D-Link DI-206 User Manual

Page 1
Rev. 03 (June 2000)
6DI206….03
Printed in Taiwan
DI-206
ISDN Router
User’s Guide
RECYCLABLE
Page 2
Page 3
Copyright Statement
No part of this publication may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from D-Link Corporation/D-Link Systems Inc., as stipulated by the United States Copyright Act of 1976.
Trademarks
D-Link is a registered trademark of D-Link Corporation/D-Link Systems, Inc.
All other trademarks belong to their respective owners.
Page 4
Limited Warranty
Hardware:
D-Link warrants each of its hardware products to be free from defects in workmanship and materials under normal use and service for a period commencing on the date of purchase from D-Link or its Authorized Reseller and extending for the length of time stipulated by the Authorized Reseller or D-Link Branch Office nearest to the place of purchase.
This Warranty applies on the condition that the product Registration Card is filled out and returned to a D-Link office within ninety (90) days of purchase. A list of D-Link offices is provided at the back of this manual, together with a copy of the Registration Card.
If the product proves defective within the applicable warranty period, D-Link will provide repair or replacement of the product. D-Link shall have the sole discretion whether to repair or replace, and replacement product may be new or reconditioned. Replacement product shall be of equivalent or better specifications, relative to the defective product, but need not be identical. Any product or part repaired by D-Link pursuant to this warranty shall have a warranty period of not less than 90 days, from date of such repair, irrespective of any earlier expiration of original warranty period. When D-Link provides replacement, then the defective product becomes the property of D-Link.
Warranty service may be obtained by contacting a D-Link office within the applicable warranty period, and requesting a Return Material Authorization (RMA) number. If a Registration Card for the product in question has not been returned to D-Link, then a proof of purchase (such as a copy of the dated purchase invoice) must be provided. If Purchaser's circumstances require special handling of warranty correction, then at the time of requesting RMA number, Purchaser may also propose special procedure as may be suitable to the case.
After an RMA number is issued, the defective product must be packaged securely in the original or other suitable shipping package to ensure that it will not be damaged in transit, and the RMA number must be prominently marked on the outside of the package. The package must be mailed or otherwise shipped to D-Link with all costs of mailing/shipping /insurance prepaid. D-Link shall never be responsible for any software, firmware, information, or memory data of Purchaser contained in, stored on, or integrated with any product returned to D-Link pursuant to this warranty.
Any package returned to D-Link without an RMA number will be rejected and shipped back to Purchaser at Purchaser's expense, and D-Link reserves the right in such a case to levy a reasonable handling charge in addition mailing or shipping costs.
Software:
Warranty service for software products may be obtained by contacting a D-Link office within the applicable warranty period. A list of D-Link offices is provided at the back of this manual, together with a copy of the Registration Card. If a Registration Card for the product in question has not been returned to a D-Link office, then a proof of purchase (such as a copy of the dated purchase
Page 5
invoice) must be provided when requesting warranty service. The term "purchase" in this software warranty refers to the purchase transaction and resulting license to use such software.
D-Link warrants that its software products will perform in substantial conformance with the applicable product documentation provided by D-Link with such software product, for a period of ninety (90) days from the date of purchase from D-Link or its Authorized Reseller. D-Link warrants the magnetic media, on which D-Link provides its software product, against failure during the same warranty period. This warranty applies to purchased software, and to replacement software provided by D-Link pursuant to this warranty, but shall not apply to any update or replacement which may be provided for download via the Internet, or to any update which may otherwise be provided free of charge.
D-Link's sole obligation under this software warranty shall be to replace any defective software product with product which substantially conforms to D-Link's applicable product documentation. Purchaser assumes responsibility for the selection of appropriate application and system/platform software and associated reference materials. D-Link makes no warranty that its software products will work in combination with any hardware, or any application or system/platform software product provided by any third party, excepting only such products as are expressly represented, in D-Link's applicable product documentation as being compatible. D-Link's obligation under this warranty shall be a reasonable effort to provide compatibility, but D-Link shall have no obligation to provide compatibility when there is fault in the third-party hardware or software. D-Link makes no warranty that operation of its software products will be uninterrupted or absolutely error-free, and no warranty that all defects in the software product, within or without the scope of D-Link's applicable product documentation, will be corrected.
D-Link Offices for Registration and Warranty Service
The product's Registration Card, provided at the back of this manual, must be sent to a D-Link office. To obtain an RMA number for warranty service as to a hardware product, or to obtain warranty service as to a software product, contact the D-Link office nearest you. An address/ telephone/fax/e-mail/Web site list of D-Link offices is provided in the back of this manual.
Page 6
Wichtige Sicherheitshinweise
1. Bitte lesen Sie sich diese Hinweise sorgfältig durch.
2. Heben Sie diese Anleitung für den spätern Gebrauch auf.
3. Vor jedem Reinigen ist das Gerät vom Stromnetz zu trennen. Vervenden Sie keine Flüssig­oder Aerosolreiniger. Am besten dient ein angefeuchtetes Tuch zur Reinigung.
4. Um eine Beschädigung des Gerätes zu vermeiden sollten Sie nur Zubehörteile verwenden, die vom Hersteller zugelassen sind.
5. Das Gerät is vor Feuchtigkeit zu schützen.
6. Bei der Aufstellung des Gerätes ist auf sichern Stand zu achten. Ein Kippen oder Fallen könnte Verletzungen hervorrufen. Verwenden Sie nur sichere Standorte und beachten Sie die Aufstellhinweise des Herstellers.
7. Die Belüftungsöffnungen dienen zur Luftzirkulation die das Gerät vor Überhitzung schützt. Sorgen Sie dafür, daß diese Öffnungen nicht abgedeckt werden.
8. Beachten Sie beim Anschluß an das Stromnetz die Anschlußwerte.
9. Die Netzanschlußsteckdose muß aus Gründen der elektrischen Sicherheit einen Schutzleiterkontakt haben.
10. Verlegen Sie die Netzanschlußleitung so, daß niemand darüber fallen kann. Es sollete auch nichts auf der Leitung abgestellt werden.
11. Alle Hinweise und Warnungen die sich am Geräten befinden sind zu beachten.
12. Wird das Gerät über einen längeren Zeitraum nicht benutzt, sollten Sie es vom Stromnetz trennen. Somit wird im Falle einer Überspannung eine Beschädigung vermieden.
13. Durch die Lüftungsöffnungen dürfen niemals Gegenstände oder Flüssigkeiten in das Gerät gelangen. Dies könnte einen Brand bzw. Elektrischen Schlag auslösen.
14. Öffnen Sie niemals das Gerät. Das Gerät darf aus Gründen der elektrischen Sicherheit nur von authorisiertem Servicepersonal geöffnet werden.
15. Wenn folgende Situationen auftreten ist das Gerät vom Stromnetz zu trennen und von einer qualifizierten Servicestelle zu überprüfen:
a – Netzkabel oder Netzstecker sint beschädigt. b – Flüssigkeit ist in das Gerät eingedrungen. c – Das Gerät war Feuchtigkeit ausgesetzt. d – Wenn das Gerät nicht der Bedienungsanleitung ensprechend funktioniert oder Sie mit Hilfe
dieser Anleitung keine Verbesserung erzielen. e – Das Gerät ist gefallen und/oder das Gehäuse ist beschädigt. f – Wenn das Gerät deutliche Anzeichen eines Defektes aufweist.
16. Bei Reparaturen dürfen nur Orginalersatzteile bzw. den Orginalteilen entsprechende Teile verwendet werden. Der Einsatz von ungeeigneten Ersatzteilen kann eine weitere Beschädigung hervorrufen.
Page 7
17. Wenden Sie sich mit allen Fragen die Service und Repartur betreffen an Ihren Servicepartner. Somit stellen Sie die Betriebssicherheit des Gerätes sicher.
