Netopia 6.3 - Manual

8 Section 1 Documentation Conventions Documentation Conventions General This manual uses the following conventions to present information: Internal Web Interface Command Line Interface Syntax conventions for the Cayman gateway command line interface are as follows: Convention (Typeface) Description ...

9 Section 1 Documentation Conventions Icons Icons used in the guide are: Text The words “Cayman Gateway” and “Gateway” refer to a standard unit from the Netopia Cayman 3000-Series product families. BOTH Pointing to a CLI command, refers to both DSL and Ethernet WAN interfaces for Cayman Gateways DSL...

10 Section 1 Organization The expressions “Release 6.3.0” and “R 6.3.0” refer to the most recent generally available Cayman Operating System: COS 6.3.0R0. Organization This guide consists of six sections, three appendixes including a glossary, and an index. It is organized as follows: • Section 1, “...

11 Section 2 Basic Product Structure Basic Product Structure Units from the Netopia Cayman-series Gateway family are supplied in many configurations. This presents end-users with many alternatives for Wide Area Network (WAN) interfaces and Local Area Network (LAN) inter-faces. This is the current pr...

12 Section 2 What’s New in Version 6.3 What’s New in Version 6.3 The new features for COS 6.3 are: New Embedded Web Server Not only is the look and feel different, but the database and the web server engine are new and more flexible. The design of the new web server is geared to make navigation easi...

13 Section 2 Capabilities Roadmap for COS 6.3 Capabilities Roadmap for COS 6.3 Cayman Gateways support a wide array of features and functionality. This roadmap points you to overview discussions and How To procedures. Capabilities Roadmap: Cayman Gateways with COS 6.3 Feature New for COS 6.3 Outline...

14 Section 3 General This section describes the principal features of Cayman Operating System version 6.3. The information is grouped by usage area. General Feature Keys Certain functionality in this release is controlled through software feature keys. These keys are proprietary files with the follo...

15 Section 3 General Management Embedded Web Server There is no specialized client software required to configure, manage, or maintain your Cayman Gateway. Web pages embedded in the operating system provide access to the following Gateway operations: • Setup • System and security logs • Diagnostics ...

16 Section 3 General Local Area Network DHCP ( Dynamic Host Configuration Protocol ) Server DHCP Server functionality enables the Gateway to assign your LAN com-puter(s) a “private” IP address and other parameters that allow network communication. The default DHCP Server configuration of the Gateway ...

17 Section 3 General Wide Area Network DHCP ( Dynamic Host Configuration Protocol ) Client DHCP Client functionality enables the Gateway to request an IP address from your Service Provider. DHCP servers on your Service Provider’s net-work reply to DHCP Client requests and assign the network parameter...

18 Section 3 General • Your network may change address with each connection making it more difficult to attack. When you configure Instant On access, you can also configure an idle time-out value. Your Gateway monitors traffic over the Internet link and when there has been no traffic for the configu...

19 Section 3 General Security Password Protection Access to your Cayman device is controlled through two access control accounts, Admin or User . • The Admin , or administrative user, performs all configuration, manage- ment or maintenance operations on the Gateway. • The User account provides monit...

20 Section 3 General A similar configuration applies to a DSL WAN interface (3220 family). Cayman Advanced Features for NAT Using the NAT facility provides effective LAN security. However, there are user applications that require methods to selectively by-pass this security function for certain type...

21 Section 3 General Pinholes This feature allows you to: • Transparently route selected types of network traffic using the port for-warding facility. – FTP requests or HTTP (Web) connections are directed to a specific host on your LAN. • Setup multiple pinhole paths. – Up to 32 paths are supported ...

22 Section 3 General Combination NAT Bypass Configuration Specific pinholes and Default Server settings, each directed to different LAN devices, can be used together. Security Monitor The Security Monitor detects security related events including common types of malicious attacks and writes them to a...

23 Section 3 General Event Details Details on the eight specific event types and the information logged are: IP Source Address Spoofing The Gateway checks all incoming packets to see if the IP address attached is valid for the interface the packet is received through. If the address of the packet is ...

24 Section 3 General mentation information can also be exploited to create an illegally sized packet. Unwary hosts will often crash when the illegal fragment corrupts data outside of the “normal” packet bounds. The Cayman unit will detect and discard illegal packet fragments, and the Security Monito...

