ARRIS NVG589 User Manual

Download

Page 1

Administrator’s Handbook

Motorola

Embedded Software Version 9.1.0

NVG589 VDSL2 Gateway

Page 2

Administrator’s Handbook

©2012 Motorola Mobility LLC All rights reserved. MOTOROLA, and the Stylized M logo are trademarks or registered trademarks of Motorola Trademark Holdings, LLC. All other product or service names are the property of their respective owners. No part of this publication may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from Motorola Mobility LLC Motorola reserves the right to revise this publication and to make changes in content from time to time without obligation on the part of Motorola to provide notiﬁcation of such revision or change. Motorola provides this guide without warranty of any kind, implied or expressed, including, but not limited to, the implied warranties of merchantability and ﬁtness for a particular purpose. Motorola may make improvements or changes in the product(s) described in this manual at any time.

©2010 Motorola Mobility LLC All rights reserved. MOTOROLA, and the Stylized M logo are trademarks or registered trademarks of Motorola Trademark Holdings, LLC. All other product or service names are the property of their respective owners. No part of this publication may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from Motorola Mobility LLC Motorola reserves the right to revise this publication and to make changes in content from time to time without obligation on the part of Motorola to provide notiﬁcation of such revision or change. Motorola provides this guide without warranty of any kind, implied or expressed, including, but not limited to, the implied warranties of merchantability and ﬁtness for a particular purpose. Motorola may make improvements or changes in the product(s) described in this manual at any time.

EXCEPT AS INDICATED IN THE APPLICABLE SYSTEM PURCHASE AGREEMENT, THE SYSTEM, DOCUMENTATION AND SERVICES ARE PROVIDED “AS IS”, AS AVAILABLE, WITHOUT WARRANTY OF ANY KIND. MOTOROLA MOBILITY LLC. DOES NOT WARRANT THAT THE SYSTEM WILL MEET CUSTOMER'S REQUIREMENTS, OR THAT THEIR OPERATION WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ANY ERRORS CAN OR WILL BE FIXED. MOTOROLA MOBILITY LLC. HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, ORAL OR WRITTEN, WITH RESPECT TO THE SYSTEM AND SERVICES INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, INTEGRATION, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE AND ALL WARRANTIES ARISING FROM ANY COURSE OF DEALING OR PERFORMANCE OR USAGE OF TRADE.

EXCEPT AS INDICATED IN THE APPLICABLE SYSTEM PURCHASE AGREEMENT, MOTOROLA MOBILITY LLC. SHALL NOT BE LIABLE CONCERNING THE SYSTEM OR SUBJECT MATTER OF THIS DOCUMENTATION, REGARDLESS OF THE FORM OF ANY CLAIM OR ACTION (WHETHER IN CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE), FOR ANY (A) MATTER BEYOND ITS REASONABLE CONTROL, (B) LOSS OR INACCURACY OF DATA, LOSS OR INTERRUPTION OF USE, OR COST OF PROCURING SUBSTITUTE TECHNOLOGY, GOODS OR SERVICES, (C) INDIRECT, PUNITIVE, INCIDENTAL, RELIANCE, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING, BUT NOT LIMITED TO, LOSS OF BUSINESS, REVENUES, PROFITS OR GOODWILL, OR (D) DIRECT DAMAGES, IN THE AGGREGATE, IN EXCESS OF THE FEES PAID TO IT HEREUNDER FOR THE SYSTEM OR SERVICE GIVING RISE TO SUCH DAMAGES DURING THE 12-MONTH PERIOD PRIOR TO THE DATE THE CAUSE OF ACTION AROSE, EVEN IF COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THESE LIMITATIONS ARE INDEPENDENT FROM ALL OTHER PROVISIONS OF THIS AGREEMENT AND SHALL APPLY NOTWITHSTANDING THE FAILURE OF ANY REMEDY PROVIDED HEREIN.

All Motorola Mobility LLC products are furnished under a license agreement included with the product. If you are unable to locate a copy of the license agreement, please contact Motorola Mobility LLC

NOTE: THIS IS DRAFT DOCUMENTATION INTENDED FOR TESTING AND EVALUATIVE REVIEW. IT MAY CONTAIN ERRORS. IT SHOULD NOT BE CONSIDERED SUITABLE FOR USE IN A PRODUCTION ENVIRONMENT.

Motorola Mobility LLC 600 North U.S. Highway 45 Libertyville, Illinois 60048 USA Telephone: +1 847 523 5000

Part Number 58XXXX-001-00r2 rev a V9.1.0-sku 70

TTTTaaaabbbblllleeee 1111:::: DDDDooooccccuuuummmmeeeennnntttt CCCChhhhaaaannnnggggeeee LLLLo

ooogg

Draft version Firmware version Changes this draft

nbxvu9.1.0h2d2_1.1.bin

first draft

r1 include ATT 6/16 feedback; add battery door instructions

nbxvu9.1.0h0d23_1.1.bin

add battery safety instructions; revved GUI per ERSNVG589_1.0_UI.doc rev 13

Page 3

Table of Contents

CHAPTER 1

CHAPTER 2

Introduction

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

About Motorola

Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

General. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Internal Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

A Word About Example Screens . . . . . . . . . . . . . . . . . . . . . . . . 9

Device Configuration

Important Safety Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . 12

POWER SUPPLY INSTALLATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

TELECOMMUNICATION INSTALLATION . . . . . . . . . . . . . . . . . . . . . . 12

COAX INSTALLATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

PRODUCT VENTILATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Motorola

Battery Installation (optional) . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Battery Door Installation Instructions . . . . . . . . . . . . . . . . . . . . 17

Battery Door Removal Instructions . . . . . . . . . . . . . . . . . . . . . 18

Cradle Installation Instructions . . . . . . . . . . . . . . . . . . . . . . . . . 19

Set up the Motorola Gateway . . . . . . . . . . . . . . . . . . . . . . . . . 20

Accessing the Web Management Interface . . . . . . . . . . . . . . . 23

Device Status page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Tab Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Links Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Device List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Access Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Restart Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Broadband . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

IGMP Stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Home Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

HPNA Configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

MAC Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Gateway Status Indicator Lights . . . . . . . . . . . . . . . 13

Broadband Network Redirect Pages . . . . . . . . . . . . . . . . . . . . . . . . . . 25

IP Diagnostics Page Redirect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Offline Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Device Access Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Wireless Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Documentation . . . . . . . . . . . . . . . . . . . . . . . . 7

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Page 4

Administrator’s Handbook

Wireless Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Subnets & DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

HPNA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Voice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Line Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Call Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Packet Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Working with Packet Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

NAT/Gaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Custom Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

IP Passthrough . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Firewall Advanced . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Resets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Event Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

NAT Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

CHAPTER 3

CHAPTER 4

Basic Troubleshooting

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

Status Indicator Lights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

LED Function Summary Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93

Factory Reset Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Log Event Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Command Line Interface

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Starting and Ending a CLI Session . . . . . . . . . . . . . . . . . . . . 107

Logging In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

Ending a CLI Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

Using the CLI Help Facility . . . . . . . . . . . . . . . . . . . . . . . . . . 107

About SHELL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

SHELL Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

SHELL Command Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

SHELL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109

WAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

About CONFIG Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .118

CONFIG Mode Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Navigating the CONFIG Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . .118

Entering Commands in CONFIG Mode. . . . . . . . . . . . . . . . . . . . . . . . 118

Guidelines: CONFIG Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Displaying Current Gateway Settings . . . . . . . . . . . . . . . . . . . . . . . . .119

Step Mode: A CLI Configuration Technique. . . . . . . . . . . . . . . . . . . . . 119

Validating Your Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120

CONFIG Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Connection commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103

Page 5

Table of Contents

Filterset commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Queue commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

IP Gateway commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

IPv6 Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

IP DNS commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

IP IGMP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

NTP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Application Layer Gateway (ALG) commands . . . . . . . . . . . . . . . . . . 142

Dynamic DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Link commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Management commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Remote access commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Physical interfaces commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

PPPoE relay commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

NAT Pinhole commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Security Stateful Packet Inspection (SPI) commands . . . . . . . . . . . . 157

VoIP commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

System commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Debug Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Disclaimer & Warning Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

CHAPTER 5

Technical Specifications and Safety Information

Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Software and protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Agency approvals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

Manufacturer’s Declaration of Conformance . . . . . . . . . . . . . 175

Important Safety Instructions . . . . . . . . . . . . . . . . . . . . . . . . . 177

47 CFR Part 68 Information . . . . . . . . . . . . . . . . . . . . . . . . . . 178

FCC Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

FCC Statements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Electrical Safety Advisory . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Caring for the Environment by Recycling . . . . . . . . . . . . . . . 180

Beskyttelse af miljøet med genbrug . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Umweltschutz durch Recycling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Cuidar el medio ambiente mediante el reciclaje . . . . . . . . . . . . . . . . 180

Recyclage pour le respect de l'environnement . . . . . . . . . . . . . . . . . 180

Milieubewust recycleren. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Dba∏oÊç o Êrodowisko - recykling . . . . . . . . . . . . . . . . . . . . . . . . . . 181

Cuidando do meio ambiente através da reciclagem . . . . . . . . . . . . . 181

Var rädd om miljön genom återvinning. . . . . . . . . . . . . . . . . . . . . . . . 181

. . . 173

Appendix A

Motorola

Gateway Captive Portal Implementation 203

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Captive Portal RPC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

X_00D09E_GetCaptivePortalParams RPC: . . . . . . . . . . . . . . . . . . . 204

Page 6

Administrator’s Handbook

X_00D09E_SetCaptivePortalParams RPC: . . . . . . . . . . . . . . . . . . . .205

Appendix B

Quality of Service (QoS) Examples . . . . . . . . . . . . . . 207

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Upstream QoS: Priority and shaping . . . . . . . . . . . . . . . . . . . 209

Downstream QoS: Ethernet Switch . . . . . . . . . . . . . . . . . . . . 210

Downstream QoS: Egress queues . . . . . . . . . . . . . . . . . . . . 210

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211

Page 7

CHAPTER 1 Introduction

About Motorola

☛

Motorola, Inc. provides a suite of technical information for its family of intelligent enterprise and consumer Gateways. It consists of:

◆

Administrator’s Handbook Dedicated User Manuals

◆

Specific White Papers

The documents are available in electronic form as Portable Document Format (PDF) files. They are viewed (and printed) from Adobe Acrobat Reader, Exchange, or any other application that supports PDF files.

They are downloadable from the Motorola’s website:

http://www

NOTE:

This guide describes the wide variety of features and functionality of the Motorola used in Router mode. The Motorola

mode, the Gateway acts as a pass-through device and allows the workstations on your LAN to have public addresses directly on the Internet.

