NetComm NB712 User Manual

Contents

1 Introduction ...............................................................................................................................................4

1.1 Features ..........................................................................................................................................4

1.2 Package Contents ...........................................................................................................................4

1.3 Speciﬁcation ....................................................................................................................................5

1.4 Application .......................................................................................................................................7

2 Firewall .....................................................................................................................................................8

2.1 Types of Firewall ..............................................................................................................................9

2.2 Denial of Service Attack ..................................................................................................................10

3 VLAN (Virtual Local Area Network) .............................................................................................................12

3.1 Speciﬁcation ..................................................................................................................................12

3.2 Frame Speciﬁcation ........................................................................................................................12

3.3 Applications ...................................................................................................................................13

4 Getting to know the router ........................................................................................................................14

4.1 Front Panel ....................................................................................................................................14

4.2 Rear Panel ....................................................................................................................................15

5 Connecting your G.SHDSL Modem Router .................................................................................................16

6 Conﬁguration via Web Browser .................................................................................................................19

7 Basic Setup ............................................................................................................................................21

7.1 Bridge Mode ..................................................................................................................................22

7.2 Routing Mode .................................................................................................................................24

8 Advanced Setup .......................................................................................................................................34

8.1 SHDSL ...........................................................................................................................................35

8.2 WAN ..............................................................................................................................................37

8.3 Bridge ...........................................................................................................................................39

8.4 VLAN .............................................................................................................................................41

8.5 Route ............................................................................................................................................43

8.6 NAT/DMZ .......................................................................................................................................45

8.7 Virtual Server .................................................................................................................................47

8.8 Firewall ..........................................................................................................................................48

8.9 IP QoS ...........................................................................................................................................56

9 Administration ..........................................................................................................................................58

9.1 Security .........................................................................................................................................59

9.2 SNMP ............................................................................................................................................61

9.3 Time Sync ......................................................................................................................................64

2 NB712 / NB714 User Guide YML829 Rev1

10 Utility ....................................................................................................................................................66

10.1 System Info ..................................................................................................................................67

10.2 Conﬁg Tool ...................................................................................................................................68

10.3 Upgrade .......................................................................................................................................69

10.4 Logout .........................................................................................................................................70

10.5 Restart .........................................................................................................................................71

11 Status ...................................................................................................................................................72

12 LAN-to-LAN connection with bridge Mode ...............................................................................................73

12.1 CO side .......................................................................................................................................73

12.2 CPE Side ......................................................................................................................................75

13 LAN to LAN Connection with Routing Mode .............................................................................................76

13.1 CO side .......................................................................................................................................76

13.2 CPE side ......................................................................................................................................78

14 Conﬁguration via Serial Console or Telnet with Menu Driven Interface ........................................................80

14.1 Serial Console ..............................................................................................................................80

14.2 Telnet ..........................................................................................................................................80

14.3 Operation Interface .......................................................................................................................81

14.4 Window structure .........................................................................................................................82

14.5 Menu Driven Interface Commands .................................................................................................83

14.6 Menu Tree ....................................................................................................................................84

14.7 Conﬁguration ...............................................................................................................................85

14.8 Status ..........................................................................................................................................87

14.9 Show ...........................................................................................................................................88

14.10 Write .........................................................................................................................................89

14.11 Reboot .......................................................................................................................................89

14.12 Ping ..........................................................................................................................................89

14.13 Administration ............................................................................................................................89

14.14 Utility .........................................................................................................................................95

14.15 Exit ............................................................................................................................................95

14.16 Setup ........................................................................................................................................95

Appendix A: Cable Information ...................................................................................................................112

RJ-45 Network Ports .........................................................................................................................112

Straight and crossover cable conﬁguration .......................................................................................... 113

Straight-Through Cabling ....................................................................................................................113

Cross-Over Cabling ............................................................................................................................113

SHDSL Line Connector ........................................................................................................................114

Console Cable ....................................................................................................................................114

Appendix B: Registration and Warranty Information ....................................................................................115

NB712 / NB714 User Guide 3 YML829 Rev1

1 Introduction

NetComm’s NB712 (2-wire) and NB714 (2 or 4-wire selectable) G.SHDSL 4-port Security Modem Routers deliver symmetrical DSL services to small and medium size business making them an economical alternative to Leased Line or ISDN services.

Available in two modem router conﬁgurations, the NB712 (2-wire) and NB714 (2 or 4-wire selectable) are capable of providing data rates from 64kbps to 2.304Mbps (NB712) or 128kbps to 4.608Mbps (NB714) and fully comply with the ITU-T G.991.2 standards.

The NetComm NB712 and NB714 Modem Routers combine integrated high-end Bridging/Routing capabilities with advanced functions such as Multi-DMZ, virtual server mapping, and VPN pass-through. They also support port-based VLAN and IEEE802.1q VLAN over an ATM network. An advanced Firewall with Stateful Packet Inspection (SPI) and DoS protection, all combine to protect your network from outside intruders.

With 4 x 10/100 Base-T auto-sensing, auto-negotiation and auto-MDIX switching ports, the NetComm G.SHDSL Modem Routers enable you to leverage the latest broadband technology to meet the growing need for high performance data communication.

1.1 Features

• Easy conﬁguration and management with password control for various applications and environments

• Efﬁcient IP routing and transparent learning bridge to support broadband Internet services

• VPN pass-through for PPTP/L2TP/IPSec Tunnelling

• Virtual LANs (VLANs) offering signiﬁcant beneﬁts in terms of efﬁcient use of bandwidth, ﬂexibility, performance and security

• Built-in advanced SPI ﬁrewall

• Four 10/100Mbps Auto-negotiation and Auto-MDIX switching port for ﬂexible local area network connectivity

• DMZ host/Multi-DMZ/Multi-NAT enables multiple workstations on the LAN to access the Internet

• Full ATM protocol stack implementation over SHDSL

• PPPoA and PPPoE support user authentication with PAP/CHAP/MS-CHAP

• SNMP management with SNMPv1/SNMPv2 agent and MIB II

• Obtain enhancements and new features via Internet software upgrade

1.2 Package Contents

The following items are included in your G.SHDSL Modem Router pack:

• NB712 (2-wire)714 (2 or 4-wire selectable) G.SHDSL Router

• 15V AC 1.0 Amp power supply

• RS232 Console Cable

• RJ11 ADSL line connection cable

• RJ45 10/100 Ethernet cable

• User Guide CD

If any of the above items are missing or damaged, please content NetComm immediately.

