All rights reserved. No part of this publication may be reproduced in any form or by any means or used to make any derivative work
(such as translation, transformation or adaptation) without written permission from Motorola, Inc.
Motorola reser ves the right to revise this publication and to make changes in content from time to time without obligation on the par t
of Motorola to provide notification of such revision or change. Motorola provides this guide without warranty of any kind, either implied
or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a par ticular purpose. Motorola may
make improvements or changes in the product(s) described in this manual at any time. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Microsoft, Windows, Windows Me, and Windows NT are either trademarks or registered
trademarks of Microsoft Corporation in the U.S and/or other countries. Macintosh is a registered trademark of Apple, Inc. Firefox is a
registered trademark of the Mozilla Foundation. All other product or ser vice names are the proper ty of their respective owners.
Motorola, Inc.
6001 Shellmound Street
Emeryville, CA 94608
U.S.A.
This guide is targeted primarily to residential ser vice subscribers.
Advanced sections may also be of use to the support staffs of broadband service providers and advanced residential service subscribers. See “Advanced Setup” on page 73.
About Motorola Netopia® Documentation
Motorola, Inc. provides a suite of technical information for its 2200 and 3300-series family
of intelligent enterprise and consumer Gateways. It consists of:
Administrator’s Handbook
•
Dedicated Quickstart guides
•
•
Specific White Papers
The documents are available in electronic form as Por table Document Format (PDF) files.
They are viewed (and printed) from Adobe Acrobat Reader, Exchange, or any other application that supports PDF files.
They are downloadable from Netopia’s website:
☛
NOTE:
This guide describes the wide variety of features and functionality of the
Motorola Netopia® Gateway, when used in Router mode. The Motorola Netopia® Gateway may also be delivered in Bridge mode. In Bridge mode, the
Gateway acts as a pass-through device and allows the workstations on your
LAN to have public addresses directly on the Internet.
Introduction
http://www.netopia.com/
7
Introduction
Organization
This guide consists of seven chapters, including a glossary, and an index. It is organized
as follows:
•
“Introduction”
the audience for, and structure of this guide. It gives a table of conventions.
•
Chapter 1, “Overview of Major Capabilities”
mary.
•
Chapter 2, “Basic Mode Setup”
Motorola Netopia® Gateway, and the Basic Mode Web-based user interface.
•
Chapter 3, “Advanced Setup”
interface for advanced users. It is organized in the same way as the Web UI is organized. As you go through each section, functions and procedures are discussed in
detail.
•
Chapter 4, “Basic Troubleshooting”
shooting problems with your Gateway’s initial configuration.
•
Chapter 5, “Command Line Interface”
mands for both the SHELL and CONFIG modes.A summary table and individual command examples for each mode is provided.
•
Chapter 6, “Glossary”
•
Chapter 7, “Technical Specifications and Safety Information”
Index
•
— Describes the Motorola Netopia® document suite, the purpose of,
— Presents a product description sum-
—
Describes how to get up and running with your
— Focuses on the Advanced Setup Web-based user
— Gives some simple suggestions for trouble-
— Describes all the current text-based com-
A Word About Example Screens
This manual contains many example screen illustrations. Since Motorola Netopia® 2200
and 3300 Series Gateways offer a wide variety of features and functionality, the example
screens shown may not appear exactly the same for your particular Gateway or setup as
they appear in this manual. The example screens are for illustrative and explanator y purposes, and should not be construed to represent your own unique environment.
8
Introduction
Documentation Conventions
Documentation Conventions
General
This manual uses the following conventions to present information:
Convention (Typeface)
bold italic
monospaced
bold italic sans serif
terminal
bold terminal
Italic Italic type indicates the complete titles
Internal Web Interface
Convention (Graphics)Description
light blue rectangle or line
solid rounded rectangle
with an arrow
Command Line Interface
Description
Menu commands
Web GUI page links and button names
Computer display text
User-entered text
of manuals.
Denotes an “excerpt” from a Web page
or the visual truncation of a Web page
Denotes an area of emphasis on a Web
page
Syntax conventions for the Netopia Gateway command line interface are as follows:
ConventionDescription
straight ([ ]) brackets in cmd
line
Introduction
Optional command arguments
9
Introduction
curly ({ }) brackets, with values
separated with vertical bars (|).
bold terminal type
face
italic terminal
type face
Alternative values for an argument are
presented in curly ({ }) brackets, with
values separated with vertical bars (|).