.motorola.com/support

Documentation

Gateway may also be delivered in Bridge mode. In Bridge

Gateway, when

Page 8

Administrator’s Handbook

Documentation Conventions

General

This manual uses the following conventions to present information:

Convention (Typeface)

bold

bold sans serif

terminal

bold terminal

Italic Italic type indicates the complete titles of manuals.

Menu commands Web GUI page links and button names

Computer display text User-entered text

Description

Internal Web Interface

Convention (Graphics) Description

blue rectangle or line

solid rounded rectangle with an arrow

Denotes an “excerpt” from a Web page or the visual truncation of a Web page

Denotes an area of emphasis on a Web page

Command Line Interface

Syntax conventions for the Motorola Gateway command line interface are as follows:

Convention Description

straight ([ ]) brackets in cmd line Optional command arguments curly ({ }) brackets, with values

separated with vertical bars (|).

bold terminal type face

italic terminal type face

Alternative values for an argument are presented in curly ({ }) brackets, with values separated with vertical bars (|).

User-entered text Variables for which you supply your own values

Page 9

Organization

This guide consists of five chapters, two appendices, and an index. It is organized as follows:

◆ Chapter 1, Introduction — Describes the Motorola

structure of this guide. It gives a table of conventions.

◆ Chapter 2, “Device Conﬁguration” — Describes how to get up and running with your Motorola

document suite, the purpose of, the audience for, and

Gateway.

◆ Chapter 3, “Basic Troubleshooting” — Gives some simple suggestions for troubleshooting problems with

your Gateway’s initial configuration.

◆ Chapter 4, “Command Line Interface” — Describes all the current text-based commands for both the

SHELL and CONFIG modes. A summary table and individual command examples for each mode is provided.

◆ Chapter 5, “Technical Speciﬁcations and Safety Information”

◆ “Appendix A Motorola® Gateway Captive Portal Implementation” — Describes the Motorola

Captive Portal Implementation

◆ “Appendix B Quality of Service (QoS) Examples” — Describes the Motorola

(QoS) Implementation

Gateway Quality of Service

Gateway

◆ Index

A Word About Example Screens

This manual contains many example screen illustrations. Since Motorola® Gateways offer a wide variety of features and functionality, the example screens shown may not appear exactly the same for your particular Gateway or setup as they appear in this manual. The example screens are for illustrative and explanatory purposes, and should not be construed to represent your own unique environment.

Page 10

Administrator’s Handbook

Page 11

CHAPTER 2 Device Configuration

Most users will find that the basic Quick Start configuration is all that they ever need to use. The Quick Start section may be all that you ever need to configure and use your Motorola

feature set is available. The following instructions cover installation in Router Mode.

This chapter covers:

◆ “Important Safety Instructions” on page 12

◆ “Motorola® Gateway Status Indicator Lights” on page 13

◆ “Battery Installation (optional)” on page 16

◆ “Battery Door Installation Instructions” on page 17

◆ “Battery Door Removal Instructions” on page 18

◆ “Cradle Installation Instructions” on page 19

◆ “Set up the Motorola Gateway” on page 20

◆ “Accessing the Web Management Interface” on page 23

◆ “Device Status page” on page 27

◆ “Tab Bar” on page 31

◆ “Broadband” on page 37

◆ “Home Network” on page 41

◆ “Wireless” on page 46

◆ “Voice” on page 56

◆ “Firewall” on page 62

◆ “Diagnostics” on page 80

Gateway. For more advanced users, a rich

Page 12

Administrator’s Handbook

Important Safety Instructions

POWER SUPPLY INSTALLATION

Connect the power supply cord to the power jack on the Motorola® Gateway. Plug the power supply into an appropriate electrical outlet. There is no power (on / off) switch to power off the device.

☛ WARNING:

The power supply must be connected to a mains outlet with a protective earth connection. Do not defeat the protective earth connection.

CAUTION:

Depending on the power supply provided with the product, either the direct plug-in power supply blades, power supply cord plug or the appliance coupler serves as the mains power disconnect. It is important that the direct plug-in power supply, socket-outlet or appliance coupler be located so it is readily accessible.

TELECOMMUNICATION INSTALLATION

When using your telephone equipment, basic safety precautions should always be followed to reduce the risk of fire, electric shock and injury to persons, including the following:

◆ Do not use this product near water, for example, near a bathtub, wash bowl, kitchen sink or laundry tub, in a

wet basement or near a swimming pool.

◆ Avoid using a telephone (other than a cordless type) during an electrical storm. There may be a remote risk of

electrical shock from lightning.

◆ Do not use the telephone to report a gas leak in the vicinity of the leak.

◆ CAUTION: The external phone should be UL Listed and the connections should be made in accordance with

Article 800 of the NEC.

COAX INSTALLATION

Be sure that the outside cable system is grounded, so as to provide some protection against voltage surges and built-up static charges. Article 820-20 of the NEC (Section 54, Part I of the Canadian Electrical Code) provides guidelines for proper grounding and, in particular, specifies the CATV cable ground shall be connected to the grounding system of the building, as close to the point of cable entry as practical.

PRODUCT VENTILATION

The Motorola® Gateway is intended for use in a consumer's home. Ambient temperatures around this product should not exceed 104°F (40°C). It should not be used in locations exposed to outside heat radiation or trapping of its own heat. The product should have at least one inch of clearance on all sides except the bottom when properly installed and should not be placed inside tightly enclosed spaces unless proper ventilation is provided.

☛ CAUTION –

The battery used in this device may present a risk of ﬁre or chemical burn if mistreated. Do not disassemble, heat above manufacturer’s maximum temperature limit, or incinerate. Replace battery with Motorola P/N 586185-001-00 only. Use of another battery may present a risk of ﬁre or explosion. Dispose of used battery promptly. Keep away from children. Do not disassemble and do not dispose of in ﬁre.

SAVE THESE INSTRUCTIONS

Page 13

Motorola® Gateway Status Indicator Lights

Colored LEDs on your Motorola® Gateway indicate the status of various port activity.

Motorola® Gateway

Side View

LED Action

Solid Green = The device is powered. Flashing Green = A Power-On Self-Test (POST) is in progress

Power*

Flashing Red = A POST failure (not bootable) or device malfunction occurred.

Orange/Amber = during firmware upgrade (see below)

Off = The unit has no AC power.

NVG589 status indicator lights

Power

Battery Ethernet Wireless

HomePNA Broadband 1 Broadband 2

Service Phone 1 Phone 2

USB

*During

Firmware

Upgrade

During

Boot

process

Battery

During the software installation, you will lose internet and phone service. The LEDs will function as follows:

1. As firmware is being loaded into flash, the LEDs will operate normally as described.

2. The installation will take a few minutes – During this phase, the Power LED willl flash Orange/Amber during firmware upgrade (flash writing to memory) and all other LEDs will be off.

3. The Gateway will restart automatically. As the device reboots, the POWER ON LED behavior will happen.

• Power LED = GREEN/FLASH

• All other LED = OFF If the device does not boot, and fails its self test or fails to perform initial load of the boot-

loader:

• Power LED = RED/FLASH

• ALL other LED = OFF If the device boots and then detects a failure: Power LED = GREEN/FLASH starting POST and then all LEDs will FLASH RED, including

Power LED.

Solid Green = Battery in place but not being used. Flashing Green = Battery charging.

Solid Red = Battery backup mechanism has a fault. Flashing Red = Battery needs to be replaced.

Solid Amber = Battery in use. Flashing Amber = Low battery.

Off = No battery or battery has no charge. Cycle between all colors = Battery conducting self-test.

Page 14

Administrator’s Handbook

LED Action

Solid Green = Powered device connected to the associated port (includes devices with

wake-on-LAN capability where a slight voltage is supplied to the Ethernet connection).

Ethernet

Wireless

HomePNA

Broadband

1**, 2

Flickering Green = Activity seen from devices associated with the port. The flickering of the

light is synchronized to actual data traffic. Off = The device is not powered, no cable or no powered devices connected to the associ-

ated ports.

Solid Green = Wi-Fi is powered. Flickering Green = Activity seen from devices connected via Wi-Fi. The flickering of the

light is synchronized to actual data traffic. Off = The device is not powered or no powered devices connected to the associated ports.

Solid Green = Powered device connected to the associated port (includes devices with

wake-on-LAN capability where a slight voltage is supplied to the Ethernet connection).

Flickering Green = Activity seen from devices associated with the port. The flickering of the

light is synchronized to actual data traffic. Off = The device is not powered, no cable or no powered devices connected to the associ-

ated ports.

Solid Green = Good broadband connection (i.e., good DSL Sync or Gigabit Ethernet ). Flashing Green = Attempting broadband connection (i.e., DSL attempting sync). Flashing Green & Red = If the broadband connection fails to be established for more than

three consecutive minutes the LED switches to Flashing Green when attempting or waiting to establish a broadband connection alternating with a five second steady Red. This pattern continues until the broadband connection is successfully established.

Flashing Red = No DSL signal on the line. This is only used when there is no signal, not dur-

ing times of temporary ‘no tone’ during the training sequence. Off = The device is not powered. ** Broadband 1 LED is also the Gigabit ethernet WAN LED when that is in play (and DSL is

not)

Service

Phone 1, 2

USB

Solid Green = IP connected (The device has a WAN IP address from DHCP or 802.1x

authentication and the broadband connection is up).

Flashing Green = Attempting PPP connection. Attempting IEEE 802.1X authentication or

attempting to obtain DHCP information.

Red = Device attempted to become IP connected and failed (no DHCP response, 802.1x

authentication failed, no IP address from IPCP, etc.). The Red state times out after two minutes and the Service indicator light returns to the Off state.

Off = The device is not powered or the broadband connection is not present.

Solid Green = The associated VoIP line has been registered with a SIP proxy server. Flashing Green = Indicates a telephone is off-hook on the associated VoIP line.

Off = VoIP not in use, line not registered or Gateway power off.

Solid Green = Powered device connected to the associated port (includes devices with

wake-on-LAN capability where a slight voltage is supplied to the Ethernet connection).

Flickering Green = Activity seen from devices associated with the port. The flickering of the

light is synchronized to actual data traffic. Off = The device is not powered, no cable or no powered devices connected to the associ-

ated ports.

Page 15

Motorola® Gateway NVG589 Rear View

Power Jack

Reset button

RJ14 (FXS)

F-Connector (HPNA)

LED Action

Ethernet

1,2 3,4

Orange/Amber when a Gigabit Ethernet device is connected to each port.

Green when 10/100 Ethernet device is connected.

Flash for Ethernet traffic passing.

☛ NOTE:

The NVG589 supports two VoIP lines over one RJ11 VoIP port. In order to connect two phone lines the supplied inner/outer pair splitter adapters must be attached to the RJ11 VoIP port in order to terminate both lines. This is a special-purpose splitter. You must only use the inner/outer pair splitter adapters supplied by AT&T.

