Nortel BCM50a - Manual

13 BCM50a Integrated Router Configuration — Advanced Figures Figure 1 Secure Internet Access and VPN Application . . . . . . . . . . . . . . . . . . . . . 38 Figure 2 Initial screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Figure 3 SMT Login . ...

19 BCM50a Integrated Router Configuration — Advanced Tables Table 1 Feature specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Table 2 Main menu commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Table 3 Main menu ...

23 BCM50a Integrated Router Configuration — Advanced Preface Before you begin This guide is designed to assist you with advanced configuration of your BCM50a Integrated Router for its various applications. The SMT parts of this manual contain background information solely on features not configurabl...

24 Preface N0115791 Related publications For more information about using the BCM50a Integrated Router, refer to the following publications: • BCM50a Integrated Router Configuration - Basics ( N0115790 ) The basic manual covers how to use the WebGUI to configure your BCM50a Integrated Router. • WebG...

Preface 25 BCM50a Integrated Router Configuration — Advanced USA and Canada Authorized Distributors Technical Support - GNTS/GNPS Telephone: 1-800-4NORTEL (1-800-466-7835) If you already have a PIN Code, you can enter Express Routing Code (ERC) 196#. If you do not yet have a PIN Code, or for general...

29 BCM50a Integrated Router Configuration — Advanced Chapter 1Getting to know your BCM50a Integrated Router This chapter introduces the main features and applications of the BCM50a Integrated Router. Introducing the BCM50a Integrated Router The BCM50a Integrated Router is an ideal secure gateway for...

30 Chapter 1 Getting to know your BCM50a Integrated Router N0115791 Physical features High-speed Internet access Your BCM50a Integrated Router supports ADSL2+ (Asymmetrical Digital Subscriber Line) for high transmission speeds and long connection distances. ADSL standards • Multimode standard (ANSI ...

Chapter 1 Getting to know your BCM50a Integrated Router 31 BCM50a Integrated Router Configuration — Advanced • Extended-reach ADSL (ER ADSL) • SRA (Seamless Rate Adaptation) • Autonegotiating rate adaptation • ADSL physical connection ATM (Asynchronous Transfer Mode) AAL5 (Adaptation Layer type 5)· ...

32 Chapter 1 Getting to know your BCM50a Integrated Router N0115791 Autonegotiating 10/100 Mb/s Ethernet LAN The LAN interfaces automatically detect if they are on a 10 or a 100 Mb/s Ethernet. Autosensing 10/100 Mb/s Ethernet LAN The LAN interfaces automatically adjust to either a crossover or strai...

Chapter 1 Getting to know your BCM50a Integrated Router 33 BCM50a Integrated Router Configuration — Advanced Certificates The BCM50a Integrated Router can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. Certificates provide a way ...

34 Chapter 1 Getting to know your BCM50a Integrated Router N0115791 Content filtering The BCM50a Integrated Router can block web features such as ActiveX controls, Java applets, and cookies, as well as disable web proxies. The BCM50a Integrated Router can block specific URLs by using the keyword fea...

Chapter 1 Getting to know your BCM50a Integrated Router 35 BCM50a Integrated Router Configuration — Advanced IP Multicast The BCM50a Integrated Router can use IP multicast to deliver IP packets to a specific group of hosts. IGMP (Internet Group Management Protocol) is the protocol used to support mu...

36 Chapter 1 Getting to know your BCM50a Integrated Router N0115791 Traffic Redirect Traffic Redirect forwards WAN traffic to a backup gateway when the BCM50a Integrated Router cannot connect to the Internet, thus acting as an auxiliary backup when your regular WAN connection fails. Port Forwarding ...

Chapter 1 Getting to know your BCM50a Integrated Router 37 BCM50a Integrated Router Configuration — Advanced Upgrade BCM50a Integrated Router Firmware The firmware of the BCM50a Integrated Router can be upgraded manually through the WebGUI. Embedded FTP and TFTP Servers The embedded FTP and TFTP ser...

38 Chapter 1 Getting to know your BCM50a Integrated Router N0115791 Figure 1 Secure Internet Access and VPN Application Caution: Electro-static Discharge can disrupt the router. Use appropriate handling precautions to avoid ESD. Avoid touching the connectors on the router, particularly when it is in...

39 BCM50a Integrated Router Configuration — Advanced Chapter 2Introducing the SMT This chapter explains how to access the System Management Terminal and gives an overview of its menus. Introduction to the SMT T he BCM50a Integrated Router SMT (System Management Terminal) is a menu-driven interface t...

40 Chapter 2 Introducing the SMT N0115791 Type the username (“nnadmin “is the default) and press [ENTER] . The logon screen prompts you to enter the password. Figure 3 SMT Login Type the password (“PlsChgMe!” is the default) and press [ENTER] . As you type the password, the screen displays an X for ...

Chapter 2 Introducing the SMT 41 BCM50a Integrated Router Configuration — Advanced Main menu After you enter the password, the SMT displays the BCM50a Integrated Router Main Menu , as shown in Figure 4 . Not all models have all the features shown. Move the cursor [ENTER] or [UP] or [DOWN] arrow keys...

42 Chapter 2 Introducing the SMT N0115791 Figure 4 Main menu Table 3 describes the fields in Figure 4 . BCM50a Integrated Router Main Menu Getting Started Advanced Management 1. General Setup 2. WAN Setup3. LAN Setup 4. Internet Access Setup Advanced Applications11. Remote Node Setup 12. Static Rout...

Chapter 2 Introducing the SMT 43 BCM50a Integrated Router Configuration — Advanced Changing the system password To change the BCM50a Integrated Router administrator password:. 1 From the main menu, enter 23 to display Menu 23 – System Security . 2 Enter 1 to display Menu 23.1 – System Security – Cha...

44 Chapter 2 Introducing the SMT N0115791 SMT menus at a glance Figure 6 SMT overview

45 BCM50a Integrated Router Configuration — Advanced SMT menu 1 - general setup Introduction to general setup Menu 1 - general setup contains administrative and system-related information. Configuring general setup Enter 1 in the main menu to open Menu 1: general setup . The Menu 1 - General Setup s...

46 Chapter 2 SMT menu 1 - general setup N0115791 Table 4 describes the fields in Figure 7 . Table 4 General setup menu fields Field Description Example System name Choose a descriptive name for identification purposes. Nortel recommends you enter your computer name in this field. This name can be up...

48 Chapter 2 SMT menu 1 - general setup N0115791 Configuring dynamic DNS To configure Dynamic DNS, go to Menu 1: General Setup and press [SPACE BAR] to select Yes in the Edit Dynamic DNS field. Press [ENTER] to display Menu 1.1— Configure Dynamic DNS ( Figure 8 ). Not all models have every field sho...

Chapter 2 SMT menu 1 - general setup 49 BCM50a Integrated Router Configuration — Advanced Figure 8 Menu 1.1 – Configure Dynamic DNS Follow the instructions in Table 5 to configure Dynamic DNS parameters. Menu 1.1 - Configure Dynamic DNS Service Provider= WWW.DynDNS.ORG Active= No DDNS Type= DynamicD...

53 BCM50a Integrated Router Configuration — Advanced Chapter 3WAN Setup This chapter describes how to configure the WAN using Menu 2. Introduction to WAN setup This chapter explains how to configure the settings for your WAN port. WAN setup From the main menu, enter 2 to open Menu 2.

