Comtrend CT-5072S User Manual

CT-5072S

ADSL2+ Router

User Manual

Version A2.0, November 10, 2008

261063-017

Preface

This manual provides information related to the installation, operation, and application of this device. The individual reading this manual is presumed to have a basic understanding of telecommunications terminology and concepts.

If you find the product to be inoperable or malfunctioning, please contact technical support for immediate service by email at INT-support@comtrend.com

For product update, new product release, manual revision, or software upgrades, please visit our website at http://www.comtrend.com

Important Safety Instructions

With reference to unpacking, installation, use, and maintenance of your electronic device, the following basic guidelines are recommended:

• Do not use or install this product near water, to avoid fire or shock hazard. For

example, near a bathtub, kitchen sink or laundry tub, or near a swimming pool. Also, do not expose the equipment to rain or damp areas (e.g. a wet basement).

• Do not connect the power supply cord on elevated surfaces. Allow it to lie freely.

There should be no obstructions in its path and no heavy items should be placed on the cord. In addition, do not walk on, step on, or mistreat the cord.

• Use only the power cord and adapter that are shipped with this device.

• To safeguard the equipment against overheating, make sure that all openings in

the unit that offer exposure to air are not blocked.

• Avoid using a telephone (other than a cordless type) during an electrical storm.

There may be a remote risk of electric shock from lightening. Also, do not use the telephone to report a gas leak in the vicinity of the leak.

• Never install telephone wiring during stormy weather conditions.

CAUTION:

 To reduce the risk of fire, use only No. 26 AWG or larger

telecommunication line cord.

 Always disconnect all telephone lines from the wall outlet before servicing

or disassembling this equipment.

WARNING

 Disconnect the power line from the device before servicing.  Power supply specifications are clearly stated in Appendix C.

Copyright©2008 Comtrend Corporation. All rights reserved. The information contained herein is proprietary to Comtrend Corporation. No part of this document may be translated, transcribed, reproduced, in any form, or by any means without prior written consent of Comtrend Corporation.

NOTE: This document is subject to change without notice.

CHAPTER 1 INTRODUCTION...........................................................................................................4

1.1 FEATURES ........................................................................................................................................4

1.2 APPLICATION ...................................................................................................................................4

CHAPTER 2 INSTALLATION.............................................................................................................5

2.1 HARDWARE SETUP...........................................................................................................................5

2.2 LED INDICATORS.............................................................................................................................6

CHAPTER 3 WEB USER INTERFACE..............................................................................................7

3.1 DEFAULT SETTINGS .........................................................................................................................7

3.2 IP CONFIGURATION..........................................................................................................................8

3.3 LOGIN PROCEDURE..........................................................................................................................9

CHAPTER 4 QUICK SETUP.............................................................................................................11

4.1 AUTO QUICK SETUP.......................................................................................................................12

4.2 MANUAL QUICK SETUP .................................................................................................................13

4.2.1 PPP over ATM (PPPoA) and PPP over Ethernet (PPPoE)............................................ 15

4.2.2 MAC Encapsulation Routing (MER)..............................................................................19

4.2.3 IP Over ATM...................................................................................................................22

4.2.4 Bridging..........................................................................................................................24

CHAPTER 5 DEVICE INFORMATION...........................................................................................26

5.1 WAN .............................................................................................................................................27

5.2 STATISTICS .....................................................................................................................................27

5.2.1 LAN Statistics..................................................................................................................27

5.2.2 WAN Statistics.................................................................................................................28

5.2.3 ATM statistics.................................................................................................................29

5.2.4 ADSL Statistics...............................................................................................................31

5.3 ROUTE...........................................................................................................................................34

5.4 ARP...............................................................................................................................................35

5.5 DHCP............................................................................................................................................35

CHAPTER 6 ADVANCED SETUP.....................................................................................................36

6.1 WAN .............................................................................................................................................36

6.2 LAN..............................................................................................................................................37

6.3 NAT ..............................................................................................................................................38

6.3.1 Virtual Servers................................................................................................................38

6.3.2 Port T r igger ing...............................................................................................................40

6.3.3 DMZ Host.......................................................................................................................41

6.3.4 ALG.................................................................................................................................41

6.4 SECURITY ......................................................................................................................................42

6.4.1 IP Filtering.....................................................................................................................42

