Netopia 4553 - Manual

1-10 User’s Reference Guide How to use this guide In addition to the simple documentation contained in the accompanying Getting Star ted Guide , this guide is designed to be your single source for information about your Netopia 4553 G.shdsl Router. It is intended to be viewed on-line, using the powe...

Making the Physical Connections 2-11 C C C C h h h h aa a a p p p p tttt ee e e rrrr 2 2 2 2 M M M M aa a a kk k k iiii n n n n g g g g tttt h h h h ee e e P P P P h h h h yyy y ssss iiii cccc aa a a llll C C C C o o o o n n n n n n n n ee e e cccc tttt iiii o o o o n n n n ssss This section tells y...

2-12 User’s Reference Guide You will need: ■ A Windows 95 or 98–based PC or a Macintosh computer with Ethernet connectivity for configuring the Netopia. This may be built-in Ethernet or an add-on card, with TCP/IP installed and configured. See “Sharing the Connection” on page 3-15 . ■ A G.shdsl wall...

Making the Physical Connections 2-13 3. Connect the Ethernet cable to the Ethernet por t on the router and the other end to your computer. You should now have: the power adapter plugged in; the Ethernet cable connected between the router and your computer; and the DSL cable connected between the rou...

Sharing the Connection 3-15 C C C C h h h h aa a a p p p p tttt ee e e rrrr 3 3 3 3 S S S S h h h h aa a a rrrr iiii n n n n g g g g tttt h h h h ee e e C C C C o o o o n n n n n n n n ee e e cccc tttt iiii o o o o n n n n Once you have set up your physical local area network, you will need to confi...

3-18 User’s Reference Guide 4. Click OK in this window and the next window. When prompted, reboot the computer. Note: You can also use these instructions to configure other computers on your network with manual or static IP addresses. Be sure each computer on your network has its own IP address. Cli...

Sharing the Connection 3-19 Configuring TCP/IP on Macintosh Computers The following is a quick guide to configuring TCP/IP for MacOS computers. Configuring TCP/IP in a Macintosh computer requires the following: ■ You must have either Open Transpor t or Classic Networking (MacTCP) installed. Note: If...

3-20 User’s Reference Guide Static configuration (optional) 3. In the TCP/IP window or in the MacTCP/More window, select or type information into the fields as shown in the following table. 4. Close the TCP/IP or MacTCP control panel and save the settings. 5. If you are using MacTCP, you must restar...

Sharing the Connection 3-21 Note: You can also use these instructions to configure other computers on your network with manual or static IP addresses. Be sure each computer on your network has its own IP address. More information about configuring your Macintosh computer for TCP/IP connectivity thro...

Connecting to Your Local Area Network 4-23 C C C C h h h h aa a a p p p p tttt ee e e rrrr 4 4 4 4 C C C C o o o o n n n n n n n n ee e e cccc tttt iiii n n n n g g g g tttt o o o o Y Y Y Y o o o o u u u u rrrr LLL L o o o o cccc aa a a llll A A A A rrrr ee e e aa a a N N N N ee e e tttt w w w w o o...

4-24 User’s Reference Guide Once the Netopia 4553 is properly configured and connected to your LAN, PC and Macintosh computers that have their required components in place will be able to connect to the Internet or other remote IP networks. Connecting to an Ethernet network The Netopia 4553 suppor t...

5-26 User’s Reference Guide may be using the router to connect to more than one ser vice provider or remote site. ■ The System Configuration menus display and permit changing: ■ IP setup. See “IP Setup” on page 8-64 . ■ Filter sets (firewalls). See “Security” on page 11-151 . ■ IP address ser ving. ...

5-28 User’s Reference Guide Launch your terminal emulation software and configure the communications software for the values shown in the table below. These are the default communication parameters that the Netopia 4553 uses. Navigating through the console screens Use your keyboard to navigate the N...

Easy Setup 6-29 C C C C h h h h aa a a p p p p tttt ee e e rrrr 6 6 6 6 E E E E aa a a ssss yyy y S S S S ee e e tttt u u u u p p p p This chapter describes how to use the Easy Setup console screens on your Netopia 4553. After completing the Easy Setup console screens, your router will be ready to c...