4 NB712 / NB714 User Guide YML829 Rev1

1.3 Speciﬁcation

Routing

• Supports IP/TCP/UDP/ARP/ICMP/IGMP protocols

• IP routing with static routing and RIPv1/RIPv2 (RFC1058/2453)

• IP multicast and IGMP proxy (RFC1112/2236)

• Network address translation (NAT/PAT) (RFC1631)

• NAT ALGs for ICQ/Netmeeting/MSN/Yahoo Messenger

• DNS relay and caching (RFC1034/1035)

• DHCP server, client and relay (RFC2131/2132)

Bridging

• IEEE 802.1D transparent learning bridge

• IEEE 802.1q VLAN

• Port-based VLAN

• Spanning tree protocol

Security

• DMZ host/Multi-DMZ/Multi-NAT function

• Virtual server mapping (RFC1631)

• VPN pass-through for PPTP/L2TP/IPSec tunnelling

• Natural NAT ﬁrewall

• Advanced Stateful packet inspection (SPI) ﬁrewall

• Application level gateway for URL and keyword blocking

• User access control: deny certain PCs access to Internet service

Management

• Easy-to-use web-based GUI for quick setup, conﬁguration and management

• Menu-driven interface/Command-line interface (CLI) for local console and Telnet access

• Password protected management and access control list for administration

• SNMP management with SNMPv1/SNMPv2 (RFC1157/1901/1905) agent and MIB II (RFC1213/

1493)

• Software upgrade via web-browser/TFTP server

ATM

• Up to 8 PVCs

• OAM F5 AIS/RDI and loopback

• AAL5

NB712 / NB714 User Guide 5 YML829 Rev1

ATM QoS

• UBR (Unspeciﬁed bit rate)

• CBR (Constant bit rate)

• VBR-rt (Variable bit rate real-time)

• VBR-nrt (Variable bit rate non-real-time)

AAL5 Encapsulation

• VC multiplexing and SNAP/LLC

• Ethernet over ATM (RFC 2684/1483)

• PPP over ATM (RFC 2364)

• Classic IP over ATM (RFC 1577)

PPP

• PPP over Ethernet for ﬁxed and dynamic IP (RFC 2516)

• PPP over ATM for ﬁxed and dynamic IP (RFC 2364)

• User authentication with PAP/CHAP/MS-CHAP

WAN Interface

• SHDSL: ITU-T G.991.2 (Annex A, Annex B)

• Encoding scheme: 16-TCPAM

• Data Rate (2-wire mode): N x 64Kbps (N=0~36, 0 for adaptive)

• Data Rate (4-wire mode): N x 128kbps (N=0~36, 0 for adaptive)

• Impedance: 135 ohms

LAN Interface

• 4-ports switching hub (4-port router)

• 10/100 Base-T auto-sensing and auto-negotiation

• Auto-MDIX (4-port router)

Hardware Interface

• WAN: RJ-11

• LAN: RJ-45 x 4

• Console: RS232 female

• RST: Reset button for factory default

Indicators

• General: PWR

• WAN: LNK, ACT

• LAN: 1, 2, 3, 4

• SHDSL: ALM

6 NB712 / NB714 User Guide YML829 Rev1

Physical/Electrical

(

• Dimensions: 18.7 x 3.3 x 14.5cm (WxHxD)

• Power: 100~240VAC (via power adapter)

• Power consumption: 9 watts max

• Temperature: 0~45

• Humidity: 0%~95%RH (non-condensing)

Memory

• 2MB Flash Memory, 8MB SDRAM

Product Information

• G.shdsl 2-wire router/bridge with 4-port switching hub LAN, VLAN and business class ﬁrewall

• G.shdsl 2 or 4-wire selectable router/bridge with 4-port switching hub LAN, VLAN and business class ﬁrewall

1.4 Application

NB714 or NB712

Internet

G.SHDSL Modem Router

Note: NB714 model shown)

Firewall

PC PC

NB712 / NB714 User Guide 7 YML829 Rev1

2 Firewall

A ﬁrewall protects networked computers from an intrusion that could compromise conﬁdentiality or result in data corruption or denial of service. It must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A ﬁrewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet.

A ﬁrewall examines all trafﬁc routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A ﬁrewall ﬁlters both inbound and outbound trafﬁc. It can also manage public access to private networked resources such as host applications. It can log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can ﬁlter packets based on their source and destination addresses and port numbers. This is known as address ﬁltering. Firewalls can also ﬁlter speciﬁc types of network trafﬁc. This is known as protocol ﬁltering because the decision to forward or reject trafﬁc is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also ﬁlter trafﬁc by packet attribute or state.

It is important to note that an Internet ﬁrewall cannot prevent individual users with modems from dialling into or out of the network. By doing so they bypass the ﬁrewall altogether and open the network to attack. However, these are management issues that should be raised during the planning of any security policy and cannot be solved with Internet ﬁrewalls alone.

PC PC

NB714 or NB712

G.SHDSL Modem Router

ote: NB714 model shown)

Unknown Traffic

Access to Specific Destination

Allowed Traffic

Restricted Traffic

Firewall

Specified Allowed Traffic

Out to Internet

Internet

8 NB712 / NB714 User Guide YML829 Rev1

2.1 Types of Firewall

There are three types of ﬁrewall:

2.1.1 Packet Filtering

In packet ﬁltering, only the protocol and the address information of each packet is examined. Its

contents and context (its relation to other packets and to the intended application) are ignored. The ﬁrewall pays no attention to applications on the host or local network and it “knows” nothing about the source of the incoming data. Filtering consists of examining incoming or outgoing packets and allowing or disallowing their transmission on the basis of a set of conﬁgurable rules. Network Address Translation (NAT) routers offer the advantages of packet ﬁltering ﬁrewalls but can also hide the IP addresses of computers behind the ﬁrewall, and offer a level of circuit-based ﬁltering.

192.100.0.10:1025

192.168.0.5

Level 5: Application

Level 4: TCP

Level 3: IP

Level 2: Data Link

Level 1: Physical

Firewall

Filter remembers this information UDP SP=3264 SA=192.168.0.5 DP=1525 DA=172.16.3.4

Matches outgoing

so allowed

UDP SP=1525 SA=172.16.3.4 DP=3264 DA=192.168.0.5

No matches so disallowed

UDP SP=1525 SA=172.168.3.4 DP=2049 DA=192.168.0.5

Firewall 192.120.8.5

Protocol Source/Destination address Source/Destination port IP options Connection status

172.16.3.4

192.120.8.5:2205

192.120.8.5:2206

Internet

192.100.0.11:4433

Internal/Protected

Network

Client IP Internal Port External Port

192.68.0.10 1025 2205

192.168.0.11 4406 2206

External/Unprotected

Network

NB712 / NB714 User Guide 9 YML829 Rev1

2.1.2 Circuit Gateway

Also called a “Circuit Level Gateway,” this is a ﬁrewall approach that validates connections before

allowing data to be exchanged. What this means is that the ﬁrewall doesn’t simply allow or disallow packets but also determines whether the connection between both ends is valid according to conﬁgurable rules, then opens a session and permits trafﬁc only from the allowed source and possibly only for a limited period of time.

