2Wire Gateway User Guide
Contents
1. Enable Router behind Router alert I Display alert when another router is connected to this router suam Settings co Back to Top Figure 33 MDC Local Network Configuration Page Private Network Settings By default the gateway uses the 192 168 1 254 255 255 255 0 IP address range The Private Network pane allows you to change the IP address range used by the local network You can choose from three standard configuration options or configure the network settings manually 78 Management and Diagnostic Console Note If you change the local network IP address range you must renew the DHCP lease on all devices on the gateway s local network and manually reconfigure all devices configured with static IP addresses Public Routed Subinterface Settings The Public Routed Subinterface pane allows you to create a local network that has broadband network accessible IP addresses by creating a route from the Internet to the public network specified The public network operates without the use of Network Address Translation NAT This feature is typically used in conjunction with broadband service that provides a range of available IP addresses Once enabled the public IP addresses can be assigned to local computers Public Proxied Subnet Settings The Public Proxied Subnet pane allows you to create a local network that has broadband accessible IP addresses Public Proxied Subnet is a public network i2. Internet Address Subnet Mask Default Gateway Primary Domain Name Server Secondary Domain Name Server Domain Ee Maximum Transmission Unit MTU Gateway Ping DNS Communication x Configuration Server Post een Figure 8 View Broadband Link Details Page The following table shows the information that may be displayed on the Broadband Link Details page Note The information displayed depends on the type of broadband service you have and your gateway model 14 Item DSL Connection DSL Line Wire Pair Protocol Downstream Rate Upstream Rate Channel Current Noise Margin Current Attenuation Current Output Power DSLAM Vendor Information PVC Info Internet Connection Details Connection Type Broadband Link Tab Description The DSL signal can be transmitted on Line 1 inner pair or Line 2 outer pair During installation the gateway automatically detects on which line the DSL signal is being transmitted Displays which DSL protocol is being used to communicate between your system and your service provider The speed at which data comes over your broadband connection from the Internet to your network measured in kilobits per second kbps The speed at which data goes over your broadband connection from your network to the Internet measured in kilobits per second kbps The setting in this field is determined by your ISP s DSLAM equipment Indicates how
3. Device List I shomed is UP Wireless gt bridge0 is UP Configure gt ipnett is UP bridgemon0 is UP Firewall rippool0 is UP Settings gt hostap0 is UP Detailed Information PHY_NONE gt bband0 is Advanced Settings dsl is UP Voice I 5apvcd is UP Summary V atm0 is UP gt bridge1 is UP Configure Server polo i Configure Server gt eapol0 is UP Configure Line Association dhcp0 is UP bleshooti gt ipnet0 is UP ken ee baa ue a bridge2 is NOT PROV Event Loq Network Tests route Uggrage History Dependency State UP Resets Link State Link Detail Advanced Timeout 0 Silog Settings File descriptor flags 00000000 Provisioning Info Reported error string Configure Time Services File Descprtor State Count 0 Active 0 Events 0 Configure Services Static Routes Module State Change History DNS Resolve To State UP at 00 00 17 29 Traffic Shaping Link Manager route0 has 0 routes 0 configured Detailed Log Figure 52 MDC Advanced Link Manager States Page The Link Manager States page is used to gather dynamic information on internal networking modules and is based on the runtime configuration of the 2Wire gateway The information cannot be used to configure the 2Wire gateway 119 Management and Diagnostic Console To view information about each node click the node link Information displays below the Link Manager States tree a
4. Invalid Source Destination IP address Packet Flood SYN UDP ICMP Other Invalid TCP Flag Attacks NULL XMAS Other Invalid ICMP Detection Miscellaneous Description and Action Taken When enabled the firewall will detect applications on the local network that are creating excessive sessions out to the Internet This activity is likely due to a virus or worm infected computer for example Blaster Worm When the event is detected the gateway displays a HURL warning page A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services each associated with a well known port number such as UDP and TCP the computer provides When enabled the firewall detects UDP and TCP port scans and drops the packet When enabled the firewall will verify IP addresses by checking for the following IP source address is broadcast or multicast drop packet TCP destination IP address is not unicast drop packet IP source and destination address are the same drop packet Invalid IP source received from private home network drop packet When enabled the firewall will check for SYN UDP ICMP and other types of packet floods on the local and Internet facing interfaces and stop the flood When enabled the firewall will scan inbound and outbound packets for invalid TCP Flag settings and drop the packet to prevent SYN FIN NULL and XMAS attacks
5. Link Manager Detailed Log Management and Diagnostic Console Advanced DNS Name table Define a Name and Address to resolve DNS name IP Address Name table DNS name IP Address Figure 50 MDC Advanced DNS Name Table Page To add entries to the Name table 1 2 In the DNS name field enter a name for the device In the IP Address field enter the device s IP address Click ADD Entry Type The Name table displays the name you defined for each device the device s IP address and the entry type To remove the device from the Name table click the Remove button 117 Management and Diagnostic Console Advanced Traffic Shaping Page Note To access this page your network must have the Remote Management feature enabled 7 If the feature is not enabled an error message will display when you click the link to access this page The Advanced Traffic Shaping page allows users to change the 2Wire gateway s maximum upstream connection rate gw Management and Diagnostic Console System Summary Advanced Traffic Shaping suem Settings Broadband Link sius WARNING St Settings on this configuration page may affect the performance of your Internet connection Statistics Detailed Statistics Hoe Enable Traffic Shaping n Current Upstream Rate 864 kbps Local Network New Upstream Rate kbps Status Statistics Device List Wireless Configure Firewall Settings Detai
6. Total corrected errors for this connection The DSL mode used G DMT 11 413 or G LITE Vendor ID of the DSLAM for example ALCB indicates Alcatel DSLAM in G DMT mode The internal state of the modem If there are repeated connection problems technical support representatives can use this information to determine at what point during training the modem failed or whether the modem is repeatedly failing at the same point 95 Item Exit Code Echo VXCO Rx Gain INC Tones Management and Diagnostic Console Description Indicates the reason for a lost connection or a terminated training attempt Following are examples of the typical values that can be represented ERR LOF LIMIT Retrained due to loss of framing ERR LOS LIMIT Retrained due to loss of signal ERR HI BER LIMIT Retrained due to excessive CRCs RESTART System deliberately restarted modem line search reprovisioning or 30 second timeout when waiting for DSL signal ERR_STATE_TIMEOUT Modem timed out during training for example the modem failed to detect pilot signal at the appropriate time ERR_ALL_OPTIONS_FAIL Failed to negotiate a final bitrate with DSLAM RETRAIN_HIGHER Proactive retrain in order to obtain a significantly higher connect rate A measure of the uncancelled echo relative to the background noise on the line This is an indication of how much the uncancelled echo is affecting DSL performance rather than an absolute mea
7. Broadband Link Summary Statistics Detailed Statistics Configure Local Network Status Statistics Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Firewall Settings suevrr settings By default the firewall blocks all unwanted access from the Internet You can allow access from the Internet to applications running on computers inside your secure home network by enabling firewall pinholes Opening firewall pinholes is also known as opening firewall ports or firewall port forwarding To do this associate the desired application with the computer below If you cannot find a listing for your application you can create a user defined application profile To create a user defined profile you will need to know protocol and port information To Allow Users Through the Firewall to Hosted Applications Select a computer Choose the computer that will host applications through the firewall DLeosticTest Y Edit firewall settings for this computer Maximum protection Disallow unsolicited inbound
8. Click Submit 4 Access the selected computer 5 Confirm that the computer is configured for DHCP If it is not configure it for DHCP 6 Restart the computer When the computer restarts it receives a special IP address from the system and all unassigned TCP and UDP ports are forwarded to it 83 Firewall Detailed Information Page Management and Diagnostic Console Note To access this page your network must have the Remote Management feature enabled A If the feature is not enabled an error message will display when you click the link to access this page The Firewall Detailed Information page shows detailed information about the gateway s firewall 2WRE System Summary Broadband Link Summary Statistics Detailed Statistics Configure Local Network Status Statistics Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Management and Diagnostic Console Firewall Detailed Information Pinholes external pin holes 192 available NAT Sessions current secs since boo
9. DSLAM vendor identification For G dmt or G lite protocol values are Country Vendor and Specific For ANSI T1 413 protocol values are ID Rev Revision and Std Standard The ATM VPI VCI LLC or VCMux The method by which the 2Wire gateway connects to the ISP Direct_IP PPPoA or PPPoE For the HomePortal 1000 direct uses an RFC2684 formerly RFC 1483 bridged Ethernet connection without FCS PID 0x00 07 format The 2Wire gateway user name This field is present only when the connection type is PPPoE The type of PPPoE services being used This field is present only when the connection type is PPPoE The broadband address of the 2Wire gateway The subnet mask to be used by the 2Wire gateway on the broadband link The IP address of the default gateway default router that the 2Wire gateway connects to on the broadband link 61 Item Primary DNS Secondary DNS Host Name Domain Name MTU Spoof MAC Address Management and Diagnostic Console Description The IP address of the primary DNS server that the 2Wire gateway is to use for DNS name resolution on the broadband link The IP address of the secondary DNS server that the 2Wire gateway is to use for DNS name resolution on the broadband link The 2Wire gateway host name This field is only present if the user configures the 2Wire gateway with a host name The domain name associated with the 2Wire gateway on the broadband link Maximum siz
10. Wireless Settings Page The Local Network Wireless Settings page allows you to view or change the wireless settings with which your gateway is configured LI 2WiRI Management and Diagnostic Console system Summary Local Network Wireless Settings susvr Settings Broadband Link Current Settings Summary Access Point 00 12 88 fc 2b 01 Statistics Network Name 2WIRE024 Detailed Statistics Channel Auto Configure Authentication WEP Open Encryption WEP Local Network onn Status Settings Statistics Network Name 2 WIREO24 Device List Wireless Channel Auto 7 Wireless Enable SSID Broadcast iv Configure ae Wireless Security Setti Ca Enable Wireless Network Security v Detailed Information Auth Advanced Settings Mbenlication i WEP Open H Use default encryption key Voice C Use custom encryption key Summary Configure Server ney easier NN TODA Additional Settings defaults recommended Troubleshooting Wireless Mode 802 11b g z DSL Diagnostics Evento DTIM Period seconds 1 Network Tests Power Setting Ba Upgrade History Maximum Connection Rate 54 Mbps Resets suami Settings Advanced Syslog Settings co Provisioning Info Back to Top Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Figure 32 MDC Local Network Wireless Settings Pa
11. outer pair 2 Inthe ATM Circuit Identifier VPI and VCI fields enter the VPI and VCI you want the gateway to use to connect to the ISP 3 From the ATM Encapsulation pull down menu select VC Mux or LLC 4 Inthe ATM PVC Search field click the Enabled or Disabled radio button 5 Click the Submit button Modifying Internet Connection and Authentication Settings The Internet Connection Settings Connection and Authentication pane allows you to modify the method by which you connect to the Internet To modify Internet connection and authentication settings 1 Ensure that the Broadband connection Enabled radio button is selected default 2 From the Connection Type pull down menu select the connection type either Direct IP DHCP or Static PPPoE or PPPOA If you connect via PPPoE or PPPoA proceed to step 2 If you connect via Direct IP proceed to step 5 Direct IP connection does not require a user name or password 3 In the Username field enter your user name 4 In the Password field enter your password 5 n the Confirm Password field re enter your system password 6 Click the Submit button The PPP on Demand field allows you to enable PPP on demand If the value is set to O minutes the PPP session will be persistent always on If the value is between 1 to 10080 minutes the PPP session will timeout if the 2Wire gateway does not detect outbound traffic destined for the Internet in the specified time When th
12. 1 ce hh hrs 87 Enabling Security Features ee 88 Controlling Inbound and Outbound Traffic rn 88 Disabling Attack Detection cc eee 88 Enabling Full Logging cc eee 88 Voice Server Summary Page 1 eee 89 Voice Configure Server Page ee eee 90 Voice Associate Server Page 1 ee ee hh hh ars 92 Troubleshooting DSL Diagnostics Page leer rr nn 93 Analyzing General Information ce ee ees 94 Reviewing Training History ees 95 Reviewing Bitloading lee hh hh hh 97 Troubleshooting Event Log Page ehh hr hh rns 98 Troubleshooting Network Tests Page llle hr hrs 100 Troubleshooting Upgrade History Page leer rr hrs 102 Troubleshooting Resets Page cc hh hh hh rr rs 103 Advanced Syslog Settings Page ee hh hh rs 105 Advanced Provisioning Info Page lese hh hr hrs 106 Advanced Configure Time Services Page hr rn 108 Advanced Configure Services Page leen hh rns 110 ROUNE uuu Soe ak de EUR EG a a e RC CIR Ue Ma RR RU CR CR aout Maa CD cR 110 Changing Timeout Parameters lee hh hs 113 Enabling Broadband Status Notification 2 0 0 cc nn 113 Enabling Missing DSL Filter Notification 0 0 0 es 113 Enabling SIP Application Layer Gateway eer 113 Changing the Upstream MTU eee eee hr hrs 113 Advan
13. 5 System Link Network Network Summary Firewall Settings Advanced Settings 49 HONE site Map Edit Advanced Firewall Settings WARNING A Modifying the settings on this page can impsct the ability of computers on the local network to acoess your broadband connection Modifications may also affect brosdband ensbled applications and services running on the local network Settings Instructions Security Limiting data traffic may disable support for hosted applications that require inbound communications such Check to enable the features below as Web servers games or Internet chat programs All EH Stealth Mode data traffic will continue to be scanned by the firewall for known hacker attacks E Block Ping Strict UDP Session Control A Det o Inbound and Outbound Control Check to detect the types of attacks below Checking the box allows the associated traffic type through the firewall me ive Session Detection Oui snout V TCP UDP Port Scan v HTTP Remote Management Invalid Source Destination IP address v HTTPS E NetBlos Packet Flood SYN UDP ICMP Other V FTP m Invalid TCP Flag Attacks NULL XMAS Other v Telnet v Invalid ICMP Detection v sure v Miscellaneous v DNs Ewes sve fl cora v PoP3 v MAP NNTP v RC v H323 v All Other Protocols save CANCEL RESTORE DEFAULTS Figure 22 Edit Advanced Firewall Settings Page Note These features should be
14. Control Panels 3 Select TCP IP 4 From the Configure pulldown menu select Built in Ethernet 5 From the File menu select Get Info Your MAC address appears as either the Hardware Address or the Ethernet Address Macintosh OS X 1 Click the Apple icon 2 Select System Preferences 3 Click the Network icon 4 Click the TCP IP tab 5 From the Configure pulldown menu select Built in Ethernet Your MAC address appears in the lower left corner as the Ethernet Address 13 Broadband Link Tab Connection Details The View connection details link accesses the Broadband Link Details page which displays technical information about your broadband connection Technical support representatives use this information to help troubleshoot problems with your broadband connection BWRE S vs System semp Network eus gio Summary Details Diagnostics Statistics Advanced Setti ffr HONE Site Map View Broadband Link Details Details o DSL Connection Details DSL Line Wire Pair Line 1 inner pair Protocol G DMT2 Annex A Downstream Rate 3006 kbps Upstream Rate 511 kbps Channel Interleaved Current Noise Margin 31 0 dB Downstream 29 8 dB Upstream Current Attenuation 1 5 dB Downstream 0 0 dB Upstream Current Output Power 6 9 dBm Downstream 10 9 dBm Upstream DSLAM Vendor Information Country 0xB5 Vendor BDCM Specific 0x662 Internet Connection Details Connection Type
15. Data Errors panel displays the following information Data Error Description ATM Cell Header Errors The number of ATM cell header CRC errors since the 2Wire gateway was last restarted and the elapsed time since the last cell header error ATM Loss of Cell Delineation The number of ATM loss of cell delineation errors since the 2Wire gateway was last restarted and the elapsed time since the last loss of cell delineation error 20 Data Error DSL Link Retrains DSL Training Errors DSL Training Timeouts DSL Loss of Framing Failures DSL Loss of Signal Failures DSL Loss of Power Failures DSL Loss of Margin Failures DSL Cumulative Errored Seconds DSL Severely Errored Seconds DSL Corrected Blocks DSL Uncorrected Blocks ISP Connection Establishment Broadband Link Tab Description The number of DSL retrains since the 2Wire gateway was last restarted and the time elapsed since the last retrain The number of failed DSL retrains since the 2Wire gateway was last restarted and the elapsed time since the last failed retrain The number of timeouts waiting for response from ATU C since the 2Wire gateway was last restarted and the elapsed time since the last initialization timeout The number of DSL loss of framing failures since the 2Wire gateway was last restarted and the elapsed time since the last line search initialization The number of DSL loss of signal failures since the 2Wire gateway was las
16. Each log displays the following information Status level DBG debug INF informational NTC notice WRN warning ERR error FTL fatal ALR alarm or EMR emergency Timestamp in days hours minutes and seconds since the state occurred A preceding the timestamp designates that the timestamp occurred upon system startup A time zone Such as GMT following the timestamp designates that the timestamp occurred after system startup Module in which the state occurred for example netdev Description of the log entry When you click Insert Mark a placeholder is inserted into the code string to mark where the error was found The following table lists the filters that can be applied Filter All aaal5 algaim algesp algh323 alghttp algintt algmsgame algmsn algpptp algrtp algrtsp algsip algww amon atm cm devfs Description All log messages ATM AAL5 encapsulation AOL Instant Messenger ALG IPSec ESP ALG H323 ALG HTTP ALG Intoto Wrapper ALG Microsoft Game ALG MSN Messenger ALG PPTP ALG RTP ALG RTSP ALG SIP ALG Kineto QoS ALG Application monitoring issues ATM stack Configuration Manager configuration database Device files system 123 Filter dhcpd dsl dslice eth ethatm fw gpio hostapd hpna httpd initd ipsess jtag kacct kelog kmem kppp kpppoa kpppoe krtlock kthread led Imd login Iwdp mdog msig named Description DHCP
17. Hosting an Application To host an application on the gateway s network for Internet users to access such as a Web server the firewall must be configured to allow users on the Internet to access it To host an application 1 From 1 Select a computer select a computer from the pull down menu 2 From 2 Edit firewall settings for this computer click the Allow individual application s radio button 3 From the Applications list select an application profile 4 Click the ADD 5 button The application displays in the Hosted Applications list 5 Click the Submit button To stop an application that is routed to a selected computer 1 From the Hosted Applications list select the application profile name 2 Click the lt REMOVE button Note If an application does not appear in the Applications list the list may need updating If an update is available click the UPDATE APPLICATION LIST button Creating an Application Profile If the application that the user wishes to host is not included in the updated application list you may need to create an application profile An application profile configures the system s firewall to pass through application specific data 81 Management and Diagnostic Console To create an application profile 1 Click the Add a new user defined application link The Edit Application page opens ur 9 5S 2WRE P e yo Broadband Home Voice Firewall System Link Network 5 Networ
18. Other Places Er Kos 1 Control Panel br My Network Places E My Documents M My Computer Details Local Area Connection LAN or High Speed Internet Enabled Broadcom 570x Gigabit Integrated Controller IP Address 10 4 254 164 Subnet Mask 255 255 0 0 Assigned by DHCP 111 e Management and Diagnostic Console c Click Internet Protocol TCP IP then click the Properties button Network Connections This connection uses the following items HB Broadcom 570x Gigabit Integrated Controller IV IB Ciient for Microsoft Networks Iv Jill File and Printer Sharing for Microsoft Networks QoS Packet Scheduler Intemet Protocol TCP IP Description Transmission Control Protocol Intemet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon in notification area when connected or J cra In the General tab click the Use the following IP address radio button In the IP address field enter an IP address between 192 168 1 1 to 192 168 1 254 In the Subnet mask field enter 255 255 255 0 In the Default gateway and Preferred DNS server fields enter 192 168 1 254 Network Connections O 0 8 d Help JO search Folders F Use the following DNS server addresses Address B Network Connections LAN or High Speed Internet Authentication Adv
19. Settings Security Check to enable the features below Stealth Mode Block Ping ict UDP Session Control Inbound and Outbound Control Checking the box allows the associated traffic type through the firewall Outbound Inbound HTTP Remote Management v HTTPS C NetBios FTP Telnet SMTP DNS NetBIOS S DI I I KI POP3 v MAP NNTP v Rc v 8323 v All Other Protocols SAVE jf CANCEL RESTORE DEFAULTS 1 In the Security pane click the Strict UDP Session Control checkbox 2 Click SAVE 50 Firewall Tab Allowing Inbound and Outbound Traffic The Inbound and Outbound Control pane displays some common protocol types When one of the Inbound protocol boxes is checked the firewall allows the corresponding protocol to pass through from the Internet to the network If one of the Outbound protocol boxes is checked the firewall allows the traffic from the network to pass through the firewall to the Internet Note If you configure the firewall to block an Inbound protocol you may disable support for hosted applications that require that type of protocol To block an Inbound or Outbound protocol Open a Web browser and access the 2Wire gateway user 7 Stealth Mode interface by entering http gateway 2Wire net M Block Ping T Strict UDP Session Control Click the Firewall tab Inbound and Outbound Control Click the Advanced Settings link under the tab to open the Checking the b
20. UDP Session Control A o Inbound and Outbound Control Check to detect the types of attacks below Checking the box allows the associated traffic type through the firewall TJ Excessive Session Detection Outbound Inbound IZ TCP UDP Port Scan HTTP Remote Management Invalid Source Destination IP address HTTPS NetBios Packet Flood SYN UDP ICMP Other v FTP Invalid TCP Flag Attacks NULL XMAS Other Telnet Invalid ICMP Detection Miscellaneous DNS NetBlos save cance POP3 MAP NNTP IRC H323 v All Other Protocols save cance RESTORE DEFAULTS Figure 23 Edit Advanced Firewall Settings Page 1 In the Attack Detection panel deselect the appropriate checkbox 2 Click SAVE 53 Management and Diagnostic Console This chapter describes the 2Wire gateway Management and Diagnostic Console MDC The Management and Diagnostic Console provides information about the status of the 2Wire gateway its broadband network connections attached home networking devices system and security information and a running log of any error conditions You can use the tools provided to View configuration and service provisioning information View operation logs Perform diagnostic tests Configure the gateway The following sections describe how to access the Management and Diagnostic Console use the diagnostic and configuration tools and modify settings Note The MDC pages available are dependent on the 2Wire gate
21. Understanding the Status at a Glance Panel The Status at a Glance panel shows you a list of network connection types the number of devices connected via each Confirm Local Interface Changes connection type and your wireless settings Warning To change your wireless settings click the EDIT SETTINGS button A E meen Phoneline HomePNA To disable a network device click the DISABLE button Any camp uier cohngalad Ko In NIE inie nakwurkiype Wil ba A message asks you to confirm your decision RAHA An Monitoring Your Wireless Settings ADSL2 Router is the customer s responsibility Telecom will take no responsibility for charges made to customer s accounts due to poorly organized wireless security allowing unknown users to connect to the internet via this wireless router Should this occur do not complain to the Telecom Fault Service or Jetstream Helpdesk Note Security of the 802 11g wireless connection associated with this 2Wire 2701HGV W Your 2Wire gateway has an integrated wireless access point which enables you to connect your wireless enabled computers to your home network By default the 2Wire gateway ships with WEP enabled and a preconfigured network name The default WEP key is located on the bottom of the gateway next to the serial number To check your current settings and configure changes Open a Web browser and access the 2Wire gateway user interface by entering http gateway 2wire net Click the Home Networ
