Page 1
DI-1 162
Remote Access Router
User’s Guide
Rev. 03 (Oct, 1999)
6DI1162…03
Printed In Taiwan
RECYCLABLE
Page 2
Page 3
DI-1162 Remote Access Router
Copyright Statement
Copyright ©1999 D-Link Corporation
No part of this publication may be reproduced in any form or by any
means or used to make any derivative such as translation,
transformation, or adaptation without permission from D-Link
Corporation/D-Link Systems Inc., as stipulated by the United States
Copyright Act of 1976.
Trademarks
D-Link is a registered trademark of D-Link Corporation/D-Link
Systems, Inc.
All other trademarks belong to their respective owners.
i
Page 4
Page 5
DI-1162 Remote Access Router
Limited Warranty
Hardware:
D-Link warrants each of its hardware products to be free from defects in workmanship
and materials under normal use and service for a period commencing on the date of
purchase from D-Link or its Authorized Reseller and extending for the length of time
stipulated by the Authorized Reseller or D-Link Branch Office nearest to the place of
purchase.
This Warranty applies on the condition that the product Registration Card is filled out
and returned to a D-Link office within ninety (90) days of purchase. A list of D-Link
offices is provided at the back of this manual, together with a copy of the Registration
Card.
If the product proves defective within the applicable warranty period, D-Link will
provide repair or replacement of the product. D-Link shall have the sole discretion
whether to repair or replace, and replacement product may be new or reconditioned.
Replacement product shall be of equivalent or better specifications, relative to the
defective product, but need not be identical. Any product or part repaired by D-Link
pursuant to this warranty shall have a warranty period of not less than 90 days, from
date of such repair, irrespective of any earlier expiration of original warranty period.
When D-Link provides replacement, then the defective product becomes the property of
D-Link.
Warranty service may be obtained by contacting a D-Link office within the applicable
warranty period, and requesting a Return Material Authorization (RMA) number. If a
Registration Card for the product in question has not been returned to D-Link, then a
proof of purchase (such as a copy of the dated purchase invoice) must be provided. If
Purchaser's circumstances require special handling of warranty correction, then at the
time of requesting RMA number, Purchaser may also propose special procedure as may
be suitable to the case.
After an RMA number is issued, the defective product must be packaged securely in the
original or other suitable shipping package to ensure that it will not be damaged in
transit, and the RMA number must be prominently marked on the outside of the
package. The package must be mailed or otherwise shipped to D-Link with all costs of
mailing/shipping/insurance prepaid. D-Link shall never be responsible for any software,
firmware, information, or memory data of Purchaser contained in, stored on, or
integrated with any product returned to D-Link p ursuant to this warranty.
Any package returned to D-Link without an RMA number will be rejected and shipped
back to Purchaser at Purchaser's expense, and D-Link reserv es the right in such a case
to levy a reasonable handling charge in addition mailing or shipping costs.
Software:
Warranty service for software products may be obtained by contacting a D-Link office
within the applicable warranty period. A list of D-Link offices is provided at the back of
this manual, together with a copy of the Registration Card. If a Registration Card for
the product in question has not been returned to a D-Link office, then a proof of purch ase
iii
Page 6
DI-1162 Remote Access Router
(such as a copy of the dated purchase invoice) must be provided when requesting
warranty service. The term "purch ase" in this software warranty refers to the purchase
transaction and resulting license to use such software.
D-Link warrants that its software products will perform in substantial conformance with
the applicable product documentation provided by D-Link with such software product,
for a period of ninety (90) days from the date of purchase from D-Link or its Authorized
Reseller. D-Link warrants the magnetic media, on which D-Link provides its software
product, against failure during the same warranty period. This warranty applies to
purchased software, and to replacement software provided by D-Link pursuant to this
warranty, but shall not apply to any update or re placement which may be provided for
download via the Internet, or to any update which may otherwise be provided free of
charge.
D-Link's sole obligation under this software warranty shall be to replace any defective
software product with product which substantially conforms to D-Link's applicable
product documentation. Purchaser assumes responsibility for the selection of
appropriate application and system/platform software and associated reference
materials. D-Link makes no warranty that its software products will work in
combination with any hardware, or any application or system/platform software product
provided by any third party, excepting only such products as are expressly represented,
in D-Link's applicable product documentation as being compatible. D-Link's obligation
under this warranty shall be a reasonable effort to provide compatibility, but D-Link
shall have no obligation to provide compatibility when there is fault in the third-party
hardware or software. D-Link makes no warranty that operation of its software
products will be uninterrupted or absolutely error-free, and no warranty that all defects
in the software product, within or without the scope of D-Link's applicable product
documentation, will be corrected.
D-Link Offices for Registration and Warranty
Service
The product's Registration Card, provided at the back of this manual, must be sent to a
D-Link office. To obtain an RMA number for warranty service as to a hardware product,
or to obtain warranty service as to a software product, contact the D-Link office nearest
you. An address/
telephone/fax/e-mail/Web site list of D-Link offices is provided in the back of this manual.
iv
Page 7
DI-1162 Remote Access Router
Table of Contents
INTRODUCTION...............................................................................1
Ease of Installation .........................................................................1
Networking Compatibility...............................................................2
RODUCT FEATURES
P
LAN Port.........................................................................................2
Multiple WAN Ports........................................................................2
Expansion Slot/Modules..................................................................2
Dial on Demand..............................................................................3
Full Network Management..............................................................3
Security............................................................................................3
RIP-1/ RIP-2 Routing Protocols .....................................................3
DHCP Support................................................................................3
Data Compression...........................................................................4
Network Address Translation (NAT/NAPT) ....................................4
PPLICATIONS FOR THE
A
Internet Access................................................................................4
Internet Security..............................................................................4
Link Branch Offices.........................................................................5
Local Routing..................................................................................5
Telecommuting................................................................................5
HAT THIS MANUAL DOESN’T COVER
W
DDITIONAL INSTALLA TION REQUIREMENTS
A
...........................................................................2
DI-1162.........................................................4
...............................................5
......................................5
INSTALLATION.................................................................................7
VERVIEW
O
THER RESOURCES
O
ACKING LIST
P
DENTIFYING EXTERNAL COMPONENTS
I
ITE INSTALLATION
S
..........................................................................................7
.............................................................................8
......................................................................................8
...............................................9
...........................................................................12
Rack Mounting..............................................................................13
NSTALLATION AND INITIAL CONFIGURATION OF THE ROUTER
I
..........13
Step 1 - Setting up the Console .....................................................14
v
Page 8
DI-1162 Remote Access Router
Step 2 - Connecting the Console to the Router .............................14
Step 3 - Initial Configuration of the Router ..................................15
Step 3a - Configuring the LAN Port..............................................17
Step 3b - Configuring the WAN Ports for Dial-in, Dial-out and
Leased Lines..................................................................................19
Step 4 - Connecting the Router to a LAN......................................24
Step 5 - Connecting the Router to WAN Devices ..........................24
Step 6 – Plugging in All Devices...................................................25
Step 7 - Powering Up the DI-1162................................................25
CONFIGURATION AND MANAGEMENT..................................27
ONSOLE PROGRAM MAIN MENU
C
YSTEM INFORMATION
S
NTERFACE CONFIGURATION
I
......................................................................28
.....................................................28
.............................................................30
LAN Sub-menu ..............................................................................31
WAN Sub-menu .............................................................................32
ETWORK CONFIGURATION
N
..............................................................35
IP Stack Configuration..................................................................35
IP Static Route ..............................................................................39
IP Networking ...............................................................................41
Router Advertisement....................................................................42
SNMP A
GENT CONFIGURATION
........................................................43
SNMP Community Configuration .................................................43
SNMP Trap Manager....................................................................44
SNMP Authenticated Trap ............................................................ 46
DVANCED FUNCTIONS
A
.....................................................................47
Remote Access Configuration .......................................................47
Script File Configuration..............................................................59
DHCP Configuration....................................................................61
Filter Configuration......................................................................66
Multiple Home Configuration.......................................................72
Static ARP.....................................................................................74
NAT Configuration........................................................................75
Configure NAPT for Special Ap[plication]s.................................87
Telnet/Discovery Enable...............................................................90
DNS Configuration........................................................................91
Radius Configuration....................................................................93
vi
Page 9
DI-1162 Remote Access Router
PPP Configuration........................................................................95
DMIN[ISTRATION
A
YSTEM MAINTENANCE
S
ONFIGURATION
] C
................................................99
..................................................................100
System Status ...............................................................................103
Statistics......................................................................................103
Log and Trace.............................................................................109
Diagnostic...................................................................................112
Software Update..........................................................................117
System Restart.............................................................................117
Factory Reset ..............................................................................118
System Settings Backup/Restore..................................................118
PROM SYSTEM CONFIGURATION..........................................121
System Configuration..................................................................122
TCP/IP Parameters Configuration .............................................123
System Reset................................................................................124
Software Update..........................................................................124
EEPROM Factory Reset..............................................................126
Execute Bootload ........................................................................127
USING TELNET .............................................................................129
ELNET CONFIGURATION
T
................................................................129
Using Telnet via LAN..................................................................129
Using Telnet via WAN.................................................................130
System Timeout............................................................................130
USING RADIUS AUTHENTICATION........................................131
NSTALLING A
I
ONFIGURING THE
C
DDING USERS TO THE
A
RADIUS S
ERVER
DI-1162
RADIUS D
.....................................................131
FOR
RADIUS A
ATABASE
UTHENTICATION
..................................133
.........131
APPENDIX A – CABLES AND CONNECTORS........................135
RS-232 (EIA-574) for Diagnostic Port........................................135
RS-232 (EIA-530) Cable for WAN Port......................................135
RS-449 Cable for WAN Port.......................................................136
V.35 Cable for WAN Port............................................................137
vii
Page 10
DI-1162 Remote Access Router
APPENDIX B – SPECIFICATIONS.............................................139
APPENDIX C - IP CONCEPTS.....................................................141
IP A
DDRESSES
................................................................................141
IP Network Classes.....................................................................142
UBNET MASK
S
................................................................................143
APPENDIX D – IP PROTOCOL AND PORT NUMBERS.........145
ROTOCOL NUMBERS
IP P
ORT NUMBERS
IP P
.................................................................145
..........................................................................145
APPENDIX E – CONFIGURATION FILE..................................147
ONFIGURATION FILE EXAMPLE
C
......................................................148
INDEX..............................................................................................151
viii
Page 11
DI-1162 Remote Access Router
Introduction
Congratulations on your purchase of a D-Link DI-1162 Remote Access
Router. Your new router offers ine xpensive yet complete
telecommunications and internetworking solutions for your corporate
office, school or business. It is ideal for everything from Internet
browsing to receiving calls from Remote Dial-in Users. It incorporates
the most recent technologies to make fast, secure and stable
connections to remote stations via LAN to WAN and vice versa.
Distinguishing features of the DI-1162 include support for a full range
of networking protocols such as TCP/IP (Transmission Control
Protocol/Internet Protocol), Ethernet, Fast Ethernet as well as various
other networking protocols.
Each DI-1162 router is packed with features that give it the flexibility
to provide a complete networking solution for almost any site. The
router fulfills the need for Internet access, IP-based intranetworks and
LAN to multiple WAN communications.