DSL (WAN)Ethernet (LAN)

Gigabit Ethernet (WAN)

USB

Page 16

Administrator’s Handbook

Battery Installation (optional)

The optional backup battery is located in a compartment on the bottom of the unit. Installing the battery door requires some care.

☛ CAUTION –

Dispose of used battery promptly. Keep away from children. Do not disassemble and do not dispose of in ﬁre.

1. Note the tab on the bottom of the battery.

2. Insert the battery into the compartment on the bottom of the unit, as shown, and

press into place so that the battery contacts seat securely in the unit.

3. Then attach the compartment door. See “Battery Door Installation Instructions” on

page 17.

Page 17

Battery Door Installation Instructions

1. Place NVG589 Unit on a table top as shown in FIGURE (1).

2. Place battery door at an angle, as shown, and slide toward edge of unit.

See FIGURE (2).

3. Rotate door in direction shown, see FIGURE (3), and snap closed.

4. Battery door installed. See FIGURE (4).

Page 18

Administrator’s Handbook

Battery Door Removal Instructions

1. Place unit on table top as shown in FIGURE (1).

2. Using both hands, pull tabs in directions shown in FIGURE (2).

3. While still pulling the tabs, pull the battery door in the direction shown.

See FIGURE (3).

4. Remove battery door. See FIGURE (4).

Page 19

Cradle Installation Instructions

1. Angle the NVG589 unit onto the rear of the cradle. See FIGURE (1).

2. Ensure that the NVG589 unit is latched to the rear of the cradle as shown in

FIGURE (2).

3. Once the rear is latched, rotate the NVG589 unit down into the cradle and press until

the snap is engaged. You should hear a “click” for positive engagement. See FIGURE (3).

4. Reverse sequence, by first pulling on the cradle, for removal.

Page 20

Administrator’s Handbook

Set up the Motorola Gateway

Refer to your Quickstart Guide for instructions on how to connect your Motorola® gateway to your power source, PC or local area network, and your Internet access point, whether it is a dedicated DSL outlet or a DSL or cable

modem. Different Motorola Dynamic Addressing on your PC. Perform the following:

Microsoft Windows:

Step 1. Navigate to the TCP/IP Properties Control Panel.

a. Some Windows versions follow a path like this:

Gateway models are supplied for any of these connections. Be sure to enable

Start menu -> Settings ->

Control Panel -> Network (or Network and Dial-up Connections -> Local Area Connection -> Properties) -> TCP/IP [your_network_card] or Internet Protocol [TCP/IP] -> Properties

b. Some Windows versions follow a path like this:

Start menu -> Control Panel -> Network and Internet Connections -> Network Connections -> Local Area Connection -> Properties -> Internet Protocol [TCP/IP]

-> Properties

Then go to Step 2.

Step 2. Select Obtain an IP address automatically.

Step 3. Select Obtain DNS server address automatically, if available.

Step 4. Remove any previously configured Gateways, if available.

Step 5. OK the settings. Restart if prompted.

Page 21

c. Windows Vista and Windows 7 obtain an IP address automatically by default. You may not need to configure it

at all.

To check, open the Networking Control Panel and select Internet Protocol Version 4 (TCP/IPv4). Click the Properties button.

The Internet Protocol Version 4 (TCP/IPv4) Properties window should appear as shown.

If not, select the radio buttons shown above, and click the OK button.

Page 22

Administrator’s Handbook

Macintosh MacOS 8 or higher or Mac OS X:

Step 1. Access the TCP/IP or Network control panel.

a. MacOS follows a path like this:

Apple Menu -> Control Panels -> TCP/IP Control

Panel

b. Mac OS X follows a path like this:

Apple Menu -> System Preferences -> Network

Then go to Step 2.

Step 2. Select Built-in Ethernet

Step 3. Select Configure Using DHCP

Step 4. Close and Save, if prompted.

Proceed to “

Accessing the Web Management Interface” on page 23.

Page 23

Accessing the Web Management Interface

1. Run your Web browser application, such as Firefox or Microsoft Internet Explorer,

from the computer connected to the Motorola

2. Enter http://192.168.1.254 in the Location text box.

While the Gateway is determining the Broadband network type, the following screen appears.

Gateway.

The Device Status Page appears.

Page 24

Administrator’s Handbook

3. Check to make sure the Broadband and Service LEDs are lit GREEN to verify that

the connection to the Internet is active.

Congratulations! Your installation is complete.

You can now surf to your favorite Web sites by typing an URL in your browser’s location box or by selecting one of your favorite Internet bookmarks.

Page 25

Broadband Network Redirect Pages

After a few minutes if the Broadband network cannot be determined, the following screen appears. Contact AT&T Customer care at the number shown for assistance.

If you click the work type, if you know it.

Continue button, the following screen appears. Here you can manually select the Broadband net-

Page 26

Administrator’s Handbook

IP Diagnostics Page Redirect

In the event that your connection to the Internet fails, the Broadband LED will flash RED and you are redirected to the IP Diagnostics page.

Follow the on-screen troubleshooting suggestions.

For additional troubleshooting information, see “

When your connection is restored or the problem is resolved, the Broadband LED will turn GREEN.

Diagnostics” on page 80 and “Basic Troubleshooting” on page 89.

☛ Note:

For AT&T this function is enabled by default. See the CLI command “

enable [ off | on ]” on page 149.

Offline Troubleshooting

If the WAN is down, the following will be displayed at the top of the page.

set management lan-redirect

Page 27

Device Status page

After you have performed the basic Easy Login configuration, any time you log in to your Motorola® Gateway you will access the Motorola

You access the Home Page by typing

Gateway Home Page.

http://192.168.1.254 in your Web browser’s location box.

Device Access Code

You may be required to provide your Device Access Code in order to access the web management configuration pages. The Device Access Code is unique to your device. It is printed on a label on the side of the Gateway.

Enter your Device Access Code and click the

Continue button.

Page 28

Administrator’s Handbook

The Device Status Page appears.

Page 29

The Device Status displays the following information in the center section:

Field Description

Broadband

Broadband Connection ‘Waiting for DSL’ is displayed while the Gateway is training. This

should change to ‘Up’ within two minutes. ‘Up’ is displayed when the ADSL line is synched and the session is established. ‘Down’ indicates inability to establish a connection; possible line failure.

Battery

Status Normal or Low Battery or Charging or Warning - No battery or bat-

tery has no charge or Warning: Battery backup mechanism has a fault.

Wireless

Status Your wireless signal may be ‘On’ or ‘Off’. Network ID (SSID) This is the name or ID that is displayed to a client scan. The default

SSID for the Gateway is attxxx where xxx is the last 3 digits of the serial number located on the side of the Gateway.

Authentication Type The type of wireless encryption security in use. May be Disabled,

WPA or WEP, Default Key or Manual.

Network Key Wireless network encryption key in use.

Coax to STB

Status Off or On.

Voice

Line 1 Indication of VoIP or other phone connection. Line 2 Indication of VoIP or other phone connection.

Some fields may or may not display, depending on your particular setup.

The

Diagnostics button will connect you to the Troubleshoot page. See “Diagnostics” on page 80.

The right-hand frame displays some links to commonly performed tasks for easy access.

◆ Go to AT&T online support for troubleshooting and repair »

This link will connect you to the IP Diagnostics page with help for troubleshooting and the AT&T Help Desk information. See “

◆ Modify your Wireless security or settings »

This link will connect you to the Wireless page. See “

◆ Restart your device »

This link will connect you to the Restart Device page. See “

IP Diagnostics Page Redirect” on page 26.

Wireless” on page 46.

Restart Device” on page 36.

Page 30

Administrator’s Handbook

◆ Find a computer on your home network »

This link will connect you to the Device List page. See “

◆ Adjust ﬁrewall settings for gaming and applications »

This link will connect you to the NAT/Gaming page. See “

Device List” on page 32.

NAT/Gaming” on page 69.

Page 31

Tab Bar

The tab bar is located at the top of every page, allowing you to move freely about the site.

The tabs reveal a succession of pages that allow you to manage or configure several features of your Gateway. Each tab is described in its own section.

Help

Help is provided in your Gateway. Help is available in the right hand frame on every page in the Web interface.

Here is an example:

The page shown here is displayed when you are on the System Information page.

Page 32

Administrator’s Handbook

Links Bar

The links bar at the top of each page allows you to configure different aspects of the features displayed on the page. For example, on the Home Summary page, the button bar is shown below:

Click the links below to be taken to each section.

◆ “Device Status page” on page 27

◆ “Device List” on page 32

◆ “System Information” on page 34

◆ “Access Code” on page 35

◆ “Restart Device” on page 36

Link: Device List

When you click the Device List link, the Device List page appears.

The page displays the following information:

Home Network Devices Displays the IPv4 Address, Network Name, and MAC Address of

MAC Address Client device’s unique hardware address. IPv4 Address / Name Client device’s IP address or device network name. Last Activity Date and time of last traffic for this client device Status May be off or on. Allocation Type of IP address assignment, for example, Static or DHCP. Connection Type Type of connection, for example, Ethernet or Wireless

Home Network Devices

devices connected to this device on your local area network.

Page 33

For Wireless client connections, the Device List displays the familiar bars indicating signal strength, as follows:

◆ Click the Clear Device List button to update the Home Network summary.

◆ Click the Scan for Devices button to seek out other devices that have been connected since the last Home

Network summary update.

Page 34

Administrator’s Handbook

Link: System Information

When you click the System Information link, the System Information page appears.

The page displays the following information:

System Information

Manufacturer This is the manufacturer’s identifier name. Model Number This is the manufacturer’s model number. Serial Number This is the unique serial number of your Gateway. Software Version This is the version number of the current embedded software in your Gateway. MAC Address Unique hardware address of this Gateway unit. First Use Date Date and Time when the Gateway is first used. This field changes to the cur-

rent date and time after a reset to factory defaults. Time Since Last Reboot Elapsed time since last reboot of the Gateway in days:hr:min:sec. Datapump Version Underlying operating system software datapump version Legal Disclaimer

Clicking the

also shown here:

Licenses link displays a listing of software copyright attributions

“Copyright Acknowledgments” on page 183.

Page 35

Link: Access Code

Access to your Gateway is controlled through an account named Admin. The default Admin password for your Gateway is the unique Access Code printed on the label on the side of your Gateway.

As the Admin, you can change this password to a different one of your own choosing between 8 and 20 characters long. The new password must also include two characters from any these categories: alpha, number, and special characters.

Example: “fru1tfl13s_likeabanana”

Enter your Old Access Code, your New Access Code, and click the Access Code takes effect immediately.

You can always return to the original default password by clicking the

Use New Access Code button. The new

Use Default Access Code button.

