn Delete SrcPort 20 Up Edit DesPort 20 ma ii Dn Delete SrcPort 20 Al Deny Time WEEKEND Up Ediit DesPort 20 y Dn Delete D foe Note It should be clear now how critical it is to sort the policies in the correct order For example if policies one and two were switched there would be NO HTTP access to any computer in the LAN This would make web browsing impossible 6 9 2 Outbound Policy Sample Configuration You want to deny all access to the WAN except for the following e HTTP access from any IP through TCP e Any access from 10 0 0 3 through any protocol e FTP Access from 10 0 0 3 10 0 0 6 through any protocol Converting the access requirements from above so that the Outbound Policy can understand them yields the following e Deny all access from any Src LAN IP to any Des WAN IP through any source or destination port and through any protocol e Allow access from Src LAN IP 10 0 0 3 to any Des WAN IP through any port through any protocol e Allow access from any Src LAN IP to any Des WAN IP through port 80 HTTP through TCP e Allow access from Src LAN IP range 10 0 0 3 10 0 0 6 to any Des WAN IP
84. lick more info To check the MAC Address for the ADSL mode select the ADSL Bridge Router on the dropdown menu The MAC Address is labeled as the Adaptor Address To find the computer NIC address select the NIC device The MAC Address is labeled as the Adaptor Address e Mac OS 7 6 1 and above Not OS X Click on the Apple menu gt Apple System Profiler Click the Network Overview arrow and then the AppleTalk arrow The E MAC Address is the 12 character Hardware Address B 2 e Mac OS X Click on the Dock gt System Preferences Then click on Network Under the Configure drop down tab choose Built in Ethernet or Ethernet Select the TCP IP Tab The E MAC Address is the 12 digit Hardware Address Click on Save and close the Network pane MS DOS Prompt Microsoft lt R gt Windows DOS Copyright Microsoft Corp 1996 2001 WINDOWS gt ipconfig all Windows IP Configuration Host Name Primary Dns Suffix Node Type IP Routing Enabled WINS Proxy Enabled DNS Suffix Search List Ethernet adapter Local Area Connection 6 Connection specific DNS Suffix Description Physical Address Dhcp Enabled Autoconf iguration IP Addre i Subnet M os Default Gateway DHCP Server DNS Servers see ee Bee Primary WINS Server Secondary WINS Server Lease Obtain d gt s s Lease Expires Ethernet adapter Local Area Connec
85. lt However if PAP fails then CHAP will run as the secondary protocol This is the default setting e PAP Password Authentication Procedure Authentication is done through username and password e CHAP Challenge Handshake Authentication Protocol Typically more secure than PAP CHAP uses username and password in combination with a randomly generated challenge string which has to be authenticated using a one way hashing function Automatic Reconnect When it is checked the ADSL Bridge Router will reconnect a PPP session when it is terminated by the ISP If a PPP session is terminated under any other conditions i e by Disconnect Timeout or manual disconnect the Automatic Reconnect will not reconnect the session This box is unchecked by default PPP Configuration Status A table will be displayed at the bottom of this page to show all the Session Names with its Adapter PVC number Mode PPPoA or PPPoE Service Name Account to Use PPP Account ID Disconnect Timeout configuration MRU MTU MSS Authentication Mode Auto CHAP or PAP and Auto Reconnect configuration 4 14 4 4 3 PPP Disconnect Timer Configuration The PPP Disconnect Timer Configuration page enables you to configure what action will bring a PPP Session out of the Idle state disconnected state and reset the Idle Timer This is done by specifying criteria contained in packets namely IP Protocol and Port The Idle Timer refers to the Disconnect Timeout spec
86. n is only available for RIPv2 When it is disabled RIPv2 messages containing authentication entries are discarded When it is enabled all RIPv2 messages must have proper authentication entries and all RIPv2 messages without verified authentication entries and all RIPv1 messages are automatically rejected Supplier The RIP Supplier has two functions e It transmits route updates over every RIP Supplier interface at the interval specified by Supply Interval see below e It transmits route updates in response to specific requests from other routers Listener The RIP Listener listens and processes all RIP messages it receives from other RIP routers and updates the host routing tables accordingly The RIP Listener is always enabled when RIP is enabled By default RIP is disabled The announcement messages RIP sends are based on two configuration parameters RIP Version number and Multicast Version Multicast Announcements Sent 1 OFF V1 2 ON V1 2 OFF V2 BC 2 ON V2 MC The RIP messages that can be received and processed are based on two configuration parameters RIP Version number and Multicast Version Multicast RIP Messages Received 1 OFF v1 2 ON v1 2 OFF V1 amp V2 BC 2 ON V2 BC 8 VC MC The RIP Configuration page allows you to set the configuration for the system wide configuration of RIP The actual RIP configuration is in the RIP Per Interface Configuration
87. n making your own configurations This configuration does not necessarily provide proper security it is meant only as a sample to display the functionality of the Inbound and Outbound Policies Inbound Policy Sample Configuration You want your firewall to have the following properties e Accept all http IP addresses except for 204 35 82 1 e Grant FTP access from 101 64 35 4 external to 10 0 0 3 10 0 0 4 10 0 0 5 and 10 0 0 6 all internal e Deny all access to FTP Server 10 0 0 6 on the weekend Converting the access requirements from above so that the Inbound Policy can understand them yields the following e Deny access from any Src WAN IP to any Des LAN IP through any source or destination port and through all protocols e Allow access from any Src WAN IP to any Des LAN IP through port 80 HTTP through TCP e Deny access from Src WAN IP 204 35 82 1 to any Des LAN IP through port 80 HTTP through TCP e Allow access from Src WAN IP 101 64 35 4 to Des LAN IP 10 0 0 3 10 0 0 6 through port 20 FTP through TCP e Deny access from any Src WAN IP to DB FTP defined as IP through any source or destination protocol and through all protocols during time period WEEKEND where WEEKEND is defined in the Time Group as Saturday 12 00AM to Sunday 11 59PM It does not matter which order you input these in as long as you sort them into the correct order once you are finished The configuration shou
88. needs to be rebooted for changes to take effect Save Cos ation LAN IP Address amp Subnet Mask The LAN IP Address is what the computer uses to identify and communicate with the ADSL Bridge Router this is the address you enter in the address bar of Internet Explorer to access these pages You can change this to another private IP address and subnet mask such as 192 168 1 2 and 255 255 255 0 Range for IP Address and Subnet Mask is x x x x where 0 lt x lt 255 the default is 10 0 0 2 and 255 0 0 0 respectively 4 3 1 DHCP Server Dynamic Host Configuration Protocol DHCP is a communications protocol that allows network administrators to manage and assign IP addresses to computers within the network DHCP provides a unique address to a computer in the network which enables it to connect to the Internet through Internet Protocol IP DHCP is controlled by the DHCP Server The following settings allow you to configure the DHCP server DHCP Server Select Enabled default to activate DHCP Server DHCP Address Pool Selection Two types of Address Pool selections are available with System Allocated as the default e System Allocated The DHCP address pool is based on LAN port IP address plus 12 IP addresses For example when the LAN IP address is 10 0 0 2 the DHCP address pool the range from 10 0 0 3 to 10 0 0 14 e User Defined When User Defined is selected the DHCP address pool starts at the User Defined Start