54 Chapter 3 WAN Setup N0115791 Figure 9 Menu 2 – WAN Setup Table 6 describes the fields in Figure 9 . Menu 2 - WAN Setup Route Selection: WAN Metric= 1 Traffic Redirect Metric= 14 Dial Backup Metric= N/A Edit Traffic Redirect= No Dial-Backup: Active= N/A Port Speed= N/A AT Command String: Init= N/A...

Chapter 3 WAN Setup 55 BCM50a Integrated Router Configuration — Advanced Traffic redirect setup Configure parameters that determine when the BCM50a Integrated Router forwards WAN traffic to the backup gateway using Menu 2.2 - Traffic Redirect Setup . Edit Traffic Redirect Press [SPACE BAR] to select...

56 Chapter 3 WAN Setup N0115791 Figure 10 Menu 2.2 – Traffic Redirect Setup Table 7 describes the fields in Figure 10 . Menu 2.2 - Traffic Redirect Setup Active= No Configuration: Backup Gateway IP Address= 0.0.0.0 Metric= 15 Press ENTER to Confirm or ESC to Cancel: Table 7 Menu 2.2 Traffic Redirect...

57 BCM50a Integrated Router Configuration — Advanced Chapter 4LAN setup This chapter describes how to configure the LAN using Menu 3: LAN Setup . Introduction to LAN setup This section describes how to configure the BCM50a Integrated Router for LAN connections. Accessing the LAN menus From the main ...

58 Chapter 4 LAN setup N0115791 Figure 12 Menu 3.1 – LAN Port Filter Setup TCP/IP and DHCP ethernet setup menu From the main menu, enter 3 to open Menu 3 - LAN Setup to configure TCP/IP (RFC 1155) and DHCP Ethernet setup. Figure 13 Menu 3 – LAN Setup From menu 3, select the submenu option TCP/IP and...

Chapter 4 LAN setup 59 BCM50a Integrated Router Configuration — Advanced Figure 14 Menu 3.2 – TCP/IP and DHCP Ethernet setup Menu 3.2 - TCP/IP and DHCP Ethernet Setup DHCP= Server TCP/IP Setup: Client IP Pool: Starting Address= 192.168.1.2 IP Address= 192.168.1.1 Size of Client IP Pool= 126 IP Subne...

60 Chapter 4 LAN setup N0115791 Size of Client IP Pool This field specifies the size or count of the IP address pool. 126 First DNS Server Second DNS Server Third DNS Server The BCM50a Integrated Router passes a DNS (Domain Name System) server IP address (in the order you specify here) to the DHCP c...

Chapter 4 LAN setup 61 BCM50a Integrated Router Configuration — Advanced Use the instructions in Table 9 to configure TCP/IP parameters for the LAN port. IP Alias Setup You must use menu 3.2 to configure the first network. Move the cursor to the Edit IP Alias field, press [SPACE BAR] to choose Yes a...

62 Chapter 4 LAN setup N0115791 Figure 15 Menu 3.2.1 – IP Alias setup Use the instructions in Table 10 to configure IP Alias parameters.s Menu 3.2.1 - IP Alias Setup IP Alias 1= No IP Address= N/A IP Subnet Mask= N/A RIP Direction= N/A Version= N/A Incoming protocol filters= N/A Outgoing protocol fi...

65 BCM50a Integrated Router Configuration — Advanced Chapter 5Internet access This chapter shows you how to configure your BCM50a Integrated Router for Internet access. Internet access configuration Using Menu 4 you can enter the Internet Access information in one screen. Menu 4 is actually a simpli...

66 Chapter 5 Internet access N0115791 Figure 16 Menu 4 – Internet Access Setup Table 11 describes the fields in Figure 16 . Menu 4 - Internet Access Setup ISP's Name= ChangeMeEncapsulation= ENET ENCAPMultiplexing= LLC-basedVPI #= 8VCI #= 35My Login= N/AMy Password= N/AENET ENCAP Gateway= N/AIP Addre...

Chapter 5 Internet access 67 BCM50a Integrated Router Configuration — Advanced Basic setup complete You have successfully connected, installed, and set up your BCM50a Integrated Router to operate on your network, as well as access the Internet. If all your settings are correct, your BCM50a Integrate...

69 BCM50a Integrated Router Configuration — Advanced Chapter 6Remote Node setup This chapter shows you how to configure a remote node. Introduction to Remote Node setup This section describes the protocol-independent parameters for a remote node. A remote node is required for placing calls to a remo...

70 Chapter 6 Remote Node setup N0115791 Nailed-Up Connection A nailed-up connection is a dial-up line where the connection is always up regardless of traffic demand. The BCM50a Integrated Router does two things when you specify a nailed-up connection. The first is that idle timeout is disabled. The ...

Chapter 6 Remote Node setup 71 BCM50a Integrated Router Configuration — Advanced Figure 17 Menu 11 – Remote Node Setup Encapsulation and Multiplexing scenarios For Internet access you should use the encapsulation and multiplexing methods used by your ISP. Consult your telephone company for informati...

72 Chapter 6 Remote Node setup N0115791 Selecting RFC-1483 encapsulation with VC-based multiplexing requires the least amount of overhead (0 octets). However, if there is a potential need for multiple protocol support in the future, it may be safer to select PPPoA encapsulation instead of RFC-1483 ,...

74 Chapter 6 Remote Node setup N0115791 Edit IP/Bridge 1 For the TCP/IP parameters, perform the following steps to edit Menu 11.3 – Remote Node Network Layer Options as shown next. Edit ATM Options Press [SPACE BAR] to select Yes and press [ENTER] to display Menu 11.6 – Remote Node ATM Layer Options...

Chapter 6 Remote Node setup 75 BCM50a Integrated Router Configuration — Advanced 2 In menu 11.1, make sure IP is among the protocols in the Route field. 3 Move the cursor to the Edit IP/Bridge field, press [ SPACE BAR ] to select Yes, then press [ENTER] to display Menu 11.3 – Remote Node Network Lay...

Chapter 6 Remote Node setup 77 BCM50a Integrated Router Configuration — Advanced Remote Node filter Move the cursor to the field Edit Filter Sets in menu 11.1, and then press [SPACE BAR] to set the value to Yes . Press [ENTER] to open Menu 11.1.4- Remote Node Filter . Use menu 11.1.4 to specify the ...

78 Chapter 6 Remote Node setup N0115791 Figure 20 Menu 11.1.4 – Remote Node Filter (Ethernet Encapsulation) Figure 21 Menu 11.1.4 – Remote Node Filter (PPPoE or PPPoA Encapsulation) To configure the parameters for traffic redirect, see “Traffic redirect setup” on page 55 . Menu 11.1.4 - Remote Node ...

Chapter 6 Remote Node setup 79 BCM50a Integrated Router Configuration — Advanced Editing ATM Layer Options Follow the steps shown next to edit Menu 11.6 – Remote Node ATM Layer Options . In menu 11.1, move the cursor to the Edit ATM Options field and then press [SPACE BAR] to select Yes . Press [ENT...

80 Chapter 6 Remote Node setup N0115791 Figure 23 Menu 11.6 for LLC-based Multiplexing or PPP Encapsulation In this case, only one set of VPI and VCI numbers need be specified for all protocols. The valid range for the VPI is 0 to 255 and for the VCI is 32 to 65535 (1 to 31 is reserved for local man...