Level 5: Application

Level 4: TCP

Level 3: IP

Level 2: Data Link

Level 1: Physical

Destination IP address and/ or source IP address and/or time of day protocol user password

2.1.3 Application Gateway

The Application Level Gateway acts as a proxy for applications, performing all data exchanges with

the remote system on their behalf. This can render a computer behind the ﬁrewall all but invisible to the remote system. It can allow or disallow trafﬁc according to very speciﬁc rules; permitting some commands to a server but not others, limiting ﬁle access to certain types, varying rules according to authenticated users and so forth. This type of ﬁrewall may also perform very detailed logging of trafﬁc and monitoring of events on the host system, and can often be instructed to sound alarms or notify an operator under deﬁned conditions. Application-level gateways are generally regarded as the most secure type of ﬁrewall.

Level 5: Application

Level 4: TCP

Level 3: IP

Level 2: Data Link

Level 1: Physical

Tel ne t FTP HTT: SMTP

2.2 Denial of Service Attack

Denial of service (DoS) attacks typically come in two varieties: resource starvation and resource overload. DoS attacks can occur when there is a legitimate demand for a resource that is greater than the supply (i.e. too many web requests to an already overloaded web server). Software vulnerability or system misconﬁgurations can also cause DoS situations. The difference between a malicious denial of service and simple system overload is the requirement of an individual with malicious intent (attacker) using or attempting to use resources speciﬁcally to deny those resources to other users.

10 NB712 / NB714 User Guide YML829 Rev1

Ping of death On the Internet, ping of death is a kind of denial of service

(DoS) attack caused by an attacker deliberately sending an IP packet larger than the 65,536 bytes allowed by the IP protocol. One of the features of TCP/IP is fragmentation; it allows a single IP packet to be broken down into smaller segments. Attackers began to take advantage of that feature when they found that a packet broken down into fragments could add up to more than the allowed 65,536 bytes. Many operating systems didn’t know what to do when they received an oversized packet, so they froze, crashed, or rebooted. Other known variants of the ping of death include teardrop, bonk and nestea.

SYN Flood The attacker sends TCP connections faster than the

victim machine can process them, causing it to run out of resources and dropping legitimate connections. A new defence against this is to create “SYN cookies”. Each side of a connection has its own sequence number. In response to a SYN, the attacked machine creates a special sequence number that is a “cookie” of the connection and forgets everything it knows about the connection. It can then recreate the forgotten information about the connection where the next packets come in from a legitimate connection.

ICMP Flood The attacker transmits a volume of ICMP request packets to

cause all CPU resources to be consumed serving the phony requests.

UDP Flood The attacker transmits a volume of requests for UDP

diagnostic services which cause all CPU resources to be consumed serving the phony requests.

Land attack The attacker attempts to slow your network down by sending

a packet with identical source and destination addresses originating from your network.

Smurf attack Where the source address of a broadcast ping is forged so

that a huge number of machines respond back to the victim indicated by the address, thereby overloading it.

Fraggle Attack A perpetrator sends a large amount of UDP echo packets

at IP broadcast addresses, all of it having a spoofed source address of a victim.

IP Spooﬁng IP Spooﬁng is a method of masking the identity of an

intrusion by making it appear that the trafﬁc came from a different computer. This is used by intruders to keep their anonymity and can be used in a Denial of Service attack.

NB712 / NB714 User Guide 11 YML829 Rev1

3 VLAN (Virtual Local Area Network)

Virtual LAN (VLAN) is deﬁned as a group of devices on one or more LANs that are conﬁgured so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLAN is based on logical instead of physical connections, it is extremely ﬂexible.

The IEEE 802.1Q deﬁnes the operation of VLAN bridges that permit the deﬁnition, operation and administration of VLAN topologies within a bridged LAN infrastructure. VLAN architecture beneﬁts include:

1. Increased performance

2. Improved manageability

3. Network tuning and simpliﬁcation of software conﬁguration

4. Physical topology independence

5. Increased security options

As DSL (over ATM) links are deployed more and more extensively, VLAN (VLAN-to-PVC) over DSL links is becoming a popular requirement of networks.

The following section will discuss the implementation of VLAN-to-PVC only for bridge mode operation, i.e., the VLAN spreads over both the COE and CPE sides, where there is no layer 3 routing involved.

3.1 Speciﬁcation

1. The unit supports up to 8 active VLANs with shared VLAN learning (SVL) bridge out of 4096 possible VLANs speciﬁed in IEEE 802.1Q.

2. Each port always belongs to a default VLAN with its port VID (PVID) as an untagged member. Also, a port can belong to multiple VLANs and be tagged members of these VLANs.

3. A port must not be a tagged member of its default VLAN.

4. If a non-tagged or null-VID tagged packet is received, it will be assigned with the default PVID of the ingress port.

5. If the packet is tagged with non-null VID, the VID in the tag will be used.

6. The look up process starts with VLAN look up to determine whether the VID is valid. If the VID is not valid, the packet will be dropped and its address will not be learned. If the VID is valid, the VID, destination address, and source address lookups are performed.

7. The VID and destination address lookup determines the forwarding ports. If it fails, the packet will be broadcast to all members of the VLAN, except the ingress port.

8. Frames are sent out tagged or untagged depending on if the egress port is a tagged or untagged member of the VLAN that the frames belong to.

9. If VID and source address look up fails, the source address will be learned.

3.2 Frame Speciﬁcation

An untagged frame or a priority-tagged frame does not carry any identiﬁcation of the VLAN to which it belongs. Such frames are classiﬁed as belonging to a particular VLAN based on parameters associated with the receiving port. Also, priority tagged frames, which, by deﬁnition, carry no VLAN identiﬁcation information, are treated the same as untagged frames.

A VLAN-tagged frame carries an explicit identiﬁcation of the VLAN to which it belongs; i.e., it carries a tag header that carries a non-null VID. This results in a minimum tagged frame length of 68 octets. Such a frame is classiﬁed

12 NB712 / NB714 User Guide YML829 Rev1

as belonging to a particular VLAN based on the value of the VID that is included in the tag header. The presence of the tag header carrying a non-null VID means that some other device, either the originator of the frame or a VLAN-aware bridge, has mapped this frame into a VLAN and has inserted the appropriate VID.

The following ﬁgure shows the difference between a untagged frame and VLAN tagged frame, where the Tag Protocol Identiﬁer (TPID) is of 0x8100 and it identiﬁes the frame as a tagged frame. The Tag Control Information (TCI) consists of the following elements:

1) User priority allows the tagged frame to carry user priority information across bridged LANs in which individual LAN segments may be unable to signal priority information (e.g., 802.3/Ethernet segments).

2) The Canonical Format Indicator (CFI) is used to signal the presence or absence of a Routing Information Field (RIF) ﬁeld, and, in combination with the Non-canonical Format Indicator (NCFI) carried in the RIF, to signal the bit order of address information carried in the encapsulated frame.

3) The VID uniquely identiﬁes the VLAN to which the frame belongs.

3.3 Applications

SHDSL Router SHDSL Router

SHDSLEthernet Ethernet

LAN LAN

SHDSL Router

Internet

DSLAM

NB712 / NB714 User Guide 13 YML829 Rev1

SHDSL Ethernet

LAN

4 Getting to know the router

This section will introduce the hardware of the router.