6-30 User’s Reference Guide A screen similar to the following Main Menu appears: If you do not see the Main Menu, verify that: ■ If you are using a serial connection, that your serial por t speed is the same as the Netopia 4553’s default 9600 baud, for first use. ■ The computer used to view the cons...

Easy Setup 6-31 The Main Menu appears. 2. Select the first item on the Main Menu list, Easy Setup . Press Return to bring up the DSL Line Configuration menu screen. DSL Line Configuration 1. Select WAN DSL Mode and from the pop-up menu choose the type of DSLAM to which you will be connecting, either...

6-32 User’s Reference Guide 3. Select a Clock Source , either Network (the default) or Internal. If you are using an ATM-based Mode, the DSL Line Configuration screen of fers additional parameters. 4. Select Data Link Encapsulation and from the pop-up menu choose either RFC1483 (the default) or PPP....

Easy Setup 6-33 If you selected Numbered, the following fields appear. ■ Select the editable field labeled Local WAN IP Address . The default address is 0.0.0.0, which allows for dynamic addressing, when your ISP assigns an address each time you connect. However, you can enter another specific addre...

Easy Setup 6-35 7. Toggle IP Address Serving to On or Of f, depending on whether you want the device’s IP address ser ver to supply dynamic IP addresses to your client workstations. Normally, you would accept the default On so that workstations on your LAN can have IP addresses assigned dynamically ...

WAN and System Configuration 7-37 C C C C h h h h aa a a p p p p tttt ee e e rrrr 7 7 7 7 W W W W A A A A N N N N aa a a n n n n d d d d S S S S yyy y ssss tttt ee e e m m m m C C C C o o o o n n n n ffff iiii g g g g u u u u rrrr aa a a tttt iiii o o o o n n n n This chapter describes how to use th...

7-38 User’s Reference Guide 1. Select WAN DSL Mode and from the pop-up menu choose the type of DSLAM to which you will be connecting, either ATM or HDLC. 2. From the Regional Setting pop-up menu, select Annex A for routers in Nor th America, Annex B for routers in Europe, or Annex C for routers in J...

WAN and System Configuration 7-39 ■ Enter a name for the circuit in the Circuit Name field. ■ Toggle Circuit Enabled to Yes. ■ Enter the Vir tual Path Identifier and the Vir tual Channel Identifier in the Circuit VPI and Circuit VCI fields, respectively. ■ Then, select a Connection Profile for the C...

7-40 User’s Reference Guide Creating a new Connection Profile For a Netopia 4553, connection profiles are useful for configuring the connection and authentication settings for negotiating a PPP connection on the G.shdsl link. If you are using the PPP data link encapsulation method, you can store you...

WAN and System Configuration 7-41 3. Select Data Link Encapsulation and press Return. The pop-up menu of fers the possible data link encapsulation methods for connection profiles used for a variety of purposes: PPP, Frame Relay, RFC1483, ATMP, PPTP, or IPsec. If you select any data link encapsulatio...

WAN and System Configuration 7-43 The default profile If you are using RFC1483 datalink encapsulation, the Default Profile screen controls whether or not the G.shdsl link will come up without an explicitly configured connection profile. (PPP datalink encapsulation does not suppor t a default profile...

WAN and System Configuration 7-45 IP parameters (default profile) screen If you are using RFC1483 datalink encapsulation, the IP Parameters (Default Profile) screen allows you to configure various IP parameters for G.shdsl connections established without an explicitly configured connection profile: ...

7-46 User’s Reference Guide Viewing scheduled connections To display a table of scheduled connections, select Display/Change Scheduled Connection in the Scheduled Connections screen. Each scheduled connection occupies one row of the table. The first column in the table shows a one-letter representat...

WAN and System Configuration 7-47 The other columns show: ■ The time of day that the connection will Begin At ■ The duration of the connection ( HH:MM ) ■ Whether it’s a recurring Weekly connection or used Once Only ■ Which connection profile ( Conn. Prof. ) is used to connect ■ Whether the schedule...