Page 36

Administrator’s Handbook

Link: Restart Device

When the Gateway is restarted, it will disconnect all users, initialize all its interfaces, and load the Operating System Software.

When you make configuration changes, you may be required restart for the changes to take effect.

Page 37

Broadband

When you click the Broadband tab, the Broadband Status page appears.

The Broadband Status page displays information about the Gateway’s WAN connection(s) to the Internet.

Broadband Status

Line State May be Up (connected) or Down (disconnected). Broadband Connection May be Up (connected) or Down (disconnected).

Page 38

Administrator’s Handbook

Downstream Sync Rate This is the rate at which your connection can download (receive) data on your

DSL line, in kilobits per second.

Upstream Sync Rate This is the rate at which your connection can upload (send) data on your DSL

line, in kilobits per second.

Modulation Method of regulating the DSL signal. DMT (Discrete MultiTone) allows connec-

tions to work better when certain radio transmitters are present. Data Path Type of path used by the device's processor. Broadband IPv4 Address The public IP address of your device, whether dynamically or statically

assigned. Gateway IPv4 Address Your ISP's gateway router IP address. MAC Address Your Gateway’s unique hardware address identifier. Primary DNS The IP Address of the Primary Domain Name Server. Secondary DNS The IP Address of the backup Domain Name Server, if available. Primary DNS Name The name of the Primary Domain Name Server. Secondary DNS Name The name of the backup Domain Name Server, if available. MTU Maximum Transmittable Unit before packets are broken into multiple packets.

IPv6

Status May be Enabled or Unavailable. Global Unicast IPv6

Address Border Relay IPv4

Address

The public IPv6 address of your device, whether dynamically or statically

assigned.

The public IPv4 address of your device.

IPv4 Statistics

Transmit Packets IPv4 packets transmitted. Transmit Errors Errors on IPv4 packets transmitted. Transmit Discards IPv4 packets dropped.

IPv6 Statistics

Transmit Packets IPv6 packets transmitted. Transmit Errors Errors on IPv6 packets transmitted. Transmit Discards IPv6 packets dropped.

Downstream and Upstream Statistics

SN Margin (db) Signal to noise margin, in decibels. Reflects the amount of unwanted “noise”

on the DSL line. Line Attenuation Amount of reduction in signal strength on the DSL line, in decibels. Output Power (dBm) Measure of power output in decibels (dB) referenced to one milliwatt (mW). Errored Seconds The number of uncorrected seconds after being down for seven consecutive

seconds. Loss of Signal The absence of any signal for any reason, such as a disconnected cable or

loss of power. Loss of Frame A signal is detected but cannot sync with signal caused by mismatched proto-

cols, wrong ISP connection configuration, or faulty cable. FEC Errors (Forwarded Error Correction errors) Count of received errored packets that

were fixed successfully with out a retry. CRC Errors Number of times data packets have had to be resent due to errors in transmis-

sion or reception.

Page 39

Link: Configure

When you click the Conﬁgure link, the Broadband Conﬁgure screen appears. Here you can reconfigure your type of broaband connection should it change in the future.

◆ Broadband Connection Source - dsl, ethernet, or auto (automatically detected).

◆ Media – Auto (the default self-sensing rate), 10M full- or half-duplex, 100M full- or half-duplex, or 1G full- or

half-duplex.

◆ MDI-X – Auto (the default self-sensing crossover setting), Off, or On.

◆ The WAN connection is automatically configured. However, you can adjust the Maximum allowable MTU

(Maximum Transmittable Unit) value, if your service provider suggests it. The default 1500 is the maximum value, but some services require other values. 1492 is common.

If you make any change here, click the Save button.

Page 40

Administrator’s Handbook

Link: IGMP Stats

When you click the IGMP Stats link, the IGMP Stats screen appears.

The IGMP Statistics screen reports IGMP Proxy Groups and Multicast Forwarding information. It also displays a packet counter.

Page 41

Home Network

When you click the Home Network tab, the Home Network Status page appears.

The Home Network Status page displays information about the Gateway’s local area network.

If you click the ton, the device will generate statistics for each of the 11 channels available, displaying:

Run Congestion Detection but-

◆Channel number

◆AP Count

◆Congestion Score (1 - 10)

You can clear the current statistics information by clicking the

Clear Statistics button.

Page 42

Administrator’s Handbook

Home Network Status

Device IPv4 Address The Gateway’s own IP address on the network. DHCP Netmask The Gateway’s own netmask on the network. DHCPv4 Start Address The starting IP address of the DHCP range served by the Gateway. DHCPv4 End Address The ending IP address of the DHCP range served by the Gateway. DHCP Leases Available The number of IP addresses of the DHCP range available to be served by the

Gateway. DHCP Leases Allocated The number of IP addresses of the DHCP range currently being served by the

Gateway. DHCP Primary Pool Source pool of the IP addresses served by the Gateway, Public or Private.

IPv6

Status May be Enabled or Unavailable. Global IPv6 Address The public IPv6 address of your device, whether dynamically or statically

assigned. Link-local IPv6 Address The private IPv6 address of your device, whether dynamically or statically

assigned. Router Advertisement

Prefix

The IPv6 prefix to include in router advertisements.

IPv4 Statistics

Transmit Packets IPv4 packets transmitted. Transmit Errors Errors on IPv4 packets transmitted. Transmit Discards IPv4 packets dropped.

IPv6 Statistics

Transmit Packets IPv6 packets transmitted. Transmit Errors Errors on IPv6 packets transmitted. Transmit Discards IPv6 packets dropped.

Wireless Status

Wireless Radio Status Indicates whether the Wi-Fi radio is Enabled or Disabled. Network Name (SSID) This is the name or ID that is displayed to a client scan. The default SSID for

the Gateway is attxxx where xxx is the last 3 digits of the serial number

located on the side of the Gateway. Hide SSID May be either On or Off. If On, your SSID will not appear in a client scan. Wireless Security The type of wireless encryption security in use. May be Disabled, WPA or

WEP, Default Key or Manual. Network Key Shows the information of the security encryption key in use. Mode May be 802.11B only, 802.11G only, 802.11N, or 802.11 B/G/N. Bandwidth The capacity of the wireless LAN to carry traffic in megahertz. Current Radio Channel The radio channel that your Wi-Fi network is broadcasting on. Radio Channel Selection May be set to automatic or manually selected. MAC Address Filtering May be either On or Off. If On, you can accept or block client devices from

your WLAN based on their MAC address. Power Level May be adjusted up to 100%, lower if multiple wireless access points are in

use, and might interfere with each other.

Page 43

Wireless MAC Address Shows the information of the MAC address of the wireless subsystem.

LAN Wireless Statistics

Transmit Bytes Number of bytes transmitted on the Wi-Fi network. Receive Bytes Number of bytes received on the Wi-Fi network. Transmit Packets Number of packets transmitted on the Wi-Fi network. Receive Packets Number of packets received on the Wi-Fi network. Transmit Error Packets This is the number of errors on packets transmitted on the Wi-Fi network. Receive Error Packets This is the number of errors on packets received on the Wi-Fi network. Transmit Discard Packets This is the number of packets transmitted on the Wi-Fi network that were

dropped.

Receive Discard Packets This is the number of packets received on the Wi-Fi network that were

dropped.

LAN Ethernet Statistics

State up or down Transmit Speed This is the maximum speed of which the port is capable. Transmit Packets This is the number of packets sent out from the port. Transmit Bytes This is the number of bytes sent out from the port. Transmit Dropped This is the number of packets sent out from the port that were dropped. Transmit Errors This is the number of errors on packets sent out from the port. Receive Packets This is the number of packets received on the port. Receive Bytes This is the number of bytes received on the port. Receive Unicast This is the number of unicast packets received on the port. Receive Multicast This is the number of multicast packets received on the port. Receive Dropped This is the number of packets received on the port that were dropped. Receive Errors This is the number of errors on packets received on the port.

The links at the top of the Home Network page access a series of pages to allow you to conﬁgure and monitor features of your device. The following sections give brief descriptions of these pages.

◆ “Configure” on page 44

◆ “HPNA Configure” on page 45

◆ “Wireless” on page 46

◆ “MAC Filtering” on page 50

◆ “Wireless Scan” on page 51

◆ “Subnets & DHCP” on page 52

◆ “HPNA” on page 54

Page 44

Administrator’s Handbook

Link: Configure

When you click the Conﬁgure link, the Conﬁgure page for the Ethernet LAN appears.

For each Ethernet Port, 1 through 4, you can select:

◆ Ethernet – Auto (the default self-sensing rate), 10M full- or half-duplex, 100M full- or half-duplex, or 1G full- or

half-duplex.

◆ MDI-X – Auto (the default self-sensing crossover setting), off, or on.

Click the

Save button.

Page 45

Link: HPNA Configure

When you click the HPNA Conﬁgure link, the HPNA Conﬁgure page for the HomePNA network appears.

Here you can turn HomePNA Networking On or Off.

If desired, you can choose the Output Jack, either the Coax jack or the Phone jack, or let the device Auto sense it automatically.

Click the

Save button.

Page 46

Administrator’s Handbook

Link: Wireless

When you click the Wireless link the Wireless page appears. The Wireless page displays the status of your Wireless LAN elements.

The Wireless page’s center section contains a summary of the Wireless Access Point’s conﬁguration settings and operational status.

Summary Information

Field Status and/or Description

General Information

Wireless Operation May be either Network Name (SSID) This is the name or ID that is displayed to a client scan. The default SSID for the

Gateway is

the side of the gateway. Hide SSID May be either Security The type of wireless encryption security in use. May be

PSK

or WPA Version If WPA is selected, may be Both, WPA-1, or WPA-2,. WEP Key Length May be 10 characters for 40/64-bit, or 26 characters for 128-bit WP encryption. Key Here you can enter a manual encryption key. Mode May be 802.11B only, 802.11G only, 802.11N, or 802.11 B/G/N. Bandwidth The capacity of the wireless LAN to carry traffic in megahertz, 20 or 40. Channel The radio channel that your Wi-Fi network is broadcasting on. Power Level May be adjusted up to 100%, lower if multiple wireless access points are in use,

and might interfere with each other.

Wireless Protected Setup (WPS)

May be either

On or Off.

attxxx

where

Off

or On. If On, your SSID will not appear in a client scan.

WEP, Default Key

On or Off.

xxx

is the last 3 digits of the serial number located on

OFF-No Privacy, WPA-

Manual

◆ The Wireless Operation function is automatically enabled by default. If you uncheck the checkbox, the Wire-

less Options are disabled, and the Wireless Access Point will not provide or broadcast its wireless LAN services.