Chapter 6 Remote Node setup 81 BCM50a Integrated Router Configuration — Advanced Move the cursor to the Edit Advance Options field, press [SPACE BAR] to select Yes , then press [ENTER] to display Menu 11.8 – Advance Setup Options . Figure 25 Menu 11.8 – Advance Setup Options Table 14 describes the f...

83 BCM50a Integrated Router Configuration — Advanced Chapter 7IP Static Route Setup This chapter shows you how to configure static routes with your BCM50a Integrated Router. IP Static Route Setup Enter 12 from the main menu. Select one of the IP static routes as shown in Figure 26 to configure IP st...

Chapter 7 IP Static Route Setup 85 BCM50a Integrated Router Configuration — Advanced Figure 27 Menu 12.1 – Edit IP Static Route Table 15 describes the fields in Figure 27 . Menu 12.1 - Edit IP Static Route Route #: 1Route Name= ?Active= NoDestination IP Address= ?IP Subnet Mask= ?Gateway IP Address=...

87 BCM50a Integrated Router Configuration — Advanced Chapter 8Dial-in User Setup This chapter shows you how to create user accounts on the BCM50a Integrated Router. Dial-in User Setup By storing user profiles locally, your BCM50a Integrated Router can authenticate users without interacting with a ne...

88 Chapter 8 Dial-in User Setup N0115791 Figure 29 Menu 14.1 – Edit Dial-in User Table 16 describes the fields in Figure 29 . Menu 14.1 - Edit Dial-in User User Name= testActive= YesPassword= ********Press ENTER to Confirm or ESC to Cancel:Leave name field blank to delete profile Table 16 Menu 14.1-...

89 BCM50a Integrated Router Configuration — Advanced Chapter 9Network Address Translation (NAT) This chapter discusses how to configure NAT on the BCM50a Integrated Router. Using NAT SUA (Single User Account) Versus NAT SUA (Single User Account) is an implementation of a subset of NAT that supports ...

92 Chapter 9 Network Address Translation (NAT) N0115791 NAT setup Use the address mapping sets menus and submenus to create the mapping table used to assign global addresses to computers on the LAN. You can see two NAT address mapping sets in menu 15.1. You can only configure Set 1 . Set 255 is used...

Chapter 9 Network Address Translation (NAT) 93 BCM50a Integrated Router Configuration — Advanced Figure 33 Menu 15.1 – Address Mapping Sets SUA Address Mapping Set Enter 255 to display the screen shown in Figure 34 (see “SUA (Single User Account) Versus NAT” on page 89 ) . The fields in this menu ca...

94 Chapter 9 Network Address Translation (NAT) N0115791 Figure 34 Menu 15.1.255 – SUA Address Mapping Rules Table 18 explains the fields in Figure 34 . Menu 15.1.255 - Address Mapping Rules Set Name= SUA Idx Local Start IP Local End IP Global Start IP Global End IP Type --- --------------- ---------...

Chapter 9 Network Address Translation (NAT) 95 BCM50a Integrated Router Configuration — Advanced User-Defined Address Mapping Sets Go to menu 15.1. Enter 1 to bring up the menu shown in figure below. Look at the differences from the previous menu. Note the extra Action and Select Rule fields means y...

96 Chapter 9 Network Address Translation (NAT) N0115791 Figure 35 Menu 15.1.1: First Set Ordering your rules Ordering your rules is important because the BCM50a Integrated Router applies the rules in the order that you specify. When a rule matches the current packet, the BCM50a Integrated Router tak...

Chapter 9 Network Address Translation (NAT) 99 BCM50a Integrated Router Configuration — Advanced Configuring a server behind NAT Note: If you do not assign a Default Server IP address, the BCM50a Integrated Router discards all packets received for ports that are not specified here or in the remote m...

100 Chapter 9 Network Address Translation (NAT) N0115791 Figure 37 Menu 15.2 – NAT Server Sets 3 Select Edit Rule in the Select Command field; type the index number of the NAT server you want to configure in the Select Rule field and press [ENTER] to open Menu 15.2.1 - NAT Server Configuration (see ...

Chapter 9 Network Address Translation (NAT) 101 BCM50a Integrated Router Configuration — Advanced Figure 38 15.2.1 – NAT Server Configuration 15.2.1 - NAT Server Configuration Index= 1 ----------------------------------------------------------------- Name= Active= No Start port= 0 End port= 0 IP Add...

102 Chapter 9 Network Address Translation (NAT) N0115791 5 Enter the inside IP address of the server in the IP Address field. In the following figure, you have a computer acting as an FTP, Telnet and SMTP server (ports 21, 23 and 25) at 192.168.1.33. 6 Press [ENTER] at the “Press ENTER to confirm …”...

Chapter 9 Network Address Translation (NAT) 103 BCM50a Integrated Router Configuration — Advanced Figure 40 Multiple servers behind NAT example General NAT examples The following are some examples of NAT configuration. Internet access only In the Internet access example shown in Figure 41 , you only...

104 Chapter 9 Network Address Translation (NAT) N0115791 Figure 41 NAT Example 1 Figure 42 Menu 4: Internet access & NAT example From menu 4 shown above, simply choose the SUA Only option from the Network Address Translation field. This is the Many-to-One mapping discussed in section “General NA...

Chapter 9 Network Address Translation (NAT) 105 BCM50a Integrated Router Configuration — Advanced Example 2: Internet access with an inside server Figure 43 NAT Example 2 In this case, you do exactly as shown in Figure 43 (use the convenient pre-configured SUA Only set), and also go to menu 15.2 to ...

106 Chapter 9 Network Address Translation (NAT) N0115791 Figure 44 Menu 15.2: Specifying an inside server Example 3: Multiple public IP addresses with inside servers In this example, there are 3 IGAs from our ISP. There are many departments but two have their own FTP server. All departments share th...

108 Chapter 9 Network Address Translation (NAT) N0115791 Figure 46 Example 3: Menu 11.3 Figure 47 shows how to configure the first rule. Menu 11.3 - Remote Node Network Layer Options IP Options: Bridge Options: IP Address Assignment = Dynamic Ethernet Addr Timeout(min)= N/A Rem IP Addr = 0.0.0.0 Rem...

110 Chapter 9 Network Address Translation (NAT) N0115791 Figure 48 Example 3: Final Menu 15.1.1 Now configure the IGA3 to map to our web server and mail server on the LAN. 8 Enter 15 from the main menu. 9 Now enter 2 from this menu and configure it as shown in Example 3: Menu 15.2. Menu 15.1.1 - Add...

Chapter 9 Network Address Translation (NAT) 111 BCM50a Integrated Router Configuration — Advanced Figure 49 Example 3: Menu 15.2 Configuring Trigger Port forwarding Enter 3 in menu 15 to display Menu 15.3 — Trigger Port Setup , shown in Figure 50 . Menu 15.2 - NAT Server Setup Default Server: 0.0.0....

112 Chapter 9 Network Address Translation (NAT) N0115791 Figure 50 Menu 15.3 – Trigger Port Setup Table 22 describes the fields in Figure 50 . Menu 15.3 - Trigger Port Setup Incoming Trigger Rule Name Start Port End Port Start Port End Port -----------------------------------------------------------...

115 BCM50a Integrated Router Configuration — Advanced Chapter 10Introducing the firewall This chapter shows you how to get started with the firewall. Using SMT menus From the main menu enter 21 to go to Menu 21 - Filter Set and Firewall Configuration to display the screen shown in Figure 51 . Figure...

