No part of this publication may be reproduced in any form or by any
means or used to make any derivative such as translation,
transformation, or adaptation without permission from D-Link
Corporation/D-Link Systems Inc., as stipulated by the United States
Copyright Act of 1976.
Trademarks
D-Link is a registered trademark of D-Link Corporation/D-Link
Systems, Inc.
All other trademarks belong to their respective owners.
Page 4
Limited Warranty
Hardware:
D-Link warrants each of its hardware products to be free from defects in workmanship and
materials under normal use and service for a period commencing on the date of purchase from
D-Link or its Authorized Reseller and extending for the length of time stipulated by the Authorized
Reseller or D-Link Branch Office nearest to the place of purchase.
This Warranty applies on the condition that the product Registration Card is filled out and returned
to a D-Link office within ninety (90) days of purchase. A list of D-Link offices is provided at the
back of this manual, together with a copy of the Registration Card.
If the product proves defective within the applicable warranty period, D-Link will provide repair or
replacement of the product. D-Link shall have the sole discretion whether to repair or replace, and
replacement product may be new or reconditioned. Replacement product shall be of equivalent or
better specifications, relative to the defective product, but need not be identical. Any product or
part repaired by D-Link pursuant to this warranty shall have a warranty period of not less than 90
days, from date of such repair, irrespective of any earlier expiration of original warranty period.
When D-Link provides replacement, then the defective product becomes the property of D-Link.
Warranty service may be obtained by contacting a D-Link office within the applicable warranty
period, and requesting a Return Material Authorization (RMA) number. If a Registration Card for
the product in question has not been returned to D-Link, then a proof of purchase (such as a copy of
the dated purchase invoice) must be provided. If Purchaser's circumstances require special handling
of warranty correction, then at the time of requesting RMA number, Purchaser may also propose
special procedure as may be suitable to the case.
After an RMA number is issued, the defective product must be packaged securely in the original or
other suitable shipping package to ensure that it will not be damaged in transit, and the RMA
number must be prominently marked on the outside of the package. The package must be mailed or
otherwise shipped to D-Link with all costs of mailing/shipping /insurance prepaid. D-Link shall never
be responsible for any software, firmware, information, or memory data of Purchaser contained in,
stored on, or integrated with any product returned to D-Link pursuant to this warranty.
Any package returned to D-Link without an RMA number will be rejected and shipped back to
Purchaser at Purchaser's expense, and D-Link reserves the right in such a case to levy a reasonable
handling charge in addition mailing or shipping costs.
Software:
Warranty service for software products may be obtained by contacting a D-Link office within the
applicable warranty period. A list of D-Link offices is provided at the back of this manual, together
with a copy of the Registration Card. If a Registration Card for the product in question has not
been returned to a D-Link office, then a proof of purchase (such as a copy of the dated purchase
Page 5
invoice) must be provided when requesting warranty service. The term "purchase" in this software
warranty refers to the purchase transaction and resulting license to use such software.
D-Link warrants that its software products will perform in substantial conformance with the
applicable product documentation provided by D-Link with such software product, for a period of
ninety (90) days from the date of purchase from D-Link or its Authorized Reseller. D-Link warrants
the magnetic media, on which D-Link provides its software product, against failure during the same
warranty period. This warranty applies to purchased software, and to replacement software
provided by D-Link pursuant to this warranty, but shall not apply to any update or replacement
which may be provided for download via the Internet, or to any update which may otherwise be
provided free of charge.
D-Link's sole obligation under this software warranty shall be to replace any defective software
product with product which substantially conforms to D-Link's applicable product documentation.
Purchaser assumes responsibility for the selection of appropriate application and system/platform
software and associated reference materials. D-Link makes no warranty that its software products
will work in combination with any hardware, or any application or system/platform software
product provided by any third party, excepting only such products as are expressly represented, in
D-Link's applicable product documentation as being compatible. D-Link's obligation under this
warranty shall be a reasonable effort to provide compatibility, but D-Link shall have no obligation
to provide compatibility when there is fault in the third-party hardware or software. D-Link makes
no warranty that operation of its software products will be uninterrupted or absolutely error-free,
and no warranty that all defects in the software product, within or without the scope of D-Link's
applicable product documentation, will be corrected.
D-Link Offices for Registration and Warranty Service
The product's Registration Card, provided at the back of this manual, must be sent to a D-Link
office. To obtain an RMA number for warranty service as to a hardware product, or to obtain
warranty service as to a software product, contact the D-Link office nearest you. An address/
telephone/fax/e-mail/Web site list of D-Link offices is provided in the back of this manual.
Page 6
Wichtige Sicherheitshinweise
1. Bitte lesen Sie sich diese Hinweise sorgfältig durch.
2. Heben Sie diese Anleitung für den spätern Gebrauch auf.
3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Vervenden Sie keine Flüssigoder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung.
4. Um eine Beschädigung des Gerätes zu vermeiden sollten Sie nur Zubehörteile verwenden, die
vom Hersteller zugelassen sind.
5. Das Gerät is vor Feuchtigkeit zu schützen.
6. Bei der Aufstellung des Gerätes ist auf sichern Stand zu achten. Ein Kippen oder Fallen könnte
Verletzungen hervorrufen. Verwenden Sie nur sichere Standorte und beachten Sie die
Aufstellhinweise des Herstellers.
7. Die Belüftungsöffnungen dienen zur Luftzirkulation die das Gerät vor Überhitzung schützt.
Sorgen Sie dafür, daß diese Öffnungen nicht abgedeckt werden.
8. Beachten Sie beim Anschluß an das Stromnetz die Anschlußwerte.
9. Die Netzanschlußsteckdose muß aus Gründen der elektrischen Sicherheit einen
Schutzleiterkontakt haben.
10. Verlegen Sie die Netzanschlußleitung so, daß niemand darüber fallen kann. Es sollete auch
nichts auf der Leitung abgestellt werden.
11. Alle Hinweise und Warnungen die sich am Geräten befinden sind zu beachten.
12. Wird das Gerät über einen längeren Zeitraum nicht benutzt, sollten Sie es vom Stromnetz
trennen. Somit wird im Falle einer Überspannung eine Beschädigung vermieden.
13. Durch die Lüftungsöffnungen dürfen niemals Gegenstände oder Flüssigkeiten in das Gerät
gelangen. Dies könnte einen Brand bzw. Elektrischen Schlag auslösen.
14. Öffnen Sie niemals das Gerät. Das Gerät darf aus Gründen der elektrischen Sicherheit nur von
authorisiertem Servicepersonal geöffnet werden.
15. Wenn folgende Situationen auftreten ist das Gerät vom Stromnetz zu trennen und von einer
qualifizierten Servicestelle zu überprüfen:
a – Netzkabel oder Netzstecker sint beschädigt.
b – Flüssigkeit ist in das Gerät eingedrungen.
c – Das Gerät war Feuchtigkeit ausgesetzt.
d – Wenn das Gerät nicht der Bedienungsanleitung ensprechend funktioniert oder Sie mit Hilfe
dieser Anleitung keine Verbesserung erzielen.
e – Das Gerät ist gefallen und/oder das Gehäuse ist beschädigt.
f – Wenn das Gerät deutliche Anzeichen eines Defektes aufweist.
16. Bei Reparaturen dürfen nur Orginalersatzteile bzw. den Orginalteilen entsprechende Teile
verwendet werden. Der Einsatz von ungeeigneten Ersatzteilen kann eine weitere
Beschädigung hervorrufen.
Page 7
17. Wenden Sie sich mit allen Fragen die Service und Repartur betreffen an Ihren Servicepartner.
Somit stellen Sie die Betriebssicherheit des Gerätes sicher.
18. Zum Netzanschluß dieses Gerätes ist eine geprüfte Leitung zu verwenden, Für einen Nennstrom
bis 6A und einem Gerätegewicht grßer 3kg ist eine Leitung nicht leichter als H05VV-F, 3G,
INDEX ..........................................................................................169
Page 13
Introduction
Congratulations on your purchase of a D-Link DI-206 series remote
access router with integrated Ethernet hub and ISDN T/A. No larger
than an ordinary modem, your router offers inexpensive yet complete
telecommunications and internetworking solutions for your home or
branch office. It is ideal for everything from Internet browsing to
receiving calls from Remote Dial-in Users and making connections to
other LANs via Remote Nodes.
Distinguishing features of the DI-206 include support for a full range of
networking protocols, including TCP/IP (Transmission Control
Protocol/Internet Protocol, also known as IP).
This complete solution also includes remote dial-in user support, an
Internet single-user account (Network Address Translation) option,
extensive network management capabilities, and solid security features.
DI-206 ISDN Remote Router
Product Features
The DI-206 router is packed with features that give it the flexibility to
provide a complete networking solution for almost any small to
medium-sized office environment.
Ease of Installation
Your DI-206 is a self-contained unit that is quick and easy to install.
Physically, it resembles an external modem; however, it is a
Introduction1
Page 14
DI-206 ISDN Remote Router
combination ISDN router and 10 Mbps Ethernet hub, and it uses
twisted-pair Ethernet cables to connect to the host network.
Built-in Hub
As a 10 Mbps Ethernet hub, your DI-206 provides six ports for
connecting standard Ethernet devices. Five ports are designed for
connecting network end nodes—single-user computers, servers,
bridges, other routers, etc.—through standard “straight-through”
twisted-pair cables; the sixth is wired for making an “uplink” connection
to another hub or switch through the same type of straight-through
cable used to connect end nodes.
ISDN Basic Rate Interface (BRI)
Using a standard S/T the DI-206 supports DSS1 ISDN switches. The
two ISDN B-channels can be used independently for two destinations,
or they can be bundled together for one high-bandwidth connection
supporting bandwidth-on-demand.
ISDN Leased Line
If the router is set up for an ISDN leased line, it can automatically
initialize the leased-line connection each time it is powered up.
Standard Phone Jacks
The router is equipped with two standard phone jacks for connecting
telephones, fax machines, or modems. This allows the ISDN line to be
used for voice as well as data calls.