User-entered text
Variables for which you supply your own
values
10Introduction
CHAPTER 1Overview of Major
Capabilities
The Motorola Netopia® Gateway offers simplified setup and management features as well
as advanced broadband Gateway capabilities. The following are some of the main features
of the Motorola Netopia® Gateway:
• “Wide Area Network Termination” on page 12
The Gateway combines an ADSL modem with an Internet Gateway. It translates protocols used on the Internet to protocols used by home personal computers and eliminates the need for special desktop software (i.e. PPPoE).
• “Simplified Local Area Network Setup” on page 14
Built-in DHCP and DNS proxy features minimize or eliminate the need to program any
network configuration into your home personal computer. UPnP™ feature allows ease of
connection with many compatible networked devices.
• “Management” on page 16
A Web server built into the Motorola Netopia® Operating System makes setup and
maintenance easy using standard browsers. Diagnostic tools facilitate troubleshooting.
• “Security” on page 18
Network Address Translation (NAT), password protection, Stateful Inspection firewall
and other built-in security features prevent unauthorized remote access to your network.
NAT Games and other services, default ser ver, and other features permit access to
computers on your home network that you can specify. VPN technology (standard VPN
Passthrough and optional IPSec tunnelling) enables telecommuters, mobile workforce
and branch offices to safely and affordably connect to a remote business network, for
effective communication and collaboration.
11
Wide Area Network Termination
PPPoE/PPPoA (Point-to-Point Protocol over Ethernet/ATM)
The PPPoE specification, incorporating the PPP and Ethernet standards, allows your computer(s) to connect to your Service Provider’s network through your Ethernet WAN connection. The 2200 and 3300-series Gateway supports PPPoE, eliminating the need to install
PPPoE client software on any LAN computers.
Service Providers may require the use of PPP authentication protocols such as Challenge
Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP).
CHAP and PAP use a username and password pair to authenticate users with a PPP ser ver.
A CHAP authentication process works as follows:
1. The password is used to scramble a challenge string.
2. The password is a shared secret, known by both peers.
3. The unit sends the scrambled challenge back to the peer.
PAP, a less robust method of authentication, sends a username and password to a PPP
server to be authenticated. PAP’s username and password pair are not encrypted, and are
therefore sent “unscrambled”.
Instant-On PPP
12
You can configure your Gateway for one of two types of Internet connections:
• Always On
• Instant On
These selections provide either an uninterrupted Internet connection or an as-needed connection.
While an Always On connection is convenient, it does leave your network permanently connected to the Internet, and therefore potentially vulnerable to attacks.
Motorola Netopia®'s Instant On technology furnishes almost all the benefits of an AlwaysOn connection while providing two additional security benefits:
• Your network cannot be attacked when it is not connected.
Wide Area Network Termination
• Your network may change address with each connection making it more difficult to
attack.
When you configure Instant On access, you can also configure an idle time-out value. Your
Gateway monitors traffic over the Internet link and when there has been no traffic for the
configured number of seconds, it disconnects the link.
When new traffic that is destined for the Internet arrives at the Gateway, the Gateway will
instantly re-establish the link.
Your service provider may be using a system that assigns the Internet address of your
Gateway out of a pool of many possible Internet addresses. The address assigned varies
with each connection attempt, which makes your network a moving target for any attacker.
13
Simplified Local Area Network Setup
DHCP (Dynamic Host Configuration Protocol) Server
DHCP Server functionality enables the Gateway to assign to your LAN computer(s) a “private” IP address and other parameters that allow network communication. The default
DHCP Server configuration of the Gateway supports up to 253 LAN IP addresses.
This feature simplifies network administration because the Gateway maintains a list of IP
address assignments. Additional computers can be added to your LAN without the hassle
of configuring an IP address.
DNS Proxy
Domain Name System (DNS) provides end users with the ability to look for devices or web
sites by typing their names, rather than IP addresses. For web surfers, this technology
allows you to enter the URL (Universal Resource Locator) as text to surf to a desired website.