Ease of Installation
The DI-1162 is a self-contained unit that is quick and easy to install. It
is designed to be a standalone unit or it may be mounted on a standard
19-inch networking equipment rack. It uses standard Ethernet wiri ng to
connect (route) a local area network (LAN) to up to 4 separate wide
area networks (WANs) through dial-up or dedicated , leased lines.
Also included with the router is the DI-1162 Router Configuration
Utility, a Windows-based application that makes configuring the router
a snap.
Introduction 1
Page 12
DI-1162 Remote Access Router
Networking Compatibility
The DI-1162 is compatible with remote access products from other
companies such as Ascend, Cisco, and 3Com. Furthermore, it supports
Microsoft Windows 95, Windows 98, and Windows NT remote access
capability.
Product Features
LAN Port
The DI-1162 is equipped with an auto-negotiated 10/100 (Ethernet and
Fast Ethernet) RJ-45 jack for connecting the router to the LAN.
Multiple WAN Ports
The DI-1162 has two EIA-530 WAN ports, each of which can be
connected to a dial-up (dial in or out) line or a dedicated leased line by
multiplexing with a modem or CSU/DSU (Channel Service Unit/ Data
Service Unit) respectively. We recommend connecting only one WAN
port to the Internet.
Expansion Slot/Modules
The DI-1162 contains an expansion slot able to house any one of the
following slide-in expansion modules:
• An RJ-45 NWay 10/100 Ethernet port, giving the router another
LAN connection.
• Two high-speed serial (async/sync) ports for two additional WAN
connections.
• A BRI ISDN module.
2
Page 13
DI-1162 Remote Access Router
These modules allow you to expand the functionality of the DI-1162 to
fulfill all your internetworking needs.
Dial on Demand
The Dial-On-Demand feature allows the DI-1162 to automatically
place a call to a remote node, via a WAN, whenever there is traffic
coming from any workstation on the LAN to that remote site.
Full Network Management
The DI-1162 incorporates SNMP (Simple Network Management
Protocol) agents and a menu-driven Network Management System
accessible via an RS-232 (console) or Telnet connection.
Security
The DI-1162 supports PAP (Password Authentication Protocol), CHAP
(Challenge Handshake Authentication Protocol), Layer 2 and IP
Filtering, and the creation of firewalls.
RIP-1/ RIP-2 Routing Protocols
The DI-1162 supports both RIP-1 and RIP-2 (Routing Information
Protocol versions 1 and 2) exchanges with adjacent routers. These
exchanges allow the DI-1162 to send and/or receive routing tables to
adjacent routers in order to streamline WAN communications.
DHCP Support
DHCP (Dynamic Host Configuration Protocol) allows the DI-1162
router to automatically assign IP addresses to computers as they enter
the network. This feature frees the network administrator from
Introduction 3
Page 14
DI-1162 Remote Access Router
assigning and managing IP addresses for each individual machine on
the LAN.
Data Compression
The DI-1162 incorporates the hardware-based Stac LZS Data
Compression for CCP (Compression Control Protocol).
Network Address Translation (NAT/NAPT)
This feature allows multiple users on the LAN to access the Internet
(through an Internet Service Provider) concurrently through a single IP
address. This is especially useful for corporate office environments,
where a large number of users need access to the internet, but only a
few internet addresses are available.
Applications for the DI-1162
Some applications for the DI-1162 include:
Internet Access
The DI-1162 supports the TCP/IP (a.k.a. IP) protocol, which is the
protocol language used for t he Internet. This router allows eve ryone
connected to the LAN to access the internet.
Internet Security
The DI-1162 can act as a firewall between your office network and the
internet, and can hide the size of your office network and the host
addresses of your office computers from prying internet users. It can
also filter traffic to and from the internet allowing only certain types of
communications to or from certain locat ions to pass through.
4
Page 15
DI-1162 Remote Access Router
Link Branch Offices
The DI-1162 routes communications through its two (upgradeable to
four) WAN ports allowing direct communications to a branch office via
phone lines, the internet or both.
Local Routing
The DI-1162 can route traffic between up to eight local IP networks.
Telecommuting
The DI-1162 allows remote users to dial in and obtain remote access to
the LAN. This feature enables users that have workstations with
remote access capability, e.g. Windows 95, to dial in using a modem
and access the network resources without physically being in the office.
What This Manual Doesn’t Cover
This manual assumes that you are familiar with network management
and networking devices, especially routing protocols.
Additional Installation Requirements
In addition to the contents of your package, there are other hardware
and software requirements needed before the installation and use of
your router. These requirements include:
♦ Ethernet connection(s) to your computer(s) to form a LAN.
♦ A computer equipped with an RS-232 serial port (standard on
most PC’s), and serial line communications software (i.e.
Microsoft HyperTerminal included with Windows).
Introduction 5
Page 16
DI-1162 Remote Access Router
♦ At least one modem or CSU/DSU for connecting the WAN
port(s) to a telephone line.
♦ At least one Internet IP Address per port on the router.
♦ An Internet Service Provider (ISP).
6
Page 17
DI-1162 Remote Access Router
Installation
This chapter details installation procedures for the DI-1162 router.
Overview
The DI-1162 can be configured in two ways; through a direct serial
connection (a console), or remotely, through the incl uded Router
Configuration Utility, Telnet, etc. Please note that if you wish to
remotely configure the router, you must still use a console to initially
configure the LAN or WAN port for a remote connection.
In general, the installation procedures are as follows:
1. Physically install the router into an equipment rack or onto a
desktop.
2. Configure the ro uter through a console.
3. Power off the router and console.
4. Plug in all cables and connectors (LAN, WAN, etc.).
5. Power on all devices.
Each of the above items is discussed in detail below.
Note: Your LAN does not need to be powered down when making a
LAN connection to the router via the RJ-45 port. However, when
connecting devices to the WAN or Diagnostic (console) ports please
make sure the router and the other devices are turned off before making
the connection.
Installation 7
Page 18
DI-1162 Remote Access Router
Other Resources
For more information about your DI-1162 check the following sources:
♦ Quick Installation Guide.
♦ Support disk containing
configuration program used to set up and configure the router.
♦ Frequently Asked Questions (FAQ) and application notes for
this router can be found on the D-Link web site at
http://tsd.dlink.com.tw.
Packing List
Before you proceed further, please check all items you received with
your DI-1162 Router with this list to make sure the package is
complete. The complete package should include:
♦ One DI-1162 Router.
♦ One 100~240V AC/DC power cord.
♦ One RS-232 (DB-9 to DB-9) cable for console connection.
♦ One 6ft. (1.83 m) Category 5 UTP cable for LAN connection.
♦ One EIA-530 (DB-25 to DB-25) cable for WAN connection.
♦ Four rubber feet with adhesive backing.
♦ Rack mount kit including six sc rews and two mounting brackets.
♦ This
User’s Guide
RouteView
(on diskette).
, a Windows-based
If any item is found missing or damaged, please contact your local DLink Reseller for replacement.
8 Installation
Page 19
DI-1162 Remote Access Router
Identifying External Components
The following section illustrates the different components on the
router’s fro nt and rear panels. Before using t he router it is highly
recommended to familiarize yourself with these components to ensure
effective use of the device.
LED Indicators
•
The front panel consists of the LED indicators of the router. The
LED indicators are used to facilitate monitoring and
troubleshooting. Please refer to the following chart for detailed
descriptions of these indicators.
Installation 9
Page 20
DI-1162 Remote Access Router
LED STATUS/ FUNCTION
Power Lights whenever the router is plugged in, turned on, and thus
receiving power.
Diag Lights during the startup POST test.
Boot Lights briefly during startup after the PROM program has
executed. Indicates a successful boot up.
Run Should be slowly blinking if the router is functioning properly.
10/100 This LED is ON for a 100Mbps link, and OFF for a 10Mbps
link.
Link/Act This LED is ON to show a good link to the LAN, and quickly
LAN
Full/Half This LED is ON for a full-duplex connection, and OFF for
flashes to show communication activity on the line.
half-duplex.
Col The LED flashes to show transmission collisions on the line.
WANs
1 & 2
Ready This LED is ON to show a good modem or CSU/DSU link to
the WAN port.
Act This LED flashes to show communication activity on the line.
Ready This LED is ON to show a good modem or CSU/DSU link to
Module
the WAN module, or a good link to the LAN port module.
Act This LED flashes to show communication activity on the line.
10 Installation
Page 21
DI-1162 Remote Access Router
Diagnostics RS-232 Serial Port
•
A DB-9 female connector used to connect a console to the router
for initial setup and out-of-band management.
Wan Ports (1 and 2)
•
Two DB-25 male connectors each of which can be connected to a
dial-up (dial in or out) line or a dedicated leased line by
multiplexing with a modem or CSU/DSU (Channel Service Unit/
Data Service Unit) respectively.
• Slot for Add-in Module
This slot is able to house any one of the following slide-in
expansion modules:
• A single RJ-45 NWay 10/100 Ethernet port
• Two high-speed ser ial (async/sync) ports
• A BRI ISDN module.
LAN Port
•
This jack is a full featured RJ-45 NWay Ethernet/ Fast Ethernet
port. The NWay feature allows this port to automatically configure
itself to match the settings used by the port it is being connected to.
Installation 11
Page 22
DI-1162 Remote Access Router
If it is connected to another NWay capable port, the two ports will
configure themselves to attain the best connection possible.
Fan
•
Provides ventilation inside the router. Please ensure to leave
adequate space at the rear and sides of the unit for proper
ventilation.
• Power Socket
A standard 100~240V socket for the power cord.
• Power Switch
A rocker switch that turns the router off and on.
Site Installation
The site where you install the DI-1162 Router may greatly affect its
performance. Please follow these guidelines for setting up the router.
♦ Install the router on a sturdy, level surface that can support at
least 2 kg of weight. Do not place heavy objects on the router.
♦ The power outlet should be within 1.82 meters (6 feet) of the
router.
♦ Visually inspect the power adapter cord and see that it is fully
secured to the power socket.
♦ Make sure that there is proper heat dissipation from and
adequate ventilation around the router. Leave at least 10 cm of
space at the side and rear of the router for ventilation.
♦ Install the router in a fairly cool and dry place. See Appendix B
for the acceptable temperature and humidity operating ranges.
12 Installation
Page 23
DI-1162 Remote Access Router
♦ Install the router in a site free from strong electromagnetic field
generators (such as motors), vib ration, dust, and direct exposure
to sunlight.
♦ When installing the router on a level surface, attach the rubber
feet to the bottom of the device. The rubber feet cushion the
router, protect the casing from scratches and prevent it from
scratching other surfaces.
Rack Mounting
The DI-1162 may stand alone or be mounted on a standard 19-inch
equipment rack. Rack mounting produces an orderly installation when
you have a number of related network devices. Use the six supplied
screws to fasten the supplied mounting brackets to either end of the
router, then fasten the router into the rack.
Installation and Initial Configuration of the Router
This section discusses the different connections that can be made to the
router when setting it up.
Initially, you will only wish to connect the console to the router in
order to configure the other ports. Once that is complete, you will need
to turn off the power to the router and plug in the connection cables to
the other devices. Next, power on the other devices. When they have
finished powering up, power on the router. Each of these steps is
described in detail in the sections below. Please skip any setting
adjustments that do not apply to your configuration needs.
A Warning about Connecting Cables
It is important that correct cables are used for each connection;
otherwise, the router could be damaged.
Installation 13
Page 24
DI-1162 Remote Access Router
Before connecting or disconnecting an RS-232 cable between the
DI-1162 and the console and modems, please make sure all devices are
off to avoid any chance of damage.