89. nfiguration Firewall Service Filtermg The following services can be configured based on your specific need Ping from External Network Telnet from External Network FTP from External Network DNS from External Network IKE from External Network RIP from External Network DHCP from External Network These are the Service Request sources that can be disabled e Ping from External Network e Telnet from External Network e FTP from External Network e DNS from External Network e IKE from External Network e RIP from External Network e DHCP from External Network 6 4 IP Group CONEXAN TA User Password Configuration Save Settings Reboot ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Firewall The IP Group lets you specify IP Addresses Single or Range and Subnet Masks and assign them to a group name for easy use when configuring inbound and outbound policies for the firewall Configuration Firewall IP Group IP Entry Name IP Address IP Mask IP Entry Name TP addr 1 TP addr 2 IP Mask Single IP w Add Modify this entry IP Entry Name This is the name you assign to the group of IP addresses and subnet masks T
90. nged please go to the Save Settings page to save the new setting s and reboot the ADSL Bridge Router Changes will not take effect until the settings are saved and the ADSL Bridge Router is rebooted If power is lost before saving all new configurations since the last save will be lost even if they were submitted These modes are guidelines for setting up the WAN interface Table 4 1 lists the mode configurations These modes are illustrated in Figure 2 1 Other modes or configurations are supported through user setup Table 4 1 Mode Configuration WAN Bridge Mode Router Mode Router Mode Router Mode Half Bridge Configuration PPPoA PPPoE Dynamic IP Static IP IP address N A Automatically Automatically Provided by ISP Automatically assigned by ISP assigned by ISP assigned by ISP Subnet Mask N A Automatically Automatically Provided by ISP Automatically assigned by ISP assigned by ISP assigned by ISP Gateway N A Automatically Automatically Provided by ISP Automatically assigned by ISP assigned by ISP assigned by ISP Encapsulation 1483 Bridged IP PPPoA LLC 1483 Bridged 1483 Bridged PPPoA LLC LLC VC Mux Routed IP LLC Routed IP LLC VC Mux 1483 Bridged IP PPPoE LLC 1483 Bridged 1483 Bridged PPPoE LLC VC Mux VC Mux Routed VC Mux Routed VC Mux VC Mux Classical IP over Classical IP over ATM ATM Bridge Enabled Disabled Disabled Disabled Disabled PPP Service N A Provide
91. nrt can transmit ATM cells Sustainable Cell Rate SCR can be considered as the true reserved bandwidth for a PVC Range for Sustainable Cell Rate field is 0 32767 default is 0 Max Burst Size This is the number of cells a PVC enabled with VBR nrt can transmit continuously at peak cell rate PCR Range for Max Burst Size field is 0 32767 default is 0 4 5 4 2 1 1 4 2 1 2 Example CBR and UBR This example is provided to further explain the dynamics of UBR and CBR and how different PVCs with different service category specifications coexist In this example the ADSL upstream is 900 kbps Sample Configuration PVC2 and PVC3 are busy PVC Service Category Peak Cell Rate 0 CBR 400 kbps 1 CBR 800 kbps 2 UBR N A 3 UBR N A Scenario Actual Adjusted Bandwidth Usage PVCO is busy PVCO uses 400 kbps PVC1 is idle PVC2 uses 250 kbps PVC3 uses 250 kbps PVCO is idle PVC1 uses 800 kbps PVC2 and PVC3 are busy PVC1 is busy PVC2 uses 50 kbps PVC2 and PVC3 are busy PVC3 uses 50 kbps PVCO is busy PVCO uses 300 kbps PVC1 is busy PVC1 uses 600 kbps PVC2 uses 0 kbps PVC3 uses 0 kbps Example VBR nrt This example is provided to further explain the dynamics of VBR nrt A PVC has a service category of VBR nrt with the following parameters 1 PCR 400 kbps 2 SCR 100 kbps 3 MBS 22 cells Note that 22 cells 48 bytes cell 1056 bytes If the PVC h
92. ocol With dynamic WAN interfaces the Route table changes as links go up and down Since NAPT is based on Route Table NAT packet forwarding may behave differently from time to time Static Session Mapping Static session mapping is used in both NAT mode and NAPT mode 1 The static session mapping used in NAT mode and NAPT mode are the same except for one difference Only one session mapping is effective per WAN Network Interface in the NAT mode while there is no limit in the NAPT mode Session mapping maps a local host IP address to a WAN Network Interface You must first create a Session Name and associate it with the intended WAN Network Interface Then you can map local host IP addresses to that Session Name Depending on the memory resource availability a Up to 64 Session Names can be created for each WAN Network Interface b Up to 64 Session Names can be created in the system c Up to 253 Local host IP mappings can be created for each Session Name d Up to 253 Local host IP mappings can be crated in the system Inbound Access Inbound access is normally blocked however selective inbound sessions may be enabled The NAT module implements two types of inbound access control Virtual Server and Demilitarized Zone DMZ Virtual Server The term Virtual Server came from the concept of subdividing one physical system into multiple virtual systems 1 The NAT module provides Virtual Server service through static in
93. ode Image Update Firmware Boot Code PPP Account Configuration Acct Id PPP Account 1 User Name test123 Password eccccce mamoa e Account Name User Name 1 simple PPP account 0 adslpae 2 PPP Account 1 test123 The number of PPP accounts is 2 Go back to PPP Co ation Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Account ID This field allows you to create an account ID to help distinguish different accounts up to 16 maximum The Account ID can be up to 31 characters User Name Enter the PPP user name provided by the ISP The User Name can be up to 127 characters Note You cannot have two different user accounts with the same account name If a different User Name with an already existing Account ID is submitted it will replace the previous account with that Account ID You can have the same User Name and Password for two different accounts Account ID Password Enter the PPP password provided by the ISP The Password is not needed to delete or modify the account The Password can be up to 127 characters PPP Account Configuration Status table will be displayed at the bottom of this page to show all the accounts Table headings Account Name and User Name The status table does not display the password The Number of PPP Accounts This field displays the total number of PPP Accounts entered 4 12 4 4 2 PPP S