The Motorola Netopia® DNS Proxy feature allows the LAN-side IP address of the Gateway
to be used for proxying DNS requests from hosts on the LAN to the DNS Ser vers configured in the gateway. This is accomplished by having the Gateway's LAN address handed
out as the “DNS Server” to the DHCP clients on the LAN.
14
☛ NOTE:
The Motorola Netopia® DNS Proxy only proxies UDP DNS queries, not TCP
DNS queries.
Simplified Local Area Network Setup
UPnP™
Universal Plug and Play (UPnP™) is a set of protocols that allows a PC to automatically discover other UPnP devices (anything from an internet gateway device to a light switch),
retrieve an XML description of the device and its services, control the device, and subscribe to real-time event notification. PCs using UPnP can retrieve the Gateway’s WAN IP
address, and automatically create NAT port maps. This means that applications that support UPnP, and are used with a UPnP-enabled Motorola Netopia® Gateway, will not need
application layer gateway support on the Motorola Netopia® Gateway to work through NAT.
By default, UPnP is enabled on the Motorola Netopia® Gateway.
15
Management
Embedded Web Server
There is no specialized software to install on your PC to configure, manage, or maintain
your Motorola Netopia® Gateway. Web pages embedded in the operating system provide
access to the following Gateway operations:
• Setup
• System and security logs
• Diagnostics functions
Once you have removed your Motorola Netopia® Gateway from its packing container and
powered the unit up, use any LAN attached PC or workstation running a common web
browser application to configure and monitor the Gateway.
Diagnostics
In addition to the Gateway’s visual LED indicator lights, you can run an extensive set of
diagnostic tools from your Web browser.
Two of the facilities are:
• Automated “Multi-Layer” Test
The
Run Diagnostics
functionality of the Gateway, from the physical connections to the data traffic.
• Network Test Tools
Three test tools to determine network reachability are available:
Ping - tests the “reachability” of a particular network destination by sending an ICMP
echo request and waiting for a reply.
NSLookup - converts a domain name to its IP address and vice versa.
TraceRoute - displays the path to a destination by showing the number of hops and the
Gateway addresses of these hops.
link initiates a sequence of tests. They examine the entire
16
The system log also provides diagnostic information.
Management
☛ NOTE:
Your Service Provider may request information that you acquire from these various diagnostic tools. Individual tests may be performed at the command line.
(See “Command Line Interface” on page 163.).
17
Security
Remote Access Control
You can determine whether or not an administrator or other authorized person has access
to configuring your Gateway. This access (either time-restricted or unlimited until the router
is rebooted) can be turned on or off in the Web interface. Additionally, permanent remote
access can be configured in the CLI.
Password Protection
Access to your Motorola Netopia® device can be controlled through two access control
accounts, Admin or User.
• The Admin, or administrative user, performs all configuration, management or mainte-
nance operations on the Gateway.
• The User account provides monitor capability only.
A user may NOT change the configuration, perform upgrades or invoke maintenance
functions.
Network Address Translation (NAT)
The Motorola Netopia® Gateway Network Address Translation (NAT) security feature lets
you conceal the topology of a hard-wired Ethernet or wireless network connected to its LAN
interface from Gateways on networks connected to its WAN interface. In other words, the
end computer stations on your LAN are invisible from the Internet.
18
Only a single WAN IP address is required to provide this security support for your entire
LAN.
LAN sites that communicate through an Internet Ser vice Provider typically enable NAT,
since they usually purchase only one IP address from the ISP.
• When NAT is ON, the Motorola Netopia® Gateway “proxies” for the end computer sta-
tions on your network by pretending to be the originating host for network communications from non-originating networks. The WAN interface address is the only IP address
exposed.
Security
The Motorola Netopia® Gateway tracks which local hosts are communicating with which
remote hosts. It routes packets received from remote networks to the correct computer
on the LAN (Ethernet) inter face.
• When NAT is OFF, a Motorola Netopia® Gateway acts as a traditional TCP/IP router, all
LAN computers/devices are exposed to the Internet.