18. Zum Netzanschluß dieses Gerätes ist eine geprüfte Leitung zu verwenden, Für einen Nennstrom
bis 6A und einem Gerätegewicht grßer 3kg ist eine Leitung nicht leichter als H05VV-F, 3G,
0.75mm2 einzusetzen
Page 8
Page 9
Table of Contents
INTRODUCTION.................................................................................1
Product Features.......................................................................................................1
Applications for your DI-206..................................................................................4
Internet Access..........................................................................................................4
Network Address Translation (NAT).......................................................................5
LAN-to-LAN Enterprise Connections......................................................................5
Telecommuting Server................................................................................................5
What This Manual Covers.......................................................................................5
What This Manual Doesn’t Cover..........................................................................7
Other Resources.........................................................................................................7
Packing List...............................................................................................................7
Additional Installation Requirements...................................................................8
INSTALLATION .................................................................................9
Ordering Your ISDN Line..........................................................................................9
The DI-206 Front Panel.........................................................................................10
The DI-206 Rear Panel...........................................................................................11
Telephone Features................................................................................................12
Installation and Initial Configuration................................................................13
A Warning on Connection Cables............................................................................14
Step 1 - Setting up the Console...............................................................................14
Step 2 - Connecting the Console to the Router.......................................................15
Step 3 - Connecting an ISDN Line to the Router....................................................16
Step 4 - Connecting a Telephone or Fax Machine to the Router.............................16
Step 5 - Connecting Ethernet Cables to the Router.................................................17
Step 6 - Powering Up Devices for Initial Configuration..........................................19
Step 7 - Initial Configuration of the Router.............................................................20
Page 10
Step 7 - Configuring the LAN Port..........................................................................21
Step 8 – Plugging in All Devices..............................................................................24
CONFIGURATION AND MANAGEMENT..........................................25
Console Program Main Menu..............................................................................26
System Information..................................................................................................27
Interface Configuration.........................................................................................28
LAN ......................................................................................................................... 29
ISDN........................................................................................................................30
Network Configuration..........................................................................................33
IP Stack Configuration.............................................................................................34
IP Static Route.........................................................................................................39
IP Networking..........................................................................................................41
Router Advertisement..............................................................................................41
SNMP Agent Configuration..................................................................................41
SNMP Community Configuration...........................................................................42
SNMP Trap Manager Configuration.......................................................................44
SNMP Authenticated Trap .....................................................................................45
Advanced Functions...............................................................................................45
Remote Access Configuration..................................................................................46
DHCP Configuration...............................................................................................62
Filter Configuration..................................................................................................69
Multiple Home Configuration.................................................................................77
Static ARP...............................................................................................................80
NAT Configuration..................................................................................................82
Telnet/Discovery Enable........................................................................................100
DNS Configuration................................................................................................100
Radius Configuration.............................................................................................104
Multi-Link PPP Configuration..............................................................................105
Admin Configuration...........................................................................................109
System Maintenance............................................................................................109
System Status........................................................................................................110
Statistics.................................................................................................................111
Runtime Tables......................................................................................................117
Page 11
Log and Trace.........................................................................................................121
Diagnostic..............................................................................................................129
Software Update....................................................................................................136
System Restart.......................................................................................................137
Factory Reset.........................................................................................................138
System Settings Backup/Restore...........................................................................139
PROM SYSTEM CONFIGURATION.............................................143
System Configuration............................................................................................144
TCP/IP Parameters Configuration.........................................................................145
System Reset .........................................................................................................146
Software Update....................................................................................................146
EEPROM Factory Reset.......................................................................................149
Execute Bootload...................................................................................................149
USING TELNET ...........................................................................150
Telnet Configuration...........................................................................................150
Using Telnet via LAN............................................................................................150
Using Telnet via ISDN...........................................................................................151
System Timeout.....................................................................................................151
USING RADIUS AUTHENTICATION...........................................152
Installing a RADIUS Server................................................................................152
Configuring the DI-206 for RADIUS Authentication....................................152
Adding Users to the RADIUS Database...........................................................154
APPENDIX A - TROUBLESHOOTING...........................................155
Some Common Problems With the DI-206.......................................................155
None of the LEDs are on when you power up the router.....................................155
Connecting the RS-232 cable, cannot access the console program........................155
Problems With the ISDN Line.............................................................................156
Problems with the LAN Interface.......................................................................156
Page 12
Can’t PING any station on the LAN....................................................................156
APPENDIX B - IP CONCEPTS.....................................................158
IP Addresses..........................................................................................................158
IP Network Classes ...............................................................................................159
Subnet Mask..........................................................................................................160
APPENDIX C – IP PROTOCOL AND PORT NUMBERS ...............162
IP Protocol Numbers...........................................................................................162
IP Port Numbers...................................................................................................162
APPENDIX D - TECHNICAL SPECIFICATIONS ............................164
APPENDIX E – COUNTRY ID NUMBERS ....................................166
APPENDIX F – CONFIGURATION FILE .......................................167
Configuration File Example..............................................................................168
INDEX ..........................................................................................169
Page 13
Introduction
Congratulations on your purchase of a D-Link DI-206 series remote access router with integrated Ethernet hub and ISDN T/A. No larger than an ordinary modem, your router offers inexpensive yet complete telecommunications and internetworking solutions for your home or branch office. It is ideal for everything from Internet browsing to receiving calls from Remote Dial-in Users and making connections to other LANs via Remote Nodes.
Distinguishing features of the DI-206 include support for a full range of networking protocols, including TCP/IP (Transmission Control Protocol/Internet Protocol, also known as IP).
This complete solution also includes remote dial-in user support, an Internet single-user account (Network Address Translation) option, extensive network management capabilities, and solid security features.
DI-206 ISDN Remote Router
Product Features
The DI-206 router is packed with features that give it the flexibility to provide a complete networking solution for almost any small to medium-sized office environment.
Ease of Installation
Your DI-206 is a self-contained unit that is quick and easy to install. Physically, it resembles an external modem; however, it is a
Introduction 1
Page 14
DI-206 ISDN Remote Router
combination ISDN router and 10 Mbps Ethernet hub, and it uses twisted-pair Ethernet cables to connect to the host network.
Built-in Hub
As a 10 Mbps Ethernet hub, your DI-206 provides six ports for connecting standard Ethernet devices. Five ports are designed for connecting network end nodes—single-user computers, servers, bridges, other routers, etc.—through standard “straight-through” twisted-pair cables; the sixth is wired for making an “uplink” connection to another hub or switch through the same type of straight-through cable used to connect end nodes.
ISDN Basic Rate Interface (BRI)
Using a standard S/T the DI-206 supports DSS1 ISDN switches. The two ISDN B-channels can be used independently for two destinations, or they can be bundled together for one high-bandwidth connection supporting bandwidth-on-demand.
ISDN Leased Line
If the router is set up for an ISDN leased line, it can automatically initialize the leased-line connection each time it is powered up.
Standard Phone Jacks
The router is equipped with two standard phone jacks for connecting telephones, fax machines, or modems. This allows the ISDN line to be used for voice as well as data calls.
2
n
Introductio
Page 15
Dial On Demand
The Dial On Demand feature allows a DI-206 to automatically place a call to a Remote Node whenever there is traffic coming from any workstation on the LAN (Local Area Network) to that remote site.
Bandwidth On Demand
Your DI-206 supports bandwidth up to 128 kbps over a single ISDN BRI line. It incorporates MLPPP (Multi-Link PPP) to bundle two B channels over a BRI line. In addition, the router dynamically allocates bandwidth between the two B channels, increasing or decreasing bandwidth as needed to allow for greater efficiency in data transfer. It supports BAP (Bandwidth Allocation Protocol) and BACP (Bandwidth Allocation Control Protocol) to manage the number of links in the multi­link bundle.
Full Network Management
DI-206 ISDN Remote Router
The DI-206 incorporates SNMP (Simple Network Management Protocol ) support and menu-driven network management via an RS­232 or Telnet connection.
RADIUS (Remote Authentication Dial In User Service)
The RADIUS feature allows you to use a central external Unix or NT­based server to support thousands of users.
PPP Security
The DI-206 supports PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol).
Introduction 3
Page 16
DI-206 ISDN Remote Router
RIP-1/RIP-2
Your DI-206 supports both RIP-1 and RIP-2 (Routing Information Protocol versions 1 and 2) exchanges with other routers.
DHCP Support (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol) allows IP addresses to be automatically and dynamically assigned to hosts on your network.
Data Compression
The DI-206 incorporates Stac data compression and CCP (Compression Control Protocol).
Networking Compatibility
The DI-206 is compatible with remote access products from other companies such as Ascend, Cisco, and 3Com. Furthermore, they support Microsoft Windows 95 and Windows NT remote access capability.
Applications for your DI-206
Some applications for the DI-206 include:
Internet Access
Your DI-206 supports TCP/IP protocol, which is the language used for the Internet. It is also compatible with access servers manufactured by major vendors such as Cisco and Ascend.
4
n
Introductio
Page 17
Network Address Translation (NAT)
For small office environments, the DI-206 allows multiple users on the LAN to access the Internet concurrently through a single Internet account. This provides Internet access to everyone in the office for the price of a single user.
NAT address mapping can also be used to link two IP domains via a LAN-to-LAN connection.
LAN-to-LAN Enterprise Connections
The DI-206 can dial to or answer calls from another remote access router connected to a different LAN. The DI-206 supports TCP/IP and has the capability to bridge any Ethernet protocol.
Telecommuting Server
DI-206 ISDN Remote Router
The DI-206 allows Remote Dial-in Users to dial in and gain access to your LAN. This feature enables users that have workstations with remote access capabilities, e.g., Windows 95, to dial in using an ISDN terminal adapter (TA) to access the network resources without physically being in the office.
What This Manual Covers
This manual is divided into eleven parts.
Chapter One, “Introduction,” describes many of the technologies implemented in the DI-206 as well as product features.
Introduction 5
Page 18
DI-206 ISDN Remote Router
Chapter Two, “Installation,” is designed as a step-by-step guide to installing the router.
Chapter Three, “Configuration and Management,” provides detailed explanations for the console program that is used to setup and configure the router.
Chapter Four, “PROM System Configuration,” provides information on the PROM program, an abbreviated version of the console program that is used to download new software into the router in case of problems with the console program.
Chapter Five, “Using Telnet,” describes how to setup and use telnet to configure the router.
Chapter Six, “Using RADIUS Authentication,” describes how to setup and use a RADIUS server to manage user authentication and centralize passwords.
Appendix A, “Troubleshooting,” describes some common problems setting up the router and suggests solutions.
Appendix B, “IP Concepts,” gives detailed explanations and recommendations for setting up an IP network on your LAN.
Appendix C, “IP Protocol and Port Numbers,” lists many commonly used IP settings.
Appendix D, “Technical Specifications,” a list of specifications about the DI-206 ISDN router.
Appendix E, “Country ID Numbers,” lists country ID numbers which must be entered when setting up the ISDN line on the router. These numbers have no relation to the
6
n
Introductio
Page 19
International Country Codes used by your telephone company.
Regardless of the application, it is important that you follow the steps outlined in Chapter 2, “Installation,” to correctly connect your DI-206 to your LAN. You can then refer to other chapters of the manual depending on your specific installation requirements.
What This Manual Doesn’t Cover
This manual assumes that you know how to use your computer and are familiar with your communications software. If you have questions about using either one, refer to the manual for the product.
Other Resources
For more information about your DI-206 check the following sources:
DI-206 ISDN Remote Router
Quick Start Guide.Support disk containing RouteMan, a Windows-based
configuration program.
Packing List
Before you proceed further, check all items you received with your DI­206 against this list to make sure nothing is missing. The complete package should include:
One DI-206 ISDN router.One power adapter.
Introduction 7
Page 20
DI-206 ISDN Remote Router
One RS-232 cable.One unshielded twisted-pair (UTP) cable.One frequently asked questions (FAQ) and application notes
diskette.
One Quick Installation Guide.This User’s Guide.
Additional Installation Requirements
In addition to the contents of your package, there are other hardware and software requirements you need before you can install and use your router. These requirements include:
An ISDN line.Ethernet connection(s) to your computer(s).A computer equipped with an RS-232 port and communications
software configured to the following parameters:
VT100 terminal emulation.9600 baud.No parity, 8 data bits, 1 stop bit.
After the router has been successfully connected to your network, you can make future changes to the configuration using a Telnet client application.
8
n
Introductio
Page 21
Installation
This chapter outlines how to connect your DI-206 to your LAN and ISDN line. Refer to the diagrams below to identify all of the ports on your device when you make connections.
Ordering Your ISDN Line
If you do not have an ISDN line installed already, we suggest that you order it from your telephone company as soon as possible to avoid the long waiting period common when ordering a new line. Use the information in this section to place the order. If you have already installed your ISDN line, you can check the following section to make sure that you can use all the features of your DI-206.