7-48 User’s Reference Guide demand call on the line. ■ Demand-Allowed , meaning that this schedule will permit a demand call on the line. ■ Demand-Blocked , meaning that this schedule will prevent a demand call on the line. ■ Periodic , meaning that the connection is retried several times during the...

WAN and System Configuration 7-49 Set Once-Only Schedule If you set How Often to Once Only , select Set Once-Only Schedule and go to the Set Once-Only Schedule screen. ■ Select Place Call On (Date) and enter a date in the format MM/DD/YY or MM/DD/YYYY (month, day, year). Note: You must enter the dat...

7-50 User’s Reference Guide Modifying a scheduled connection To modify a scheduled connection, select Display/Change Scheduled Connection in the Scheduled Connections screen to display a table of scheduled connections. Select a scheduled connection from the table and press Return. The Change Schedul...

7-52 User’s Reference Guide ting defaults to 64000, but you may modify the capacity rate if this setting will not be applicable to you. ■ The Default Bc (Bc also referred to as Committed Burst Size) represents the maximum amount of data that your Frame Relay ser vice provider agrees to transfer from...

WAN and System Configuration 7-57 System configuration screens You can connect to the Netopia 4553’s system configuration screens in either of two ways: ■ By using Telnet with the Router’s Ethernet por t IP address ■ Through the console por t, using a local terminal (see “Connecting a console cable ...

7-58 User’s Reference Guide 2. Select IP Setup and press Return. The IP Setup screen appears. To go back in this sequence of screens, use the Escape key. System configuration features The Netopia 4553 Router’s default settings may be all you need to configure your Netopia 4553. Some users, however, ...

WAN and System Configuration 7-59 IP setup These screens allow you to configure your network’s use of the IP networking protocol. ■ Details are given in “IP Setup” on page 8-64 . Filter sets (firewalls) These screens allow you to configure security on your network by means of filter sets and a basic...

7-60 User’s Reference Guide 3. Select the Router’s time zone from the Time Zone pop-up menu and press Return. 4. In the NTP Update Interval field, enter how often to synchronize with the time ser ver, using the format HHHH:MM where H is hours and M is minutes. 5. Select a System Date Format ; the op...

WAN and System Configuration 7-61 Security These screens allow you to add users and define passwords on your network. ■ Details are given in “Security” on page 11-151 . Upgrade feature set You can upgrade your Netopia 4553 by adding new feature sets through the Upgrade Feature Set utility. See the r...

7-62 User’s Reference Guide characters. ■ You can specify the UNIX syslog Facility to use by selecting the Facility pop-up. ■ Erase the log by selecting DUMP WAN LOG Installing the Syslog client The Goodies folder on the Netopia CD contains a Syslog client daemon program that can be configured to re...

8-64 User’s Reference Guide IP Setup The IP Setup options screen is where you configure the Ethernet side of the Netopia 4553. The information you enter here controls how the router routes IP traf fic. Consult your network administrator or ISP to obtain the IP setup information (such as the Ethernet...

8-66 User’s Reference Guide IP subnets The IP Subnets screen allows you to configure up to eight Ethernet IP subnets on unlimited-user models, one “primar y” subnet and up to seven secondar y subnets, by entering IP address/subnet mask pairs: Note: You need not use this screen if you have only a sin...

8-68 User’s Reference Guide If you have configured multiple Ethernet IP subnets, the IP Setup screen changes slightly: The IP address and Subnet mask items are hidden, and the Define Additional Subnets... item becomes Subnet Configuration... . If you select Subnet Configuration , you will return to ...

8-72 User’s Reference Guide IP Address Serving In addition to being a router, the Netopia 4553 is also an IP address ser ver. There are three protocols it can use to distribute IP addresses. ■ The first, called Dynamic Host Configuration Protocol (DHCP), is widely suppor ted on PC networks, as well ...

IP Setup 8-75 IP Address Pools The IP Address Pools screen allows you to configure a separate IP address ser ving pool for each of up to eight configured Ethernet IP subnets: This screen consists of between two and eight rows of four columns each. There are exactly as many rows as there are Ethernet...