4.1 Front Panel

The front panel contains LEDs which show the status of the SHDSL router. Note: The front panel LEDs of the NB712 (2-wire) and NB714 (2 or 4-wire selectable) are identical. The NB714 is shown below.

LED status

LEDs Active Description

PWR On Power on

WAN

LNK On SHDSL line connection is established

Blink SHDSL handshake

ACT On Transmit or received data over SHDSL link

LAN

1 On Ethernet cable is connected to LAN 1

Blink Transmit or received data over LAN 1

2 On Ethernet cable is connected to LAN 2

Blink Transmit or received data over LAN 2

3 On Ethernet cable is connected to LAN 3

Blink Transmit or received data over LAN 3

4 On Ethernet cable is connected to LAN 4

Blink Transmit or received data over LAN 4

ALM On SHDSL line connection is dropped

Blink SHDSL self test

14 NB712 / NB714 User Guide YML829 Rev1

4.2 Rear Panel

The rear panel of the SHDSL router is where all of the cable connections are made.

Connectors Description

DC-IN Power adaptor inlet: Input voltage 9VDC

LAN (1,2,3,4) 10/100BaseT auto-sensing and auto- MDIX for LAN port

(RJ-45)

CONSOLE RS-232C (DB9) for system conﬁguration and maintenance

LINE SHDSL interface for WAN port (RJ-11)

RST Reset button to reboot or load factory default

The reset button can be used in one of two ways.

(1) Press the Reset Button for one second to reboot the system only.

(2) Pressing the Reset Button for four seconds will cause the product to reload the factory default

settings, thereby losing all of your settings. If you forget your user name or password, or if the router is having difﬁculties connecting to the Internet, you may want to reconﬁgure it to clear all previous settings. Press the Reset Button and hold for four (4) seconds with a paper clip or sharp pen/pencil.

NB712 / NB714 User Guide 15 YML829 Rev1

5 Connecting your G.SHDSL Modem Router

This guide is designed to lead users through the Web Conﬁguration of the G.SHDSL Modem Router in the easiest and quickest way possible. Please follow the instructions carefully.

Note: There are three methods to conﬁgure the router: serial console, Telnet and Web

Browser. Only one conﬁguration application is used to setup the Modem Router at any given time. Select the method you wish to use and continue.

For Web conﬁguration, you can skip step 3.

For Serial Console Conﬁguration, you can skip step 1 and 2.

Step 1: Check the Ethernet Adapter in PC

Make sure that an Ethernet Adapter has been installed in the PC that is to be used for conﬁguration of the router. TCP/IP protocol is necessary for web conﬁguration, so please check that the PC has TCP/IP protocol installed.

Step 2: Check the Web Browser in PC

For Web Conﬁguration, ensure that the PC has a Web Browser installed, such as IE or Netscape.

Note: Suggest IE5.0, Netscape 6.0 or above and 800x600 screen resolution or above.

Step 3: Check the Terminal Access Program

For Serial Console and Telnet Conﬁguration, users need to setup the terminal access program with VT100 terminal emulation.

Step 4: Determine Connection Setting

Users need to know the Internet Protocol supplied by your Service Provider and determine the mode of setting.

Protocol Selection

RFC1483 Ethernet over ATM

RFC1577 Classical Internet Protocol over ATM (CLIP)

RFC2364 Point-to-Point Protocol over ATM (PPPoA)

RFC2516 Point-to-Point Protocol over Ethernet (PPPoE)

Different Protocols are required to setup different WAN parameters. Your ISP will advise the correct protocol and the necessary WAN parameters to conﬁgure your Modem Router.

16 NB712 / NB714 User Guide YML829 Rev1

Bridge EoA

Route EoA

IPoA

PPPoA

NB712 / NB714 User Guide 17 YML829 Rev1

PPPoE

(

Step 5: Install the SHDSL Router

Do not turn on the Modem Router until you have completed the Hardware Installation.

• Connect the power adapter to the port labelled DC-IN on the rear panel of the product.

• Connect the Ethernet cable to the PC.

Note: The 4-port modem router supports auto-MDIX switching, so both straight and

cross-over Ethernet cables can be used.

• Connect the phone cable to the product and the other side of the phone cable to the wall jack.

• Connect the power adapter to the power source.

• Turn on the PC which will be used to conﬁgure the Router.

4-port router with network topology

NB714 or NB712

Internet

Firewall

PC PC

G.SHDSL Modem Router

Note: NB714 model shown)

18 NB712 / NB714 User Guide YML829 Rev1

6 Conﬁguration via Web Browser

For Win95, 98 and Me, click the start button. Select Setting and Control Panel.

Double click the Network icon.

In the Conﬁguration window, select the TCP/IP protocol line associated with your network card and then click the Properties button.

NB712 / NB714 User Guide 19 YML829 Rev1

Choose IP Address tab. Select Obtain IP address automatically. Click the OK button.

The window will ask you to restart the PC. Click Yes button.

After rebooting your PC, open your web browser and type http://192.168.1.1 to connect to the Router.

The default IP address and sub net-mask of the Router is 192.168.1.1 and 255.255.255.0. Because the router acts as DHCP server in your network, the router will automatically assign an IP address for the PC in the network.

Type User Name admin and Password admin and then click OK.

The default user name and password are both admin. For the system security, we suggest you change them after conﬁguration.

Note: After changing the User Name and Password, it is strongly recommended that you

record them somewhere as a reminder for the next time you login. If you cannot remember the User Name and Password, you will need to reset the Modem Router, which will lose any previous conﬁguration.

20 NB712 / NB714 User Guide YML829 Rev1

7 Basic Setup

The Basic Setup contains LAN, WAN, Bridge and Router operation modes. This section can be used to completely setup the router. After successfully completing it, you can access the Internet. This is the easiest and quickest way to setup the router.

Note: The advanced functions are only for advanced users. The incorrect settings of

advanced functions can affect the performance of the network and cause a system error or disconnection.

Click Basic for basic installation.

NB712 / NB714 User Guide 21 YML829 Rev1

7.1 Bridge Mode

Before conﬁguring the router in bridge mode, check with your ISP to ensure you have the necessary information.

Click Bridge and CPE Side to setup Bridging mode of the Router and then click Next.

Two SHDSL modes are available: CO, Central Ofﬁce, and CPE, Customer Premises Equipment. For a connection with a DSLAM, the correct SHDSL mode is CPE. For a LAN to LAN connection, one side must be CO and the other side must be CPE.

LAN Parameters

Enter IP: 192.168.1.1 Enter Subnet Mask: 255.255.255.0 Enter Gateway: 192.168.1.254

The Gateway IP is provided by ISP.

Enter Host Name: SOHO

Some ISPs will require the host name as identiﬁcation. You may need to check with your ISP to see if your Internet service has been conﬁgured with a host name. In most cases, this ﬁeld can be ignored.

22 NB712 / NB714 User Guide YML829 Rev1

WAN1 Parameters

Enter VPI: 0 Enter VCI: 32 Click LLC Click Next.

The screen will display the new parameters. Check the parameters and click Restart. The router will reboot with the new settings. Select Continue to conﬁgure other parameters.