2
n
Introductio
Page 15
Dial On Demand
The Dial On Demand feature allows a DI-206 to automatically place a
call to a Remote Node whenever there is traffic coming from any
workstation on the LAN (Local Area Network) to that remote site.
Bandwidth On Demand
Your DI-206 supports bandwidth up to 128 kbps over a single ISDN
BRI line. It incorporates MLPPP (Multi-Link PPP) to bundle two B
channels over a BRI line. In addition, the router dynamically allocates
bandwidth between the two B channels, increasing or decreasing
bandwidth as needed to allow for greater efficiency in data transfer. It
supports BAP (Bandwidth Allocation Protocol) and BACP (Bandwidth
Allocation Control Protocol) to manage the number of links in the multilink bundle.
Full Network Management
DI-206 ISDN Remote Router
The DI-206 incorporates SNMP (Simple Network Management
Protocol ) support and menu-driven network management via an RS232 or Telnet connection.
RADIUS (Remote Authentication Dial In User Service)
The RADIUS feature allows you to use a central external Unix or NTbased server to support thousands of users.
PPP Security
The DI-206 supports PAP (Password Authentication Protocol) and
CHAP (Challenge Handshake Authentication Protocol).
Introduction3
Page 16
DI-206 ISDN Remote Router
RIP-1/RIP-2
Your DI-206 supports both RIP-1 and RIP-2 (Routing Information
Protocol versions 1 and 2) exchanges with other routers.
DHCP Support (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol) allows IP addresses to
be automatically and dynamically assigned to hosts on your network.
Data Compression
The DI-206 incorporates Stac data compression and CCP
(Compression Control Protocol).
Networking Compatibility
The DI-206 is compatible with remote access products from other
companies such as Ascend, Cisco, and 3Com. Furthermore, they
support Microsoft Windows 95 and Windows NT remote access
capability.
Applications for your DI-206
Some applications for the DI-206 include:
Internet Access
Your DI-206 supports TCP/IP protocol, which is the language used for
the Internet. It is also compatible with access servers manufactured by
major vendors such as Cisco and Ascend.
4
n
Introductio
Page 17
Network Address Translation (NAT)
For small office environments, the DI-206 allows multiple users on the
LAN to access the Internet concurrently through a single Internet
account. This provides Internet access to everyone in the office for the
price of a single user.
NAT address mapping can also be used to link two IP domains via a
LAN-to-LAN connection.
LAN-to-LAN Enterprise Connections
The DI-206 can dial to or answer calls from another remote access
router connected to a different LAN. The DI-206 supports TCP/IP
and has the capability to bridge any Ethernet protocol.
Telecommuting Server
DI-206 ISDN Remote Router
The DI-206 allows Remote Dial-in Users to dial in and gain access to
your LAN. This feature enables users that have workstations with
remote access capabilities, e.g., Windows 95, to dial in using an ISDN
terminal adapter (TA) to access the network resources without
physically being in the office.
What This Manual Covers
This manual is divided into eleven parts.
Chapter One, “Introduction,” describes many of the
technologies implemented in the DI-206 as well as product
features.
Introduction5
Page 18
DI-206 ISDN Remote Router
Chapter Two, “Installation,” is designed as a step-by-step
guide to installing the router.
Chapter Three, “Configuration and Management,”
provides detailed explanations for the console program that is
used to setup and configure the router.
Chapter Four, “PROM System Configuration,” provides
information on the PROM program, an abbreviated version of
the console program that is used to download new software
into the router in case of problems with the console program.
Chapter Five, “Using Telnet,” describes how to setup and
use telnet to configure the router.
Chapter Six, “Using RADIUS Authentication,” describes
how to setup and use a RADIUS server to manage user
authentication and centralize passwords.
Appendix A, “Troubleshooting,” describes some common
problems setting up the router and suggests solutions.
Appendix B, “IP Concepts,” gives detailed explanations and
recommendations for setting up an IP network on your LAN.
Appendix C, “IP Protocol and Port Numbers,” lists many
commonly used IP settings.
Appendix D, “Technical Specifications,” a list of
specifications about the DI-206 ISDN router.
Appendix E, “Country ID Numbers,” lists country ID
numbers which must be entered when setting up the ISDN
line on the router. These numbers have no relation to the
6
n
Introductio
Page 19
International Country Codes used by your telephone
company.
Regardless of the application, it is important that you follow the steps
outlined in Chapter 2, “Installation,” to correctly connect your DI-206
to your LAN. You can then refer to other chapters of the manual
depending on your specific installation requirements.
What This Manual Doesn’t Cover
This manual assumes that you know how to use your computer and are
familiar with your communications software. If you have questions
about using either one, refer to the manual for the product.
Other Resources
For more information about your DI-206 check the following sources:
DI-206 ISDN Remote Router
♦ Quick Start Guide.
♦ Support disk containing RouteMan, a Windows-based
configuration program.
Packing List
Before you proceed further, check all items you received with your DI206 against this list to make sure nothing is missing. The complete
package should include:
♦ One DI-206 ISDN router.
♦ One power adapter.
Introduction7
Page 20
DI-206 ISDN Remote Router
♦ One RS-232 cable.
♦ One unshielded twisted-pair (UTP) cable.
♦ One frequently asked questions (FAQ) and application notes
diskette.
♦ One Quick Installation Guide.
♦ This User’s Guide.
Additional Installation Requirements
In addition to the contents of your package, there are other hardware
and software requirements you need before you can install and use your
router. These requirements include:
♦ An ISDN line.
♦ Ethernet connection(s) to your computer(s).
♦ A computer equipped with an RS-232 port and communications
software configured to the following parameters:
◊ VT100 terminal emulation.
◊ 9600 baud.
◊ No parity, 8 data bits, 1 stop bit.
After the router has been successfully connected to your network, you
can make future changes to the configuration using a Telnet client
application.
8
n
Introductio
Page 21
Installation
This chapter outlines how to connect your DI-206 to your LAN and
ISDN line. Refer to the diagrams below to identify all of the ports on
your device when you make connections.
Ordering Your ISDN Line
If you do not have an ISDN line installed already, we suggest that you
order it from your telephone company as soon as possible to avoid the
long waiting period common when ordering a new line. Use the
information in this section to place the order. If you have already
installed your ISDN line, you can check the following section to make
sure that you can use all the features of your DI-206.
DI-206 ISDN Remote Router
1. Contact your local telephone company’s ISDN Ordering Center.
2. Make sure DSS1 switches are available since these are the only
switch types currently supported by the DI-206.
3. When the telephone company installs your ISDN line, be sure to
obtain the following information:
◊ ISDN switch type.
◊ ISDN telephone number(s).
Installation9
Page 22
DI-206 ISDN Remote Router
The DI-206 Front Panel
Names and descriptions of your router’s front panel LEDs are given
below:
POWER— Comes on as soon as you connect the router to the power
adapter and plug the power adapter into a suitable AC outlet.
TEST — Should be blinking if the router is functioning properly.
ISDN – LINK— Indicates that the router has an ISDN line connected
to the ISDN interface and it has been successfully initialized.
10
n
ISDN – B1 and B2— On if there is an active ISDN session on that
channel or if that channel is making or receiving a call.
ETHERNET – COL— Shines yellow when a collision occurs on the
LAN, that is, when two devices have attempted to transmit at the same
time.
ETHERNET – Uplink and 1 through 5— Each of these indicators
shines green when a connection to an Ethernet device is detected. The
indicator blinks when a transmission is received from the device, and
shines yellow when the device has been partitioned, that is, temporarily
Installatio
Page 23
isolated from the LAN because of excessive collisions (partitioning is a
required capability of all Ethernet hubs).
PHONE – 1— Lights up when standard phone port 1 is in use.
PHONE – 2— Lights up when standard phone port 2 is in use.
The DI-206 Rear Panel
POWER — This socket is an 18 volt, 750mA power input jack. If the
power adapter included with the router has been lost or misplaced,
please ensure that the replacement adapter meets both the voltage and
amperage requirements.
DI-206 ISDN Remote Router
CONSOLE – This 9-pin RS-232 port is used for connecting a console
or PC running a terminal emulation program. It provides out-of-band
management capabilities for the initial setup and configuration of the
router.
PHONE 1 and 2 – These normal telephone jacks can be used to
connect telephones or fax machines to the router for use over the ISDN
lines. Plug telephone devices into these jacks as you normally would
into a telephone wall socket.
Installation11
Page 24
DI-206 ISDN Remote Router
ISDN – This socket is used to connect the ISDN line to either an NT1 or directly to the ISDN wall jack, depending on the type of service
delivered by your phone company.
ETHERNET – The six Ethernet ports function as a normal 10 Mbps
10BASE-T Ethernet hub.
•Uplink – This port is used to connect the router to another
hub using a straight-through twisted-pair cable.
•Ports 1x to 5x – These five ports can be used to connect
end-stations to the router using straight-through cables.
Telephone Features
Up to two telephones can be attached to the DI-206 router via the
Phone 1 and Phone 2 telephone jacks located on the rear of the router.
The router enables the attached telephones to have a number of
features which may or may not be found on normal telephones and are
described below. Additional features which must actually be configured
are described in the Interface Configuration – ISDN sub-menu
section of this manual.
12
n
♦Hold – This feature is very similar with and can work in conjunction
with call waiting as defined in the Interface Configuration –ISDN sub-menu section of this manual. Press Flash 0 to place
someone on hold (Flash is a very brief hanging up of the phone).
Press Flash 2 to take the caller off hold.
♦Hold (and pick up from another location) - Telephones
connected to the router can be put on hold by pressing Flash 71,
Installatio
Page 25
DI-206 ISDN Remote Router
72, 73, or 74. Press the same number to take the caller off hold
and speak from another phone on your telephone network.
♦Call forwarding – If you wish to forward incoming calls to a
different telephone, press *77* and then the phone number you
wish to forward the call to. All incoming calls will automatically be
forwarded to the phone number entered. Press #77# to cancel call
forwarding.