22. a new user defined application link to open the Edit Application page D B 2 S ewe Broadband Home Voice Firewall E Lin System k Network Network Summary Firewall Settings Advanced Settings Pr HONE site map Edit Application Settings Profile Name Enter a name for the application profile that you are creating Definition Choose a protocol and enter the port s for this application then click ADD DEFINITION to add the definition to the Definition List If the application requires muttiple ports or both TCP and UDP ports you will need to add multiple definitions Note In some rare instances certain application types require specislized firewall changes in addition to simple port forwarding If the application you are adding appears in the application type menu below it is recommended that you select it Protocol 7TCP O UDP Port or Range From To a TCP default 86400 Protocol Timeout seconds UDP default 600 Default the same port as Map to Host Port defined al Application Type None Default v ADD DEFINTION Figure 18 Edit Application Page 40 3 4 Firewall Tab In the Application Name field enter a name for the application profile You can enter any name you like although it s recommended that you use the name of the application for example Redwing Game Server In the Definition panel
23. and wra Firewall Shows all detailed firewall events including Internet Access Control and Firewall Monitor FW Alert Shows the current Firewall Monitor log which registers all significant Firewall Monitor related events 97 Management and Diagnostic Console HURL Shows the Broadband Redirect messages that have been enabled by a service provider Modem Shows the current modem log which registers all significant modem related events System Shows the current system log which registers all significant events within the 2Wire gateway since it was last restarted WRA Shows the current Web Remote Access log which registers all significant Web Remote Access related events Each log entry includes the severity level a description of the event and the actual time that it occurred The most recent events display at the bottom of the list Events generate an Informational INF or Warning WRN severity level Informational indicates events that are informational only Warning indicates an unexpected condition that does not affect the 2Wire gateway s ability to operate for example a network problem or the 2Wire gateway is not configured properly For events that involve the transfer of packets the following additional information is displayed Item Description src Source IP address dst Destination IP address ipprot Protocol number as indicated in the IP header field sport Source port TCP and UDP dport Destination
24. application you selected now appears in the Hosted Applications pane 5 Click DONE To stop hosting an application 1 In the Hosted Applications panel select the application you wish to stop hosting 2 Click the REMOVE button 3 Click DONE 38 Firewall Tab Updating the Application Profile List If the application you want to host does not appear in the Application Profile list you may need to update the application list If an update is available the UPDATE APPLICATION LIST button appears above the list of application profiles If the application that you want to host is not included in the updated application list you may need to add your own application profile Adding an Application Profile If you wish to host an application that is not included in the Application Profile list you can add an application using the Add Application Profile page An application profile configures your system s firewall to pass through application specific data This feature is typically used if the application for which you would like to pass through data to a given computer is new or has been recently updated to a new version To create a new application profile Open a Web browser and access the gateway user interface by entering http gateway 2Wire net Click the Firewall tab Click the Firewall Settings link under the tab to open the Edit Firewall Settings page 39 Firewall Tab In the Applications panel click the Add
25. been specifically assigned to another computer using the Allow individual applications feature will automatically be directed to this computer The DMZplus enabled computer is less secure because all unassigned firewall ports are opened for that computer Note Once DMZplus mode is selected and you click DONE the system will issue a new IP address to the selected computer The computer must be set to DHCP mode to receive the new IP sddress from the system and you must reboot the computer If you sre changing DMZplus mode from one computer to another computer you must reboot both computers Figure 20 Edit Firewall Settings Page 1 From the Select a computer pull down menu select the computer to which you would like to have all data sent 2 Click Allow all applications DMZplus mode 43 Firewall Tab Click DONE Access the computer that you selected in step 1 Confirm that the computer is configured for DHCP If it is not configure it for DHCP Restart the computer When the computer restarts it receives a special IP address from the system and all unassigned TCP and UDP ports are forwarded to it To stop DMZplus 1 5 From the Select a computer pull down menu select the computer for which you would like to disable DMZplus In the Edit firewall settings for this computer pane click Maximum protection Click DONE Access the computer that you selected in step 1 If the computer will continue to autom
26. between a wireless network and a wired network With the help of the system a wireless base station is an example of an access point that acts between a wireless node and with other wired PCs and peripherals Default Gateway A device that is placed between network segments or subnets to ensure that traffic is properly routed between different subnets To communicate with a device on another network users need to know the default gateway s IP address DHCP Dynamic Host Configuration Protocol A TCP IP protocol that allows servers to assign IP addresses dynamically to PCs and workstations The PC or workstation borrows the IP address for a period of time then the IP address returns to the DHCP server for reassignment DMZ Demilitarized Zone A computer or small subnetwork that sits between a trusted internal network such as a LAN and an untrusted external network such as the Internet Typically the DMZ contains devices accessible to Internet traffic such as Web HTTP servers FTP servers SMTP e mail servers and DNS servers DNS Domain Name System The DNS is the way that Internet domain names such as www 2wire com are located and translated into IP addresses DSLAM Digital Subscriber Line Access Multiplexer A device found in telephone company central offices that takes a number of DSL subscriber lines and concentrates them onto a single ATM line Ethernet A type of local area network that operates over twis
27. create a definition for your application A definition consists of a series of protocol specific ports that are to be allowed through the firewall This information should be contained in the documentation provided by the company that produces the application a In the Protocol field select the TCP or UDP radio button If the application you are adding requires both you must create a separate definition for each b In the Port or Range field enter the port or port range the application uses For example some applications may require only one port to be opened such as TCP port 500 others may require that all TCP ports from 600 to 1000 be opened c In the Protocol Timeout seconds field you may optionally enter a value for the amount of time that can pass before the application times out You can also leave the field blank in which case the system uses the default values 86 400 seconds for the TCP protocol 600 seconds for the UDP protocol d Inthe Map to Host Port field enter a value that will map the port range you established in step b to the local computer For example if you set the value to 4000 and the range being opened is 100 to 108 the forwarded data to the first value in the range will be sent to 4000 Subsequent ports will be mapped accordingly 101 will be sent to 4001 102 will be sent to 4002 etc e From the Application Type drop down menu select the application type If you do not know the application
28. customer premises equipment Such as a modem PPPoE combines the Point to Point Protocol PPP commonly used in dialup connections with the Ethernet protocol which supports multiple users in a LAN Protocol Timeout The amount of time in seconds during which a connection in the specified range remains open when there is no data transfer After a connection has been established on a given port the sender and receiver usually determine when the session is finished and the connection is closed However if the connection is left open and data transfer stops the system must eventually close the connection and reclaim the resources in order to protect your network In some cases the system might close the application during normal operation for example if there is a long pause between data transfer If this is the case lengthening the timeout may help PVC permanent virtual circuit A virtual circuit that is permanently available Used to establish connections between hosts that communicate frequently Router The central switching device in a packet switched computer network that directs and controls the flow of data through the network S Subnet Mask The IP addressing system allows subnetworks or interchanges to be created and devices numbers or extensions to be established within these subnetworks These numbers are created using a mathematical device called a subnet mask A subnet mask like the IP address is a set of four numb
29. device is not permitted Doing so may result in the installed system exceeding RF exposure requirements This device must not be co located or operated in conjunction with any other antenna or radio transmitter Installers and end users must follow the installation instructions provided in this guide PTC General Warning The grant of a Telepermit for any item of terminal equipment indicates only that Telecom has accepted that the item complies with minimum conditions for connection to its network It indicates no endorsement of the product by Telecom nor does it provide any sort of warranty Above all it provides no assurance that any item will work correctly in all respects with another item of Telepermitted equipment of a different make or model nor does it imply that any product is compatible with all of Telecom s network services
30. installation This parameter may not be necessary and may be left blank The name that associates your gateway with your ISP on the broadband link This parameter may not be necessary and may be left blank If you receive your Internet address settings automatically the subnet mask has been set for you If you manually set your Internet address Static IP this is the information that was provided to you by your ISP and entered by you during gateway installation Shows the maximum size allowed on packets that are sent to and from your network to your ISP The 2Wire gateway periodically checks the connection between itself and your ISP s Default Gateway This field informs you that the check has been performed and whether or not it was successful The gateway periodically checks the connection between itself and your ISP s domain name server s to make sure DNS is available This field informs you that the check has been performed and whether or not it was successful The gateway periodically checks the connection between itself and the 2Wire Component Management System This field informs you that the check has been performed and whether or not it was successful 17 Broadband Link Tab Monitor Internet Connection The Monitor Internet connection link launches the Speed Meter The Speed Meter measures the actual rate at which data is coming into Incoming Kbps and going out of Outgoing Kbps your system It measures real ti
31. interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help CAUTION Changes or modifications not expressly approved by the party responsible for compliance could void your authority to operate this equipment Part 68 of FCC Rules This equipment complies with Part 68 of the FCC Rules On the modem board inside full featured base stations is a label that contains among other information the FCC registration number and ringer equivalence number REN for this equipment If requested this information may be provided to the telephone company The REN is used to determine the quantity of devices that may be connected to the telephone line Excessive RENs on the telephone line may result in the device not ringing in response to an incoming call In most but not all areas the sum of the RENs should not exceed five 5 0 L indice d quivalence de la sonner
32. much the noise on the DSL line can increase before it begins to affect the DSL signal As the noise on the DSL line increases the margin will approach zero If the noise exceeds the current noise margin the DSL signal will be lost The level is measured in decibels dBs Represents the decrease in signal strength between origination of the DSL Central Office and your gateway Customers who live close to their Central Office usually will have less signal loss and a low current attenuation The level is measured in decibels dBs The current DSL transmit power of your gateway The level is measured in decibels dBs A DSLAM is the piece of equipment located in the Central Office CO that provides the DSL signal to your DSL line The Vendor Information identifies information about the configuration of this equipment Displays the pair of numbers that uniquely identifies the ATM virtual circuit between the system and the provider of your DSL service Identifies the method by which the gateway connects to the Internet Service Provider ISP PPPoE PPPoA or Direct 15 Item Username Internet Address Subnet Mask Default Gateway Broadband Link Tab Description The name used to connect with your Internet Service Provider ISP Your username was either assigned to you or configured by you during the install process The correct username is required to successfully connect to the Internet A number that is assigned
33. ng 2701HGV A Gateway System Area j Software 5 29 116 1 eval Set system password View details zi Password Not Set Broadband Link Unprovisioned Broadband Connection Speed Link Area Incoming 3006 kbps Outgoing 511 kbps View summary r Home Network NG swang2 View the home network Home 152 168 1 64 Network Area B ugr waIN capricorn E jrindegard Figure 2 Network at a Glance Panel System Area of the Network at a Glance Panel The System area of the Network at a Glance panel displays your 2Wire gateway model name the version of gateway software that you are using and the status of your gateway password The diamond symbol in this area indicates the gateway s POWER light status and corresponds to the Power light on the front of your gateway The following table shows a list of possible POWER light states and their associated meanings Power Light Condition Off Power is not being supplied to the system The power supply is not plugged in correctly or the power adapter has malfunctioned Blinking Green The system is performing a self test Solid Green Power is on Blinking Orange The gateway is undergoing a software upgrade Solid Red System error Contact Technical Support System Tab If you have not set a system password the Set system password link displays If you have set a password the Change system password link displays You must enter the system pa
34. obtains its Internet address The Broadband IP panel allows you to manually configure your Internet address settings 1 Click the Manually configure IP address settings radio button 2 In the IP address field enter the IP address you want the gateway to use 3 In the Subnet Mask field enter the subnet mask you want the gateway to use 4 In the Default Gateway field enter the default gateway address you want the gateway to use 5 Click SAVE Modifying the Broadband DNS By default the gateway automatically obtains the DNS server addresses via DHCP The Broadband DNS panel allows you to manually configure your DNS information 1 Click the Manually configure your DNS information radio button 2 Inthe Primary Server field enter the IP address of the primary DNS server that the gateway is to use for DNS name resolution 3 In the Secondary Server field enter the IP address of the secondary DNS server that the gateway is to use for DNS name resolution 4 In the Domain Name field enter the specific domain name to be used by the gateway 5 Click SAVE Note If you choose to manually configure your system and have a problem re run your installation and follow the installation instructions provided to you by your service provider 24 Home Network Tab This chapter describes the 2Wire gateway Home Network features and provides detailed instructions on how to customize your network settings Viewing Your Home Networ
35. or Searching for DSL signal Ok or Suspicious check phone filters and alarm Ok or Suspicious hardware frequency mismatch Ok or Suspicious possible saturation 93 Item Impulse Noise Comp Tones Excessive Impulse Noise Impulse noise protection Delay of latency path Management and Diagnostic Console Description Value Comment Indicates the number of The ideal value is Ok or Suspicious compensation tones on which zero O Impulse noise detected impulse noise is detected For non interleaved lines with impulse noise the connect rate will be lowered to avoid excessive errors on the line however impulse noise may vary with time so connect rates may vary accordingly Impulse Noise Compensation is currently disabled for interleaved lines Indicates to what degree The ideal value is impulse noise is present on zero O the line Measurement of how much impulse noise can be mitigated Dependent on the current line configuration Measurement of how much delay is introduced Dependent on the current line configuration Reviewing Training History The Training History pane provides a record of the last 20 connection attempts The current connection or connection attempt is displayed in the last row Item Time Line Downstream Rate Max 1 Description Initially this field will display the time since power on in DAYS HH MM SS format until the gateway can access the Internet a
36. shows general information about the 2Wire gateway its configuration and components For example it shows the hardware and software version being used by the 2Wire gateway Broadband Link Pages The Broadband Link pages show summary detailed status and statistical information about the 2Wire gateway broadband link and lets you change configuration settings For example the Statistics page shows current upstream and downstream DSL data rates Local Network Pages Local Network pages show the general operating status of the home network and statistics associated with network interfaces For example the Statistics page shows the transmit and receive packet count for Ethernet Wireless HomePNA and USB interfaces Firewall Pages Firewall pages allow you to access settings and detailed information for the gateway s firewall and to configure the firewall if necessary For example you can use the Firewall Settings page to access applications that are usually blocked by the firewall Voice Pages Voice pages show summary information about the VoIP network and allow you to configure the servers and voice lines For example the Voice Configure Server page allows you to set up your VoIP server Troubleshooting Pages Troubleshooting pages allow you to view detailed logs that maintain a record of all significant 2Wire gateway events and to perform diagnostic tests For example if you are experiencing connection problems you can use th
37. the RESTORE DEFAULTS button Configuring Advanced Settings The Edit Advanced Home Network Settings page displays the current IP settings in use by your system for your home network and allows you to configure your home network settings You should adjust these settings ONLY if you are very familiar with computer networking technologies The Current Settings panel shows the following information Router Address The IP address used by your system on the private home network the default is 192 168 1 254 The system has two IP addresses a private address that it uses on the home network and one that is used on the public broadband connection on the Internet You can change the home network IP address by changing the home network IP address range Subnet Mask The subnet mask is determined by the home network IP address range settings the default is 255 255 255 0 DHCP Range The range of IP addresses used by your system the default is 192 168 1 64 through 192 168 1 253 IP addresses can be either static permanently assigned or dynamic automatic and temporary Setting up a Private Network By default the 2Wire gateway uses the 192 168 1 0 255 255 0 0 IP address range You can select from two additional IP address ranges or configure the network settings manually You should manually configure these settings ONLY if you thoroughly understand IP internetworking because an incorrect configuration can cause unpredictable results
38. to a computer so that it can communicate on a network and on the Internet This address is assigned to you by your Internet Service Provider for all communication on the Internet and can be either Static permanently assigned and manually entered or Dynamic automatically assigned and configured The typical configuration is for your ISP to automatically assign and configure an Internet address Dynamic when your system connects to the Internet Businesses or power users may use a static address enabling them to run advanced services such as Internet servers and video conferencing Static addresses typically cost more because they must be leased from the ISP If you receive your Internet address settings automatically the subnet mask has been set for you If you manually set your Internet address Static IP this is the information that was provided to you by your ISP and entered by you during gateway installation Part of the Internet address settings and used in conjunction with your Internet address If you receive your Internet address settings automatically the subnet mask has been set for you If you manually set your Internet address Static IP this is the information that was provided to you by your ISP and entered by you during gateway installation Part of the Internet address settings The default gateway is a device your 2Wire gateway communicates with directly to give you access to the Internet If you receive your Inte
39. used only if you are thoroughly familiar with firewalls and networking 46 Firewall Tab Enabling Advanced Security Your 2Wire gateway firewall already provides a high level of security You can configure the firewall to provide advanced security features including stealth mode strict UDP or block pings Stealth Mode In normal firewall operation when an unknown remote device makes a request to connect to a user s network the firewall does not allow the connection to be made and responds with a connection not available message This may not discourage a determined hacker because the message confirms that there is an active network sending the response The hacker may then use more sophisticated tools in an attempt to access your network When in stealth mode the 2Wire gateway firewall does not return any information in response to network queries that is it will appear to the hacker who is trying to access your network that your network does not exist This discourages hackers from further attempts at accessing your network because to them it will appear as though there is no active network to access To enable Stealth Mode Open a Web browser and access the 2Wire gateway user interface by entering http gateway 2Wire net Click the Firewall tab 47 Firewall Tab Click the Advanced Settings link under the tab to open the Edit Advanced Firewall Settings page Settings Security Check to enable the fe
40. 110 16 39 ipprot 17 sport 35234 dport 137 Unknown inbound session stopped info src 82 228 225 74 dst 69 110 16 39 ipprot 6 sport 2258 dport 15118 Unknown inbound session stopped info Previous log entry repeated 1 times low src 82 228 225 74 dst 69 110 16 39 ipprot 6 sport 2258 dport 15118 TCP Port Scan Detected info src 82 228 225 74 dst 69 110 16 39 ipprot 6 sport 2258 dport 15118 Unknown inbound session stopped info src 200 100 81 10 dst 69 110 16 39 ipprot 17 sport 1029 Figure 21 View Firewall Log Page dport 137 Unknown inbound session stopped CLEAR LOG The following table provides additional information about the log entries Severity Details Info Informational only the event does not imply a threat to network security Low Occurs when the firewall detects a low level threat to the network such as an invalid IP header or invalid packet length Medium Occurs when a medium level threat is detected such as an invalid IP fragment offset High Occurs when an attack is launched against the network for example a SYN Flood Includes the following information The IP address from which the packet originated The destination IP address of the packet The action that was taken Click CLEAR LOG to clear the log 45 Firewall Tab Configuring the Firewall Advanced The Edit Advanced Firewall Settings page allows you to configure advanced features on your firewall sewer 7 Zz 9
41. 2 168 1 254 IP Network 192 168 1 0 Subnet Mask 255 255 255 0 DHCP Range 192 168 1 64 192 168 1 253 Allocated 2 Remaining 188 DHCP Timeout 1440 minutes Devices Active Inactive Mode Ethernet 1 1 Wireless 802 11 0 0 USB uU Public Routed Subinterface Router Address Disabled Subnet Mask Disabled Public Proxied Subnet NAT Routed Bridge Address Disabled Subnet Mask Disabled Figure 29 MDC Local Network Status Page The Local Network Status page includes the following information Item IP Gateway IP Network Subnet Mask DHCP Range Description The IP address allocated to the 2Wire gateway The IP address used by the network The subnet mask allocated to the 2Wire gateway The range of IP addresses available on the network the number of addresses Allocated and the number of addresses Remaining Item DHCP Timeout Devices Ethernet Wireless 802 11 USB Public Network Router Address Subnet Mask Bridge Network Router Address Subnet Mask Management and Diagnostic Console Description The time in minutes before the DHCP lease must be renewed The number of Active and Inactive Ethernet devices on the network The number of Active and Inactive wireless devices on the network Specifies whether a USB device is present Active on the network If a USB device is not present the value is Inactive Defines a separate network on the home side The subnet mask all