NB712 / NB714 User Guide 23 YML829 Rev1

7.2 Routing Mode

Routing mode includes DHCP server, DHCP client, DHCP relay, Point-to-Point Protocol over ATM and Ethernet and IP over ATM and Ethernet over ATM. The type of Internet protocol is provided by your ISP.

Click ROUTE and CPE Side then press Next.

Two SHDSL modes are available: CO, Central Ofﬁce, and CPE, Customer Premises Equipment. For connection with a DSLAM, the SHDSL mode is CPE. For a LAN to LAN connection, one side must be CO and the other side must be CPE.

24 NB712 / NB714 User Guide YML829 Rev1

7.2.1 DHCP Client

Some ISPs provide a DHCP server service whereby the PC in the LAN can access IP information automatically. To setup the DHCP client mode, follow the procedure.

LAN IP Type: Dynamic

Click Next to setup WAN1 parameters.

NB712 / NB714 User Guide 25 YML829 Rev1

7.2.2 DHCP Server

Dynamic Host Conﬁguration Protocol (DHCP) is a communication protocol that allows network administrators to centrally manage and automate the assignment of Internet Protocol (IP) addresses in an organization’s network. Internet Protocol requires that each machine that can connect to the Internet has a unique IP address. When an organization sets up its computer users with a connection to the Internet, an IP address must be assigned to each

machine.

Without DHCP, the IP address must be entered manually for each computer. If computers move to another location in another part of the network, a new IP address must be entered. DHCP lets a network administrator supervise and distribute IP addresses from a central point and automatically send a new IP address when a computer is plugged into a different place in the network. If the DHCP server is enabled, you have to setup the following parameters for processing DHCP requests from clients.

The embedded DHCP server assigns network conﬁguration information for up to 253 users accessing the Internet at the same time.

IP type: Fixed

IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

Host Name: SOHO

Some ISPs require the host name as identiﬁcation. Check with your ISP to see if your Internet service has been conﬁgured with a host name. In most cases, this ﬁeld can be ignored.

26 NB712 / NB714 User Guide YML829 Rev1

Trigger DHCP Service: Server

The default setup is Enable DHCP server. If you want to turn

off the DHCP service, choose Disable.

For example: If the LAN IP address is 192.168.1.1, the

IP range of LAN is 192.168.1.2 to 192.168.1.51. The DHCP server assigns the IP form Start IP Address to End IP Address. The legal IP address range is form 0 to 255, but 0 and 255 are reserved for broadcast so the legal IP address range is from 1 to 254. On the other hand, you cannot assign an IP greater than 254 or less then 1. Lease time 72 hours indicates that the DHCP server will reassign IP information every 72 hours.

DNS Server: Your ISP will provide at least one Domain Name Service

Server IP. You can type the router IP in this ﬁeld. The router will act as DNS server relay function.

You may assign ﬁxed IP addresses to some devices while

using DHCP, provided that the ﬁxed IP address is not within the range used by the DHCP server.

Click Next to setup WAN1 parameters.

NB712 / NB714 User Guide 27 YML829 Rev1

7.2.3 DHCP relay

If you already have a DHCP server on your LAN and you want to use it for DHCP services, the router provides a DHCP relay function.

IP Type: Fixed

IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

Host Name: SOHO

Some ISPs require the host name as identiﬁcation. Check

with your ISP to see if your Internet service has been conﬁgured with a host name. In most cases, this ﬁeld can be ignored.

Trigger DHCP Service: Relay

Click Next to setup DHCP server parameters.

Enter the DHCP server IP address in IP address ﬁeld.

Press Next

28 NB712 / NB714 User Guide YML829 Rev1

7.2.4 PPPoE or PPPoA

PPPoA (point-to-point protocol over ATM) and PPPoE (point-topoint protocol over Ethernet) are authentication and connection protocols used by many service providers for broadband Internet access. These are speciﬁcations for connecting multiple computer users on an Ethernet local area network to a remote site through common customer premises equipment, which is the telephone company’s term for a modem and similar devices. Users share a common Digital Subscriber Line (DSL), cable modem, or wireless connection to the Internet. PPPoE and PPPoA combine the Point-to-Point Protocol (PPP), commonly used in dialup connections, with the Ethernet protocol or ATM protocol, which supports multiple users in a local area network. The PPP protocol information is encapsulated within an Ethernet frame or ATM frame.

Before conﬁguring the router, check with your ISP to ensure you have the correct information.

Key in the WAN1 parameters:

VPI: 0

VCI: 33

AAL5 Encap: LLC

Protocol: PPPoA + NAT or PPPoE + NAT

Click Next to setup the User name and password.

For more information, refer to the section on NAT/DMZ.

NB712 / NB714 User Guide 29 YML829 Rev1

Type the ISP1 parameters.

Username: test

Password: test

Password Conﬁrm: test

Your ISP will provide the user name and password.

Idle Time: 10

If you want your Internet connection to remain on at all

times, enter 0 in the Idle Time ﬁeld.

IP Type: There are three IP types, Dynamic, Fixed and IP

Unnumbered, which you can setup. The default IP type is Dynamic. It means that ISP PPP server will provide IP information including a dynamic IP address when a SHDSL connection is established. I.e. you do not need to type the IP address of WAN1. Some ISPs will provide ﬁxed IP address over PPP.

For ﬁxed IP address:

IP Type: Fixed

IP Address: 192.168.1.1

Click Next.

For IP Unnumbered:

IP Type: IP Unnumbered

IP Address: 192.168.168.1

Click Next.

30 NB712 / NB714 User Guide YML829 Rev1

Don’t forget to enable LAN: For IP Routing Usage and type IP address on STEP 2

Note: For security, the password will be displayed as asterisk characters.

The screen will display the parameters that will be written to EPROM. Check the parameters before writing to EPROM.

Press Restart to restart the router with the new parameters or press Continue to setup other parameters.

NB712 / NB714 User Guide 31 YML829 Rev1

7.2.5 IPoA or EoA

Before conﬁguring the router, check with your ISP to ensure you have the correct parameters.

Type the Wan Parameters;

VPI: 0

VCI: 33

AAL5 Encap: LLC

Protocol: IPoA , EoA , IPoA + NAT or EoA + NAT

Click Next to setup the IP parameters.

For more information, refer to the section on NAT/DMZ.

IP Address: 10.1.2.1

The router’s IP address as seen from the Internet. Your ISP will provide it and you need to specify it here.

Subnet mask: 255.255.255.0

This is the router subnet mask seen by external users on the Internet. Your ISP will provide it to you.

Gateway: 10.1.2.2

Your ISP will provide you the default gateway.

DNS Server 1: 168.95.1.1

Your ISP will provide at least one DNS (Domain Name System) Server IP address.

Click Next

32 NB712 / NB714 User Guide YML829 Rev1

The screen will display the parameters that will be written to EPROM. Check the parameters before writing to EPROM.

Press Restart to restart the router with the new parameters or press Continue to setup other parameters.