♦Three-person conference call – To use this feature, conference
calling must be enabled by the telephone company. After this is
done, pick up a phone and place a call. After connected, press
Flash 0 (refer to call waiting in the Interface Configuration –ISDN sub-menu section of this manual) and dial the second
number. After connected, press flash 3 to speak to both parties at
the same time. Press Flash 0 to hang up with the first party called.
Press flash 1 to hang up with the second party called.
♦Call transfer – To transfer a call to the other phone jack on the
router: if using Phone 1, press flash 20. If using Phone 2, press flash
10.
Installation and Initial Configuration
This section discusses the different connections that can be made to the
router when setting it up.
Initially, you will only wish to connect the console to the router in order
to configure the other ports. Once that is complete, you will need to
turn off the power to the router and plug in the connection cables to the
other devices. Next, power on the other devices. When they have
Installation13
Page 26
DI-206 ISDN Remote Router
finished powering up, power on the router. Each of these steps is
described in detail in the sections below. Please skip any setting
adjustments that do not apply to your configuration needs.
For the initial configuration of your DI-206, you must use an RS-232
console connection, either to a computer running serial communications
software or to a serial data terminal.
After the router has been successfully installed and the initial
configuration is complete, you can continue to modify settings through
the console, or you can change configuration settings through a remote
Telnet connection or through a web browser. See the chapters entitled
“Configuration and Management” and “Using Telnet” for detailed
instructions on using Telnet to configure your DI-206.
A Warning on Connection Cables
ISDN and Ethernet cables are very similar to each other. It is important
that you use the correct cable for each connection; otherwise, your
router could be damaged.
Before connecting or disconnecting an RS-232 cable between two
devices, turn both devices off to avoid any chance of damaging them.
Step 1 - Setting up the Console
The initial setup of the DI-206, requires connecting a console to the
9-pin RS-232 Diagnostic port on the router’s rear panel. A serial
cable is supplied with the router in order to make this connection. A
console can be a terminal, such as a VT-100, or a normal PC
running terminal emulation software (such as Microsoft
14
n
Installatio
Page 27
HyperTerminal, included with Windows). The terminal emulation
software needs to be configured to the following parameters:
◊ VT100 terminal emulation
◊ 9600 baud
◊ No parity, 8 data bits, 1 start bit, 1 stop bit
◊ No flow control
Step 2 - Connecting the Console to the Router
A serial cable is included in the DI-206 package. To connect this
cable, plug its nine-pin connector into the 9-pin RS-232 Diagnostic port
on the router’s rear panel, then connect the other end to the serial port
on the rear of your computer or data terminal.
Please make sure both machines are turned off before making this
connection.
DI-206 ISDN Remote Router
After the connection is made, first power on the console. If you are
using a PC, run the terminal emulation software at this time. After the
PC and the terminal emulation software are up and running, power on
the router.
Using the Console
The Console Program is the interface that you will be using to configure
your DI-206. Several operations that you should be familiar with before
you attempt to modify the configuration of your router are listed below:
♦Moving the Cursor Within a menu, use <tab> and arrow keys
to navigate through different information fields.
Installation15
Page 28
DI-206 ISDN Remote Router
♦Moving Forward to Another Menu To move forward to a
sub-menu below the current one, use <tab> or arrow keys to
position the cursor on the sub-menu item and press <Enter> to
view the selected sub-menu.
♦Entering Information There are two types of fields that you
will need to fill in. The first requires you to type in the appropriate
information. The second gives you choices to choose from. In the
second case, press the space bar to cycle through the available
choices. Upon configuring all fields the sub-menu, position the
cursor on SAVE and press <Enter> to save, or position the
cursor on EXIT to cancel.
♦Refresh Screen Console screens are notorious for becoming
garbled. When this happens, simply press <Ctrl> + <R> to
refresh the contents of the screen.
Step 3 - Connecting an ISDN Line to the Router
Your phone company will provide an S/T interface into your home or
office. Plug the ISDN line from the router directly into the ISDN wall
socket provided by your phone company.
Step 4 - Connecting a Telephone or Fax Machine to the Router
You can connect a regular telephone, fax machine, or modem to your
router to be used for analog calls. Note that the router’s other functions
all work the same whether you connect an analog device or not.
16
n
Installatio
Page 29
To connect an analog device, just plug one end of the device’s cord
into one of the sockets on the back of the router marked PHONE 1 or
PHONE 2.
To have incoming calls directed to a device on a PHONE jack, you
must enter the telephone number for the phone in the console program
under the Interface Configuration, ISDN submenu.
Step 5 - Connecting Ethernet Cables to the Router
Your DI-206 has six ports for connecting 10BASE-T Ethernet devices
to form a LAN. The jacks for ports 1 through 5 are wired to let you
connect network end nodes (computers, servers, bridges, other routers,
etc.) using standard “straight-through” EIA (Electronic Industries
Association) Category 3 or higher twisted-pair cables. The jack for the
sixth port is labeled Uplink and is wired to let you connect to another
10Mbps Ethernet or dual-speed hub using a straight-through cable, or
an end node using a cross-wired cable.
DI-206 ISDN Remote Router
Please refer to the following chart when deciding on the type of cable
necessary for a given connection:
DEVICEPORT
USED
Norma
l
RouterServer (or PC)Straight-Through (||)
Installation17
DEVICE BEING
CONNECTED
Hub or
Switch
Hub or
PORT
TYPE
NormalCrossover (X)
UplinkStraight-Through (||)
NormalStraight-Through (||)
CABLE TO USE
Page 30
DI-206 ISDN Remote Router
Uplink
Switch
Server (or PC)Crossover (X)
The figure below shows how to make an Ethernet connection between
the router and a network end node.
Important Notes on Ethernet Connections
UplinkCrossover (X)
18
n
Observe the following rules when connecting devices with twisted-pair
Ethernet cables:
• For both end-node and uplink connections, use only EIA
Category 3 or higher-grade twisted-pair data cables with RJ-45
plugs. In almost all cases, only standard straight-through cables
are needed.
• Make sure no cable is more than 100 meters (328 feet) long.
Installatio
Page 31
DI-206 ISDN Remote Router
• When uplinking two hubs together with a straight-through cable,
use an uplink-type jack at one end, and an end-node-type jack
at the other.
• If uplinking more than two hubs together, observe the 5-4-3 rule:
no signal, in order to go from one end node to another, must ever
pass through more than five twisted-pair cables, four repeaters
(that is, hubs), and three uplink cables. This is the maximum signal
path in twisted-pair Ethernet. Also be sure never to allow a signal
loop to form.
Note that you can connect an end node through the Uplink jack,
but to do so you must use a cross-wired cable or cable
converter.
Step 6 - Powering Up Devices for Initial Configuration
Plug in the included 18V DC, 750 mA power adapter into the power
jack on the router’s rear panel.
Installation19
Page 32
DI-206 ISDN Remote Router
You should have now connected the RS-232 cable to the console, the
ISDN phone line, one or more Ethernet cables, and the power adapter.
At this point in the installation process you can now power up the
console computer, run the terminal emulation software (if necessary),
and then power up the DI-206.
Step 7 - Initial Configuration of the Router
After the console is properly connected and both devices are powered
on as described in the preceding sections, you should see the router run
through the power on self test (POST). Finally, it will arrive at the logon
screen shown below. If the login screen does not appear, press <Ctrl>
+ <R> to refresh the screen.
20
n
Installatio
Page 33
DI-206 ISDN Remote Router
To log on to the router, use the factory set username and password
“Admin” (without the quotes). Please note that the user name and
password are case-sensitive.
Upon entering the username and password (using the <tab> key to
jump to the next field), position the cursor on OK and press <Enter>.
You will then see the following Main Menu:
Step 7 - Configuring the LAN Port
Preparing the router for connection to a LAN only requires enabling the
LAN port, enabling IP networking, assigning the LAN port an IP
address and enabling Telnet (if necessary). After the LAN port is
configured, all other features on the router can be configured remotely
through the LAN by using the included Windows-based Router
Installation21
Page 34
DI-206 ISDN Remote Router
Configuration Utility or Telnet. Regardless, the router can always be
configured using a console connected to the RS-232 Console port.
To configure the LAN:
1. The LAN port must be enabled in the Interface Configuration
sub-menu.
2. Enable IP Networking
♦ Choose Interface Configuration, LAN.
♦ Position the cursor over the State item and press <space bar>.
The State will change from Disable to Enable.
♦ Position the cursor on the SAVE option at the bottom of the
screen and press <Enter> to save the new setting.
♦ Choose Exit in the sub-menus to return to the Main Menu.
22
n
♦ Choose Network Configuration, IP Configuration.
♦ Position the cursor over the third item IP Networkingand
press <space bar> to Enable it.
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
3. Assign an IP address to the LAN port in the Network
Configuration sub-menu of the Main Menu.
Installatio
Page 35
DI-206 ISDN Remote Router
♦ Still in Network Configuration, IP Configuration submenu
from Step 2 above, choose IP Stack Configuration, LAN.
♦ Enter a valid IP address for the LAN in the first item. You may
also enter a Netmask if you wish. For more information about IP
Addresses and Subnet masks, please refer to Appendix B, “IPConcepts.”
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
♦ Choose EXIT in the sub-menus to return to the Main Menu.
4. Enable the Telnet/Discovery function on the router.
♦ From the Main Menu choose Advanced Functions.
♦ Choose the Telnet/Discovery Enable option and then Enable
Telnet State.
♦ Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new settings.
♦ Choose Exit in the sub-menus to return to the Main Menu.
The router can now be accessed via the LAN by Telnet, the Webbased DI-206 Router Configuration Utility (included with the router)
and other SNMP management applications.
If you have any questions regarding the settings you made or other
settings in the submenus, please refer to the next chapter
“Configuration and Management.”
Installation23
Page 36
DI-206 ISDN Remote Router
Step 8 – Plugging in All Devices
You can now plug in and power on all other devices connected to the
router. Do not power on the router yet.
The router is now able to use the LAN ports.
The router must be further configured in order to get the built-in ISDN
modem to function properly, to perform other routing functions, and to
manage your IP network. This can now be done by using the console,
the included Web-based Configuration Utility or Telnet.