42. 4 24 35 07 00initd INF2006 05 11114 24 35 07 00initd INF2006 05 11114 24 35 07 00initd INF2006 05 11114 24 35 07 00 1md INF2006 05 11114 24 35 07 00 1md INF2006 05 11114 24 35 07 001md INF 2006 05 11T14 24 35 07 00 1md INFP0000 00 00103 25 24 imd INFP0000 00 00103 25 24 ulib INF2006 05 11T1 1 07 00initd INF2006 05 11T1 1 07 00initd INF2006 05 11T1 2 07 00 voiced INF2006 05 11117 50 32 07 00 cwmd INF2006 05 11T1 3 07 00 cwmd INF2006 05 11117 50 33 07 00pki Figure 53 MDC Advanced Detailed Log Page dhepd stop pid 22 named stop pid 23 stopping runlevel 5 gt 0 1md stop pid 20 ipnet15 DOWN on bridgel4 with 172 16 0 1 ipnet0 DOWN on bridgel with 208 35 230 176 rnat0 Cleared all pinholes ipnetl DOWN on bridqe0 with 192 168 1 254 ipnet0 dns change on bridgel DNS1 204 117 214 10 DNS2 199 2 252 10 Set system clock to 2006 05 11117 50 31 07 00 Starting runlevel 9 gt 9 cwmd start pid 35 BroadBand is up connreq created user account for tr069 connection request bootstrap mgmt url https gw 5 29 21 cwmp cms 2wire com inited ca label root Next INSERT MARK co Back to Top Note The Detailed Log retains a persistent across upgrades and system restarts record of gateway events 122 Management and Diagnostic Console From the Filter pull down menus you can select the level of filtering you want to view for example DBG or higher and the specific gateway component that was affected
43. A If you connect via PPPoE or PPPoA proceed to step 2 If you connect via Direct IP or Routed IPoA proceed to step 5 Direct IP and Routed IPoA connections do not require a user name or password In the Username field enter your user name In the Password field enter your password In the Confirm Password field re enter your password In the PPP on Demand field enter a value for the length of time you wish the PPP session to remain active If the value is set to O the PPP session will not time out it will be always on If the value is between 1 to 10080 minutes the PPP session will time out if the gateway doesn t detect outbound traffic destined for the Internet in the specified time Click SAVE Modifying the Hardware Address By default the gateway uses its built in hardware address The Hardware Address Override panel allows you to manually override the MAC address of the broadband connection which is sometimes required for cable modems that perform MAC address authentication 1 2 3 Click the Override the built in hardware address radio button In the Hardware Address field enter the alternative hardware address Click SAVE 23 Broadband Link Tab Enabling Hostname Override In the DHCP Host Name field enter the DHCP host name you want the gateway to use This field is only relevant if your ISP uses DHCP host name authentication Modifying the Broadband IP By default the gateway automatically
44. A Obtain DNS information automatically PPP on Demand o Minutes O Manually configure your DNS information Entering a value of zero enables a connection with no timeout Primary Server Hardware Address Override Secondary Server Use the built in hardware address Domain Name O Override the built in hardware address Hardware Address Upstream MTU Force Upstream MTU Hostname Override Hostname save CANCEL Figure 11 Broadband Link Advanced Settings Page 22 Broadband Link Tab Modifying DSL and ATM Settings By default the gateway automatically detects which DSL line to use The DSL and ATM panel allows you to select a DSL line and manually configure your ATM settings 1 4 5 From the DSL Line Selection drop down menu select Automatic Line 1 inner pair or Line 2 outer pair In the ATM Circuit Identifier VPI and VCI fields enter the VPI and VCI you want the gateway to use to connect to your ISP From the ATM Encapsulation drop down menu select Bridged LLC Bridged VC Mux Routed LLC or Routed VC Mux In the ATM PVC Search field click the Enabled or Disabled radio button Click SAVE Modifying Broadband Connection Settings The Broadband Connection panel allows you to modify your broadband connection 1 6 From the Connection Type drop down menu select the connection type PPPoE PPPoA Direct IP DHCP or Static or Routed IPo
45. EWR 2Wire Gateway User Guide For 2701HGV W Notice to Users 2008 2Wire Inc All rights reserved This manual in whole or in part may not be reproduced translated or reduced to any machine readable form without prior written approval 2WIRE PROVIDES NO WARRANTY WITH REGARD TO THIS MANUAL THE SOFTWARE OR OTHER INFORMATION CONTAINED HEREIN AND HEREBY EXPRESSLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE WITH REGARD TO THIS MANUAL THE SOFTWARE OR SUCH OTHER INFORMATION IN NO EVENT SHALL 2WIRE INC BE LIABLE FOR ANY INCIDENTAL CONSEQUENTIAL OR SPECIAL DAMAGES WHETHER BASED ON TORT CONTRACT OR OTHERWISE ARISING OUT OF OR IN CONNECTION WITH THIS MANUAL THE SOFTWARE OR OTHER INFORMATION CONTAINED HEREIN OR THE USE THEREOF 2Wire Inc reserves the right to make any modification to this manual or the information contained herein at any time without notice The software described herein is governed by the terms of a separate user license agreement Updates and additions to software may require an additional charge Subscriptions to online service providers may require a fee and credit card information Financial services may require prior arrangements with participating financial institutions 2Wire the 2Wire logo and HomePortal are registered trademarks and HyperG Greenlight FullPass and GuestPass are trademarks of 2Wire Inc All other trademarks are trademarks of their respective
46. Host Name Domain Name MTU Spoof MAC Address RESET ISP Connection Direct IP DHCP or Static 208 35 230 176 255 255 255 192 208 35 230 190 204 117 214 10 199 2 252 10 1500 Figure 25 MDC Broadband Link Summary Page The Broadband Link Summary page includes the following information Item Connection Information Broadband Connection Description Builtin ADSL Modem or External Broadband Modem via Ethernet 60 Item Current Status Management and Diagnostic Console Description The current operating condition of the broadband link Fully operational The broadband link is operational including connection to ISP and other services Initializing The broadband link is preparing to connect Establishing link The broadband link is connecting No physical link signal No physical signal detected on the broadband link Physical connection The broadband link is connected Error There is a broadband link error DSL Connection Details for DSL models only DSL Line Wire Pair Protocol DSL Channel DSLAM ATM PVC Info ATM Encapsulation ISP Details Connection Type User Name PPPoE Access Concentrator PPPoE Service IP Address Range Subnet Mask Gateway Line 1 inner pair Line 2 outer pair or Searching for DSL signal During installation the 2Wire gateway auto detects whether the DSL signal is on line 1 or line 2 G dmt G lite or ANSI T1 413 Fast or Interleaved
47. IP See TCP IP U UDP User Datagram Protocol A TCP IP protocol describing how data packets reach application programs within a destination computer V VPI Virtual Path Identifier Identifier contained in the ATM cell header to designate the virtual path on the physical ATM link VCI Virtual Channel Identifier Identifier contained in the ATM cell header to designate the virtual channel on the physical ATM link W Wireless Transmission of data over radio waves rather than wiring Wireless channel The 2Wire gateway supports up to 13 wireless channels based on country restrictions For example the United States and Canada support channels 1 to 11 Europe and Australia support channels 1 to 13 In an 802 1b or 802 11g wireless network data is transmitted at 2 5GHz Wireless nodes communicate with each other using radio frequency signals in the band between 2 4GHz and 2 5GHz Neighboring channels are 5 MHz apart however due to the spread spectrum effect of the signals a node sending signals using a particular channel will use frequency spectrum 12 5HHz above and below the center channel frequency As a result two separate wireless networks using neighboring channels for example channels 1 and 2 in the same general vicinity will interfere with each other Applying two channels that allow the maximum channel separation such as channels 1 and 6 or channels 6 and 11 will provide a noticeable performance increase over networ
48. Network Tests Hardware Address Upgrade History Configure Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Resets Internet Connection Settings Internet Address Advanced Obtain Internet address automatically Syslog Settings C Manually configure Internet address settings Provisioning Info IP Address Configure Time Services Configure Services Subnet Mask Static Routes Default Gateway PERS EEG LLL CCELI LLLI LZ Traffic Shaping Internet Connection Settings DNS Link Manager Obtain DNS information automatically Detailed Log C Manually configure your DNS information Primary Server L 1 Secondary Server Domain Name _w SUBMIT Settings co Back to Top Figure 28 MDC Broadband Link Configuration Page network to access the broadband connection You should modify these settings ONLY if you are Note Modifying the settings on this page can impact the ability of computers on the local 2 thoroughly familiar with networking 68 Management and Diagnostic Console Modifying DSL and ATM Settings By default the gateway automatically detects which DSL line to use The DSL and ATM Settings pane allows you to select a DSL line and manually configure your ATM settings To modify DSL or ATM settings 1 From the DSL Line Selection pull down select Automatic Line 1 inner pair or Line 2
49. The firewall checks for invalid ICMP code types and drops the packet The firewall checks for the following Unknown IP protocol drop packet Port O attack detected drop packet TCP SYN packet drop packet Not a start session packet drop packet ICMP destination unreachable terminate session To disable attack detection for a specific port Open a Web browser and access the 2Wire gateway user interface by entering http gateway 2Wire net Click the Firewall tab 52 Firewall Tab Click the Advanced Settings link under the tab to open the Edit Advanced Firewall Settings page me 9 218 e H d H EMAII A Broadband Home Voice Firewall H Link N System Network Network Summary Firewall Settings Advanced Settings Pr HONE site Map Edit Advanced Firewall Settings WARNING A Modifying the settings on this page can impact the ability of computers on the local network to acoess your broadband connection Modifications may also affect brosdband ensbled applications and services running on the local network Settings Instructions Security Limiting data traffic may disable support for hosted applications that require inbound communications such 7 io ennt ING balayan bdlow as Web servers games or Internet chat programs All o Stealth Mode data traffic will continue to be scanned by the firewall for known hacker attacks Block Ping C Strict
50. To set up a private network Open a Web browser and access the 2Wire gateway user interface by entering http gateway 2wire net Click the Home Network tab 31 Home Network Tab Click the Advanced Settings link under the tab to open the Edit Advanced Home Network Settings page Voice 3 Firewall System Network Edit Advanced Home Network Settings WARNING AY Maryang tne settings on mis page can impact me abit of computers on fne local network to access your broadband connection Modifications may also affect broadbanc enabiec applications and services running on me local network Private Network 7 Private Network If you change the IP address range you must renew the DHCP lease on all devices on the Router Address 182 168 1 254 network 255 255 255 0 192 168 1 0 255 255 255 0 default O 172 168 0 0 255 255 0 0 O 10 0 0 0 255 255 0 0 Configure manually Device List g o 182 168 1 64 152 168 1 64 192 168 1 64 192 168 1 253 182 168 1 65 182 168 1 66 182 168 1 68 EDIT ADORESS ALLOCATION Public Routed Subinterface Enable Check ENABLE to create a route from the intemet to me public network specified below E Auto Firewall Open Public Proxied Subnet NAT Routed EE Tata Garin me ps GG stt fr ing pc oar nome d network devices This Information Is provided by your ISP 2 2 0 0 0 0 2 0 C Auto Firewall Open Display Settings v Show inactive devices in network l
51. Version 5 29 116 1 eval Key Code Unprovisioned Figure 6 View System Details Page The Restart the system link restarts your system Your network connections and your broadband connectivity will be briefly disrupted until your system restarts and broadband connectivity is re established with your broadband service provider The View available upgrades and options link accesses a page that displays available software upgrades or enhanced services If your gateway is running the latest software or enhanced services are not available the following message displays 2WiRE Upgrade The System System Upgrade Current Software Version 4 21 7 No Upgrade Available Your system has the latest software version available Please check back later 11 Broadband Link Tab This chapter describes the 2Wire gateway Broadband Link features and provides detailed instructions on how to customize your broadband settings Viewing Your Broadband Link Summary The Broadband Link Summary page provides general information about the current status of your broadband link connection and your system configuration To access your Broadband Link Summary Open a Web browser and access the gateway user interface by entering http gateway 2wire net Click the Broadband Link tab Click the Summary link under the tab to open the View Broadband Link Summary page m mc Mn 2 amp d Svste Broadband Home Voice H Firewal System L
52. aga Wireless Mode B02 11b g W DTIM Period 1 Maximum Connection Rate 54 Mbps V Power Setting 4 vw RESCAN SAVE CANCEL RESTORE DEFAULTS Figure 13 Configure the Wireless Network Page 28 Home Network Tab The Current Settings panel shows the 2Wire gateway s wireless access point settings Access Point The designated name of the wireless access point Network Name The name assigned to your wireless network The default is 2 WIREXXX where XXX represents the last three digits of your 2Wire gateway serial number for example 2WIRE954 Channel The radio frequency band the access point uses for your wireless network the default is 6 Wireless adapter cards auto detect which channels to use If you are having problems with your wireless network it could be due to radio interference You can change the wireless channel to see if interference is reduced on a different channel Note For more information on wireless channels refer to the wireless channel entry on page 129 in the Glossary Authentication The security method used to ensure that users are authorized to access the wireless network WEP Open WEP Shared or WPA PSK Encryption The security setting that makes it difficult for unauthorized users to access your network Customizing Security Settings You should always enable encryption for wireless communication When encryption is enabled you must d
53. al traffic and a second set of IP addresses for external traffic This feature is used by the system so an end user can have an internal computer network in their home with all its computers using internal IP addresses using only one routable IP address which accesses the outside Internet P PAT Port Address Translation Allows hosts on a LAN to communicate with the rest of a network such as the Internet without revealing their own private IP address All outbound packets have their IP address translated to the router s external IP address Replies come back to the router which then translates them back into the private IP address of the original host for final delivery PPP Point to Point Protocol A protocol that allows a computer to access the Internet using a dial up phone line and a high speed modem This can be accomplished over Ethernet PPPoE or over Asynchronous Transfer Mode ATM PPPoA 127 Glossary PPPoA Point to Point Protocol over ATM A specification for connecting multiple computer users on an Ethernet LAN to a remote site through common customer premises equipment such as a modem PPPoA combines the Point to Point Protocol PPP commonly used in dialup connections with the ATM Asynchronous Transfer Mode protocol which supports multiple users in a LAN PPPoE Point to Point Protocol over Ethernet A specification for connecting multiple computer users on an Ethernet LAN to a remote site through common
54. anced Internet Protocol TCP IP Properties ore You can get IP settings assigned automatically ff your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address IP address WA L0 A Subnet mask 255 255 0 0 Default gateway T2216 O 1 Obtain DNS server address automaticall Preferred DNS server Altemate DNS server Click OK 112 Management and Diagnostic Console f If required reboot the system for the changes to take effect 2 Attach the computer to the Local Network port of the 2Wire gateway 3 In the Web browser address bar enter 172 16 0 1 management 4 Click Configure Services 5 Click the Enable Routing checkbox 6 Click the Submit Settings button The gateway PPP routing and TCP IP functions are now re enabled and the Local Network LED will turn Green The computer can now be reset to a DHCP assigned IP address or left to obtain it statically Changing Timeout Parameters By default TCP and UDP are configured to timeout in 1 440 and 10 minutes respectively You can change the parameters by entering different values in the TCP Timeout and UDP Timeout fields and then clicking the Submit button Enabling Broadband Status Notification Note This field will display only if the CMS organization has the Broadb
55. and Status Notification feature enabled To receive a notification message that the gateway has lost broadband connectivity and cannot access the Internet check the Enable checkbox Enabling Missing DSL Filter Notification Note This field will display only if the CMS organization has the Missing DSL Filter Notification feature enabled To receive a notification message that the gateway has detected a missing DSL filter check the Enable checkbox Enabling SIP Application Layer Gateway To enable the SIP ALG on the gateway firewall check the Enable checkbox Changing the Upstream MTU The MTU Maximum Transmission Unit is the largest size packet or frame specified in octets eight byte bits that can be sent from a computer to the network The 2Wire gateway s MTU varies depending on the connection type used for example PPP or direct IP 113 Management and Diagnostic Console To change the gateway s upstream MTU 1 Inthe Force Upstream MTU field enter the value specified by the service provider 2 Click the Submit button 114 Advanced Static Routes Management and Diagnostic Console Note To access this page your network must have the Remote Management feature enabled A If the feature is not enabled an error message will display when you click the link to access this page The Advanced Static Routes page allows you to manually configure static routes that specify the transmis
56. atically obtain an IP address proceed to step 5 If the computer will have a static IP address configure it with a valid static IP address Restart the computer Viewing the Firewall Log The 2Wire gateway keeps a log of all firewall related events that occur Each log entry contains the date and time the event occurred the severity level of the event and details about the event To view the log Open a Web browser and access the 2Wire gateway user interface by entering http gateway 2Wire net Click the Firewall tab 44 Firewall Tab Click the Firewall Log link under the tab to open the View Firewall Log page pe oo 5 Summary Firewall Settings View Firewall Log Log Date and Tim 2005 02 10 2005 02 10 2005 02 10 2005 02 10 2005 02 10 2005 02 10 2005 02 10 2005 02 10 2005 02 10 ne 13 00 PST 05 PST 41 PST 32 PST 56 PST 57 PST 57 PST 57 PST 05 PST Syste Broadband Home Voice Firewall oysrom k Network Network Firewall Honitor Firewalllog Advanced Settings fr HOME Help Site Map 72 Severity Details info src 69 104 57 17 dst 69 110 16 39 ipprot 6 sport 3735 dport 6129 Unknown inbound session stopped info src 222 88 173 5 dst 69 110 16 39 ipprot 17 sport 28502 dport 1026 Unknown inbound session stopped info src 4 157 104 12 dst 69 110 16 39 ipprot 17 sport 13307 dport 1028 Unknown inbound session stopped info srcz81 137 202 29 dst 69
57. atures below Block Ping Strict UDP Session Control Inbound and Outbound Control Checking the box allows the associated traffic type through the firewall Outbound Inbound v HTTP Remote Management HTTPS C NetBios v FTP v Telnet v sure vj ons NetBios v POP3 v MAP v NNTP v Rc v 323 v All Other Protocols save CANCEL RESTORE DEFAULTS 1 In the Security pane click the Stealth Mode checkbox 2 Click SAVE 48 Firewall Tab Block Ping Ping is a basic Internet program that when used without malicious intent allows a user to verify that a particular IP address exists and can accept requests Ping is used diagnostically to ensure that a host computer you are trying to reach is operating It can also be used to see how long it takes to get a response back from a specific host computer Hackers can use ping to launch an attack against your network because ping can determine the number form of the network s IP address for example 105 246 172 72 from the domain name for example www mynetwork com If you enable Block Ping your network will block all ping requests To block ping Open a Web browser and access the 2Wire gateway user interface by entering http gateway 2Wire net Click the Firewall tab Click the Advanced Settings link under the tab to open the Edit Advanced Firewall Settings page Settings Security Check to enable the feat
58. box 2 In the Subnet Mask field enter the subnet mask this is typically provided by your service provider and defines how large your IP pool is 3 Optional To open all firewall ports check the Auto Firewall Open checkbox By default your firewall protection is enabled 4 Click SAVE Selecting a Default DHCP Pool By default all devices on the home network that use dynamic non static IP addresses receive these from the Private Network DHCP pool When either Public Routed Subinterface or Public Proxied Subnet is enabled click the Default DHCP Pool radio button in the corresponding section to have devices receive their IP addresses from those pools Showing a Device as Inactive To show a device as Inactive 1 Open a Web browser and access the 2Wire gateway user interface 2 Click the Home Network tab 3 Click the Advanced Settings link under the tab 4 In the Settings pane select the Show inactive devices in network list checkbox 5 Click SAVE 34 Firewall Tab This chapter describes the 2Wire gateway firewall features and provides detailed instructions on how to modify the firewall settings Firewall Features The 2Wire gateway has a professional grade firewall to help prevent unauthorized users from accessing your local network The 2Wire gateway firewall includes the following features Stateful packet inspection Blocks common Denial of Service attacks such as SYN FIN flooding or Smurf and d
59. ce from piggybacking onto a UDP session Controlling Inbound and Outbound Traffic If an Inbound box is checked the firewall allows the corresponding protocol to pass through from the Internet to the network If an Outbound box is checked the firewall allows the traffic from the network to pass through the firewall to the Internet You must click the Submit button for changes to take effect Note Allowing inbound traffic does not mean that the firewall automatically allows this type of traffic to pass through the firewall to the network Even if a particular protocol application type is allowed the firewall still checks and blocks all unsolicited traffic from the Internet unless the firewall is configured to allow the traffic through using an application profile Disabling Attack Detection By default the 2Wire gateway firewall rules block the attack types listed in the Attack Detection pane Some hosted applications require that the user open specific ports for example TCP or UDP to allow outside users to access their network The Attack Detection pane allows you to configure the gateway s firewall rules to allow traffic through on the specified ports To disable attack detection for a specific port deselect the corresponding checkbox and click the Submit button Enabling Full Logging To log all packets check the Enable Full Logging checkbox Note When full logging is enabled the gateway logs every packet Th
60. ce panel to open the Edit Date and Time Settings page 3 TM sewer 9 v uc BIO Summary System Password Date and Time Settings Details Cu Edit Date and Time Settings Settings Current Date and Time Retrieving date and time settings from the Internet Select Your Time Zone The date and time are automatically set using time servers on the Internet The local time is set correctly when you select your time zone Selectthe time zone below and click SAVE GMT 08 00 Pacific Time US amp Canada Tijuana v save CANCEL System Tab Figure 5 Edit Date and Time Settings Page 1 From the drop down menu select the time zone 2 Click SAVE 10 System Tab Viewing System Details The System Details page provides information about your gateway any enhanced services you may have and provides a link that you can use to restart your system To view the System Details page Open a Web browser and access the gateway user interface by entering http gateway 2wire net Click the System tab Click the View details link in the System area of the Network at a Glance panel to open the View System Details page awre 9 8 2 a System a ak Tak AA Summary System Password Date and Time Settings Details Pr HOME Site Map View System Details Details f Model 2701HGV A Gateway Restart the system Serial Number 230711028091 zi Hardware Version 2701 000631 004 Software
61. ced Static ROUTES 26 sg m nd mm RU xx a mw ates cR a m ons TR RE i RR D 115 Advanced DNS Resolve Page hh hh hh hrs 117 Advanced Traffic Shaping Page hh rrr 118 Advanced Link Manager States Page hh 119 Advanced Detailed Log Page hh hr rns 122 Glossary I Introduction The 2Wire gateway allows you to create a network with your computers and peripheral devices Following are just a few of the benefits derived from using the 2Wire gateway to network your home or office High performance integrated modem 2Wire s technology improves DSL performance especially for homes further away from the local exchange It also minimizes common interference found when other devices such as dimmer switches or fluorescent lighting are in contact with the DSL line Super fast router The 2Wire gateway s router provides the fastest data transfer speeds available between your network and the Internet The high performance router distributes data seamlessly to all of the computers on your network without a dramatic loss of performance or speed Professional grade firewall The 2Wire gateway firewall includes both standard NAT PAT security and Stateful Packet Inspection to defend against Denial of Service Internet attacks Flexible networking The 2Wire gateway includes a variety of home networking technologies in one box Ethernet direct USB and HyperG wireless Use any or all of the following technologies t
62. d Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Figure 26 MDC Broadband Link Statistics Page The Broadband Link Statistics page includes the following information Item Description DSL for DSL models only Current Rate The DSL downstream and upstream rate in kilobits Max Rate The maximum DSL downstream and upstream rate in kilobits 63 Item Current Connection ATM Transmit Receive IP Transmit Receive Management and Diagnostic Console Description Current Noise Margin The current downstream and upstream noise margin in dB Current Attenuation The current downstream and upstream DSL attenuation in dB Current Output Power The current downstream and upstream DSL transmit and receive power in dB The cumulative number of cells transmitted and the number and percentage transmitted in error The cumulative number of cells received and the number and percentage received in error The cumulative number of IP packets transmitted the cumulative number of IP payload bytes transmitted and the number and percentage transmitted in error The number of bytes and packets received and the number and percentage received in error To reset the broadband link statistics click the Reset button 64 Management and Diagnostic Console Broadband Link Detai