NB712 / NB714 User Guide 33 YML829 Rev1

8 Advanced Setup

Advanced setup contains SHDSL, WAN, Bridge, VLAN, Route, NAT/DMZ, Virtual server and ﬁrewall parameters.

34 NB712 / NB714 User Guide YML829 Rev1

8.1 SHDSL

You can setup the Annex type, data rate and SNR margin for SHDSL parameters in SHDSL.

Click SHDSL.

The following screen displays the Advanced SHDSL settings page for the NB712.

The NB714 supports an additional 4-wire mode with 4.0608Mbps data rate. The following screen displays the Advanced SHDSL settings page for the NB714 with the option to select the Link Type.

Annex Type: There are three Annex types, Annex A (ANSI), Annex B

(ETSI), or Annex AB in SHDSL. Check with your ISP.

Link Type: The router supports two link types, 4-wire mode with

4.0608Mbps data rate and 2-wire mode with 2.304Mbps data rate.

Data Rate: You can set the SHDSL data rate in multiples of 64kbps.

For adaptive mode, n=0. The router will adapt the data rate

according to the line status.

NB712 / NB714 User Guide 35 YML829 Rev1

SHDSL SNR margin: The margin range is from 0 to 10.

SNR margin is an index of line connection. You can see the

actual SNR margin in STATUS SHDSL. The larger the SNR margin, the better the line connection.

If you set the SNR margin in the ﬁeld to 2, the SHDSL

connection will drop and reconnect when the SNR margin is lower than 2. I.e., the device will reduce the line rate and reconnect for better line connection.

The screen will display the parameters that will be written to EPROM. Check the parameters before writing to EPROM.

Press Restart to restart the router with the new parameters or press Continue to setup other parameters.

36 NB712 / NB714 User Guide YML829 Rev1

8.2 WAN

The SHDSL router supports up to 8 PVCs. WAN 1 was conﬁgured via BASIC except QoS. If you want to setup other PVCs, 2 to 8, the parameters are setup in WAN. I.e., you must apply two or more Internet Services with ISPs otherwise you do not need to setup WAN.

The WAN Number 1 will be the parameters setup in Basic Setup. If you want to setup another PVC, you can conﬁgure them in WAN 2 to WAN 8.

Enter the parameters.

If the WAN protocol is PPPoA or PPPoE with dynamic IP, leave the default WAN IP address and Subnet Mask as default settings. The system will ignore the IP address and Subnet mask information but deleting or leaving blank the items will cause system error.

NB712 / NB714 User Guide 37 YML829 Rev1

If the WAN protocol is IPoA or EoA, leave the ISP parameters as default setting. The system will ignore the information but deleting or leaving blank ﬁelds will cause a system error.

QoS (Quality of Service): The Trafﬁc Management Speciﬁcation V4.0 deﬁnes ATM

service catalogues that describe both the trafﬁc transmitted by users onto a network as well as the Quality of Service that the network needs to provide for that trafﬁc.

UBR (Unspeciﬁed Bit Rate): UBR is the simplest service provided by ATM networks. There

is no guarantee of any rate. It is a primary service used for transferring Internet trafﬁc over the ATM network.

CBR (Constant Bit Rate): CBR is used by connections that require a static amount of

bandwidth that is available during the connection life time. This bandwidth is characterized by Peak Cell Rate. Based on the PCR of the CBR trafﬁc, speciﬁc cell slots are assigned for the VC in the schedule table. The ATM always sends a single cell during the CBR connection’s assigned cell slot.

VBR-rt (Variable Bit Rate real-time): VBR-rt is intended for real-time applications, such as

compressed voice over IP and video conferencing, that require tightly constrained delays and delay variation. VBR-rt is characterized by a peak cell rate (PCR), sustained cell rate (SCR), and maximum burst rate (MBR).

PCR (Peak Cell Rate) in kbps: The maximum rate at which you expect to transmit data,

voice and video. Consider PCR and MBS as a means of reducing lantency, not increasing bandwidth. The range of PCR is 64kbps to 2400kbps

SCR (Sustained Cell Rate): The sustained rate at which you expect to transmit data,

voice and video. Consider SCR to be the true bandwidth of a VC and not the long-term average trafﬁc rate. The range of SCR is 64kbps to 2400kbps.

MBS (Maximum Burst Size): The amount of time or the duration at which the router

sends at PCR. The range of MBS is 1 cell to 255 cells.

Click Finish to ﬁnish setting.

The screen will display the parameters that will be written to EPROM. Check the parameters before writing to EPROM.

Press Restart to restart the router with the new parameters or press Continue to setup other parameters.

38 NB712 / NB714 User Guide YML829 Rev1

8.3 Bridge

If your router is setup in bridge mode and you want to setup advanced ﬁlter functions, you can use the BRIDGE menu to setup the ﬁlter and blocking functions.

Click Bridge to setup.

Press Add to add the static bridge information.

If you want to ﬁlter the MAC address of a LAN PC to access the Internet, press Add to establish the ﬁltering table. Enter the MAC address in the MAC address ﬁeld and select Filter in the LAN ﬁeld.

If you want to ﬁlter the MAC address of WAN PC to access the LAN, press Add to establish the ﬁltering table. Enter the MAC address in the MAC address ﬁeld and select Filter in the WAN ﬁeld. For example: if your VC is setup at WAN 1, select WAN 1 Filter.

NB712 / NB714 User Guide 39 YML829 Rev1

The screen will display the parameters that will be written to EPROM. Check the parameters before writing to EPROM.

Press Restart to restart the router with the new parameters or press Continue to setup other parameters.

40 NB712 / NB714 User Guide YML829 Rev1

8.4 VLAN

Click VLAN to conﬁgure VLAN.

Two types of VLAN are supported: either 802.1Q or Port-Based. Note that only one type of VLAN can be conﬁgured at a time.

For setting 802.1Q VLAN click the 802.1Q Tag-Based VLAN and click Reset. The screen will display as follows:

NB712 / NB714 User Guide 41 YML829 Rev1

VID: Virtual LAN ID is a deﬁned ID number from 1 to 4094.

PVID: Port VID is an untagged member of a default VLAN.

Link Type: Access means the port can receive or send untagged

packets.

Link Type: Trunk means that the port can receive or send tagged

packets.

Port-Based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port.

Click Port-Based VLAN to conﬁgure the router and press Reset.

42 NB712 / NB714 User Guide YML829 Rev1

8.5 Route

If the Router is connected to more than one network, it may be necessary to set up a static route between them. A static route is a pre-determined pathway that network information must travel to reach a speciﬁc host or network.

With Dynamic Routing, you can enable the Router to automatically adjust to physical changes in the network’s layout. The Router, using the RIP protocol, determines the network packets’ route based on the least number of hops between the source and the destination. The RIP protocol regularly broadcasts routing information to other routers on the network.

Click Route to modify the routing information.