Step 1 - Setting up the Console
The initial setup of the DI-1162, requires connecting a console to
the 9-pin RS-232 Diagnostic port on the router’s front panel. A
serial cable is supplied with the router in order to make this
connection. A console can be a terminal, such as a VT-100, or a
normal PC running te rminal emulation software (such as Microsoft
HyperTerminal, included with Windows). The terminal emulation
software needs to be configured to the following parameters:
◊ VT100 terminal emulation
◊ 9600 baud
◊ No parity, 8 data bits, 1 start bit, 1 stop bit
◊ No flow control
Step 2 - Connecting the Console to the Router
A serial cable is included in the DI-1162 package. To connect this
cable, plug its nine-pin connector into the 9-pin RS-232 Diagnostic
port on the router’s front panel, then connect the other end to the serial
port on the rear of your computer or data terminal.
Please make sure both machines are turned off before making this
connection.
After the connection is made, first power on the console. If you are
using a PC, run the terminal emulation software at this time. After the
PC and the terminal emulation software are up and running, po wer on
the router.
14 Installation
Page 25
DI-1162 Remote Access Router
Using the Console
The
Console Program
configure your DI-1162. Several operations that you should be familiar
with before you attempt to modify the configuration of your router are
listed below:
♦ Moving Forwar d to Another Menu. To move forward to a
sub-menu below the current one, use Tab or arrow keys to
position the cursor on the sub-menu item and press Enter to
view the selected sub-menu.
Moving the Cursor. Within a menu, use Tab and arrow keys
♦
to navigate through different information fields.
Entering Information. There are two types of fields that you
♦
will need to fill in. The first requires you to type in the
appropriate information. The second gives you choices to
choose from. In the second case, press the space bar to cycle
through the available choices. Upon configuring all fields the
sub-menu, position the cursor on SAVE and press Enter to
save, or position the cursor on EXIT to cancel.
♦ Refresh Screen. Console screens are notorious for becoming
garbled. When this happens, simply press <Ctrl> + <R> to
refresh the contents of the screen.
is the interface that you will be using to
Step 3 - Initial Configuration of the Router
After the console is properly connected and both devices are powered
on as described in the preceding sections, you should see the router run
through the power on self test (POST). Finally, it will arrive at the
logon screen sho wn below:
Installation 15
Page 26
DI-1162 Remote Access Router
To log on to the router, use the factory set username and password
‘Admin’ (without the quotes). Please note that the user name and
password are case-sensitive.
Upon entering the username and password (using the <tab> key to
jump to the next field), position the cursor on OK and press <Enter>.
You will then see the following Main Menu:
16 Installation
Page 27
DI-1162 Remote Access Router
Step 3a - Configuring the LAN Port
Preparing the router for connection to a LAN only requires enabling
the LAN port, enabling IP networki ng and assigning the LAN por t an
IP address. After the LAN port is configured, all other features on the
router can be configured remotely through the LAN by using the
included Windows-based Router Configuration Utility or Telnet.
To configure the LAN:
1. The LAN port must be enabled in the Interface
Configuration sub-menu.
♦ Choose Interface Configuration, LAN 1.
♦ Position the cursor over the State item and press <space bar>.
The State will change from Disable to Enable.
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
Installation 17
Page 28
DI-1162 Remote Access Router
♦ Choose Exit in the sub-menus to return to the Main Menu.
2. Enable IP Networking
♦ Choose Network Configuration, IP
Configuration.
♦ Position the cursor over the last item IP Networking
and press <space bar> to Enable it.
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
3. Assign an IP address to the LAN port in the Network
Configuration sub-menu of the Main Menu.
♦ Still in Network Configuration, IP
Configuration submenu from Step 2 above, choose IP
Stack Configuration, LAN 1.
♦ Enter a valid IP address for the LAN in the first item. You may
also enter a Netmask if you wish. For more information about IP
Addresses and Subnet masks, please refer to
Concepts
.
Appendix C – IP
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
♦ Choose Exit in the sub-menus to return to the Main Menu
The router can now be accessed via the LAN by Telnet, the Windowsbased DI-1162 Router Configuration Utility (included with the router)
and other SNMP management applicatio ns.
18 Installation
Page 29
DI-1162 Remote Access Router
If you have any questions r egarding the settings you made or other
settings in the submenus, please refer to the next chapter
and Management
At this point, please proceed to the next initial configuration step.
.
Configuration
Step 3b - Configuring the WAN Ports for Dial-in, Dialout and Leased Lines
Please configure LAN port as described above to familiarize yourself
with the configuration program (the LAN p ort must be configured in
any case). Some settings that were made configuring the LAN will be
repeated below. Please disregard the instructions below if the setting
has already been changed.
Each WAN port can be configured to either receive dial-in calls (act as
a Remote Access Server), dial out to other routers (at branch offices or
the Internet, for instance), or both (but not at the same time). The WAN
ports can also be configured for a leased line (synchronous)
connection. Please note however that we recommend only one single
WAN connection to the Internet since a second connection will not
significantly enhance the performance of the connection.
Enabling a WAN Port
In this section, we will use WAN1 as an example. Other WAN ports
however, will follow the same procedures.
1. The WAN port must be enabled in the Interface
Configuration sub-menu.
♦ Choose Interface Configuration, WAN 1.
♦ Configure the Protocol setting. This is a very important
setting which determines what type of device can be connected
to the WAN port.
Installation 19
Page 30
DI-1162 Remote Access Router
SLIP – asynchronous mode used for
•
modems.
• Async PPP - asynchronous mode used
for modems.
• HDLC – synchronous mode used for
CSU/DSU’s or synchronous modems
using a leased line.
Sync PPP - synchronous mode used for
•
CSU/DSU’s or synchronous modems
using a leased line.
♦ Position the cursor over the State item and press <space bar>.
The State will change from Disable to Enable.
♦ Other Items in this screen also need to be configured such as the
Phone Number and Baud Rate. Please refer to the manual for
the device being connected to the WAN port for the proper
settings. For more information regarding these settings, please
refer to the appropriate section in the
Management
Configuration and
chapter of this User Guide.
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
♦ Choose Exit in the sub-menus to return to the Main Menu.
2. Enable IP Networking
♦ Choose Network Configuration, IP
Configuration.
♦ Position the cursor over the last item IP Networking
and press <space bar> to Enable it.
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
20 Installation
Page 31
DI-1162 Remote Access Router
3. Assign an IP address to the WAN port in the Network
Configuration sub-menu of the Main Menu.
♦ Still in Network Configuration, IP
Configuration submenu from Step 2 above, choose IP
Stack Configuration, WAN 1.
♦ Enter a valid IP address for the WAN in the first item. You may
also enter a Netmask if you wish. For more information about IP
Addresses and Subnet masks, please refer to
Concepts
.
♦ Other items in this screen may also need to be configured such
as the State, Routing and Multicast settings. Please refer to the
appropriate section in the
Configuration and Management
chapter of this User Guide for detailed explanations concerning
the nature and use of these items.
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
Appendix C – IP
♦ Choose Exit in the sub-menus to return to the Main Menu.
Configuring for Dial-in, Dial-out or Leased Line
At this point, you need to decide if the WAN port will be used for
dialing in, dialing out, both or a leased line connection. The settings
you make in next few steps depe nd on how you wish to use the WAN
port. Remember, only one WAN port should be setup to connect to the
Internet.
4. Configure the Dial settings in the Advanced Functions
submenu.
♦ Choose Advanced Functions, Remote Access
Configuration, Dial Configuration.
Installation 21
Page 32
DI-1162 Remote Access Router
Choose WAN1
♦
♦ Please refer to the
Configuration and Management
section of
this manual for more detailed information regarding the items
in this screen.
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
5. Define and configure dial-in users who may access the router and
the LAN it is connected to (if applicable).
♦ From the Main Menu choose Advanced Functions,
Remote Access Configuration, Dial-In User
Profile and press <Enter> in the first empty field.
♦ Enter the dial-in user’s Username (might not be their real
name) and Password.
♦ Change the State to Enable.
♦ Please refer to the
Configuration and Management
section of
this manual for more detailed information regarding the items
in this screen.
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
The WAN port is now setup to receive calls from that user. At this
point, you may wish to define other users who will dial-in to the
router. Please note that User Profiles for dial-in users are valid for
any WAN port configured to receive calls.
6. Define a WAN port for dialing out.
22 Installation
Page 33
DI-1162 Remote Access Router
♦ From the Main Menu choose Advanced Functions,
Remote Access Configuration, Remote
Network Profile and press <Enter> in the first empty
field.
♦ Set the Direction to IN, OUT or BOTH.
♦ Enter a Name and Password used to establish
Outgoing
connections (if the remote site uses PAP or CHAP).
Incoming
♦ Configure the othe r settings shown in this window.
♦ Change the State to Enable.
♦ Please refer to the
Configuration and Management
this manual for more detailed information regarding the
settings in this screen.
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
♦ Choose Exit in the sub-menus to return to the Main Menu.
7. Define a WAN port for a leased line connection.
♦ There are only three steps that need to be done to configure a
WAN port for using a leased line and they have already been
done. They are numbers 1, 2 and 3; enabling the WAN port in
the Interface Configuration sub-menu, configuring
the Protocol setting to a synchronous mod e, and
assigning an IP Address to the WAN port in the Network
Configuration submenu. Remember to save any
submenu screens in which you have made cha nges.
and/or
section of
Choose LOGOFF from the Main Menu
Installation 23
Page 34
DI-1162 Remote Access Router
Your WAN po rts are now configured and should operate normally.
Please note that many of the settings configure d here depend on the
type and capabilities of the device being connected.
At this point in the installation process, you need to turn off the router.
Don’t worry. As long as you saved each screen in the configuration
process, your settings will have been saved in the EEPROM and will
not be lost.
Step 4 - Connecting the Router to a LAN
Your DI-1162 has a single LAN port for connecting to an Ethernet or
Fast Ethernet switch or hub.
The jack for the router’s Ethernet port is of the type known as EIA
RJ-45. The cabling used should be Category 3, 4 or 5 UTP or STP
depending on the connection speed, fitted with an RJ-45 connector.
The NWay feature allows this port to automatically configure itself to
match the settings used by the port it is being connected to. If it is
connected to another NWay capable port, the two ports will configure
themselves to attain the best connection possible.
Full duplex mode will only be enabled if this port is connected to a
full-duplex capable switched port.
At this point, please connect the router to the LAN.
Step 5 - Connecting the Router to WAN Devices
The DI-1162 has two DB-25 ports corresponding to WANs 1 & 2.
These two WAN ports are both synchronous/asynchronous ports, and
can connect to a modem or CSU/DSU using a standard serial cable
with a DB-25 connector at one end.
24 Installation
Page 35
DI-1162 Remote Access Router
Make sure both the WAN device(s) and the router are turned OFF
when making these connections.
Step 6 – Plugging in All Devices
Plug the 100~240V AC/DC power cord into the power jack on the
router’s rear panel and into a power strip or grounded wall outlet.
At this point in the installation, you may plug in and power on all other
devices. Do not power on the router yet.
Step 7 - Powering Up the DI-1162
After all the devices are powered up, the DI-1162 can be turned ON.
The router will perform a POST (Power On Self Test). It is during this
POST procedure that the PROM Configuration Menu can be accessed.
The router is now able to use the LAN and WAN ports.