63. d Detailed Log CLEAR LOG DBG or higher i a11 z sc INSERT MARK INF2006 05 11T14 24 18 07 00pkg INF 2006 05 11114 24 18 07 00pkg INF 2006 05 11114 24 18 07 00pkg INF 2006 05 11114 24 18 07 00pkg INF 2006 05 11114 24 18 07 00pki INF 2006 05 11114 24 18 07 00pk INF 2006 05 11114 24 18 07 00pkg INF 2006 05 11114 24 18 07 00pkg INF 2006 05 11114 24 18 07 00pkg INF 2006 05 11114 24 19 07 00 pk INF 2006 05 11114 24 19 07 00 pk INF 2006 05 11114 24 19 07 00pki INF2006 05 11114 24 19 07 00pk INF2006 05 11T14 24 19 07 00pkg INF 2006 05 11114 24 19 07 00pki INF 2006 05 11114 24 19 07 00pk INF2006 05 11T14 24 19 07 00pk INF2006 05 11114 24 19 07 00pk INF2006 05 11114 24 20 07 00pkg INF2006 05 11114 24 20 07 00pkg INF2006 05 11114 24 20 07 00pkg INF2006 05 11114 24 20 07 00pk INF2006 05 11114 24 20 07 00pk INF2006 05 11114 24 20 07 00pk INF2006 05 11114 24 20 07 00pk INF2006 05 11114 24 20 07 00pkg INF 2006 05 11T14 24 24 07 00 pk INF2006 05 11114 24 24 07 00pkg INF2006 05 11114 24 34 07 00initd INF2006 05 11114 24 34 07 00initd WRN2006 05 11114 24 34 07 001md WRN2006 05 11114 24 34 07 00 cwmd WRN2006 05 11114 24 34 07 001md INF 2006 05 11T14 24 34 07 00initd INF2006 05 11114 24 34 07 00initd INF2006 05 11114 24 34 07 00initd INF2006 05 11114 24 34 07 00initd INF2006 05 11114 24 34 07 00initd INF2006 05 11114 24 34 07 00initd INF2006 05 11114 24 34 07 00initd subtree dis
64. d to allow some programs Such as game servers or instant messaging software to operate properly For example a remote game player on the Internet might need to contact the game server program that you have installed on your home network in order to play against you Normally the firewall blocks this communication By changing the firewall settings this communication is permitted to pass through a pinhole in the firewall This function may be referred to as port mapping or port forwarding in your software program documentation 36 Firewall Tab Click VIEW DETAILS to access the Firewall Details page which shows a list of all the devices that have applications configured in the firewall and the details of these configurations NGA X awire 9 7 System Link Network Network Summary Firewall Settings Advanced Settings tr HOME Site Map View Firewall Details Details Current Settings Default To allow users on the Internet to connect to a computer inside your secure home network you must configure the systems firewall settings Figure 16 View Firewall Details Page If you have the Firewall Monitor enhanced service the Firewall Monitor panel shows a brief summary of the number of attacks that were blocked for the current day and week Click VIEW DETAILS to access the Monitor the Firewall page Hosting an Application When you host an application on your network for Internet users to access you
65. d with the encryption key defined on the system before it can operate on your wireless network You can customize the following wireless settings in the Wireless Security panel 1 From the Authentication pull down menu select an authentication setting WEP Open WEP Shared or WPA PSK Open authentication allows users to configure their wireless adapter as either Open or Shared in either case an encryption key is required Shared authentication allows users to configure their wireless adapter for Shared authentication which requires an encryption key WPA PSK requires that users configure their wireless adapter using TKIP 2 To use the encryption key that came with your gateway click the Use default encryption key radio button To create a custom encryption key click the Use custom encryption key radio button If you select Use custom encryption key you can define a 64 bit or 128 bit encryption key For 64 bit encryption in the Key field enter a 10 digit hexadecimal number For 128 bit encryption enter a 26 digit hexadecimal number A hexadecimal number uses the characters 0 9 a f or A F 3 Click the Submit button Additional Settings The Additional Settings panel allows you to customize wireless settings In general it is recommended that you leave the default settings in place however if you are experiencing connection or performance difficulties altering these settings may improve performance Note Because the field
66. dual application s Choose the application s that will be enabled to pass through the firewall to this computer Click ADD to add it to the Hosted Applications list All applications v Hosted Applications Age of Empires Age of Kings Age of Wonders Aliens vs Predator ADD Anarchy Online Asheron s Call Baldur s Gate Battlefield Communicator Black and White Dis Add a new user defined application O Allow all applications DMZplus mode Set the selected computer in DMZplus mode All inbound traffic except traffic which has been specifically assigned to another computer using the Allow individual applications feature will automatically be directed to this computer The DMZplus enabled computer is less secure because all unassigned firewall ports are opened for that computer Note Once DMZplus mode is selected and you click DONE the system will issue a new IP address to the selected computer The computer must be set to DHCP mode to receive the new IP address from the system and you must reboot the computer If you are changing DMZplus mode from one computer to another computer you must reboot both computers Figure 17 Edit Firewall Settings Page 1 From the Select a computer pull down menu select the computer that you wish to host the application 2 Click the Allow individual application s radio button 3 In the Applications panel select an application 4 Click the ADD button The
67. e 2Wire gateway detects outbound traffic the session is reestablished Note By default the minimum timeout value is 3 minutes 69 Management and Diagnostic Console Modifying Hardware Address By default the 2Wire gateway uses its built in hardware address The Internet Connection Settings Hardware Address Override pane allows you to manually override the MAC address of the broadband connection which is sometimes required for cable modems that perform MAC address authentication To modify the hardware address 1 Click the Override the built in hardware address radio button 2 Inthe Hardware Address field enter the alternative hardware address 3 Click the Submit button Modifying Internet Address Settings By default the 2Wire gateway automatically obtains its Internet address The Internet Connection Settings Internet Address pane allows you to manually configure your Internet address settings To manually configure your Internet address settings 1 Click the Manually configure Internet address settings radio button 2 In the IP Address field enter the IP address you want the 2Wire gateway to use 3 In the Subnet Mask field enter the subnet mask you want the 2Wire gateway to use 4 In the Default Gateway field enter the default gateway address you want the 2Wire gateway to use 5 Click the Submit button Modifying DNS Information By default the 2Wire gateway automatically obtains DNS server addr
68. e Date Enable mj Time LELELI hh mm ss Date TT omma Time Zone GMT 08 00 Pacific Time US amp Canada Tijuana Daylight Savings Time Automatically adjust Configure Internet Time Servers fatp ucsd edu O Time Servers Figure 47 MDC Advanced Configure Time Services Page During the 2Wire gateway setup process you specify the time zone in which you are located so that the time and date are automatically displayed in the 2Wire gateway user interface These time settings are displayed in the Current Time Settings panel which shows the current date time time zone and whether the time was automatically or manually configured If you wish to manually set the time and date you can do so in the Manually Set Time Date panel 108 Management and Diagnostic Console To manually set the time and date 1 Check the Enable checkbox 2 In the Time field enter the time in 24 hour HH MM SS format for example 10 02 11 3 In the Date field enter the date in YYYY MM DD format for example 2006 10 09 4 From the Time Zone pull down menu select the time zone The available time zones are Hawaii Alaska Pacific Mountain Arizona Central Eastern Indiana and Atlantic Canada 5 Check the Daylight Savings Time checkbox if you wish to automatically adjust for daylight savings time You can also specify the time servers from which you wish to obtain system time by entering the time server Internet address
69. e Ping tool on the WAN Tests page to ensure that the 2Wire gateway can ping a designated IP address Advanced Pages Advanced pages provide detailed information and sophisticated diagnostics that in general should only be accessed by technically advanced users 56 Management and Diagnostic Console Remote Management Feature Management and Diagnostic Console pages that affect gateway configuration can be accessed remotely only if your organization has enabled the Remote Management feature If the feature is not enabled an error message will display when you click the link to access the following pages Broadband Link Configuration Local Network Configuration Firewall Settings Firewall Detailed Information Firewall Advanced Settings Troubleshooting Configure Logs Troubleshooting Resets Advanced Syslog Settings Advanced Configure Time Services Advanced Configure Services Advanced Static Routes Advanced DNS Resolve Advanced Traffic Shaping The following section shows Management and Diagnostic Console pages and describes how to use the information provided to troubleshoot the 2Wire gateway Note A configuration profile with Write Access allows for remote changes in the Management 7 and Diagnostic Console and a configuration profile with Full Access allows for viewing of all MDC pages 57 System Summary Page Management and Diagnostic Console The System Summary page shows general infor
70. e gateway user interface by entering http gateway 2wire net Click the Broadband Link tab 19 Broadband Link Tab Click the Statistics link under the tab to open the View Broadband Link Statistics page awre G3 2 35 Russe Broadband Home Voice Firewal num Link Network Network Summary Details Diagnostics Statistics Advanced Settings fr HOME Site Map View Broadband Link Statistics Data Errors Statistics Collected for 0 42 08 Since Current 24 Hour Current 15 Minute Time Since Last Reset Interval Interval Event ATM Cell Header Errors 0 0 0 0 00 00 ATM Loss of Cell Delineation 0 0 0 0 00 00 DSL Link Retrains 0 0 0 0 00 00 DSL Training Errors o 0 0 0 00 00 DSL Training Timeouts 0 0 o 0 00 00 DSL Loss of Framing Failures 0 0 0 0 00 00 DSL Loss of Signal Failures o 0 o 0 00 00 DSL Loss of Power Failures 0 0 0 0 00 00 DSL Loss of Margin Failures o 0 0 0 00 00 DSL Cumulative Errored Seconds 0 0 0 0 00 00 DSL Severely Errored Seconds 0 0 0 0 00 00 DSL Corrected Blocks 0 0 0 0 00 00 DSL Uncorrected Blocks 0 0 0 0 00 00 Figure 10 View Broadband Link Statistics Page The Transmit and Receive Data panel displays the following information Transmit The cumulative number of IP packets transmitted the cumulative number of IP payload bytes transmitted and the number and percentage transmitted in error Receive The number of bytes and packets received and the number and percentage received in error The
71. e of the packets sent from a computer to the network Either Disabled if the default factory set MAC address is used or Enabled if the computer s MAC address is used If there is an error on the broadband link or with the ISP connection click the Reset Broadband Link or Reset ISP Connection button to reset the connections 62 Management and Diagnostic Console Broadband Link Statistics Page The Broadband Link Statistics page shows statistics associated with the 2Wire gateway broadband link Note To update the information displayed on this page click the browser s Refresh button WRE Management and Diagnostic Console kapaki Samang Broadband Link Statistics RESET ATM Statistics Broadband Link DSL Down Up GM Current Rate 8064 kbs 864 kbs Statistics Max Rate 11600 kbs 1056 kbs Detailed Statistics Current Connection Configure Current Noise Margin 19 0 dB 11 0 dB Current Attenuation 0 6 dB 1 0 dB Local Network Current Output Power 7 7 dBm 11 9 dBm IA M SE Iu E E E EE E LEAK E OAT o ATM Cells Errors Device List Wieloss Transmit 147176 0 0 Receive 12937 0 0 st MM M AA a AA AA AA Firewall IP Bytes Packets Errors Settings Transmit 703661 2352 0 0 Detailed Information Advanced Settings Receive 519627 2044 0 0 Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advance
72. eating a route from the Internet to the specified public network The public network operates without Network Address Translation NAT This feature is typically used in conjunction with broadband service that provides a range of available IP addresses Once enabled the public IP addresses can be assigned to local computers To set up a Public Routed Subinterface network 1 2 Check the Enable checkbox In the Router Address field enter the router address this is typically provided by your service provider In the Subnet Mask field enter the subnet mask this is typically provided by your service provider Optional To open all firewall ports check the Auto Firewall Open checkbox By default your firewall protection is enabled Click SAVE 33 Home Network Tab Setting Up a Public Proxied Subnet The Public Proxied Subnet pane allows you to create a local network that has broadband accessible IP addresses Public Proxied Subnet is a public network in which the local network is an extension of the broadband network and does not require any special routing Computers that are assigned Public Proxied Subnet IP addresses operate without Network Address Translation NAT This feature is typically used in conjunction with broadband service that provides a range of IP addresses Once enabled the Public Proxied Subnet IP addresses can be assigned to local computers To set up a public proxied subnet 1 Check the Enable check
73. efine an encryption key for the 2Wire gateway s wireless access point and configure that same key on each wireless client that will use your 2Wire gateway wireless network Note If encryption is enabled each wireless client must be configured with the encryption key defined on the system before it can operate on your wireless network You can customize the following wireless settings in the Wireless Security panel 1 From the Authentication pull down menu select an authentication setting WEP Open WEP Shared or WPA PSK Note WPA PSK authentication is supported only on HG model gateways Open authentication allows users to configure their wireless adapter as either Open or Shared in either case an encryption key is required Shared authentication allows users to configure their wireless adapter for Shared authentication which requires an encryption key WPA PSK requires that users configure their wireless adapter using TKIP To use the encryption key that came with your gateway click the Use default encryption key radio button To create a custom encryption key click the Use custom encryption key radio button If you select Use custom encryption key you can define a 64 bit or 128 bit encryption key For 64 bit encryption enter a 10 digit hexadecimal number For 128 bit encryption enter a 26 digit hexadecimal number A hexadecimal number uses the characters 0 9 a f or A F Click SAVE 29 Home Network Tab Config
74. ems with your broadband connection To access the Broadband Link Diagnostics page Open a Web browser and access the gateway user interface by entering http gateway 2wire net Click the Broadband Link tab 18 Broadband Link Tab Click the Diagnostics link under the tab to open the Broadband Link Diagnostics page v o owre 2 S 2 s S eir cr nad Home Voice Firewal system Network Network Summary Details Diagnostics Statistics Advanced Settings 4x HOME Site Map Broadband Link Diagnostics WARNING A Testing the broadband link will take a few minutes during which there will be no Internet access Status Click TEST to run a series of diagnostic tests on your broadband link DSL Synchronization UP G DMT Signal UP PVC Connection Could not find an ATM circuit IP Connection DNS Communication REFRESH esr Figure 9 Broadband Link Diagnostics Page To update the broadband link status click REFESH To initiate a full test of your broadband link click TEST The test will take several minutes during which the system reestablishes all broadband connections You will not be able to access the Internet until the test is complete Viewing Statistics The View Broadband Link Statistics page shows statistics associated with the 2Wire gateway broadband link including cumulative DSL statistics To access the Broadband Link Statistics page Open a Web browser and access th
75. ens the telephone company will provide advance notice in order for you to make the necessary modifications to maintain uninterrupted service If trouble is experienced with this equipment please contact 2Wire or your local 2Wire distributor or service center in the U S A for repair and or warrant information If the trouble is causing harm to the telephone network the telephone company may request you to remove this equipment from the network until the problem is resolved No repairs can be done by a customer on this equipment It is recommended that the customer install an AC surge arrestor in the AC outlet to which this device is connected This is to avoid damage to the equipment caused by local lightning strikes and other electrical surges RF Exposure Information This device was verified for RF exposure and found to comply with Council Recommendation 1999 519 EC and FCC OET 65 RF exposure requirements Wi Fi Only This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment For additional compliance information please reference FCC ID PGR2W2701 132 mm MPE SAR Labeling WARNING While this device is in operation a separation distance of at least 20 cm 8 inches must be maintained between the radiating antenna inside the Equipment Under Test EUT and the bodies of all persons exposed to the transmitter in order to meet the FCC RF exposure guidelines Making changes to the antenna or the
76. er specific information For example the Components list may contain language files Such as common_en common_es or common_fr user interface files Such as base_ui or VoIP files such as base_voice 59 Broadband Link Summary Page Management and Diagnostic Console The Broadband Link Summary page allows you to view 2Wire gateway broadband connectivity related settings and reset the Broadband Link and ISP Connection 2WRE System Summary Broadband Link Summary Statistics Detailed Statistics Configure Detailed Information Advanced Settings Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Management and Diagnostic Console Broadband Link Summary Connection Information Broadband Connection Current Status Built in modem ADSL Fully Operational DSL Connection Details DSL Line Wire Pair Protocol DSL Channel DSLAM ATM PVC Info ATM Encapsulation RESET Broadband Link Line 1 inner pair G DMT Annex A Fast Country 0x0F Vendor ALCB Specific 0x00 8 35 LLC ISP Details Connection Type IP Address Range Subnet Mask Gateway Primary DNS Secondary DNS
77. er what their children can access on the Internet and how often Content Screening and Internet Access Controls Content Screening allows you to protect your children from Websites with questionable content You control what sites or types of sites your child can and cannot access Internet Access Control gives you power to decide when your child can use the Internet and allows you to restrict Internet access by day of week and time of day For additional information please refer to the Parental Controls User Guide System Tab Setting a System Password Setting a system password protects your gateway settings from being modified or changed by someone who has not been given permission to do so After setting a system password you will be required to enter it whenever you attempt to access a gateway configuration page for example if you try to change the gateway s broadband connection settings or upgrade the gateway software If a password has not been set a reminder notice is displayed when you attempt to access pages where settings can be changed To set your system password Open a Web browser and access the gateway user interface by entering http gateway 2wire net Click the System tab Click the System Password link in the System area of the Network at a Glance panel to open the Edit System Password page IWIRE 9 v ds Broadband Home Voice Firewal Link M H t System Network H Network Summary Sy
78. ers in dotted decimal notation Subnet masks typically take three forms 255 0 0 0 255 255 0 0 255 255 255 0 The number 255 masks out the corresponding number of the IP address resulting in IP address numbers that are valid for the network For example an IP address of 123 45 67 89 and a subnet mask of 255 255 255 0 results in a sub network number of 123 45 67 0 and a device number of 89 The subnet mask used for the network typically corresponds to the class of IP address assigned as shown in the following table IP Address Class Dotted Decimal Notation Ranges Corresponding Subnet Mask Class A 1 XXX XXX XXX to 126 XXX XXX XXX 255 0 0 0 Class B 128 0 xxx xxx to 191 255 Xxx Xxx 255 255 0 0 Class C 192 0 0 xxx to 223 255 255 xxx 255 255 255 0 128 Glossary SYN Flood A method that the user of a hostile client program can use to conduct a denial of service DOS attack on a computer server The hostile client repeatedly sends SYN synchronization packets to every port on the server using fake IP addresses T TCP IP Transmission Control Protocol Internet Protocol A method of packet switched data transmission used on the Internet The protocol specifies the manner in which a signal is divided into parts as well as the manner in which address information is added to each packet to ensure that it reaches its destination and can be reassembled into the original message Transmission Control Protocol Internet Protocol TCP
79. esses via DHCP The Internet Connection Settings DNS pane allows you to manually configure your DNS information To manually configure your DNS information 1 Click the Manually configure your DNS information radio button 2 Inthe Primary Server field enter the IP address of the primary DNS server that the 2Wire gateway is to use for DNS name resolution 3 In the Secondary Server field enter the IP address of the secondary DNS server that the 2Wire gateway is to use for DNS name resolution 4 In the Domain Name field enter the specific domain name to be used by the 2Wire gateway 5 Click the Submit button TO Management and Diagnostic Console Local Network Status Page The Local Network Status page shows the status of the local network 2WRE System Summary Broadband Link Summary Statistics Detailed Statistics Configure Local Network Status Statistics Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Management and Diagnostic Console Local Network Status IP Gateway 19
80. etects and logs TCP and UDP port scans Stateless packet inspection Filters specific NetBios traffic suspicious packets and IP fragments blocks packets sent from the private network to the Internet that have spoofed IP addresses Network Address Translation NAT Translates a local network s IP address to an external address maintained by the 2Wire gateway effectively hiding the existence of a home network to the Internet The 2Wire gateway then uses this external address to communicate with the Internet on behalf of devices connected to the local network Port Address Translation PAT A function provided by some routers which allows hosts on a LAN to communicate with the rest of a network such as the Internet without revealing their own private IP address All outbound packets have their IP address translated to the router s external IP address Replies come back to the router which then translates them back into the private IP address of the original host for final delivery During PAT each computer on the LAN is translated to the same IP address but with a different port number assignment Inbound and outbound port blocking Blocks common inbound and outbound protocol types from passing information to or receiving information from the Internet 35 Firewall Tab Viewing Your Firewall Summary The Firewall Summary page provides summary information and links to the most commonly used security related features of your syste
81. g your network highlight the device s MAC address or name and use the arrows to move the address to the BLOCKED DEVICES field 4 Click SAVE Configuring Additional Settings The Additional Settings panel allows you to customize wireless settings In general it is recommended that you leave the default settings in place however if you are experiencing connection or performance difficulties altering these settings may improve performance Note Because the fields that display are dependent on the type of wireless adapter you are using some of these settings may not display 30 Home Network Tab Wireless Mode Allows you to force the gateway to use 802 11b g 802 11b only or 802 11g only modes of operation Note This field displays only for 802 11b g based models DTIM Period seconds Determines at which interval the access point will send its broadcast traffic The default value is 4 seconds Maximum Connection Rate The maximum rate at which your wireless connection works 1 2 5 5 11 or 22 Mbps for 802 11b based models 1 2 5 5 11 6 9 12 24 36 48 or 54 Mbps for 802 11b g based models Power Setting Allows you to select the power level for your wireless connection The default list is 1 to 4 additional options may appear based on the service provider s configuration If you have customized your wireless system configuration you can restore the wireless settings to factory defaults by clicking
82. ge The Current Settings panel shows the 2Wire gateway s wireless access point settings Access Point The designated name of the wireless access point Network Name The name assigned to your wireless network The default is 2WIREXXX where XXX represents the last three digits of your 2Wire gateway serial number for example 2WIRE954 Channel The radio frequency band the access point uses for your wireless network the default is 6 Wireless adapter cards auto detect the channels to use If you are having problems with your wireless network it could be due to radio interference You can change the wireless channel to see if interference is reduced on a different channel Authentication The security method used to ensure that users are authorized to access the wireless network WEP Open WEP Shared or WPA PSK Encryption The security setting that makes it difficult for unauthorized users to access your network 76 Management and Diagnostic Console The Settings panel allows you to change the Network Name and Wireless Channel and enable SSID broadcast Customizing Security Settings You should always enable encryption for wireless communication When encryption is enabled you must define an encryption key for the 2Wire gateway s wireless access point and configure that same key on each wireless client that will use your 2Wire gateway wireless network Note If encryption is enabled each wireless client must be configure