To modify the RIP (Routing Information Protocol) Parameters:

RIP Mode: Enable

Auto RIP Summary: Enable

Press Modify

RIP Mode: This parameter determines how RIP (Routing Information

Protocol) is handled. RIP allows it to exchange routing information with other routers. If set to Disable, the gateway does not participate in any RIP exchange with other routers. If set to Enable, the router broadcasts the routing table of the router on the LAN and incorporates RIP broadcasts by other routers into it’s routing table. If set to silent, the router does not broadcast the routing table, but it accepts RIP broadcast packets that it receives.

NB712 / NB714 User Guide 43 YML829 Rev1

RIP Version: It determines the format and broadcasting method of any

RIP transmissions by the gateway. RIP v1: it only sends RIP v1 messages only. RIP v2: it send RIP v2 messages in multicast and broadcast

format. Authentication required: None: for RIP, there is no need of authentication code. Password: the RIP is protected by password, authentication

code. MD5: The RIP will be decoded by MD5 rather than be

protected by password, authentication code. Poison Reverse: Poison Reverse promptly broadcasts or multicasts the RIP

while the route is changed. (e.g. shutting down one of the

routers in routing table) Enable: the gateway will actively broadcast or multicast the

information. Disable: the gateway will not broadcast or multicast the

information.

After modifying the RIP parameters, press ﬁnish.

The screen will display the modiﬁed parameters. Check the parameters and press Restart to restart the router or press Continue to setup other parameters.

44 NB712 / NB714 User Guide YML829 Rev1

8.6 NAT/DMZ

NAT (Network Address Translation) is the translation of an Internet Protocol address (IP address) used within one network to a different IP address known within another network. One network is designated as the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP address and changes the global IP addresses of incoming packets back into local IP addresses. This ensures security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves the number of global IP addresses that a company needs and lets the company use a single IP address for its communication in the Internet world.

DMZ (demilitarized zone) is a computer host or small network inserted as a “neutral zone” between a company private network and the outside public network. It prevents outside users from getting direct access to a server that has company private data.

In a typical DMZ conﬁguration for an enterprise, a separate computer or host receives requests from users within the private network to access Web sites or other companies accessible on the public network. The DMZ host then initiates sessions for these requests to the public network. However, the DMZ host is not able to initiate a session back into the private network. It can only forward packets that have already been requested.

NB712 / NB714 User Guide 45 YML829 Rev1

Users of the public network outside the company can access only the DMZ host. The DMZ may typically also have the company’s Web pages so these could serve the outside world. However, the DMZ provides access to no other company data. In the event that an outside user penetrated the DMZ host’s security, the Web pages might be corrupted, but no other company information would be exposed.

Press NAT/DMZ to setup the parameters.

If you want to enable the NAT/DMZ functions, click Enable. Enable the DMZ host Function uses the IP address assigned to the WAN for enabling DMZ functions for the virtual IP address.

Multi-DMZ: Some users who have two or more global IP addresses

assigned by their ISP can be used as a multi DMZ. The

table is for the mapping of global IP address and virtual IP

address.

Multi-NAT: Some of the virtual IP addresses (e.g.: 192.168.1.10

~ 192.168.1.50) collectively use two of the global IP

addresses (e.g.: 69.210.1.9 and 69.210.1.10). The Multi-

NAT table will be setup as;

Virtual Start IP Address: 192.168.1.10

Count: 40

Global Start IP Address: 69.210.1.9

Count: 2

Press Finish to continue.

The screen will display the parameters that will be written to EPROM. Check the parameters before writing to EPROM. Press Restart to restart the router with new parameters or Continue to conﬁgure other parameters.

46 NB712 / NB714 User Guide YML829 Rev1

8.7 Virtual Server

Virtual Server allows speciﬁc ports on the WAN interface to be re-mapped to services inside the LAN. For example, 69.210.1.8 is assigned to WAN by the ISP and is visible to the Internet but does not actually have any services (other than NAT) running on the gateway. TCP requests made to 69.210.1.8:80 are remapped to the server 1 on 192.168.1.2:80 for working days from Monday to Friday 8 AM to 6PM, other requests with UDP made to 69.210.1.8:25 are remapped to server 2 on

192.168.1.3:25 which is always on.

You can setup the router as Index 1, protocol TCP, interface WAN1, service name test1, private IP 192.168.1.2, private port 80, public port 80, schedule from Day Monday to Friday and time 8:0 to 16:0 and index 2, protocol UDP, interface WAN1, service name test2, private IP 192.168.1.3, private port 25, public port 25, schedule always.

Click Modify to conﬁgure the parameters.

Press Restart to restart the router or press continue to setup another function.

NB712 / NB714 User Guide 47 YML829 Rev1

8.8 Firewall

A ﬁrewall is a set of related programs that protect the resources of a private network from other networks. It prevents unauthorised users from accessing private data and resources accidentally.

Basic Firewall Security

This level only enables the NAT ﬁrewall and the remote management security. The NAT ﬁrewall will take effect if the NAT function is enabled. The default remote management security is to block any WAN side connection to the device. Non-empty legal IP pool in ADMIN will block all remote management connection except those IPs speciﬁed in the pool.

Press Finish to ﬁnish setting up the ﬁrewall The screen will display the parameters, which will be written to EPROM. Check the parameters.

Press restart to restart the router or press continue to setup another function.

48 NB712 / NB714 User Guide YML829 Rev1

Automatic Firewall Security

Select Automatic Firewall Security. This level enables basic ﬁrewall security as well as all DoS protection and the SPI ﬁlter function. Press Finish to ﬁnish setting up the ﬁrewall.

The screen will display the parameters, which will be written to EPROM. Check the parameters.

Press restart to restart the router or press Continue to setup another function.

NB712 / NB714 User Guide 49 YML829 Rev1

Advanced Firewall Security

You can determine the security level for special purpose, environment, and applications by conﬁguring DoS protection and deﬁning an extra packet ﬁlter with higher priority than the default SPI ﬁlter. Note that an improper ﬁlter policy may degrade the capability of the ﬁrewall and/or even block the normal network trafﬁc.

Click Advanced Firewall Security and then press Finish.

SYN Attack: A SYN ﬂood attack attempts to slow your network by

requesting new connections but not completing the process

to open the connection. Once the buffer for these pending

connections is full a server will not accept any more

connections and will be unresponsive.

ICMP Flood: A sender transmits a volume of ICMP request packets to

cause all CPU resources to be consumed serving the phony

requests.

UDP Flood: A sender transmits a volume of requests for UDP diagnostic

services which cause all CPU resources to be consumed

serving the phony requests.

50 NB712 / NB714 User Guide YML829 Rev1

Ping of Death: A ping of death attack attempts to crash your system by

sending a fragmented packet, when reconstructed is larger

than the maximum allowable size. Other known variants of

the ping of death include teardrop, bonk and nestea.

Land Attack: A land attack is an attempt to slow your network down

by sending a packet with identical source and destination

addresses originating from your network.

IP Spooﬁng: IP Spooﬁng is a method of masking the identity of an

intrusion by making it appeared that the trafﬁc came from

a different computer. This is used by intruders to keep their

anonymity and can be used in a Denial of Service attack.