For more information about configuring or managing the router, please
refer to the next chapter, “Configuration and Management.”
24
n
Installatio
Page 37
DI-206 ISDN Remote Router
Configuration and Management
After the initial startup (POST) test, the router will prompt you for login
and password. This is the opening page of the router’s out-of-band
configuration program, called the Console program. The Console
program is stored in the Flash memory chips in the router and the
settings are written in EEPROM chips in the router. It is the most basic
level for configuring and managing the router and the network to which
it is connected.
If you’re starting the router for the first time, the default login and
password is “Admin” – the login and password are case-sensitive,
alphanumeric characters.
Configuration and Management25
Page 38
DI-206 ISDN Remote Router
Note that once you are in the Main Menu, if there is no activity for
more than 5 minutes, the router will automatically log you out. Your
first endeavor should be to increase the ‘timeout’ time by adjusting the
appropriate value in the System Information sub-menu.
The router can also be configured remotely through a LAN or ISDN
connection by using the included Router Configuration Utility or Telnet.
However, if you wish to do this, the console program must first be used
to initially configure the relevant port on the router. Please see Step 7 -Initial Configuration of the Router on page 20 of this manual for
more detailed information.
Console Program Main Menu
The Main Menu is shown below.
26Configuration and
Management
Page 39
As mentioned earlier, your first endeavor should be to increase the
automatic timeout. Enter the System Information window to do this.
You will see this screen:
System Information
This menu contains administrative and system-related information.
DI-206 ISDN Remote Router
The above parameters are described as follows:
•System Description – This is a non-changeable, short description
of the product.
•System Object ID – This is the enterprise-specific MIB Object ID
indicating this type of router.
•System Up Time – Shows how long the router has been running
since the last power off or reset.
Configuration and Management27
Page 40
DI-206 ISDN Remote Router
•System Contact – Enter the name of the department or individual
responsible for maintaining the router.
•System Name – Give the router a descriptive name for
identification purposes.
• System Location – Enter the geographic location of the router.
• Console/Telnet Display Timeout in Minutes(0..90) – This is a
security measure to automatically logoff from the console menu after
a given idle time. Enter a timeout time between 0 and 90 minutes.
Zero specifies no timeout.
• System MAC Address – The physical address of this router.
• ISDN Switch Type – The type of ISDN switch used by the
telephone company that the DI-206 can communicate with. The DI206 currently supports only the DSS1 switch type.
Interface Configuration
The second item on the Main Menu is the Interface Configuration
screen, which is used to configure the LAN and ISDN interfaces:
28Configuration and
Management
Page 41
LAN
DI-206 ISDN Remote Router
Configuration and Management29
Page 42
DI-206 ISDN Remote Router
The parameters are described below:
•Description – This is a user-defined, 32-character identifier used to
name the LAN.
• Operation Mode – The LAN port is 10BASE-T only.
• State – This is a toggle, to Disable or Enable the LAN interface.
ISDN
The parameters are described below:
•Description – This is a user-defined, 32-character identifier used to
name the ISDN.
•Switch Type – This parameter defines the type of ISDN service
used. Currently, the DI-206 only supports DSS-1 type ISDN lines.
30Configuration and
Management
Page 43
DI-206 ISDN Remote Router
•B1 and B2 Channel Usage – This defines whether the ISDN line is
a leased line or a normal switched line. If you are not using a leased
line connection, set this item to Switch.
•Country ID – This field needs to contain the country parameter.
Without this information, the router cannot establish a connection. A
list of country ID numbers is located in Appendix E, “Country IDNumbers.”
•ISDN Data – This field must contain the incoming telephone
number for data calls. In other words, it is your ISDN line’s data
phone number.
• A/B Adapter 1 and 2 – Enter the telephone numbers for your
voice/analog lines.
•Phone 1 and 2 Call Waiting – If you have applied for and received
call waiting capabilities for your ISDN voice lines, you must enable
these settings in order for the call waiting feature to function.
There are 4 special operations for using call waiting (flash means a
very brief hanging up of the phone. In other words, for the first
option below, flash 0, click the hang up button on your phone very
quickly and then press the number 0 on your telephone’s keypad):
Flash 0 – disconnect the first phone call established.
Flash 1 – disconnect the second phone call established.
Flash 2 – switch between the two phone calls.
Flash 3 – speak to both parties simultaneously (if conference calling
is enabled by your phone company).
•POTS Lines – [Plain Old Telephone Service]. Enables or disables
phone calls on the Phone 1 and Phone 2 jacks on the rear of the
router.
Configuration and Management31
Page 44
DI-206 ISDN Remote Router
•Global Reception – When this is enabled, the Phone 1 and Phone
2 jacks will receive all phone calls directed to them by the telephone
company’s switch. When disabled, the router will check incoming
calls to the Phone 1 and 2 jacks against the telephone numbers
specified in the A/B Adapter 1 and 2 fields above.
•Block Outgoing CLID – When this is enabled, your ISDN data
phone number and voice phone numbers will never be sent out when
trying to establish a connection. Thus, even if sites being called have
Caller ID, they still won’t be able to know your phone number.
•Inbound Authentication – This defines the authorization protocol
that will be used when accepting a dial-in connection. The choices
are Password Authentication Protocol [PAP], Challenge Handshake
Authentication Protocol [CHAP] or None. PAP and CHAP do not
provide a screen for users to manually enter their Username and
Password – instead, this data must be entered into the dialing
software before placing the call. Make sure the device dialing in is
using the same protocol as defined here. The None setting may be
used when you do not wish dial-in users or networks to identify
themselves or be subject to security.
•Call Bumping – This setting only takes effect when both B channels
are connected and using multi-link PPP. If this is the case and call
bumping is enabled, when you receive an outgoing voice call, the
second B channel will be dropped (with all traffic being moved to
the first B channel) and the voice call will be received. If disabled,
both B channels will continue their data transmissions uninterrupted
and the voice call will be ignored.
•State – Enables or disables the ISDN port.
32Configuration and
Management
Page 45
Network Configuration
IP protocol configuration and static routes are configured in the
Network Configuration sub-menu. This menu is shown below:
DI-206 ISDN Remote Router
Select IP Configuration and the following screen opens:
Configuration and Management33
Page 46
DI-206 ISDN Remote Router
IP Stack Configuration
The network interface IP address, mask and protocols are specified in
the IP Stack Configuration submenus. Below, the screens for both
the LAN and ISDN interfaces are shown.
34Configuration and
Management
Page 47
DI-206 ISDN Remote Router
The parameters are described below:
Configuration and Management35
Page 48
DI-206 ISDN Remote Router
•IP Address – This is the IP address for the router on the network
to which this interface is connected.
•Netmask – This is a 32-bit bit mask that shows how the IP address
is to be divided into network, subnet and host parts. The netmask
has ones in the bit positions in the 32-bit address which are to be
used for the network and subnet parts, and zeros for the host part.
The mask should contain at least the standard network portion (as
determined by the address's class), and the subnet field should be
contiguous with the network portion.
•Forwarding (LAN) – This enables or disables communications
between this router and other router(s) on the LAN.
•State (ISDN) – This is a link method between this interface and
adjacent router(s). The methods are described:
1. AUTO – This obtains and utilizes the IP address assignment
from your ISP (Internet Service Provider).
2. DISABLE – This disables this interface.
3. IP STACK – This enables this interface, and the IP address
used will be the value of the parameter, IP Address.
4. UNNUMBER – This utilizes a method of connecting this router
with adjacent routers, without having to define an IP network
prefix between them. The adjacent routers must have
UNNUMBER capability too.
•Routing Protocol – This is a distance vector routing protocol. RIP
is an Internet standard Interior Gateway Protocol defined in RFC
1058 and RFC 1723. Routing information is sent periodically (each
30 seconds, or triggered by topology change) to an adjacent router.
The adjacent router must be using the same protocol. Setting this to
36Configuration and
Management
Page 49
DI-206 ISDN Remote Router
RIPV1&V2 will give the router the ability to make routing
information exchanges with any adjacent router.
•Routing Mode – This parameter allows the router to specify the
extent to which it partakes in the RIP on this port. The options are
described below:
1. None – The router will not participate in any RIP exchange with
adjacent routers.
2. Listen – The router will incorporate routing information from
adjacent routers, but will not send its own routing table.
3. Talk – The router will send adjacent routers its own routing
table, but will not incorporate routing information from them.
4. Both – The router will incorporate routing information from
adjacent routers, and will send adjacent routers it’s own routing
table.
•IP Multicasting – This feature enables or disables the router’s
ability to route IP Multicast packets from one interface to another
(for example, from the LAN ports to the ISDN port). IP
Multicasting is a bandwidth-saving method for transmitting data to
more than one host. IP Multicasting is often used when
sending/receiving audio or video data. When IP Multicasting is
enabled, the router will search its multicast forwarding table and
depending on the result of the search will either forward the packet
or add the group to the table. If IP Multicasting is disabled, all
multicast packets received by the router will be dropped, effectively
limiting multicasting to the LAN. The router can also perform
DVMRP if this feature is enabled (see Multicast Protocol below),
which allows the DI-206 to share multicast information with other
routers, enabling IP multicasting over the ISDN port.
Configuration and Management37
Page 50
DI-206 ISDN Remote Router
•Multicast Protocol – If this parameter is set to None, the router
will only use the Internet Group Management Protocol (IGMP), if IP
Multicasting is enabled above. This effectively limits multicast data to
the local network. If set to DVMRP (Distance Vector Multicast
Routing Protocol), the router will also use this protocol to share its
multicast information with other routers (much like RIP), in effect,
enabling multicasting on the WAN (ISDN) port.
•IGMP Version – Configures the router to use either IGMP version
1 or 2. A major difference between the two is that version 2 allows
the router to communicate multicast information with other routers
(via the ISDN port), even if the other router isn’t using DVMRP.
•DHCP Client (LAN) – This feature allows the LAN port to be
assigned an IP address from a DHCP server other than the one in
the router. This feature should be enabled only for special
configurations (such as the presence of a cable modem on the LAN)
where you wish the router to work with a device on the network that
must act as a DHCP server. Otherwise, this feature should be kept
disabled.