116 Chapter 10 Introducing the firewall N0115791 Figure 52 Menu 21.2 – Firewall Setup Menu 21.2 - Firewall Setup The firewall protects against Denial of Service (DoS) attacks when it is active. Your network is vulnerable to attacks when the firewall is turned off. Refer to the User’s Guide for detai...

117 BCM50a Integrated Router Configuration — Advanced Chapter 11Filter configuration This chapter shows you how to create and apply filters. Introduction to filters Your BCM50a Integrated Router uses filters to decide whether to allow passage of a data packet, make a call, or both. There are two typ...

118 Chapter 11 Filter configuration N0115791 Figure 53 Outgoing packet filtering process For incoming packets, your BCM50a Integrated Router applies data filters only. Packets are processed depending upon whether a match is found. The following sections describe how to configure filter sets. Filter ...

Chapter 11 Filter configuration 119 BCM50a Integrated Router Configuration — Advanced Figure 54 Filter rule process You can apply up to four filter sets to a particular port to block multiple types of packets. With each filter set having up to six rules, you can have a maximum of 24 rules active for...

120 Chapter 11 Filter configuration N0115791 Configuring a Filter Set The BCM50a Integrated Router includes filtering for NetBIOS over TCP/IP packets by default. To configure another filter set, follow the procedure below. 1 Enter 21 in the main menu to open menu 21. Figure 55 Menu 21 – Filter and F...

Chapter 11 Filter configuration 121 BCM50a Integrated Router Configuration — Advanced Figure 56 Menu 21.1– Filter Set Configuration 3 Select the filter set you wish to configure (1-12) and press [ENTER] . 4 Enter a descriptive name or comment in the Edit Comments field and press [ENTER] . 5 Press [E...

Chapter 11 Filter configuration 123 BCM50a Integrated Router Configuration — Advanced Configuring a Filter Rule To configure a filter rule, type its number in Menu 21.1.1 - Filter Rules Summary and press [ENTER] to open menu 21.1.1.1 for the rule. To speed up filtering, all rules in a filter set mus...

124 Chapter 11 Filter configuration N0115791 Figure 57 Menu 21.1.1.1 – TCP/IP Filter Rule Table 25 describes how to configure your TCP/IP filter rule. Menu 21.1.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 0 IP Source Route= No Destination: IP Addr=...

126 Chapter 11 Filter configuration N0115791 Figure 58 illustrates the logic flow of an IP filter. Action Matched Press [SPACE BAR] and then [ENTER] to select the action for a matching packet. Check Next RuleForwardDrop Action Not Matched Press [SPACE BAR] and then [ENTER] to select the action for a...

128 Chapter 11 Filter configuration N0115791 Configuring a Generic Filter Rule This section shows you how to configure a generic filter rule. With generic rules you can filter non-IP packets. For IP packets, it is generally easier to use the IP rules directly. For generic rules, the BCM50a Integrate...

Chapter 11 Filter configuration 129 BCM50a Integrated Router Configuration — Advanced Figure 59 Menu 21.1.1.1 – Generic Filter Rule Table 26 describes the fields in the Generic Filter Rule menu. Menu 21.1.1.1 - Generic Filter Rule Filter #: 2,3 Filter Type= Generic Filter Rule Active= No Offset= 0 L...

130 Chapter 11 Filter configuration N0115791 Example Filter The example shown in Figure 60 is set to block outside users from accessing the BCM50a Integrated Router via Telnet. See the included disk for more Filter Rules example. Value Enter the value (in Hexadecimal notation) to compare with the da...

Chapter 11 Filter configuration 133 BCM50a Integrated Router Configuration — Advanced Figure 62 Example Filter Rules Summary: Menu 21.1.3 After you have created the filter set, you must apply it. 1 Enter 11 from the main menu to go to menu 11. 2 Then enter 1 to open Menu 11.1 Remote Node Profile . 3...

134 Chapter 11 Filter configuration N0115791 are replaced on a connection-by-connection basis, which makes it impossible to know the exact address and port on the wire. Therefore, the BCM50a Integrated Router applies the protocol filters to the native IP address and port number before NAT for outgoi...

Chapter 11 Filter configuration 135 BCM50a Integrated Router Configuration — Advanced Applying LAN Filters LAN traffic filter sets are useful to block certain packets, reduce traffic and prevent security breaches. Go to menu 3.1 (shown next) and enter the numbers of the filter sets that you want to ...

137 BCM50a Integrated Router Configuration — Advanced Chapter 12SNMP Configuration This chapter explains SNMP configuration menu 22. SNMP Configuration To configure SNMP, enter 22 from the main menu to display Menu 22 - SNMP Configuration as shown next. The community for Get , Set and Trap fields is...

138 Chapter 12 SNMP Configuration N0115791 Figure 66 Menu 22 – SNMP Configuration Table 27 describes the SNMP configuration parameters. Menu 22 - SNMP Configuration SNMP: Get Community= Set Community= Trusted Host= 0.0.0.0 Trap: Community= Destination= 0.0.0.0 Press ENTER to Confirm or ESC to Cancel...

Chapter 12 SNMP Configuration 139 BCM50a Integrated Router Configuration — Advanced SNMP Traps The BCM50a Integrated Router will sends traps to the SNMP manager when any one of the following events occurs: Table 28 SNMP Traps Trap # Trap Name Description 0 coldStart (defined in RFC-1215 ) A trap is ...

141 BCM50a Integrated Router Configuration — Advanced Chapter 13System security This chapter describes how to configure the system security on the BCM50a Integrated Router. System security You can configure the system password, an external RADIUS server and 802.1x in this menu. System password Figur...

142 Chapter 13 System security N0115791 Configuring external RADIUS server Enter 23 in the main menu to display Menu 23 – System security . Figure 68 Menu 23 – System Security From Menu 23- System Security , enter 2 to display Menu 23.2 – System Security – RADIUS Server, as shown in Figure 69 . Figu...

145 BCM50a Integrated Router Configuration — Advanced Chapter 14System information and diagnosis This chapter covers SMT menus 24.1 to 24.4. Introduction to System Status This chapter covers the diagnostic tools that help you to maintain your BCM50a Integrated Router. These tools include updates on ...

146 Chapter 14 System information and diagnosis N0115791 Figure 70 Menu 24 – System Maintenance System Status The first selection, System Status, gives you information on the version of your system firmware and the status and statistics of the ports, as shown in the next figure. System Status is a t...

Chapter 14 System information and diagnosis 147 BCM50a Integrated Router Configuration — Advanced 3 There are three commands in Menu 24.1 - System Maintenance - Status . Entering 1 drops the WAN connection, 9 resets the counters and [ESC] takes you back to the previous screen. Table 30 describes the...

148 Chapter 14 System information and diagnosis N0115791 System information and console port speed With your system you can choose different console port speeds. To get to the System Information and Console Port Speed. 1 Enter 24 to go to Menu 24 – System Maintenance . 2 Enter 2 to open Menu 24.2 - ...

Chapter 14 System information and diagnosis 149 BCM50a Integrated Router Configuration — Advanced Figure 72 System Information and Console Port Speed System Information System Information gives you information about your system, as shown in Figure 73 . More specifically, it gives you information on ...