8-76 User’s Reference Guide Numerous factors influence the choice of ser ved address. It is dif ficult to specify the address that will be ser ved to a par ticular client in all circumstances. However, when the address ser ver has been configured, and the clients involved have no prior address ser v...

IP Setup 8-77 DHCP NetBIOS Options If your network uses NetBIOS, you can enable the Netopia 4553 to use DHCP to distribute NetBIOS information. NetBIOS stands for Network Basic Input/Output System. It is a layer of software originally developed by IBM and Sytek to link a network operating system wit...

8-78 User’s Reference Guide ■ From the NetBios Type pop-up menu, select the type of NetBIOS used on your network. ■ To ser ve DHCP clients with the NetBIOS scope, select Serve NetBios Scope and toggle it to Yes . Select NetBios Scope and enter the scope. ■ To ser ve DHCP clients with the IP address ...

IP Setup 8-79 Select Release BootP Leases and press Return. ■ Back in IP Address Ser ving, the Ser ve Dynamic WAN Clients toggle More Address Serving Options The Netopia 4553 includes a number of enhancements in the built-in DHCP IP address ser ver. These enhancements include: ■ The ability to exclu...

8-80 User’s Reference Guide Configuring the IP Address Server options To access the enhanced DHCP ser ver functions, from the Main Menu navigate to Statistics & Logs and then Served IP Addresses . The following example shows the Ser ved IP Addresses screen after three clients have leased IP addr...

8-84 User’s Reference Guide The router’s Ethernet IP address(es) will be automatically excluded from the address ser ving pool(s) on star tup. Entries in the ser ved IP address list corresponding to the router’s Ethernet IP address(es) that have been automatically excluded on star tup are not select...

IP Setup 8-87 Note: The remote DHCP ser ver(s) to which the Netopia Router is relaying DHCP requests must be capable of ser vicing relayed requests. Not all DHCP ser vers suppor t this feature. For example, the DHCP ser ver in the Netopia Router does not . The DHCP ser ver(s) to which the Netopia Ro...

Multiple Network Address Translation 9-91 C C C C h h h h aa a a p p p p tttt ee e e rrrr 9 9 9 9 M M M M u u u u llll tttt iiii p p p p llll ee e e N N N N ee e e tttt w w w w o o o o rrrr kk k k A A A A d d d d d d d d rrrr ee e e ssss ssss TT T T rrrr aa a a n n n n ssss llll aa a a tttt iiii o o...

Multiple Network Address Translation 9-93 When addresses are returned to the group of available addresses, they are returned to the head of the group, being the most recently used. If that same host requests a connection an hour later, and the same public address is still available, then it will be ...

Multiple Network Address Translation 9-95 In order to suppor t this type of mapping, you define two address ranges. First, you define a public range which contains the first and last public address to be used and the way in which these addresses should be used (PAT, static, or dynamic). You then con...

9-96 User’s Reference Guide Easy Setup Profile configuration The screen below is an example. Depending on the type of router you are using, fields displayed in this screen may var y. The Local WAN IP Address is used to configure a NAT public address range consisting of the Local WAN IP Address and a...

9-100 User’s Reference Guide ■ Select Map List Name and enter a descriptive name for this map list. A new menu item, Add Map , appears. ■ Select Add Map and press Return. The Add NAT Map screen appears. ■ Select First and Last Private Address and enter the first and last interior IP addresses you wa...

9-102 User’s Reference Guide Modifying map lists You can make changes to an existing map list after you have created it. Since there may be more than one map list you must select which one you are modifying. From the Network Address Translation screen select Show/Change Map List and press Return. ■ ...

9-104 User’s Reference Guide Adding Server Lists Ser ver lists, also known as Expor ts, are handled similarly to map lists. If you want to make a par ticular ser ver’s por t accessible (and it isn’t accessible through other means, such as a static mapping), you must create a ser ver list. Select Add...

Multiple Network Address Translation 9-107 Modifying server lists Once a ser ver list exists, you can select it for modification or deletion. ■ Select Show/Change Server List from the Network Address Translation screen. ■ Select the Ser ver List Name you want to modify from the pop-up menu and press...