The router must be further configured for managing your networ k. This
can now be done by using the console, the included Windows-based
Configuration Utility or Telnet.
For more information about configur ing or managing the router, please
refer to the next chapter –
Installation 25
Configuration and Management
.
Page 36
Page 37
DI-1162 Remote Access Router
Configuration and Management
After the initial startup (POST) test, the router will prompt you for
login and password. This is the opening page of the router’s
configuration program, called the Console program. The Console
program is stored in the Flash memory chips in the router and the
settings are written in EEPROM chips in the router. It is the most basic
level for configuring and managing the router and the network t o which
it is connected.
If you’re starting the router for the first time, the default login and
password is “Admin” – the login and password are case-sensitive,
alphanumeric characters.
Note that once you are in the Main Menu, if there is no activity for
more than 5 minutes, the router will automatically log you out. Your
first endeavor should be to increase the ‘timeout’ time by adjusting the
appropriate value in the
The router can also be configured remotely through a LAN or WAN
connection by using the included Router Configuration Utility or
Telnet. However, if you wish to do this, the console program must first
Configuration and Management 27
System Information
sub-menu.
Page 38
DI-1162 Remote Access Router
be used to initially configure the relevant port on the router. Please see
Step 3 - Initial Configuration of the Ro u ter
for more detailed information.
Console Program Main Menu
The Main Menu is shown below.
on page 15 of this manual
As mentioned earlier, your first endeavor should be to increase the
automatic timeout. Enter the
see this screen:
System Information
This menu contains administrative and system-related information.
28 Configuration and Management
System Information
to do this. You will
Page 39
DI-1162 Remote Access Router
The above parameters are described as follows:
• System Description – this is a non-changeable, short description
of the product.
System Object ID – this is the enterprise-specific MIB Object ID
•
indicating this type of router.
• System Up Time – shows how long the router has been running
since the last power off or reset.
• System Contact – enter the name of the department or individual
responsible for maintaining the router.
• System Name – give the router a descriptive name for
identification purposes.
• System Location – enter the geographic location of the router.
• Console/Telnet Display Timeout in Minutes – this is a security
measure to automatically logoff from the console menu after a
given idle time. Enter a timeout time between 0 and 90 minutes.
Zero specifies no timeout.
System MAC Address –the physical address of this router.
•
Configuration and Management 29
Page 40
DI-1162 Remote Access Router
External MAC Address – the physical address of the external
•
LAN add-in module, if present.
Interface Configuration
Under
Interface Configuration
in the main menu is the following
interface configuration screen, used to configure the interfaces for the
LAN(s) and two WANs:
30 Configuration and Management
Page 41
DI-1162 Remote Access Router
LAN Sub-menu
The parameters are described below:
• Description – this is a user-defined, 32-character identifier used to
name the LAN.
• Operation Mode – The LAN port is automatically set to Auto-
Negotiation (NWay). When connected to another LAN port,
NWay will configure this port to match the settings of the other
LAN port. If the other port also implements NWay, the two ports
will auto-negotiate the best possible settings achievable by both
ports.
• State – this is a toggle, to disable or enable the LAN interface.
Configuration and Management 31
Page 42
DI-1162 Remote Access Router
WAN Sub-menu
The parameters are described below:
• Description – this is a user-defined, 32-character identifier used to
name the WAN.
• Modem Init String – this parameter is valid only for
asynchronous connec t ions. It is a user input AT command string to
initialize a modem or ISDN TA attached to the WAN interface.
Please refer to your WAN device’s handbook for more information
about using initialization command strings.
The default setting is for Hayes-compatible asynchronous modems
and is AT&FS0=1X1, where:
AT– the mandatory first two characters of an AT
command string.
&F– initializes the modem to its default settings.
S0=1– sets the modem to auto-answer.
32 Configuration and Management
Page 43
DI-1162 Remote Access Router
X1 – displays the established connection speed to the dial-
in user (e.g. Connection established at
56.6 kps).
• Protocol – this is a protocol used to encapsulate IP messages over
synchronous and asynchronous serial links. The device being
connected to must be using the same protocol for a connection to
succeed. The four protocols are described:
1.
CISCO_HDLC
– this is a serial line encapsulation method for
transmitting datagrams over synchronous serial point-to-point
links.
2.
– Serial Line Internet Protocol. A serial line
SLIP
encapsulation method for transmitting datagrams over
asynchronous seria l point-to-point l i nks. If linking the router
to a computer, each end must know the other’s IP address.
3.
PPP_SYN
– this serial line encapsulation provides a method
for transmitting datagrams over synchronous serial point-topoint links. Unlike the SLIP protocol, PPP can determine the
IP address configuration automatically.
4.
PPP_ASYN
– this serial line encapsulation provides a method
for transmitting datagrams over asynchronous serial point-topoint links. Unlike the SLIP protocol, PPP can determine the
IP address configuration automatically.
• Phone Number – this is only a reference field, used to contain
your line’s phone number when using an asynchronous dial-in
modem.
• Auth[entication] Type – this defines the authorization protocol
that will be used when accepting a dial-in connection. The choices
are Password Authentication Protocol [PAP], Challenge
Handshake Authentication Protocol [CHAP] or None. PAP and
CHAP do not provide a screen for users to manually enter their
Username and Password – instead, this data must be entered into
the dialing software before placing the call. Make sure the device
dialing in is using the same protocol as defined here. The None
Configuration and Management 33
Page 44
DI-1162 Remote Access Router
setting may be used when you do not wish di al-in users or
networks to identify themselves or be subject to security.
Baud Rate – this parameter must be set to configure the
•
communication speed for asynchronous communication devices
(modems). Please refer to the communication device’s handbook
to get the proper setting.
Available asynchronous, communication device speeds are:
9600 / 19200 / 38400 / 57600 / 115200 baud.
For synchronous connections, the router will automatically match
the clock speed of the device being connected.
• State – this is used to disable or enable this interface.
34 Configuration and Management
Page 45
DI-1162 Remote Access Router
Network Configuration
IP protocol configuration and static routes are configured in the
Network Configurati on sub-menu. This menu is shown below:
IP Stack Configuration
The network interface IP address, mask and protocols are specified in
the IP Stack Configuration submenus. Below, the submenus for both
the LAN and WAN interfaces are shown.
Configuration and Management 35
Page 46
DI-1162 Remote Access Router
The parameters are described below:
• IP Address – this is the IP address for the router on the network to
which this interface is connected.
• Netmask – this is a 32-bit bit mask that shows how the IP address
is to be divided into network, subnet and host parts. The netmask
has ones in the bit positions in the 32-bit address which are to be
used for the network and subnet parts, and zeros for the host part.
36 Configuration and Management
Page 47
DI-1162 Remote Access Router
The mask should contain at least the standard network portion (as
determined by the address's class), and the subnet field should be
contiguous with the network portion.
• Forwarding (LAN) – this enables or disables communications
between this interface and other router(s) on the LAN.
• State (WAN) – this is a link method between this interface and
adjacent router(s). The methods are described:
1.
AUTO –
this obtains and utilizes the IP address assignment
from your ISP (Internet Service Provider).
2.
DISABLE –
3.
IP STACK –
used will be the value of the parameter,
4.
UNNUMBER –
this disables this interface.
this enables this interface, and the IP address
IP Address
.
this utilizes a method of connecting this router
with adjacent routers, without having to define an IP network
prefix between them. The adjacent routers must have
UNNUMBER
capability too.
• Routing Protocol – this is a distance vector routing protocol. RIP
is an Internet standard Interior Gateway Protocol defined in RFC
1058 and RFC 1723. Routing information is sent periodically
(each 30 seconds, or triggered by topology change) to an adjacent
router. The adjacent router must be using the same protocol.
Setting this to
RIPV1&V2
will give the router the ability to make
routing information exchanges with any adjacent router.
• Routing Mode – this parameter allows the router to specify the
extent to which it partakes in the RIP on this port. The options are
described below:
1. None
– the router will not participate in any RIP exchange
with adjacent routers.
2. Listen
– the router will incorporate routing information from
adjacent routers, but will not send it’s own routing table.
Configuration and Management 37
Page 48
DI-1162 Remote Access Router
3. Talk
– the router will send adjacent routers it’s own routing
table, but will not incorporate routing information from them.
4. Both
– the router will incorporate routing information from
adjacent routers, and will send adjacent routers it’s own
routing table.
• IP Multicasting – this feature enables or disables the router’s
ability to route IP Multicast packets from one interface to another
(for example, from the LAN ports to the ISDN port). IP
Multicasting is a bandwidth-saving method for transmitting data to
more than one host. IP Multicasting is often used when
sending/receiving audio or video data. When IP Multicasting is
enabled, the router will search its multicast forwarding table and
depending on the result of the search will either forward the packet
or add the group to the table.. If IP Multicasting is disabled, all
multicast packets received by the router will be dropped,
effectively limiting multicasting to the LAN. The router can also
perform DVMRP if this feature is enabled (see Multicast Protocol
below), which allows the DI-1162 to share multicast information
with other routers, enabling IP multicasting over the ISDN port.
• Multicast Protocol – if this parameter is set to None, the router
will only use the Internet Group Management Protocol (IGMP), if
IP Multicasting is enabled above. This effectively limits multicast
data to the local network. If set to DVMRP (Distance Vector
Multicast Routing Protocol), the router will also use this protocol
to share its multicast information with other routers (much like
RIP), in effect, enabling multicasting on the WAN port.
IGMP Version – configures the router to use either IGMP version
•
1 or 2. A major difference between the two is that version 2 allows
the router to communicate multicast information with other routers
(via the WAN port), even if the other router isn’t using DVMRP.
• DHCP Client (LAN) – this feature allows the LAN port to be
assigned an IP address from a DHCP server other than the one in
the router. This feature should be enabled only for special
configurations (such as the presence of a cable modem on the
38 Configuration and Management
Page 49
DI-1162 Remote Access Router
LAN) where you wish the router to work with a device on the
network that must act as a DHCP server. Otherwise, this feature
should be kept disabled.
• RIP Spoofing (WAN) – this feature should only be enabled if you
have more than one router on your network and this router is
providing your WAN connection. In this case, if the WAN
connection is dropped due to inactivity and this feature is enabled,
RIP packets will be sent to the other routers on the network telling
them that data can still be sent to the WAN via this router.
Otherwise, the other routers will learn that the WAN link has been
disconnected and will no longer forward packets destined for the
WAN to this router, causing the packets to be dropped before
Bandwidth on Demand has a chance to reestablish the WAN
connection.
IP Static Route
A static route is a permanent entry in the routing table. Static routing
provides a means of explicitly defining the next hop router for a
particular destination network IP address. Each static route entry also
allows for a metric (a.k.a. hop count) to be specified.
Configuration and Management 39
Page 50
DI-1162 Remote Access Router
The parameters are described below:
• IP Address – this specifies the destination network IP address (or
a host, depending on the netmask) and pairs it with a gateway.
• Netmask – this mask shows how the destination IP address is to be
divided into network, subnet and host parts. The netmask has ones
in the bit positions in the 32-bit address which are to be used for
the network and subnet parts, and zeros for the host part.
• Gateway – this is the adjacent next hop router, for which the
packets, arriving to this router with this destination IP address, will
be forwarded.
• Hops – this is an associated RIP metric that may have its value set
between 1 and 15, inclusive. A metric value higher than 15 (such
as 16) means that the network is unreachable.