Chapter 14 System information and diagnosis 151 BCM50a Integrated Router Configuration — Advanced Console port speed You can change the speed of the console port through Menu 24.2.2 – Console Port Speed . Your BCM50a Integrated Router supports 9 600 (default), 19 200, 38 400, 57 600, and 115 200 b/s...

152 Chapter 14 System information and diagnosis N0115791 Figure 75 Menu 24.3 – System Maintenance: Log and Trace Syslog logging The BCM50a Integrated Router uses the syslog facility to log the CDR (Call Detail Record) and system messages to a syslog server. Syslog and accounting can be configured in...

Chapter 14 System information and diagnosis 153 BCM50a Integrated Router Configuration — Advanced Your BCM50a Integrated Router sends five types of syslog messages. Some examples of these syslog messages with their message formats are shown next: CDR Syslog Server IP Address Enter the IP Address of ...

154 Chapter 14 System information and diagnosis N0115791 Packet triggered Filter log Packet triggered Message Format SdcmdSyslogSend( SYSLOG_PKTTRI, SYSLOG_NOTICE, String ); String = Packet trigger: Protocol=xx Data=xxxxxxxxxx…..x Protocol: (1:IP 2:IPX 3:IPXHC 4:BPDU 5:ATALK 6:IPNG) Data: We will se...

Chapter 14 System information and diagnosis 155 BCM50a Integrated Router Configuration — Advanced PPP log spo: Source port dpo: Destination portMar 03 10:39:43 202.132.155.97 RAS: GEN[fffffffffffnordff0080] }S05>R01mFMar 03 10:41:29 202.132.155.97 RAS: GEN[00a0c5f502fnord010080] }S05>R01mFMar ...

156 Chapter 14 System information and diagnosis N0115791 Firewall log Call-Triggering packet Call-Triggering Packet displays information about the packet that triggered a dial-out call in an easily readable format. Equivalent information is available in menu 24.1 in hex format. An example is shown i...

158 Chapter 14 System information and diagnosis N0115791 Follow the procedure below to get to Menu 24.4 - System Maintenance – Diagnostic. 1 From the main menu, select option 24 to open Menu 24 - System Maintenance . 2 From this menu, select option 4. Diagnostic. This opens Menu 24.4 - System Mainte...

Chapter 14 System information and diagnosis 159 BCM50a Integrated Router Configuration — Advanced Figure 79 WAN & LAN DHCP Table 33 describes the diagnostic tests available in menu 24.4 for your BCM50a Integrated Router and associated connections. Table 33 System Maintenance menu diagnostic Fiel...

161 BCM50a Integrated Router Configuration — Advanced Chapter 15Firmware and configuration file maintenance This chapter tells you how to backup and restore your configuration file, as well as upload new firmware and configuration files. Filename conventions The configuration file (often called the ...

162 Chapter 15 Firmware and configuration file maintenance N0115791 If your (T)FTP client does not allow you to have a destination filename different than the source, you must rename the firmware and config file names as the BCM50a Integrated Router only recognizes rom-0 and ras. Be sure you keep un...

Chapter 15 Firmware and configuration file maintenance 163 BCM50a Integrated Router Configuration — Advanced Backup configuration Follow the instructions as shown in Menu 24.5 ( Figure 80 ). Figure 80 Menu 24.5 – System Maintenance – Backup Configuration Using the FTP command from the command line 1...

164 Chapter 15 Firmware and configuration file maintenance N0115791 Example of FTP commands from the command line Figure 81 FTP Session Example GUI-based FTP clients Table 35 describes some of the commands that you can see in GUI-based FTP clients. TFTP and FTP over WAN Management Limitations TFTP, ...

Chapter 15 Firmware and configuration file maintenance 165 BCM50a Integrated Router Configuration — Advanced • You disable Telnet service in menu 24.11. • You apply a filter in menu 3.1 (LAN) or in menu 11.1.4 (WAN) to block Telnet service. • The IP address in the Secured Client IP field in menu 24....

166 Chapter 15 Firmware and configuration file maintenance N0115791 5 Use the TFTP client (see the example below) to transfer files between the BCM50a Integrated Router and the computer. The file name for the configuration file is “rom-0” (rom-zero, not capital o). TFTP command example The following...

Chapter 15 Firmware and configuration file maintenance 167 BCM50a Integrated Router Configuration — Advanced Refer to Chapter 17, “Remote Management,” on page 185 for information about configurations that disallow TFTP and FTP over WAN. Restore configuration This section shows you how to restore a p...

168 Chapter 15 Firmware and configuration file maintenance N0115791 Figure 82 Telnet into Menu 24.6 1 Launch the FTP client on your computer. 2 Enter open , followed by a space and the IP address of your BCM50a Integrated Router. 3 Press [ENTER] when prompted for a username. 4 Enter your password as...

Chapter 15 Firmware and configuration file maintenance 169 BCM50a Integrated Router Configuration — Advanced Restore using FTP session example Figure 83 Restore using FTP session example Refer to Chapter 17, “Remote Management,” on page 185 to read about configurations that disallow TFTP and FTP ove...

170 Chapter 15 Firmware and configuration file maintenance N0115791 Figure 84 Telnet Into Menu 24.7.1 Upload System Firmware Configuration file upload The screen shown in Figure 85 appears when you access menu 24.7.2 via Telnet. Figure 85 Telnet Into Menu 24.7.2 System Maintenance Menu 24.7.1 - Syst...

Chapter 15 Firmware and configuration file maintenance 171 BCM50a Integrated Router Configuration — Advanced To upload the firmware and the configuration files, follow the examples in the rest of this chapter: FTP file upload command from the DOS prompt example 1 Launch the FTP client on your comput...

172 Chapter 15 Firmware and configuration file maintenance N0115791 FTP Session Example of Firmware File Upload Figure 86 FTP Session Example of Firmware File Upload More commands (found in GUI-based FTP clients) are listed earlier in this chapter. Refer to the “Remote Management” on page 185 sectio...

Chapter 15 Firmware and configuration file maintenance 173 BCM50a Integrated Router Configuration — Advanced 5 Launch the TFTP client on your computer and connect to the BCM50a Integrated Router. Set the transfer mode to binary before starting data transfer. 6 Use the TFTP client (see the example be...

175 BCM50a Integrated Router Configuration — Advanced Chapter 16System Maintenance menus 8 to 10 This chapter leads you through SMT menus 24.8 to 24.10. Command Interpreter mode The Command Interpreter (CI) is a part of the main router firmware. The CI provides much of the same functionality as the ...

176 Chapter 16 System Maintenance menus 8 to 10 N0115791 Figure 87 Command mode in Menu 24 Command syntax The command keywords are in Courier New font. Enter the command keywords exactly as shown, do not abbreviate. The required fields in a command are enclosed in angle brackets <>. The option...

Chapter 16 System Maintenance menus 8 to 10 177 BCM50a Integrated Router Configuration — Advanced means that you must specify the type of netbios filter and whether to turn it on or off. Command usage A list of commands can be found by typing “help” or “?” at the command prompt. Always type the full...

178 Chapter 16 System Maintenance menus 8 to 10 N0115791 Figure 88 Call Control Budget management Menu 24.9.1 shows the budget management statistics for outgoing calls. Enter 1 from Menu 24.9 - System Maintenance - Call Control to bring up the Budget Management menu ( Figure 89 ). Menu 24.9 - System...