25 Section 3 General Login Failures The Cayman software provides the means for assigning passwords to the Admin or User accounts to control access to the Gateway. Any attempts to login are given three chances to enter a valid password. The Security Mon-itoring software records instances where the us...

26 Section 3 General BreakWater Basic Firewall BreakWater delivers an easily selectable set of pre-configured firewall pro-tection levels. These settings are readily available for simple implementa-tion through Cayman’s embedded web server interface. BreakWater provides you and your network with: • ...

27 Section 3 General VPN IPSec Pass Through This Cayman service supports your independent VPN client software in a transparent manner. Cayman has implemented an Application Layer Gate-way (ALG) to support multiple PCs running IP Security protocols. This feature has three elements: 1. On power up or ...

28 Section 3 General SafeHarbour VPN IPSec Tunnel SafeHarbour VPN IPSec Tunnel provides a single, encrypted tunnel to be terminated on the Gateway, making a secure tunnel available for all LAN- connected Users. This implementation offers the following: • Eliminates the need for VPN client software o...

29 Section 4 Access the User Interface Access the User Interface Using the embedded Web-based user interface for the Netopia Cayman-series Gateway you can configure, troubleshoot, and monitor the status of your Gateway. For COS Version 6.3 the Web-based UI has been modified: • To accomodate multiple...

30 Section 4 Home page Home page The Home page is the “dashboard” for your Cayman Gateway. The toolbar at the top provides links to controlling, configuring, and monitoring pages. Critical configuration and operational status is displayed in the center sec-tion. If you log on as Admin you see this p...

31 Section 4 Home page Home page - Information The Home page’s center section contains a summary of the Gateway’s configuration settings and operational status. Summary Information Field Status and/or Description General Information Hardware Model number and summary specification Serial Number Uniqu...

32 Section 4 Toolbar Toolbar The toolbar is the dark blue bar at the top of the page containing the major navigation buttons. These buttons are available from almost every page, allowing you to move freely about the site. The example toolbar shown below is displayed when you log on as Admin . If you...

33 Section 4 Restart Restart Button Restart Response Comment The Restart button on the toolbar allows you to restart the Gateway at any time. You will be prompted to confirm the restart before any action is taken. The Restart Confirmation message explains the consequences of and reasons for restarti...

34 Section 4 Restart Link Alert Symbol Response Comment The Alert symbol appears in the upper right corner under one of two cir-cumstances: 1. a database change; one in which a change is made to the Gateway’s configuration. The Alert serves as a reminder that you must Save the changes and Restart th...

35 Section 4 Help Help Button Help Response Comment Context-sensitive Help is provided in Release 6.3. The page shown above is displayed when you are on the Home page or other transitional pages. To see a context help page example, go to Security -> Passwords , then click Help .

36 Section 4 Configure Configure Quickstart How to Use the Quickstart Page Quickstart is normally used immediately after the new hardware is installed. When you are first configuring your Gateway, Quickstart appears after you log on. (Once you have configured your Gateway, logging on displays the Hom...

37 Section 4 Configure Setup Your Gateway using a DHCP Connection The Other Quickstart Options page allows you to change the System Name or your Gateway’s Ethernet MAC address. System Name is your Gateway’s factory identifier combined with its serial number. By default, this identifier is automatica...

38 Section 4 Configure If you need to change either of these fields, use the following procedure. Change Procedure Step 1 Enter your selected System Name. You can use the default System name or select your own. The System Name can be 1-32 characters long. Step 2 Select the Enable MAC Override checkb...

40 Section 4 Configure Setup Your Gateway using a PPP Connection Step 1 Enter your ISP Username and ISP Password. Step 2 Click Submit . This turns on the Alert (“!”) button in the top right corner of the page. Step 3 Click the Alert button to go to the page to save your changes. Step 4 Click on the ...

41 Section 4 Configure Setup Your Gateway using a Static IP Address If your service provider supplies you with a static IP address, your Gate-way’s Quickstart page will offer the fields required to enter the appropri-ate information for this type of configuration. Configuration Procedure The Quicksta...