Multiple Network Address Translation 9-109 Deleting a server To delete a ser ver from the list, select Delete Server from the Show/Change NAT Ser ver List menu and press Return. A pop-up menu lists your configured ser vers. Select the one you want to delete and press Return. A dialog box asks you to...

9-110 User’s Reference Guide Binding Map Lists and Server Lists Once you have created your map lists and ser ver lists, for most Netopia Router models you must bind them to a profile, either a Connection Profile or the Default Profile. You do this in one of the following screens: ■ the IP profile pa...

9-114 User’s Reference Guide NAT Associations Configuration of map and ser ver lists alone is not suf ficient to enable NAT for a WAN connection because map and ser ver lists must be linked to a profile that controls the WAN inter face. This can be a Connection Profile, a WAN Ethernet inter face, a ...

Multiple Network Address Translation 9-115 keys. Select the item by pressing Return to display a pop-up menu of all of your configured lists. ■ Select the list name you want to assign and press Return again. Your selection will then be associated with the corresponding profile or inter face. NAT Ass...

9-116 User’s Reference Guide MultiNAT Configuration Example To help you understand a typical MultiNAT configuration, this section describes an example of the type of configuration you may want to implement on your site. The values shown are for example purposes only. Make your own appropriate substi...

9-120 User’s Reference Guide To make these changes, first limit the range of remapped addresses on the Static Map and then edit the default ser ver list called Easy-Ser vers. ■ First, navigate to the Show/Change Map List screen, select Easy-PAT List and then Show/Change Maps . Choose the Static Map ...

Virtual Private Networks (VPNs) 10-121 C C C C h h h h aa a a p p p p tttt ee e e rrrr 1111 0 0 0 0 V V V V iiii rrrr tttt u u u u aa a a llll P P P P rrrr iiii vvv v aa a a tttt ee e e N N N N ee e e tttt w w w w o o o o rrrr kk k k ssss (((( V V V V P P P P N N N N ssss )))) The Netopia 4553 of fe...

10-122 User’s Reference Guide Tunneling is a process of creating a private path between a remote user or private network and another private network over some intermediate network, such as the IP-based Internet. A VPN allows remote of fices or employees access to your internal business LAN through m...

Virtual Private Networks (VPNs) 10-123 the receiving side, an IPsec-compliant device decr ypts each packet. The Netopia 4553 suppor ts the more secure Tunnel mode. DES stands for Data Encr yption Standard, a popular symmetric-key encr yption method. DES uses a 56-bit key. The Netopia 4553 of fers IP...

10-124 User’s Reference Guide PPTP configuration To set up the router as a PPTP Network Ser ver (PNS) capable of answering PPTP tunnel requests you must also configure the VPN Default Answer Profile. See "ATMP/PPTP Default Profile" on page 10-136 for more information. PPTP is a Datalink Enca...

10-126 User’s Reference Guide Note: The Netopia 4553 suppor ts 128-bit (“strong”) encr yption. Unlike MS-CHAP version 1, which suppor ts one-way authentication, MS-CHAP version 2 suppor ts mutual authentication between connected routers and is incompatible with MS-CHAP version 1 (MS-CHAP-V1). When y...

Virtual Private Networks (VPNs) 10-127 The IP Profile Parameters screen appears. ■ Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel. About IPsec Tunnels IPsec stands for IP Security, a set of protocols that suppor ts secure exchange of IP packets at the IP laye...

10-130 User’s Reference Guide IP Profile Parameters The following IP Profile Options screen is displayed for an IPsec Connection Profile. ■ You must specify an SPI (Security Parameters Index) , which is the ESP receive side SPI and the default SPI for ESP transmit, AH receive, and AH transmit. It mu...

10-132 User’s Reference Guide If you do not specify the Remote Tunnel Endpoint Address, the router will use the default gateway to reach the par tner. If the par tner should be reached via an alternate por t (for example, the LAN instead of the WAN), the Next Hop Gateway field allows this path to be...

Virtual Private Networks (VPNs) 10-135 ■ Enter the Remote IP Address and Remote IP Mask for the host to which you want to tunnel. Encryption Support Encr yption is a method for altering user data into a form that is unusable by anyone other than the intended recipient. The recipient must have the me...