• Intf [Interface] – this is the network interface containing the
gateway that the packets will be forwarded through.
• State – this enables/disables a particular entry.
40 Configuration and Management
Page 51
DI-1162 Remote Access Router
IP Static Route Examples
The IP Static Route Table shown in the example IP Static Route screen
above has the first three entries configured for common
implementations of static routing.
The first entry assumes that WAN1 has a connection to the Internet and
defines the default next hop router. If you use this route r to connect to
the Internet it is very important that you create an entry here that
defines the de fault next hop router as your ISP. This configuration is
also commonly used when RIP exchanges with other Internet routers
(on WAN1) are disabled.
The second entry shows how to configure static routes when there is
another router on the LAN. The IP Address shown (202.12.125.0) is
the network address for a branch office, for example. The Gateway
Address (210.172.23.1) is the IP address to the LAN port on another
router on LAN1 that maintains a WAN connection to the branch office.
The third entry is an example of an enterprise WAN connection
(through tele phone lines) to another router, at a branch office for
example. The IP Address is the network address of the branch office.
The Gateway Address is the IP Address of the WAN port on the branch
office router. This configuration assumes there is a modem on WAN2
maintaining a dial-up connection to the branch office.
IP Networking
Under the IP Configuration sub-menu, the
toggle to connect/disconnect this router from the entire IP network.
When IP Networking is disabled, all routing functions are stopped. The
only IP Address the router will act on is it’s own, via Telnet for
example.
Configuration and Management 41
IP Networking
function can
Page 52
DI-1162 Remote Access Router
Router Advertisement
When this option is enabled, the router will periodically send out ICMP
packets that announce itself on the network. These ICMP packets are
utilized by the Windows 98 or later operating system, which will
automatically update the default gateway setting on the computer in
which it is installed.
42 Configuration and Management
Page 53
DI-1162 Remote Access Router
SNMP Agent Configuration
The Simple Network Management Protocol (SNMP), defined in STD
15, RFC 1157, is a protocol governing the management and the
monitoring of IP network devices and their functions. The DI-1162
supports the use of SNMP to acknowledge communication between
management stations and itself. Basically, the DI-1162, when
connected to the network, acts as an SNMP agent, a software process
that responds to queries using SNMP to provide status and statistics
about the router.
Following is a description of how to configure the DI-1162 for SNMP
management.
From the main menu, select
bring you to the SNM P Agent Configuration Me nu, shown above.
SNMP Agent Configuration
. This will
SNMP Community Configuration
Select and Enter the
will see the following configuration screen:
Configuration and Management 43
SNMP Community Configuration
sub-menu. You
Page 54
DI-1162 Remote Access Router
The parameters are described below:
• SNMP Community String – this community string is a user-
defined identifying name used to group together some arbitrary set
of SNMP application entities managed by the network manager.
• Access Right – this element of the set { READ ONLY,
READ/WRITE } is called the SNMP access mode. If the SNMP
Community String has an Access Right of READ/WRITE, then
that Community String is available as an operand for the
and
operations. Otherwise, if the Community String’s
trap
corresponding Access Right is READ ONLY, then it is available
as an operand for the
get
and
operations only.
trap
get, set
,
• State – this validates or invalidates the use SNMP Community
String, by setting the string to ‘Valid’ or ‘Invalid’. Note that
setting the use of the string to ‘Invalid’ is the same as removing the
string, however, the string remains so as to be val i dated at an
appropriate time.
SNMP Trap Manager
From the
Trap Manager
SNMP Agent Configuration
sub-menu. You will see the following configuration
screen:
44 Configuration and Management
menu, select and enter the
SNMP
Page 55
DI-1162 Remote Access Router
The parameters are described below:
• IP Address – enter the IP address of the host who will act as an
SNMP Management Station. The DI-1162 router will send SNMP
traps to these addresses.
SNMP Community String – the community string is a user-
•
defined identifying name used to group together some arbitrary set
of SNMP application entities managed by the network manager.
Traps will be sent to the IP Address (previous parameter) as long
as the corresponding Community String, in the Manage ment
Station’s trap manager software, is the same.
• Status – this validates or invalidates the use of the SNMP
Community String, by setting the use of the str ing to Valid or
Invalid. Note that setting the string to Invalid is the same as
removing the string, ho wever , the string remains so as to be
validated again at an appropriate time.
Configuration and Management 45
Page 56
DI-1162 Remote Access Router
SNMP Authenticated Trap
Returning to the
SNMP Agent Configuration
menu, you can ‘Enable ’
or ‘Disable’ an authentication failure trap message being sent to the
Management Station by the router. When an SNMP packet with an
invalid community name is received, it will be dropped. If this
parameter is enabled, a trap will be sent to the network manager; if this
parameter is disabled, no trap will be sent.
46 Configuration and Management
Page 57
DI-1162 Remote Access Router
Advanced Functions
The Advanced Functions menu holds most of the more complex
configuration se ttings and is shown below:
Remote Access Configuration
The Remote Access Configuration menu is used to set up the router fo r
dial-in and d ial-out connections through modems and/o r ISDN devices
attached to the WAN ports. The two B channels on the ISDN line or
two modems, one connected to each WAN port, can support two
independent remote connections or be banded together using Multi-link
PPP to implement Bandwidth on Demand (configured separately in the
PPP Configuration
window).
menu, the last item in the Advanced Functions
Remote Operation Overview
The DI-1162 is very flexible and can be configured for a variety of
remote connections. Since configuring the router can be quite complex
- depending on the number and type of remote connection(s) you wish
Configuration and Management 47
Page 58
DI-1162 Remote Access Router
to implement – we have described some of the basic functions and
procedures below.
Dial-In User Connections
Dial-in users are defined as a single user on a computer, such as a
person working at home, who dials into the office to use network
resources. In almost all cases, a Dial-In User Profile needs to be set up
for each user who will dial in to the router so the router can tailor the
connection for each user. Once this is done, the remote user will be
able to use network resources as if he were connected locally. When
the user dials into the DI-1162, the call comes into the WAN port and
after answering the phone, the DI-1162:
1. Identifies the Username and Password using the authentication
protocol defined in the
Interface Configuration, WAN
The dial-in user is not prompted for this information, but must
enter it into his dialing software before dialing.
2. Checks the Username and Password against those defined in the
Dial-In User Profiles and Remote Network Profiles.
3. Assuming a matching
Dial-In User Profile
is found, the r outer
may configure the IP address of the remote station (as defined in
the
Dial-In User Profile
4. Configures a dial-in
).
Interface
(a virtual circuit) to handle the
connection.
5. Establishes the connection.
6. In the case where the Dial-In User does not need to supply a
Username and Password (
Configuration
submenu) the remote computer must have its own
Auth Type
is set to None in the
IP address.
submenu.
Interface
Remote Network Connections
Remote networks are defined as other ne t wor ks (LANs) that have
WAN connectio ns usi ng a router, Inter net server, network modem or
similar device (in this document however, we will assume the remote
48 Configuration and Management
Page 59
DI-1162 Remote Access Router
device is a router). In almost all cases, a Remote Network Profile needs
to be set up for each network that will connect to the DI-1162 via a
WAN connection. The Remote Network Profiles are necessary for the
router to identify and tailor the connection to the remote network’s
router. Once this is done, a connection between the two routers can be
made and computers on each network can communicate with each
other.
Dial-In Network Connections
A dial-in network co nnection is very similar to a dial-in user
connection. When the remote router dials into the DI-1162, the call
comes into the WAN port and after answering the phone, the DI-1162:
1. Identifies the Username and Password using the authentication
protocol defined in the
Interface Configuration, WAN
2. Checks the Username and Password against those defined in the
Dial-In User Profiles and Remote Network Profiles.
3. Assuming a matching
Remote Network Profile
is found, the r outer
may configure the IP address of the remote station (as defined in
the
Remote Network Profile
4. Configures the specified
configuration parameters defined in the
menu and the
Remote Network Profile
).
WAN Interface
(a virtual circuit) using the
Interface Configuration
to handle the connection.
5. Establishes the connection.
submenu.
Dial-Out Network Connections
Dial-out network connections are much different than dial-in
connections.
When a packet on the LAN reaches the router, the DI-1162 will:
1. Check its routing table to try to identify where this packet should
go. It looks for two variables in the routing table,
and
Interface
Configuration and Management 49
. There are four possible results:
Gateway address
Page 60
DI-1162 Remote Access Router
I. In the case where the destination resides in the same IP
network on the LAN, the routing engine never a cts on the
packet and it i s sent directly to the destination through the
LAN.
II. In the case where the destination resides on a different IP
network on the LAN (which can happen when
Configuration
request to obtain the MAC address of the destination
computer (or router) and deliver the packet. Note that defining
Static ARPs
to send out an ARP request.
III. In the case where the router finds a match in the routing table
(which includes
and
Interface
Profile
the router gets the telephone number and other information
and dials out, establishes a connection and delivers the packet.
If you have a connection to the Internet, it is very important
that you define
submenu of the console program as your ISP (see the
Routes
IP Static Routes
configuration information). This is because if a user on your
LAN makes a request to download a web page for the first
time, for instance, since it is the first time, the DI-206 will not
have any record of the web page’s IP address in its routing
table. If no default next hop router is defined, the request will
be dropped and the user will get a ‘Destination Unreachable’
error message. However, if a default next hop router is defined
in the
IP Static Routes
the ISP (the request will go through) and the user will receive
the web page.
Multiple Home
is set up), the router will send out an ARP
can speed up delivery since the router won’t need
IP Static Routes
numbers to identify the correct
), it uses the
Gateway address
Remote Network
to use to dial out. From the Remote Network Profile,
the default next hop router
in the
IP Static
section of this manual for more detailed
, the DI-206 will pass this request on to
IV. In the case where there is no match for the destination IP
address in the routing table, and no default next hop router is
defined, the packet will be dropped and no action will be
taken.
50 Configuration and Management
Page 61
DI-1162 Remote Access Router
The Remote Access Configuration submenu is shown below. All items
in the submenu are described as follows.
Dial Configuration
You can configure the two WAN interfaces on your DI-1162 to
dial-out only when a packet is forwarded to that interface, and
hang up after all data has been transferred and the link is idle. This
can be used to lower the cost of an unpopular link or used as a
backup link to your ISP. This feature is commonly called “Dial on
Demand”.
calls from dial in users and other networks, called “Remote
Access”. Please note however, that in all cases, after configuring
the WAN interfaces in the Dial Configuration submenu,
they must be further configured in the Dial-In User
Profile submenu or Remote Network Profile
submenu.
interfaces can also be configured here to receive
WAN
Configuration and Management 51
Page 62
DI-1162 Remote Access Router
Dial In IP Pool
The dial in IP pool allows you to define a range of IP addresses
that will be reserved for and assigned to dial-in users.
The items are described as follows:
♦ IP Address – is the first IP Address that will be assigned to a dial-
in user.
52 Configuration and Management
Page 63
DI-1162 Remote Access Router
Range – is the number of IP Addresses that can be assigned. In the
window shown above, dial-in users will be assigned the IP
Addresses 170.100.200.1 or 170.100.200.2 (only two are
necessary since the router used in the examples has only two WAN
ports).
WAN 1
This submenu contai ns a number of settings (shown below) which
allow you to configure the router to dial out.
The parameters are described below:
• Idle Time – this is the elapsed time (in seconds), of inactivity, that
will trigger the router to disconnect this interface.