94. onfiguration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Firewall Dn Short for down clicking on this button will move the corresponding policy down one space in the table Note The Outbound Policy works in a Top Down fashion according to the Outbound Policy Table This means that the firewall will apply the policies in order from the top of the table to the bottom It is critical for both security and user accessibility to the WAN to have outbound policies in the correct order See Section 6 9 1 for an example of this Edit Clicking this button will display a table similar to the add table see next page to the bottom of the policy table that will allow you to modify the corresponding policy Delete This will delete the corresponding policy Add Inbound Policy Clicking on this button will bring up a table with all the add configurations as shown below Outbound Policy IP Address Port Prot Act Opt Filtering SrcIP Any IP SrcPort Any Port All Deny Edit DesIP Any IP DesPort Any Port Delete SrcIP 10 0 0 3 SrcPort Any Port Al Allow Est DesIP Any IP DesPort Any Port Delete SrcIP Any IP SrcPort 80 Al Allow Edit DesIP Any IP DesPort HTTP Delete Adding New Policy Sre IP 10 0 0 3 10
95. ound Policy 6 9 Inbound Outbound Policy Sample Configuration ccceescesseseseseeeeteeeeeseeeeteeneeeseseeceneneasaseeeseeeteensaseteeeneneneeasesieens 6 18 6 9 1 Inbound POLICY eea iaa 6 18 6 9 2 Qutbound Poll Vesta 6 19 Appendix A Network Address Translation oocccccccccccccccnicnnnnoninononinnnnnoninnnnnnnnnnninnninininininss A 1 AT Basic NA oie A 2 AZ Statie NAPT eano a a e a r a a a e a N a A 2 A 3 Functional Descriptions sisii aa AE adios A 3 A 3 1 Outbound ACCESS miii A 3 A32 INDOUNA ACCESS iomrait iba A 4 A 3 3 Application Layer Gateways ALGS oooonoccconnncccnnnocncnnoncccnnnonnncnanonnnn nono nnnnnnn nn nnnnnnn nn r nan nana nrnnnnnnns A 5 Appendix B Frequently Asked Questions Appendix C Troubleshooting Guide ooocoooiininininininncoccccccccccnnncn nr C 1 Appendix D Network Setup Guide A RAN D 1 A AA A O D 1 D 2 Windows 95 98 98SE Me assed dnd ecos a Gite de en e de esos esla aL rrna D 2 D 3 MAC OS 7 6 1 o A ust coca teresdlans wecstaasssedetests steusa attend pea diegst na atelateeemell D 3 D 4 MACOSX Appendix E Common Error Messages ceeeeeeeeeeeeeeee ence cette eeeeeeeeeeeeeeeeeeeeeeeeseneeeeeeeneeeees E 1 Appendix F Glossary 1 System Requirements Personal computer PC Pentium III 266 MHz processor minimum 128 MB RAM minimum 20 MB of free disk space minimum Ethernet Network Interface Controller NIC RJ45 Port USB Port Internet Browser USB Cable Ethernet
96. port is required For instance Router mode uses NAT which requires ALG support PPP Half Bridge also terminates the PPP in the modem and does not require a PPPoE client on the PC However PPP Half Bridge does not use NAT and is not limited by ALGs PPP Half Bridge will work with either Ethernet or USB interface to the PC Single User Mode Only one computer is connected at the LAN side either through USB or Ethernet Multi User Mode Multiple computers are connected at the LAN side either through USB only one can connect to USB and the others through Ethernet Table 4 1 provides a configuration guideline for the typical ADSL Bridge Router connections discussed on the previous page and displayed in Figure 2 1 These configurations can be made on the WAN Configuration page see Section 4 2 4 2 4 2 WAN Configuration The WAN configuration page allows you to set the configuration for the WAN ADSL ports Before you enter the WAN Configuration page you will be asked to select an adapter PVCO through PVC7 first Once you select the adaptor then following page will appear gt WAN Configuration Pvc 0 1 ee Oe i a Virtual Circuit Enabled Static IP Settings PEE Bridge Disabled y IP Address 192 168 241 101 4 IGMP Disabled v Subnet Mask 255 255 255 0 Configuration WAN Encapsulation PPPoE LLC Y Gateway LAN J PPP NAT Venal Serves ATM PPP Advanced PPP cos ation ee
97. ress 000002fa6fab through IP protocol A First go to the Bridge Filtering page under Configuration Then type 000002fa6fab in the ID Source MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Block and click Submit How do I block incoming packets with destination MAC address 000003dc8faa through IP protocol A First go to the Bridge Filtering page under Configuration Then type 000003dc8faa in the Destination MAC field and 0800 in the Type field If bridge filtering is not already enabled select Yes under the Enable Bridge Filtering field Then select Block and click Submit How can I find verify my ADSL Bridge Router and or computer Ethernet MAC Address A Follow the following instructions for the appropriate operating system e Windows NT 2000 XP Click on Start Menu gt All Programs gt Accessories gt Command Prompt MS DOS Prompt in NT Once in the command prompt type ipconfig all and press enter There should be at least 3 Tables of information The first one should be labeled Windows IP Configuration The other two are for your Network Interface Card NIC and your ADSL Bridge Router You should be able to find out which one is which by looking at the Description field The respective MAC addresses will be located in the Physical Address field e Windows 95 98 98SE Me Click on Start Menu gt Run Type winipefg and click OK C
98. rver Number of Ethernet Devices Connected to the DHCP Server These fields display the DHCP client table with the assigned IP addresses and MAC addresses Note If there are no devices connected to the DHCP server then a table will not appear otherwise a table Table Headings IP Address MAC Address listing all devices connected to DHCP server will appear on the bottom of the page Ethernet Link Status This field displays the link up or down for the Ethernet connection up if connected down if not connected USB Link Status This field displays the link up or down for the USB connection up if connected down if not connected 3 2 3 2 PPP Page The PPP Status page shows the status of each PPP session for each PPP interface This page contains information that is dynamic and will refresh every 8 seconds Note PPP interfaces can be created modified and deleted in the PPP Configuration page Refer to Section 4 4 for further information E CONEXANT Status Home User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code PPP Connection Name Interface Mode Status Pkts Sent PktsRevd Bytes Sent Bytes Re
99. ry DNS can be reached through a ping request The primary DNS is assigned by your service provider or obtained from your service provider by PPP or DHCP negotiation If this test returns FAIL run this test again a few minutes after this test is completed If this test returns FAIL consistently and your ADSL Bridge Router seems to not be working check to make sure your statically assigned primary DNS IP address is configured correctly or DHCP client is enabled with the current VC This test returns N A if there is no DNS configured Query DNS for www conexant com This test returns PASS if the host name can be resolved to an IP address though your domain name servers This test returns FAIL if the host name can not be resolved successfully If this test returns FAIL run this test again a few minutes after this test is completed Ping www conexant com This test returns PASS if the host specified by your ISP can be reached through a ping request If this test returns FAIL run this test again a few minutes after this test is completed This test returns SKIPPED if the host name can not be resolved to an IP address 5 13 System Loy E CO MBEX ANT Configuration LAN BEE NAT The System Log page shows the events triggered by the system This page contains information that is dynamic and will refresh every 5 seconds System Log 10 15 2003 15 01 41 gt Received time from Time Server 128 138 140 44 01 01