6.4.2 MAC Filtering.................................................................................................................44

6.4.3 Parental Control.............................................................................................................46

6.5 QUALITY OF SERVICE ....................................................................................................................47

6.6 ROUTING .......................................................................................................................................49

6.6.1 Default Gateway.............................................................................................................49

6.6.2 Static Route.....................................................................................................................50

6.6.3 RIP..................................................................................................................................50

6.7 DNS..............................................................................................................................................51

6.7.1 DNS Server.....................................................................................................................51

6.7.2 Dynamic DNS.................................................................................................................51

6.8 DSL...............................................................................................................................................53

6.9 CERTIFICATE............................................................................................................................... ...54

6.9.1 Local...............................................................................................................................54

6.9.2 Trusted CA......................................................................................................................56

CHAPTER 7 DIAGNOSTICS.............................................................................................................57

CHAPTER 8 MANAGEMENT ..........................................................................................................59

SETTINGS.......................................................................................................................................59

8.1

8.1.1 Backup Settings...............................................................................................................59

8.1.2 Update Settings...............................................................................................................59

8.1.3 Restore Default...............................................................................................................60

8.2 SYSTEM LOG .................................................................................................................................61

8.3 SNMP AGENT ...............................................................................................................................62

8.4 TR-069 CLIENT .............................................................................................................................63

8.5 INTERNET TIME .............................................................................................................................64

8.6 ACCESS CONTROL .........................................................................................................................64

8.6.1 Services...........................................................................................................................64

8.6.2 IP Addres s es...................................................................................................................65

8.6.3 Passwords.......................................................................................................................66

8.7 UPDATE SOFTWARE .......................................................................................................................67

8.8 SAVE AND REBOOT ........................................................................................................................67

APPENDIX A – FIREWALL...............................................................................................................68

APPENDIX B – PIN ASSIGNMENTS...............................................................................................72

APPENDIX C – SPECIFICATIONS..................................................................................................73

APPENDIX D – SSH CLIENT ............................................................................................................75

Chapter 1 Introduction

CT-5072S with TR-069 compliant are a series of high performance ADSL2+ Ethernet Routers, providing one 10/100 Ethernet, and one ADSL line to access the Internet.

Comtrend’s CT-5072S series also provide with TR-068 compliant panels and LED indicators making them more user-friendly. It incorporates LAN or Video on Demand over one ordinary telephone line at speeds of up to 24 Mbps. It has full routing capabilities to segment / route IP protocol and is able to support advanced security functions.

The CT-5072S series can operate in either routing or bridging mode and also facilitate remote network management from home. In addition, it can protect all the networked computers with advanced security technologies, such as VPNs (Virtual Private Networks) with PPTP pass-through, L2TP pass-through, IPSec pass-through and firewall.

1.1 Features

• CT-5072S (Annex A) • Auto PVC configuration

• IP filtering • Up to 8 VCs

• SPI (Stateful Packet Inspection) • Web-based management

• DoS protection • Configuration backup and restoration

• Static route and RIP v1/v2 routing • FTP/TFTP server

• Dynamic IP assignment • Embedded SNMP agent

• NAT/PAT • IP/MAC address filtering

• IGMP proxy • TR-069/TR-098/TR-111

• DHCP server/relay/client • TR-068 compliant

• DNS proxy • Remote administration, automatic

firmware upgrade and configuration

1.2 Application

The following diagram depicts the application of the CT-5072S.

Chapter 2 Installation

2.1 Hardware Setup

Follow the instructions below to complete the hardware installation.

The diagram below shows the back panel of the device.

Power

port

Power

button

Reset

button

LINE Port

Connect the ADSL line to this port with a RJ11 cable.

LAN Port

Use a RJ45 straight-through or crossover MDI/X cable to connect to the LAN.

Power ON

Press the power button to the OFF position (OUT). Connect the power adapter to the power port. Attach the power adapter to a wall outlet or other AC source. Press the power button to the ON position (IN). If the Power LED displays as expected then the device is ready for setup (see section 2.2 LED Indicators).

Caution 1: If the device fails to power up, or it malfunctions, first verify that

the power cords are connected securely. Then power it on again. If the problem persists, contact technical support.

Caution 2: Before servicing or disassembling this equipment, disconnect all

power cords and telephone lines from their outlets.