10-136 User’s Reference Guide and transparently. ATMP/PPTP Default Profile The WAN Configuration menu of fers a ATMP/PPTP Default Profile option. Use this selection when your router is acting as the ser ver for VPN connections, that is, when you are on the answering end of the tunnel establishment. ...

Virtual Private Networks (VPNs) 10-137 If you chose MS-CHAP authentication, the Data Compression option is not required, and this menu item becomes hidden. VPN QuickView You can view the status of your VPN connections in the VPN QuickView screen. From the Main Menu select QuickView and then VPN Quic...

10-138 User’s Reference Guide Dial-Up Networking for VPN Microsoft Windows Dial-Up Networking software permits a remote standalone workstation to establish a VPN tunnel to a PPTP ser ver such as a Netopia Router located at a central site. Dial-Up Networking also allows a mobile user who may not be c...

Virtual Private Networks (VPNs) 10-139 The Communications window appears. 5. In the Communications window, select Dial-Up Networking and click the OK button. This returns you to the Windows Setup screen. Click the OK button. 6. Respond to the prompts to install Dial-Up Networking from the system dis...

10-140 User’s Reference Guide Configuring a Dial-Up Networking profile Once you have created your Dial-Up Networking profile, you configure it for TCP/IP networking to allow you to connect to the Internet through your Internet connection device. Do the following: 1. Double-click the My Computer (or ...

10-142 User’s Reference Guide This displays a list of possible selections for the communications option. Active components will have a check in the checkboxes to their left. 6. Check Dial Up Networking at the top of the list and Vir tual Private Networking at the bottom of the list. 7. Click OK at t...

10-144 User’s Reference Guide PPTP example To enable a firewall to allow PPTP traf fic, you must provision the firewall to allow inbound and outbound TCP packets specifically destined for por t 1723. The source por t may be dynamic, so often it is not useful to apply a compare function upon this por...

10-146 User’s Reference Guide Select Output Filter 2 and press Return. In the Change Output Filter 2 screen, set the Protocol Type to allow GRE as shown below. ATMP example To enable a firewall to allow ATMP traf fic, you must provision the firewall to allow inbound and outbound UDP packets specific...

Security 11-151 C C C C h h h h aa a a p p p p tttt ee e e rrrr 1111 1111 S S S S ee e e cccc u u u u rrrr iiii tttt yyy y The Netopia 4553 provides a number of security features to help protect its configuration screens and your local network from unauthorized access. Although these features are op...

Security 11-153 To add a new user account, select Add User in the Security Options screen and press Return. The Add Name With Write Access screen appears. Follow these steps to configure the new account: 1. Select Enter Name and enter a descriptive name (for example, the user’s first name). 2. Selec...

11-154 User’s Reference Guide To restrict Telnet access, select Security in the Advanced Configuration menu. The Security Options screen will appear. There are two levels of Telnet restriction available: ■ To restrict Telnet access to the SNMP screens, select Enable Telnet Access to SNMP Screens and...

Security 11-155 Each inspector has a specific task. One inspector’s task may be to examine the destination address of all outgoing packages. That inspector looks for a cer tain destination—which could be as specific as a street address or as broad as an entire countr y—and checks each package’s dest...

11-156 User’s Reference Guide If the package does not match the first inspector’s criteria, it goes to the second inspector, and so on. You can see that the order of the inspectors in the line is ver y impor tant. For example, let’s say the first inspector’s orders are to send along all packages tha...

11-160 User’s Reference Guide Filtering example #1 Returning to our filtering rule example from above (see page 11-156 ), look at how a rule is translated into a filter. Star t with the rule, then fill in the filter’s attributes: 1. The rule you want to implement as a filter is: Block all Telnet att...

Security 11-161 This filter blocks any packets coming from a remote network with the IP network address 200.233.14.0. The 0 at the end of the address signifies any host on the class C IP network 200.233.14.0. If, for example, the filter is applied to a packet with the source IP address 200.233.14.5,...

11-162 User’s Reference Guide An approach to using filters The ultimate goal of network security is to prevent unauthorized access to the network without compromising authorized access. Using filter sets is par t of reaching that goal. Each filter set you design will be based on one of the following...