A diagram of a typical NAT-enabled LAN follows:
Motorola Netopia® Gateway
Internet
WAN
Ethernet
Interface
LAN
Ethernet
Interface
NAT
Embedded Admin Services:
HTTP-Web Server and Telnet Server Port
☛ NOTE:
1. The default setting for NAT is ON.
2. Motorola uses Port Address Translation (PAT) to implement the NAT facility.
3. NAT Pinhole traffic (discussed below) is always initiated from the WAN side.
NAT-protected
LAN stations
19
Motorola Netopia® Advanced Features for NAT
Using the NAT facility provides effective LAN security. However, there are user applications
that require methods to selectively by-pass this security function for certain types of Internet traffic.
Motorola Netopia® Gateways provide special gaming and other ser vice configuration tools
that enable you to establish NAT-protected LAN layouts that still provide flexible by-pass
capabilities.
Some of these rules require coordination with the unit’s embedded administration services: the internal Web (HTTP) Port (TCP 80) and the internal Telnet Server Por t (TCP 23).
Internal Servers
The internal servers are the embedded Web and Telnet servers of the Gateway. You would
change the internal server ports for Web and Telnet of the Gateway if you wanted to have
these services on the LAN using pinholes or the Default server. Pinhole configuration rules
provide an internal por t for warding facility that enables you to eliminate conflicts with
embedded administrative ports 80 and 23.
Default Server
20
This feature allows you to:
• Direct your Gateway to forward all externally initiated IP traf fic (TCP and UDP protocols
only) to a default host on the LAN.
• Enable it for certain situations:
Where you cannot anticipate what port number or packet protocol an in-bound application might use.
For example, some network games select arbitrary port numbers when a connection is
opened.
When you want all unsolicited traffic to go to a specific LAN host.
Combination NAT Bypass Configuration
Specific Games and services and Default Server settings, each directed to different LAN
devices, can be used together.
Security
☛ WARNING:
NAT Bypass configuration allows inbound access to the specified LAN station.
Contact your Network Administrator for LAN security questions.
IP-Passthrough
The Netopia Gateway now offers an IP passthrough feature. The IP passthrough feature
allows a single PC on the LAN to have the Gateway’s public address assigned to it. It also
provides PAT (NAPT) via the same public IP address for all other hosts on the private LAN
subnet.
VPN IPSec Pass Through
This Motorola Netopia® service supports your independent VPN client software in a transparent manner. Motorola has implemented an Application Layer Gateway (ALG) to support
multiple PCs running IP Security protocols.
This feature has three elements:
1. On power up or reset, the address mapping function (NAT) of the Gateway’s WAN con-
figuration is turned on by default.
2. When you use your third-party VPN application, the Gateway recognizes the traffic
from your client and your unit. It allows the packets to pass through the NAT “protection layer” via the encrypted IPSec tunnel.
3. The encrypted IPSec tunnel is established “through” the Gateway.
21
A typical VPN IPSec Tunnel pass through is diagrammed below:
☛ NOTE:
Typically, no special configuration is necessary to use the IPSec pass through
feature.
In the diagram, VPN PC clients are shown behind the Motorola Netopia® Gateway and the secure server is at Corporate Headquarters across the WAN. You
cannot have your secure server behind the Motorola Netopia® Gateway.
When multiple PCs are starting IPSec sessions, they must be started one at a
time to allow the associations to be created and mapped.
Motorola Netopia®
Gateway
22
VPN IPSec Tunnel Termination
This Motorola Netopia® service supports termination of VPN IPsec tunnels at the Gateway.
This permits tunnelling from the Gateway without the use of third-par ty VPN client software
on your client PCs. Currently one IPSec VPN tunnel is suppor ted on Motorola Netopia®
2200 and 3300 Series Gateways. Unlike VPN Passthrough, IPsec VPN tunnel is a keyed
feature that you can obtained from Motorola. See “Security Settings” on page 253.
Security
Dynamic DNS
Dynamic DNS support allows you to use the free services of www.dyndns.org. Dynamic
DNS automatically directs any public Internet request for your computer's name to your current dynamically-assigned IP address. This allows you to get to the IP address assigned to
your Gateway, even though your actual IP address may change as a result of a PPPoE connection to the Internet. See “Dynamic DNS Settings” on page 210.
Stateful Inspection Firewall
Stateful inspection is a security feature that prevents unsolicited inbound access when
NAT is disabled. You can configure UDP and TCP “no-activity” periods that will also apply to
NAT time-outs if stateful inspection is enabled on the interface. Technical details are discussed in “Stateful Inspection” on page 262.