Reset Button

Restore the default parameters of the device by pressing the Reset button for 5 to 10 seconds. After the device has rebooted successfully, the front panel should display as expected (see section 2.2 LED Indicators for details).

NOTE: If pressed down for more than 20 seconds, the CT-5072S will go into a

firmware update state (CFE boot mode). The firmware can then be updated using an Internet browser pointed to the default IP address.

2.2 LED Indicators

The LED indicators are shown below and explained in the table that follows. They are useful for checking the power and connection status of the router.

LED Color Mode Function

LAN LINK Green

ADSL TX/RX Green

ADSL LINK Green

POWER Green

On An Ethernet Link is established

Off An Ethernet Link is not established

Blink Data transmitting or receiving over LAN

On ADSL Link is ready

Off ADSL Link is terminated

Blink ADSL link is active

On ADSL link is established

Off ADSL link is not established

Blink ADSL link is training

On The router is powered up

Off The router is powered down

Chapter 3 Web User Interface

This section describes how to access the device via the web user interface (WUI) using an Internet browser such as Internet Explorer (version 5.0 and later).

3.1 Default Settings

The factory default settings of this device are summarized below.

• LAN IP address: 192.168.1.1

• LAN subnet mask: 255.255.255.0

• Administrative access (username: root , password: 12345)

• User access (username: user, password: user)

• DHCP server: enabled in routing modes (PPPoA/E, IPoA & MER)

• Firewall and NAT: enabled for PPPoE and PPPoA modes

disabled for MER and IPoA modes not available for Bridge mode

• Remote WAN access: disabled

• Remote (WAN) access (username: support, password: support)

• WAN IP address: none

This device supports the following connection types.

• PPP over Ethernet (PPPoE)

• PPP over ATM (PPPoA)

• MAC Encapsulated Routing (MER)

• IP over ATM (IPoA)

• Bridging

Technical Note:

During power on, the device initializes all settings to default values. It will then read the configuration profile from the permanent storage section of flash memory. The default attributes are overwritten when identical attributes with different values are configured. The configuration profile in permanent storage can be created via the web user interface or telnet user interface, or other management protocols. The factory default configuration can be restored either by pushing the reset button for more than five seconds until the power indicates LED blinking or by clicking the Restore Default Configuration option in the Restore Settings screen.

3.2 IP Configuration

STATIC IP MODE

To access router settings, your PC must have a static IP address within the

192.168.1.x subnet. Follow the steps below to configure your PC IP address to use subnet 192.168.1.x. The following steps assume you are running Windows XP.

STEP 1: From the Network Connections window, open Local Area Connection (You

may also access this screen by double-clicking the Local Area Connection icon on your taskbar). Click the Properties button.

STEP 2: Select Internet Protocol (TCP/IP) and click the Properties button.

The screen should now display as below. Change the IP address to the domain of 192.168.1.x (1<x<255) with subnet mask of 255.255.255.0.

STEP 3: Click OK to submit the settings.

DHCP MODE

Set your PC to DHCP mode by selecting Obtain an IP address automatically in the Internet Protocol Properties dialog box, as shown below.

3.3 Login Procedure

Perform the following steps to login to the web user interface.

NOTE: The default settings can be found in section 3.1.

STEP 1: Start the Internet browser and enter the default IP address for the device

in the Web address field. For example, if the default IP address is

192.168.1.1, type http://192.168.1.1.

NOTE: For local administration (i.e. LAN access), the PC running the browser

must be attached to the Ethernet, and not necessarily to the device. For remote access (i.e. WAN), use the IP address shown on the Device Info -

WAN screen and login with remote username and password.

STEP 2: A dialog box will appear, such as the one below. Enter a default

username and password, as defined in section 3.1 Default Settings.

Click OK to continue.

NOTE: The login password can be changed later (section 8.6.3 Passwords)

STEP 3: After successfully logging in for the first time, you will reach this screen.

NOTE1: If a PVC connection already exists then this Quick Setup screen will be

bypassed and the Device Info – Summary screen will display instead.

NOTE2: The selections available on the main menu (onscreen at left) are based

upon the configured connection and user account privileges.

Chapter 4 Quick Setup

The function allows the user to configure the ADSL router for DSL connectivity and Internet access. It guides the user though the WAN network setup first and then the LAN interface setup. The user can either manually customize the router or follow the auto quick setup procedure.