DI-206 ISDN Remote Router
1. Contact your local telephone company’s ISDN Ordering Center.
2. Make sure DSS1 switches are available since these are the only
switch types currently supported by the DI-206.
3. When the telephone company installs your ISDN line, be sure to obtain the following information:
ISDN switch type.ISDN telephone number(s).
Installation 9
Page 22
DI-206 ISDN Remote Router
The DI-206 Front Panel
Names and descriptions of your router’s front panel LEDs are given below:
POWER— Comes on as soon as you connect the router to the power adapter and plug the power adapter into a suitable AC outlet.
TEST — Should be blinking if the router is functioning properly. ISDN – LINK— Indicates that the router has an ISDN line connected
to the ISDN interface and it has been successfully initialized.
10
n
ISDN – B1 and B2— On if there is an active ISDN session on that channel or if that channel is making or receiving a call.
ETHERNET – COL— Shines yellow when a collision occurs on the LAN, that is, when two devices have attempted to transmit at the same time.
ETHERNET – Uplink and 1 through 5— Each of these indicators shines green when a connection to an Ethernet device is detected. The indicator blinks when a transmission is received from the device, and shines yellow when the device has been partitioned, that is, temporarily
Installatio
Page 23
isolated from the LAN because of excessive collisions (partitioning is a required capability of all Ethernet hubs).
PHONE – 1— Lights up when standard phone port 1 is in use. PHONE – 2— Lights up when standard phone port 2 is in use.
The DI-206 Rear Panel
POWER — This socket is an 18 volt, 750mA power input jack. If the power adapter included with the router has been lost or misplaced, please ensure that the replacement adapter meets both the voltage and amperage requirements.
DI-206 ISDN Remote Router
CONSOLE – This 9-pin RS-232 port is used for connecting a console or PC running a terminal emulation program. It provides out-of-band management capabilities for the initial setup and configuration of the router.
PHONE 1 and 2 – These normal telephone jacks can be used to connect telephones or fax machines to the router for use over the ISDN lines. Plug telephone devices into these jacks as you normally would into a telephone wall socket.
Installation 11
Page 24
DI-206 ISDN Remote Router
ISDN – This socket is used to connect the ISDN line to either an NT­1 or directly to the ISDN wall jack, depending on the type of service delivered by your phone company.
ETHERNET – The six Ethernet ports function as a normal 10 Mbps 10BASE-T Ethernet hub.
Uplink – This port is used to connect the router to another
hub using a straight-through twisted-pair cable.
Ports 1x to 5x – These five ports can be used to connect
end-stations to the router using straight-through cables.
Telephone Features
Up to two telephones can be attached to the DI-206 router via the Phone 1 and Phone 2 telephone jacks located on the rear of the router. The router enables the attached telephones to have a number of features which may or may not be found on normal telephones and are described below. Additional features which must actually be configured are described in the Interface Configuration – ISDN sub-menu section of this manual.
12
n
Hold – This feature is very similar with and can work in conjunction
with call waiting as defined in the Interface Configuration – ISDN sub-menu section of this manual. Press Flash 0 to place someone on hold (Flash is a very brief hanging up of the phone). Press Flash 2 to take the caller off hold.
Hold (and pick up from another location) - Telephones
connected to the router can be put on hold by pressing Flash 71,
Installatio
Page 25
DI-206 ISDN Remote Router
72, 73, or 74. Press the same number to take the caller off hold and speak from another phone on your telephone network.
Call forwarding – If you wish to forward incoming calls to a
different telephone, press *77* and then the phone number you wish to forward the call to. All incoming calls will automatically be forwarded to the phone number entered. Press #77# to cancel call forwarding.
Three-person conference call – To use this feature, conference
calling must be enabled by the telephone company. After this is done, pick up a phone and place a call. After connected, press Flash 0 (refer to call waiting in the Interface Configuration – ISDN sub-menu section of this manual) and dial the second number. After connected, press flash 3 to speak to both parties at the same time. Press Flash 0 to hang up with the first party called. Press flash 1 to hang up with the second party called.
Call transfer – To transfer a call to the other phone jack on the
router: if using Phone 1, press flash 20. If using Phone 2, press flash
10.
Installation and Initial Configuration
This section discusses the different connections that can be made to the
router when setting it up.
Initially, you will only wish to connect the console to the router in order
to configure the other ports. Once that is complete, you will need to turn off the power to the router and plug in the connection cables to the other devices. Next, power on the other devices. When they have
Installation 13
Page 26
DI-206 ISDN Remote Router
finished powering up, power on the router. Each of these steps is described in detail in the sections below. Please skip any setting adjustments that do not apply to your configuration needs.
For the initial configuration of your DI-206, you must use an RS-232 console connection, either to a computer running serial communications software or to a serial data terminal.
After the router has been successfully installed and the initial configuration is complete, you can continue to modify settings through the console, or you can change configuration settings through a remote Telnet connection or through a web browser. See the chapters entitled “Configuration and Management” and “Using Telnet” for detailed instructions on using Telnet to configure your DI-206.
A Warning on Connection Cables
ISDN and Ethernet cables are very similar to each other. It is important that you use the correct cable for each connection; otherwise, your router could be damaged.
Before connecting or disconnecting an RS-232 cable between two devices, turn both devices off to avoid any chance of damaging them.
Step 1 - Setting up the Console
The initial setup of the DI-206, requires connecting a console to the 9-pin RS-232 Diagnostic port on the router’s rear panel. A serial cable is supplied with the router in order to make this connection. A console can be a terminal, such as a VT-100, or a normal PC running terminal emulation software (such as Microsoft
14
n
Installatio
Page 27
HyperTerminal, included with Windows). The terminal emulation software needs to be configured to the following parameters:
VT100 terminal emulation9600 baudNo parity, 8 data bits, 1 start bit, 1 stop bitNo flow control
Step 2 - Connecting the Console to the Router
A serial cable is included in the DI-206 package. To connect this cable, plug its nine-pin connector into the 9-pin RS-232 Diagnostic port on the router’s rear panel, then connect the other end to the serial port on the rear of your computer or data terminal.
Please make sure both machines are turned off before making this connection.
DI-206 ISDN Remote Router
After the connection is made, first power on the console. If you are using a PC, run the terminal emulation software at this time. After the PC and the terminal emulation software are up and running, power on the router.
Using the Console
The Console Program is the interface that you will be using to configure your DI-206. Several operations that you should be familiar with before you attempt to modify the configuration of your router are listed below:
Moving the Cursor Within a menu, use <tab> and arrow keys
to navigate through different information fields.
Installation 15
Page 28
DI-206 ISDN Remote Router
Moving Forward to Another Menu To move forward to a
sub-menu below the current one, use <tab> or arrow keys to position the cursor on the sub-menu item and press <Enter> to view the selected sub-menu.
Entering Information There are two types of fields that you
will need to fill in. The first requires you to type in the appropriate information. The second gives you choices to choose from. In the second case, press the space bar to cycle through the available choices. Upon configuring all fields the sub-menu, position the cursor on SAVE and press <Enter> to save, or position the cursor on EXIT to cancel.
Refresh Screen Console screens are notorious for becoming
garbled. When this happens, simply press <Ctrl> + <R> to refresh the contents of the screen.
Step 3 - Connecting an ISDN Line to the Router
Your phone company will provide an S/T interface into your home or office. Plug the ISDN line from the router directly into the ISDN wall socket provided by your phone company.
Step 4 - Connecting a Telephone or Fax Machine to the Router
You can connect a regular telephone, fax machine, or modem to your router to be used for analog calls. Note that the router’s other functions all work the same whether you connect an analog device or not.
16
n
Installatio
Page 29
To connect an analog device, just plug one end of the device’s cord into one of the sockets on the back of the router marked PHONE 1 or PHONE 2.
To have incoming calls directed to a device on a PHONE jack, you must enter the telephone number for the phone in the console program under the Interface Configuration, ISDN submenu.
Step 5 - Connecting Ethernet Cables to the Router
Your DI-206 has six ports for connecting 10BASE-T Ethernet devices to form a LAN. The jacks for ports 1 through 5 are wired to let you connect network end nodes (computers, servers, bridges, other routers, etc.) using standard “straight-through” EIA (Electronic Industries Association) Category 3 or higher twisted-pair cables. The jack for the sixth port is labeled Uplink and is wired to let you connect to another 10Mbps Ethernet or dual-speed hub using a straight-through cable, or an end node using a cross-wired cable.
DI-206 ISDN Remote Router
Please refer to the following chart when deciding on the type of cable necessary for a given connection:
DEVICE PORT
USED
Norma l
Router Server (or PC) Straight-Through (||)
Installation 17
DEVICE BEING
CONNECTED
Hub or
Switch
Hub or
PORT
TYPE
NormalCrossover (X)
Uplink Straight-Through (||)
NormalStraight-Through (||)
CABLE TO USE
Page 30
DI-206 ISDN Remote Router
Uplink
Switch Server (or PC) Crossover (X)
The figure below shows how to make an Ethernet connection between the router and a network end node.
Important Notes on Ethernet Connections
Uplink Crossover (X)
18
n
Observe the following rules when connecting devices with twisted-pair Ethernet cables:
For both end-node and uplink connections, use only EIA Category 3 or higher-grade twisted-pair data cables with RJ-45 plugs. In almost all cases, only standard straight-through cables are needed.
Make sure no cable is more than 100 meters (328 feet) long.
Installatio
Page 31
DI-206 ISDN Remote Router
When uplinking two hubs together with a straight-through cable, use an uplink-type jack at one end, and an end-node-type jack at the other.
If uplinking more than two hubs together, observe the 5-4-3 rule: no signal, in order to go from one end node to another, must ever pass through more than five twisted-pair cables, four repeaters (that is, hubs), and three uplink cables. This is the maximum signal path in twisted-pair Ethernet. Also be sure never to allow a signal loop to form.
Note that you can connect an end node through the Uplink jack,
but to do so you must use a cross-wired cable or cable converter.
Step 6 - Powering Up Devices for Initial Configuration
Plug in the included 18V DC, 750 mA power adapter into the power jack on the router’s rear panel.
Installation 19
Page 32
DI-206 ISDN Remote Router
You should have now connected the RS-232 cable to the console, the ISDN phone line, one or more Ethernet cables, and the power adapter.
At this point in the installation process you can now power up the console computer, run the terminal emulation software (if necessary), and then power up the DI-206.