83. ger Detailed Loq Figure 45 MDC Advanced Syslog Settings Page To enable syslog and specify the location of a syslog server 1 2 Check the Enable Syslog checkbox In the Server Location field enter the IP address of a UNIX or Linux computer running a syslog daemon Optional In the Server Port field enter the outbound port number upon which the syslog server is located To limit the number of log packets check the Enable Throttling checkbox In the Limit Logging to field enter the number of logs per second that you wish to log Click the Submit button 105 Advanced Provisioning Info Page Management and Diagnostic Console The Advanced Provisioning Info page displays the parameters with which the 2Wire gateway was provisioned HE MIL j UT I Castes Ton deco Canteen tenses Lijit Management and Diagnostic Console Advanced Provisioning Information Module Ceefiguraban Fost mosa 0 parentd Otaga rure 8 10 LED protte ebur modit 1 pareti 0 tage O nan level 10 home moat 2 pawang 0 Rage O nan kawal NO banda maga 2 parent O Naga O run evel B gt 10 toarce on tote rov request Naga naa Greed masa parwasa 1 Baga O ron ei 10 Mano mosa 5 pasara Hage Dru level 10 Toute modit 4 parent 1 Rage O runlevel 19 te made 7 perenne 1 taga Onn inet 0 gt 10 uO met 8 pauwi 3 Rage Omen tevet gt 10 OSL Lane i r aget modd 9 parenti Biagi Gru evel 6 10 Vo
84. gure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Loq Figure 27 MDC Broadband Link Detailed DSL Statistics Page Note To update the information displayed on this page click the browser s Refresh button 65 Management and Diagnostic Console The Broadband Link Detailed DSL Statistics page includes the following information Item ATM Cell Header Errors Loss of Cell Delineation DSL Link Retrains DSL Training Errors Training Timeouts Loss of Framing Failures Loss of Signal Failures Loss of Power Failures Loss of Margin Failures Cumulative Seconds w Errors Description The number of ATM cell header CRC errors since the 2Wire gateway was last restarted and the elapsed time since the last cell header error The number of ATM loss of cell delineation errors since the 2Wire gateway was last restarted and the elapsed time since the last loss of cell delineation error The number of DSL retrains since the 2Wire gateway was last restarted and the time elapsed since the last retrain The number of failed DSL retrains since the 2Wire gateway was last restarted and the elapsed time since the last failed retrain The number of timeouts waiting for response from ATU C since the 2Wire gateway was last restarted and the elapsed time since the last initialization timeout The number of DSL loss of framing failures since the 2Wire gateway was la
85. gure a static route In the Subnet Mask field enter the subnet mask of the destination network In the Gateway IP field enter the IP address of the router for the specified subnet Click the Add button 115 Management and Diagnostic Console The Route List shows a list of static routes defined by the user For each user defined static route the following information is displayed Subnet IP Subnet Mask Gateway Interface 116 Advanced DNS Resolve Page Management and Diagnostic Console Note To access this page your network must have the Remote Management feature enabled m If the feature is not enabled an error message will display when you click the link to access this page The Advanced DNS Resolve page allows users to name network devices such as printers or Web servers so that they may be easily accessed by other users on the network 2WRE System Summary Broadband Link Summary Statistics Detailed Statistics Configure Local Network Status Statistics Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping
86. h hr has TO Modifying DSL and ATM Settings ccc hrs 71 Modifying Internet Connection and Authentication Settings 0 000 eee eee 71 Modifying Hardware Address ee T2 Modifying Internet Address Settings ee eee 72 Modifying DNS Information 0 cc ee ee 72 Local Network Status Page es 73 Local Network Statistics Page es 75 Local Network Device List Page ees TT Local Network Wireless Settings Page llle hh hrs 78 Customizing Security Settings eee hh hrs 79 Additional Settings eiu iia cx ce Send BAGA GP Rcx n RO cade kd ENG Pew ae iod S Rer Rode BEC 79 ll Contents Local Network Configuration Page ee ee eee ees 80 Private Network Settings 0 0 ccc eee 80 Public Routed Subinterface Settings 10 anaana nnn 81 Public Proxied Subnet Settings 1 0 0 0 0 ce eee 81 Display Settings ee 81 Enable Router Behind Router Alert l l 81 Firewall Settings Page ee 82 Hosting an Application ee eee 83 Creating an Application Profile eee hrs 83 Allowing all applications RR RR ee ees 85 Firewall Detailed Information Page eee eee 86 PINNOIES 25 Sih aw DE wn ee ee DAL DEE ES ee PE OS RE aE OR ORM Eee Ses 86 NAT SESSIONS ius eese wap ha Dap eee NG GDP NG Ded RR RUE RCRGR ee eee Rage eRe ES 86 Firewall Advanced Settings Page
87. he Local Network Device List page displays information about each device in the local network 2WRE System Summary Broadband Link Summary Statistics Detailed Statistics Configure Local Network Status Statistics Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Management and Diagnostic Console Local Network Device List Identity Type MAC Address System 00 12 88 fc 2b 01 DLeosticTest Ethernet 00 0b db a5 26 d6 RMARVIN Ethernet 00 0d 56 dd e4 9f Figure 31 MDC Local Network Device List Page The following information is displayed IP Address 192 168 1 254 192 168 1 64 192 168 1 65 Identity The name of the device If the device does not have a name associated with it the device IP address is displayed Type The type of connection used by the device to connect to the local network Ethernet USB or Wireless MAC Address The hardware address used by the device IP Address The IP address used by the device 75 Management and Diagnostic Console Local Network
88. he password company name Password still can t remember the password SUBMIT CANCEL Firewall ft HOME Site Map System Tab To reset your system password 1 6 Contact technical support and provide the 20 digit key listed on the Reset System Password screen A support representative will provide you with a temporary password In the Enter Temporary Password field enter the temporary password provided by the technical support representative You must enter the temporary password within 15 minutes of speaking with technical support In the Enter New Password field enter a new system password of your choosing In the Confirm New Password field re enter the system password In the Enter Your Hint field enter an appropriate hint as described under Setting a System Password on page 7 Click Submit Changing Your Time Zone Settings The 2Wire gateway sets the time automatically using time servers on the Internet It retrieves date time information in Greenwich Mean Time GMT Your local time is set using the Time Zone setting you configured when you set up your system If your Time Zone is incorrectly set you can change it in the Edit Date and Time Settings page To change your time zone settings Open a Web browser and access the gateway user interface by entering http gateway 2wire net Click the System tab Click the Date and Time Settings link in the System area of the Network at a Glan
89. horized users it is also a good practice to periodically change your password Resetting the System Password If you forget your password and still cannot remember it after seeing your hint click the still can t remember the password link The Reset System Password page opens Jj o 3 Y BwiRI v um Broadband Home Voice System Link Network Network Summary System Password Date and Time Settings Details Reset System Password Password Help Please call 2Wire technical support and provide the following 20 digit key listed below A support representative will use this information to provide you with a temporary password which can be entered below The temporary password will be good for 15 minutes After you have entered the temporary password you must change the password and enter a hint to help you remember it This hint can be a word phrase or question that will help you remember your password if you forget itin the future Your password hint should be something simple that reminds you what your password is without making it obvious to others Note Your Web browser must accept cookies in order to view the 20 digit code 2307 1102 8051 3100 1769 Enter Temporary Password Enter New Password Confirm New Password Enter Your Hint SUBMIT CANCEL Figure 4 Reset System Password Page System Password Password Required Here s a hintfort
90. iagnostics eee ees 16 MIS IESU cC GA ey A DAN Da NG Sa ee KA NAA eee cee 17 Using Advanced Settings ee 20 Modifying DSL and ATM Settings ee 21 Modifying Broadband Connection Settings ee 22 Modifying the Hardware Address eee 22 Enabling Hostname Override ee 22 Modifying the Broadband IP ce eee 23 Modifying the Broadband DNS 2 23 Home Network Tab Viewing Your Home Network Summary 000 ee 24 Understanding the Local Devices Panel 0 24 Understanding the Status at a Glance Panel ee eee 26 Monitoring Your Wireless Settings ee eee 26 Customizing Security Settings ee 28 Configuring MAC Filtering ee 29 Configuring Additional Settings 1 0 0c ee ee eee 29 Configuring Advanced Settings ees 30 l Contents Setting up a Private Network ce ee eee ees 30 Setting Up a Public Routed Subinterface eee 32 Setting Up a Public Proxied Subnet rn 33 Selecting a Default DHCP Pool 1 0 ees 33 Showing a Device as Inactive ee eee 33 Firewall Tab Firewall Features ccc 6 ubera ee a ee a ea ee we 37 Viewing Your Firewall Summary ee 38 Hosting an Application 1 0 ee 39 Updating the Application Profile List IR hn 41 Adding an Application Profile ee eee 41 Allowing all Applications DMZp
91. ic application such as a game a pinhole must be opened on the gateway firewall to allow requests to the application The Pinholes pane shows the number of pinholes that are currently open There are 192 pinholes available NAT Sessions The NAT Sessions pane shows the number of NAT sessions currently running 84 Management and Diagnostic Console Firewall Advanced Settings Page Note To access this page your network must have the Remote Management feature enabled If the feature is not enabled an error message will display when you click the link to access this page The Firewall Advanced Settings page allows you to configure the gateway s firewall 2WRE System Summary Broadband Link Summary Statistics Detailed Statistics Configure Local Network Status Statistics Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Loq Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Management and Diagnostic Console Firewall Advanced Settings susu Settings WARNING Modifying the settings on this page can impact the ability
92. ie IES sert indiquer le nombre maximal de terminaux qui peuvent tre raccord s une interface t l phonique La terminaison d une interface peut consister en une combinaison quelconque de dispositifs la seule condition que la somme d indices d quivalence de la sonnerie de tous les dispositifs n exc de pas 5 To be certain of the number of devices that may be connected to the line as determined by the total RENs contact the telephone company to determine the maximum RENS for the calling area This terminal cannot be used on telephone company provided coin service Connection to Party Line Service is subject to state tariffs This equipment uses the following USOC jacks RJ11C RJ45 WAN Ethernet An FCC compliant telephone cord and modular plug is provided with this equipment This equipment is designed to be connected to the telephone network or premises wiring using a compatible modular jack that is Part 68 compliant If this equipment causes harm to the telephone network the telephone company will notify you in advance that temporary discontinuance of service may be required If advance notice is not practical the telephone company will notify the customer as soon as possible Also you will be advised of your right to file a complaint with the FCC if you believe it is necessary The telephone company may make changes in its facilities equipment operations or procedures that could affect the operation of this equipment If this happ
93. in the Time Servers fields These settings are typically provided by the service provider and or backend management system 109 Management and Diagnostic Console Advanced Configure Services Page Note To access this page your network must have the Remote Management feature enabled A If the feature is not enabled an error message will display when you click the link to access this page The Advanced Configure Services page allows you to enable the 2Wire gateway to operate in bridged mode change the timeout settings for NAT enable notification messages enable the SIP ALG and change the upstream maximum transmission rate B B gwunsi Management and Diagnostic Console System Summary Advanced Configure Services suem Settings Broadband Link Routing Summary Enable Routing I Routing disabled Bridge mode Statistics Warning When you disable routing the gateway s local IP address gets set to 192 168 1 254 255 255 255 0 Detailed Statistics Configure If you want to connect to the gateway when it is in bridged mode to change its configuration parameters you must Local Network e Configure your computer s IP address to work on the same subnet ex 192 168 1 x 255 255 255 0 Status e Attach your computer to the local network port of the gateway e Enter 192 168 1 254 as address in a web browser Statistics Device List Note When routing is disabled NAT and the DHCP Server are disabled Wreless igiga
94. ink Network Network Summary Details Diagnostics Statistics Advanced Settings fr HOME Site Map View Broadband Link Summary Connection gt Unprovisioned View connection details DSL Link Connected Internet Not connected Connection Speed Incoming 3006 kbps Outgoing 511 kbps Connection Information Internet Address Hardware Address Key Code Unprovisioned Figure 7 View Broadband Link Summary Page The Connection panel shows information about your gateway s connection to the Internet The elements displayed will vary depending on your gateway model and the type of broadband service you have Connection Status There are two ways you can check the current status of your gateway s broadband connection you can use the DSL and Internet indicator lights on the front of your gateway or if your computer is connected to the network you can view the user interface 12 Connection Speed Broadband Link Tab Connection Speed shows the incoming and outgoing data rates of your DSL connection measured in kilobits per second Kbps Incoming is the speed of data flowing from the Internet to your network Outgoing is the speed of data flowing from your network to the Internet Connection Information Connection Information shows the following basic system configuration information Internet Address The broadband IP address assigned by your service provider to your gateway so that i
95. ion The parameters are set by broadband provisioning Server Set Configuration Configuration information defining how the gateway is connected to and interacts with backend provisioning Firewall Configuration Configuration information for the firewall 107 Management and Diagnostic Console Advanced Configure Time Services Page Note To access this page your network must have the Remote Management feature enabled If the feature is not enabled an error message will display when you click the link to access this page The Advanced Configure Time Services page allows you to view and change system time and date settings 2WiRE System Summary Broadband Link Summary Statistics Detailed Statistics Configure Statistics Device List Wireless Configure Detailed Information Advanced Settings Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Management and Diagnostic Console Advanced Configure Time Services Current Time Settings suami Settings Date Friday May 12 2006 Time 11 38 56 AM Time Zone Pacific Daylight Time Time Configuration Automatic Manually Set Tim
96. ion Ethernet Transmit The cumulative number of frames transmitted over the Ethernet home network interface the number of payload bytes transmitted and the number and percentage of transmitted packets in error 73 Management and Diagnostic Console Item Description Receive The cumulative number of frames received over the Ethernet home network interface the number of payload bytes received and the number and percentage of received packets in error Wireless this field is present only on wireless 2Wire gateway models Transmit The cumulative number of frames transmitted over the wireless home network interface the number of payload bytes transmitted and the number and percentage of transmitted packets in error Receive The cumulative number of frames received over the wireless home network interface the number of payload bytes received and the number and percentage of received packets in error USB Transmit The cumulative number of frames transmitted over the USB home network interface the number of payload bytes transmitted and the number and percentage of transmitted packets in error Receive The cumulative number of frames received over the USB home network interface the number of payload bytes received and the number and percentage of received packets in error To reset the local network statistics click the Reset button 74 Local Network Device List Page Management and Diagnostic Console T
97. is will significantly 7 reduce overall system performance because the log buffer capacity will be reached more quickly 86 Management and Diagnostic Console Voice Server Summary Page The Voice Server Summary page shows summary information about the voice line s and their profile mappings Note This link is present only if the 2Wire gateway is VolP enabled WRE Management and Diagnostic Console system Summary Voice Server Summary Broadband Link Active Profiles Summary Statistics Line Profile Associations Configure Line 1 2wire1 is associated with this active profile profile 1 Local Network Line 2 2wire2 is associated with this active profile profile 1 Status Statistics Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log 87 Management and Diagnostic Console Voice Configure Server Page Note This link is present only if the 2Wire gateway is VolP enabled The Voice Configure Server page allows you to edit a profile that is associated with yo
98. ish to obtain the IP address Click the Start button 100 Management and Diagnostic Console Troubleshooting Upgrade History Page The Troubleshooting Upgrade History page shows a log of all system software upgrades and lists the upgrades in the order in which they occurred eWRIE Management and Diagnostic Console System Summary Troubleshooting Upgrade History Broadband Link Current Version Summary Model Number 2701HGV Gateway Statistics Hardware Version 2701 100655 003 Detailed Statistics Software Version 29 117 3 Configure Local Network Status Statistics Device List Wireless Configure Upgrade Log Initial Software Version 5 29 117 Firewall Settings Detailed Information Advanced Settings Voice Statistics Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Loq Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Confiqure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Figure 43 MDC Troubleshooting Upgrade History Page 101 Management and Diagnostic Console The Upgrade History page shows the following information Item Description Model number The 2Wire gateway model number Hardware version The current 2Wire gateway hardware version Software version The c
99. ist Figure 14 Advanced Home Network Settings Page 32 Home Network Tab Click the radio button that corresponds to the IP address range you wish to use If you select the 172 16 0 0 255 255 0 0 or 10 0 0 0 255 255 0 0 range continue to step 5 If you select Configure manually continue to step 2 In the Router Address field enter the IP address used by your system on the private home network In the Subnet Mask field enter the subnet mask The subnet mask is determined by the home network IP address range settings Click the Enable DHCP checkbox a Inthe First DHCP Address field enter the first DHCP address that you ll be distributing over the private network b In the Last DHCP Address field enter the last DHCP address that you ll be distributing over the private network c Inthe Set DHCP Lease Time field enter a value for the number of hours before the DHCP lease expires Click SAVE Note If you change the home network IP address range you must renew the DHCP lease on all devices on your home network and manually reconfigure all devices configured with static IP addresses If you are using the 2Wire Network Support Tool you can renew the DHCP lease by selecting Refresh Network Connection in the Network Support Tool menu Setting Up a Public Routed Subinterface The Public Routed Subinterface pane allows you to create a local network that has broadband network accessible IP addresses by cr
100. k Summary Firewall Settings Advanced Settings PrHome Help Site Map Edit Application Settings Profile Name Enter a name for the application profile that you are creating Application Name Definition Choose a protocol and enter the port s for this application then click ADD DEFINITION to add the definition to the Definition List If the application requires multiple ports or both TCP and UDP ports you will need to add multiple definitions Note In some rare instances certain application types require specialized firewall changes in addition to simple port forwarding If the application you are adding appears in the application type menu below it is recommended that you select it Protocol TCP C UDP Port or Range From To Protocol Timeout TCP default 86400 seconds UDP default 600 Default the same port as defined Map to Host Port aio Application Type None Default x DO DEFINITION Figure 36 MDC Firewall Edit Application Page 2 In the Application Name field enter a name for the application profile 3 In the Protocol field click the TCP or UDP radio button If both protocols are required you must create a definition for each 4 In the Port or Range field enter the port or port range used by the application 5 n the Protocol Timeout seconds field enter the amount of time in seconds that the connection in the specified range should remain open when there is no data transfer In mos
101. k Summary The Home Network Summary page displays information about the devices installed on your network To access the Home Network Summary page Open a Web browser and access the 2Wire gateway user interface by entering http gateway 2wire net Click the Home Network tab to open the View Network Summary page Hi Broadband ome Voice 3 Firewall System Link Network Network Hs Su Wireless Settings Advanced Settings fr HOME Site Nap View Network Summary Local Devices Status at a Glance 9 swang2 For this computer Home Network Edit firewall settings Local Interfaces View device details Ethernet 1 Inactive P Wireless 0 DISABLE 192 168 1 64 For this computer USB 0 DISABLE Edit device name oEdhfrowsiscttings 18 Boo o o o o o o o non kama View device details Wireless Settings Network Name 2WIREOS1 le c E Access Polit PEACE E WQT MAIN For this computer EDIT SETTINGS Edit firewall settings View device details capricorn For this computer Edit firewall settings View device details jrindegard For this computer Edit firewall settings View device details Figure 12 View Network Summary Page Understanding the Local Devices Panel The Local Devices panel shows you the name of the device how it is connected any special configuration information and provides links to other system features that you can set up for the device A device on your network is usuall
102. k cm removed removing subtree disk script subtree disk script removed removing subtree disk lock subtree disk lock removed removing subtree disk log subtree disk log removed making directory disk cm directory disk cm created making directory disk script directory disk script created making directory disk lock directory disk lock created making directory disk log directory disk log created moving disk pkg to disk tmp oldpkg rename disk pkg disk tmp oldpkg OK moving disk tmp pkg to disk pkg rename disk tmp pkg gt disk pkg OK opening file disk script oneboot tws file disk script oneboot tws opened closed file disk script oneboot tws Starting script end tws running script end tws script end tws finished in 266 ms removing subtree disk tmp subtree disk tmp removed rebooting because of pkg request stopping runlevel 9 gt 0 cwmd stop pid 31 cms0 cwmd pipe closed exit pid 31 cms0 cwmd pipe closed stopping runlevel 8 gt 0 sntpcd stop pid 30 stopping runlevel 7 gt 0 pkge stop rfsd stop pid 25 httpd stop pid 26 hostapd stop pid 27 INF2006 05 11114 24 34 07 00hostapd Signal 15 received terminating INF2006 05 11114 24 35 07 00initd INF2006 05 11114 24 35 07 00initd stopping runlevel 6 gt 0 nodesd stop pid 21 INF2006 05 11114 24 35 07 00nodesd process 21 stopped INF2006 05 11114 24 35 07 00initd INF2006 05 1111
103. k tab 27 Home Network Tab Click the Wireless Settings link to open the Configure the Wireless Network page i BG 2 gt e E ry Breed Voice Firewall System Network Network Summary Wireless Settings Advanced Settings dft HONE Site Map Configure the Wireless Network Settings Current Settings Q Identify Network Access Point 00 1b 5b 33 eb 79 Network Name 2WIRE091 Network Name 2WIRE091 Channel e Gani Wireless Channel Auto v Authentication WEP Open Encryption WEP SSID Broadcast Enables the wireless network name to be broadcast publicly to any wireless users within wireless range of your network Disabling the SSID broadcast makes the network name private and provides enhanced security by requiring wireless users To locate the built in 10 digit wireless encryption key for your system please look at the bottom of the product near the bar code label to enter the network name manually when creating a wireless network profile on their computer Wireless Security syle Wireless Network Security Authentication WEP Open K3 Use default encryption key Use custom pass phrase Key MAC Filtering Click on the button below to configure your MAC filtering settings 7 EDIT MAC FILTERING Wee Additional Settings defaults recommended SN 145511100110 TIE LG LU 4119627022 1 Default ammi P m
104. ks with minimal channel separation The radio frequency channels used in 802 11b g networks are shown in the following table Channel Range Channel 1 2399 5 MHz 2424 5 MHz Channel 2 2404 5 MHz 2429 5 MHz 129 Channel Channel 3 Channel 4 Channel 5 Channel 6 Channel 7 Channel 8 Channel 9 Channel 10 Channel 11 Channel 12 Channel 13 Range 2409 5 MHz 2434 5 MHz 2414 5 MHz 2439 5 MHz 2419 5 MHz 2444 5 MHz 2424 5 MHz 2449 5 MHz 2429 5 MHz 2454 5 MHz 2434 5 MHz 2459 5 MHz 2439 5 MHz 2464 5 MHz 2444 5 MHz 2469 5 MHz 2449 5 MHz 2474 5 MHz 2454 5 MHz 2479 5 MHz 2459 5 MHz 2484 5 MHz Glossary The preferred channel separation between the channels in neighboring wireless networks is 25 MHz 5 channels This means that you can apply up to three different channels within your wireless network There are only 11 usable wireless channels in the United States It is recommended that you start using channel 1 and expand to channel 6 and 11 when necessary as these three channels do not overlap 130 Regulatory Information Electrical AC Adapter The AC adapter is designed to ensure your personal safety and to be compatible with this equipment Please follow these guidelines Do not use the adapter in a high moisture environment Never touch the adapter when your hands or feet are wet Allow adequate ventilation around the adapter Avoid locations with restricted airflow Connect the adapter to a