180 Chapter 16 System Maintenance menus 8 to 10 N0115791 Call History This is the second option in Menu 24.9 - System Maintenance - Call Control . It displays information about past incoming and outgoing calls. Enter 2 from Menu 24.9 - System Maintenance - Call Control . Figure 90 Call History Table...

Chapter 16 System Maintenance menus 8 to 10 181 BCM50a Integrated Router Configuration — Advanced Time and Date setting There is a software mechanism to set the time manually or get the current time and date from an external server when you turn on your BCM50a Integrated Router. With Menu 24.10, you...

182 Chapter 16 System Maintenance menus 8 to 10 N0115791 Figure 92 Menu 24.10 System Maintenance: Time and Date Setting Table 39 describes the fields in Figure 92 . Menu 24.10 - System Maintenance - Time and Date Setting Time Protocol= NTP (RFC-1305) Time Server Address= a.ntp.alphazed.net Current T...

184 Chapter 16 System Maintenance menus 8 to 10 N0115791 Resetting the Time The BCM50a Integrated Router resets the time in three instances: • After you make changes to and leave menu 24.10 • After starting up the BCM50a Integrated Router starts up, if a time server configured in menu 24.10 • After ...

185 BCM50a Integrated Router Configuration — Advanced Chapter 17Remote Management This chapter covers remote management found in SMT menu 24.11. Remote Management With remote management, you can determine which services and protocols can access which BCM50a Integrated Router interface (if any) from ...

186 Chapter 17 Remote Management N0115791 Figure 93 Menu 24.11 – Remote Management Control Table 40 describes the fields in Figure 93 . Menu 24.11 - Remote Management Control TELNET Server: Port = 23 Access = Disable Secure Client IP = 0.0.0.0 FTP Server: Port = 21 Access = Disable Secure Client IP ...

Chapter 17 Remote Management 187 BCM50a Integrated Router Configuration — Advanced Remote Management Limitations Remote management over LAN or WAN does not work when: 1 A filter in menu 3.1 (LAN) or in menu 11.1.4 (WAN) is applied to block a Telnet, FTP, or Web service. 2 You disable that service in...

189 BCM50a Integrated Router Configuration — Advanced Chapter 18Call scheduling Using call scheduling (applicable only for PPPoA or PPPoE encapsulation), you can dictate when a remote node is called and for how long. Introduction Using the call scheduling feature, the BCM50a Integrated Router can ma...

190 Chapter 18 Call scheduling N0115791 Lower numbered sets take precedence over higher numbered sets, thereby avoiding scheduling conflicts. For example, if sets 1, 2, 3, and 4 are applied in the remote node then set 1 takes precedence over sets 2, 3, and 4 as the BCM50a Integrated Router, by defau...

Chapter 18 Call scheduling 191 BCM50a Integrated Router Configuration — Advanced If a connection is already established, your BCM50a Integrated Router does not drop it. After the connection is dropped manually or it times out, then that remote node cannot be triggered until the end of the Duration ....

192 Chapter 18 Call scheduling N0115791 After you configure your schedule sets, you must apply them to the desired remote nodes. Enter 11 from the Main Menu and then enter the target remote node index. Using [SPACE BAR] , select PPPoE or PPPoA in the Encapsulation field and then press [ENTER] to mak...

193 BCM50a Integrated Router Configuration — Advanced Appendix ASetting up your computer IP address All computers must have a 10M or 100M Ethernet adapter card and TCP/IP installed. Windows 95/98/Me/NT/2000/XP, and Macintosh OS 7 and later operating systems and all versions of UNIX/LINUX include the...

194 Appendix A Setting up your computer IP address N0115791 Figure 97 WIndows 95/98/Me: network: configuration Installing components The Network window Configuration tab displays a list of installed components. You need a network adapter, the TCP/IP protocol and Client for Microsoft Networks. If you...

Appendix A Setting up your computer IP address 195 BCM50a Integrated Router Configuration — Advanced a Click Add . b Select Client and click Add . c Select Microsoft from the list of manufacturers. d Select Client for Microsoft Networks from the list of network clients and click OK . e Restart your ...

196 Appendix A Setting up your computer IP address N0115791 — If you know your DNS information, select Enable DNS and type the information in the fields below (you do not need to fill them all in). Figure 99 Windows 95/98/Me: TCP/IP Properties: DNS configuration 4 Click the Gateway tab. — If you do ...

Appendix A Setting up your computer IP address 197 BCM50a Integrated Router Configuration — Advanced Windows 2000/NT/XP 1 For Windows XP, click Start , Control Panel . In Windows 2000/NT, click Start , Settings , Control Panel . Figure 100 Windows XP: Start menu 2 For Windows XP, click Network Conne...

198 Appendix A Setting up your computer IP address N0115791 3 Right-click Local Area Connection and then click Properties . Figure 102 Windows XP: Control Panel: Network Connections: Properties 4 Select Internet Protocol (TCP/IP) (under the General tab in Win XP) and click Properties . Figure 103 Wi...

Appendix A Setting up your computer IP address 203 BCM50a Integrated Router Configuration — Advanced Macintosh OS X 1 Click the Apple menu, and click System Preferences to open the System Preferences window. Figure 108 Macintosh OS X: Apple menu 2 Click Network in the icon bar. — Select Automatic fr...

204 Appendix A Setting up your computer IP address N0115791 4 For statically assigned settings, do the following: — From the Configure box, select Manually . — Type your IP address in the IP Address box. — Type your subnet mask in the Subnet mask box. — Type the IP address of your BCM50a Integrated ...

205 BCM50a Integrated Router Configuration — Advanced Appendix BTriangle Route The Ideal Setup When the firewall is on, your BCM50a Integrated Router acts as a secure gateway between your LAN and the Internet. In an ideal network topology, all incoming and outgoing network traffic passes through the...

206 Appendix B Triangle Route N0115791 1 A computer on the LAN initiates a connection by sending out a SYN packet to a receiving server on the WAN. 2 The BCM50a Integrated Router reroutes the SYN packet through Gateway B on the LAN to the WAN. 3 The reply from the WAN goes directly to the computer o...

Appendix B Triangle Route 207 BCM50a Integrated Router Configuration — Advanced 2 The BCM50a Integrated Router reroutes the packet to Gateway B, which is in Subnet 2. 3 The reply from WAN goes to the BCM50a Integrated Router. 4 The BCM50a Integrated Router ends the response to the computer in Subnet...

209 BCM50a Integrated Router Configuration — Advanced Appendix CImporting certificates This appendix shows examples for importing certificates. Import BCM50a Integrated Router certificates into Netscape Navigator In Netscape Navigator, you can permanently trust the BCM50a Integrated Router server ce...

210 Appendix C Importing certificates N0115791 Importing the BCM50a Integrated Router Certificate into Internet Explorer For Internet Explorer to trust a self-signed certificate from the BCM50a Integrated Router, simply import the self-signed certificate into your operating system as a trusted certi...

Appendix C Importing certificates 211 BCM50a Integrated Router Configuration — Advanced 2 Click Install Certificate to open the Install Certificate wizard. Figure 115 Certificate General Information before Import

212 Appendix C Importing certificates N0115791 3 Click Next to begin the Install Certificate wizard. Figure 116 Certificate Import Wizard 1

Appendix C Importing certificates 213 BCM50a Integrated Router Configuration — Advanced 4 Select where you want to store the certificate and click Next . Figure 117 Certificate Import Wizard 2

214 Appendix C Importing certificates N0115791 5 Click Finish to complete the Import Certificate wizard. Figure 118 Certificate Import Wizard 3 6 Click Yes to add the BCM50a Integrated Router certificate to the root store. Figure 119 Root Certificate Store

Appendix C Importing certificates 215 BCM50a Integrated Router Configuration — Advanced Figure 120 Certificate General Information after Import Enrolling and Importing SSL Client Certificates The SSL client needs a certificate if Authenticate Client Certificates is selected on the BCM50a Integrated ...