Step 7 - Initial Configuration of the Router
After the console is properly connected and both devices are powered on as described in the preceding sections, you should see the router run through the power on self test (POST). Finally, it will arrive at the logon screen shown below. If the login screen does not appear, press <Ctrl> + <R> to refresh the screen.
20
n
Installatio
Page 33
DI-206 ISDN Remote Router
To log on to the router, use the factory set username and password “Admin” (without the quotes). Please note that the user name and password are case-sensitive.
Upon entering the username and password (using the <tab> key to jump to the next field), position the cursor on OK and press <Enter>. You will then see the following Main Menu:
Step 7 - Configuring the LAN Port
Preparing the router for connection to a LAN only requires enabling the LAN port, enabling IP networking, assigning the LAN port an IP address and enabling Telnet (if necessary). After the LAN port is configured, all other features on the router can be configured remotely through the LAN by using the included Windows-based Router
Installation 21
Page 34
DI-206 ISDN Remote Router
Configuration Utility or Telnet. Regardless, the router can always be configured using a console connected to the RS-232 Console port.
To configure the LAN:
1. The LAN port must be enabled in the Interface Configuration
sub-menu.
2. Enable IP Networking
Choose Interface Configuration, LAN. ♦ Position the cursor over the State item and press <space bar>.
The State will change from Disable to Enable.
Position the cursor on the SAVE option at the bottom of the
screen and press <Enter> to save the new setting.
Choose Exit in the sub-menus to return to the Main Menu.
22
n
Choose Network Configuration, IP Configuration.Position the cursor over the third item IP Networking and
press <space bar> to Enable it.
Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
3. Assign an IP address to the LAN port in the Network
Configuration sub-menu of the Main Menu.
Installatio
Page 35
DI-206 ISDN Remote Router
Still in Network Configuration, IP Configuration submenu
from Step 2 above, choose IP Stack Configuration, LAN.
Enter a valid IP address for the LAN in the first item. You may
also enter a Netmask if you wish. For more information about IP Addresses and Subnet masks, please refer to Appendix B, “IP Concepts.”
Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new setting.
Choose EXIT in the sub-menus to return to the Main Menu.
4. Enable the Telnet/Discovery function on the router.
From the Main Menu choose Advanced Functions.Choose the Telnet/Discovery Enable option and then Enable
Telnet State.
Position the cursor on the Save option at the bottom of the
screen and press <Enter> to save the new settings.
Choose Exit in the sub-menus to return to the Main Menu.
The router can now be accessed via the LAN by Telnet, the Web­based DI-206 Router Configuration Utility (included with the router) and other SNMP management applications.
If you have any questions regarding the settings you made or other settings in the submenus, please refer to the next chapter “Configuration and Management.”
Installation 23
Page 36
DI-206 ISDN Remote Router
Step 8 – Plugging in All Devices
You can now plug in and power on all other devices connected to the router. Do not power on the router yet.
The router is now able to use the LAN ports.
The router must be further configured in order to get the built-in ISDN modem to function properly, to perform other routing functions, and to manage your IP network. This can now be done by using the console, the included Web-based Configuration Utility or Telnet.
For more information about configuring or managing the router, please refer to the next chapter, “Configuration and Management.”
24
n
Installatio
Page 37
DI-206 ISDN Remote Router
Configuration and Management
After the initial startup (POST) test, the router will prompt you for login and password. This is the opening page of the router’s out-of-band configuration program, called the Console program. The Console program is stored in the Flash memory chips in the router and the settings are written in EEPROM chips in the router. It is the most basic level for configuring and managing the router and the network to which it is connected.
If you’re starting the router for the first time, the default login and password is “Admin” – the login and password are case-sensitive, alphanumeric characters.
Configuration and Management 25
Page 38
DI-206 ISDN Remote Router
Note that once you are in the Main Menu, if there is no activity for more than 5 minutes, the router will automatically log you out. Your first endeavor should be to increase the ‘timeout’ time by adjusting the appropriate value in the System Information sub-menu.
The router can also be configured remotely through a LAN or ISDN connection by using the included Router Configuration Utility or Telnet. However, if you wish to do this, the console program must first be used to initially configure the relevant port on the router. Please see Step 7 - Initial Configuration of the Router on page 20 of this manual for more detailed information.
Console Program Main Menu
The Main Menu is shown below.
26 Configuration and
Management
Page 39
As mentioned earlier, your first endeavor should be to increase the automatic timeout. Enter the System Information window to do this. You will see this screen:
System Information
This menu contains administrative and system-related information.
DI-206 ISDN Remote Router
The above parameters are described as follows:
System Description – This is a non-changeable, short description of the product.
System Object ID – This is the enterprise-specific MIB Object ID indicating this type of router.
System Up Time – Shows how long the router has been running since the last power off or reset.
Configuration and Management 27
Page 40
DI-206 ISDN Remote Router
System Contact – Enter the name of the department or individual responsible for maintaining the router.
System Name – Give the router a descriptive name for identification purposes.
System Location – Enter the geographic location of the router.
Console/Telnet Display Timeout in Minutes(0..90) – This is a
security measure to automatically logoff from the console menu after a given idle time. Enter a timeout time between 0 and 90 minutes. Zero specifies no timeout.
System MAC Address – The physical address of this router.
ISDN Switch Type – The type of ISDN switch used by the
telephone company that the DI-206 can communicate with. The DI­206 currently supports only the DSS1 switch type.
Interface Configuration
The second item on the Main Menu is the Interface Configuration screen, which is used to configure the LAN and ISDN interfaces:
28 Configuration and
Management
Page 41
LAN
DI-206 ISDN Remote Router
Configuration and Management 29
Page 42
DI-206 ISDN Remote Router
The parameters are described below:
Description – This is a user-defined, 32-character identifier used to name the LAN.
Operation Mode – The LAN port is 10BASE-T only.
State – This is a toggle, to Disable or Enable the LAN interface.
ISDN
The parameters are described below:
Description – This is a user-defined, 32-character identifier used to name the ISDN.
Switch Type – This parameter defines the type of ISDN service used. Currently, the DI-206 only supports DSS-1 type ISDN lines.
30 Configuration and
Management
Page 43
DI-206 ISDN Remote Router
B1 and B2 Channel Usage – This defines whether the ISDN line is a leased line or a normal switched line. If you are not using a leased line connection, set this item to Switch.
Country ID – This field needs to contain the country parameter. Without this information, the router cannot establish a connection. A list of country ID numbers is located in Appendix E, “Country ID Numbers.”
ISDN Data – This field must contain the incoming telephone number for data calls. In other words, it is your ISDN line’s data phone number.
A/B Adapter 1 and 2 – Enter the telephone numbers for your voice/analog lines.
Phone 1 and 2 Call Waiting – If you have applied for and received call waiting capabilities for your ISDN voice lines, you must enable these settings in order for the call waiting feature to function.
There are 4 special operations for using call waiting (flash means a very brief hanging up of the phone. In other words, for the first option below, flash 0, click the hang up button on your phone very quickly and then press the number 0 on your telephone’s keypad):
Flash 0 – disconnect the first phone call established. Flash 1 – disconnect the second phone call established. Flash 2 – switch between the two phone calls. Flash 3 – speak to both parties simultaneously (if conference calling
is enabled by your phone company).
POTS Lines – [Plain Old Telephone Service]. Enables or disables phone calls on the Phone 1 and Phone 2 jacks on the rear of the router.
Configuration and Management 31
Page 44
DI-206 ISDN Remote Router
Global Reception – When this is enabled, the Phone 1 and Phone 2 jacks will receive all phone calls directed to them by the telephone company’s switch. When disabled, the router will check incoming calls to the Phone 1 and 2 jacks against the telephone numbers specified in the A/B Adapter 1 and 2 fields above.
Block Outgoing CLID – When this is enabled, your ISDN data phone number and voice phone numbers will never be sent out when trying to establish a connection. Thus, even if sites being called have Caller ID, they still won’t be able to know your phone number.
Inbound Authentication – This defines the authorization protocol that will be used when accepting a dial-in connection. The choices are Password Authentication Protocol [PAP], Challenge Handshake Authentication Protocol [CHAP] or None. PAP and CHAP do not provide a screen for users to manually enter their Username and Password – instead, this data must be entered into the dialing software before placing the call. Make sure the device dialing in is using the same protocol as defined here. The None setting may be used when you do not wish dial-in users or networks to identify themselves or be subject to security.
Call Bumping – This setting only takes effect when both B channels are connected and using multi-link PPP. If this is the case and call bumping is enabled, when you receive an outgoing voice call, the second B channel will be dropped (with all traffic being moved to the first B channel) and the voice call will be received. If disabled, both B channels will continue their data transmissions uninterrupted and the voice call will be ignored.
State – Enables or disables the ISDN port.
32 Configuration and
Management
Page 45
Network Configuration
IP protocol configuration and static routes are configured in the Network Configuration sub-menu. This menu is shown below:
DI-206 ISDN Remote Router
Select IP Configuration and the following screen opens:
Configuration and Management 33
Page 46
DI-206 ISDN Remote Router
IP Stack Configuration
The network interface IP address, mask and protocols are specified in the IP Stack Configuration submenus. Below, the screens for both the LAN and ISDN interfaces are shown.
34 Configuration and
Management
Page 47
DI-206 ISDN Remote Router
The parameters are described below:
Configuration and Management 35
Page 48
DI-206 ISDN Remote Router
IP Address – This is the IP address for the router on the network to which this interface is connected.
Netmask – This is a 32-bit bit mask that shows how the IP address is to be divided into network, subnet and host parts. The netmask has ones in the bit positions in the 32-bit address which are to be used for the network and subnet parts, and zeros for the host part. The mask should contain at least the standard network portion (as determined by the address's class), and the subnet field should be contiguous with the network portion.
Forwarding (LAN) – This enables or disables communications between this router and other router(s) on the LAN.
State (ISDN) – This is a link method between this interface and adjacent router(s). The methods are described:
1. AUTO – This obtains and utilizes the IP address assignment
from your ISP (Internet Service Provider).
2. DISABLE – This disables this interface.
3. IP STACK – This enables this interface, and the IP address
used will be the value of the parameter, IP Address.
4. UNNUMBER – This utilizes a method of connecting this router
with adjacent routers, without having to define an IP network prefix between them. The adjacent routers must have UNNUMBER capability too.