•RIP Spoofing(ISDN) – This feature should only be enabled if you
have more than one router on your network and this router is
providing your WAN connection. In this case, if the WAN
connection is dropped due to inactivity and this feature is enabled,
RIP packets will be sent to the other routers on the network telling
them that data can still be sent to the WAN via this router.
Otherwise, the other routers will learn that the WAN link has been
disconnected and will no longer forward packets destined for the
WAN to this router, causing the packets to be dropped before
Bandwidth on Demand has a chance to reestablish the WAN
connection.
38Configuration and
Management
Page 51
IP Static Route
A static route is a permanent entry in the routing table. Static routing
provides a means of explicitly defining the next hop router for a
particular destination network IP address. Each static route entry also
allows for a metric (a.k.a. hop count) to be specified.
DI-206 ISDN Remote Router
The parameters are described below:
•IP Address – This specifies the destination network IP address (or
a host, depending on the netmask) and pairs it with a gateway.
•Netmask – This mask shows how the destination IP address is to
be divided into network, subnet and host parts. The netmask has
ones in the bit positions in the 32-bit address which are to be used
for the network and subnet parts, and zeros for the host part.
Configuration and Management39
Page 52
DI-206 ISDN Remote Router
•Gateway – This is the adjacent next hop router, for which the
packets, arriving to this router with this destination IP address, will
be forwarded.
•Hops – This is an associated RIP metric that may have its value set
between 1 and 15, inclusive. A metric value higher than 15 (such as
16) means that the network is unreachable.
•Intf – This is the network interface containing the gateway that the
packets will be forwarded through.
•State – This enables/disables a particular entry.
IP Static Route Examples
The IP Static Route Table shown in the IP Static Route screen above
has the first three entries configured for common implementations of
static routing.
The first entry assumes that ISDN1 has a connection to the Internet and
defines the default next hop router. If you use this router to connect to
the Internet it is very important that you create an entry here that defines
the default next hop router as your ISP. This configuration is also
commonly used when RIP exchanges with other Internet routers (on
ISDN1) are disabled.
The second entry shows how to configure static routes when there is
another router on the LAN. The IP Address shown (202.12.125.0) is
the network address for a branch office, for example. The Gateway
Address (210.172.23.1) is the IP address to the LAN port on another
router on the LAN that maintains an ISDN connection to the branch
office.
40Configuration and
Management
Page 53
The third entry is an example of an enterprise ISDN connection
(through telephone lines) to another router, at a branch office for
example. The IP Address is the network address of the branch office.
The Gateway Address is the IP Address of the ISDN port on the
branch office router. This configuration assumes there is a modem on
ISDN2 maintaining a dial-up connection to the branch office.
IP Networking
Under the IP Configuration sub-menu, the IP Networking function
can toggle to connect or disconnect this router from the entire IP
network.
When IP Networking is disabled, all routing functions are stopped. The
only IP Address the router will act on is its own, via Telnet for example.
Router Advertisement
DI-206 ISDN Remote Router
When this option is enabled, the router will periodically send out ICMP
packets that announce itself on the network. These ICMP packets are
utilized by the Windows 98 or later operating system, which will
automatically update the default gateway setting on the computer in
which it is installed.
SNMP Agent Configuration
The Simple Network Management Protocol (SNMP), defined in STD
15, RFC 1157, is a protocol governing the management and the
monitoring of IP network devices and their functions. The DI-206
supports the use of SNMP to acknowledge communication between
management stations and itself. Basically, the DI-206, when connected
Configuration and Management41
Page 54
DI-206 ISDN Remote Router
to the network, acts as an SNMP agent, a software process that
responds to queries using SNMP to provide status and statistics about
the router.
Following is a description of how to configure the DI-206 for SNMP
management.
From the Main Menu, select SNMP Agent Configuration. This will
bring you to the SNMP Agent Configuration menu, shown above.
SNMP Community Configuration
Select and enter the SNMP Community Configuration sub-menu.
You will see the following configuration screen:
42Configuration and
Management
Page 55
DI-206 ISDN Remote Router
The parameters are described below:
•SNMP Community String – This community string is a user-
defined identifying name used to group together some arbitrary set of
SNMP application entities managed by the network manager.
•Access Right – This element of the set {Read Only, Read/Write}
is called the SNMP access mode. If the SNMP Community String
has an Access Right of Read/Write, then that Community String is
available as an operand for the get, set, and trap operations.
Otherwise, if the Community String’s corresponding Access Right is
Read Only, then it is available as an operand for the get and trap
operations only.
•Status – This validates or invalidates the use SNMP Community
String, by setting the string to Valid or Invalid. Note that setting the
use of the string to Invalid is the same as removing the string,
however, the string remains so as to be validated at an appropriate
time.
Configuration and Management43
Page 56
DI-206 ISDN Remote Router
SNMP Trap Manager Configuration
From the SNMP Agent Configuration menu, select and enter the
SNMP Trap Manager sub-menu. You will see the following
configuration screen:
The parameters are described below:
•IP Address – Enter the IP address of the host who will act as an
SNMP Management Station. The DI-206 router will send SNMP
traps to these addresses.
•SNMP Community String – The community string is a user-
defined identifying name used to group together some arbitrary set of
SNMP application entities managed by the network manager. Traps
will be sent to the IP Address (previous parameter) as long as the
corresponding Community String, in the Management Station’s trap
manager software, is the same.
44Configuration and
Management
Page 57
•State – This validates or invalidates the use of the SNMP
Community String, by setting the use of the string to Valid or
Invalid. Note that setting the string to Invalid is the same as
removing the string, however, the string remains so as to be
validated again at an appropriate time.
SNMP Authenticated Trap
Returning to the SNMP Agent Configuration menu, you can Enable
or Disable an authentication failure trap message being sent to the
Management Station by the router. When an SNMP packet with an
invalid community name is received, it will be dropped. If this parameter
is enabled, a trap will be sent to the network manager; if this parameter
is disabled, no trap will be sent.
Advanced Functions
The Advanced Functions menu contains most of the more complex
configuration settings and is shown below:
DI-206 ISDN Remote Router
Configuration and Management45
Page 58
DI-206 ISDN Remote Router
Remote Access Configuration
The Remote Access Configuration menu is used to set up the router
for dial-in and dial-out connections over the ISDN line. An ISDN line
has a D channel for establishing connections and two B (Bearer)
channels, which transmit and receive the actual signals, whether voice or
data. The two B channels can support two independent remote
connections or be banded together using Multi-link PPP to implement
Bandwidth on Demand (configured separately in the Multi-Link PPPConfiguration menu, the last item in the Advanced Functions
window).
The B-Channels can also carry voice and fax calls, which are routed to
the telephone jacks located on the rear of the router. Please note,
however, that the DI-206 can maintain only two connections at a time
46Configuration and
Management
Page 59
via the two B channels, whether the connections are voice, data, dial-in
users, remote networks or a combination thereof.
Remote Operation Overview
The DI-206 is very flexible and can be configured for a variety of
remote connections. Since configuring the router can be quite complex depending on the number and type of remote connection(s) you wish to
implement – we have described some of the basic functions and
procedures below.
Dial-In User Connections
Dial-in users are defined as a single user on a computer, such as a
person working at home, who dials into the office to use network
resources. In almost all cases, a Dial-In User Profile needs to be set up
for each user who will dial in to the router so the router can tailor the
connection for each user. Once this is done, the remote user will be
able to use network resources as if he were connected locally. When
the user dials into the DI-206, the call comes into the D-channel and
after answering the phone, the DI-206:
DI-206 ISDN Remote Router
1. Identifies the Username and Password using the authentication protocol defined in
the Interface Configuration, ISDN submenu. The dial-in user is not prompted
for this information, but must enter it into his dialing software before dialing.
2. Checks the Username and Password against those defined in the Dial-In User
Profiles and Remote Network Profiles.
3. Assuming a matching Dial-In User Profile is found, the router may configure the IP
address of the remote station (as defined in the Dial-In User Profile).
4. Configures a dial-in Interface (a virtual circuit) to handle the connection.
5. Establishes the connection on whichever B-channel (physical port) is open by
mapping the dial-in interface to that port.
Configuration and Management47
Page 60
DI-206 ISDN Remote Router
6. In the case where the Dial-In User does not need to supply a Username and
Password (Auth Type is set to None in the Interface Configuration submenu)
the remote computer must have its own IP address.
Remote Network Connections
Remote networks are defined as other networks (LANs) that have
WAN connections using a router, Internet server, network modem or
similar device (in this document however, we will assume the remote
device is a router). In almost all cases, a Remote Network Profile
needs to be set up for each network that will connect to the DI-206 via
the ISDN lines. The Remote Network Profiles are necessary for the
router to identify and tailor the connection to the remote network’s
router. Once this is done, a connection between the two routers can be
made and computers on each network can communicate with each
other.
Dial-In Network Connections
A dial-in network connection is very similar to a dial-in user connection.
When the remote router dials into the DI-206, the call comes into the
D-channel and after answering the phone, the DI-206:
1. Identifies the Username and Password using the authentication protocol defined in
the Interface Configuration, ISDN submenu.
2. Checks the Username and Password against those defined in the Dial-In User
Profiles and Remote Network Profiles.
3. Assuming a matching Remote Network Profile is found, the router may configure the
IP address of the remote station (as defined in the Remote Network Profile).
4. Configures the specified ISDN Interface (a virtual circuit) using the configuration
parameters defined in the Interface Configuration menu and the Remote Network
Profile to handle the connection.
5. Establishes the connection on whichever B-channel (physical port) is open by
mapping the dial-in interface to that port.
48Configuration and
Management
Page 61
DI-206 ISDN Remote Router
Dial-Out Network Connections
Dial-out network connections are much different than dial-in
connections.
When a packet on the LAN reaches the router, the DI-206 will:
1. Check its routing table to try to identify where this packet should go. It looks for
two variables in the routing table, Gateway address and Interface. There are four
possible results:
I. In the case where the destination resides in the same IP network on the LAN,
the routing engine never acts on the packet and it is sent directly to the
destination through the built-in hub.