• Dial-Out Retry Time – this is the time (in seconds) the router will
wait before the next dial attempt.
• Dial-Out Retry Count – this is the specified maximum number of
dial attempts the router will make when trying to establish a
connection on this interface.
Dial on Demand – this disables or enables dial on demand on this
•
interface. If enabled, when a packet arrives at this port, the router
Configuration and Management 53
Page 64
DI-1162 Remote Access Router
will search for a
Remote Network Profile
that further configures
this WAN port for dialing-out.
Set Peer IP as Default Gateway – when enabled, this feature sets
the IP address of the remote device as the default gateway (default
next hop router) for all pa ckets not found in the routing table. This
option should be enabled for the WAN circuit (WAN1 or WAN2)
that is used to connect to the Internet. Also, if the default gateway
is defined here, you don’t need to define one in the
Configuration, IP Static Route
submenu (but you still need to
define a static default route). And also make sure that the Remote
IP Address in the
Remote Networks Profile
is set to 0.0.0.0. Note
that only one WAN circuit should be connected to the Internet, and
only one WAN circuit (the same one) should be the default
gateway.
Dial-In User Profile
The Dial-In User Profile is used to configure the DI-1162 for single
users (for example a person working at home) to dial in to the router
and gain access to the network. At least one User Profile must be
configured for each user who will dial in (in conjunction with
Configuration
computers on other networks must be defined in the
Profile
settings). Please note that WAN connections to
submenu.
Network
Dial
Remote Network
Up to eight users can be set up to dial in to the router. However, more
dial-in users can be accommodated by using a Radius server as
described in the
Radius Configuration
section of this manual.
The Dial-In User Profile submenu appears below:
54 Configuration and Management
Page 65
DI-1162 Remote Access Router
The parameters in the above window are described as follows:
• Name – the maximum length is 64 characters. This username is for
password challenge s (authentication). The user dialing in must
supply this username in order to be allowed access to the router.
• Password – this is the password associated with the above
Name
field.
• Rem CLID – Remote Caller ID. This is the telephone number of
the Remote User and is used for security. When a phone number is
entered in this field, the router will make sure that the incoming
call is coming from the same phone number as the one defined
here. In other words, the remote user can only be calling from the
telephone number defined here, otherwise the call will not be
accepted. This function is disabled if the field is left blank.
• Default IP – this is the IP address that will be assigned to the dial-
in user when the
IP Address Supply
setting below is set to Default.
Assigning an IP address to the remote computer ensures that the IP
address does not clash with other IP addresses on your network.
• IP Address Supply – this field defines how the remote user will
obtain an IP address. The choices include:
Default – uses the
Configuration and Management 55
Default IP address
defined above,
Page 66
DI-1162 Remote Access Router
Dynamic - taken from the
None - the remote user supplies his own IP Address.
State – enables/disables this User Profile.
Remote Network Profile
The Remote Network Profile is used to configure the router for
WAN connections to other networks. In practice, the DI-1162 will
either dial-out to or receive incoming calls from another router, the
‘gateway’ to the other network.
Dial In IP pool
, or
Remote Name – Name for the remote network that the DI-1162 is
•
being set up to connect with.
Direction – dial-[In], dial-[Out], or [Both]. This field defines
•
whether the router on the other network will dial-[In] to the DI1162 to establish a connection, the DI-1162 will dial-[Out] to the
other network, or a connection can be established [Both] ways.
When this is set to In, the DI-1162 will only establish a connection
with the other network by receiving calls on the WAN port
specified in the
Interface
will be subject to the
field below. Also, the incoming calls
Name, Password
and
Rem CLID
fields in the
Incoming section below.
56 Configuration and Management
Page 67
DI-1162 Remote Access Router
When this is set to Out, the router will only make calls on the
WAN interface specified in the
outgoing calls will be subject to the
Number
fields in the Outgoing section below.
Interface
field below. Also, the
Name, Password
and
Phone
When set to Both, the
dial in
and
dial out
conditions described
above will both be observed.
• Interface – WAN 1] or WAN 2. This field is used to assign a
remote network to a logical (virtual) interface called a virtual
circuit. More than one remote network can be configured to use the
same interface, but they cannot be connected at the same time.
Thus, if you wish to have two WAN c onnections oper ate
simultaneously, make sure they are configured on different
interfaces. On the other hand, if you have two dial-out remote
network profiles but wish to keep one line always open for dial-in
users, make sure the two dial-out profiles use the same interface. In
this case, the two profiles will share the same interface; the second
one using it after the first one’s idle time has expired and it has
relinquished it.
• Incoming
Name – the maximum length is 64 characters. This username
•
is for password challenges (authentication). The user dialing
in must supply this username in order to be allowed access to
the router.
Password – this is the password associated with the above
•
Name field.
• Rem CLID – Remote Caller ID. This is the telephone number
of the Remote User and is used for security. When a phone
number is entered in this field, the router will make sure that
the incoming call is coming from the same phone number as
the one defined here. In other words, the remote user can only
be calling from the telephone number defined here, otherwise
the call will not be accepted. This function is disabled if the
field is left blank.
Configuration and Management 57
Page 68
DI-1162 Remote Access Router
Outgoing
•
• Name – the maximum length is 64 characters. Spaces and
punctuation are not usually accepted. This username is for
password challenges (authentication) which are automatically
handled by the router when dialing out. The DI-1162 will use
PAP and CHAP (whichever works) to make the connection.
• Password – this is the password associated with the above
Name field.
Phone Number – this is the telephone number that will be
•
dialed to make the outgoing connection.
Remote IP Address – this is the IP address that will be assigned
•
to the dial-in network when the
IP Address Supply
set to Default. Assigning an IP address to the router dialing in
ensures that the IP address does not clash with other IP addresses
on your network. For dial out connections utilizing dial on
demand, the IP address of the remote router needs to be entered
here so the router knows which remote network to establish a
connection with to deliver the packet.
• Script File ID – A number between 1 and 8 which corresponds to
a user-defined script file (see
Script File Configuration
Choosing a number here will execute the corresponding script file
when establishing a connection.
setting below is
below).
IP Address Supply – this field defines how the router will assign
•
an IP address to a device dialing in. The choices include:
Default – uses the
Remote IP address
Dynamic - taken from the
Dial In IP pool
defined above,
, or
None - the remote user supplies his own IP Address.
• State – enables/disables this Remote Network Profile.
58 Configuration and Management
Page 69
DI-1162 Remote Access Router
Script File Configuration
Script files are used on dial-out connections where the server you are
connecting to use s a script for the l ogon procedure (common with many
ISP’s). If you would like the router to automatically logon to a remote
server, you must define a script file .
Script files are executed immediately upon successfully establishing a
connection. The DI-1162 can hold up to 8 different script files.
Press <Enter> in a script name field (shown below as ISP LOGON and
7 empty ones) to define a script file.
Script File Example
The example script file shown below assumes a connection to an
Internet Service Provider.
Configuration and Management 59
Page 70
DI-1162 Remote Access Router
Commands
Script files can perform six Commands. You can choose the
appropriate command by positioning the cursor in the Command field
and pressing <space bar> to toggle to the appropriate command. The
script commands are defined as follows:
Wait – this command waits for text defined in the Parameter field
♦
to be transmitted by the ISP. In the above example, the router will
wait for the ISP to prompt for ‘Username:’. Please note that the
parameters are case-sensitive and must be an exact match.
Transmit – Transmits the exact characters written in the
♦
Parameter field. There are also three keywords that can be
transmitted:
• ^I – Username, as defined in the Remote Network Profile
submenu.
• ^P – Password, as defined in the Remote Network Profile
sub-menu.
60 Configuration and Management
Page 71
DI-1162 Remote Access Router
• ^M – <Enter> or <Return>.
Delay – will delay for the number of seconds defined in the
♦
Parameter field.
Get My IP – Will get the IP address from the ISP if the ISP
♦
sends it. This command is only valid for SLIP connections.
Get Srv IP – Will get the Servers IP address if it is sent. This
♦
command is only valid for SLIP connections.
End – Ends the script file.
♦
Parameters
Parameters are data fields which hold text or numbers that are used in
the Wait, Transmit and Delay commands.
State
Toggles to enable or disable the line item.
DHCP Configuration
The DI-1162 Router implements the Dynamic Host Configuration
Protocol (DHCP), which allows the entire IP network to be centrally
managed by the router. It does this by assigning IP addresses and
configuration parameters to hosts as they are powered on and come
onto the network. This can be a great help for network administration
since many administrative tasks such as keeping track of each
computer’s IP address are handled by the router. The DI-1162 can
implement DHCP in one of the two ways shown below:
Configuration and Management 61
Page 72
DI-1162 Remote Access Router
DHCP Server Configuration
When acting as a DHCP server, the DI-1162 will manage many of the
IP network parameters. The DI-1162 will never assign a broadcast or
network IP addresses to hosts, even if such an address is included in the
specified range.
Please note that the router can act either as a DHCP Server or a DHCP
Agent, but not both at the same time.
Dynamic IP Pool
The dynamic IP pool screen shown below contains the parameters that
the router can set on the hosts.
62 Configuration and Management
Page 73
DI-1162 Remote Access Router
The parameters are described below:
• IP Address – this is the base (starting) address for the IP pool of
unassigned, IP addresses.
• Range – this is the range of contiguous, IP addresses, above the
base
IP Address
above. In the above example, the IP Addresses
assigned would be 202.93.47.1, 202.93.47.2, … 202.93.47.100.
Netmask – this mask informs the client, how the destination IP
•
address is to be divided into network, subnet and host parts. The
netmask has ones in the bit positions in the 32-bit address which
are to be used for the network and subnet parts, and zeros for the
host part.
Gateway – this specifies the Gateway IP Address that will be
•
assigned to and used by the DHCP clients.
• Lease Time – this specifies the number of hours a client can lease
an IP address, from the dynamically allocated IP pool. The
maximum value is 65535 and a value of 0 means the lease is
permanent.
Configuration and Management 63
Page 74
DI-1162 Remote Access Router
DNS IP – this specifies the Domain Name System server, used by
•
the DHCP clients using leased IP addresses, to translate hostnames
into IP addresses or vice-versa.
• WINS IP – this specifies the IP address of the Windows Internet
Naming Service server. This server has software that resolves
NetBIOS names to IP addresses.
Domain Name – this is the common suffix, shared by networked
•
hosts, used to represent a common network domain.
State – this toggles disable, enable for DHCP function.
•
Static IP Pool
The Static IP Pool configuration functions in much the same way as the
Dynamic IP Pool configuration. The only difference is that a particular
IP address can be assigned to a particular host. The host is identified by
the MAC Address of it’s NIC, which must be entered on this screen.
64 Configuration and Management
Page 75
DI-1162 Remote Access Router
The parameters are described below:
IP Address – this is the static IP address to be assigned.
•
• MAC Address – this specifies the physical address of the
particular host that will receive the above IP address.
All other parameters (Netmask, Gateway, DNS IP, WINS IP, State,
& Domain Name) are identical to those in the
Dynamic IP Pool
configuration, in the previous section.
DHCP Relay Agent
The DHCP Relay Agent feature allows the DI-1162 to act as a gobetween for a remote DHCP server assigning IP addresses to local
clients. This can be useful if you wish to have all IP addresses in your
company, including those in branch offices, assigned from a DHCP
server centrally located at your headquarters, for example.