100. s Reboot Route Table Admin Password Co ition Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code DNS Configuration DNS Proxy Enabled iv Auto Discovery Y User Configuration DNS Server 10 0 0 4 Add iv DNS Server Enabled x Url Name modemconfig com Host Ip 10 0 0 2 Ada y DNS Proxy Setting DNS Server Setting DNS Server IP Url Name Host Domain Host IP 1 10 0 0 4 1 modemconfig com 10 0 0 2 Settings take effect immediately no system reboot is required Save Co ation DNS Proxy Enable Disable When the DNS Proxy is Disabled the LAN port does not process the DNS query message For the DHCP requests from local PCs the DHCP server will set the user configured DNS server as the DNS server Then all DNS query messages will be directly sent to the DNS servers DNS Proxy is enabled by default Auto Discovered When enabled default the DNS proxy will store the DNS server IP addresses obtained from DHCP client or PPP into the table All DNS query messages will be sent to the dynamically obtained DNS server Select this option when the DNS Server address is unknown but provided automatically by the ISP User Configured When enabled the DNS proxy will use the user configured DNS server All DNS query messages will be sent to the DNS server Enter the DNS IP in the DNS Server field
101. s to take effect Miscellaneous Configuration HTTP server access All O Restricted Y LAN WAN Specify IP 10 0 0 10 Subnet Mask 255 0 0 0 H server port 80 HTTP Password Protection Enabled y FTP server Enabled y Disable WAN side FTP access TFTP server Disabled im Command Line Interface Enabled w O by Console by Telnet Y Disable WAN side access DMZ Disabled iy DMZ HOST IP 0 0 0 0 DHCP O NONE DHCP Server O DHCP Relay DHCP Relay Target IP 0 0 0 0 IGMP Proxy Disabled y PPP Half Bridge Disabled v PPP Reconnect on WAN Access Disabled x Connect PPP when ADSL link is up Enabled v SNTP Time Zone 8 Pacific US Mi Daylight Saving Time No m User defined Time server 0 0 0 0 5 13 HTTP Server Access This field allows you to configure where these Web pages can be accessed from e All When this field is checked it allows both WAN and LAN access to the Web pages This is the system default e Restricted LAN This field allows the Web pages access from LAN side e Restricted WAN Specified IP amp Subnet Mask This field allows the Web access from WAN side with a specify IP and subnet mask HTTP Server Port This field allows you to specify the port of the Web access For example when it is changed to 8080 the HTTP server address for the LAN side is http 10 0 0 2 8080 Range for HTTP
102. seconds This timer specifies how often the RIP sends announcements as a RIP Supplier Range for Supplier Interval field is 0 2147483647 default value is 30 Expire Timeout This field allows you to enter the Expire Timeout in seconds This timer specifies the expiration time of a route When a route has not been updated for more than the expire period of time it is removed from the Route Table This route is then invalidated and remains in the internal RIP Route Table It will be included in the RIP announcements to let other routers know the changes Range for Expire Timeout field is 0 2147483647 default is 180 Garbage Timeout This field allows you to enter the Garbage timer in seconds This timer specifies how long the expired and invalidated routes are kept in the Internal RIP Route Table before they are removed from it Range for Garbage Timeout field is 0 2147483647 default is 120 5 6 1 RIP Per Interface Configuration The RIP Per Interface Configuration page allows you to set the configuration for each Interface PVCs PPP Sessions USB and LAN CONEXANTA Status Home PPP ADSL Configuration WAN LAN PPP NAT Virtual Server Bridge Filtering DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Re
103. set to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code RIP Per Interface Configuration Interface Enabled Supplier Listener Ip Ethernet 0 No x Disabled y vi y Back to System Wide Configuration Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect Current RIP Settings Interface Enabled Supplier Mode Listener Mode 1 Ip Ethernet 0 o V2BC V1 V2 2 ip Usb 0 o V2BC VI V2 3 Tp Pvc 0 No Disabled V1 V2 4 ip Pvc 1 o Disabled V1 V2 5 lp Pvc 2 o Disabled Vl1 V2 6 ip Pvc 3 No Disabled V1 V2 T ip Pvc 4 o Disabled V1 V2 8 ip Pvc 5 o Disabled V1 V2 9 ip Pvc 6 o Disabled V1 V2 10 ip Pvc 7 o Disabled V1 V2 11 Ip Wlan 0 o V2BC V1 V2 12 Ip BridgeMux 0 o V2BC V1 V2 13 simple ppp session 0 o Disabled V1 V2 Interface This field allows you to choose the Interface PVCs PPP Sessions USB and LAN for the RIP to be configured The available selections are IP Ethernet 0 IP USB 0 IP PVCO IP PVC7 IP BridgeMux 0 and any PPP user defined sessions maximum of 16 Enable This field allows you to Enable Yes or Disable No the specified interface for RIP Supplier This field allows you to select the Supplier Mode RIP Transmit e Disabled The supplier transmit is disabled e VI BC The supplier transmits in RIPv1 Broadcast e V2 BC The supplier transmits in RIPv2 Broad
104. sh an ADSL connection with your service provider The test returns PASS if an ADSL connection is established If this test returns FAIL please try the test again a few minutes after this test is completed Your ADSL Bridge Router needs up to one minute to establish the ADSL connection depending on your phone line quality If this test returns FAIL make sure your phone line is connected to your ADSL Bridge Router secured and also check with your service provider to see if your service is activated If this test returns FAIL all other tests will be skipped Test ATM OAM Segment Loop Back This test sends ATM OAM F5 Segment loop back request cells to the CO This test will pass if a response cell is received Since some service providers might not support this test it could still work even if this test fails If this test fails consistently and the ADSL Bridge Router seems not working make sure the VPI and VCI are configured correctly This test returns FAIL if the ADSL synchronization test failed Test ATM OAM End to End Loop Back This test sends ATM OAM FS End to End loop back request cells to the central office equipment through your ADSL connection 5 19 This test returns PASS if response cell is received Since your service provider might not support this test your ADSL Bridge Router could still be working properly even if this test fails If this test returns FAIL consistently and your ADSL Bridge Router seems to not be
105. sical addresses whereas routers use IP address to forward packets Bridges must learn all the physical MAC addresses of the devices so it can forward the packets reliably The purpose of the Learned MAC Table is to store and display these bridge recognized MAC addresses The Learned MAC Table page shows the current learned Bridge MAC table This page contains information that is dynamic and will refresh every 8 seconds Bridge MAC Table MAC Address Expiration 00 0B DB 0D AB 55 75 00 50 DA 2E 09 97 54 00 E0 29 86 06 9D 99 Aging Timeout 100 Seconds Reset Aging Timeout This field allows you to enter the update period for the MAC table Have this number lower if you want a more frequent refresh rate Range for Aging Timeout field is 0 32767 default is 100 5 6 5 6 RIP Configuration RIP Routing Information Protocol is a management protocol that ensures that all hosts in a particular network share the same information about routing paths In a RIP a host computer will send its entire routing table to another host computer every X seconds where X is the supply interval The receiving host computer will in turn repeat the same process by sending the same information to another host computer The process is repeated until all host computers in a given network share the same routing knowledge There are several components to RIP including the authenticator supplier and listener Authenticator Authenticatio