II. In the case where the destination resides on a different IP network on the LAN
(which can happen when Multiple Home Configuration is set up), the router
will send out an ARP request to obtain the MAC address of the destination
computer (or router) and deliver the packet. Note that defining Static ARPs can
speed up delivery since the router won’t need to send out an ARP request.
III. In the case where the router finds a match in the routing table (which includes
IP Static Routes), it uses the Gateway address and Interface numbers to
identify the correct Remote Network Profile to use to dial out. From the
Remote Network Profile, the router gets the telephone number and other
information and dials out, establishes a connection and delivers the packet. If
you have a connection to the Internet, it is very important that you define the
default next hop router in the IP Static Routes submenu of the console
program as your ISP (see the IP Static Routes section of this manual for more
detailed configuration information). This is because if a user on your LAN
makes a request to download a web page for the first time, for instance, since it
is the first time, the DI-206 will not have any record of the web page’s IP
address. If no default next hop router is defined, the request will be dropped
and the user will get a ‘Destination Unreachable’ error message. However, if a
default next hop router is defined in the IP Static Routes, the DI-206 will pass
this request on to the ISP (the request will go through) and the user will receive
the web page.
Configuration and Management49
Page 62
DI-206 ISDN Remote Router
IV. In the case where there is no match for the destination IP address in the routing
The Remote Access Configuration submenu is shown below. All
items in the submenu are described as follows.
table, and no default next hop router is defined, the packet will be dropped and
no action will be taken.
50Configuration and
Management
Page 63
Dial Configuration
You can configure the two ISDN interfaces on your DI-206 to dial-out
only when a packet is forwarded to that interface, and hang up after all
data has been transferred and the link is idle. This can be used to lower
the cost of an unpopular link or used as a backup link to your ISP. This
feature is commonly called “Dial on Demand”. ISDN interfaces can
also be configured here to receive calls from dial in users and other
networks, called “Remote Access”. Please note however, that in all
cases, after configuring the ISDN Links in the Dial Configuration
submenu, they must be further configured in the Dial-In User Profile
submenu or Remote Network Profile submenu.
DI-206 ISDN Remote Router
Dial In IP Pool
The dial in IP pool allows you to define a range of IP addresses that will
be reserved for and assigned to dial-in users.
Configuration and Management51
Page 64
DI-206 ISDN Remote Router
The items are described as follows:
•IP Address – This is the first IP Address that will be assigned to a
dial-in user.
•Range – This is the number of IP Addresses that can be assigned.
In the window shown above, dial-in users will be assigned the IP
Addresses 170.100.200.1 or 170.100.200.2 (only two are
necessary since the router used in the examples has only two ISDN
ports).
ISDN Link 1
This submenu contains a number of settings (shown below) which allow
you to configure the router to dial out.
52Configuration and
Management
Page 65
DI-206 ISDN Remote Router
The parameters are described below:
•Dial Retry Time – This is the time (in seconds) the router will wait
before the next dial attempt.
•Dial Retry Count – This is the specified maximum number of dial
attempts the router will make when trying to establish a connection
on this interface.
•Call Back Delay – This is the time (in seconds) the router will wait
before a remote user is called back.
Dial-In User Profile
The Dial-In User Profile is used to configure the DI-206 for single users
(for example a person working at home) to dial in to the router and gain
access to the network. At least one User Profile must be configured for
each user who will dial in (in conjunction with Dial Configuration
Configuration and Management53
Page 66
DI-206 ISDN Remote Router
settings). Please note that WAN connections to computers on other
networks must be defined in the Remote Network Profile submenu.
Up to eight users can be set up to dial in to the router. However, more
dial-in users can be accommodated by using a Radius server as
described in the Radius Configuration section of this manual. Please
note that when a Radius server is being used, the Dial-in User Profiles
will be disabled.
The Dial-In User Profile submenu appears below:
Select a dial-in user from the screen above.
54Configuration and
Management
Page 67
DI-206 ISDN Remote Router
The parameters in the above window are described as follows:
•Name – The maximum length is 64 characters. This username is for
password challenges (authentication). The user dialing in must supply
this username in order to be allowed access to the router.
•Password – This is the password associated with the above Name
field.
•Rem CLID – Remote Caller ID. This is the telephone number of
the Remote User and is used for security. When a phone number is
entered in this field, the router will make sure that the incoming call is
coming from the same phone number as the one defined here. In
other words, the remote user can only be calling from the telephone
number defined here, otherwise the call will not be accepted. This
function is disabled if the field is left blank.
Configuration and Management55
Page 68
DI-206 ISDN Remote Router
•Default IP – This is the IP address that will be assigned to the dial-
in user when the IP Address Supply setting below is set to Default.
Assigning an IP address to the remote computer ensures that the IP
address does not clash with other IP addresses on your network.
• IP Address Supply – This field defines how the remote user will
obtain an IP address. The choices include:
Default – Uses the Default IP address defined above,
Dynamic - Taken from the Dial In IP pool, or
None - The remote user supplies his own IP Address.
•Call Back – This field determines if the router will allow call back to
the Remote Dial-In User upon dial-in. If this option is enabled, the
router will be able to call back to the Remote Dial-In User if they
request it. In such a case, the router will disconnect the initial call
from this user and dial back to the specified call back number. The
default is no call back.
•Phone Number Supplied by – Toggle between Router and
Caller.
•Phone Number – If Router is selected above, then this phone
number is usually provided by the person who initially set up the
router. If Caller is selected, you must enter the phone number that
will be called back yourself.
•Idle Time – This is the elapsed time (in seconds) since the last valid
or active packets have gone through the router. This setting will
trigger the router to disconnect this interface when it is reached.
•State – Enables or disables this User Profile.
56Configuration and
Management
Page 69
Remote Network Profile
The Remote Network Profile is used to configure the router for ISDN
connections to other networks. In practice, the DI-206 will either dialout to or receive incoming calls from another router, the ‘gateway’ to
the other network.
DI-206 ISDN Remote Router
Select the desired entry from the screen above:
Configuration and Management57
Page 70
DI-206 ISDN Remote Router
The parameters in the above window are described as follows:
•Remote Name – Name for the remote network that the DI-206 is
being set up to connect with.
•Direction – Dial-[In], dial-[Out], or [Both]. This field defines
whether the router on the other network will dial-[In] to the DI-206
to establish a connection, the DI-206 will dial-[Out] to the other
network, or a connection can be established [Both] ways.
When this is set to In, the DI-206 will only establish a connection
with the other network by receiving calls on the ISDN port specified
in the Interface field below. Also, the incoming calls will be subject
to the Name, Password and Rem CLID fields in the Incoming
section below.
When this is set to Out, the router will only make calls on the ISDN
interface specified in the Interface field below. Also, the outgoing
58Configuration and
Management
Page 71
DI-206 ISDN Remote Router
calls will be subject to the Name, Password and Phone Number
fields in the Outgoing section below.
When set to Both, the dial in and dial out conditions described
above will both be observed.
•Interface – ISDN Link 1 [ISDN L1] or ISDN Link 2 [ISDN L2].
This field is used to assign a remote network to a logical (virtual)
interface called a virtual circuit. More than one remote network can
be configured to use the same interface, but they cannot be
connected at the same time. Thus, if you wish to have two WAN
connections operate simultaneously, make sure they are configured
on different interfaces. On the other hand, if you have two dial-out
remote network profiles but wish to keep one line always open for
dial-in users, make sure the two dial-out profiles use the same
interface. In this case, the two profiles will share the same interface;
the second one using it after the first one’s idle time has expired and
it has relinquished it.
•Phone - This is the telephone number that will be dialed to make
the outgoing connection.
•Idle Time – This is the elapsed time (in seconds), of inactivity, that
will trigger the router to disconnect this interface.
•Set Peer IP as Default Gateway – When enabled, this feature
sets the IP address of the remote device as the default gateway
(default next hop router) for all packets not found in the routing
table. This option should be enabled for the ISDN circuit (ISDN1 or
ISDN2) that is used to connect to the Internet. Also, if the Peer IP is
set as the default gateway here, you still need to define a static
default route in the Network Configuration, IP Static Route
submenu, but you don’t need to designate a gateway IP address for
the static route (the routers will automatically negotiate and adjust
Configuration and Management59
Page 72
DI-206 ISDN Remote Router
the gateway IP setting accordingly). And also make sure that the
Remote IP Address in the Remote Networks Profile is set to
0.0.0.0. Note that only one ISDN circuit should be connected to the
Internet, and only one ISDN circuit (the same one) should be the
default gateway.
• Incoming
• Name – The maximum length is 64 characters. This username
• Password – This is the password associated with the above
• Rem CLID – Remote Caller ID. This is the telephone number
is for password challenges (authentication). The user dialing in
must supply this username in order to be allowed access to the
router.
Name field.
of the Remote User and is used for security. When a phone
number is entered in this field, the router will make sure that the
incoming call is coming from the same phone number as the one
defined here. In other words, the remote user can only be
calling from the telephone number defined here, otherwise the
call will not be accepted. This function is disabled if the field is
left blank.
•Call Back – This field determines whether the router calls back
after receiving a call from this Remote Network Profile. If this
option is enabled, the router will disconnect the initial call and
call back to the phone number that you provide. Note that this
field will be valid only if the Direction setting above is Both.
• Outgoing
• Name – The maximum length is 64 characters. Spaces and
punctuation are not usually accepted. This username is for
60Configuration and
Management
Page 73
DI-206 ISDN Remote Router
password challenges (authentication) which are automatically
handled by the router when dialing out. The DI-206 will use
PAP and CHAP (whichever works) to make the connection.
•Password – This is the password associated with the above
Name field.
•Remote IP Address – This is the IP address that will be assigned
to the dial-in network when the IP Address Supply setting below is
set to Default. Assigning an IP address to the router dialing in
ensures that the IP address does not clash with other IP addresses
on your network. For dial out connections utilizing dial on demand,
the IP address of the remote router needs to be entered here so the
router knows which remote network to establish a connection with
to deliver the packet.