Routing Protocol – This is a distance vector routing protocol. RIP is an Internet standard Interior Gateway Protocol defined in RFC 1058 and RFC 1723. Routing information is sent periodically (each 30 seconds, or triggered by topology change) to an adjacent router. The adjacent router must be using the same protocol. Setting this to
36 Configuration and
Management
Page 49
DI-206 ISDN Remote Router
RIPV1&V2 will give the router the ability to make routing
information exchanges with any adjacent router.
Routing Mode – This parameter allows the router to specify the extent to which it partakes in the RIP on this port. The options are described below:
1. None – The router will not participate in any RIP exchange with
adjacent routers.
2. Listen – The router will incorporate routing information from
adjacent routers, but will not send its own routing table.
3. Talk – The router will send adjacent routers its own routing
table, but will not incorporate routing information from them.
4. Both – The router will incorporate routing information from
adjacent routers, and will send adjacent routers it’s own routing table.
IP Multicasting – This feature enables or disables the router’s ability to route IP Multicast packets from one interface to another (for example, from the LAN ports to the ISDN port). IP Multicasting is a bandwidth-saving method for transmitting data to more than one host. IP Multicasting is often used when sending/receiving audio or video data. When IP Multicasting is enabled, the router will search its multicast forwarding table and depending on the result of the search will either forward the packet or add the group to the table. If IP Multicasting is disabled, all multicast packets received by the router will be dropped, effectively limiting multicasting to the LAN. The router can also perform DVMRP if this feature is enabled (see Multicast Protocol below), which allows the DI-206 to share multicast information with other routers, enabling IP multicasting over the ISDN port.
Configuration and Management 37
Page 50
DI-206 ISDN Remote Router
Multicast Protocol – If this parameter is set to None, the router will only use the Internet Group Management Protocol (IGMP), if IP Multicasting is enabled above. This effectively limits multicast data to the local network. If set to DVMRP (Distance Vector Multicast Routing Protocol), the router will also use this protocol to share its multicast information with other routers (much like RIP), in effect, enabling multicasting on the WAN (ISDN) port.
IGMP Version – Configures the router to use either IGMP version 1 or 2. A major difference between the two is that version 2 allows the router to communicate multicast information with other routers (via the ISDN port), even if the other router isn’t using DVMRP.
DHCP Client (LAN) – This feature allows the LAN port to be assigned an IP address from a DHCP server other than the one in the router. This feature should be enabled only for special configurations (such as the presence of a cable modem on the LAN) where you wish the router to work with a device on the network that must act as a DHCP server. Otherwise, this feature should be kept disabled.
RIP Spoofing (ISDN) – This feature should only be enabled if you have more than one router on your network and this router is providing your WAN connection. In this case, if the WAN connection is dropped due to inactivity and this feature is enabled, RIP packets will be sent to the other routers on the network telling them that data can still be sent to the WAN via this router. Otherwise, the other routers will learn that the WAN link has been disconnected and will no longer forward packets destined for the WAN to this router, causing the packets to be dropped before Bandwidth on Demand has a chance to reestablish the WAN connection.
38 Configuration and
Management
Page 51
IP Static Route
A static route is a permanent entry in the routing table. Static routing provides a means of explicitly defining the next hop router for a particular destination network IP address. Each static route entry also allows for a metric (a.k.a. hop count) to be specified.
DI-206 ISDN Remote Router
The parameters are described below:
IP Address – This specifies the destination network IP address (or a host, depending on the netmask) and pairs it with a gateway.
Netmask – This mask shows how the destination IP address is to be divided into network, subnet and host parts. The netmask has ones in the bit positions in the 32-bit address which are to be used for the network and subnet parts, and zeros for the host part.
Configuration and Management 39
Page 52
DI-206 ISDN Remote Router
Gateway – This is the adjacent next hop router, for which the packets, arriving to this router with this destination IP address, will be forwarded.
Hops – This is an associated RIP metric that may have its value set between 1 and 15, inclusive. A metric value higher than 15 (such as
16) means that the network is unreachable.
Intf – This is the network interface containing the gateway that the packets will be forwarded through.
State – This enables/disables a particular entry.
IP Static Route Examples
The IP Static Route Table shown in the IP Static Route screen above has the first three entries configured for common implementations of static routing.
The first entry assumes that ISDN1 has a connection to the Internet and defines the default next hop router. If you use this router to connect to the Internet it is very important that you create an entry here that defines the default next hop router as your ISP. This configuration is also commonly used when RIP exchanges with other Internet routers (on ISDN1) are disabled.
The second entry shows how to configure static routes when there is another router on the LAN. The IP Address shown (202.12.125.0) is the network address for a branch office, for example. The Gateway Address (210.172.23.1) is the IP address to the LAN port on another router on the LAN that maintains an ISDN connection to the branch office.
40 Configuration and
Management
Page 53
The third entry is an example of an enterprise ISDN connection (through telephone lines) to another router, at a branch office for example. The IP Address is the network address of the branch office. The Gateway Address is the IP Address of the ISDN port on the branch office router. This configuration assumes there is a modem on ISDN2 maintaining a dial-up connection to the branch office.
IP Networking
Under the IP Configuration sub-menu, the IP Networking function can toggle to connect or disconnect this router from the entire IP network.
When IP Networking is disabled, all routing functions are stopped. The only IP Address the router will act on is its own, via Telnet for example.
Router Advertisement
DI-206 ISDN Remote Router
When this option is enabled, the router will periodically send out ICMP packets that announce itself on the network. These ICMP packets are utilized by the Windows 98 or later operating system, which will automatically update the default gateway setting on the computer in which it is installed.
SNMP Agent Configuration
The Simple Network Management Protocol (SNMP), defined in STD 15, RFC 1157, is a protocol governing the management and the monitoring of IP network devices and their functions. The DI-206 supports the use of SNMP to acknowledge communication between management stations and itself. Basically, the DI-206, when connected
Configuration and Management 41
Page 54
DI-206 ISDN Remote Router
to the network, acts as an SNMP agent, a software process that responds to queries using SNMP to provide status and statistics about the router.
Following is a description of how to configure the DI-206 for SNMP management.
From the Main Menu, select SNMP Agent Configuration. This will bring you to the SNMP Agent Configuration menu, shown above.
SNMP Community Configuration
Select and enter the SNMP Community Configuration sub-menu. You will see the following configuration screen:
42 Configuration and
Management
Page 55
DI-206 ISDN Remote Router
The parameters are described below:
SNMP Community String – This community string is a user- defined identifying name used to group together some arbitrary set of SNMP application entities managed by the network manager.
Access Right – This element of the set {Read Only, Read/Write} is called the SNMP access mode. If the SNMP Community String has an Access Right of Read/Write, then that Community String is available as an operand for the get, set, and trap operations. Otherwise, if the Community String’s corresponding Access Right is Read Only, then it is available as an operand for the get and trap operations only.
Status – This validates or invalidates the use SNMP Community String, by setting the string to Valid or Invalid. Note that setting the use of the string to Invalid is the same as removing the string, however, the string remains so as to be validated at an appropriate time.
Configuration and Management 43
Page 56
DI-206 ISDN Remote Router
SNMP Trap Manager Configuration
From the SNMP Agent Configuration menu, select and enter the SNMP Trap Manager sub-menu. You will see the following
configuration screen:
The parameters are described below:
IP Address – Enter the IP address of the host who will act as an SNMP Management Station. The DI-206 router will send SNMP traps to these addresses.
SNMP Community String – The community string is a user- defined identifying name used to group together some arbitrary set of SNMP application entities managed by the network manager. Traps will be sent to the IP Address (previous parameter) as long as the corresponding Community String, in the Management Station’s trap manager software, is the same.
44 Configuration and
Management
Page 57
State – This validates or invalidates the use of the SNMP Community String, by setting the use of the string to Valid or Invalid. Note that setting the string to Invalid is the same as removing the string, however, the string remains so as to be validated again at an appropriate time.
SNMP Authenticated Trap
Returning to the SNMP Agent Configuration menu, you can Enable or Disable an authentication failure trap message being sent to the Management Station by the router. When an SNMP packet with an invalid community name is received, it will be dropped. If this parameter is enabled, a trap will be sent to the network manager; if this parameter is disabled, no trap will be sent.
Advanced Functions
The Advanced Functions menu contains most of the more complex configuration settings and is shown below:
DI-206 ISDN Remote Router
Configuration and Management 45
Page 58
DI-206 ISDN Remote Router
Remote Access Configuration
The Remote Access Configuration menu is used to set up the router for dial-in and dial-out connections over the ISDN line. An ISDN line has a D channel for establishing connections and two B (Bearer) channels, which transmit and receive the actual signals, whether voice or data. The two B channels can support two independent remote connections or be banded together using Multi-link PPP to implement Bandwidth on Demand (configured separately in the Multi-Link PPP Configuration menu, the last item in the Advanced Functions window).
The B-Channels can also carry voice and fax calls, which are routed to the telephone jacks located on the rear of the router. Please note, however, that the DI-206 can maintain only two connections at a time
46 Configuration and
Management
Page 59
via the two B channels, whether the connections are voice, data, dial-in users, remote networks or a combination thereof.
Remote Operation Overview
The DI-206 is very flexible and can be configured for a variety of remote connections. Since configuring the router can be quite complex ­depending on the number and type of remote connection(s) you wish to implement – we have described some of the basic functions and procedures below.
Dial-In User Connections
Dial-in users are defined as a single user on a computer, such as a person working at home, who dials into the office to use network resources. In almost all cases, a Dial-In User Profile needs to be set up for each user who will dial in to the router so the router can tailor the connection for each user. Once this is done, the remote user will be able to use network resources as if he were connected locally. When the user dials into the DI-206, the call comes into the D-channel and after answering the phone, the DI-206:
DI-206 ISDN Remote Router
1. Identifies the Username and Password using the authentication protocol defined in
the Interface Configuration, ISDN submenu. The dial-in user is not prompted for this information, but must enter it into his dialing software before dialing.
2. Checks the Username and Password against those defined in the Dial-In User
Profiles and Remote Network Profiles.
3. Assuming a matching Dial-In User Profile is found, the router may configure the IP
address of the remote station (as defined in the Dial-In User Profile).
4. Configures a dial-in Interface (a virtual circuit) to handle the connection.
5. Establishes the connection on whichever B-channel (physical port) is open by
mapping the dial-in interface to that port.