Items are described as follows:
DHCP Server IP Address – this is the IP address of the remote
•
DHCP server. When a local computer powers up and sends a
DHCP request for an IP address, the DI-1162 will forward the
request to the address specified here.
Configuration and Management 65
Page 76
DI-1162 Remote Access Router
Time Threshold – this specifies the maximum amount of time (in
•
seconds) since the host began requesting an IP address. If the value
define here is exceeded, the relay agent will not pass along the
request from the host.
• State – enables/disables the DHCP Relay Agent function.
Filter Configuration
Your DI-1162 uses filters (configurable at two layers) to screen packet
data, and apply a routing decision. There are two methods of
configuring a filter: you can configure a filter at the network layer (IP
filter) to restrict access between networks and reduce unnecessary
internetwork traffic; and you can configure a filter at the data-link layer
(a general filter) to provide a protocol independent filter.
Good knowledge of network protocols is required to configure a
specific filter appropriately. It is important for the router to operate
correctly, therefore, necessary packets must be allowed to pass through
the filters. In other words, do not attempt to configure filters on a
utilized router unless you understand what you are doing.
The following section describes how to configure the router filter
parameters.
Configuring a Filter Set
Under the
Configuration
66 Configuration and Management
Advanced Functions
. You will see the following screen:
menu, select and enter
Filter
Page 77
DI-1162 Remote Access Router
The three sub-menus are described:
Filter State of Interface – this is used to choose the default,
1.
routing decisions for packets, not meeting the criteria for specific
filters.
2. Layer 2 Filter – this is a data-link layer (protocol independent)
filter. Foreknowledge of the specific protocol, used on the
interface (LAN or WANs), is needed to make effective use of this
filter.
3. IP Filter – this is an IP protocol specific filter, allowing you to,
among other things, prohibit specific packets from entering the
LAN. Alternatively, you can set up filters that allow certain types
of IP packets to enter the LAN.
Filter State of Interface
The
Filter State of Interface
decisions, if the packets are not subjected to a filter, routing decision.
In other words, a packet, having not met the criteria for a specific filter
Configuration and Management 67
sub-menu lets you toggle default, routing
Page 78
DI-1162 Remote Access Router
that was applied to a specific interface, will be subjected to this default,
routing decision.
Each decision on handling packets is described below:
1. Disable – this does not apply a default, routing decision.
2. Forward – this allows the routing of a packet, e ven though it
has not met the criteria of the corresponding filter.
3. Drop – this drops (doesn’t allow routing for) a packet that has
not met the criteria for the corresponding filter.
Layer 2 Filter
The
Layer 2 Filter
link layer) filter. Foreknowledge of the specific protocol used on the
interface (LAN or WANs) is needed to make effective use of this filter.
68 Configuration and Management
sub-menu contains a protocol independent (data-
Page 79
DI-1162 Remote Access Router
The parameters of a filter are described below:
• Name – this is a 12 character (maximum), alphanumeric, userdefined name, used to identify the filter.
Direction – this defines the direction of the frame relative to the
•
Interface
parameter below.
• State – this is used to choose the routing decision applied to the
frame. The three decisions are described:
1.
forward –
this allows the routing of the frame, if it has met the
criteria of the corresponding filter.
2.
this drops (doesn’t allow routing for) a specific frame
drop
–
that has met the criteria of the corresponding filter.
3.
disable
this does not apply the protocol independent filter.
–
• Interface – this applies the filter to a specific interface, either
LAN or one of the three WANs.
Offset – this defines the reference byte for the
•
Length
parameter
(described below). The Offset is the number of bytes (octets) from
the beginning of the first byte of the frame header, immediately
Configuration and Management 69
Page 80
DI-1162 Remote Access Router
after the preamble. The range of the Offset parameter is from 0 to
255 octets. The first byte in a packet has an offset 0.
Length – this is the number of bytes (octets) from the offset value
•
(the
reference byte).
Offset
• Value – this is a 16 digit, hexadecimal field, defining the actual bit
values used to compare with the frame data, at the specified
(
+
Offset
Mask – this is a 16 digit, hexadecimal bit mask, used as an
•
Length
) position.
operand in the bit-wise AND operation that will be applied to the
parameter.
Value
IP Filter
The
IP Filter
is specifically an IP protocols filter, allowing you to,
among other things, fi rewall your LAN, prohibiting specific packets
from entering your LAN. It is necessary to have good knowledge of IP
protocol before effectively configuring this filter.
The IP Filter parameters are described below:
70 Configuration and Management
Page 81
DI-1162 Remote Access Router
Name – this is a 12 character (maximum), alphanumeric, user-
•
defined name, used to identify the filter.
• Direction – this defines the direction of the packet relative to the
Interface
State – this is used to define the routing decision applied to the
•
parameter below.
packet. The three routing decisions are described:
1.
forward –
this allows the routing of the packet, if it has met
the criteria of the corresponding filter.
2.
this drops (doesn’t allow routing for) a specific packet
drop
–
that has met the criteria of the corresponding filter.
3.
disable
this does not apply the IP filter.
–
• Interface – this applies the filter to a specific interface, LAN or
one of the three WANs.
Protocol Type – this is a protocol identifier, as assigned by the
•
Internet Assigned Numbers Authority (IANA). The values of this
identifier are described in RFC-1700. This router supports the
following:
4.
protocol type
= 1, this is Internet Control Message (ICMP),
defined in RFC 792.
5.
protocol type
= 6, this is Transmission Control (TCP), defined
in RFC 793.
6.
protocol type
= 17, this is User Datagram (UDP), defined in
RFC 798.
• Src IP – this is the source address in the IP header of this packet.
• Src Netmask – this mask is bit-wise AND’d with the source IP
address, and compared to the IP address of the incoming interface,
for which the packet arrived.
Configuration and Management 71
Page 82
DI-1162 Remote Access Router
Dst IP – this is the destination address in the IP header of the
•
packet.
• Dst Netmask – this mask is bit-wise AND’d with the destination
IP address, and compared to the IP address of the outgoing
interfaces.
Dst Port – this is the destination port, in the TCP or UDP header,
•
of the packet.
Operation – this comparison operation is applied to the
•
destination port (the
Dst Port
parameter) value, of the TCP or
UDP header.
ICMP Type – this is the type field, in the ICMP header, used to
•
identify a particular ICMP message.
ICMP Code – this is the code field, in the ICMP header, used to
•
further specify the ICMP type.
TCP Flag – this is a decimal number, representing the six flag bits
•
in the TCP header.
Multiple Home Configuration
Besides the IP address assigned to the LAN interface in the
Configuration
interfaces. These additional IP interfaces are referred to as MIP’s and
MIP1 to MIP3 are reserved for LAN1 and MIP4 to MIP6 are reserved
for LAN2 (if present). This type of configuration is known as a
multiple home configuration.
72 Configuration and Management
menu, each LAN may have up to 3 additional IP
Network
Page 83
DI-1162 Remote Access Router
Multiple Home can be demonstrated by this example:
A company has 625 users (computers) all connected to one physical
network using Ethernet. However, the company only has one Cla ss C
IP network address, 202.100.160.0. This network address will only
support 254 users. To solve the shortage of IP address problem and to
plan for future growth, the company applies for and receives two more
Class C IP network addresses, 203.101.161.0 and 204.102.162.0. This
gives the company a total of 254 x 3 = 762 IP Addresses, which it
assigns to the computer users, with a few left over for future needs. Due
to the nature o f IP networks, however, the use rs in one IP network
domain (202.100.160.0, for example) cannot communicate with users
on a different IP domain (203.101.161.0). Multiple home solves this
problem. When you register the additional IP network addresses in the
Multiple Home Configuration menu on the router, the router will route
data between the three IP networks using the single LAN.
In this router, multiple home configurations only apply to the LAN
interface.
Configuration and Management 73
Page 84
DI-1162 Remote Access Router
The parameters are described below:
• IP Address – this is a network IP address, access point, to a
separate, physical network, on the LAN.
Routing Protocol – this is the same as in the
•
Configuration
section. Keep in mind that these exchanges are
made with adjacent routers on the LAN, if present.
Network
• IP Multicasting – this enables/disables IP multicasting on the IP
network you are de fining.
All other parameters (Netmask, Routing Mode, Multicast Protocol
and IGMP Version) are identical to those in the
Configuration
section.
Network
Static ARP
This special function is intended to speed up the process of finding a
host's Ethernet (MAC) address from its network address, and provides
a special condition – any other host acting as an impostor by using the
same IP address as the legitimate host, will be ignored by this router.
74 Configuration and Management
Page 85
DI-1162 Remote Access Router
Basically, when a packet comes into the router from a WAN port and is
destined for a host on the LAN, the router will use information defined
here to immediately send the packet to the host rather than send out an
ARP request to find the host’s MAC address.
The parameters are described as follows:
• IP Address – this is the IP address that causes the router to reply
with the
MAC Address – this is the physical address, of the host, that is the
•
MAC Address
upon receiving an ARP request.
authorized owner of the IP address.
• State – this toggles enable, disable.
NAT Configuration
Network Address Translation (NAT) is a routing protocol that allows
your network to become a
connected to the Internet. It does this by changing the IP address of
packets from a
IP address usable on the Internet to a
global
address usable on your private network (but not on the Internet) and
vice-versa.
Configuration and Management 75
network that is isolated from, yet
private
local
IP
Page 86
DI-1162 Remote Access Router
NAT has two major benefits. First, NAT allows many users to access
the Internet using a small number or even a single global IP address.
This can greatly reduce the costs associated with Internet access and
also helps alleviate the current shortage of Internet IP addresses.
Secondly, the NAT process creates a firewall which hides your local
network from Internet users, providing a degree of securit y to your
Internet connection.
To be successfully implemented, NAT should be used only when the
majority of network traffic remains on the local network. In cases
where a large percentage of network traffic is destined for the Internet,
NAT can adversely affect the speed and performance of your Internet
connection. Also, your ne twork se rvers such as ftp servers, web serve rs
or mail servers will probably need to be assigned
static
addresses so their IP addresses remain consistent. This issue will be
further discussed later.
Network Address Port Translation (NAPT) is a subset of NAT where
many local IP addresses and their TCP/UDP port numbers are
translated to a single global IP address and it’s TCP/UDP port number.
In this document, the term NAT will refer to both NAT and NAPT
unless otherwise stated.
NAT IP
NAT can work in conjunction with DHCP. Thus, if both are enabled
and properly configured, the DHCP server in the DI-1162 will assign
local IP addresses to computers on your network.
How NAT Works
In the most common NAT configuration, your network uses local IP
addresses that are not valid on the Internet. Internet (global) IP
addresses are unique, with no two devices have the same IP address.
The local IP addresses can be freely assigned to computers on your
network by your network administrator (within guidelines defined later
in this chapter and in
Appendix B, IP Concepts
manually or by using DHCP. The WAN port on t he router is assigned a
globally unique IP Address that IS valid on the Internet, since it will be
76 Configuration and Management
). This can be done
Page 87
DI-1162 Remote Access Router
sending and receiving data directly to the Internet and is therefore part
of it. Please study the example diagram below carefully.
Please note that in the above diagram, the Gateway IP address settings
for the local PC’s needs to be set to 192.168.100.1, the LAN IP address
of the router.
NAT manipulates the IP addresses in packet headers on a one-to-one
basis. An outgoing data packet (a packet originating from a computer
on the local LAN and destined for a computer outside the private
network) will have its IP address translated as shown below.