106. t Prot Act Opt Filtering IP Port Up Edit SrcIP Any IP SrcPort Any Port Al Deny mA DesIP Any IP DesPort Any Port Dn Delete IP Port Up Edit SrcIP 10 0 0 3 SrcPort Any Port An Allow EP DesIP Any IP DesPort Any Port Dn Delete SreIP Any IP SrePort 80 Up Edit DesIP Any IP DesPort HTTP All Blew Dn Delete SreIP 10 0 0 3 10 0 06 SrePort 20 Time Monday Up Edit gt All Allow DesIP Any IP DesPort FTP Dn Delete Add Outbound Policy A table of outbound policies is displayed with the following information If there are no policies then a message stating No Entries in Outbound Policy Database will be displayed in place of the table IP Address This field specifies the IP address or addresses to which the policy applies Both the source IP SrcIP and destination IP DesIP are specified here Port This field specifies the Port number to which the policy applies Both the source port SrcPort and destination port DesPort are specified here Prot Short for protocol this is the protocol to which the policy applies Act Short for action this field specifies two possible actions allow and deny Opt Filtering Optional Filtering field specifies the time period to which the policy applies Up Clicking on this button will move the corresponding policy up one space in the table E CONEXANTA User Password Configuration Save Settings Reboot ADSL C
107. t indicates whether or not the packet has been propagating through the network too long and should be discarded Unspecified Bit Rate A transfer mode that is usually used in file transfers email etc UBR can vary depending on the data type Universal Serial Bus A standard interface between a computer and a peripheral printer external drives digital cameras scanners network interface devices modems etc that allows a transfer rate of 12Mbps User Datagram Protocol A protocol that is used instead of TCP when reliable delivery is not required Unlike TCP UDP does not require an acknowledgement handshake from the receiving end UDP sends packets in one way transmissions Variable Bit Rate non real time With VBR nrt cell transfer is variable upon certain criteria Virtual Circuit A virtual circuit is a circuit in a network that appears to be a physically discrete path but is actually a managed collection of circuit resources that allocates specific circuits as needed to satisfy traffic requirements Virtual Channel Identifier A virtual channel identified by a unique numerical tag that is defined by a 16 bit field in the ATM cell header F 5 VC Mux VPI WAN The purpose of the virtual channel is to identify where the cell should travel Virtual Circuit based Multiplexing In VC Based Multiplexing the interconnect protocol of the carried network is identified implicitly by the VC Virtual Circuit conn
108. ted at the point of entry for the network All data inbound and outbound must pass through the firewall for inspection Breaking a packet up into smaller packets that is caused either by the transmission medium being unable to support the original size of the packet or the receiving computer not being able to receive a packet of that size Fragmentation occurs when the sender s MTU is larger than the receiver s MRU File Transfer Protocol A standardized internet protocol which is the simplest way to transfer files from one computer to another over the internet FTP uses the Internet s TCP IP protocols to function Data transmission can be transmitted and received on the same signal medium and at the same time Full Duplex lines are bidirectional G dmt G lite Gateway Half Duplex HEC HNP Host IAD IP LAN LLC MAC Address MC MRU MSS Formally G 992 1 G dmt is a form of ADSL that uses Discrete MultiTone DMT technology G dmt incorporates a splitter in its design Formally G 992 2 G lite is a standard way to install ADSL service G lite enables connections speeds up to 1 5 Mbps downstream and 128 kbps upstream G lite does not need a splitter at the user end because splitting is preformed at the remote end telephone company A point on the network which is an entrance to another network For example a router is a gateway that connects a LAN to a WAN Data transmission can be transmitted
109. the SNMP NMS NMS Server located at Trap IP through the specified Ports gt co nw 8x AN T Status Home PPP S B L Configuration LAN PEE NAT Virtual Server ridge Filterin DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration SNMP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code SNMP Configuration System Name System Contact System Location System OID 1 3 6 1 4 1 4900 Read Community public Write Community private Trap Community trap community Trap SNMP Version Version 1 y Trap IP 1 0 0 0 0 Trap Port 1 0 Trap IP 2 0 0 0 0 Trap Port 2 0 Trap IP 3 0 0 0 0 Trap Port 3 0 Trap IP 4 0 0 0 0 Trap Port 4 0 Trap IP 5 0 0 0 0 Trap Port 5 0 Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect SNMP System Identification The System Name System Contact System Location and System OID are provided to identify the SNMP NMS The System OID is the ID number placed in all Trap reports 5 11 The System Name System Contact and System Location can be up to 127 characters Default value for System OID is 1 3 6 1 4 1
110. the Central Office determines whether or not an ADSL signal can be supported in a given line Customer Premises Equipment This specifies equipment on the customer or LAN side Cyclic Redundancy Checking A method for checking errors in a data transmission between two computers CRC applies a polynomial function 16 or 32 bit to a block of data The result of that polynomial is appended to the data transmission Upon receipt the destination computer applies the same polynomial to the block of data If the host F 1 DHCP DMZ DNS DSL DSLAM Encapsulation FEC Firewall Fragmentation FTP Full Duplex and destination computer share the same result the transmission was successful Otherwise the sender is notified to re send the data block Dynamic Host Configuration Protocol A communications protocol that allows network administrators to manage and assign IP addresses to computers within the network DHCP provides a unique address to a computer in the network which enables it to connect to the Internet through Internet Protocol IP DHCP can lease and IP address or provide a permanent static address to those computers who need it servers etc Demilitarized Zone A computer Host or network that acts as a neutral zone between a private network and a public network A DMZ prevents users outside of the private network from getting direct access to a server or any computer within the private network The o
111. the LAN private Permanent Virtual Circuit A software defined logical connection in a network A Virtual Circuit that is permanently available to the user Routing Information Protocol A management protocol that ensures that all hosts in a particular network share the same information about routing paths In a RIP a host computer will send its entire routing table to another host computer every X seconds where X is the supply interval The receiving host computer will in turn repeat the same process by sending the same information to another host computer The process is repeated until all host computers in a given network share the same routing knowledge RIP Version 1 One of the first dynamic routing protocols introduced used in the internet RIPv1 was developed to distribute network reach ability information for what is now considered simple topologies RIP Version 2 Shares the same basic concepts and algorithms as RIPv1 with added features such as subnet masks authentication external route tags next hop addresses and multicasting in addition to broadcasting F 4 Router Mode SNAP SNMP SNR Subnet Mask TCP TFTP Trellis Code TTL UBR USB UDP VBR nrt VC VCI Router Mode is used when there is more than one PC connected to the LAN side Ethernet and or USB port This enables the ADSL WAN access to be shared with multiple nodes on the LAN Network Address Translation NAT is supported so th