42 Section 4 Configure Step 4 When you see the Save Changes page, click the Save and Restart link to restart your Cayman Gateway with its new configuration settings. You will be returned to the Home page. A warning is displayed on this page while the Gateway restarts. Step 5 After your Cayman Gateway...

43 Section 4 Configure LAN Link Configure -> LAN Response Comment * Interface Enable : Enables all LAN-connected computers to shared resources and to connect to the WAN. The Interface should always be enabled unless you are instructed to disable it by your Service Provider during troubleshooting. ...

44 Section 4 Configure WAN Link Configure -> WAN Response Comment WAN IP Interfaces Your IP interfaces are listed. Click on an interface to configure it. IP Gateway Enable Gateway: You can configure the Gateway to send packets to a default gateway if it does not know how to reach the destina-tion ...

45 Section 4 Configure Advanced The following are links under Configure -> Advanced: Link Advanced Link IP Static Routes Selected Advanced options are discussed in the pages that follow. Many are self-explanatory or are dictated by your service provider. Comment Response Description A static rout...

46 Section 4 Configure Link IP Static ARP Link Pinholes Response Description Your Gateway maintains a dynamic Address Resolution Protocol (ARP) table to map IP addresses to Ethernet (MAC) addresses. It populates this ARP table dynamically, by retrieving IP address/MAC address pairs only when it need...

47 Section 4 Configure Configure Specific Pinholes Planning for Your Pinholes Determine if any of the service applications that you want to provide on your LAN stations utilize TCP or UDP protocols. If an application does, then you must configure an Internal Server to implement port forwarding. This i...

48 Section 4 Configure A diagram of this LAN example is: TIPS for making Pinhole Entries 1. If the port forwarding feature is required for Web services, ensure that the embedded Web server’s port number is re-assigned PRIOR to any Pin-hole data entry. 2. Enter data for one Pinhole at a time.3. Use a...

49 Section 4 Configure Pinhole Configuration Procedure Use the following steps: Step 1 From the Configure toolbar button -> Advanced link, select the Internal Servers link. Since Port Forwarding is required for this example, the Cayman embedded Web server is configured first. To pass Web traffic th...

52 Section 4 Configure Configure the IPMaps Feature FAQs for the IPMaps Feature Before configuring an example of an IPMaps-enabled network, review these frequently asked questions. What are IPMaps and how are they used? The IPMaps feature allows multiple static WAN IP addresses to be assigned to the ...

53 Section 4 Configure What types of servers are supported by IPMaps? IPMaps allows a Cayman Gateway to support servers behind the Gateway, for example, web, mail, FTP, or DNS servers. VPN servers are not supported at this time. Can I use IPMaps with my PPPoE or PPPoA connection? Yes. IPMaps can be ...

55 Section 4 Configure Link Protocol Lifetimes Link Default Server Response Description Each NAT Protocol map entry will time-out if there is no traffic of that protocol for the specified number of minutes. For example, UDP entries time-out if there is no UDP traffic after 6 (default) minutes. Respo...

56 Section 4 Configure Configure a Default Server This feature allows you to direct unsolicited or non-specific traffic to a des-ignated LAN station. With NAT “On” in the Gateway, these packets nor-mally would be discarded. For instance, this could be application traffic where you don’t know (in adva...

57 Section 4 Configure Typical Network Diagram A typical network utilizing the NAT Default Server looks like this: NAT Combination Application Cayman’s NAT security feature allows you to configure a sophisticated LAN layout that uses both the Pinhole and Default Server capabilities. With this topolo...

58 Section 4 Configure Link DNS Response Description Your Service Provider may maintain a Domain Name server. If you have the information for the DNS servers, enter it on the DNS page. If your Gateway is configured to use DHCP to obtain its WAN IP address, the DNS information is automatically obtain...

59 Section 4 Configure Link DHCP Server Response Description Your Gateway can provide network configuration information to com-puters on your LAN, using the Dynamic Host Configuration Protocol (DHCP). If you already have a DHCP server on your LAN, you should turn this service off. If you want the Ga...

60 Section 4 Configure Link SNMP SNMP presents you with a security issue. The community facility of SNMP behaves somewhat like a password. The community “ public ” is a well-known community name. It could be used to examine the configuration of your Gateway by your service provider or an unin-vited ...