105. lays data associated with the 2Wire gateway s DSL link 2WRE Management and Diagnostic Console System Summary Broadband Link Summary Statistics Detailed Statistics Configure Local Network Status Statistics Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Troubleshooting DSL Diagnostics General Information DSL Line Wire Pair Line 1 inner pair Downstream Rate Cap 8128 kbps Downstream Atten at 300kHz 14 dB Uncancelled Echo 16 5 dB VCXO Frequency Offset 9 3 ppm Final Rx Gain 6 8 dB Impulse Noise Comp Tones 0 Excessive Impulse Noise 0 Impulse noise protection 0 00 Delay of latency path 0 25 ms Training History Downstream Time Line Rate Max1 Max2 Max3 Mgnt Mgn2 2006 05 12 11 29 51 PDT 1 8064 8128 8128 8128 20 9 20 0 Notes Time Time of last update Max1 Max rate at start of connection Max2 Current or final estimated max rate Max3 Current or final estimated max rate without INC Mgn1 Noise margin at start of connection Mgn2 Current or final noise margin DLY Delay of la
106. led DSL Statistics Page The Broadband Link Detailed DSL Statistics page shows a set of cumulative DSL statistics associated with the 2Wire gateway Note This link is present only if the 2Wire gateway connects to the Internet via ADSL 2WRE Management and Diagnostic Console system Summary Broadband Link Detailed DSL Statistics RESET statistics Broadband Link Collected for 20 54 13 Summary Current Current Statistics Since 24 Hour 15 Minute Time Since Detailed Statistics ATM Reset Interval Interval Last Event Configure Cell Header Errors 0 0 0 0 00 00 Local Network ee ee ee UE Status Statistics DSL saati Link Retrains 0 0 0 0 00 00 Fa DSL Training Errors 0 0 0 0 00 00 Hilteless Training Timeouts 0 0 0 0 00 00 Configure Loss of Framing Failures 0 0 0 0 00 00 Firewall Loss of Signal Failures 0 0 0 0 00 00 Settings Loss of Power Failures 0 0 0 0 00 00 Detailed Information Loss of Margin Failures 0 0 0 0 00 00 Jalesnad Sultan Cumulative Seconds w Errors 0 0 0 0 00 00 Cumulative Sec w Severe Errors 0 0 0 0 00 00 Voice Corrected Blocks 0 0 0 0 00 00 Summary Uncorrectable Blocks 0 0 0 0 00 00 Configure Server DSL Unavailable Seconds 32 32 0 20 53 40 Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Confi
107. led Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Loq Figure 51 MDC Advanced Traffic Shaping Page Warning Modifying the gateway s configuration settings may impede or interrupt the user s A broadband service or violate the service provider s service level agreement To change the gateway s upstream connection rate 1 Check the Enable Traffic Shaping checkbox 2 In the New Upstream Rate field enter the upstream rate at which you want the gateway to connect 3 Click the Submit button 118 Management and Diagnostic Console Advanced Link Manager States Page The Advanced Link Manager States page is a tree representation of the 2Wire gateway interface stack and shows the internal state of the 2Wire gateway WRE Management and Diagnostic Console Syaikan Samiiiary Advanced Link Manager States Broadband Link LM a Ka deviced is UP Statistics rnat is UP Detailed Statistics gt route0 is UP Configure I 7fw0 is UP gt cms0 is UP Local Network atmmgro is UP Status pve0 is UP gt gos0 is UP Slatstics gt sysio0 is UP
108. local network to access your broadband connection Modifications may also affect broadband enabled applications and services running on the Detailed Statistics local network Configure Local Motwork Private Network Status If you change the IP address range you must renew the DHCP lease on all devices on the network iA 192 168 1 0 255 255 255 0 default Device List Wireless C 172 16 0 0 255 255 0 0 Configure 10 0 0 0 255 255 0 0 Firewall C Configure manually 7 Settings Router Address Detailed Information Co Advanced Settings ES IT Enable DHCP Voice i Aa gt Cu First DHCP Address Configure Server Last DHCP Address Confiqure Line Association S D Set DHCP Lease Time 24 hours Troubleshooting PAA AA EE E DSL Diagnostics a a ae Public Routed Subinterface Network Tests T Create a route from the Internet to the public network specified below Upgrade History Router Address Resets Subnet Mask Advanced oe neu a MEL LLL Syslog Settings Public Proxied Subnet NAT Routed Provisioning Info This value will determine the public addresses available for using applications with your home Configure Time Services network devices Configure Services Broadband Network 208 35 230 176 255 255 255 192 Static Routes Subnet Mask DNS Resolve asc A E g tia scusa Traffic Shaping Display Settings Link Manager IV Show inactive devices in network list Detailed Log L
109. lus ee Rm eee 44 Viewing the Firewall Log 2 46 Configuring the Firewall Advanced ee eee 48 Enabling Advanced Security llle hh hrs 49 Stealth MOE x sog AG OR Rod quce iw Joel EUR E D Red gorge E S Rode wd KANG 49 Block PING ou Roe Sowa aoe a RE WO RO LE RR ROCA ARCACHON aw LACE a Re CR os 51 Strict UDP Session Control leer hrs 52 Allowing Inbound and Outbound Traffic 2s hrs 53 Disabling Attack Detection hh hh hrs 53 Management and Diagnostic Console Accessing the MDC ura nk Ex R Xe Ok D tad eee REREAD 56 Using the MDC sedo n tede BA RG ke ak Bw REN hele ne a Baad a Fe umn haa te Oa a a Ra 56 System Summary Page eee hh hh rns 58 Broadband Link Pages llle hh hrs 58 Local Network Pages celere hh hh hh rns 58 Firewall P8g6S esu ge en RR Reden Rem poe Roa x RR GR eH For Roh are GHANA Dn halang 58 Volce Pages l se a Gee ew ee AR kp WARREN eRe RC AGRAR RR RC oe 58 Troubleshooting Pages eee hh hh m rns 58 Advanced Pages cc ccc ee eee hh hh hh hrs 58 Remote Management Feature lceeeeeee eee ee eee hh hs 59 System Summary Page selle ehh hh hh hrs 60 Broadband Link Summary Page eee hr hrs 62 Broadband Link Statistics Page leer hr hrs 65 Broadband Link Detailed DSL Statistics Page celer 67 Broadband Link Configuration Page 1 h
110. m To access the Firewall Summary page Open a Web browser and access the gateway user interface by entering http gateway 2wire net Click the Firewall tab to open the View Firewall Summary page P F H Paa nag n A Em o E Jj NS dJ oS P sewer 9 95 x 1 Syste Broadband Home Voice Firewall ystem Link Network Network Summary Firewall Settings Advanced Settings Pr HOME site Map View Firewall Summary Firewall Settings g Firewall Active The firewall actively blocks access of unwanted activity from the Internet If you are using an application that requires you to open a port in your firewall you may do so by clicking Firewall Settings above Current Settings Default To allow users on the Internet to connect to a computer inside your secure home network you must configure the system s firewall settings Click VIEW DETAILS for more information VEW DETAILS Figure 15 View Firewall Summary Page The Firewall Settings panel displays the Current Settings for your firewall Default Unsolicited inbound traffic is not allowed to pass through the firewall Custom Applications are associated with computers on your network An access list shows the computers Devices on your network and the names of the Allowed Applications for each computer When you allow application traffic external users on the Internet can have limited access to your home network This access might be require
111. m up are available on the gateway Home page Following is a brief description of these services Web Remote Access The Web Remote Access enhanced service allows you to access your home computer files from remote locations using any standard Web browser Web Remote Access authenticates and encrypts access between the Web browser and the 2Wire gateway enabling you to securely access and download important files or manage other enhanced services such as Parental Controls or Firewall Monitor You can optionally define a unique Web Domain Name during setup for example http myname accessmyhome net making it easy for users that are allowed to access the home network to manage the gateway when away from the home For additional information please refer to the Web Remote Access User Guide Firewall Monitor The 2Wire Firewall Monitor enhanced service extends the professional grade firewall capabilities of your 2Wire gateway by continuously assessing threats to your home network Firewall Monitor allows you to Automatically download updates to your firewall software to protect against new threats Receive on screen notification to alert you of network attacks Review details about attacks blocked and the source of the attacks For additional information please refer to the Firewall Monitor User Guide System Tab Parental Controls The 2Wire Parental Controls enhanced service offers two features that allow parents to maintain control ov
112. mation about the 2Wire gateway its configuration and components 2WRE Figure 24 MDC System Summary Page System Summary Broadband Link Summary Statistics Detailed Statistics Configure Local Network Status Statistics Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Voice Statistics Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Management and Diagnostic Console System Summary System Model Serial Number MAC Address Hardware Version Hardware Options DSL Modem Type Current Software DSL Modem 2701HGV Gateway 130711055933 00 1a c4 e6 ca 38 2701 100655 003 Wireless present ADSL 5 29 117 3 72 6 Configuration Key Code System Time Time Since Last Boot Last ID Post 52B5 26P4 6262 22T2 B26U Thursday August 30 2007 07 07 45 AM 0 days 04 52 51 Thursday August 30 2007 02 16 00 AM Components system base ui common en base voice singtel moip config singtel logo singtel singtel en singtel providerconf Firewall Rules Application List fwmon IGMP Proxy IGMP Querier IGMP Sno
113. mation pane shows diagnostic information for the current DSL connection or connection attempt These values are also listed in the last row of the Training History pane Item DSLAM DSL Line Downstream Rate Cap Downstream Atten at 300kHz Uncancelled Echo VCXO Frequency Offset Final Rx Gain Description Lists information about the DSLAM including country DSLAM vendor and specifics During line search the value will alternate between 1 and 2 The Searching for DSL signal comment appears until the ADSL protocol is confirmed with the DSLAM on the current line The configured DSL service downstream speed The measurement in kbps of the decrease in downstream signal strength Measure in dB of the uncancelled echo relative to the background noise on the line indicating how much the uncancelled echo is affecting DSL performance Indicates the difference between the gateway s and the DSLAM port s crystal frequency in parts per million ppm Indicates the current receive gain setting in dB Value 1 or 2 Varies by service provider Varies by service provider Appropriate values usually range between 25dB and 6dB A positive value for example 12 could indicate the presence of an unfiltered telephony device and or an alarm The ideal value is zero O The maximum difference should be less than 150 ppm Dependent on DSL line length Comment None
114. me data throughput in Kilobits per second and displays in one second intervals The Speed Meter monitors the actual data rates while connecting to a Web site This data rate can differ from the reported speed of your broadband connection due to many factors including traffic to the Web site or the speed of the Web servers at the site you are visiting Test Connection Speed Note To use the Speed Meter your browser must support Java 2 The Test connection speed link launches the 2Wire Bandwidth Meter The Bandwidth Meter measures the maximum download speed from 2Wire s Web site to your system in Kilobits per second Kbps The 2Wire Bandwidth Meter estimates your connection speed from the Internet Because the Internet consists of thousands of interconnections your connection to a Web site could be affected by many different factors If you experience slow performance on a particular Web site you can use the 2Wire Bandwidth Meter to verify whether this is isolated to that particular Web site or if it is a more general occurrence Because the 2Wire Bandwidth Meter measures the download speed from 2Wire s Web site to your computer and can be affected by many factors on the Internet it is not an accurate measurement of the service from your ISP Using Broadband Diagnostics Diagnostics displays an itemized list of your broadband connection s current status Technical support representatives use this information to help troubleshoot probl
115. must configure the 2Wire gateway firewall to pass through specific application data to a selected computer To host an application Open a Web browser and access the gateway user interface by entering http gateway 2wire net Click the Firewall tab 37 Firewall Tab Click the Firewall Settings link under the tab to open the Edit Firewall Settings page ewier 2 S 2 5 System Broadband Home Noks Firewall Summary Firewall Settings Advanced Settings PrHONE site wap Edit Firewall Settings Settings o By default the firewall blocks all unwanted access from the Internet You can allow access from the Internet to applications running on computers inside your secure home network by enabling firewall pinholes Opening firewall View firewall details pinholes is also known as opening firewall ports or firewall port forwarding To do this associate the desired application with the computer below If you cannot find a listing for your application you can create a user defined application profile To create a user defined profile you will need to know protocol and port information Reset all firewall settings To Allow Users Through the Firewall to Hosted Applications Select a computer Choose the computer that will host applications through the firewall swang2 Y a Edit firewall settings for this computer O Maximum protection Disallow unsolicited inbound traffic O Allow indivi
116. n seconds of the SIP registration and indicates how frequently re registration will occur Register Retry Interval Indicates the period of time in seconds before the gateway will retry registration after a failed attempt By default the Show CID Names and Require Authentication checkboxes are checked Show CID Names allows the gateway to display the configured outbound caller ID information Require Authentication allows the gateway to use authentication when registering with the SIP proxy Use 11 digit DIDs allows the gateway to automatically append a 1 to the registration phone number 1 To add a new profile choose the VoIP type from the pull down menu and click ADD To edit VoIP settings click the box next to the profile name and click EDIT To delete a profile disable the VoIP service by clicking the box next to the profile and click SUBMIT then select DELETE and click SUBMIT again 2 If editing a profile the Edit Profile Settings page opens 3 Enter a name in the Profile Name field then enter values in the Server Settings fields as well as the fields for End Point Settings Check the appropriate boxes for 11 digit DIDs CID names and authentication 4 Click SUBMIT 89 Management and Diagnostic Console 5 From the left navigation field under the Voice subheading click Configure Line Association The Voice Associate Server page opens 2WRE Management and Diagnostic Console System Summary Voice A
117. n which the local network is an extension of the broadband network and does not require any special routing Computers that are assigned Public Proxied Subnet IP addresses operate without the use of Network Address Translation NAT This feature is typically used in conjunction with broadband service that provides a range of IP addresses Once enabled the Public Proxied Subnet IP addresses can be assigned to local computers Display Settings If the Show Inactive Devices checkbox is checked devices that are no longer on the local network will display in the Local Network Local Devices list as an inactive device If this checkbox is not checked inactive devices will not be displayed in the device list Enable Router Behind Router Alert If the Display alert when another router is connected to this router checkbox is checked the Router Behind Router error page displays in the gateway user interface if the gateway detects the presence of a third party router If a third party router is connected to the 2Wire gateway the network can become unstable because both devices are trying to manage private IPs via NAT 79 Management and Diagnostic Console Firewall Settings Page Note To access this page your network must have the Remote Management feature enabled If the feature is not enabled an error message will display when you click the link to access this page 2WRE Management and Diagnostic Console System Summary
118. nd includes the following Node Information Description Link status Up The link is functioning properly Climbing The link is attempting to establish a connection Down The link is not yet configured Error An error has occurred State changes The number of times the state of the link has changed since last reboot 120 Management and Diagnostic Console The following table shows the possible nodes that can display on the Link Manager States page Node rootO globalO deviceO rnatO routeO fwO cmsO homeO vlanO ipnet1 vlanmonO ipbridgeO ipnet2 vlan3 bbandO vlan1 dhcpO ipnetO dnstestO vlan2 dslO apvco pppoeO pppoa0 rtatmO Description Root for configuration tree Branch for all global configuration modules Maintains the status and configuration for devices on the 2Wire gateway Maintains the application mappings and pinholes for nodes on the 2Wire gateway Maintains all static routes on the 2Wire gateway Maintains all firewall rules on the 2Wire gateway Monitors CMS connectivity and activity with the 2Wire gateway Branch for the home network modules Home network virtual LAN configuration module Home network IP configuration module Home network virtual LAN monitor for activity Home network IP bridge DMZ configuration module Home network public IP network configuration module Home network voice virtual LAN module Branch for the primary broadband network Primary broadband virtual LAN c
119. nd retrieve the current local time Subsequently the time since power on is displayed in YY MM DD and HH MM SS format The line 1 or 2 on which the gateway is searching for a DSL signal The net user data rate in kbps for the connection Maximum rate achievable at the time of the initial connection based on the line quality specifically the uncapped rate 94 Item Max 2 Max 3 Mgn 1 Mgn 2 Attn Pwr CRCs FECs INP DLY Upstream Rate Max Mgn Attn Pwr CRCs FECs Mode Vendor State Management and Diagnostic Console Description Latest estimate of maximum achievable rate adjusted for changing line conditions Current or final estimated maximum achievable rate without impulse noise compensation Noise margin in dB at the start of the connection Latest noise margin adjusted for changing line conditions since the connection was first established Measured attenuation in dB of the line Transmit power in dB Total uncorrected errors for this connection Total corrected errors for this connection Impulse noise protection Delay of latency path The new user data rate in kbps for the connection Maximum rate achievable at the time of the initial connection based on the line quality specifically the uncapped rate Noise margin in dB at the start of the connection Measured attenuation in dB of the line Transmit power in dB Total uncorrected errors for this connection
120. ne nasaincuabasesanddosnadasas E Configure NAT 7 TCP Timeout 144c Minutes 5 1440 minutes default 1440 minutes Firewall Settings UDP Timeout 10 Minutes 1 720 minutes default 10 minutes Detailed Information IGMP Querier r yore Valeo Broadband Status Notification Summary Enable n Configure Server H Configure Line Association Missing DSL Filter Detection Enable O Troubleshooting DSL Diagnostics puis Herne rM Eq aS recti nS Event Log SIP Application Layer Gateway Network Tests Enable Vv Upgrade History Resets Upstream MTU poner Force Upstream MTU 150C Syslog Settings suavi Settings Provisioning Info Configure Time Services eo Configure Services aha Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Figure 48 MDC Advanced Configure Services Page Routing By default the 2Wire gateway is configured in routed mode The Advanced Configure Services page allows you to configure the 2Wire gateway to operate in bridged mode 110 Management and Diagnostic Console IMPORTANT Bridged mode is intended for testing purposes only as in WT 062 ADSL BER Bit Rate Error or industry standard performance tests When routed mode is disabled the 2Wire gateway can no longer be managed via CMS and any DSL connection will require an external PPP connection via software of third party hardware It is strongly recommended that you disable
121. o comply may void the product warranty Location Environmental Considerations Do not plug the power pack into an outdoor outlet or operate the terminal outdoors It is not waterproof or dustproof and is for indoor use only Any damage to the unit from exposure to rain or dust may void your warranty Do not use the terminal where there is high heat dust humidity moisture or caustic chemicals or oils Keep the gateway away from direct sunlight and anything that radiates heat such as a stove or a motor Declaration of Conformity FCC Compliance The following device has been tested and certified as compliant with the regulations and guidelines set forth in Part 68 of FCC Rules Manufacturer 2Wire Inc Model 2701HGV W Part 15 of FCC Rules This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation Regulatory Information This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful
122. o create a network with your computers and peripherals Networking Technology Overview Ethernet Ethernet is a local area network LAN technology that transmits information between computers at speeds of 10 or 100 Mbps 2Wire gateways have either 1 or 4 Ethernet ports for directly connecting computers or devices If your home or office is wired for Ethernet you can use the Ethernet interface s on the gateway to create a broadband network USB The 2Wire gateway s USB 1 1 port allows you to directly connect a computer or other network ready device Wireless The 2Wire gateway includes an integrated wireless access point which allows users to roam wirelessly throughout the home or office 2Wire s high powered wireless technology virtually eliminates wireless coldspots in the home The 2Wire gateway s high power 400mW transmitter ensures that users benefit from increased wireless bandwidth throughout the coverage area In addition the 2Wire gateway employs a special triple antenna design The third antenna is used only for transmitting packets thus mitigating the power loss associated with switching the antenna use back and forth between transmit and receive This results in greater access point sensitivity as antenna placement can be better optimized with a dedicated set of receive only antennas 1 The 200 series gateways connect via Ethernet 2 Some interfaces are not available on specific models System Tab This chapter de
123. ocated for public address Creates a bridge network with the broadband The subnet mask allocated for public address Note If you have Enhanced Services such as Internet Access Control installed the specific service and its status display in the Devices panel 72 Management and Diagnostic Console Local Network Statistics Page The Local Network Statistics page shows information about the interfaces on the local network e WRE Management and Diagnostic Console system Summary Local Network Statistics RESET Statistics Broadband Link Ethernet Bytes Packets Errors Summary Transmit 2491126 11999 0 0 Statistics Receive 1911440 13916 0 0 Detailed Statistics NEM Phil io ANAN ANA NA eS LK Configure Wireless Transmit 999236 0 0 0 Local Network Receive 37571857 0 0 0 Statistics USB Device List Transmit 0 0 0 0 Wireless Receive 0 0 0 0 Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Figure 30 MDC Local Network Statistics Page The Local Network Statistics page includes the following information Item Descript
124. of computers on the local network to access your broadband connection Modifications may also affect broadband enabled applications and services running on the local network Security Check to enable the features below Stealth Mode T Block Ping T Strict UDP Session Control Inbound and Outbound Control Checking the box allows the associated traffic type through the firewall Outbound Inbound Iv HTTP Iv Remote Management FW HTTPS NetBIOS Iv FIP v Telnet Iv SMTP M DNS NetBIOS Iv POP3 Iv IMAP M NNTP M IRC M H323 v All Other Protocols Attack Detection v Excessive Session Detection v TCP UDP Port Scan Iv Invalid Source Destination IP address IV Packet Flood SYN UDP ICMP Other I Invalid TCP Flag Attacks NULL XMAS Other v Invalid ICMP Detection Iv Miscellaneous Full Logging Enable Full Logging Note Enabling full logging will reduce system performance SUBMIT Settings co Back to Top Figure 38 MDC Firewall Advanced Settings Page 85 Management and Diagnostic Console Enabling Security Features The Security pane allows you to configure the gateway s firewall to provide additional security features Following are descriptions of the features Stealth Mode Enabling Stealth Mode suppresses error responses for example TCP resets Block Ping Enabling Block Ping blocks ping responses Strict UDP Session Control Enabling Strict UDP Session Control prevents another sour
125. om FI Times or Hops e Bytes Maximum 576 The Ping test allows you to ensure that the 2Wire gateway can send data packets to ping a remote host The Traceroute test traces the number of times a data packet sent from the 2Wire gateway is routed before it reaches its destination The DNS Query test finds the IP address of the domain name service 99 Management and Diagnostic Console To perform a ping or traceroute test 1 2 6 From the drop down menu select Ping or Traceroute In the Host field enter the URL of the host location to which you wish the 2Wire gateway to send the ping or traceroute In the Test field enter the number of times you want the ping to occur the maximum is 25 or the number of hops you want traceroute to trace In the Packet Size field enter the packet size you wish to send The maximum packet size is 576 Check the Enable network name resolution checkbox This will ensure that the name of the host location is displayed along with the corresponding IP address Click the Start button The results are displayed on the page as they occur and include round trip latency the aggregate number of packets sent received and lost and the minimum maximum and average round trip latency To discontinue Ping or Traceroute click the Stop button To perform a DNS query 1 2 3 From the drop down menu select DNS Query In the Host field enter the domain name URL for which you w
126. onfiguration module Primary broadband DHCP client module Primary broadband IP configuration module Primary broadband DNS access test module Primary broadband PPP bridge virtual LAN DSL device control module Primary broadband ATM and auto PVC search module Primary broadband PPPoE configuration module Primary broadband PPPoA configuration module Primary broadband routed ATM configuration module The nodes that display are dependent on the 2Wire gateway For example 2Wire gateways that are not connected to the Internet via ADSL will not display ADSL information 121 Management and Diagnostic Console Advanced Detailed Log Page The Advanced Detailed Log page is a debug log facility modeled after syslog and provides advanced diagnostic capabilities 2WiRE Management and Diagnostic Console System Summary Broadband Link Summary Statistics Detailed Statistics Configure Local Network Status Statistics Devi List Wireless Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detail Li Advance