112. the NAT dropdown menu are e NAT Static peer to peer mode 1x1 e NAPT Static multiple mapping mode 1xN e Dynamic NAPT Dynamic multiple mapping mode NxN This is the default setting Session Name This field allows you to select the session from the configured NAT Session Name Configuration User s IP This field allows you to assign the IP address to map the corresponding NAT NAPT sessions 4 19 Session Name Status This table will be displayed at the middle of the page to show the Session Name with its corresponding IP Address Number of NAT Configurations This field displays the total number of NAT Sessions entered Available Sessions This table will be displayed at the bottom of the page to show all the available Session Names with their corresponding WAN Interface Number of Sessions This field displays the total number of NAT Sessions entered Note For more information on NAT see Appendix A 4 20 4 6 Virtual Server Configuration Virtual Servers are used for port forwarding from the WAN to LAN networks The Virtual Server Configuration page allows you to set the configuration of the Virtual Server All UDP TCP ports are protected from intrusion If any specific local PCs need to be mapped to the UDP TCP port on WAN side please input the mappings here There can be up to 20 different Virtual Server Configurations User Password Conf o Save Settings Reboot WAN Status A
113. the policy table that will allow you to modify the corresponding policy Delete This will delete the corresponding policy Add Inbound Policy Clicking this button will bring up a table with all the add configurations as shown below Inbound Policy IP Address Port Prot Act Opt Filtering SrcIP Any IP SrcPort Any Port Al Den Up Edit DesIP Any IP DesPort Any Port id Dn Delete SrcIP Any IP SrcPort 80 TCP Allow Up Edit DesIP Any IP DesPort HTTP Dn Delete SreIP 204 35 82 1 SrePort 80 ls Up Edit DesIP Any IP DesPort 80 id Dn Delete Adding New Policy Sre IP 101 64 35 4 SingleIP y DB None w Dest IP A Any IP DB DHCP_Clients v Sre Port 20 Single Port w Dest Port Any Port x DB FTP y Transport Protocol AllProtocol Filtering Action Allow lv Time Window Filtering Weekend y Add Modify Inbound Policy 6 12 Sre IP This specifies the Source IP for the Inbound Policy This is the external WAN side outside of the firewall IP address or addresses and Subnet Masks that will be affected by the policy In this field there are two IP Address entry fields and a dropdown menu The dropdown menu has four options e AnylIP Selecting this will cause all IPs to be affected by the policy When this 1s selected you will be unable to enter any information into the IP Address entry fields e Single IP Selecting this
114. the private network IP address for the particular server Well known TCP IP ports are listed in Table 4 3 Table 4 3 Well Known TCP UDP Ports Port Protocol TCP UDP 20 File Transfer Protocol FTP Data x 21 FTP Commands X 23 Telnet X 25 SMTP X 43 Whois X 53 Domain Name System DNS X X 69 Trivial File Transfer Protocol TFTP X 70 Gopher X 79 Finger X 80 HTTP X 110 POP3 X 111 SUN Remote Procedure Call RPC x 115 SFTP X 119 Network News Transfer Protocol NNTP x 123 Network Time Protocol NTP x x 144 News X 161 Simple Network Management Protocol SNMP X 162 SNMP traps X 179 Border Gateway Protocol BGP X 443 Secure HTTP HTTPS X 513 rlogin x 514 rexec X 517 talk X X 518 ntalk X X 520 Routing Information Protocol RIP X 1701 Layer 2 Tunneling Protocol L2TP X 2000 Open Windows X X 2049 Network File System NFS X 6000 X11 X X 4 22 4 7 Bridge Filtering Bridge Filtering allows packets to be forwarded or blocked depending on the MAC address The Bridge Filtering configuration page allows you to set the configuration of MAC filtering There can be up to 4 different Bridge Filtering configurations User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin P
115. through port 20 FTP through any protocol The configuration should look like the following when complete IP Address Port Prot Act Opt Filtering IP Port Up Edit 1 SrcIP Any IP SrcPort Any Port an Deny LP DesIP Any IP DesPort Any Port Dn Delete IP Pork Up Edit 2 SrcIP 10 0 0 3 SrcPort Any Port Al Allow B DesIP Any IP DesPort Any Port Dn Delete SrcIP Any IP SrcPort 80 Up Edit 3 DesIP Any IP DesPort HTTP Aai and Dn Delete SreIP 10 0 0 3 10 0 0 16 SrePort 20 Up Edit j DesIP Any IP DesPort FTP A eal Dn Delete 6 19 Appendix A Network Address Translation Network Address Translation NAT translates the IP address a network LAN to a different IP address known by another network WAN This gives an outside network the ability to distinguish and communicate with a device on the inside network as the inside network has a private set of IP addresses assigned by the DHCP server which are not know to the outside network The rise of NAT and increasing use of NAT come from several factors e World shortage of IP Addresses Public IP addresses need to be used in the public domain However the limited supply of public IP addresses cannot satisfy the increasing demand NAT allows multiple IP nodes in the private domain to share one public IP address This conserves the pool of public IP address and makes private IP addresses reusable in oth
116. tion 8 Connection specific DNS Suffix Description ie dE Physical Address Dhcp Enabled Autoconf iguration IP Address Subnet Mask Default Gateway DHCP Server DNS Servers E Lease Obtained Lease Expires IC WINDOWS gt G x Hybrid No No nb conexant com conexant com b conexant com ntel R gt PRO 166 UM Network Connecti BB AB CD 46 62 1A Yes Yes 172 19 181 122 255 255 254 0 172 19 100 1 157 152 183 52 157 152 161 52 157 152 165 171 157 152 64 233 157 152 9 170 157 152 161 240 157 152 161 241 Friday July 25 2003 1 27 39 PM Tuesday July 29 2003 1 06 37 PM jODetlotuork Adapter 86 87 F3 10 2 Friday July 25 2003 4 66 61 PM Saturday July 26 2003 4 66 61 PM Computer NIC MAC Address USB Port Network Adaptor MAC Address B 3 Appendix C Troubleshooting Guide The Troubleshooting Guide provides answers to common problems regarding the ADSL Bridge Router settings connections and computer settings I changed the LAN IP Address in the LAN configuration page and my PC is no longer able to detect the ADSL Bridge Router After changing the LAN IP Address of the ADSL Bridge Router you must do one of the following things before a PC is able to recognize the ADSL Bridge Router Open the MS DOS prompt and run ipconfig release followed by ipconfig renew Reboot the computer Disconnect the ADSL Bridge Router from the
117. tions for this field are IP PVCO IP PVC7 IP Ethernet 0 IP BridgeMuxo and any PPP session that was created by the user Specify IP This field allows you to specify the IP address of the default gateway 5 4 2 Route Configuration Destination This field allows you to enter the remote network or host IP address for the static routing Netmask This field allows you to enter the Subnet Mask for the static routing Gateway This field allows you to enter the IP address of the gateway device that allows the router to contact the remote network or the host for Specified IP or select an Interface for the Gateway Manually Configured Routes This field displays the static route entries entered by the user 5 5 5 5 Learned MAC Table E CONEXAN TA Status Home PpP ADSL Configuration WAN LAN PPP NAT Virtual Server Bridge Filtering DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Network bridges operate at the physical network layer The purpose of a bridge is to connect two or more networks and enable packet sharing between them Bridges are different from routers because they forward packets based on phy