61 Section 4 Configure Link Ethernet Bridge Response Description Bridges let you join two local area networks, so that they appear to be part of the same physical network. As a bridge for protocols other than TCP/IP, your Gateway keeps track of as many as 255 MAC (Media Access Control) addresses, ea...

62 Section 4 Configure Link System Response Description The System Name defaults to your Gateway's factory identifier com- bined with its serial number. Some cable-oriented Service Providers use the System Name as an important identification and support parame-ter. If your Gateway is part of this ty...

63 Section 4 Configure Link Internal Servers Response Description Your Gateway ships with an embedded Web server and support for a Telnet session, to allow ease of use for configuration and maintenance. The default ports of 80 for HTTP and 23 for Telnet may be reassigned. This is necessary if a pinh...

64 Section 4 Configure Link Ethernet MAC Address Override Link Traffic Shaping Response Description You can override your Gateway’s Ethernet MAC address with any neces-sary setting. Some ISPs require your account to be identified by the MAC address, among other things. For information on setting this...

65 Section 4 Configure Link Clear Options Response Description To restore the factory configuration of the Gateway, choose Clear Options . You may want to upload your configuration to a file before performing this function. Comment Clear Options does not clear feature keys or affect the software ima...

66 Section 4 Configure Security Button Security Link Passwords Description The Security features are available by clicking on the Security toolbar button. Some items of this category do not appear when you log on as User . Response Description Access to your Gateway is controlled through two user ac...

67 Section 4 Configure Create and Change Passwords You can establish different levels of access security to protect your Cay-man Gateway settings from unauthorized display or modification. • Admin level privileges let you display and modify all settings in the Cayman Gateway (Read/Write mode). The A...

68 Section 4 Configure • It can have up to eight alphanumeric characters. • It is case-sensitive. Step 4 Enter your new password again in the Confirm Password field. You confirm the new password to verify that you entered it correctly the first time. Step 5 When you are finished, click the Submit butto...

69 Section 4 Configure Use a Cayman Firewall BreakWater Basic Firewall BreakWater delivers an easily selectable set of pre-configured firewall pro-tection levels. For simple implementation these settings (comprised of three levels) are readily available through Cayman’s embedded web server interface...

73 Section 4 Configure Configure a SafeHarbour VPN VPN IPSec Tunnel at the Gateway SafeHarbour VPN IPSec Tunnel provides a single, encrypted tunnel to be terminated on the Gateway, making a secure tunnel available for all LAN- connected Users. This implementation offers the following: • Eliminates th...

74 Section 4 Configure A typical SafeHarbour configuration is shown below: Use these Best Practices in establishing your SafeHarbour tunnel. Parameter Description and Setup The following table describes SafeHarbour’s parameters that are used for an IPSec VPN tunnel configuration: 1. Ensure that the ...

77 Section 4 Configure SafeHarbour Tunnel Setup Use the following tasks to configure an IPSec VPN tunnel on your Cayman Gateway. Task 1: Ensure that you have SafeHarbour VPN enabled. SafeHarbour is a keyed feature. See page 93 for information concerning installing Cayman Software Feature Keys. Task2...

78 Section 4 Configure Leave the Enable NAT over Tunnel choice as Off unless your network administrator instructs otherwise. Task 4: Make the IPSec Tunnel Entries Enter the initial group of tunnel parameters. Refer to your Setup Work- sheet and the Glossary of VPN Terms as required. Perform the foll...

79 Section 4 Configure Step 6 Ensure that the toggle checkbox Enable , which is On by default, remains On. Step 7 Click Add . The Tunnel Details page appears. Task 5: Make the Tunnel Details entries Use the following steps: Step 1 Enter or select the required settings. Step 2 Click Update . The Aler...

80 Section 4 Configure Using the Security Monitoring Log You can view the Security Log at any time. Use the following steps: Step 1 Click the Security toolbar button. Step 2 Click the Security Log link. Step 3 Click the Show link from the Security Log tool bar. An example of the Security Log is show...

82 Section 4 Configure The capacity of the security log is 100 security alert messages. When the log reaches capacity, subsequent messages are not captured, but they are noted in the log entry count. Table of Time Offsets (in hours) from GMT Take the recorded UTC/GMT value and subtract the offset va...