127. oping 109235 109236 109238 109237 109226 109242 109243 109244 109245 1000 1001 Active Disabled Disabled Enabled Depending on the service provider and the components installed the System Summary page includes the following information Item System Model Serial Number Description 2Wire gateway model number for example 2701HGV Gateway 2Wire gateway serial number 58 Item MAC Address Hardware Version Hardware Options DSL Modem Type Current Software Configuration Key Code System Time Time Since Last Boot Last ID Post Components DSL Modem Firewall Rules Application List Management and Diagnostic Console Description 2Wire gateway MAC address 2Wire gateway hardware version The type of peripheral device installed ADSL or ISDN 2Wire gateway software version The key code associated with the current provisioning settings The value is Unprovisioned if the 2Wire gateway has not yet been provisioned The day month year and time or Retrieving date and time settings from Internet if not set The time elapsed since the 2Wire gateway was last restarted The time elapsed since the 2Wire gateway communicated with the configuration server DSL modem software version Current version of the installed firewall rules database Current version of the application list Note The contents of the Components list varies according to service provid
128. owners 5100 000659 000 Rev 001 08 2008 Contents Introduction Networking Technology Overview 0 hh hr hh eee 1 System Tab Viewing Your System Summary leer hh hh hh hr rrr 2 Network at a Glance Panel sse hh hh hrs 3 System Area of the Network at a Glance Panel leen 3 Broadband Link Area of the Network at a Glance Panel eee eee eee 4 Home Network Area of the Network at a Glance Panel eee eee ee eee 4 Enabling Enhanced Services hh hrs 5 Web Remote ACCeSS s saoEELGRRRERRRIREPRSCCERPIGGgR Se ee GE awe Ee RARO Re rs 5 Firewall MonhitOf J 0s esc mne kok wok x y y ma Ex e ROLE ACRCKCRCR hare eee KOC EO RO E Rcs 5 Parental Controls eres aana ei o EROR ee ee SG eR NOR SEP OX WAN Roe 5 Setting a System Password lese hh hh hh hers 6 Resetting the System Password llle 7 Changing Your Time Zone Settings eee ees 8 Viewing System Details anann aaan ees 9 Broadband Link Tab Viewing Your Broadband Link Summary 0 aaaea 10 Connection StatiS xx meo fe wee eae NAE NG ARN INN RPG PENA EGR eni 10 Connection Speed cc ees 11 Connection Information 0 0000 ee 11 Finding Your Hardware Address 00 rn 11 Connection Detalls X0 RARE AG RAD Ee ee ee NLA NE GNG WG LAWIN ee x RR NG 12 Monitor Internet Connection 0000 ee ee 16 Test Connection Speed ees 16 Using Broadband D
129. ox allows the associated traffic type through the firewall Edit Advanced Firewall Settings page oa punt bichaneinent 1 In the Inbound and Outbound Control pane deselect the ag itis checkbox of the protocol you wish to block M SMTP 2 Click SAVE nd NetBIOS Disabling Attack Detection 7 POPS V IMAP By default the 2Wire gateway firewall rules block the attack NNTP types listed in the Attack Detection pane There are some M IRC applications and devices that require the use of specific data ports through the firewall The gateway allows users to open the necessary ports through the firewall using the Firewall Settings page If the user requires that a computer have all incoming traffic available to it this computer can be set to the DMZplus mode While in DMZplus mode the computer is still protected against numerous broadband attacks for example SYN Flood or Invalid TCP flag attacks In rare cases the incoming traffic may be inadvertently blocked by the firewall for example when integrating with external third party firewalls or VPN servers You may need to disable one or more of the attack detection capabilities for any device placed in the DMZplus In this case the third party server provides the attack protection normally provided by the gateway 51 Firewall Tab The following table lists the attacks for which the gateway firewall filters continuously check Attack Excessive Session Detection TCP UDP Port Scan
130. port TCP and UDP Disposition of the event The action taken when the event occurs for example Unknown inbound session stopped 98 Troubleshooting Network Tests Page Management and Diagnostic Console The Troubleshooting Network Tests page provides the Ping Traceroute and DNS Query tools which help diagnose problems with the 2Wire gateway or 2Wire gateway connections EWR Management and Diagnostic Console system Summary Troubleshooting Network Tests Broadband Link ping Summary Enable network name resolution Statistics Detailed Statistics start stor Configure Pinging 216 52 Local Network Status ping successful Statistics ping successful ping successful Device List ping successful Wireless ping successful Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Figure 42 MDC Troubleshooting Network Tests Page 29 100 5 times with 64 bytes of data icmp seq 0 time 18 ms icmp seq 1 time 19 ms icmp seq 2 time 20 ms icmp seq 3 time 17 ms icmp seq 4 time 17 ms www 2wire c
131. proper power source Voltage and grounding requirements are found on the product case and or packaging Do not use the adapter if the cord becomes damaged Do not attempt to service the adapter There are no serviceable parts inside Replace the unit if it is damaged or exposed to excess moisture Telecommunication Cord CAUTION To reduce the risk of fire use only No 26 AWG or larger UL Listed or CSA Certified Telecommunication Line Cord Location Electrical Considerations WARNING The electrical cord of this product must be plugged into a properly grounded outlet or adapter Failure to comply could result in an electric shock hazard If you do not know whether your outlet or adapter is properly grounded you should consult a licensed electrician CAUTION Due to risk of electrical shock or terminal damage do not use the terminal near water including a bathtub wash bowl kitchen sink or laundry tub in a wet basement or near a swimming pool Also avoid using this product during electrical storms Avoid locations near electrical appliances or other devices that cause excessive voltage fluctuations or emit electrical noise for example air conditioners neon signs high frequency or magnetic security devices or electric motors Equipment Repairs Do not under any circumstances attempt any service adjustments or repairs on this equipment Instead contact your local 2Wire distributor or service provider for assistance Failure t
132. referred to as hosting an application the name of the application s that you are hosting are displayed under the device name Note For additional information refer to Hosting an Application on page 37 If you have defined special features for the computer such as DMZplus mode the feature is displayed under the device name 26 Home Network Tab Depending on the permissions you have set for devices on your network the following links may display next to the device Access shared files Accesses the shared files available from this computer This feature only works with Microsoft Windows computers that have shared files and file sharing installed Note f your computer is configured with a static IP address this link will not appear Edit firewall settings Accesses the system user interface page which allows you to edit the firewall pass through settings for the computer For example you may need to change the pass through settings for the computer if you want to play an Internet game View Internet Access Control Accesses the Internet Access Restriction schedule for this computer Edit Content Screening Accesses the Content Screening settings page allowing you to change the Web site permissions for users on your network View device details Displays the technical networking details about the device If you are experiencing difficulties this information may be helpful to a technical support representative
133. reless channel setto 0 INF P0000 00 00T00 00 18 sys Wireless power setto 100 INF P0000 00 00T00 00 18 sys ipnet1 Up on bridged with 192 168 1 254 24 TEESE INF P0000 00 00T03 25 23 sys ipnet0 Up on bridge with 208 35 230 176 26208 35 230 190 Configure INF P0000 00 00T03 25 23 sys DNS up DNS1 0 0 0 0 DNS2 0 0 0 0 Firewall INF P0000 00 00T03 25 23 sys Bridge network changed to 208 35 230 176 255 255 255 255 Settings bmask 255 255 255 192 s Dated iiia INF P0000 00 00T03 25 24 sys Set system clock 2006 05 11 17 50 31 PDT Advanced Settings Weiss CLEAR LOG Summary co Configure Server Configure Server Back to Top Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Figure 41 MDC Troubleshooting Event Log Page You can view specific information by selecting which log to view from the pull down menu and then clicking the Filter button the screen capture depicted above has the system filter applied Following are descriptions of the logs Access Shows the current access log which registers all significant Content Screening and Internet Access Control events All Shows all logs that register a significant event access firewall fw alert system
134. rnet address settings automatically the subnet mask has been set for you If you manually set your Internet address Static IP this is the information that was provided to you by your ISP and entered by you during the system installation 16 Item Primary Domain Name Server Secondary Domain Name Server Domain Maximum Transmission Unit MTU Gateway Ping DNS Communication Configuration Server Post Broadband Link Tab Description Part of the Internet address settings A domain name is a meaningful easy to remember handle for an Internet address The DNS allows Internet users to specify a name domain name to reach a Web page for example www domainname com instead of its Internet address for example 111 222 111 222 When you enter the name of a Web location URL the DNS looks up the name and resolves it to the Web page s Internet address If you receive your Internet address settings automatically the subnet mask has been set for you If you manually set your Internet address static IP this is the information that was provided to you by your ISP and entered by you during gateway installation Used as a backup if the Primary server fails to respond If you receive your Internet address settings automatically the subnet mask has been set for you If you manually set your Internet address Static IP this is the information that was provided to you by your ISP and entered by you during the system
135. routed mode ONLY if you thoroughly understand the ramifications of doing so To operate the gateway in bridged mode 1 Deselect the Enable Routing checkbox 2 Click the Submit button Most gateway features are now disabled including firewall and stateful packet inspection DHCP NAT DNS PPP and remote management The gateway no longer functions as a gateway and is in effect a multi protocol Ethernet wireless and USB bridge Note When routing is disabled the gateway s local IP address is set to 192 168 1 254 subnet 255 255 255 0 Computers connected to the 2Wire gateway will retain the IP address assigned by the gateway s DHCP server until a new IP address is obtained from an alternative DHCP server or is manually assigned To re enable routed mode 1 Configure the computer s IP address to work on the same subnet as the gateway a From the Windows desktop or the Start menu right click the My Network Places icon then left click Properties b Right click the icon that represents the network connection to the gateway and left click Properties Network Connections File Edit View Favorites Tools Advanced Help 3 9 B JO search E gt Folders i Address Network Connections LAN or High Speed Internet Wireless Network Connection TY DellTrueMobile 1300 WLAN View status of this Bridge Connections onnection wi Ren mection hange settings of this Create Shortcut connection Rename
136. s that display are dependent on the type of wireless adapter you are using some of these settings may not display Wireless Mode Allows you to force the gateway to use 802 11b g 802 11b only or 802 11g only modes of operation DTIM Period seconds Determines at which interval the access point will send its broadcast traffic The default value is 1 second Power Setting Allows you to select the power level for your wireless connection The default list is 1 to 4 additional options may appear based on the service provider s configuration Maximum Connection Rate The maximum rate at which your wireless connection works 1 2 5 5 11 or 22 Mbps for 802 11b based models 1 2 5 5 11 6 9 12 24 36 48 or 54 Mbps for 802 11b g based models TT Management and Diagnostic Console Local Network Configuration Page Note To access this page your network must have the Remote Management feature enabled A If the feature is not enabled an error message will display when you click the link to access this page The Local Network Configuration page allows you to change the gateway s default local network settings You must click the Submit button for changes to take effect EWR Management and Diagnostic Console System Summary Local Network Configuration susu settings Broadband Link WARNING Summary Statistics Modifying the settings on this page can impact the ability of computers on the
137. scribes the 2Wire gateway System features Note 2Wire recommends that you use Internet Explorer 5 5 or higher or Netscape 6 or higher Viewing Your System Summary The System Summary page provides general information and links to your system s most commonly used features To access the System Summary page Open a Web browser and access the gateway user interface by entering http gateway 2wire net Click the System tab to open the System Summary page p E WE S9WRE _ 9 UO 22 amp ET System e f Network E mawari Fran Summary System Password Date and Time Settings Details fr HOME Site Map Firewall Network at a Glance e Firewall View firewall f gt 2701HGV A Gateway Set system password ES Tee po Software Ne View details 5 29 116 1 eval QIamsadS NAGEBIADPAR PARES RPMELATRRRAS RINT EIE SET OUS FERRE Set Up Run the System Setup Run System Setup Wizard Wizard 3 Password Not Set Broadband Link Unprovisioned Connection Speed Incoming 3006 kbps View summary Outgoing 511 kbps pa NG Home Network View the home network Computers oo swang2 192 168 1 64 amp wgr MAIN g capricorn g jrindegard Figure 1 System Summary Page System Tab Network at a Glance Panel The Network at a Glance panel provides a summary of the System Broadband Link and Home Network states of your gateway Network at a Glance
138. server DSL modem and DSL control module DSL hardware Ethernet device Ethernet to ATM bridge 1483 Firewall GPIO general purpose input output device Wireless access point daemon HPNA interface HTTP daemon Initd daemon logs for application contro IP firewall session JTAG device Kernel accounting Kernel event log module Memory PPP kernel network module PPPoA kernel network module PPPoE kernel network module Thread locking Thread LED device Link Manager daemon logs for module Login application Lightweight data protocol VoHPNA Hardware watchdog Machine signal related DNS server Management and Diagnostic Console 124 Filter netdev nodesd pdump pkg pki ppp reset rpcd rtatm scc sip sntpc stream syslog system ulib usbd usbhost vlan voh voiced voip vr vrsip wave Description Network device core Network device status daemon Packet dump used for debugging Package management Public Key Infrastructure subsystem Point to Point Protocol daemon Reset switch driver RPCD daemon logs for CMS interaction Routed ATM driver Voice SLIC drivers SIP Network time client Stream network core Syslog daemon System level Configuration libraries USB device USB host Virtual LAN VoHPNA driver Voice daemon Voice over IP Voice router Voice SIP module Wireless device Management and Diagnostic Console 125 Glossary A Access Point A device that transports data
139. since the last establishment To reset the DSL statistics click the Reset button 67 Management and Diagnostic Console Broadband Link Configuration Page The Broadband Link Configuration page allows you to modify specific broadband connection settings e H gwusr Management and Diagnostic Console System Summary WARNING Broadband Link Modifying the settings on this page can impact the ability of computers on the local network to access your Summan broadband connection Modifications may also affect broadband enabled applications and services running on the local network Statistics Detailed Statistics A DSL and ATM Settings Configure DSL Line Selection Line 1 inner pair Local Network ATM Circuit Identifier VPI Jo VCI ss Stati ue ATM Encapsulation Bridged LLC v Statistics ATM PVC Search Enabled C Disabled z 5 A EU pM AA Wireless Internet Connection Settings Connection and Authentication Broadband connection Enabled C Disabled Firewall Connection Type Direct IP DHCP or Static Y Settings v aan Detailed Information panama Advanced Settings Password Confirm Password You must enter a username and password if you select PPPoE or PPPoA PPP on Demand o Minutes Entering a value of zero enables a connection with no timeout Internet Connection Settings Hardware Address Override Use the built in hardware address Override the built in hardware address
140. sion path data must follow between devices on the gateway network Figure 49 MDC Advanced Static Routes Page 2WRE System Summary Broadband Link Summary Statistics Detailed Statistics Configure Local Network Status Statistics Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Loq Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Management and Diagnostic Console Advanced Static Routes Define a Static Route Subnet IP Subnet Mask Gateway IP Route List Subnet IP 127 0 0 1 192 168 1 254 208 35 230 176 208 35 230 176 208 35 230 128 192 168 1 0 127 0 0 0 0 0 0 0 To define a static route 1 2 C Ca C ADD Subnet Mask Gateway 255 255 255 255 127 0 0 1 255 255 255 255 192 168 1 254 255 255 255 255 208 35 230 176 255 255 255 255 208 35 230 190 255 255 255 192 208 35 230 176 255 255 255 0 192 168 1 254 255 0 0 0 127 0 0 1 0 0 0 0 208 35 230 190 Interface 100 bridged bridge1 bridged bridget bridged 100 bridge1 In the Subnet IP field enter the IP address of the network to which you want to confi
141. so that the computers can share programs and files MAC Media Access Control Address A hardware address that has been embedded into the network interface card NIC by its vendor to uniquely identify each node or point of connection of a network Map to Host Port When set not left blank or set to O this value provides the mapping offset to the local computer For example if this value is set to 4000 and the range being opened is 100 to 108 the forwarded data to the first value in the range will be sent to 4000 Subsequent ports will be mapped accordingly 101 will be sent to 4001 102 will be sent to 4002 etc MTU maximum transmission unit The largest size packet or frame specified in octets eight bit bytes that can be sent from a computer to the network The Internet s TCP uses the MTU to determine the maximum size of each packet in any transmission If the MTU is too large the packet may need to be retransmitted if it encounters a router that can t handle that large a packet Too small an MTU size means relatively more header overhead and more acknowledgements that have to be sent and handled Most computer operating systems provide a default MTU value that is suitable for most users In general Internet users should follow the advice of their Internet service provider ISP about whether to change the default value and what to change it to NAT Network Address Translation Enables a LAN to use one set of IP addresses for intern
142. ssociate Server Broadband Link Associate the Line with a Server Summary Line 1 4088569325 profile 1 gt Statistics Line 2 2wire2 Detach the line from any profile Configure SUBMIT Local Network Status Statistics Device List Configure Firewall Settings Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association 6 Choose a line and associate it with a server from the pull down menu If applicable repeat the process with another VoIP line Click SUBMIT 90 Management and Diagnostic Console 7 The Voice Server Summary page displays Active profiles are listed as are Line Profile associations To make any changes return to the previous step e 2WRE System Summary Broadband Link Summary Statistics Configure Local Network Status Statistics Device List Configure Firewall Settings Detailed Information Advanced Settings Voice Statistics Summary Configure Server Configure Line Association Management and Diagnostic Console Voice Server Summary Active Profiles profile 1 Line Profile Associations Line 1 4088569325 is associated with this active profile profile 1 Line 2 2wire2 is detached from any profile 91 Troubleshooting DSL Diagnostics Page Management and Diagnostic Console The Troubleshooting DSL Diagnostics page disp
143. ssword whenever you change system settings Click the Privacy policy link to review the 2Wire privacy policy Note For additional information refer to Setting a System Password on page 7 Broadband Link Area of the Network at a Glance Panel The Broadband Link area of the Network at a Glance panel displays the overall status of your gateway s physical connectivity The diamond symbol in this area indicates the overall status of the broadband link and corresponds to the Internet light on the front of your gateway The following table shows a list of possible BROADBAND LINK light states and their associated meanings Broadband Link Light Condition Off The gateway has been unable to detect a DSL signal DSL signal detected the gateway is attempting to train Solid Green The gateway is fully connected to your broadband service s Connection Speed displays the broadband speed for which DSL is configured by your ISP Both the Incoming or Downstream from your service provider to your system and Outgoing or Upstream from your system to your service provider connection rates are shown The actual throughput of your Internet connection rate such as downloading a file from a Web site will be somewhat less because of the overhead required to send information over the Internet Accessing the Broadband Link Summary Page The Broadband Link Summary page provides general information about the current status of yo
144. st restarted and the elapsed time since the last line search initialization The number of DSL loss of signal failures since the 2Wire gateway was last restarted and the elapsed time since the last loss of signal failure The number of DSL loss of power indications from the ATU C since the 2Wire gateway was last restarted and the elapsed time since the last loss of power indication The number of DSL loss of margin failures at current data rate since the 2Wire gateway was last restarted and the elapsed time since the last loss of margin failure The number of cumulative errored seconds since the 2Wire gateway was last restarted and the elapsed time since the last error 66 Item Cumulative Sec w Severe Errors Corrected Blocks Uncorrectable Blocks DSL Unavailable Seconds ISP Connection Establishment Management and Diagnostic Console Description The number of severely errored seconds since the 2Wire gateway was last restarted and the elapsed time since the last severely errored second The number of corrected DSL superframes that had data errors detected during reception The number of uncorrected DSL superframes that had data errors detected The number of unavailable seconds modem downtime since the 2Wire gateway was last restarted and the elapsed time since the last unavailable second The number of times the ISP connection was established since the statistics were last reset and the elapsed time
145. stem Password Date and Time Settings Details fr HOME Site Map Edit System Password Settings Current Settings Password Protection f No Password Set Check ENABLE to require a password to modify settings 5 The system password allows you to 3 control who can change settings on m the system If Password Protection Is Enabled Enter New Password Confirm New Password When you choose to password protect the system settings you should also set up a password hint This hint can be a word phrase or question that will help you remember your password if you forget it Your password should be something unique that others cannot easily guess Likewise your hint should be something simple that reminds you what your password is without making it obvious to others Enter Your Hint SAVE CANCEL Figure 3 Edit System Password Page 1 Inthe Settings panel click the Enable checkbox 2 In the Enter New Password field enter your password 3 In the Confirm New Password field re enter your password 5 Optional In the Enter Your Hint field enter a hint A hint is a word phrase or question that reminds you what the password is There is an forgot the password link on the password entry page When you click this link it shows you your hint and allows you to enter your password Click SAVE System Tab To disable password protection deselect the Enable checkbox and click SAVE To safeguard your network against unaut
146. sure of the uncancelled echo Indicates the difference between the gateway s and the DSLAM port s crystal frequency in parts per million ppm Indicates the current receive gain settings which will depend on the length of the DSL line Indicates the number of compensation tones on which impulse noise is detected Reviewing Bitloading The Bitloading pane shows the bits loaded per tone for the upstream tones 6 to 31 and downstream tones 32 to 255 spectrum A single hex digit for each tone shows the numeric values O to F in addition to the bar graph depiction 96 Management and Diagnostic Console Troubleshooting Event Log Page The Troubleshooting Event Log page displays all security related events for the broadband and local network Log information is stored in an 8 KB buffer When the buffer is full the oldest items are purged from the log You can also clear the log contents by clicking the Clear Log button H EWRE Management and Diagnostic Console System Summary Troubleshooting Event Log cysten m riser i ace AA ANA E T Summary CLEAR LOG Statistics Type Date Time Event Description Detailed Statisti bira INF P0000 00 00T00 00 18 sys Wireless SSID set to 2WIREO24 Configure INF P0000 00 00T00 00 18 sys Wireless authentication set to Open Local Network INF P0000 00 00T00 00 18 sys Wireless encryption set to WEP Status INF P0000 00 00T00 00 18 sys Wireless Key set INF P0000 00 00T00 00 18 sys Wi