118. twork Adapter and click the Properties button e Select the IP Address tab and click Obtain an IP address automatically e Click OK to close TCP IP Properties and then click OK to close Network TCP IP Properties Sure Meck D 3 D 4 MAC OS 7 6 1 or higher MAC 0S X Select Control Panels from the Apple Menu and open the TCP IP Control Panel Choose the Connect via Ethernet option Select Configure using DHCP Server option Close and Save Launch System Preferences from the Apple Menu and select the Network Preference Pane Choose Show Built in Ethernet Click on the TCP IP tab Choose Configure Using DHCP Quit System Preferences D 3 Appendix E Common Error Messages This Appendix provides a library of common error messages explaining how each one is obtained and how to keep them error from reoccurring 1 Server Error 401 Unauthorized Access Denied EJ http 1 10 0 0 27 Microsoft Internet Explorer Qe Fie Edit View Favorites Tools Help a Q O x A 4 Osea Pp ravortes meda O Ar BS Address El http 10 0 0 2 y Ec ins Web Server Error Report Server Error 401 Unauthorized Access denied doc index htm Done Internet This error occurs when an Invalid Login attempt is made This is caused by an invalid user name and or password E 1 2 Server Error 403 Forbidden Access Denied EY Cone
119. utside user sends requests to the DMZ and the DMZ initiates sessions in the public network based on these requests A DMZ cannot initiate a session in the private network it can only forward packets to the private network as they are requested Domain Name System A method to locate and translate Domain Names into Internet Protocol IP addresses where a Domain Name is a simple and meaningful name for an Internet address Digital Subscriber Line A technology that provides broadband connections over standard phone lines Digital Subscriber Line Access Multiplexer Using multiplexing techniques a DSLAM receives signals from customer DSL lines and places the signals on a high speed backbone line DSLAMs are typically located at a telephone company s CO Central Office The inclusion of one data structure within another For example packets can be encapsulated in an ATM frame during transfer Forward Error Correction An error correction technique in which a data packet is processed through an algorithm that adds extra error correcting bits to the packet If the transmitted message is received in error these bits are used to correct the errored bits without retransmission A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out Firewalls work by analyzing and filtering out IP packets that violate a set of rules defined by the firewall administrator The firewall is loca
120. vd PPPoPve 0 Pye 0 PPPoE Connected 154 154 12230 79831 PPP Session 1 Pye 0 PPPoE Not Connected N A N A N A N A If a appears under Mode column you need to check the WAN configuration to make sure the VC has the correct encapsulation 1 Connection 1 Connect x PPP Point to Point Protocol The table displays the following fields e Connection Name This is user defined User defined connections for PPP can be created in PPP Configuration page e Interface States the interface that is being used PVCO PVC7 e Mode There are two available modes for the connection PPP over Ethernet PPPoE PPP over ATM PPPoA e Status States whether PPP connection is Connected or Not Connected e Packets Sent Number of packets sent by a particular PPP Connection e Packets Received Number of packets received by a particular PPP Connection e Bytes Sent Number of bytes sent by a particular PPP Connection e Bytes Received Number bytes received by a particular PPP Connection 3 3 Connect and Disconnect This field allows you to manually connect disconnect the PPP connection for each PPP interface In other words each PPP session can be connected and disconnected individually e Connection Specifies the PPP session to be connected disconnected e Connect Disconnect Execute Press this button to either connect or disconnect Connection status dialog will be displayed below the Execute button after it is pressed Sample d
121. will allow PPP requests from the WAN side to reset the Disconnect Timeout timer Note that requests from the WAN side cannot bring a PPP Session out of Idle state This is because when a PPP Session is in Idle state the connection is down if they match the filter table criteria Outbound Traffic Only When this option is selected default PPP sessions can only be activated Idle Timeout when a request is made on the LAN side to the WAN side The disconnect timer will reset when outbound traffic is detected if they match the filter table criteria Inbound and Outbound Traffic Selecting this will allow both WAN and LAN source packets to reset the idle timer 4 4 3 3 Filter Details The table displayed in the Filter Details section of the page shows all the current Idle Filters Traffic must match the criteria of one of these filters in order to cause an Idle Timeout unless All Traffic will reset Idle Timer is selected As a default and starting point for configuration WWW browsing HTTP FTP and Telnet related packets are part of the filter table IP Protocol This is the IP Protocol name corresponding to the Protocol Number Protocol This is the IP protocol number through which the PPP session can be activated The Protocol Numbers for filters are e TCP Protocol Number 6 e UDP Protocol Number 17 e ICMP Protocol Number 1 e IGMP Protocol Number 2 Port This is the Port through which the PPP session can be activated
122. will cause only one IP Address to be affected by the policy This IP Address will need to be specified by the user in the first IP Address entry field e IP Range Selecting this will enable you to select a range of IP Addresses to which the policy will apply The first IP Address in the range must be entered into the first IP Address entry field and the last IP Address in the range must be entered into the second IP Address entry field e Mask Range Selecting this will enable you to select a range of Subnet Masks to which the policy will apply The first Subnet Mask in the range must be entered into the first IP Address entry field and the last Subnet Mask in the range must be entered into the second IP Address entry field Dest IP This specifies the Destination IP for the Inbound Policy This is the internal LAN side behind the firewall IP address or addresses and Subnet Mask s that will be affected by the policy See Sre IP above for configuration detail Src Port This specifies the Source Port for the Inbound Policy This is the external WAN side outside of the firewall port s that will be affected by the policy In this field there are two port entry fields and a dropdown menu The dropdown menu has four options e Any Port Selecting this will cause all Ports to be affected by the policy When this is selected you will be unable to enter any information into the Port entry fields e Single Port Selecting this will cause onl