Security 11-167 Deleting filters To delete a filter, select Delete Input Filter or Delete Output Filter in the Display/Change Filter Set screen to display a table of filters. Select the filter from the table and press Return to delete it. Press Escape to exit the table without deleting the filter. M...

11-170 User’s Reference Guide FTP sessions. To allow WAN-originated FTP sessions to a LAN-based FTP ser ver with the IP address a.b.c.d (corresponding to a numbered IP address such as 163.176.8.243), inser t the following input filter ahead of the current input filter 1: ■ Enabled: Yes ■ For ward: Y...

Security 11-171 Basic IP packet components All IP packets contain the same basic header information, as follows: This header information is what the packet filter uses to make filtering decisions. It is impor tant to note that a packet filter does not look into the IP data stream (the User Data from...

11-172 User’s Reference Guide Firewall design rules There are two basic rules to firewall design: ■ “What is not explicitly allowed is denied.” and ■ “What is not explicitly denied is allowed.” The first rule is far more secure, and is the best approach to firewall design. It is far easier (and more...

11-174 User’s Reference Guide Example filter set screen This is an example of the Netopia filter set screen: Filter basics In the source or destination IP address fields, the IP address that is entered must be the network address of the subnet. A host address can be entered, but the applied subnet m...

Security 11-175 Example network Example filters Example 1 Incoming packet has the source address of 200.1.1.28 This incoming IP packet has a source IP address that matches the network address in the Source IP Address field (00000000) in the Netopia 4553. This will not for ward this packet. Filter Ru...

Monitoring Tools 12-179 C C C C h h h h aa a a p p p p tttt ee e e rrrr 1111 2 2 2 2 M M M M o o o o n n n n iiii tttt o o o o rrrr iiii n n n n g g g g TT T T o o o o o o o o llll ssss This chapter discusses the Netopia 4553’s device and network monitoring tools. These tools can provide statistical...

12-180 User’s Reference Guide General status Current Date: The current date; this can be set with the Date and Time utility (see “Date and time” on page 7-59 ). Default IP Gateway: The router’s default gateway, which may be either manually configured or learned via DHCP. This is the value you assign...

Monitoring Tools 12-181 Current status The current status section is a table showing the current status of the DSL connection. For example: Profile Name: Lists the name of the connection profile being used, if any. Rate: Shows the line rate for this connection. %Use: Indicates the average percent ut...

12-182 User’s Reference Guide Statistics & Logs When you are troubleshooting your Netopia 4553, the Statistics & Logs screens provide insight into the recent event activities of the router. From the Main Menu go to Statistics & Logs and select one of the options described in the sections...

Monitoring Tools 12-185 IP Routing Table The IP routing table displays all of the IP routes currently known to the Netopia 4553. The routing table screen represents a snapshot of the routing table information at the time the screen is first invoked. To take a new snapshot, select Update at the botto...

Monitoring Tools 12-187 Traffic Statistics When ATM is the mode or Frame Relay is the datalink encapsulation, traf fic statistics are available through the option in the lower left corner. With other settings, this option is not available. To view the traf fic statistics, select the option and press...

12-188 User’s Reference Guide SNMP The Netopia 4553 includes a Simple Network Management Protocol (SNMP) agent, allowing monitoring and configuration by a standard SNMP manager. The Netopia 4553 suppor ts the following management information base (MIB) documents: ■ MIB II (RFC 1213) ■ Inter face MIB...

Monitoring Tools 12-189 2. Select System Location and enter the router’s physical location (room, floor, building, etc.). 3. Select System Contact and enter the name of the person responsible for maintaining the router. System Name, System Location, and System Contact set the values returned by the ...

13-194 User’s Reference Guide Ping The Netopia 4553 Router includes a standard Ping test utility. A Ping test generates IP packets destined for a par ticular (Ping-capable) IP host. Each time the target host receives a Ping packet, it returns a packet to the original sender. Ping allows you to see w...