83 Section 4 Configure Install Button Install Response Description From the Install toolbar button you can: • Install new Operating System Software• Install new Feature Keys

84 Section 4 Configure Install Software Updating Your Gateway to COS Version 6.3 Cayman Operating System Release 6.3 represents significantly expanded functionality for your Cayman Gateway. To deliver these important fea-tures, the COS 6.3 image is larger than earlier versions and the updating proce...

85 Section 4 Configure Required Tasks Warnings : Task # Description Page # 1 Locate and confirm the required files. 86 2 Install and verify the Updater application code. 87 3 Install and verify the COS 6.3 image. 89 Depending on your particular subscriber agreement, you may need to install other fea...

86 Section 4 Configure Upgrading to COS 6.3 requires THREE files: 1. Documentation - Software Upgrade Instructions PDF file 2. Updater file 3. Cayman Operating System image Background When you downloaded your operating system upgrade from the Cayman website you downloaded a ZIP file containing these...

87 Section 4 Configure Contact Information Contact Cayman Technical Support for questions concerning the upgrade process. Contact Cayman Sales for specific advanced features. Use this contact information: Install Updater Application Code Use these steps to install the Updater software in your Gatewa...

88 Section 4 Configure Ethernet button on the Cayman Gateway Home page. When the Ethernet window appears, click Save . If you have previously saved your Cayman Gateway configuration, you can skip this step. Step 3 Click the Install Software button on the Cayman Gateway Home page. The Install New Cay...

89 Section 4 Configure Your Cayman Gateway restarts with its new image. During this step you have the following visual guide from your unit: Verify Updater Application Code To verify that the Updater image has loaded successfully, use the following steps: Step 7 Open a web connection to your Cayman ...

90 Section 4 Configure Step 3 Enter the filename into the text box by using one of these techniques: The COS file name starts with the letter “c” (for “COS”). a. Click the Browse button, select the file you want, and click Open. -or- b. Enter the name and path of the software image you want to instal...

91 Section 4 Configure Verify the COS 6.3 Image To verify that the COS 6.3 image has loaded successfully, use the following steps: Step 1 Open a web connection to your Cayman Gateway from the computer on your LAN and return to the Home page. For COS 6.3 you now have a new layout . The screen shown b...

92 Section 4 Configure If your admin password is not set, you will be prompted to set it before you reach the Home page. This completes the UPGRADE process for COS 6.3.

93 Section 4 Configure Install Keys Use Cayman Software Feature Keys Background Cayman Gateway users obtain advanced product functionality by install-ing a software feature key. This concept utilizes a specially constructed and distributed file (referred to as a feature key) to enable additional cap...

94 Section 4 Configure • BreakWater Basic Firewall • BarrierReef Advanced Firewall • SafeHarbour IPSec Tunnel at the Gateway Obtaining Software Feature Keys Contact your Service Provider to acquire a Software Feature Key. Procedure - Install a New Feature Key File With the appropriate feature key fi...

95 Section 4 Configure Step 5 Click the Restart toolbar button. The Confirmation screen appears. Step 6 Click the Restart the Gateway link to confirm. To check your installed features: Step 1 Click the Install toolbar button. Step 2 Click the List of Features link.

97 Troubleshoot Troubleshoot This section provides some specific procedures and tips for working with important features of Cayman OS 6.3. Perform Troubleshooting on Gateways There are three major Troubleshooting capabilities you can access via your Cayman Gateway’s web interface. The pro-cedures fo...

98 Troubleshoot Each test generates one of the following result codes: CODE Description PASS The test was successful. FAIL The test was unsuccessful. SKIPPED The test was skipped because a test on which it depended failed, or it was not supported by the service provider equipment to which it is conn...

99 Troubleshoot Network Tools Use these steps: Step 1 Click the Troubleshoot toolbar button. Step 2 Click the Network Tools link. Three test tools are available from this page. • NSLookup - converts a domain name to its IP address and vice versa. • Ping - tests the “reachability” of a particular net...

100 Troubleshoot Example: Show the path to the grosso.com site. Result: It took 20 hops to get to the grosso.com web site. Step 5 To use the NSLookup capability, type an address (domain name or IP address) in the text box and click the NSLookup button Example: Show the IP Address for grosso.com Resu...