The following configuration considerations apply:

• The WAN network operating mode operation depends on the service provider’s

configuration on the Central Office side and Broadband Access Server for the PVC

• If the service provider provides PPPoE service, then the connection selection

depends on whether the LAN-side device (typically a PC) is running a PPPoE client or whether the CT-5072S is to run the PPPoE client. The CT-5072S can support both cases simultaneously.

• If some or none of the LAN-side devices are not running a PPPoE client, then

select PPPoE. If all LAN-side devices are running PPPoE clients, then select Bridge In PPPoE mode, CT-5072S also supports pass-through PPPoE sessions from the LAN side while simultaneously running a PPPoE client from non-PPPoE LAN devices.

• NAT and firewall are always enabled when PPPoE mode is selected, but they can

be enabled or disabled by the user when MER or IPoA is selected, NAT and firewall are always disabled when Bridge mode is selected.

• Depending on the network-operating mode, and NAT and firewall status, the

main menu will display or hide the NAT/Firewall menu. For instance, if the default network-operating mode is Bridge, the main menu will not show the NAT and Firewall menu.

NOTE: Up to 8 PVC profiles can be configured and saved in the flash memory. To

activate a particular PVC profile, you must navigate through all the setup screens until the last summary screen, and click Save/Reboot.

4.1 Auto Quick Setup

The auto quick setup procedures require the ADSL link to be up to automatically detect PVCs. You simply need to follow the online instructions as prompted.

Step 1: Select Quick Setup to display the DSL Quick Setup screen.

Step 2: Click Next to start the setup process. Follow the online instructions to

complete the setting. This procedure will skip some advanced setup procedures (such as PVC index and encapsulation selection).

Step 3: After the setup is complete the CT-5072S will reboot.

NOTE: After the device reboots, the Device Info – Summary screen should

appear. If the browser does not refresh automatically, close it and restart. You will need to login again.

4.2 Manual Quick Setup

STEP 1: Click Quick Setup and un-tick the DSL Auto-connect checkbox ; to

enable manual configuration of the connection type.

Un-tick this checkbox to enable manual setup and display the following screen.

STEP 2: Adjust the VPI/VCI settings for the connection you wish to establish. You

may also Enable Quality of Service (QoS) with its checkbox ;.

STEP 3: On this screen, you can choose the connection type and select the

appropriate encapsulation mode. The available options are shown.

 PPPoA- VC/MUX, LLC/ENCAPSULATION  PPPoE- LLC/SNAP BRIDGING, VC/MUX  MER- LLC/SNAP-BRIDGING, VC/MUX  IPoA- LLC/SNAP-ROUTING, VC MUX  Bridging- LLC/SNAP-BRIDGING, VC/MUX

You may also choose to Enable 802.1q (available in PPPoE, MER and

Bridging modes) and enter the VLAN ID, as shown below.

Click Next to continue…

NOTE: The subsections that follow continue the ATM PVC setup procedure.

Enter the appropriate settings for your service. Choosing different connection types will lead to a different sequence of setup screens.

4.2.1 PPP over ATM (PPPoA) and PPP over Ethernet (PPPoE)

STEP 4: Enter the PPP settings as provided by your ISP.

PPP Settings

The PPP Username, PPP password and the PPPoE Service Name entries are dependent on the particular requirements of the ISP. The user name can be a maximum of 256 characters and the password a maximum of 32 characters in length. For Authentication Method, choose from AUTO, PAP, CHAP, and MSCHAP.

Dial on Demand

The CT-5072S can be configured to disconnect if there is no activity for a period of time by selecting the Dial on demand check box. When the checkbox ; is ticked, you must enter an inactivity timeout period of 1 to 4320 minutes.

PPP IP Extension

The PPP IP Extension is a special feature deployed by some service providers. Unless your service provider specifically requires this setup, do not select it.

PPP IP Extension does the following:

• Allows only one PC on the LAN

• The public IP address assigned by the remote side using the PPP/IPCP

protocol is actually not used on the WAN PPP interface. Instead, it is forwarded to the PC LAN interface through DHCP. Only one PC on the LAN can be connected to the remote, since the DHCP server within the device has only a single IP address to assign to a LAN device.