147. t 75587 session table 1018 1024 available 0 512 used in inbound sessions sess 305 bkt 3 flags 0x00000190 proto 17 cnt 174 1 208 35 230 176 49185 f 204 117 214 10 53 n 208 35 230 176 49185 1nd 0 0 fnd 44 0 last used 75112 max idle 600 sess 306 bkt 3 flags 0x00008190 proto 17 cnt 120 1 208 35 230 176 49185 f 199 2 252 10 53 n 208 35 230 176 49185 lnd 0 0 fnd 44 0 last used 75112 max idle 600 sess 349 bkt 103 flags 0x00000190 proto 17 cnt 2 1 208 35 230 176 61557 f 204 117 214 10 53 n 208 35 230 176 61557 lnd 0 0 fnd 44 0 last used 75329 max idle 600 sess 9 bkt 166 flags Ox00008190 proto 17 cnt 842 1 208 35 230 176 68 f 10 1 0 201 67 n 208 35 230 176 68 lnd 0 0 fnd 44 0 last used 75479 max idle 600 sess 347 bkt 216 flags 0x000001a1 proto 17 cnt 4 1 192 168 1 65 1189 f 10 0 0 112 53 n 208 35 230 176 1189 Ind 51 0 fnd 0 0 last used 75166 max idle 600 sess 348 bkt 216 flags Ox000081a1 proto 17 cnt 3 1 192 168 1 65 1189 f 10 0 0 113 53 n 208 35 230 176 1189 Ind 51 0 fnd 0 0 last used 75166 max idle 600 TCP Redirection Redirection to DISABLED unknown empty Figure 37 MDC Firewall Detailed Information Page Pinholes Back to Top A pinhole is a configuration setting in the firewall that allows access to specific services running on the network For example for users outside the network to access a specif
148. t can communicate on the Internet This address is assigned to you by your Internet Service Provider for all communication on the Internet and can either be Static permanently assigned and manually entered or Dynamic automatically assigned and configured depending on your subscribed service type Hardware Address Also known as the MAC address physical address or if you are a cable customer the C number When your gateway is connected to the broadband network an association is made between its unique hardware address and its Internet address before it can communicate to the Internet Note This field displays the hardware address only if the gateway is connected to the Internet via PPPoE Key Code The activation code that tells your gateway how to connect to your service provider The key code is used during the installation process to customize the setup screens and settings for your broadband provider Finding Your Hardware Address If required to find your Hardware MAC address refer to the following table and follow the instructions for your operating system Windows OS 1 Click the Start menu 2 Click Run 3 Enter cmd in the entry field 4 Click OK 5 At the C gt prompt enter ipconfig all 6 Locate the Physical address for example 01 24 H5 18 B3 00 7 To close the window enter exit at the C gt prompt Macintosh 8 x amp 9 x 1 Click the Apple icon 2 Select
149. t cases the default value is appropriate 6 In the Map to Host Port field enter the value that provides the mapping offset to the local computer For example if this value is set to 4000 and the range being opened is 100 to 108 the forwarded data to the first value in the range will be sent to 4000 Subsequent ports will be mapped accordingly 101 will be sent to 4001 102 will be sent to 4002 etc 7 From the Application Type pull down menu select the application type None Default File Transfer Protocol FTP Microsoft Games H 323 based Internet telephony IRC Internet relay chat server or PPTP virtual private network server 8 Click the Add Definition button 9 Repeat the previous step for each port or range of ports required for the application profile 82 Management and Diagnostic Console Allowing all applications DMZplus is used for hosting applications if an application will not operate properly using the Allow individual application s option When in DMZplus mode the designated computer Shares the gateway s IP address Appears as if it is directly connected to the Internet Has all of the unassigned TCP and UDP ports opened and pointed to it Can receive unsolicited network traffic from the Internet To configure a computer on the user s network for DMZplus mode 1 Select the computer to which the user wishes to have all data sent 2 Click the Allow all applications DMZplus mode radio button 3
150. t is used for hosting applications if you cannot get an application to work properly using the Allow individual application s option When in DMZplus mode the designated computer Shares your gateway s IP address Router Address Appears as if it is directly connected to the Internet Has all of the unassigned TCP and UDP ports opened and pointed to it Can receive unsolicited network traffic from the Internet Although the computer in DMZplus mode appears to Internet users as though it is directly connected to the Internet it is still protected by your system firewall All traffic is inspected by the firewall s Stateful Packet Inspection engine and all known hacker attacks continue to be blocked 42 Firewall Tab Because all filtered traffic is forwarded to the designated computer you should use DMZplus mode with caution A computer in DMZplus mode is less secure because all available ports are open and all incoming Internet traffic is directed to this computer To configure DMZplus Open a Web browser and access the 2Wire gateway user interface by entering http gateway 2Wire net Click the Firewall tab Click the Firewall Settings link under the tab to open the Edit Firewall Settings page awrr 9 9 23 5 S Broadband Home Voice Firewall ystem Link Network Network Summary Firewall Settings Advanced Settings ff HONE sto map Edit Firewall Settings Settings By default the fire
151. t restarted and the elapsed time since the last loss of signal failure The number of DSL loss of power indications from the ATU C since the 2Wire gateway was last restarted and the elapsed time since the last loss of power indication The number of DSL loss of margin failures at current data rate since the 2Wire gateway was last restarted and the elapsed time since the last loss of margin failure The number of cumulative errored seconds since the 2Wire gateway was last restarted and the elapsed time since the last error The number of severely errored seconds since the 2Wire gateway was last restarted and the elapsed time since the last severely errored second The number of corrected DSL superframes that had data errors detected during reception The number of uncorrected DSL superframes that had data errors detected The number of times the ISP connection was established since the statistics were last reset and the elapsed time since the last establishment Using Advanced Settings The Advanced Settings page allows you to manually configure your DSL and Internet connection settings Typically these settings are automatically provided by your service provider You should adjust these settings ONLY if you are very familiar with DSL and networking technology To access the Broadband Link Advanced Settings page Broadband Link Tab Open a Web browser and access the gateway user interface by entering http gateway 2
152. ted wire and cable at speeds of up to 10 Mbps ICMP Internet Control Message Protocol ICMP supports packets containing error control and informational messages For example the PING command uses ICMP to test an Internet connection Although ICMP is generally harmless there are some message types that should be dropped Redirect 5 Alternate Host Address 6 and Router Advertisement 9 can be used to redirect traffic from your site Echo 8 Timestamp 13 and Address Mask Request 17 can be used to obtain information on whether the host is up the local time and the address mask used on your network respectively ICMP messages are also sometimes used as part of DOS attacks such as flood ping or ping of death Invalid TCP flags Combination of TCP flags such as SYN FIN that signal a malicious attempt to get past the firewall IP Internet Protocol The standard signaling method used for all communication over the Internet 126 Glossary IP Address A numeric identifier for your computer Just as the post office delivers mail to your home address servers know to deliver data to your computer based on your IP address IP addresses can be dynamic meaning that your computer borrows the IP address for the necessary timeframe or they can be fixed meaning that the number is permanently assigned to your computer L LAN Local Area Network A network connecting a number of computers to each other or to a central server
153. tency path Bitloading Marr HE E E E EE E N POPUP PEEP PEEP PEEP ELEEEEEEEEEEEEEEEEE EE ELE eee VELLE E E EF FG FG GG L WOO nananana WO Waaa WAN WAN WON WON WON 0000000895AREESECCCCCCCESAAAS8800000000677878898395595A95 1 D 1 o ie a2 ae Figure 40 MDC Troubleshooting DSL Diagnostics Page Ok Ok Ok Ok Ok Attn 0 6 212 77 CRCs 0 1 128 FECs 0 INP 0 00 1 per DLY 0 25 Upstream Rate 864 1 160 Max 1056 1 ne M 4 WAAAH OOOO EE EEE EE O EE EE E E KEE EEEE EEEE EEEE E EEE EEEE EEE EEEE EEE EE EE WOAH HAHAHAHAHAHAHA HHEEEEEEEEEEEEEEEEEEE FEE EE ELLE EFE EE LEE EE EEEEEEE EE EB EEE EE EEEEL ELE eee eee HREEEEEELEEEEEEEEEEEL ELE ELLE ELE Oe EE ELE ELLE EE EL EE EE ELE ELE LEE ELE ELE EE EEEEE ELE LEE E LEE LEE ELLE ELLE ELE ELE LEE ELE ELE ELE LEE LL N WAAAH EE ELE LEE ELE EE EE EEEEEEE EE EET E LEE EE ELE EEE ELE EE EE EFE ELE EE EE ELE EE EE EFE ELE LEE EE ELLE ELE ELE ELE EE EE ELE ELE 1 EEEE EEEE EE EE EE ELLE ELE EFE LEE EE LEE ELE EF ELE EE LEGE EFE ELE EE EEEE EEE E EEE ELLE EE ELLE EE ELE EE ELE LEE LEE LL G N EEEE EEEE EEE EEEE EEEE EE ELLE ELE ELLE E EE LEE LEE LEE EFE LEE EE EE EE ELLE EE EEEE LEE EE ELE ELE EE EE LEE LEE E L N VHHEEEEEEEEEEEEEEEEEEEEEEE EE EE BEL EE EE ELE ELLE EE EFE ELLE EE EFE FEE EE EE LE ELE ELLE EE 1 1 EE EE EE ELLE ELE ELE ELE ELE ELE ELE E ELLE LE E L 1 92 Analyzing General Information Management and Diagnostic Console The General Infor
154. traffic Allow individual application s Choose the application s that will be enabled to pass through the firewall to this computer Click ADD to add it to the Hosted Applications list All applications i Hosted Applications Age of Empires a Age of Kings Age of Wonders Aliens vs Predator ADD Anarchy Online Asheron s Call Baldur s Gate REMOVE BattleCom Battlefield Communicator Black and White xl l Add a new user defined application Allow all applications DMZplus mode Set the selected computer in DMZplus mode All inbound traffic except traffic which has been specifically assigned to another computer using the Allow individual applications feature will automatically be directed to this computer The DMZplus enabled computer is less secure because all unassigned firewall ports are opened for that computer Note Once DMZplus mode is selected and you click DONE the system will issue a new IP address to the selected computer The computer must be set to DHCP mode to receive the new IP address from the system and you must reboot the computer If you are changing DMZplus mode from one computer to another computer you must reboot both computers SUBMIT Settings co Back to Top Figure 35 MDC Firewall Settings Page The Firewall Settings page allows you to configure the firewall to pass through specific application data to a selected computer 80 Management and Diagnostic Console
155. type select None Default Click ADD DEFINTION to add the values to the profile definition list Click DONE Repeat these steps for each port or range of ports required for the application profile To edit or delete an application profile Open a Web browser and access the 2Wire gateway user interface by entering http gateway 2Wire net Click the Firewall tab Click the Firewall Settings link under the tab to open the Edit Firewall Settings page 41 Firewall Tab In the Applications panel click the Edit or delete user defined application link The Select a Hosted Application page opens iN m ex sewer 9 7 P x om ystem ink Network Network Summary Firewall Settings Firewall Monitor FirewallLog Advanced Settings fr HOME Help Site Map Select a User Defined Application Applications Choose an application from the list below Click EDIT to change the protocol and port information Click DELETE to remove this from your user defined list EDIT DELETE DONE Figure 19 Select a Hosted Application Page 1 Inthe User Defined Application Profiles panel highlight the application you wish to edit or delete f To edit the application profile click EDIT The Edit Application screen appears Make the necessary changes to the application profile and click DONE g To delete the application profile click DELETE Allowing all Applications DMZplus DMZplus is a special firewall mode tha
156. ult state Doing so will remove all your configuration settings and requires 2Wire gateway software reinstallation records from the Upgrade History page and delete all provisioning firewall and Enhanced Warning Resetting the 2Wire gateway to an unprovisioned default state will clear all update Services configuration settings 104 Management and Diagnostic Console Advanced Syslog Settings Page The Advanced Syslog Settings page allows users to maintain a history of security events greater than the capacity of the 2Wire gateway by enabling a syslog server Note Use of this feature requires a UNIX or Linux computer running a syslog daemon EMMAIRTI Management and Diagnostic Console System Summary Advanced Syslog Settings sew Settings Broadband Link Enable Syslog E summ Server Location Statistice Server Port s14 Optional Default 514 Detailed Statistics Enable Throttling r Configure Limit Logging to o logs per second Local Network Status Statistics Device List Wireless Configure Firewall Settings Detailed Information Advanced Settings Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Mana
157. ur broadband link connection and your system configuration To access the Broadband Link Summary page click the Broadband Link icon or the View summary link Launching the 2Wire Bandwidth Meter The Bandwidth Meter measures the maximum data throughput obtained from 2Wire s Web site to your system Because it tests the speed over the Internet your results may vary depending on Internet conditions To launch the 2Wire Bandwidth Meter click the Test connection speed link Home Network Area of the Network at a Glance Panel The Home Network area of the Network at a Glance panel displays your system s LOCAL NETWORK light status and a list of the devices currently connected to your local network System Tab The diamond symbol in this area indicates the overall status of the network and corresponds to the Ethernet USB or Wireless light on the front of your gateway Ethernet USB or Wireless Light Condition Off The gateway is powered off or booting up Solid Green Device s connected via Ethernet USB or Wireless Accessing the Home Network Summary Page The Home Network Summary page displays information about the devices installed on your network To access the Home Network Summary page click the View the home network link Enabling Enhanced Services 2Wire provides a suite of enhanced services Web Remote Access Firewall Monitor and Parental Controls If your service provider offers these enhanced services links to set the
158. ur VoIP services and is used primarily for test purposes 2WRE System Summary Broadband Link Summary Statistics Configure Statistics Device List Detailed Information Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Management and Diagnostic Console Voice Configure Server Edit VolP Settings Profile 0 O EDIT Profile Name profile 1 VOIP Service Type SIP Server IP Address Server Port 5060 Domain Register Expire Time 3600 Register Retry Interval 300 Use 11 digit DIDs E Show CID Names Ld Require Authentication v SUBMIT Figure 39 MDC Voice Configure Server Page 88 Management and Diagnostic Console The Edit VolP Settings panel displays the current SIP settings and allows you to edit the settings The following table describes the fields Server IP Address Corresponds to the SIP proxy address Port Corresponds to the SIP proxy destination port Number of Lines Displays the number of lines allowed on the gateway End Point Domain Displays the IP domain of the SIP endpoint Register Expire Time Displays the default expiration i
159. ur gateway Advanced Settings Voice Summary Configure Server Configure Line Association Troubleshooting DSL Diagnostics Event Log Network Tests Upgrade History Resets Advanced Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Figure 44 MDC Troubleshooting Resets Page The Clear button in the Local Network field clears all devices from the Local Network list Doing so will change the configuration settings and may affect 2Wire gateway operation because it removes all devices such as computers from your network The Reset button in the DSL Connection field retrains the 2Wre gateway s DSL connection The Reset button in the ISP Connection field resets the PPP connection and or releases and renews the broadband IP address 103 Management and Diagnostic Console The Reset button in the Broadband Link field allows you to reset the 2Wire gateway broadband link For 2Wire gateway models with a DSL connection this means the DSL connection is reset The Reset button in the Gateway field allows you to restart the 2Wire gateway During 2Wire gateway restart the Troubleshooting page cannot be accessed until the 2Wire gateway completely restarts and the connection is reestablished The Reset button in the to Factory State field resets the 2Wire gateway to an unprovisioned defa
160. ures below Block Ping Strict UDP Session Control Inbound and Outbound Control Checking the box allows the associated traffic type through the firewall Outbound Inbound v HTTP Remote Management HTTPS NetBlos MAP v Tenet v sure ons C NetBios v P0P3 v MAP NNTP v Rc v 8323 v All Other Protocols SAVE gt CANCEL f RESTORE DEFAULTS 1 Inthe Security pane click the Block Ping checkbox 2 Click SAVE 49 Firewall Tab Strict UDP Session Control Enabling this feature provides increased security by preventing the 2Wire gateway from accepting packets sent from an unknown source over an existing connection Strict UDP instructs the 2Wire gateway to be more restrictive about what packets are allowed to transmit over an established connection from a local network computer to the Internet In addition to relying on information about the destination 3 tuple the 2Wire gateway will also use information about the source of the connection 5 tuple Note The ability to send traffic based on destination only is required by some applications Enabling this feature may not allow some on line applications to work properly To enable strict UDP session control Open a Web browser and access the 2Wire gateway user interface by entering http gateway 2Wire net Click the Firewall tab Click the Advanced Settings link under the tab to open the Edit Advanced Firewall Settings page
161. uring MAC Filtering The Media Access Control MAC address is a unique number assigned to computer hardware When setting up your network you can set your Wireless Broadband Router to give access only to certain MAC addresses By doing so you limit access only to your computer hardware and no one else s 1 Inthe MAC Filtering pane click the EDIT MAC FILTERING button The Wireless MAC Filtering page opens owre 959 amp Broadband Home Voice R Firewall Link Network Network Summary Wireless Settings Advanced Settings 49 HOME Site Map Wireless MAC Filtering Settings Select Devices to be Allowed or Blocked Select the devices by listed name or MAC Address that you want to block or allow onto your wireless network Note Manually added devices will automatically appear in BLOCKED DEVICES if MAC filtering is enabled Click Here to Enable Disable this Feature CI ENABLE Tip To discover new devices to be added disable the MAC Filtering feature for one minute then refresh this page Once new devices are listed re enable the MAC Filtering feature and modify the list below ALLOWED DEVICES BLOCKED DEVICES DELETE DEVICE Add New MAC Address to List Manually Add MAC Address ADD TO UST Note Use xXx Xx xXx xx xx xx format save CANCEL 2 Click the Enable checkbox 3 The MAC addresses of devices on your network appear in the ALLOWED DEVICES field To block specific devices from accessin
162. urrent 2Wire gateway software version Upgrade Log The initial software version and a record of the last 10 upgrades 102 Management and Diagnostic Console Troubleshooting Resets Page Note To access this page your network must have the Remote Management feature enabled A If the feature is not enabled an error message will display when you click the link to access this page The Troubleshooting Resets page allows you to reset various components associated with the 2Wire gateway network EWR Management and Diagnostic Console system Summary Troubleshooting Resets Broadband Link CLEAR Local Network Clears all devices from your Local Network list Network devices will appear in Summary mE the list as they are re discovered Statistics N RESET DSL Retrains your DSL connection on the same line Detailed Statistics Connection Configure RESET ISP Resets your PPP connections and or releases and renews your broadband IP Local Network Connection address Stat RESET Broadband Reestablishes your broadband link Statistics Link kag Reboot 2700HGV RESE r Wireless ESET 2700HGV eboots your Configure RESET to Factory Warning Resets configuration parameters State Firewall Settings Note These actions are for diagnostic and troubleshooting purposes only Some actions will change configuration Detailed Information settings and will affect the operation of yo
163. us 82 805 8 21 00 801 022 02 004 0104 0190 Search Type ver o vor Enca snd maa 10 paese 9 tage Drusi 6 10 cp rmosd 15 parenta 30 age D kan evel 0 gt 10 binayad mosa 16 parenta 2 Rage O nere b gt 19 macadar n warno heme 1 T pi rj unten rene ri ma macao ferat Tut TRUE TRUE TRUE TRUE TRUE oF on on on on on Pap genae cres Des comer tanta egeton acad comte nants regis sen regios comhpupgasethaaLiparades co Due comnpupgaseshewtingrates 0 ap use 2wr com NAG eaten ay crea wi CommerpatewarPauacyP tic 80 NAG eaten ty oma Pata condat otra NANO TRUE TRUE se pm Napa Npa 8 29 31 conte crea Daire com 240 2 492 2242 0279 48274 8962 2241 9378 can Aces ona Dotre com 2428 o un 24282424 KLL HTTP KALL HTTPS KILL FTP KILL TELNET KILL SUTP KLONA KLL POP KLL RAP KL JNTP WILL C KL 023 LL METISOS ROLL OTHER outbound KLi METINOS params tie ped cer mm t maos sot kaa og GF Figure 46 MDC Advanced Provisioning Information Page 106 Management and Diagnostic Console The gateway provisioning parameters are dynamic and vary depending on the software version that the gateway is running Module Configuration Configuration parameters for modules listed in the Advanced Link Manager States page The parameters are set by broadband provisioning UI Param Configuration Configuration parameters that affect the user interface and user interact
164. wall blocks all unwanted access from the Internet You can allow access from the Internet to applications running on computers inside your secure home network by enabling firewall pinholes Opening firewall View firewall details pinholes is also known as opening firewall ports or firewall port forwarding To do this associate the desired Reset all firewall settings application with the computer below If you cannot find a listing for your application you can create a user defined application profile To create a user defined profile you will need to know protocol and port information To Allow Users Through the Firewall to Hosted Applications Select a computer Choose the computer that will host applications through the firewall swang2 v a Edit firewall settings for this computer O Maximum protection Disallow unsolicited inbound traffic O Allow individual application s Choose the application s that will be enabled to pass through the firewall to this computer Click ADD to add it to the Hosted Applications list All applications Mi Hosted Applications Age of Empires Age o Kings I Age of Wonders Aliens vs Predator Anarchy Online Asheron s Call Baldur s Gate Battlefield Communicator Black and White M Add a new user defined application O Allow all applications DMZplus mode Set the selected computer in DMZplus mode All inbound traffic except traffic which has
165. way software release The MDC pages shown in this chapter are for 2Wire gateways running software release 4 21 x If your gateway is running a software release earlier than 4 21 x some of these pages may not be available Accessing the MDC To access the MDC from your in home or office network enter the following URL http gateway 2wire net management Using the MDC After you access the Management and Diagnostic Console a navigation bar allows you to quickly select pages on the site The navigation bar consists of the following links Group Link Summary System Summary Broadband Link Summary Statistics Detailed Statistics Configure Local Network Status Statistics 54 Group Local Network Firewall Voice Troubleshooting Advanced Link Device List Wireless Configure Settings Detailed Information Advanced Settings Summary Configure Server Configure Line Association DSL Diagnostics Event Log Network Tests Upgrade History Resets Syslog Settings Provisioning Info Configure Time Services Configure Services Static Routes DNS Resolve Traffic Shaping Link Manager Detailed Log Management and Diagnostic Console Note The link groups that display are dependent on the 2Wire gateway model For example DSL Diagnostics will display only if a user has a gateway that connects to the Internet via DSL 55 Management and Diagnostic Console System Summary Page The System Summary page
166. wire net Click the Broadband Link tab Click the Advanced Settings link under the tab to open the Broadband Link Advanced Settings page am EMO V 2 SK EWR Broadband Home gt Voice 3 Firewall Link i System Hasan Gan Tia E fr HONE site Map Broadband Link Advanced Settings WARNING AN Moditying the settings on this page can impact the ability of computers on the local network to access your broadband connection Modifications may also affect broadband enabled applications and services running on the local network Settings Broadband Type Broadband Type Automatic Ethernet DSL After changing the broadband type you must reboot the gateway and configure your broadband settings again if they were altered from the default configuration UPDATE DSL and ATM Settings DSL Line Selection Automatic v ATM Circuit Identifier VPI 0 VCI 35 ATM Encapsulation Bridged LLC v ATM PVC Search Enabled Disabled Broadband Network Broadband Connection Broadband IP Connection Type Direct IP DHCP or Static V Obtain IP address automatically O Manually configure IP address settings sii IP Address Username Subnet Mask Password Default Gateway Confirm Password You must enter a username and password and confirmation password if you onm DN select PPPoE or PPPo
167. y a computer either a personal computer used by a household member or a 25 Home Network Tab computer that is dedicated to a specific use such as a Web server that hosts online games The status of each device is shown in the Local Devices list in your 2Wire gateway user interface Each device on your home network is represented with a computer icon a If the show inactive devices option is enabled and the device becomes inactive wy because it is powered off or removed from your network this icon will display as Inactive lt j Inactive Note For additional information refer to Showing a Device as Inactive on page 34 A symbol next to the device shows how it is connected to your home network Ethernet USB Wireless If you defined a name for your computer during System Setup or when your computer was set up the name displays next to the device However there are two instances where the device name will not appear If your computer was manually configured with a static IP address the static IP address displays instead of the computer s name If you have not named the device but it still obtains its Internet address from the system the word Unknown displays You can change the name of the device so that it will display in the system user interface by clicking the Change name link If you have configured the firewall to allow information from the Internet to pass through to the computer also
Download Pdf Manuals
Related Search