101 System Status System Status System Status provides a group of links that display status and statistics to help you manage your Gateway. Managing the WAN Users is an example of the management tools available. Manage a Restricted Number of WAN Users User Status On the Home page your WAN User statu...

102 System Status The Show link provides this information: • Number of allowed concurrent WAN users • Number of WAN connections currently in use • Address and computer name - of current LAN users • Timeout - displays status of Idle Timeout Counter. The current user has this amount of time (from an i...

103 System Status Step 3 Click the Disconnect button. If you want to disconnect all users at once, click the Disconnect All button. Step 4 A confirmation message appears. Exceeding the WAN User Limit If your system supports a restricted number of WAN users, web browser users who attempt to access the...

104 Appendix A Overview Overview The Cayman Gateway operating software includes a command line interface (CLI) that lets you access your Cayman Gateway over a telnet or console connection. You can use the command line interface to enter and update the unit’s configura-tion settings, monitor its perf...

105 Appendix A Overview CONFIG Commands CommandVerbs Status and/or Description set Set configuration data define Define environment data delete Delete configuration list data view View configuration data script Print configuration data help Help command option save Save configuration data Keywords s...

106 Appendix A Starting and Ending a CLI Session Starting and Ending a CLI Session There are two ways to open a CLI session: 1. Open a telnet connection from a workstation on your network 2. Connect a terminal to the Maintenance Port located on the rear panel of the Cayman Gateway. Connecting from t...

107 Appendix A Using the CLI Help Facility When you have logged in successfully, the command line interface lists the user-name and the security level associated with the password you entered in the diag-nostic log. Ending a CLI Session You end a command line interface session by typing quit from th...

108 Appendix A SHELL Commands The only command you cannot truncate is restart . To prevent accidental inter- ruption of communications, you must enter the restart command in its entirety. You can use the Up and Down arrow keys to scroll backward and forward through recent commands you have entered. ...

109 Appendix A SHELL Commands Puts the command line interface into Configure mode, which lets you configure your Cayman Gateway with Config commands. Config commands are described starting on page 105 . Runs a diagnostic utility to conduct a series of internal checks and loopback tests to verify net...

111 Appendix A SHELL Commands Displays the IP routes stored in your Cayman Gateway. Performs a domain name system lookup for a specified host. • The hostname argument is the name of the host for which you want DNS information; for example, nslookup klaatu . • The ip_address argument is the IP addres...

112 Appendix A SHELL Commands Releases the DHCP lease the Gateway is currently using to acquire the IP settings for its WAN (Ethernet B) port. Releases the DHCP lease the Cayman 3220-H is currently using to acquire the IP settings for the specified DSL port. The vcc-id identifier is a letter in the ...

113 Appendix A SHELL Commands Resets the point-to-point connection over the specified virtual circuit. This com-mand only applies to virtual circuits that use PPP framing. Clears the security monitoring log to make room to capture new entries. This function disconnects the specified WAN User to allo...

114 Appendix A SHELL Commands Displays the DHCP leases stored in NVRAM by your Cayman Gateway. Displays DSL port statistics, such as upstream and downstream connection rates and noise levels. Displays the Ethernet statistics for your Cayman Gateway. Show all keyed features and whether or not they ar...

115 Appendix A SHELL Commands Displays memory usage information for your Cayman Gateway. If you include the optional all argument, your Cayman Gateway will display a more detailed set of memory statistics. Displays information about open PPP links. You can display a subset of the PPP statistics by i...

116 Appendix A SHELL Commands Opens a PPP link on the specified virtual circuit. Displays the current status of a Cayman Gateway, the device's hardware and soft-ware revision levels, a summary of errors encountered, and the length of time the Cayman Gateway has been running since it was last restart...

117 Appendix A About CONFIG Commands About CONFIG Commands You reach the configuration mode of the command line interface by typing con- figure (or any truncation of configure , such as c or config ) at the CLI SHELL prompt. CONFIG Mode Prompt When you are in CONFIG mode, the CLI prompt consists of ...

118 Appendix A About CONFIG Commands • Moving from one subnode to another — You can move from one subnode to another by entering a partial path that identifies how far back to climb. • Moving from any subnode to any other subnode — You can move from any subnode to any other subnode by entering a par...