Page 47

◆ Network Name (SSID) – preset to a number unique to your unit. You can either leave it as is, or change it by

entering a freeform name of up to 32 characters, for example “Hercule’s Wireless LAN”. On client PCs’ software, this might also be called the Network Name. The Wireless ID is used to identify this particular wireless LAN. Depending on their operating system or client wireless card, users must either:

• select from a list of available wireless LANs that appear in a scanned list on their client

• or enter this name on their clients in order to join this wireless LAN.

◆ Hide SSID – If enabled, this mode hides the wireless network from the scanning features of wireless client

computers. Unless both the wireless clients and the Gateway share the same Network Name (SSID) in hidden mode, the Gateway’s wireless LAN will not appear as an available network when scanned for by wirelessenabled computers. Members of the hidden WLAN must log onto the Gateway’s wireless network with the identical SSID as that configured in the Gateway.

Closed System mode is an ideal way to increase wireless security and to prevent casual detection by unwanted neighbors, office users, or malicious users such as hackers.

If you do not enable Hide SSID, it is more convenient, but potentially less secure, for clients to access your WLAN by scanning available access points. You must decide based on your own network requirements.

◆ Security, WPA Version, WEP Key Length, Key – see “Wireless Security” on page 48.

◆ Mode – The pull-down menu allows you to select and lock the Gateway into the wireless transmission mode

you want: B/G/N, B-only, B/G, G-only, or N-only. For compatibility with clients using 802.11b (up to 11 Mbps transmission), 802.11g (up to 20+ Mbps), 802.11a

(up to 54 Mbit/s using the 5 GHz band), or 802.11n (from 54 Mbit/s to 600 Mbit/s with the use of four spatial streams at a channel width of 40 MHz), select B/G/N. To limit your wireless LAN to one mode or the other, select G-only

, N-only, or B-only, or some combination that applies to your setup.

☛ NOTE:

If you choose to limit the operating mode to 802.11b or 802.11g only, clients using the mode you excluded will not be able to connect.

◆ Bandwidth – May only be selected if mode is some combination of 802.11n (from 54 Mbit/s to 600 Mbit/s

with the use of four spatial streams at a channel width of 40 MHz). Measure of the width of a range of frequencies, in megahertz.

◆ Channel (1 through 11, for North America) on which the network will broadcast. This is a frequency range

within the 2.4Ghz band. Channel selection depends on government regulated radio frequencies that vary from region to region. Channel selection can have a significant impact on performance, depending on other wireless activity close to this Wireless Access Point. You need not select a channel at any of the computers on your wireless network. They will automatically scan available channels seeking a Gateway broadcasting on the SSID for which they are configured.

The Automatic setting allows the Wireless Access Point to determine the best channel to broadcast automatically.

◆ Power Level – Sets the wireless transmit power, scaling down the Wireless Access Point’s wireless transmit

coverage by lowering its radio power output. Default is 100% power. Transmit power settings are useful in large venues with multiple wireless routers where you want to reuse channels. Since there are only three nonoverlapping channels in the 802.11 spectrum, it helps to size the Wireless Access Point’s cell to match the location. This allows you to install a router to cover a small “hole” without conflicting with other routers nearby.

◆ Wireless Protected Setup (WPS) is a not a new security protocol. It is simply an easier way to use existing

protocols to provide greater security for your wireless network connections.

By default, Privacy is set to Wireless Protected Access (WPA-PSK). WPS allows you to automatically generate a new strong WPA key for your Gateway and any client devices on your wireless network.

Not all client wireless devices support WPS. Refer to their documentation. Enter your all digit WPS PIN and click the Follow the instructions that came with your wireless client.

Submit button.

Page 48

Administrator’s Handbook

Wireless Security

By default, Wireless Security is set to Pre-Shared Key).

Other options are available from the Security pull-down menu:

WPA-PSK

with a pre-defined WPA-Default Key (Wireless Protected Access

◆ WEP - Manual: WEP Security is a Privacy option that is based on encryption between the Router and any PCs

(“clients”) you have with wireless cards. If you are not using WPA-PSK Privacy, you can use WEP encryption instead. For this encryption to work, both your Wireless Access Point and each client must share the same Wireless ID (SSID), and both must be using the same encryption keys. See “

WEP-Manual” on page 48.

◆ WPA-PSK: allows you to enter your own key, the most secure option for your wireless network. The key can

be between 8 and 63 characters, but for best security it should be at least 20 characters. If you select WPA-PSK as your privacy setting, the WPA Version pull-down menu allows you to select the WPA

version(s) that will be required for client connections. Choices are:

Both, for maximum interoperability, WPA-1, for backward compatibility, WPA-2, for maximum security.

All clients must support the version(s) selected in order to successfully connect.

Be sure that your Wi-Fi client adapter supports this option. Not all Wi-Fi clients support WPA-PSK.

◆ OFF - No Privacy: This mode disables privacy on your network, allowing any wireless users to connect to your

wireless LAN. Use this option if you are using alternative security measures such as VPN tunnels, or if your network is for public use.

Click the Save button.

WEP-Manual

You can provide a level of data security by enabling WEP (Wired Equivalent Privacy) for encryption of network data. You can enable 40- or 128-bit WEP Encryption (depending on the capability of your client wireless card) for IP trafﬁc on your LAN.

WEP - Manual allows you to enter your own encryption keys manually. This is a difﬁcult process, but only needs to be done once. Avoid the temptation to enter all the same characters.

Page 49

Key Length: The pull-down menu selects the length of each encryption key. The longer the key, the stronger the encryption and the more difﬁcult it is to break the encryption.

Key: You enter a key using hexadecimal digits. For 40/64-bit encryption, you need ten digits; 26 digits for 128-bit WEP. Hexadecimal characters are 0 – 9, and a – f.

Examples:

◆ 40 bits: 02468ACE02

◆ 128 bits: 0123456789ABCDEF0123456789

Any WEP-enabled client must have an identical key of the same length as the Router, in order to successfully receive and decrypt the trafﬁc. Similarly, the client also has a ‘default’ key that it uses to encrypt its transmissions. In order for the Router to receive the client’s data, it must likewise have the identical key of the same length.

Click the click Save button.

Page 50

Administrator’s Handbook

Link: MAC Filtering

When you click the MAC Filtering link the MAC Filtering page appears.

MAC Filtering allows you to specify which client PCs are allowed to join the wireless LAN by unique hardware (MAC) address.

◆ To enable this feature, select Blacklist or Whitelist from the MAC Filtering Type menu. Blacklist means that

only MAC addresses you specify will be denied access; Whitelist means that only MAC addresses you specify will be allowed access.

◆ You add wireless clients that you want to Whitelist or Blacklist for your wireless LAN by selecting them from the

List of MACs or by entering the MAC addresses in the Manual Entry field provided.

◆ Click the Add button.

Your entries will be added to a list of clients that will be either authorized (Whitelisted) or disallowed (Blacklisted) depending on your selection.

◆ Click the Save button.

You can Add or Delete any of your entries later by returning to this page.

Page 51

Link: Wireless Scan

Your device automatically checks for the best channel to broadcast wireless services. However, in some cases it may be useful to switch to a different channel (1 through 11, for North America) on which the network will broadcast.

This is a frequency range within the 2.4Ghz band. Channel selection depends on government regulated radio frequencies that vary from region to region. Channel selection can have a significant impact on performance, depending on other wireless activity close to this device. You need not select a channel at any of the computers on your wireless network. They will automatically scan available channels seeking a wireless device broadcasting on the SSID for which they are configured.

This scan will disconnect any wireless client devices from the wireless network.

If you want to scan for a different channel on which the device will broadcast, click the

Continue button.

Page 52

Administrator’s Handbook

Link: Subnets & DHCP

When you click the Subnets & DHCP link, the Subnets & DHCP page appears.

The Server configuration determines the functionality of your DHCP Settings. This functionality enables the Gateway to assign your LAN computer(s) a “private” IP address and other parameters that allow network communication. This feature simplifies network administration because the Gateway maintains a list of IP address assignments. Additional computers can be added to your LAN without the hassle of configuring an IP address. This is the default mode for your Gateway.

Private LAN Subnet

◆ Device IPv4 Address: The IP address of your Gateway as seen from the LAN

◆ Subnet Mask: Subnet mask of your LAN

◆ DHCPv4 Start Address: First IP address in the range being served to your LAN by the Gateway's DHCP

server

◆ DHCPv4 End Address: Last IP address in the range being served to your LAN by the Gateway's DHCP

server

Public Subnet

◆

Public Subnet Enable: If you select On from the pull-down menu, you can enable a second subnet to distribute public addresses to DHCP clients; this means that IP addresses assigned to LAN clients will be public addresses

◆ Public IPv4 Address: The IP address of your Gateway as seen from the WAN

◆ Public Subnet Mask: Public subnet mask

◆ DHCPv4 Start Address: First IP address in the range being served from a DHCP public pool.

◆ DHCPv4 End Address: Last IP address in the range being served from a DHCP public pool.

Page 53

◆ Primary DHCP Pool: Choose the source of the DHCP pool IP address assignment by selecting either the Pri-

vate (local to your LAN) or Public (assigned remotely) radio button.

Cascaded Router

◆ Cascaded Router Enable: If you have another router behind this Gateway, choose On from the pull-down

menu.

◆ Cascaded Router Address: If you chose On from the pull-down menu, enter the IP address of the router you

are using behind this Gateway in the LAN Private IP subnet range.

◆ Network Address: If you chose On from the pull-down menu, enter the Network Address that defines the

range of IP addresses available to clients of the router you are using behind this Gateway.

◆ Subnet Mask: If you chose On from the pull-down menu, enter the subnet mask for the Network Address that

defines the range of IP addresses available to clients of the router you are using behind this Gateway.

DHCP

◆ DHCP Lease: Specifies the default length for DHCP leases issued by the Router. Enter lease time in

dd:hh:mm:ss (days/hours/minutes/seconds) format.

If you make any changes here, click the

Save button, and if prompted, restart the Gateway.

Page 54

Administrator’s Handbook

Link: HPNA

When you click the HPNA link, the HPNA Network page appears.

The HPNA Network page displays information about the Gateway’s HPNA-connected devices in 15 minute intervals.

◆ If you have two or more stations, you can select the radio button and click the Set DVR button to store the

MAC address of the station as the “master DVR.” If the station order subsequently changes, the radio button will appear on the correct station.

Page 55

◆ You can test the performance of each station to station pair by clicking the Run extended Test button. When

you click the

If you do not run the Extended Test, the station-to-station performance section is not displayed.

Run extended Test button, the following page appears as a warning about this invasive test.

◆ You can generate updated statistics by clicking the Refresh button.