•IP Address Supply – This field defines how the router will assign
an IP address to a device dialing in. The choices include:
Default – Uses the Remote IP address defined above,
Dynamic - Taken from the Dial In IP pool, or
None - The remote user supplies their own IP Address.
•Multi-Link PPP – Enables/disables multi-link PPP on this port.
Individual ISDN ports can be set to join the MLPPP bundle by
enabling Multi-Link on each port. When enabled, the port will join
the MLPPP bundle. Please note that the DI-206 contains only one
MLPPP bundle. All ports taking part in MLPPP, even the first or
primary port which initially establishes the connection, must have
Multi-Link enabled. The ISDN port that first established the
connection is the Primary ISDN Port and will not disconnect due to
a BOD Low Threshold event, but is subject to Dial on Demand
(DOD) settings.
Configuration and Management61
Page 74
DI-206 ISDN Remote Router
•Compression – Enables or disables Stac compression. This is an
industry standard using a 4:1 compression scheme. When enabled,
the router will try to use Stac compression on the designated ISDN
port whenever possible. If the destination device is not capable of
using Stac compression, the two devices will still communicate,
albeit without using Stac compression. When disabled, Stac
compression will never be used on this port.
•State – Enables or disables this Remote Network Profile.
Select Connect Test at the bottom of the screen to test if your setup is
correct.
DHCP Configuration
The DI-206 Router implements the Dynamic Host Configuration
Protocol (DHCP), which allows the entire IP network to be centrally
managed by the router. It does this by assigning IP addresses and
configuration parameters to hosts as they are powered on and come
onto the network. This can be a great help for network administration
since many administrative tasks such as keeping track of each
computer’s IP address are handled by the router. The DI-206 can
implement DHCP in one of the two ways shown below:
62Configuration and
Management
Page 75
DHCP Server Configuration
When acting as a DHCP server, the DI-206 will manage many of the
IP network parameters. The DI-206 will never assign a broadcast or
network IP addresses to hosts, even if such an address is included in
the specified range. The following is the DHCP Server Configuration
screen:
DI-206 ISDN Remote Router
Configuration and Management63
Page 76
DI-206 ISDN Remote Router
Dynamic IP Pool
The Dynamic IP Pool screen shown below contains the parameters
that the router can set on the hosts. Please note that the Dynamic IP
Pool cannot be enabled when the DHCP Agent feature is enabled.
64Configuration and
Management
Page 77
DI-206 ISDN Remote Router
The parameters are described below:
•IP Address – This is the base (starting) address for the IP pool of
IP addresses to be assigned.
•Range – This is the range of contiguous, IP addresses, above the
base IP Address above. In the above example, the IP addresses
assigned host computers as they come onto the network would be
202.93.47.1, 202.93.47.2 … 202.93.47.100.
•Netmask – This mask informs the client, how the destination IP
address is to be divided into network, subnet and host parts. The
netmask has ones in the bit positions in the 32-bit address which are
to be used for the network and subnet parts, and zeros for the host
part.
•Gateway – This specifies the Gateway IP Address that will be
assigned to and used by the DHCP clients.
Configuration and Management65
Page 78
DI-206 ISDN Remote Router
•Lease Time – This specifies the number of hours a client can lease
an IP address, from the dynamically allocated IP pool. The
maximum value is 65535 and a value of 0 means the lease is
permanent.
•DNS IP – This specifies the Domain Name System server, used by
the DHCP clients using leased IP addresses, to translate hostnames
into IP addresses or vice-versa.
•WINS IP – This specifies the IP address of the Windows Internet
Naming Service server. This server has software that resolves
NetBIOS names to IP addresses.
•Domain Name – This is the common suffix, shared by networked
hosts, used to represent a common network domain.
•State – This enables or disables the dynamic IP Pool function.
Static IP Pool
The Static IP Pool configuration functions in much the same way as the
Dynamic IP Pool configuration. The only difference is that a particular
IP address can be assigned to a particular host. This is used for hosts
such as servers that need to have static IP addresses to function
properly or to make them accessible to remote users. The host is
identified by the MAC address of its NIC, which must be entered on
this screen.
66Configuration and
Management
Page 79
DI-206 ISDN Remote Router
Select an entry from the screen above and press <Enter>. The
following screen appears:
Configuration and Management67
Page 80
DI-206 ISDN Remote Router
The parameters above are described below:
• IP Address – This is the static IP address to be assigned.
• MAC Address – This specifies the physical address of the
particular host that will receive the above IP address.
All other parameters (Netmask, Gateway, DNS IP, WINS IP, State,
& Domain Name) are identical to those in Dynamic IP Pool screen in
the previous section.
DHCP Relay Agent
The DHCP Relay Agent feature allows the DI-206 to act as a gobetween for a remote DHCP server assigning IP addresses to local
clients. This can be useful if you wish to have all IP addresses in your
company, including those in branch offices, assigned from a DHCP
server centrally located at your headquarters, for example.
68Configuration and
Management
Page 81
Items are described as follows:
•DHCP Server IP Address – This is the IP address of the remote
DHCP server. When a local computer powers up and sends a
DHCP request for an IP address, the DI-206 will forward the
request to the address specified here.
•Time Threshold – This specifies the maximum amount of time (in
seconds) since the host began requesting an IP address. If the value
define here is exceeded, the relay agent will not pass along the
request from the host.
•State – Enables or disables the DHCP Relay Agent function.
Filter Configuration
Your DI-206 uses filters (configurable at two layers) to screen packet
data, and apply a routing decision. There are two methods for
configuring filters: you can configure a filter at the network layer (IP
filter) to restrict access between networks and reduce unnecessary
internetwork traffic; and you can configure a filter at the data-link layer
(a general filter) to provide a protocol independent filter.
DI-206 ISDN Remote Router
Good knowledge of network protocols is required to configure a
specific filter appropriately. It is important for the router to operate
correctly, therefore, necessary packets must be allowed to pass through
the filters. In other words, do not attempt to configure filters on a
utilized router unless you understand what you are doing.
The following section describes how to configure the router filter
parameters.
Configuration and Management69
Page 82
DI-206 ISDN Remote Router
Configuring a Filter Set
Under the Advanced Functions menu, select Filter Configuration.
You will see the following screen:
The three sub-menus are described as follows:
•Filter State of Interface – This is used to choose the default,
routing decisions for packets, not meeting the criteria for specific
filters.
•Layer 2 Filter – This is a data-link layer (protocol independent)
filter. Foreknowledge of the specific protocol, used on the interface
(LAN or WANs), is needed to make effective use of this filter.
•IP Filter – This is an IP protocol specific filter, allowing you to,
among other things, prohibit specific packets from entering the LAN.
70Configuration and
Management
Page 83
Alternatively, you can set up filters that allow certain types of IP
packets to enter the LAN.
Filter State of Interface
The Filter State of Interface sub-menu lets you disable a filter, or, for
packets that have not met the corresponding criteria, to forward or
drop packets.
DI-206 ISDN Remote Router
Each decision on handling packets is described below:
1. Disable – Will not apply a filter.
2. Forward – This allows the routing of a packet, even though it
has not met the criteria of the corresponding filter.
3. Drop – This drops (doesn’t allow routing for) a packet that has
not met the criteria for the corresponding filter.
Configuration and Management71
Page 84
DI-206 ISDN Remote Router
Layer 2 Filter
The Layer 2 Filter sub-menu contains a protocol independent (data-
link layer) filter. Foreknowledge of the specific protocol used on the
interface (LAN or WANs) is needed to make effective use of this filter.
Select an entry above and then press <Enter>. The following screen
appears:
72Configuration and
Management
Page 85
DI-206 ISDN Remote Router
The parameters of a filter are described below:
•Name – This is a 12 character (maximum), alphanumeric, user-
defined name, used to identify the filter.
•Direction – This defines the direction of the frame relative to the
Interface parameter below.
•State – This is used to choose the routing decision applied to the
frame. The three decisions are described:
1.forward –This allows the routing of the frame, if it has met the
criteria of the corresponding filter.
2.drop – This drops (doesn’t allow routing for) a specific frame
that has met the criteria of the corresponding filter.
3.disable – This does not apply the protocol independent filter.
•Interface – This applies the filter to a specific interface, either LAN
or one of the ISDN interfaces.
Configuration and Management73
Page 86
DI-206 ISDN Remote Router
•Offset – This defines the reference byte for the Length parameter
(described below). The Offset is the number of bytes (octets) from
the beginning of the first byte of the frame header, immediately after
the preamble. The range of the offset parameter is from 0 to 255
octets. The first byte in a packet has an offset 0.
•Length – This is the number of bytes (octets) from 0 to 8 to
compare from the offset value (the Offset reference byte).
•Value – This is a 16 digit, hexadecimal field, defining the actual bit
values used to compare with the frame data, at the specified (Offset)
position.
•Mask – This is a 16 digit, hexadecimal bit mask, used as an
operand in the bit-wise AND operation that will be applied to the
Value parameter.
IP Filter
The IP Filter is specifically an IP protocols filter, allowing you to,
among other things, firewall your network, prohibiting specific packets
from entering or going out from your network. It is necessary to have
good knowledge of IP protocol before effectively configuring this filter.
74Configuration and
Management
Page 87
DI-206 ISDN Remote Router
Select an entry above and then press <Enter>. The following screen
appears:
Configuration and Management75
Page 88
DI-206 ISDN Remote Router
The IP Filter parameters are described below:
•Name – This is a 12 character (maximum), alphanumeric, user-
defined name, used to identify the filter.
•Direction – This defines the direction of the packet relative to the
Interface parameter below.
•State – This is used to define the routing decision applied to the
packet. The three routing decisions are described:
1. forward – This allows the routing of the packet, if it has met the
2. drop – This drops (doesn’t allow routing for) a specific packet
3. disable – This does not apply the IP filter.
•Interface – This applies the filter to a specific interface, LAN or
one of the ISDN interfaces.
criteria of the corresponding filter.
that has met the criteria of the corresponding filter.