Utilities and Diagnostics 13-197 4. Select Use Reverse DNS to learn the names of the routers between the Netopia Router and the destination router. The default is Yes. 5. Select START TRACE ROUTE and press Return. A scrolling screen will appear that lists the destination, number of hops, IP addresse...

13-198 User’s Reference Guide Factory defaults You can reset the Netopia 4553 to its factor y default settings. In the Utilities & Diagnostics screen, select Rever t to Factory Defaults and press Return. Select CONTINUE in the dialog box and press Return. The Netopia 4553 will reboot and its set...

Utilities and Diagnostics 13-199 Updating firmware Firmware updates may be available periodically from Netopia or from a site maintained by your organization’s network administrator. The Netopia 4553 ships with an embedded operating system referred to as firmware. The firmware governs how the device...

13-200 User’s Reference Guide ser ver name or IP address is available from the site where the ser ver is located. ■ Select Config File Name and enter the name of the file you will download. The name of the file is available from the site where the ser ver is located. You may need to enter a file pat...

Utilities and Diagnostics 13-201 Note: The X-Modem File Transfer screen is only available if you are connected via the Console por t. Note: It is good practice when updating programmable devices to disable any other programs or network activity on the device or the attached computer. This includes W...

13-202 User’s Reference Guide If you choose CONTINUE, you will have ten seconds to use your terminal emulation software to initiate an XMODEM transfer of the firmware file. If you fail to initiate the transfer in that time, the dialog box will disappear and the terminal emulation software will infor...

Utilities and Diagnostics 13-203 Uploading a file can also be useful for troubleshooting purposes. The uploaded configuration file can be tested on a dif ferent Netopia 4553 by Netopia or your network administrator. The procedure below applies whether you are using the console or the WAN inter face....

Troubleshooting A-205 A A A A p p p p p p p p ee e e n n n n d d d d iiii xxxx A A A A T T T T rrrr o o o o u u u u b b b b llll ee e e ssss h h h h o o o o o o o o tttt iiii n n n n g g g g This appendix is intended to help you troubleshoot problems you may encounter while setting up and using the ...

A-206 User’s Reference Guide Console connection problems Can’t see the configuration screens (nothing appears) ■ Make sure the cable connection from the Netopia 4553’s console por t to the computer being used as a console is securely connected. ■ Make sure the terminal emulation software is accessin...

Troubleshooting A-207 How to reset the router to factory defaults Lose your password? This section shows how to reset the router so that you can access the console screens once again. Keep in mind that all of your connection profiles and settings will need to be reconfigured. If you don't have a pas...

A-208 User’s Reference Guide Technical support Netopia, Inc. is committed to providing its customers with reliable products and documentation, backed by excellent technical suppor t. Before contacting Netopia Look in this guide for a solution to your problem. You may find a solution in this troubles...

Technical Specifications and Safety Information B-211 A A A A p p p p p p p p ee e e n n n n d d d d iiii xxxx B B B B T T T T ee e e cccc h h h h n n n n iiii cccc aa a a llll S S S S p p p p ee e e cccc iiii ffff iiii cccc aa a a tttt iiii o o o o n n n n ssss aa a a n n n n d d d d S S S S aa a a...

B-212 User’s Reference Guide December 1, 2000 ■ Canada – CSA: CAN/CSA-C22.2 No. 950-95 EMI: ■ FCC Par t 15 Class B International Safety Approvals: ■ Low Voltage (European directive) 73/23/EEC ■ EN60950 1992 (Europe) ■ AS/NRZ 3260 (Australia) ■ TS001(Australia) EMI Compatibility: ■ European Directive...

B-214 User’s Reference Guide Caution Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate. The Load Number (LN) assigned to each terminal device denotes the percentage of the total load to be co...

Technical Specifications and Safety Information B-215 Replace only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.

Limited Warranty and Limitation of Remedies 217 LLL L iiii m m m m iiii tttt ee e e d d d d W W W W aa a a rrrr rrrr aa a a n n n n tttt yyy y aa a a n n n n d d d d LLL L iiii m m m m iiii tttt aa a a tttt iiii o o o o n n n n o o o o ffff R R R R ee e e m m m m ee e e d d d d iiii ee e e ssss Neto...