Configuration and Management 47
Page 60
DI-206 ISDN Remote Router
6. In the case where the Dial-In User does not need to supply a Username and
Password (Auth Type is set to None in the Interface Configuration submenu) the remote computer must have its own IP address.
Remote Network Connections
Remote networks are defined as other networks (LANs) that have WAN connections using a router, Internet server, network modem or similar device (in this document however, we will assume the remote device is a router). In almost all cases, a Remote Network Profile needs to be set up for each network that will connect to the DI-206 via the ISDN lines. The Remote Network Profiles are necessary for the router to identify and tailor the connection to the remote network’s router. Once this is done, a connection between the two routers can be made and computers on each network can communicate with each other.
Dial-In Network Connections
A dial-in network connection is very similar to a dial-in user connection. When the remote router dials into the DI-206, the call comes into the D-channel and after answering the phone, the DI-206:
1. Identifies the Username and Password using the authentication protocol defined in
the Interface Configuration, ISDN submenu.
2. Checks the Username and Password against those defined in the Dial-In User
Profiles and Remote Network Profiles.
3. Assuming a matching Remote Network Profile is found, the router may configure the
IP address of the remote station (as defined in the Remote Network Profile).
4. Configures the specified ISDN Interface (a virtual circuit) using the configuration
parameters defined in the Interface Configuration menu and the Remote Network Profile to handle the connection.
5. Establishes the connection on whichever B-channel (physical port) is open by
mapping the dial-in interface to that port.
48 Configuration and
Management
Page 61
DI-206 ISDN Remote Router
Dial-Out Network Connections
Dial-out network connections are much different than dial-in connections.
When a packet on the LAN reaches the router, the DI-206 will:
1. Check its routing table to try to identify where this packet should go. It looks for
two variables in the routing table, Gateway address and Interface. There are four possible results: I. In the case where the destination resides in the same IP network on the LAN,
the routing engine never acts on the packet and it is sent directly to the destination through the built-in hub.
II. In the case where the destination resides on a different IP network on the LAN
(which can happen when Multiple Home Configuration is set up), the router will send out an ARP request to obtain the MAC address of the destination computer (or router) and deliver the packet. Note that defining Static ARPs can speed up delivery since the router won’t need to send out an ARP request.
III. In the case where the router finds a match in the routing table (which includes
IP Static Routes), it uses the Gateway address and Interface numbers to identify the correct Remote Network Profile to use to dial out. From the Remote Network Profile, the router gets the telephone number and other information and dials out, establishes a connection and delivers the packet. If you have a connection to the Internet, it is very important that you define the default next hop router in the IP Static Routes submenu of the console program as your ISP (see the IP Static Routes section of this manual for more detailed configuration information). This is because if a user on your LAN makes a request to download a web page for the first time, for instance, since it is the first time, the DI-206 will not have any record of the web page’s IP address. If no default next hop router is defined, the request will be dropped and the user will get a ‘Destination Unreachable’ error message. However, if a default next hop router is defined in the IP Static Routes, the DI-206 will pass this request on to the ISP (the request will go through) and the user will receive the web page.
Configuration and Management 49
Page 62
DI-206 ISDN Remote Router
IV. In the case where there is no match for the destination IP address in the routing
The Remote Access Configuration submenu is shown below. All items in the submenu are described as follows.
table, and no default next hop router is defined, the packet will be dropped and no action will be taken.
50 Configuration and
Management
Page 63
Dial Configuration
You can configure the two ISDN interfaces on your DI-206 to dial-out only when a packet is forwarded to that interface, and hang up after all data has been transferred and the link is idle. This can be used to lower the cost of an unpopular link or used as a backup link to your ISP. This feature is commonly called “Dial on Demand”. ISDN interfaces can also be configured here to receive calls from dial in users and other networks, called “Remote Access”. Please note however, that in all cases, after configuring the ISDN Links in the Dial Configuration submenu, they must be further configured in the Dial-In User Profile submenu or Remote Network Profile submenu.
DI-206 ISDN Remote Router
Dial In IP Pool
The dial in IP pool allows you to define a range of IP addresses that will be reserved for and assigned to dial-in users.
Configuration and Management 51
Page 64
DI-206 ISDN Remote Router
The items are described as follows:
IP Address – This is the first IP Address that will be assigned to a dial-in user.
Range – This is the number of IP Addresses that can be assigned. In the window shown above, dial-in users will be assigned the IP Addresses 170.100.200.1 or 170.100.200.2 (only two are necessary since the router used in the examples has only two ISDN ports).
ISDN Link 1
This submenu contains a number of settings (shown below) which allow you to configure the router to dial out.
52 Configuration and
Management
Page 65
DI-206 ISDN Remote Router
The parameters are described below:
Dial Retry Time – This is the time (in seconds) the router will wait before the next dial attempt.
Dial Retry Count – This is the specified maximum number of dial attempts the router will make when trying to establish a connection on this interface.
Call Back Delay – This is the time (in seconds) the router will wait before a remote user is called back.
Dial-In User Profile
The Dial-In User Profile is used to configure the DI-206 for single users (for example a person working at home) to dial in to the router and gain access to the network. At least one User Profile must be configured for each user who will dial in (in conjunction with Dial Configuration
Configuration and Management 53
Page 66
DI-206 ISDN Remote Router
settings). Please note that WAN connections to computers on other networks must be defined in the Remote Network Profile submenu.
Up to eight users can be set up to dial in to the router. However, more dial-in users can be accommodated by using a Radius server as described in the Radius Configuration section of this manual. Please note that when a Radius server is being used, the Dial-in User Profiles will be disabled.
The Dial-In User Profile submenu appears below:
Select a dial-in user from the screen above.
54 Configuration and
Management
Page 67
DI-206 ISDN Remote Router
The parameters in the above window are described as follows:
Name – The maximum length is 64 characters. This username is for password challenges (authentication). The user dialing in must supply this username in order to be allowed access to the router.
Password – This is the password associated with the above Name field.
Rem CLID – Remote Caller ID. This is the telephone number of the Remote User and is used for security. When a phone number is entered in this field, the router will make sure that the incoming call is coming from the same phone number as the one defined here. In other words, the remote user can only be calling from the telephone number defined here, otherwise the call will not be accepted. This function is disabled if the field is left blank.
Configuration and Management 55
Page 68
DI-206 ISDN Remote Router
Default IP – This is the IP address that will be assigned to the dial- in user when the IP Address Supply setting below is set to Default. Assigning an IP address to the remote computer ensures that the IP address does not clash with other IP addresses on your network.
IP Address Supply – This field defines how the remote user will obtain an IP address. The choices include:
Default – Uses the Default IP address defined above, Dynamic - Taken from the Dial In IP pool, or None - The remote user supplies his own IP Address.
Call Back – This field determines if the router will allow call back to the Remote Dial-In User upon dial-in. If this option is enabled, the router will be able to call back to the Remote Dial-In User if they request it. In such a case, the router will disconnect the initial call from this user and dial back to the specified call back number. The default is no call back.
Phone Number Supplied by – Toggle between Router and Caller.
Phone Number – If Router is selected above, then this phone number is usually provided by the person who initially set up the router. If Caller is selected, you must enter the phone number that will be called back yourself.
Idle Time – This is the elapsed time (in seconds) since the last valid or active packets have gone through the router. This setting will trigger the router to disconnect this interface when it is reached.
State – Enables or disables this User Profile.
56 Configuration and
Management
Page 69
Remote Network Profile
The Remote Network Profile is used to configure the router for ISDN connections to other networks. In practice, the DI-206 will either dial­out to or receive incoming calls from another router, the ‘gateway’ to the other network.
DI-206 ISDN Remote Router
Select the desired entry from the screen above:
Configuration and Management 57
Page 70
DI-206 ISDN Remote Router
The parameters in the above window are described as follows:
Remote Name – Name for the remote network that the DI-206 is being set up to connect with.
Direction – Dial-[In], dial-[Out], or [Both]. This field defines whether the router on the other network will dial-[In] to the DI-206 to establish a connection, the DI-206 will dial-[Out] to the other network, or a connection can be established [Both] ways.
When this is set to In, the DI-206 will only establish a connection with the other network by receiving calls on the ISDN port specified in the Interface field below. Also, the incoming calls will be subject to the Name, Password and Rem CLID fields in the Incoming section below.
When this is set to Out, the router will only make calls on the ISDN interface specified in the Interface field below. Also, the outgoing
58 Configuration and
Management
Page 71
DI-206 ISDN Remote Router
calls will be subject to the Name, Password and Phone Number fields in the Outgoing section below.
When set to Both, the dial in and dial out conditions described above will both be observed.
Interface – ISDN Link 1 [ISDN L1] or ISDN Link 2 [ISDN L2]. This field is used to assign a remote network to a logical (virtual) interface called a virtual circuit. More than one remote network can be configured to use the same interface, but they cannot be connected at the same time. Thus, if you wish to have two WAN connections operate simultaneously, make sure they are configured on different interfaces. On the other hand, if you have two dial-out remote network profiles but wish to keep one line always open for dial-in users, make sure the two dial-out profiles use the same interface. In this case, the two profiles will share the same interface; the second one using it after the first one’s idle time has expired and it has relinquished it.
Phone - This is the telephone number that will be dialed to make the outgoing connection.
Idle Time – This is the elapsed time (in seconds), of inactivity, that will trigger the router to disconnect this interface.
Set Peer IP as Default Gateway – When enabled, this feature sets the IP address of the remote device as the default gateway (default next hop router) for all packets not found in the routing table. This option should be enabled for the ISDN circuit (ISDN1 or ISDN2) that is used to connect to the Internet. Also, if the Peer IP is set as the default gateway here, you still need to define a static default route in the Network Configuration, IP Static Route submenu, but you don’t need to designate a gateway IP address for the static route (the routers will automatically negotiate and adjust
Configuration and Management 59
Page 72
DI-206 ISDN Remote Router
the gateway IP setting accordingly). And also make sure that the Remote IP Address in the Remote Networks Profile is set to
0.0.0.0. Note that only one ISDN circuit should be connected to the Internet, and only one ISDN circuit (the same one) should be the default gateway.
Incoming
Name – The maximum length is 64 characters. This username
Password – This is the password associated with the above
Rem CLID – Remote Caller ID. This is the telephone number
is for password challenges (authentication). The user dialing in must supply this username in order to be allowed access to the router.