119 Appendix A About CONFIG Commands If a command is ambiguous or miskeyed, the CLI prompts you to enter additional information. For example, you must specify which virtual circuit you are configur-ing when you are setting up a Cayman Gateway. Displaying Current Gateway Settings You can use the view...

120 Appendix A About CONFIG Commands Dogzilla (top)>> set systemStepping set mode (press Control-X <Return/Enter> toexit)...system name (“Dogzilla”): Mycroft Diagnostic Level (High): mediumStepping mode ended. Validating Your Configuration You can use the validate CONFIG command to make s...

121 Appendix A CONFIG Commands CONFIG Commands This section describes the keywords and arguments for the various CONFIG com-mands. ATM Settings You can use the CLI to set up each ATM virtual circuit. Enables the WAN interface of 3220-H to be configured using the Asynchronous Transfer Mode (ATM) prot...

122 Appendix A CONFIG Commands Select the number of PPPoE sessions to be configured for VCC n. Up to eight can be configured on the first VCC; one on the other VCCs. The total must be less than or equal to eight. Select the transmission priority for vcc n. The Gateway transmits traffic for high prio...

123 Appendix A CONFIG Commands DHCP Settings As a Dynamic Host Control Protocol (DHCP) server, your Cayman Gateway can assign IP addresses and provide configuration information to other devices on your network dynamically. A device that acquires its IP address and other TCP/IP configuration settings...

124 Appendix A CONFIG Commands DMT Settings Selects the type of Discrete Multitone (DMT) asynchronous digital subscriber line (ADSL) protocol to use for the WAN interface. Domain Name System Settings Domain Name System (DNS) is an information service for TCP/IP networks that uses a hierarchical nami...

125 Appendix A CONFIG Commands IP Settings You can use the command line interface to specify whether TCP/IP is enabled, identify a default Gateway, and to enter TCP/IP settings for the Cayman Gateway LAN and WAN ports. If PPPoE is turned off, you must specify settings for Ethernet A and B separately...

126 Appendix A CONFIG Commands . Specifies restrictions on the types of traffic the 3220-H accepts over the DSL vir-tual circuit. The admin-disable argument means that router traffic is accepted but that administrative commands are ignored. The admin-only argument means that router traffic is ignore...

127 Appendix A CONFIG Commands Specifies the broadcast address for the local Ethernet interface. IP hosts use the broadcast address to send messages to every host on your network simulta-neously. The broadcast address for most networks is the network number followed by 255. For example, the broadcas...

128 Appendix A CONFIG Commands . Specifies whether you want the Cayman Gateway to respond when it receives an address resolution protocol for devices behind it. By default, proxy ARP is turned off. Specifies whether the Cayman Gateway should use Routing Information Protocol (RIP) broadcasts to adver...

129 Appendix A CONFIG Commands Specifies whether the Gateway is reached using a fixed IP address or through a PPP virtual circuit. Specifies the IP address of the default IP Gateway. WAN-to-WAN Routing Settings Use the following command to configure settings for routing between WAN con-nections. Ena...

131 Appendix A CONFIG Commands For example, inclusion of subnet masks in RIP packets and implementation of multicasting instead of broadcasting. This last feature reduces the load on hosts which do not support routing protocols. This command is only available when address mapping for the specified v...

132 Appendix A CONFIG Commands Static Route Settings A static route identifies a manually configured pathway to a remote network. Unlike dynamic routes, which are acquired and confirmed periodically from other routers, static routes do not time out. Consequently, static routes are useful when workin...

133 Appendix A CONFIG Commands • The remote network is more than one router away but the static route should not be replaced by a dynamic route, even if the dynamic route is more effi-cient. Deletes a static route. Deleting a static route removes all information associated with that route. WAN Setti...

134 Appendix A CONFIG Commands Specifies whether an administrator can open a telnet connection to the Cayman Gateway over the WAN Ethernet interface [or specified VCC interface] to monitor and configure the Cayman Gateway. The admin-only argument means that router traffic is ignored but that adminis...

135 Appendix A CONFIG Commands Network Address Translation (NAT) Default Settings NAT default settings let you specify whether you want your Cayman Gateway to forward NAT traffic to a default server when it doesn’t know what else to do with it. The NAT default host function is useful in situations w...