Configuration and Management 77
Page 88
DI-1162 Remote Access Router
In the Outgoing Data Packet above, the
address that is translated by NAT. The
Source IP address
Destination IP Address
is the IP
is the IP
address of a computer outside the private network, on the Internet for
example. And the
portion of the packet is the information payload
Data
borne by the packet, for instance a request to view a web page.
The router logs the changes made to the IP header in its NAT table.
The NAT table enables the router to send replies back to the local
computer as shown below.
In the Inbound Data Packet above, the
address that is translated by NAT. The
Destination IP Address
Source IP Address
address of a computer outside the private network. And the
is the IP
is the IP
Data
portion of the packet is the information payload borne by the packet, in
this case, web page contents.
The actual information in the NAT table depends whether the router is
implementing NAT or NAPT.
NAT
This section discusses the NAT protocol as opposed to NAPT which is
discussed in the next section.
78 Configuration and Management
Page 89
DI-1162 Remote Access Router
NAT is the initial protocol set forth by RFC 1631 and provides a means
in which private networks can communicate with the Internet by using
a small number of IP addresses. In our discussion, we will use the
example IP addresses listed in the table below and the network diagram
shown at the beginning of thi s section.
Global IP Addresses
(for use with NAT)
200.100.50.1 192.168.100.1
200.100.50.2 192.168.100.2
200.100.50.3 192.168.100.3
200.100.50.4 192.168.100.4
200.100.50.5 192.168.100.5
Local IP Addresses
(assigned to computers
on the local network)
192.168.100.6
192.168.100.7
192.168.100.8
192.168.100.9
192.168.100.10
Please note that in the above table there are 9 users on the local
network using 5 global IP addresses to access the Internet.
When a packet on the local network arrives at the router and needs to
be sent to the Internet, NAT will change the source IP address (for
example 192.169.100.2) to a global address (200.100.50.1, for
example). If this packet generates a reply (as for example, a request to
view a web page will), NAT will change the destination IP address on
the reply packet back to the local IP address for delivery to the machine
on the local (stub) network.
The difference between static and dynamic NAT is that once the five
global addresses are assigned when using static NAT, they will never
change. The only way to change them is by using the console program
to manually reassign them. When using dynamic NAT, the router will
map a local IP address to a global IP address whenever a request is
Configuration and Management 79
Page 90
DI-1162 Remote Access Router
made. Since there are only 5 global IP addresses in the example above,
there can only be 5 mappings at any one time. In other words, much
like static NAT, only 5 local machines can access the Internet at any
one time. However, contrary to static NAT, the router will discard the
mapping between the global and local IP addresses after a certain
length of time (which is quite long so rarely happens), or after the
session is finished (an example of a session is when requesting a web
page, the entire page has completed downloading). The most common
implementation of NAT is to define a range of dynamic addresses to be
used by hosts, but assign static ad dresses to your servers if you wish for
them to be accessible from outside your network.
Setting Local IP Addresses
When implementing NAT and thus creating a private network that is
isolated from the Internet, you can assign any IP addresses to host
computers without problems. However, the Internet Assigned Numbers
Authority (IANA) has reserved the following three blocks of IP
Addresses specifically for private networks:
Class Beginning Address Ending Address
A 10.0.0.0 10.255.255.255
B 172.16.0.0 172.31.255.255
C 192.168.0.0 192.168.255.255
It is recommended that you choose local IP addresses for use with NAT
from the private network IP addresses in the above list. For more
information on address assignment, refer to RFC 1597,
Allocation for Private Internets
Management of IP Address Space
80 Configuration and Management
and RFC 1466,
.
Guidelines for
Address
Page 91
DI-1162 Remote Access Router
Configure NAT/NAPT
The first screen shows the complete NAT table that is defined by the
network manager:
For any NAT entry, you must configure two different screens. The first
one is accessible by positioning the cursor over the name field and
hitting ENTER (in the window shown above, this corresponds to the
field ‘Branch1’). After confi guring the NAT opt ions in the Name field,
Configuration and Management 81
Page 92
DI-1162 Remote Access Router
you must save the changes, EXIT, and position the cursor over the
NAT IP Pool to configure variables there.
Name Field Configuration Screen
The configuration screen for the name field appears as follows:
The parameters are described as follows:
Name – this is a 12 character, alphanumeric, user-defined name,
•
used to identify the network address translation.
• Global Interface – this is the interface corresponding to the
Global IP
and
parameters, in the NAT table, to form unique
Range
IP address[es], known to the outside (regional or Internet) routers,
on this interface.
• Local Interface – this is the interface corresponding to the
IP
and
parameters, in the NAT table, to form local IP
Range
Local
address[es], known only to this interface and the network within.
• Translation Mode – this toggles choices of four types of NATs.
82 Configuration and Management
Page 93
DI-1162 Remote Access Router
Static NAT – Maps one global IP address to one local IP
address. After all global IP addresses are assigned, they will
remain static. This option may be necessary for email, web,
ftp servers, etc. where static IP addresses are essential for
operation.
Dynamic NAT – Maps one global IP address to one local IP
address. Global IP addresses will be dynamically reassigned
to different local IP addresses if not currently being used. This
allows a larger number of users to use a small number of IP
addresses.
Static NAPT – One to one mapping of UDP/TCP port
numbers to let packets with specific UDP/TCP port numbers
enter the local IP domain. The NAPT map table will not age.
This option may be necessary for email, web, ftp servers, etc.
where static port numbers are essential for operation. Setting
the global port number to 0 opens port numbers 1024 to
65535 for the designated local IP address, creating a visible
computer. This allows a computer to be freely accessed by
other computers on the Internet, which is necessary for some
applications to function correctly when using NAPT,
including Microsoft NetMeeting, CUSeeMe, etc.
Dynamic NAPT - One to one mapping of UDP/TCP port
numbers. The NAPT map table will age. This option allows
many hosts to use a single, globally unique IP address, and
thus will only be used on outbound packets.
• State – enables/disables this NAT configuration.
NAT IP Pool Configuration Screen
Now you must select, enter, and configure the
the
NAT Configuration
Configuration and Management 83
sub-menu, shown below.
NAT IP Pool
from
Page 94
DI-1162 Remote Access Router
Dynamic NAT
This screen (below) is how the
NAT
was chosen for the
Translation Mode
NAT IP Pool
appears, if
parameter. Each entry, in
Dynamic
this configuration, can be used to map multiple, contiguous global
addresses and local addresses to each other.
The parameters are described below:
• Global IP – an IP Address that is globally unique and valid on the
Internet. It is the base, global address for the global addresses that
will be recognized by the interface in the
Global Interface
parameter.
• Range – this is the range of contiguous, global addresses above
(and including) the base
Global IP
.
• Local IP – an IP Address that is only used in the stub domain
since it is not unique. It is the base, local address for the local
addresses that will be recognized by the interface in the
Interface
84 Configuration and Management
parameter.
Local
Page 95
DI-1162 Remote Access Router
Range – this is the range of contiguous local addresses above (and
•
including) the base
Local IP
.
• State – this toggles the enable, disable, for this NAT entry.
Dynamic NAPT
This screen (below) is how the
NATPT
was chosen for the
Translation Mode
NAT IP Pool
appears, if
parameter. Each entry,
Dynamic
in this configuration, can be used to map a single global address and
multiple, contiguous local addresses to each other.
All of the parameters are the same as in
Global IP
is a solitary, global address.
Dynamic NAT
, except the
• Global IP – this is a single, globally unique IP Address of the
global interface (the interface to which it is assigned, in this case,
one of the WAN interfaces) that is valid on the Internet.
Configuration and Management 85
Page 96
DI-1162 Remote Access Router
Static NAT
This screen (below) is how the
was chosen for the
configuration is used to map a single global IP address a single local IP
address.
The parameters are described as follows:
• Global IP – this is a single, global IP Address that is valid on the
Internet, or on the same subnet of the global interface.
Translation Mode
NAT IP Pool
appears, if
parameter. Each entry in this
Static NAT
• Local IP – this is a single, local IP Address that is not valid on the
Internet.
Static NAPT
This screen (below) is how the
was chosen for the
configuration can be used to map a global address and port to a local
86 Configuration and Management
Translation Mode
NAT IP Pool
appears, if
parameter. Each entry in this
Static NAPT
Page 97
DI-1162 Remote Access Router
address and port. Notice that the global address will be the external IP
address of the global interface.
• Port – this is a destination port number, used by TCP and UDP, to
de-multiplex the incoming IP packet.
In the above example, incoming packets with the global destination IP
Address (211.11.22.2) and global destination TCP/UDP port (21) will
be translated to a packet with the local destination IP Address (1.1.1.5)
and local TCP/UDP port (21).
Port 21 is assigned to FTP servers. Please see Appendix D for more
commonly assigned port numbers, or RFC 1700 for a more complete
list.
Configure NAPT for Special Ap[plication]s
Some applications programs that are used over the Internet such as
Microsoft NetMeeting, Diablo, CU See Me and Xwindows send
information to a certain port number or within a specified range of port
Configuration and Management 87
Page 98
DI-1162 Remote Access Router
numbers. The exact port number used is specific to the application.
However, if you find that you are having troub le using an applicat ion
over the Internet and you are using NAPT, you may need to exempt
certain port numbers from the NAPT port translation process. Please
refer to the user guide for the program to find out whether it transmits
and receives data only through specified IP port numbers. In order for
these programs to work with NAPT, the IP port numbers required by
these applications must be entered in the Configure NAPT for Special
APs screen shown below.
In the above window, position the cursor on any of the numbered name
fields and press Enter. This will take you to the NAPT configuration
screen for special applications shown below.
88 Configuration and Management
Page 99
DI-1162 Remote Access Router
The fields in the above window are described as follows:
Protocol – [UDP] or [TCP]. This field designates the type of
•
packets that will be acted on.
Start Port – Some applications can only send data over a certain
•
range of por t numbers. Thus, all port numbers in the spe cified
range must be exempt from the NAPT port translation process.
This field defines the beginning range of the port numbers to be
exempted from the NAPT port translation process.
• End Port – This field defines the last port number in the range of
numbers excluded from the NAPT process (see Start Port above).
• Connection Type – [Outgoing Control] or [Incoming Data]. The
user must initially run the special application and send a request to
the application server on the Internet. This outgoing request to join
a Netmeeting session, for example, is used to trigger the exemption
process for the incoming data.
Configuration and Management 89
Page 100
DI-1162 Remote Access Router
In the example for the game Diablo shown in the above screen, if a
packet is sent out on the TCP port number 6112 (a request by a local
user to a Diablo server on the Internet to join a group game), all
incoming packets on the UDP port 6112 (game data) will not be
translated by NAPT.
Please keep in mind that the user will always initiate use of the special
application. Thus, the first entry should always have the Connection
Type of Outgoing Control. Also, since the defined port number or
range of port numbers will be mapped to the user who triggered the
outgoing control, all incoming data will be sent to that user.
Consequently, only one user can use the special application at a time.
Telnet/Discovery Enable
Telnet State - This feature enables or disables the router’s ability to be
configured o ver the LAN using telnet.
Discovery Function – Enabling this feature allows the router to be
auto-discovered by D-Link SNMP management software and the
included Wi ndows-based configurat ion software called
90 Configuration and Management
RouterView
.
Loading...