Name field.
of the Remote User and is used for security. When a phone number is entered in this field, the router will make sure that the incoming call is coming from the same phone number as the one defined here. In other words, the remote user can only be calling from the telephone number defined here, otherwise the call will not be accepted. This function is disabled if the field is left blank.
Call Back – This field determines whether the router calls back
after receiving a call from this Remote Network Profile. If this option is enabled, the router will disconnect the initial call and call back to the phone number that you provide. Note that this field will be valid only if the Direction setting above is Both.
Outgoing
Name – The maximum length is 64 characters. Spaces and
punctuation are not usually accepted. This username is for
60 Configuration and
Management
Page 73
DI-206 ISDN Remote Router
password challenges (authentication) which are automatically handled by the router when dialing out. The DI-206 will use PAP and CHAP (whichever works) to make the connection.
Password – This is the password associated with the above
Name field.
Remote IP Address – This is the IP address that will be assigned to the dial-in network when the IP Address Supply setting below is set to Default. Assigning an IP address to the router dialing in ensures that the IP address does not clash with other IP addresses on your network. For dial out connections utilizing dial on demand, the IP address of the remote router needs to be entered here so the router knows which remote network to establish a connection with to deliver the packet.
IP Address Supply – This field defines how the router will assign an IP address to a device dialing in. The choices include:
Default – Uses the Remote IP address defined above, Dynamic - Taken from the Dial In IP pool, or None - The remote user supplies their own IP Address.
Multi-Link PPP – Enables/disables multi-link PPP on this port. Individual ISDN ports can be set to join the MLPPP bundle by enabling Multi-Link on each port. When enabled, the port will join the MLPPP bundle. Please note that the DI-206 contains only one MLPPP bundle. All ports taking part in MLPPP, even the first or primary port which initially establishes the connection, must have Multi-Link enabled. The ISDN port that first established the connection is the Primary ISDN Port and will not disconnect due to a BOD Low Threshold event, but is subject to Dial on Demand (DOD) settings.
Configuration and Management 61
Page 74
DI-206 ISDN Remote Router
Compression – Enables or disables Stac compression. This is an industry standard using a 4:1 compression scheme. When enabled, the router will try to use Stac compression on the designated ISDN port whenever possible. If the destination device is not capable of using Stac compression, the two devices will still communicate, albeit without using Stac compression. When disabled, Stac compression will never be used on this port.
State – Enables or disables this Remote Network Profile.
Select Connect Test at the bottom of the screen to test if your setup is correct.
DHCP Configuration
The DI-206 Router implements the Dynamic Host Configuration Protocol (DHCP), which allows the entire IP network to be centrally managed by the router. It does this by assigning IP addresses and configuration parameters to hosts as they are powered on and come onto the network. This can be a great help for network administration since many administrative tasks such as keeping track of each computer’s IP address are handled by the router. The DI-206 can implement DHCP in one of the two ways shown below:
62 Configuration and
Management
Page 75
DHCP Server Configuration
When acting as a DHCP server, the DI-206 will manage many of the IP network parameters. The DI-206 will never assign a broadcast or network IP addresses to hosts, even if such an address is included in the specified range. The following is the DHCP Server Configuration screen:
DI-206 ISDN Remote Router
Configuration and Management 63
Page 76
DI-206 ISDN Remote Router
Dynamic IP Pool
The Dynamic IP Pool screen shown below contains the parameters that the router can set on the hosts. Please note that the Dynamic IP Pool cannot be enabled when the DHCP Agent feature is enabled.
64 Configuration and
Management
Page 77
DI-206 ISDN Remote Router
The parameters are described below:
IP Address – This is the base (starting) address for the IP pool of IP addresses to be assigned.
Range – This is the range of contiguous, IP addresses, above the base IP Address above. In the above example, the IP addresses assigned host computers as they come onto the network would be
202.93.47.1, 202.93.47.2 … 202.93.47.100.
Netmask – This mask informs the client, how the destination IP address is to be divided into network, subnet and host parts. The netmask has ones in the bit positions in the 32-bit address which are to be used for the network and subnet parts, and zeros for the host part.
Gateway – This specifies the Gateway IP Address that will be assigned to and used by the DHCP clients.
Configuration and Management 65
Page 78
DI-206 ISDN Remote Router
Lease Time – This specifies the number of hours a client can lease an IP address, from the dynamically allocated IP pool. The maximum value is 65535 and a value of 0 means the lease is permanent.
DNS IP – This specifies the Domain Name System server, used by the DHCP clients using leased IP addresses, to translate hostnames into IP addresses or vice-versa.
WINS IP – This specifies the IP address of the Windows Internet Naming Service server. This server has software that resolves NetBIOS names to IP addresses.
Domain Name – This is the common suffix, shared by networked hosts, used to represent a common network domain.
State – This enables or disables the dynamic IP Pool function.
Static IP Pool
The Static IP Pool configuration functions in much the same way as the Dynamic IP Pool configuration. The only difference is that a particular IP address can be assigned to a particular host. This is used for hosts such as servers that need to have static IP addresses to function properly or to make them accessible to remote users. The host is identified by the MAC address of its NIC, which must be entered on this screen.
66 Configuration and
Management
Page 79
DI-206 ISDN Remote Router
Select an entry from the screen above and press <Enter>. The following screen appears:
Configuration and Management 67
Page 80
DI-206 ISDN Remote Router
The parameters above are described below:
IP Address – This is the static IP address to be assigned.
MAC Address – This specifies the physical address of the
particular host that will receive the above IP address.
All other parameters (Netmask, Gateway, DNS IP, WINS IP, State, & Domain Name) are identical to those in Dynamic IP Pool screen in the previous section.
DHCP Relay Agent
The DHCP Relay Agent feature allows the DI-206 to act as a go­between for a remote DHCP server assigning IP addresses to local clients. This can be useful if you wish to have all IP addresses in your company, including those in branch offices, assigned from a DHCP server centrally located at your headquarters, for example.
68 Configuration and
Management
Page 81
Items are described as follows:
DHCP Server IP Address – This is the IP address of the remote DHCP server. When a local computer powers up and sends a DHCP request for an IP address, the DI-206 will forward the request to the address specified here.
Time Threshold – This specifies the maximum amount of time (in seconds) since the host began requesting an IP address. If the value define here is exceeded, the relay agent will not pass along the request from the host.
State – Enables or disables the DHCP Relay Agent function.
Filter Configuration
Your DI-206 uses filters (configurable at two layers) to screen packet data, and apply a routing decision. There are two methods for configuring filters: you can configure a filter at the network layer (IP filter) to restrict access between networks and reduce unnecessary internetwork traffic; and you can configure a filter at the data-link layer (a general filter) to provide a protocol independent filter.
DI-206 ISDN Remote Router
Good knowledge of network protocols is required to configure a specific filter appropriately. It is important for the router to operate correctly, therefore, necessary packets must be allowed to pass through the filters. In other words, do not attempt to configure filters on a utilized router unless you understand what you are doing.
The following section describes how to configure the router filter parameters.
Configuration and Management 69
Page 82
DI-206 ISDN Remote Router
Configuring a Filter Set
Under the Advanced Functions menu, select Filter Configuration. You will see the following screen:
The three sub-menus are described as follows:
Filter State of Interface – This is used to choose the default, routing decisions for packets, not meeting the criteria for specific filters.
Layer 2 Filter – This is a data-link layer (protocol independent) filter. Foreknowledge of the specific protocol, used on the interface (LAN or WANs), is needed to make effective use of this filter.
IP Filter – This is an IP protocol specific filter, allowing you to, among other things, prohibit specific packets from entering the LAN.
70 Configuration and
Management
Page 83
Alternatively, you can set up filters that allow certain types of IP packets to enter the LAN.
Filter State of Interface
The Filter State of Interface sub-menu lets you disable a filter, or, for packets that have not met the corresponding criteria, to forward or drop packets.
DI-206 ISDN Remote Router
Each decision on handling packets is described below:
1. DisableWill not apply a filter.
2. ForwardThis allows the routing of a packet, even though it
has not met the criteria of the corresponding filter.
3. Drop – This drops (doesn’t allow routing for) a packet that has
not met the criteria for the corresponding filter.
Configuration and Management 71
Page 84
DI-206 ISDN Remote Router
Layer 2 Filter
The Layer 2 Filter sub-menu contains a protocol independent (data- link layer) filter. Foreknowledge of the specific protocol used on the interface (LAN or WANs) is needed to make effective use of this filter.
Select an entry above and then press <Enter>. The following screen appears:
72 Configuration and
Management
Page 85
DI-206 ISDN Remote Router
The parameters of a filter are described below:
Name – This is a 12 character (maximum), alphanumeric, user- defined name, used to identify the filter.
Direction – This defines the direction of the frame relative to the Interface parameter below.
State – This is used to choose the routing decision applied to the frame. The three decisions are described:
1. forward –This allows the routing of the frame, if it has met the
criteria of the corresponding filter.
2. drop – This drops (doesn’t allow routing for) a specific frame
that has met the criteria of the corresponding filter.
3. disable – This does not apply the protocol independent filter.
Interface – This applies the filter to a specific interface, either LAN or one of the ISDN interfaces.
Configuration and Management 73
Page 86
DI-206 ISDN Remote Router
Offset – This defines the reference byte for the Length parameter (described below). The Offset is the number of bytes (octets) from the beginning of the first byte of the frame header, immediately after the preamble. The range of the offset parameter is from 0 to 255 octets. The first byte in a packet has an offset 0.
Length – This is the number of bytes (octets) from 0 to 8 to compare from the offset value (the Offset reference byte).
Value – This is a 16 digit, hexadecimal field, defining the actual bit values used to compare with the frame data, at the specified (Offset) position.
Mask – This is a 16 digit, hexadecimal bit mask, used as an operand in the bit-wise AND operation that will be applied to the Value parameter.
IP Filter
The IP Filter is specifically an IP protocols filter, allowing you to, among other things, firewall your network, prohibiting specific packets from entering or going out from your network. It is necessary to have good knowledge of IP protocol before effectively configuring this filter.
74 Configuration and
Management
Page 87
DI-206 ISDN Remote Router
Select an entry above and then press <Enter>. The following screen appears:
Configuration and Management 75
Page 88
DI-206 ISDN Remote Router
The IP Filter parameters are described below:
Name – This is a 12 character (maximum), alphanumeric, user- defined name, used to identify the filter.