136 Appendix A CONFIG Commands Specifies the type of protocol being redirected. If you select other , specifies the number of the protocol you want to translate. Specifies the first port number in the range being translated. Specifies the last port number in the range being translated. . Specifies t...

137 Appendix A CONFIG Commands Configuring Basic PPP Settings Enables or disables PPP on the Cayman Gateway. Specifies the Maximum Receive Unit (MRU) for the PPP interface. The integer argument can be any number between 128 and 2048. Enables or disables LCP magic number negotiation. Specifies whether...

138 Appendix A CONFIG Commands Specifies the number of seconds the Cayman Gateway should wait before retrans-mitting a configuration or termination request. The integer argument can be any number between 1 and 30. Specifies whether a PPP connection is maintained by the Cayman Gateway when it is unus...

139 Appendix A CONFIG Commands Specifies the name the Cayman Gateway sends in a CHAP response packet. The chap_name argument is 1-64 alphanumeric characters. The information you enter must match the CHAP username configured in the remote PPP peer's authentication database. Specifies the CHAP secret ...

140 Appendix A CONFIG Commands Configuring Peer Authentication You can specify that your Cayman Gateway will use PAP, CHAP, or both to authen-ticate a remote peer as a PPP link is being completed. Perform the following steps to specify how your Cayman Gateway should authenticate remote peers. Specifi...

141 Appendix A CONFIG Commands Command Line Interface Preference Settings You can set command line interface preferences to customize your environment. Specifies whether you want command help and prompting information dis-played. By default, the command line interface verbose preference is turned of...

142 Appendix A CONFIG Commands Specifies the port number for telnet (CLI) communication with the Cayman Gate-way. Because port numbers in the range 0-1024 are used by other protocols, you should use numbers in the range 2000-32767 when assigning new port numbers to the Cayman Gateway telnet configur...

144 Appendix A CONFIG Commands See page 73 for details about SafeHarbour IPsec tunnel capability. See page 73 for details about SafeHarbour IPsec tunnel capability. See page 73 for details about SafeHarbour IPsec tunnel capability. See page 73 for details about SafeHarbour IPsec tunnel capability. I...

145 Appendix A CONFIG Commands SNMP Settings The Simple Network Management Protocol (SNMP) lets a network administrator monitor problems on a network by retrieving settings on remote network devices. The network administrator typically runs an SNMP management station program on a local host to obtai...

146 Appendix A CONFIG Commands you have assigned a name to your Cayman Gateway, you can enter that name in the Address text field of your browser to open a connection to your Cayman Gate- way. . Specifies the types of log messages you want the Cayman Gateway to record. All messages with a level numb...

147 Appendix A CONFIG Commands Traffic Shaping Settings Traffic shaping lets you control how much traffic can flow through an Ethernet interface by limiting the size of the WAN “pipe.” This function is most suitable for Internet Service Providers or multi-interface routers. When you use the traffic-s...

148 Appendix B Glossary Appendix B 10Base2 IEEE 802.3 specification for Ethernet that uses thin coaxial cable to run at 10 Mbps. Limited to 185 meters per segment. 10Base5 IEEE 802.3 baseband physical layer specification for Ethernet that uses thick coaxial cable to run at 10 Mbps. Limited to 500 me...

158 Symbols !! command 108 A Access the GUI 29Address mapping 134Address resolution table 114Admin Login Failures 25Administrative restrictions 130Administrator password 29, 67, 106Arguments, CLI 118ARP Command 108Proxy 128, 134 Authentication 138Authentication trap 145 B Bridging 122Broadcast addre...

159 H Hardware address 122hijacking 155Home page 30 User mode 30 Home window 29Hop count 132How To Configure a SafeHarbour VPN 73Configure Multiple Static IP Addresses 73 HTTP traffic 141 I ICMP Echo 111Illegal Packet Size (Ping of Death) 23Install 83IP address 125, 126, 133 Default 29 IP interfaces...

Contact Information Cayman 3000 series by Netopia Netopia, Inc. 2470 Mariner Square Loop Alameda, CA 94501 Corporate Headquarters: 510-814-5100 Corporate Fax: 510-814-5020 Customer Service/Tech Support: 510-814-5000 ext 1. Support URL: http://www.netopia.com/support January, 2002