Furnished statistics of the current and previous intervals are displayed as follows:

◆ Station ID

◆ HPNA MAC Address

◆ HPNA Firmware (C-coax, T=TP)

◆ HPNA Version

◆ HPNA Master

Interval Start Interval Stop

Short Tx Pkt This is the number of Transmitted Packets Short Rx Pkt This is the number of Received Packets CRC Errors Rx This is the number of Receipt errors Dropped Tx This is the number of Transmit packets dropped Dropped Rx This is the number of Receipt packets dropped Tx Error % This is the percentage of transmitted errors Rx Error % This is the percentage of receipt errors Frames Tx This is the number of frames transmitted Frames Rx This is the number of frames received Bytes Tx This is the number of bytes transmitted Bytes Rx This is the number of bytes received Unicast Tx This is the number of unicast packets transmitted Unicast Rx This is the number of unicast packets received Multicast Tx This is the number of multicast packets transmitted Multicast Rx This is the number of multicast packets received Local Control Req This is the number of requests made to the device by local control Local Control Repl This is the number of replies made by the device to local control Remote Control Req This is the number of requests made to the device by remote control Remote Control Repl This is the number of replies made by the device to remote control

Page 56

Administrator’s Handbook

Voice

If you click the Voice ink, the Voice page appears.

Voice-over-IP (VoIP) refers to the ability to make voice telephone calls over the Internet. This differs from traditional phone calls that use the Public Switched Telephone Network (PSTN). VoIP calls use an Internet protocol, Session Initiation Protocol (SIP), to transmit sound over a network or the Internet in the form of data packets.

◆ The Voice page displays information about your VoIP phone lines, if configured. Your Gateway supports two

phones, Line 1 and Line 2.

◆ If either one or both are registered with a SIP server by your service provider or not registered, the Voice page

will display their Registration Details.

The links at the top of the Voice page access a series of pages to allow you to conﬁgure and monitor features of your device. The following sections give brief descriptions of these pages.

◆ “Line Details” on page 57

◆ “Call Statistics” on page 58

Page 57

Link: Line Details

When you click the Line Details link, the Line Details page appears.

◆ If your service provider has enabled your VoIP phone lines, you can register them by clicking the Register

Line 1 or Register Line 2 button(s).

◆ To test if the lines are enabled, click the Ring Line 1 or Ring Line 2 button(s). If enabled and registered, the

respective phone will ring until you click the

◆ To clear the current state of each phone line, click the Reset Line 1 or Reset Line 2 button(s). This will dis-

connect any calls currently in progress as well.

◆ To update the display, click the Refresh button.

Stop Ring Line 1 or Stop Ring Line 2 buttons.

Page 58

Administrator’s Handbook

Link: Call Statistics

When you click Call Statistics, the Call Statistics page appears.

For Line 1 and Line 2:, the two available phone lines, the Call Statistics page displays the following information:

Call Statistics - Line 1 and Line 2

Last Call/Cumulative – Incoming/Outgoing

RTP Packet Loss Real-time Transport Protocol packets dropped RTP Packet Loss percent-

age Total RTCP Packets Total Real-time Transport Control Protocol packets Average Inter Arrival Jitter This is calculated continuously in milliseconds as each data packet is received

Max Inter Arrival Jitter This is the maximum value in milliseconds recorded as each data packet is

Percent of Real-time Transport Protocol packets dropped

and averaged.

received.

Page 59

Sum of Inter Arrival Jitter This is calculated continuously in milliseconds as each data packet is received

and totalled.

Sum of Inter Arrival Jitter Squared

Sum of Franc Loss Fraction Lost: The fraction of RTP data packets lost since the previous SR or

Sum of Franc Loss Squared

Max One Way Delay One Way Delay will be calculated in milliseconds on every RTCP SR or RR

Sum of One Way Delay The sum of all the one way delays calculated in milliseconds on every RTCP

Sum of One Way Delay Squared

Avg Round Trip Time Average time in milliseconds from this local source to destination address and

Max Round Trip Time Maximum amount of time in milliseconds from this local source to destination

Sum of Round Trip Time Sum of time in milliseconds from this local source to destination address and

Sum of Round Trip Time Squared

This is calculated continuously in milliseconds as each data packet is received and the total is squared.

RR packet was sent. This fraction is defined to be the number of packets lost divided by the number of packets expected. This will be calculated on every RTCP SR packet. Sum of the fraction lost is calculated with all the RTCP packets.

Fraction lost is squared with every RTCP SR or RR packet. Sum of all this will give the Sum of Franc Loss Squared.

packet. This value is (systime - lsr - dslr) / 2 lsr means last SR timestamp dslr means delay since last SR.

packet is displayed as Sum of One Way Delay. One Way Delay is squared with every RTCP SR or RR packet. Sum of all this

will give the Sum of One Way Delay Squared.

back again for all logged calls

address and back again for all logged calls

back again for all logged calls Sum squared of time from this local source to destination address and back

again for all logged calls

Page 60

Administrator’s Handbook

For Line 1 and Line 2:, the two available phone lines, the Call Summary section displays the following information:

Call Summary - Line 1 and Line 2

Current Call/Last Completed Call

Call Timestamp Date and Time of the current call Type May be Incoming or Outgoing Duration Length of time in seconds of call connection Codec in Use Audio codec used for decoding the call packet traffic. Far-End Host Information SIP server IP information: IP address and port number Far-End Caller Information Caller ID information, if available

Cumulative Since Last Reset

Last Reset Timestamp Date and Time of the last call Number of Calls Total number of calls for each VoIP line Duration Time in seconds since the last call Number of Incoming Calls Failed Number of Incoming calls that fail to connect Number of Outgoing Calls Failed Number of Outgoing calls that fail to connect

Page 61

The following table is the simplified version of VOIP line/hook/etc. states during different conditions.

VOIP

Line 1/2

Disable

Enabled

The following table provides the state changes during the boot-up procedure.

VOIP

Line 1/2

Disable

Enabled

Hook state WAN IP Reg-state

On/Off-hook UP Idle OFF N/A off

On-hook UP Registered ON N/A Solid

Off-hook UP Registered ON DIAL TONE Blink

On/off hook UP Failure OFF N/A off

On/off hook DOWN Idle OFF N/A off

WAN

Status

Down Off-hook Idle On-to-off off off

Down On/Off-hook Idle ON Congestion off

Up Off-hook Registered ON Congestion.

Hook State Reg-state

Voltage

Enabled

FXS

Tone LED

Dial Tone played after the hook state is changed.

Page 62

Administrator’s Handbook

Firewall

When you click the Firewall tab, the Firewall Status page appears. The Firewall page displays the status of your system firewall elements.

All computer operating systems are vulnerable to attack from outside sources, typically at the operating system or Internet Protocol (IP) layers. Stateful Inspection firewalls intercept and analyze incoming data packets to determine whether they should be admitted to your private LAN, based on multiple criteria, or blocked. Stateful inspection improves security by tracking data packets over a period of time, examining incoming and outgoing packets. Outgoing packets that request specific types of incoming packets are tracked; only those incoming packets constituting a proper response are allowed through the firewall.

Stateful inspection is a security feature that prevents unsolicited inbound access when NAT is disabled. You can configure UDP and TCP “no-activity” periods that will also apply to NAT time-outs if stateful inspection is enabled on the interface. Stateful Inspection parameters are active on a WAN interface only if enabled on your system. Stateful inspection can be enabled on a WAN interface whether NAT is enabled or not.

The center section displays the following:

Packet Filter

IP Passthrough

NAT Default Server

Firewall Advanced

The links at the top of the Firewall page access a series of pages to allow you to configure security features of your device. The following sections give brief descriptions of these pages.

May be On or Off

◆ “Packet Filter” on page 63

◆ “NAT/Gaming” on page 69

◆ “IP Passthrough” on page 75

◆ “Firewall Advanced” on page 78

Page 63

Link: Packet Filter

When you click the Packet Filter link the Packet Filter screen appears.

Security should be a high priority for anyone administering a network connected to the Internet. Using packet filters to control network communications can greatly improve your network’s security. The Packet Filter engine allows creation of a maximum of eight Filtersets. Each Filterset can have up to eight rules configured.

☛ WARNING:

Before attempting to configure filters and filtersets, please read and understand this entire section thoroughly. The Motorola Gateway incorporating NAT has advanced security features built in. Improperly adding filters and filtersets increases the possibility of loss of communication with the Gateway and the Internet. Never attempt to configure filters unless you are local to the Gateway. Although using filtersets can enhance network security, there are disadvantages:

• Filters are complex. Combining them in filtersets introduces subtle interactions, increasing the likelihood of implementation errors.

• Enabling a large number of filters can have a negative impact on performance. Processing of packets will take longer if they have to go through many checkpoints in addition to NAT.

• Too much reliance on packet filters can cause too little reliance on other security methods. Filtersets are not a substitute for password protection, effective safeguarding of passwords, and general awareness of how your network may be vulnerable.

Motorola’s packet filters are designed to provide security for the Internet connections made to and from your network. You can customize the Gateway’s filtersets for a variety of packet filtering applications. Typically, you use filters to selectively admit or refuse TCP/IP connections from certain remote networks and specific hosts. You will also use filters to screen particular types of connections. This is commonly called firewalling your network.

Before creating filtersets, you should read the next few sections to learn more about how these powerful security tools work.

Page 64

Administrator’s Handbook

Parts of a filter

A filter consists of criteria based on packet attributes. A typical filter can match a packet on any one of the following attributes:

◆ The source IP address (where the packet was sent from)

◆ The destination IP address (where the packet is going)

◆ The type of higher-layer Internet protocol the packet is carrying, such as TCP or UDP

Other filter attributes

There are three other attributes to each filter:

◆ The filter’s order (i.e., priority) in the filterset

◆ Whether the filter is currently active

◆ Whether the filter is set to forward packets or to block (discard) packets

Design guidelines

Careful thought must go into designing a new filterset. You should consider the following guidelines:

◆ Be sure the filterset’s overall purpose is clear from the beginning. A vague purpose can lead to a faulty set, and

that can actually make your network less secure.

◆ Be sure each individual filter’s purpose is clear.

◆ Determine how filter priority will affect the set’s actions. Test the set (on paper) by determining how the filters

would respond to a number of different hypothetical packets.

◆ Consider the combined effect of the filters. If every filter in a set fails to match on a particular packet, the

packet is:

• Forwarded if all the filters are configured to discard (not forward)

• Discarded if all the filters are configured to forward

• Discarded if the set contains a combination of forward and discard filters

An approach to using filters

The ultimate goal of network security is to prevent unauthorized access to the network without compromising authorized access. Using filtersets is part of reaching that goal.

Each filterset you design will be based on one of the following approaches:

◆ That which is not expressly prohibited is permitted.

◆ That which is not expressly permitted is prohibited.

It is strongly recommended that you take the latter, and safer, approach to all of your filterset designs.

Page 65

Working with Packet Filters

To work with filters, begin by accessing the Packet Filter page.

Packet Filter

◆ Enable/Disable Packet Filters – Click this button to globally turn your filters on or off.