Appendix C Importing certificates 217 BCM50a Integrated Router Configuration — Advanced Installing the CA’s certificate 1 Double click the CA’s trusted certificate to produce a screen similar to the one shown in Figure 122 . Figure 122 CA certificate example 2 Click Install Certificate and follow th...

218 Appendix C Importing certificates N0115791 1 Click Next to begin the wizard. Figure 123 Personal certificate import wizard 1

Appendix C Importing certificates 219 BCM50a Integrated Router Configuration — Advanced 2 The file name and path of the certificate you double-clicked automatically appears in the File name text box. Click Browse if you wish to import a different certificate. Figure 124 Personal certificate import w...

220 Appendix C Importing certificates N0115791 3 Enter the password given to you by the CA. Figure 125 Personal certificate import wizard 3

Appendix C Importing certificates 221 BCM50a Integrated Router Configuration — Advanced 4 Have the wizard determine where the certificate should be saved on your computer or select Place all certificates in the following store and choose a different location. Figure 126 Personal certificate import w...

222 Appendix C Importing certificates N0115791 5 Click Finish to complete the wizard and begin the import process. Figure 127 Personal certificate import wizard 5 6 Figure 128 shows the screen that appears when the certificate is correctly installed on your computer. Figure 128 Personal certificate ...

Appendix C Importing certificates 223 BCM50a Integrated Router Configuration — Advanced Using a certificate when accessing the BCM50a Integrated Router example Use the following procedure to access the BCM50a Integrated Router via HTTPS. 1 Enter https://BCM50a Integrated Router IP Address/ in your b...

224 Appendix C Importing certificates N0115791 3 The BCM50a Integrated Router login screen appears. Figure 131 BCM50a Integrated Router secure login screen

225 BCM50a Integrated Router Configuration — Advanced Appendix DPPPoE PPPoE in action An ADSL modem bridges a PPP session over Ethernet (PPP over Ethernet, RFC 2516) from your PC to an ATM PVC (Permanent Virtual Circuit), which connects to a DSL Access Concentrator where the PPP session terminates (...

226 Appendix D PPPoE N0115791 Figure 132 Single-PC per router hardware configuration How PPPoE works The PPPoE driver makes the Ethernet appear as a serial link to the PC and the PC runs PPP over the Ethernet, while the modem bridges the Ethernet frames to the Access Concentrator (AC). Between the A...

229 BCM50a Integrated Router Configuration — Advanced Appendix EHardware specifications Cable pin assignments Figure 134 Ethernet cable pin assignments Table 42 General specifications Power Specification I/P AC 100~240V 50/60Hz; O/P DC 18V 1.1A MTBF 266997 hrs (Mean Time Between Failures) Operation ...

231 BCM50a Integrated Router Configuration — Advanced Appendix FIP subnetting IP addressing Routers route based on the network number. The router that delivers the data packet to the correct destination host uses the host ID. IP classes An IP address is made up of four octets (eight bits), written i...

232 Appendix F IP subnetting N0115791 Therefore: A class C network (8 host bits) can have 2 8 –2 or 254 hosts. A class B address (16 host bits) can have 2 16 –2 or 65 534 hosts. A class A address (24 host bits) can have 2 24 –2 hosts (approximately 16 million hosts). Since the first octet of a class...

Appendix F IP subnetting 233 BCM50a Integrated Router Configuration — Advanced Subnet masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask contains 32 bits. If there is a 1 in the bit...

234 Appendix F IP subnetting N0115791 Table 46 shows all possible subnet masks for a class C address using both notations. The first mask shown is the class C natural mask. Normally, if no mask is specified, it is understood that the natural mask is being used. Example: two subnets As an example, yo...

Appendix F IP subnetting 235 BCM50a Integrated Router Configuration — Advanced Divide the network 192.168.1.0 into two separate subnets by converting one of the host ID bits of the IP address to a network number bit. The borrowed host ID bit can be either 0 or 1, thus giving two subnets; 192.168.1.0...

236 Appendix F IP subnetting N0115791 192.168.1.0 with mask 255.255.255.128 is the subnet itself, and 192.168.1.127 with mask 255.255.255.128 is the directed broadcast address for the first subnet. Therefore, the lowest IP address that can be assigned to an actual host for the first subnet is 192.16...

Appendix F IP subnetting 237 BCM50a Integrated Router Configuration — Advanced Example: eight subnets Similarly, use a 27-bit mask to create 8 subnets (001, 010, 011, 100, 101, 110). Table 53 shows class C IP address last-octet values for each subnet. Table 51 Subnet 3 Network number Last Octet Bit ...

238 Appendix F IP subnetting N0115791 Table 54 is a summary for class C subnet planning. Subnetting with Class A and Class B networks. For class A and class B addresses the subnet mask also determines which bits are part of the network number and which are part of the host ID. A class B address has ...

241 BCM50a Integrated Router Configuration — Advanced Appendix GCommand Interpreter The following describes how to use the command interpreter. Enter 24 in the main menu to bring up the system maintenance menu. Enter 8 to go to Menu 24.8 - Command Interpreter Mode . See the included disk or www.nort...

242 Appendix G Command Interpreter N0115791 Sys commands Table 56 lists and describes the system commands. Each of these commands must be preceded by sys . For example, type sys stdio 60 to set the management session inactivity timeout to 60 minutes. Table 56 Sys commands Command Description atsh Di...

Appendix G Command Interpreter 249 BCM50a Integrated Router Configuration — Advanced Exit Command Ethernet Commands Table 58 lists and describes the Ethernet commands. Each of these commands must be preceded by ether . For example, type ether config to display information on the LAN configuration. d...

250 Appendix G Command Interpreter N0115791 IP commands Table 59 lists and describes the IP commands. Each of these commands must be preceded by ip . For example, type ip address to display the host IP address. disp <name> Displays the Ethernet driver counters. status <ch_name> Shows the...

Appendix G Command Interpreter 257 BCM50a Integrated Router Configuration — Advanced IPSec commands Table 60 lists and describes the IP Sec commands. Each of these commands must be preceded by ipsec . For example, type ipsec display 3 to display the third IPSec rule, if you have it configured. Table...

266 Appendix G Command Interpreter N0115791 WAN Commands The following chart lists and describes the wan commands. Each of these commands must be preceded by wan when you use them. Table 61 WAN Commands Command Description wan adsl bert Displays ADSL ber. cellcnt Displays the ADSL cell counter. chan...

268 Appendix G Command Interpreter N0115791 Sys firewall commands Table 62 lists and describes the system firewall commands. Each of these commands must be preceded by sys firewall . For example, type sys firewall active yes to turn on the firewall. Table 62 Sys firewall commands Command Description...

Appendix G Command Interpreter 269 BCM50a Integrated Router Configuration — Advanced Bandwidth management commands Table 63 lists and describes the bandwidth management commands. Each of these commands must be preceded by bm . For example, type bm show lan to display the LAN port’s bandwidth managem...