Direction – This defines the direction of the packet relative to the Interface parameter below.
State – This is used to define the routing decision applied to the packet. The three routing decisions are described:
1. forward – This allows the routing of the packet, if it has met the
2. drop – This drops (doesn’t allow routing for) a specific packet
3. disable – This does not apply the IP filter.
Interface – This applies the filter to a specific interface, LAN or one of the ISDN interfaces.
criteria of the corresponding filter.
that has met the criteria of the corresponding filter.
Protocol Type – This is a protocol identifier, as assigned by the Internet Assigned Numbers Authority (IANA). The values of this identifier are described in RFC-1700. This router supports the following:
1 – This is Internet Control Message (ICMP), defined in RFC 792. 6 – This is Transmission Control (TCP), defined in RFC 793. 17 – This is User Datagram (UDP), defined in RFC 798.
Src IP – This is the source address in the IP header of this packet.
76 Configuration and
Management
Page 89
DI-206 ISDN Remote Router
Src Netmask – This mask is bit-wise AND’d with the source IP address and bit-wise AND’d with the IP address of the incoming interface. The two results are then compared.
Dst IP – This is the destination address in the IP header of the packet.
Dst Netmask – This mask is bit-wise AND’d with the destination IP address and bit-wise AND’d with the IP address of the incoming interface. The two results are then compared.
Dst Port – This is the destination port, in the TCP or UDP header, of the packet.
Operation – This comparison operation is applied to the destination port (the Dst Port parameter) value, of the TCP or UDP header.
ICMP Type – This is the type field, in the ICMP header, used to identify a particular ICMP message.
ICMP Code – This is the code field, in the ICMP header, used to further specify the ICMP type.
TCP Flag – This is a hex number, representing the six flag bits in the TCP header. The value range is from 0 to 3F.
Multiple Home Configuration
Besides the IP address assigned to the LAN interface in the Network Configuration menu, the LAN may have up to 3 additional IP
interfaces. These additional IP interfaces are referred to as MIP1 to MIP3. This type of configuration is known as a multiple home configuration.
Configuration and Management 77
Page 90
DI-206 ISDN Remote Router
Multiple Home can be demonstrated by this example:
A company has 625 users (computers) all connected to one physical network using Ethernet. However, the company only has one Class C IP network address, 202.100.160.0. This network address will only support 254 users. To solve the shortage of IP address problem and to plan for future growth, the company applies for and receives two more Class C IP network addresses, 203.101.161.0 and 204.102.162.0. This gives the company a total of 254 x 3 = 762 IP Addresses, which it assigns to the computer users, with a few left over for future needs. Due to the nature of IP networks, however, the users in one IP network domain (202.100.160.0, for example) cannot communicate with users on a different IP domain (203.101.161.0). Multiple home solves this problem. When you register the additional IP network addresses in the Multiple Home Configuration menu on the router, the router will route data between the three IP networks using the single LAN.
78 Configuration and
Management
Page 91
DI-206 ISDN Remote Router
In this router, multiple home configurations only apply to the LAN interface.
The parameters are described below:
IP Address – This is a network IP address of a separate IP network on the LAN.
Routing Protocol – This is the same as in the Network Configuration screen section. Keep in mind that these exchanges
are made with adjacent routers on the LAN, if present.
IP Multicasting – This enables/disables IP multicasting on the IP network you are defining.
All other parameters (Netmask, Routing Mode, Multicast Protocol and IGMP Version) are identical to those in the Network Configuration, IP Stack Configuration, ISDN screen section.
Configuration and Management 79
Page 92
DI-206 ISDN Remote Router
Static ARP
This special function is intended to speed up the process of finding a host's Ethernet (MAC) address from its network address, and provides a special condition – any other host acting as an impostor by using the same IP address as the legitimate host, will be ignored by this router.
Basically, when a packet comes into the router from the ISDN line and is destined for a host on the LAN, the router will use information defined here to immediately send the packet to the host rather than send out an ARP request to find the host’s MAC address.
Select an entry above and then press <Enter>. The following screen appears:
80 Configuration and
Management
Page 93
DI-206 ISDN Remote Router
The parameters are described as follows:
IP Address – This is the IP address of the host you wish to define a static ARP for.
MAC Address – This is the physical address of the host that is the authorized owner of the IP address.
State – This toggles enable and disable.
Configuration and Management 81
Page 94
DI-206 ISDN Remote Router
NAT Configuration
Network Address Translation (NAT) is a routing protocol that allows your network to become a private network that is isolated from, yet connected to the Internet. It does this by changing the IP address of packets from a global IP address usable on the Internet to a local IP address usable on your private network (but not on the Internet) and vice-versa.
NAT has two major benefits. First, NAT allows many users to access the Internet using a small number or even a single global IP address. This can greatly reduce the costs associated with Internet access and also helps alleviate the current shortage of Internet IP addresses. Secondly, the NAT process creates a firewall which hides your local network from Internet users, providing a degree of security to your Internet connection.
To be successfully implemented, NAT should be used only when the majority of network traffic remains on the local network. In cases where a large percentage of network traffic is destined for the Internet, NAT can adversely affect the speed and performance of your Internet connection. Also, your network servers such as ftp servers, web servers or mail servers will probably need to be assigned static NAT IP addresses so their IP addresses remain consistent. This issue will be further discussed later.
Network Address Port Translation (NAPT) is a subset of NAT where many local IP addresses and their TCP/UDP port numbers are translated to a single global IP address and it’s TCP/UDP port number. In this document, the term NAT will refer to both NAT and NAPT unless otherwise stated.
82 Configuration and
Management
Page 95
NAT can work in conjunction with DHCP. Thus, if both are enabled and properly configured, the DHCP server in the DI-206 will assign local IP addresses to computers on your network.
How NAT Works
In the most common NAT configuration, your network uses local IP addresses that are not valid on the Internet. Internet (global) IP addresses are unique, with no two devices have the same IP address. The local IP addresses can be freely assigned to computers on your network by your network administrator (within guidelines defined later in this chapter and in Appendix B, “IP Concepts”). This can be done manually or by using DHCP. The ISDN port on the router is assigned a globally unique IP Address that IS valid on the Internet, since it will be sending and receiving data directly to the Internet and is therefore part of it. Please study the example diagram below carefully.
DI-206 ISDN Remote Router
Configuration and Management 83
Page 96
DI-206 ISDN Remote Router
Singl
e
Router
IP Address
176.220.22.1
ISDN
Port
NAT
Translator
LAN
Port
192.168.100.1
Global
Local IP
WAN
LAN
192.168.100.2
192.168.100.3
192.168.100.4
192.168.100.5
Please note that in the above diagram, the Gateway IP address settings for the local PC’s needs to be set to 192.168.100.1, the LAN IP address of the router.
NAT manipulates the IP addresses in packet headers on a one-to-one basis. An outgoing data packet (a packet originating from a computer on the local LAN and destined for a computer outside the private network) will have its IP address translated as shown below.
84 Configuration and
Management
Page 97
DI-206 ISDN Remote Router
In the Outgoing Data Packet above, the Source IP address is the IP address that is translated by NAT. The Destination IP Address is the IP address of a computer outside the private network, on the Internet for example. And the Data portion of the packet is the information payload borne by the packet, for instance a request to view a web page.
The router logs the changes made to the IP header in its NAT table. The NAT table enables the router to send replies back to the local computer as shown below.
In the Inbound Data Packet above, the Destination IP Address is the IP address that is translated by NAT. The Source IP Address is the IP address of a computer outside the private network. And the Data portion of the packet is the information payload borne by the packet, for example, the contents of a web page.
The actual information in the NAT table depends whether the router is implementing NAT or NAPT.
NAT
This section discusses the NAT protocol as opposed to NAPT which is discussed in the next section.
NAT is the initial protocol set forth by RFC 1631 and provides a means in which private networks can communicate with the Internet by using a small number of IP addresses. In our discussion, we will use the
Configuration and Management 85
Page 98
DI-206 ISDN Remote Router
example IP addresses listed in the table below and the network diagram shown on page 84.
Global IP Addresses (for use with NAT)
200.100.50.1 192.168.100.2
200.100.50.2 192.168.100.3
200.100.50.3 192.168.100.4
200.100.50.4 192.168.100.5
200.100.50.5 192.168.100.6
Local IP Addresses (assigned to computers on the local network)
192.168.100.7
192.168.100.8
192.168.100.9
192.168.100.10
Please note that in the above table there are 9 users on the local network using 5 global IP addresses to access the Internet.
When a packet on the local network arrives at the router and needs to be sent to the Internet, NAT will change the source IP address (for example 192.168.100.2) to a global address (200.100.50.1, for example). If this packet generates a reply (as for example, a request to view a web page will), NAT will change the destination IP address on the reply packet back to the local IP address for delivery to the machine on the local (stub) network.
The difference between static and dynamic NAT is that once the five global addresses are manually assigned when using static NAT, they will never change. The only way to change them is by using the console program to manually reassign them. When using dynamic NAT, the router will map a local IP address to a global IP address whenever a
86 Configuration and
Management
Page 99
request is made. Since there are only 5 global IP addresses in the example above, there can only be 5 mappings at any one time. In other words, much like static NAT, only 5 local machines can access the Internet at any one time. However, contrary to static NAT, the router will discard the mapping between the global and local IP addresses after a certain length of time (which is quite long so rarely happens), or after the session is finished (an example of a session is when requesting a web page, the entire page has completed downloading). The most common implementation of NAT is to define a range of dynamic addresses to be used by hosts, but assign static addresses to your servers if you wish for them to be accessible from outside your network.
Setting Local IP Addresses
When implementing NAT and thus creating a private network that is isolated from the Internet, you can assign any IP addresses to host computers without problems. However, the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of IP Addresses specifically for private networks:
DI-206 ISDN Remote Router
Class Beginning Address Ending Address
A 10.0.0.0 10.255.255.255
B 172.16.0.0 172.31.255.255 C 192.168.0.0 192.168.255.255
It is recommended that you choose local IP addresses for use with NAT from the private network IP addresses in the above list. For more information on address assignment, refer to RFC 1597, Address
Allocation for Private Internets and RFC 1466, Guidelines for Management of IP Address Space.
Configuration and Management 87
Page 100
DI-206 ISDN Remote Router
Configure NAT/NAPT
The first screen shows the complete NAT table that is defined by the network manager:
88 Configuration and
Management
Loading...