• NAT and firewall are disabled when this option is selected.

• The device becomes the default gateway and DNS server to the PC

through DHCP using the LAN interface IP address.

• The device extends the IP subnet at the remote service provider to the

LAN PC. i.e. the PC becomes a host belonging to the same IP subnet.

• The device bridges the IP packets between WAN and LAN ports, unless

the packet is addressed to the device’s LAN IP address.

Use Static IP Address

Unless your service provider specially requires this setup, do not select it. If selected, enter your static IP address in the IP Address field.

Enable PPP Debug Mode

When this option is selected, the system will put more PPP connection information into the system log. This is for debugging errors and not for normal usage.

STEP 5: Click Next to display the following screen.

Enable IGMP Multicast

Tick the checkbox ; to enable IGMP multicast (proxy). IGMP (Internet Group Membership Protocol) is a protocol used by IP hosts to report their multicast group memberships to any immediately neighboring multicast routers.

Enable WAN Service

Tick the checkbox ; to enable the WAN service.

Service Name: This is the WAN Service label.

STEP 6: Upon completion, click Next. The following screen appears.

This screen allows for the configuration of the CT-5072S LAN interface IP address, subnet mask and DHCP server. To auto-assign IP addresses, DNS server and default gateway to other LAN devices, select the Enable DHCP server radio box. You must also enter the start and end IP address and DHCP leased time.

To configure a secondary IP address for the LAN port, click the checkbox ; shown.

STEP 7: Click Next to display the configuration summary. Click Save/Reboot if

the settings are correct. Click Back if you wish to modify the settings.

After clicking Save/Reboot, the router will save the configuration to the flash memory and reboot. The Web UI will not respond until the system is brought up again. After the system is up, the Web UI will refresh to the Device Info screen automatically. The CT-5072S is ready for operation when the front panel LED indicators display as described in section 2.2 LED Indicators.

4.2.2 MAC Encapsulation Routing (MER)

STEP 4: Enter the WAN IP settings as provided by your ISP.

DHCP can be enabled if the Obtain an IP address automatically checkbox ; is checked. Configuring the default gateway or the DNS with static values will disable the automatic assignment from DHCP or other WAN connection.

STEP 5: Click Next to display the following screen.

Enable NAT

If the LAN is configured with a private IP address, the user should select this checkbox ;. The NAT submenu will appear in the Advanced Setup menu after reboot. On the other hand, if a private IP address is not used on the LAN side (i.e. the LAN side is using a public IP), this checkbox ; should not be selected, so as to free up system resources for improved performance.

Enable Firewall

If this checkbox ; is selected, the Security submenu will be displayed on the Advanced Setup menu after reboot. If firewall is not necessary, this checkbox ; should be de-selected to free up system resources for better performance.

Enable IGMP Multicast

Enable WAN Service

Tick the checkbox ; to enable the WAN service.

Service Name is user-defined.

STEP 6: Upon completion, click Next. The following screen appears.

This screen allows for the configuration of the CT-5072S LAN interface IP address, subnet mask and DHCP server. To auto-assign IP addresses, DNS server and default gateway to LAN devices, select the Enable DHCP server radio box. You must also enter the start and end IP address and DHCP leased time.

Select Enable DHCP Server Relay (if required), and enter the DHCP Server IP Address. This allows the router to relay the DHCP packets to the remote DHCP server. The remote DHCP server will provide the IP address.

NOTE: The Enable DHCP Server Relay option will not display if NAT is enabled.

To configure a secondary IP address for the LAN port, click the checkbox ; shown.

STEP 7: Click Next to display the configuration summary. Click Save/Reboot if

the settings are correct. Click Back if you wish to modify the settings.

4.2.3 IP Over ATM

STEP 4: Enter the WAN IP settings as provided by your ISP.

Since DHCP is not supported over IPoA, the default gateway settings and DNS server addresses must be entered here. These should be provided by your ISP.

STEP 5: Click Next to display the following screen.

Enable NAT

Enable Firewall

+ 53 hidden pages

Comtrend CT-5072S User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Table of Contents

Chapter 1 Introduction

Chapter 2 Installation

4.2.1 PPP over ATM (PPPoA) and PPP over Ethernet (PPPoE)

4.2.2 MAC Encapsulation Routing (MER)

4.2.3 IP Over ATM