272 Appendix G Command Interpreter N0115791 Certificates commands Table 64 describes the certificate commands. Each of these commands must be preceded by certificates (or cert for short). For example, type cert my_cert list to display all of your certificate names and basic information. All of these...

279 BCM50a Integrated Router Configuration — Advanced Appendix HNetBIOS filter commands The following describes the NetBIOS packet filter commands. Introduction NetBIOS (Network Basic Input/Output System) are TCP or UDP packets that enable a computer to connect to and communicate with a LAN. For som...

280 Appendix H NetBIOS filter commands N0115791 Display NetBIOS filter settings Figure 135 NetBIOS Display Filter Settings Command Example Syntax: sys filter netbios disp This command gives a read-only list of the current NetBIOS filter modes. The filter types and their default settings are as follo...

Appendix H NetBIOS filter commands 281 BCM50a Integrated Router Configuration — Advanced • 0 = LAN to WAN and WAN to LAN • 3 = IPSec packet pass through <on|off> is a switch to enable or disable the filter. • For type 0, use on to enable the filter and block NetBIOS packets. Use off to disable...

282 BCM50a Integrated Router Configuration — Advanced Appendix I Enhanced DHCP option commands The following describes the DHCP option commands. Enhanced DHCP option commands introduction The enhanced DHCP feature allows you to use DHCP option commands to add site-specific options to the DHCP server...

Appendix I Enhanced DHCP option commands 283 BCM50a Integrated Router Configuration — Advanced The following example sets the BCM50a Integrated Router to assign an IP address of 11.12.13.10 to the Nortel BCM50. ip dhcp <interface> server m50ipreserve ip 11.12.13.10 Nortel BCM50 DHCP server opt...

284 Appendix I Enhanced DHCP option commands N0115791 Use this command to configure the Nortel BCM50 DHCP server’s settings. BCM50 IP sets override setting Syntax: ip dhcp <interface> server overrideipsetinfo [0|1] [0:disable | 1:IP phones only | 2:All devices | 3:automatic] This is the Nortel...

Appendix I Enhanced DHCP option commands 285 BCM50a Integrated Router Configuration — Advanced where: Use this command to set the Nortel BCM50 DHCP to assign VoIP server and VLAN settings to Nortel’s IP Telephone 2004. You must also configure the VoIP server and VLAN settings assignment, see the “No...

286 Appendix I Enhanced DHCP option commands N0115791 Use this command to assign VoIP server information to Nortel’s i2004 VoIP telephones. This command sets DHCP option 128. The following example commands set the BCM50a Integrated Router to assign information for two VoIP servers. The first command...

Appendix I Enhanced DHCP option commands 287 BCM50a Integrated Router Configuration — Advanced This command sets DHCP option 191. The following example sets the BCM50a Integrated Router to assign a VLAN ID of five to VoIP telephones. ip dhcp enif0 server vlanid 5 Nortel WLAN handsets 2210 & 2211...

288 Appendix I Enhanced DHCP option commands N0115791 WLAN IP Telephony Manager IP Address Assignment Syntax: ip dhcp <interface> server wlantelmanager [none |<serverIP>] where: Use this command to assign a WLAN Telephony Manager 2245 IP address to WLAN Handsets 2210 & 2211. This com...

289 BCM50a Integrated Router Configuration — Advanced Appendix J Log descriptions This appendix provides descriptions of log messages. Table 66 System error logs Log Message Description %s exceeds the max. number of session per host! This attempt to create a SUA/NAT session exceeds the maximum numbe...

292 Appendix J Log descriptions N0115791 See Table 73 for type and code details. teardrop TCP The firewall detected a TCP teardrop attack. teardrop UDP The firewall detected an UDP teardrop attack. teardrop ICMP (type:%d, code:%d) The firewall detected an ICMP teardrop attack. illegal command TCP Th...

Appendix J Log descriptions 295 BCM50a Integrated Router Configuration — Advanced See Table 73 for type and code details. (set:%d) With firewall messages, this is the number of the ACL policy set and denotes the packet's direction (see Table 72 ). With filter messages, this is the number of the filt...

296 Appendix J Log descriptions N0115791 Table 72 ACL setting notes ACL Set Number Direction Description 1 LAN to WAN ACL set 1 for packets traveling from the LAN to the WAN. 2 WAN to LAN ACL set 2 for packets traveling from the WAN to the LAN. 7 LAN to LAN/BCM50a Integrated Router ACL set 7 for pac...

Appendix J Log descriptions 297 BCM50a Integrated Router Configuration — Advanced VPN/IPSec logs To view the IPSec and IKE connection log, type 3 in menu 27 and press [ENTER] to display the IPSec log as shown next. Figure 136 shows a typical log from the initiator of a VPN connection. 0 Echo message...

Appendix J Log descriptions 299 BCM50a Integrated Router Configuration — Advanced VPN responder IPSec log Figure 137 shows a typical log from the VPN connection peer. Figure 137 Example VPN responder IPSec log This menu is useful for troubleshooting. A log index number, the date and time the log was...

Appendix J Log descriptions 301 BCM50a Integrated Router Configuration — Advanced !! Active connection allowed exceeded The BCM50a Integrated Router limits the number of simultaneous Phase 2 SA negotiations. The IKE key exchange process fails if this limit is exceeded. !! IKE Packet Retransmit The B...

302 Appendix J Log descriptions N0115791 Table 76 shows sample log messages during packet transmission. Table 77 shows RFC-2408 ISAKMP payload types that the log displays. Refer to the RFC for detailed information on each type. Table 76 Sample IPSec logs during packet transmission LOG MESSAGE DESCRI...

Appendix J Log descriptions 303 BCM50a Integrated Router Configuration — Advanced CER Certificate CER_REQ Certificate Request HASH Hash SIG Signature NONCE Nonce NOTFY Notification DEL Delete VID Vendor ID Table 78 PKI logs Log Message Description Enrollment successful The SCEP online certificate en...

Appendix J Log descriptions 305 BCM50a Integrated Router Configuration — Advanced Log commands Go to the command interpreter interface (see Appendix G, “Command Interpreter” on page 241 for information on how to access and use the commands). 9 Certificate decoding failed. 10 Certificate was not foun...

306 Appendix J Log descriptions N0115791 Configuring what you want the BCM50a Integrated Router to log Use the sys logs load command to load the log setting buffer that is used to configure which logs the BCM50a Integrated Router is to record. Use sys logs category followed by a log category and a p...

Appendix J Log descriptions 307 BCM50a Integrated Router Configuration — Advanced Use the sys logs display [log category] command to show the logs in an individual BCM50a Integrated Router log category. Use the sys logs clear command to erase all of the BCM50a Integrated Router’s logs. Log command e...

309 BCM50a Integrated Router Configuration — Advanced Appendix KBrute force password guessing protection Table 81 describes the commands for enabling, disabling and configuring the brute force password guessing protection mechanism for the password. Example sys pwderrtm 5 This command sets the passw...

310 Appendix K Brute force password guessing protection N0115791

BCM50a Integrated Router Configuration — Advanced 311 Index Numbers 4-Port Switch 31 A ADSL standards 30Alternative Subnet Mask Notation 234Applications 37AT command 55, 162ATM Options 79Authentication 69, 73Authentication Protocol 69Autonegotiating 10/100 Mb/s Ethernet LAN 32Autosensing 10/100 Mb/s...