23
24
CHAPTER 2Basic Mode Setup
Most users will find that the basic Quickstart configuration is all that they ever need to use.
This section may be all that you ever need to configure and use your Motorola Netopia®
Gateway. The following instructions cover installation in Router Mode.
This section covers:
• “Important Safety Instructions” on page 26
• “Set up the Motorola Netopia® Gateway” on page 27
• “Configure the Motorola Netopia® Gateway” on page 31
• “Motorola Netopia® Gateway Status Indicator Lights” on page 34
• “Accessing the Web User Interface” on page 35
• “Links Bar” on page 36
25
Important Safety Instructions
POWER SUPPLY INSTALLATION
Connect the power supply cord to the power jack on the Motorola Netopia® Gateway. Plug
the power supply into an appropriate electrical outlet.
☛ CAUTION:
Depending on the power supply provided with the product, either the direct
plug-in power supply blades, power supply cord plug or the appliance coupler
serves as the mains power disconnect. It is important that the direct plug-in
power supply, socket-outlet or appliance coupler be located so it is readily
accessible.
CAUTION (North America Only): For use only with a CSA Certified or UL
Listed Limited Power Source or Class 2 power supply, rated 12Vdc.
(Sweden) Apparaten skall anslutas till jordat uttag när den ansluts till ett
nätverk
(Norway) Apparatet må kun tilkoples jordet stikkontakt.
USB-powered models: For Use with Listed I.T.E. Only
TELECOMMUNICATION INSTALLATION
When using your telephone equipment, basic safety precautions should always be followed
to reduce the risk of fire, electric shock and injur y to persons, including the following:
26
• Do not use this product near water, for example, near a bathtub, wash bowl, kitchen
sink or laundry tub, in a wet basement or near a swimming pool.
• Avoid using a telephone (other than a cordless type) during an electrical storm. There
may be a remote risk of electrical shock from lightning.
• Do not use the telephone to report a gas leak in the vicinity of the leak.
SAVE THESE INSTRUCTIONS
Set up the Motorola Netopia® Gateway
Set up the Motorola Netopia® Gateway
Refer to your Quickstart Guide for instructions on how to connect your Motorola Netopia®
Gateway to your power source, PC or local area network, and your Internet access point,
whether it is a dedicated DSL outlet or a DSL or cable modem. Different Motorola Netopia® Gateway models are supplied for any of these connections. Be sure to enable
Dynamic Addressing on your PC. Perform the following:
27
Microsoft Windows:
Step 1. Navigate to the TCP/IP Properties Control Panel.
a. Windows 98, ME. and 2000 versions follow a path like this:
Start menu -> Settings -> Control Panel -> Network (or Network and Dial-up Connections ->
Local Area Connection -> Properties) -> TCP/IP
[your_network_card] or Internet Protocol [TCP/
IP] -> Properties
b. Windows XP follows a path like this:
Start menu -> Control Panel -> Network and
Internet Connections -> Network Connections -> Local Area Connection -> Properties
-> Internet Protocol [TCP/IP] -> Properties
Then go to Step 2.
28
Step 2. Select Obtain an IP address automatically.
Step 3. Select Obtain DNS server address automatically, if available.
Step 4. Remove any previously configured Gateways, if available.
Step 5. OK the settings. Restart if prompted.
Set up the Motorola Netopia® Gateway
c. Windows Vista is set to obtain an IP address automatically by default. You may not need
to configure it at all.
To check, open the Networking Control Panel and select Internet Protocol Version 4 (TCP/IPv4). Click the Properties button.
The Internet Protocol Version 4 (TCP/IPv4) Properties window should appear as shown.
If not, select the radio buttons shown above, and click the OK button.
29
Macintosh MacOS 9 or higher or Mac OS X:
Step 1. Access the TCP/IP or Network control panel.
a. Mac OS 9 follows a path like this:
Apple Menu -> Control Panels -> TCP/IP
Control Panel
b. Mac OS X follows a path like this:
Apple Menu -> System Preferences -> Network
Then go to Step 2.
Step 2. Select Built-in Ethernet
30
Step 3. Select Configure Using DHCP
Step 4. Close and Save, if prompted.
Proceed to “Configure the Motorola
Netopia® Gateway” on page 31.
Loading...
+ 321 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.