Packet Filter Rules

Buttons: Click either Add a ‘Drop’ Rule or Add a ‘Pass’ Rule button.

◆ Action:

• drop: If you select drop, the specified packets will be blocked.

• pass: If you select pass, the specified packets will be forwarded.

Page 66

Administrator’s Handbook

◆ Enter the Source IP Address or Destination IP Address this filter will match on.

As you create new Matches, the pulldown items change. There can only be one match from each Match Type for a given rule. Match Types like Source Port, Destination Port, and TCP Flags are only available if other matches (for example, Protocol =TCP) have previously been created.

◆ Select Protocol, if necessary, from the pull-down menu: ICMP, TCP, UDP, or None to specify any another IP

transport protocol. If you chose by number, enter the Protocol by number here. If you chose by name, enter the Protocol by name here. Enter the Source Port this filter will match on. Enter the Destination Port this filter will match on. If you selected ICMP, enter the ICMP Type here.

When you are finished configuring the filter, click the

The filter is automatically saved.

Enter Match button.

Page 67

Packet Filter Rules List

Your entries are displayed as a table.

☛ NOTE:

Default Forwarding Filter

If you create one or more filters that have a matching action of forward, then action on a packet matching none of the filters is to block any traffic.

Therefore, if the behavior you want is to force the routing of a certain type of packet and pass all others through the normal routing mechanism, you must configure one filter to match the first type of packet and apply Force Routing. A subsequent filter is required to match and forward all other packets.

Management IP trafﬁc

If the Force Routing filter is applied to source IP addresses, it may inadvertently block communication with the router itself. You can avoid this by preceding the Force Routing filter with a filter that matches the destination IP address of the Gateway itself.

Example:

Assume a configured Custom Service/Hosted Application for an internal web server whose Global Port Range is 8080-8080. Also assume that we want to allow only one external subnet access to this internal server,

207.53.17.0/24. And finally, assume that we want to disallow one IP address on that subnet, 207.53.17.9, from access to that same server (perhaps they were abusing the system in some way). The rules we need are:

Input Rules:

Rule Order

1 Drop 207.53.17.9 - TCP 8080

Action Source IP Destination IP Protocol Source

Port

Destination Port

Page 68

Administrator’s Handbook

2 Pass 207.53.17.0/24 - TCP 8080

3 Drop - - TCP 8080

☛ Port Warnings:

If the packet filter or port forwarding rule involves TCP port 80 or 3389; or UDP port 47806, 43962, 69, 123, or 53; or If you attempt to add or change a match such that this occurs AND if running in VDSL/Ethernet mode, the following warning will appear.

Page 69

Link: NAT/Gaming

When you click the NAT/Gaming link, the NAT/Gaming page appears.

NAT/Gaming allows you to host internet applications when NAT is enabled. You can host different games and software on different PCs.

From the Service pull-down menu, you can select any of a large number of predefined games and software. (See

“

List of Supported Games and Software” on page 73.)

In addition to choosing from these predefined services you can also select a user defined custom service. (See

“

Custom Services” on page 71.)

For each supported game or service, you can view the protocols and port ranges used by the game or service by clicking the

Select a hosting device from the Needed by Device pull-down menu.

1. Once you choose a software service or game, click Add.

2. Select a PC to host the software from the Select Host Device pull-down menu and

click

Service Details button. For example:

Save.

Page 70

Administrator’s Handbook

Each time you enable a software service or game your entry will be added to the list of Service names displayed on the NAT Configuration page.

To remove a game or software from the hosted list, choose the game or software you want to remove and click the

Remove button.

Page 71

Custom Services

To configure a Custom Service, click the Add/Edit Services button. The Custom Services page appears.

Enter the following information:

◆ Service Name: A unique identifier for the Custom Service.

◆ Global Port Range: Range of ports on which incoming traffic will be received.

◆ Base Host Port: The port number at the start of the port range your Gateway should use when forwarding traf-

fic of the specified type(s) to the internal IP address.

◆ Protocol: Protocol type of Internet traffic, TCP or UDP.

Once you define a Custom Service it becomes available in the Application Hosting Entry Service menu as one of the services to select.

Click the

Add button.

Page 72

Administrator’s Handbook

Each time you enable a custom service your entry will be added to the list of Service names displayed on the Custom Services page.

Changes are saved immediately.

To remove this Service, click the

To edit this Service, click the

Edit button.

☛ Note:

You cannot edit a Custom Service if the Service is active; it must be inactive before it can be edited.

Delete button.

Page 73

List of Supported Games and Software

AIM Talk Act of War - Direct Action Age of Empires II

Age of Empires, v.1.0 Age of Empires: The Rise of

Rome, v.1.0

Age of Wonders America's Army Apache

Asheron's Call Azureus Baldur's Gate I and II

Battleﬁeld 1942 Battleﬁeld Communicator Battleﬁeld Vietnam

BitTornado BitTorrent Black and White

Blazing Angels Online Brothers in Arms - Earned in

Blood

Buddy Phone CART Precision Racing, v 1.0 Calista IP Phone

Call of Duty Citrix Metaframe/ICA Client Close Combat III: The Russian

Close Combat for Windows 1.0 Close Combat: A Bridge Too Far, v

2.0

Combat Flight Sim: WWII Europe Series, v 1.0

Dark Reign Delta Force (Client and Server) Delta Force 2

Delta Force Black Hawk Down Diablo II Server Dialpad

DirecTV STB 1 DirecTV STB 2 DirecTV STB 3

Counter Strike DNS Ser ver

Age of Mythology

Brothers in Arms Online

Front, v 1.0

Combat Flight Sim 2: WWII Paciﬁc

Thr, v 1.0

Doom 3 Dues Ex Dune 2000

Empire Earth Empire Ear th 2 F-16, Mig 29

F-22, Lightning 3 FTP Far Cry

Fighter Ace II GNUtella Grand Theft Auto 2 Multiplayer

H.323 compliant (Netmeeting, CUSeeME)

Half Life Half Life 2 Steam Half Life 2 Steam Ser ver

Half Life Steam Half Life Steam Server Halo

Hellbender for Windows, v 1.0 Heretic II Hexen II

Hotline Server ICQ 2001b ICQ Old

IMAP Client IMAP Client v.3 IPSec IKE

Internet Phone Jedi Knight II: Jedi Outcast Kali

KazaA Lime Wire Links LS 2000

Lord of the Rings Online MSN Game Zone MSN Game Zone DX

MSN Messenger Mech Warrior 3 MechWarrior 4: Vengeance

Medal of Honor Allied Assault Microsoft Flight Simulator 2000 Microsoft Flight Simulator 98

HTTP HTTPS

Page 74

Administrator’s Handbook

Microsoft Golf 1998 Edition, v

1.0

Midtown Madness, v 1.0 Monster Truck Madness 2, v 2.0 Monster Truck Madness, v 1.0

Motocross Madness 2, v 2.0 Motocross Madness, v 1.0 NNTP

Need for Speed 3, Hot Pursuit Need for Speed, Porsche Net2Phone

Operation FlashPoint Outlaws POP-3

PPTP PlayStation Network Quake 2

Quake 3 Quake 4 Rainbow Six

RealAudio Return to Castle Wolfenstein Roger Wilco

Rogue Spear SMTP SNMP

SSH server ShoutCast Ser ver SlingBox

Soldier of Fortune StarCraft StarLancer, v 1.0

Starﬂeet Command TFTP TeamSpeak

Telnet Tiberian Sun: Command and Con-

Total Annihilation Ultima Online Unreal Tournament Server

Urban Assault, v 1.0 VNC, Virtual Network Computing Warlords Battlecr y

Microsoft Golf 1999 Edition Microsoft Golf 2001 Edition

Timbuktu

quer

Warrock Westwood Online, Command and

Conquer

Wolfenstein Enemy Territor y World of Warcraft X-Lite

XBox 360 Media Center XBox Live 360 Yahoo Messenger Chat

Yahoo Messenger Phone ZNES eDonkey

eMule eMule Plus iTunes

mIRC Auth-IdentD mIRC Chat mIRC DCC - IRC DCC

pcAnywhere (incoming)

Win2000 Terminal Ser ver

Page 75

Link: IP Passthrough

When you click the IP Passthrough link, the IP Passthrough page appears.

IP Passthrough

The IP Passthrough feature allows a single PC on the LAN to have the Motorola Gateway’s public address assigned to it. It also provides PAT (NAPT) via the same public IP address for all other hosts on the private LAN subnet.

Using IP Passthrough, the public WAN IP is used to provide IP address translation for private LAN computers. The public WAN IP is assigned and reused on a LAN computer.

Page 76

Administrator’s Handbook

DHCP address serving can automatically serve the WAN IP address to a LAN computer.

When DHCP is used for addressing the designated passthrough PC, the acquired or configured WAN address is passed to DHCP, which will dynamically configure a single-servable-address subnet, and reserve the address for the configured PC’s MAC address. This dynamic subnet configuration is based on the local and remote WAN address and subnet mask.

◆ The two DHCP modes assign the WAN IP information needed to the client automatically.

• You can select the MAC address of the PC you want to be the IP Passthrough client with ﬁxed mode, or,

• with “first-come-first-served” – dynamic – the first client to renew its address will be assigned the WAN IP.

◆ Manual mode is like statically configuring your PC. With Manual mode, you configure the TCP/IP Properties

of the LAN client PC you want to be the IP Passthrough client. You then manually enter the WAN IP address, Gateway Address, etc. that matches the WAN IP address information of your Motorola Gateway. This mode works the same as the DHCP modes. Unsolicited WAN traffic will get passed to this client. The client is still able to access the Motorola Gateway and other LAN clients on the 192.168.1.x network, etc.

◆ The Passthrough DHCP Lease – By default, the passthrough host's DHCP leases will be shortened to two

minutes. This allows for timely updates of the host's IP address, which will be a private IP address before the WAN connection is established. After the WAN connection is established and has an address, the passthrough host can renew its DHCP address binding to acquire the WAN IP address. You may alter this setting.

◆ Click Save. Changes take effect immediately.

A restriction

Since both the Gateway and the passthrough host will use the same IP address, new sessions that conflict with existing sessions will be rejected by the Gateway. For example, suppose you are a teleworker using an IPSec tunnel from the Router and from the passthrough host. Both tunnels go to the same remote endpoint, such as the VPN access concentrator at your employer’s office. In this case, the first one to start the IPSec traffic will be allowed; the second one – since, from the WAN, it's indistinguishable – will fail.

Page 77

NAT Default Server

This feature allows you to:

◆ Direct your Gateway to forward all externally initiated IP traffic (TCP and UDP protocols only) to a default host

on the LAN, specified by your entry in the Internal Address field.