123. word Co Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Admin Password Configuration For FTP to work the password for Admin should be at least 8 characters Do not use amp in the password Admin Password Retype Password Settings need to be saved to Flash and the system needs to be rebooted for changes to take effect The Admin password can be up to 65 characters excluding amp The Admin password is same as the FTP password so it must have at least 8 characters for the FTP to work 5 11 Reset to Factory Default The Reset to Factory Default page allows you to reset the ADSL Bridge Router to original factory default configuration Bridge Filtering DNS User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code Reset settings to factory default and reboot 5 18 5 12 E CONEXANT Status Home
124. working check to make sure the VPI and VCI are configured correctly This test returns SKIPPED if the ADSL synchronization test failed Test Ethernet Connect to ATM This test returns PASS if the ATM AALS module is loaded correctly in your ADSL Bridge Router If this test returns FAIL an internal error has occurred This test returns SKIPPED if the ADSL synchronization does not return PASS Test PPPoE Connection This test returns PASS if your ADSL Bridge Router can see the PPPoE server If this test returns FAIL run this test again a few minutes after this test is completed especially if your PPPOE connection has just been improperly disconnected If this test consistently returns FAIL make sure that the PPPoE settings are in the correct configuration as instructed by your service provider make sure the VPI and the VCI settings of the current VC are configured correctly This test returns SKIPPED if the AAL5 Connection test does not return PASS Test PPP Layer Connection This test returns PASS if your login name and password have passed authentication with your service provider If this test returns FAIL run this test again a few minutes after this test is completed especially if your PPP connection has just been improperly disconnected If this test consistently fails first make sure your login name and password are correct Remember that login names and passwords are case sensitive This test returns SKIPPED if the PPPoE
125. xant Hasbani Microsoft Internet Explorer o a _ Wwe File Edit View Favorites Tools Help a Qx x a JO Search Sfp Favorites Aui E 2 eB LJ B Address http J 10 0 0 2 y Es Web Server Error Report Server Error 403 Forbidden Access denied doc wan htm Virtual Server ridge Filterin DNS Us C Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Co ition Route Table Learned MAC Table RIP Configuration SNMP Configuration Misc Configuration TCP Status Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code 4D Internet This error occurs when the standard user account non admin attempts to load pages under the Admin Privilege section This error message can vary depending on the access attempt In the variations the bottom line doc wan htm may be replaced with something else E 2 Appendix F Glossary The Glossary provides an explanation of terms and acronyms discussed in this user guide AP ATM BC BER Bridge Bridge Mode CBR Cell CHAP CLP CO CPE CRC Access Point A station that transmits and receives data in a WLAN Wireless Local Area Network An access point acts as a bridge for wireless devices into a LAN Asynchronous Transfer Mode A method of transfer in which data is organized into 53 byte cell units ATM cells are processed asynchronousl
126. xisting standard security protocols such as Remote Authentication Dial In User Service RADIUS to provide centralized user identification dynamic key management and accounting 801 X security is an optional feature that may or may not be included in the firmware you are using The Wireless LAN Security page allows you to configure advanced security options User Password Configuration Save Settings Reboot Admin Privilege WAN Status ATM Status ADSL Configuration Route Table Learned MAC Table RIP Configuration Misc Configuration TCP Status Admin Password Configuration Reset to Factory Default Diagnostic Test System Log Local Code Image Update Network Code Image Update Firmware Boot Code WLAN Security Firmware Version CX_WLANSEC_3 0 0 WLAN Security Status Disable v WLAN Security Method WPa Psk x WPA Pre Shared Key eccccece WPA Group Key Timeout sec 0 RADIUS Re Auth Timeout sec 900 Primary RADIUS Server Status Disable y Shared Secret e TP Address 0 0 0 0 Port Number 1812 Response Time 3 180 sec 3 Maximum Retry 1 5 3 Secondary RADIUS Server Status Disable v Shared Secret e TP Address 0 0 0 0 Port Number 1812 Response Time 3 180 sec 3 Maximum Retry 1 5 3 4 29 Firmware Version This is the version of the Wireless Security firmware WLAN Security Status This field allows you to enable disable WLAN Security WLAN Security Method
127. y in relation to other cells Broadcast Communication in which a sender transmits to everyone in the network Bit Error Rate Percentage of Bits that contain errors relative to the total number of bits transmitted A device that connects two networks and decides which network the data should go to Bridge Mode is used when there is one PC connected to the LAN side Ethernet or USB port IEEE 802 1D method of transport bridging is used to bridge between the WAN ADSL side and the LAN Ethernet or USB side i e to store and forward Constant Bit Rate A constant transfer rate that is ideal for streaming executing while still downloading data such as audio or video files A unit of transmission in ATM consisting of a fixed size frame containing a 5 octet header and a 48 octet payload Challenge Handshake Authentication Protocol Typically more secure than PAP CHAP uses username and password in combination with a randomly generated challenge string which has to be authenticated using a one way hashing function Cell Loss Priority ATM cells have two levels of priority CLPO and CLP1 CLPO0 is of higher priority and in times of high traffic congestion CLP1 error cells may be discarded to preserve the Cell Loss Ratio of the CLPO cells Central Office In a local loop a Central Office is where home and office phone lines come together and go through switching equipment to connect them to other Central Offices The distance from
128. y one Port to be affected by the policy This Port will need to be specified by the user in the first Port entry field e Port Range Selecting this will enable you to select a range of Ports to which the policy will apply The first Port in the range must be entered in the first Port entry field and the last Port in the range must be entered in the second Port entry field e Safe Ports Any port greater than 1024 1025 65535 is considered a safe port Dest Port This specifies the Destination Port for the Inbound Policy This is the internal LAN side behind the firewall Port that will be affected by the policy See Sre Port above for configuration detail Transport Protocol This specifies the Transport Transfer protocol for the policy The following protocol options are available All TCP UDP ICMP AH ESP and GRE Filtering Action This specifies what action the policy takes e Allow Selecting this will cause the policy to allow packet transfer from the Sre IP through the Sre Port to travel through the Dest Port to the Dest IP All of these are specified above and must be configured by the user e Deny Selecting this will cause the policy to deny packet transfer from the Sre IP through the Sre Port to travel through the Dest Port to the Dest IP All of these are specified above and must be configured by the user 6 13 Time Window Filtering This field allows you to select a certain time frame from the Time Group
Download Pdf Manuals
Related Search