•Protocol Type – This is a protocol identifier, as assigned by the
Internet Assigned Numbers Authority (IANA). The values of this
identifier are described in RFC-1700. This router supports the
following:
1 – This is Internet Control Message (ICMP), defined in RFC 792.
6 – This is Transmission Control (TCP), defined in RFC 793.
17 – This is User Datagram (UDP), defined in RFC 798.
• Src IP – This is the source address in the IP header of this packet.
76Configuration and
Management
Page 89
DI-206 ISDN Remote Router
•Src Netmask – This mask is bit-wise AND’d with the source IP
address and bit-wise AND’d with the IP address of the incoming
interface. The two results are then compared.
•Dst IP – This is the destination address in the IP header of the
packet.
•Dst Netmask – This mask is bit-wise AND’d with the destination
IP address and bit-wise AND’d with the IP address of the incoming
interface. The two results are then compared.
•Dst Port – This is the destination port, in the TCP or UDP header,
of the packet.
•Operation – This comparison operation is applied to the destination
port (the Dst Port parameter) value, of the TCP or UDP header.
•ICMP Type – This is the type field, in the ICMP header, used to
identify a particular ICMP message.
•ICMP Code – This is the code field, in the ICMP header, used to
further specify the ICMP type.
•TCP Flag – This is a hex number, representing the six flag bits in the
TCP header. The value range is from 0 to 3F.
Multiple Home Configuration
Besides the IP address assigned to the LAN interface in the Network
Configuration menu, the LAN may have up to 3 additional IP
interfaces. These additional IP interfaces are referred to as MIP1 to
MIP3. This type of configuration is known as a multiple home
configuration.
Configuration and Management77
Page 90
DI-206 ISDN Remote Router
Multiple Home can be demonstrated by this example:
A company has 625 users (computers) all connected to one physical
network using Ethernet. However, the company only has one Class C
IP network address, 202.100.160.0. This network address will only
support 254 users. To solve the shortage of IP address problem and to
plan for future growth, the company applies for and receives two more
Class C IP network addresses, 203.101.161.0 and 204.102.162.0.
This gives the company a total of 254 x 3 = 762 IP Addresses, which it
assigns to the computer users, with a few left over for future needs. Due
to the nature of IP networks, however, the users in one IP network
domain (202.100.160.0, for example) cannot communicate with users
on a different IP domain (203.101.161.0). Multiple home solves this
problem. When you register the additional IP network addresses in the
Multiple Home Configuration menu on the router, the router will route
data between the three IP networks using the single LAN.
78Configuration and
Management
Page 91
DI-206 ISDN Remote Router
In this router, multiple home configurations only apply to the LAN
interface.
The parameters are described below:
•IP Address – This is a network IP address of a separate IP
network on the LAN.
• Routing Protocol – This is the same as in the Network
Configuration screen section. Keep in mind that these exchanges
are made with adjacent routers on the LAN, if present.
•IP Multicasting – This enables/disables IP multicasting on the IP
network you are defining.
All other parameters (Netmask, Routing Mode, Multicast Protocol and
IGMP Version) are identical to those in the Network Configuration,IP Stack Configuration, ISDN screen section.
Configuration and Management79
Page 92
DI-206 ISDN Remote Router
Static ARP
This special function is intended to speed up the process of finding a
host's Ethernet (MAC) address from its network address, and provides
a special condition – any other host acting as an impostor by using the
same IP address as the legitimate host, will be ignored by this router.
Basically, when a packet comes into the router from the ISDN line and
is destined for a host on the LAN, the router will use information
defined here to immediately send the packet to the host rather than send
out an ARP request to find the host’s MAC address.
Select an entry above and then press <Enter>. The following screen
appears:
80Configuration and
Management
Page 93
DI-206 ISDN Remote Router
The parameters are described as follows:
•IP Address – This is the IP address of the host you wish to define a
static ARP for.
•MAC Address – This is the physical address of the host that is the
authorized owner of the IP address.
•State – This toggles enable and disable.
Configuration and Management81
Page 94
DI-206 ISDN Remote Router
NAT Configuration
Network Address Translation (NAT) is a routing protocol that allows
your network to become a private network that is isolated from, yet
connected to the Internet. It does this by changing the IP address of
packets from a global IP address usable on the Internet to a local IP
address usable on your private network (but not on the Internet) and
vice-versa.
NAT has two major benefits. First, NAT allows many users to access
the Internet using a small number or even a single global IP address.
This can greatly reduce the costs associated with Internet access and
also helps alleviate the current shortage of Internet IP addresses.
Secondly, the NAT process creates a firewall which hides your local
network from Internet users, providing a degree of security to your
Internet connection.
To be successfully implemented, NAT should be used only when the
majority of network traffic remains on the local network. In cases
where a large percentage of network traffic is destined for the Internet,
NAT can adversely affect the speed and performance of your Internet
connection. Also, your network servers such as ftp servers, web
servers or mail servers will probably need to be assigned static NAT
IP addresses so their IP addresses remain consistent. This issue will be
further discussed later.
Network Address Port Translation (NAPT) is a subset of NAT where
many local IP addresses and their TCP/UDP port numbers are
translated to a single global IP address and it’s TCP/UDP port number.
In this document, the term NAT will refer to both NAT and NAPT
unless otherwise stated.
82Configuration and
Management
Page 95
NAT can work in conjunction with DHCP. Thus, if both are enabled
and properly configured, the DHCP server in the DI-206 will assign
local IP addresses to computers on your network.
How NAT Works
In the most common NAT configuration, your network uses local IP
addresses that are not valid on the Internet. Internet (global) IP
addresses are unique, with no two devices have the same IP address.
The local IP addresses can be freely assigned to computers on your
network by your network administrator (within guidelines defined later
in this chapter and in Appendix B, “IP Concepts”). This can be done
manually or by using DHCP. The ISDN port on the router is assigned a
globally unique IP Address that IS valid on the Internet, since it will be
sending and receiving data directly to the Internet and is therefore part
of it. Please study the example diagram below carefully.
DI-206 ISDN Remote Router
Configuration and Management83
Page 96
DI-206 ISDN Remote Router
Singl
e
Router
IP Address
176.220.22.1
ISDN
Port
NAT
Translator
LAN
Port
192.168.100.1
Global
Local IP
WAN
LAN
192.168.100.2
192.168.100.3
192.168.100.4
192.168.100.5
Please note that in the above diagram, the Gateway IP address settings
for the local PC’s needs to be set to 192.168.100.1, the LAN IP
address of the router.
NAT manipulates the IP addresses in packet headers on a one-to-one
basis. An outgoing data packet (a packet originating from a computer
on the local LAN and destined for a computer outside the private
network) will have its IP address translated as shown below.
84Configuration and
Management
Page 97
DI-206 ISDN Remote Router
In the Outgoing Data Packet above, the Source IP address is the IP
address that is translated by NAT. The Destination IP Address is the
IP address of a computer outside the private network, on the Internet
for example. And the Data portion of the packet is the information
payload borne by the packet, for instance a request to view a web
page.
The router logs the changes made to the IP header in its NAT table.
The NAT table enables the router to send replies back to the local
computer as shown below.
In the Inbound Data Packet above, the Destination IP Address is the IP
address that is translated by NAT. The Source IP Address is the IP address of
a computer outside the private network. And the Data portion of the packet is
the information payload borne by the packet, for example, the contents of a
web page.
The actual information in the NAT table depends whether the router is
implementing NAT or NAPT.
NAT
This section discusses the NAT protocol as opposed to NAPT which is
discussed in the next section.
NAT is the initial protocol set forth by RFC 1631 and provides a
means in which private networks can communicate with the Internet by
using a small number of IP addresses. In our discussion, we will use the
Configuration and Management85
Page 98
DI-206 ISDN Remote Router
example IP addresses listed in the table below and the network diagram
shown on page 84.
Global IP Addresses
(for use with NAT)
200.100.50.1192.168.100.2
200.100.50.2192.168.100.3
200.100.50.3192.168.100.4
200.100.50.4192.168.100.5
200.100.50.5192.168.100.6
Local IP Addresses
(assigned to computers
on the local network)
192.168.100.7
192.168.100.8
192.168.100.9
192.168.100.10
Please note that in the above table there are 9 users on the local
network using 5 global IP addresses to access the Internet.
When a packet on the local network arrives at the router and needs to
be sent to the Internet, NAT will change the source IP address (for
example 192.168.100.2) to a global address (200.100.50.1, for
example). If this packet generates a reply (as for example, a request to
view a web page will), NAT will change the destination IP address on
the reply packet back to the local IP address for delivery to the
machine on the local (stub) network.
The difference between static and dynamic NAT is that once the five
global addresses are manually assigned when using static NAT, they
will never change. The only way to change them is by using the console
program to manually reassign them. When using dynamic NAT, the
router will map a local IP address to a global IP address whenever a
86Configuration and
Management
Page 99
request is made. Since there are only 5 global IP addresses in the
example above, there can only be 5 mappings at any one time. In other
words, much like static NAT, only 5 local machines can access the
Internet at any one time. However, contrary to static NAT, the router
will discard the mapping between the global and local IP addresses
after a certain length of time (which is quite long so rarely happens), or
after the session is finished (an example of a session is when requesting
a web page, the entire page has completed downloading). The most
common implementation of NAT is to define a range of dynamic
addresses to be used by hosts, but assign static addresses to your
servers if you wish for them to be accessible from outside your
network.
Setting Local IP Addresses
When implementing NAT and thus creating a private network that is
isolated from the Internet, you can assign any IP addresses to host
computers without problems. However, the Internet Assigned Numbers
Authority (IANA) has reserved the following three blocks of IP
Addresses specifically for private networks:
It is recommended that you choose local IP addresses for use with
NAT from the private network IP addresses in the above list. For more
information on address assignment, refer to RFC 1597, Address
Allocation for Private Internets and RFC 1466, Guidelines for
Management of IP Address Space.
Configuration and Management87
Page 100
DI-206 ISDN Remote Router
Configure NAT/NAPT
The first screen shows the complete NAT table that is defined by the
network manager:
88Configuration and
Management
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.