◆ Enable it for certain situations:

– Where you cannot anticipate what port number or packet protocol an in-bound application might use. For example, some network games select arbitrary port numbers when a connection is opened.

– When you want all unsolicited traffic to go to a specific LAN host.

This feature allows you to direct unsolicited or non-specific traffic to a designated LAN station. With NAT “On” in the Gateway, these packets normally would be discarded.

For instance, this could be application traffic where you don’t know (in advance) the port or protocol that will be used. Some game applications fit this profile.

◆ Click Save. Changes take effect immediately.

Page 78

Administrator’s Handbook

Link: Firewall Advanced

When you click the Firewall Advanced link the Firewall Advanced screen appears.

Stateful inspection is a security feature that prevents unsolicited inbound access when NAT is disabled. You can configure UDP and TCP “no-activity” periods that will also apply to NAT time-outs if stateful inspection is enabled on the interface. Stateful Inspection parameters are active on a WAN interface only if enabled on your Gateway. Stateful inspection can be enabled on a WAN interface whether NAT is enabled or not.

DoS Protection – Denial-0f-Service attacks are common on the Internet, and can render an individual PC or a whole network practically unusable by consuming all its resources. Your Gateway includes default settings to block the most common types of DoS attacks. For special requirements or circumstances, a variety of additional blocking characteristics is offered. See the following table.

Menu item Function

Drop packets with invalid source or destination IP address

Protect against port scan Whether to detect and drop port scans.

Drop packets with unknown ether types

Drop packets with invalid TCP ﬂags Whether packets with invalid TCP flag settings (NULL, FIN, Xmas,

Drop incoming ICMP Echo requests

Whether packets with are to be dropped

Whether packets with

etc.) should be dropped Whether all ICMP echo requests are to be dropped; On or Off.

invalid source or destination IP address(es)

unknown ether types are to be dropped

Page 79

Menu item Function

Flood Limit Whether packet flooding should be detected and offending packets

be dropped; On or Off.

Flood rate limit Specifies the number limit of packets per second before dropping the

remainder.

Flood burst limit Specifies the number limit of packets in a single burst before dropping

the remainder.

Flood limit ICMP enable Whether ICMP traffic packet flooding should be detected and offend-

ing packets be dropped; On or Off.

Flood limit UDP enable Whether UDP traffic packet flooding should be detected and offend-

ing packets be dropped; On or Off.

Flood limit UDP Pass multicast Allows exclusion of UDP multicast traffic. On by default. Flood limit TCP enable Allows exclusion of TCP traffic. Off by default. Flood limit TCP SYN-cookie Allows TCP SYN cookies flooding to be excluded.

(Additional)

Neighbor Discovery Attack protection

Reﬂexive ACL When IPv6 is enabled, Reflexive Access Control Lists can deny

If you make any changes here, click the Save button.

Prevents downstream traffic from an upstream device that sends excessive traffic but receives no replies; On or Off.

inbound IPv6 traffic unless this traffic results from returning outgoing packets (except as configured through firewall rules).

Page 80

Administrator’s Handbook

Diagnostics

When you click the Diagnostics tab, the Troubleshoot page appears.

This automated multi-layer test examines the functionality of the Router from the physical connections to the data traffic being sent by users through the Router.

You can run all the tests in order by clicking the

The device will automatically test a number of components to determine any problems. You can see detailed results of the tests by clicking the

Details buttons for each item.

Run Full Diagnostics button.

Page 81

Here is an example of the Ethernet Details screen.

Test Internet Access

These tests send a PING from the modem to either the LAN or WAN to verify connectivity. A PING could be either an IP address (163.176.4.32) or Domain Name (www.motorola.com). You enter a web address URL or an IP address in the respective field.

Click the Ping, Trace, NSLookup, or Detect Missing Filter button.

Results will be displayed in the Progress Window as they are generated.

◆ Ping - tests the “reachability” of a particular network destination by sending an ICMP echo request and waiting

for a reply.

◆ Traceroute - displays the path to a destination by showing the number of hops and the router addresses of

these hops.

◆ NSLookup - converts a domain name to its IP address and vice versa.

◆ Detect Missing Filter - if you click the Detect Missing Filter button, a warning message appears at the top

since the detection takes up to 2 minutes. When completed the Progress area might look like following.

To use the Ping capability, type a destination address (domain name or IP address) in the text box and click the

Ping, Trace, or Lookup button. The results are displayed in the Progress Window.

This sequence of tests takes approximately one minute to generate results. Please wait for the test to run to completion.

Each test generates one of the following result codes:

Result Meaning

* PASS: The test was successful.

* FAIL: The test was unsuccessful.

Page 82

Administrator’s Handbook

Result Meaning

* SKIPPED: The test was skipped because a test on which it depended failed.

* PENDING: The test timed out without producing a result. Try running the test again.

* WARNING: The test was unsuccessful. The Service Provider equipment your Modem connects to

may not support this test.

Below are some specific tests:

Action If PING fails, possible causes are:

From the Check Connection page:

Ping the internet default gateway IP address DSL is down, DSL settings are incorrect; Gate-

way’s IP address or subnet mask are wrong; gate-

way router is down. Ping an internet site by IP address Site is down. Ping an internet site by name Servers are down; site is down.

From a LAN PC:

Ping the Modem’s LAN IP address IP address and subnet mask of PC are not on the

same scheme as the Modem; cabling or other con-

nectivity issue. Ping an internet site by IP address PC's subnet mask may be incorrect, site is down. Ping an internet site by name DNS is not properly configured on the PC, site is

down.

Page 83

Link: Logs

When you click Logs, the Logs page appears.

The current status of the device is displayed for all logs: System, Firewall, or VoIP. Choose the log you want to display from the pull-down menu.

◆ You can clear all log entries by clicking the Clear Log button.

◆ You can save logs to a text (.TXT) file by clicking the Save to File button. This will download the file to your

browser’s default download location on your hard drive. The file can be opened with your favorite text editor.

☛ Note:

Some browsers, such as Internet Explorer for Windows XP, require that you specify the Motorola device’s URL as a “Trusted site” in “Internet Options: Security”. This is necessary to allow the “download” of the log text file to the PC.

Page 84

Administrator’s Handbook

The following is an example log portion saved as a .TXT file:

Page 85

Link: Update

When you click Update, the Update page appears.

Operating System Software is what makes your Gateway run and occasionally it needs to be updated. Your Cur- rent software version is displayed at the top of the page.

To update your software from a file on your PC, you must first download the software from your Service Provider's Support Site to your PC's hard drive.

◆ Browse your computer for the operating system file you downloaded and select the file.

◆ Click the Update button.

The LEDs will operate normally as described in “

◆ The installation may take a few minutes and the web page will indicate a 3-part countdown before returning

you to the Home page; wait for it to complete. During the software installation, you will lose Internet and phone service. The LEDs will function as follows:

During this phase, the LEDs will function as follows: During this phase, the Power LED willl flash Orange/Amber during firmware upgrade (flash writing to mem-

ory) and all other LEDs will be off.

◆ The Gateway will restart automatically.

As the device reboots, the POWER ON LED behavior will happen.

◆ Your new operating system will then be running.

Status Indicator Lights” on page 90.

Page 86

Administrator’s Handbook

Link: Resets

When you click Resets, the Resets page appears.

In some cases, you may need to clear all the configuration settings and start over again to program the Motorola Gateway. You can perform a factory reset to do this.

It might also be useful to reset your connection to the Internet without deleting all of your configuration settings.

◆ Click the Reset IP to refresh your Internet WAN IP address. LAN-side users will be briefly disconnected from

the Internet, but will otherwise be unaffected.

◆ Click the Reset Connection button to disconnect and reconnect all of your connections, including your VoIP

phones.

◆ Click the Reset Device button to reset the Gateway back to its original factory default settings.

◆ Click the Restart button to reboott the device. Previous configuration settings are still retained.

☛ NOTE:

Exercise caution before performing a Factory Reset. This will erase any configuration changes that you may have made and allow you to reprogram your Gateway.

Page 87

Link: Event Notifications

When you click Event Notiﬁcations, the Event Notiﬁcations page appears.

◆ If you check the Broadband Status Notiﬁcation checkbox, the device will alert users on your network if the

connection to the Internet should fail. In that event, troubleshooting suggestions will display.

◆ If you check the Missing Filter Notiﬁcation checkbox, the device will alert users on your network if hardware

line filters are either missing or improperly installed. In that event, troubleshooting suggestions will display.

Page 88

Administrator’s Handbook

Link: NAT Table

When you click the NAT Table link, the NAT Table page appears.

The NAT Table page displays the network address translation sessions in use by the Gateway. You can use the pull-down menu to limit the displayed sessions to selected IP addresses.

To refresh all the sessions displayed, click the

Reset button.

Page 89

CHAPTER 3 Basic Troubleshooting

This section gives some simple suggestions for troubleshooting problems with your Gateway’s initial configuration.

Before troubleshooting, make sure you have

◆ read the User Manual;

◆ plugged in all the necessary cables; and

◆ set your PC’s TCP/IP controls to obtain an IP address automatically.

Page 90

Administrator’s Handbook

Status Indicator Lights

The first step in troubleshooting is to check the status indicator lights (LEDs) in the order outlined below.

Motorola® Gateway

Side View

LED Action

Solid Green = The device is powered. Flashing Green = A Power-On Self-Test (POST) is in progress

Power*

Flashing Red = A POST failure (not bootable) or device malfunction occurred.

Orange/Amber = during firmware upgrade (see below)

Off = The unit has no AC power.

NVG589 status indicator lights

Power

Battery

Ethernet

Wireless

HomePNA Broadband 1 Broadband 2

Service Phone 1 Phone 2

USB

*During

Firmware

Upgrade

During

Boot

process

Battery

During the software installation, you will lose internet and phone service. The LEDs will function as follows:

1. As firmware is being loaded into flash, the LEDs will operate normally as described.

2. The installation will take a few minutes – During this phase, the Power LED willl flash Orange/Amber during firmware upgrade (flash writing to memory) and all other LEDs will be off.

3. The Gateway will restart automatically. As the device reboots, the POWER ON LED behavior will happen.

• Power LED = GREEN/FLASH

• All other LED = OFF If the device does not boot, and fails its self test or fails to perform initial load of the boot-

loader:

• Power LED = RED/FLASH

• ALL other LED = OFF If the device boots and then detects a failure: Power LED = GREEN/FLASH starting POST and then all LEDs will FLASH RED, including

Power LED.

Solid Green = Battery in place but not being used. Flashing Green = Battery charging.

Solid Red = Battery backup mechanism has a fault. Flashing Red = Battery needs to be replaced.

Solid Amber = Battery in use. Flashing Amber = Low battery.

Off = No battery or battery has no charge. Cycle between all colors = Battery conducting self-test.

Page 91