Smurf Attack: A smurf attack involves two systems. The attacker sends

a packet containing a ICMP echo request (ping) to the

network address of one system. This system is known as the

ampliﬁer. The return address of the ping is faked (spoofed)

to appear to come from a machine on another network (the

victim). The victim is then ﬂooded with responses to the

ping. As many responses are generated for only one attack,

the attacker is able use many ampliﬁers on the same victim.

Traditional ﬁrewalls are stateless meaning they have no memory of the connections of data or packets that pass through them. Such IP ﬁltering ﬁrewalls simply examine header information in each packet and attempt to match it to a set of deﬁned rule. If the ﬁrewall ﬁnds a match, the prescribed action is taken. If no match is found, the packet is accepted into the network, or dropped, depending on the ﬁrewall conﬁguration.

A stateful ﬁrewall maintains a memory of each connection and data passing through it. A stateful ﬁrewall records the context of connections during each session, continuously updating state information in dynamic tables. With this information, stateful ﬁrewalls inspect each connection traversing each interface of the ﬁrewall, testing the validity of data packets throughout each session. As data arrives, it is checked against the state tables and if the data is part of the session, it is accepted. Stateful ﬁrewalls enable a more intelligent, ﬂexible and robust approach to network security, while defeating most intrusion methods that exploit state-less IP ﬁltering ﬁrewalls.

NB712 / NB714 User Guide 51 YML829 Rev1

If you want to conﬁgure the Packet Filtering Parameters, choose Enable and press Add.

Select the protocol and conﬁgure the parameters.

If you want to ban all of the protocol from the IP (e.g.: 200.1.1.1) to access the all PCs (e.g.: 192.168.1.2 ~

192.168.1.50) in the LAN, key in the parameter as;

Protocol: ANY

Direction: INBOUND (INBOUND is from WAN to LAN, and OUTBOUND is

LAN to WAN.)

Description: Hacker

Src. IP Address: 200.1.1.1

Dest. IP Address: 192.168.1.2-192.168.1.50

Press OK to ﬁnish.

The screen will display the conﬁgured parameters. Check the parameters.

Click Restart to restart the gateway or Continue to conﬁgure another parameters.

52 NB712 / NB714 User Guide YML829 Rev1

Filtering Rule for SMTP connection

Filtering rule will be conﬁgured as follow

Index Protocol Direction Action Source Destination Dest. Port Schedule

1 TCP Inbound Permit External Internal 25 Always

2 TCP Outbound Permit Internal External >1023 Always

3 TCP

4 TCP Inbound Permit External Internal >1023 Always

5 Any Either Deny Any Any Any Always

Outbound Permit Internal External 25 Always

Packet Direction

1 Inbound 192.168.3.4 172.16.1.1 TCP 25 Permit (A)

2 Outbound 172.16.1.1 192.168.3.4 TCP 1234 Permit (B)

Packet Direction

3 Outbound 172.16.1.1 192.168.3.4 TCP 25 Permit (C)

4 Inbound 192.168.3.4 172.16.1.1 TCP 1357 Permit (D)

Packet Direction

5 Inbound 10.1.2.3 171.16.3.4 TCP 6000 Deny (E)

6 Outbound 171.16.3.4 10.1.2.3 TCP 5150 Deny (E)

Source

Destination Protocol Dest. Port Action (Rule)

NB712 / NB714 User Guide 53 YML829 Rev1

Update Filtering Rule

Index Protocol Direction Action Source Destination Source Port Dest. Port

1 TCP Inbound Permit External Internal >1023 25

2 TCP Outbound Permit Internal External 25 >1023

3 TCP Outbound Permit Internal External >1023 25

4 TCP Inbound Permit External Internal 25 >1023

5 Any Either Deny Any Any Any Any

Filtering Result

Index Protocol Direction Action Source Destination Source Port Dest. Port

1 TCP Inbound Permit(A) 192.168.3.4 171.16.1.1 1234 25

2 TCP Outbound Permit(B) 171.16.1.1 192.168.3.4 25 1234

3 TCP Outbound Permit(C) 171.16.1.1 192.168.3.4 1357 25

4 TCP Inbound Permit(D) 192.168.3.4 171.16.1.1 25 1357

5 TCP Inbound Deny(E) 10.1.2.3 171.16.3.4 5150 6000

6 TCP Outbound Deny(E) 171.16.3.4 10.1.2.3 6000 5150

54 NB712 / NB714 User Guide YML829 Rev1

Rule Order

The order of the rules affects the ﬁltering result. The ﬁltering process will proceed from top to bottom, changing the order will give a different result. For example:

Rule Source Address Destination Address Action

A 10.0.0.0 172.16.6.0 Permit

B 10.1.99.0 172.16.0.0 Deny

C Any Any Deny

Where “0” at the last eight bits indicates “from 1 to 254”, “0” at any eight bits preceding “0”, “0.0” or “0.0.0” indicates “from 1 to 254”. On the other hand, “0” and all “0” successive with “0” represents any.

When the rule is ordered as ABC.

Index Source Address Destination Address Action

1 10.1.99.1 172.16.1.1 Deny (B)

2 10.1.99.1 172.16.6.1 Permit (A)

3 10.1.1.1 172.16.6.1 Permit (A)

4 10.1.1.1 172.16.1.1 Deny (C)

5 192.168.3.4 172.16.6.1 Deny (C)

The rule order will permit 10.1.99.1 to access 172.16.6.1.

When the rule is ordered as BAC.

Index Source Address Destination Address Action

1 10.1.99.1 172.16.1.1 Deny (B)

2 10.1.99.1 172.16.6.1 Deny (B)

3 10.1.1.1 172.16.6.1 Permit (A)

4 10.1.1.1 172.16.1.1 Deny (C)

5 192.168.3.4 172.16.6.1 Deny (C)

The rule order will deny 10.1.99.1 to access 172.6.6.1.

NB712 / NB714 User Guide 55 YML829 Rev1

8.9 IP QoS

IP QoS allows you to prioritise different types of trafﬁc, thereby ensuring Quality of Service. This is particularly useful for Voice over IP (VoIP) where the amount of bandwidth can affect the line quality in a phone call.

Select Enable to enable IP QoS and then click on the Add button to set the IP QoS Policy parameters.

Enter the information to deﬁne the Policy Rule and click on the OK button.

56 NB712 / NB714 User Guide YML829 Rev1

The screen will display the conﬁgured parameters. Check the parameters. In this example 192.168.1.60 is the highest priority; 192.168.1.50 is the second high priority; 192.168.1.40 is the third highest priority and so on.

NB712 / NB714 User Guide 57 YML829 Rev1

9 Administration

This section details security, simple network management protocol (SNMP) and time synchronous.

58 NB712 / NB714 User Guide YML829 Rev1

9.1 Security

For system security, it is suggested that the default user name and password is changed from the default.

There are three ways to conﬁgure the route: Web browser, telnet and serial console.

Press Security to setup the parameters.

For greater security, deﬁne the Supervisor ID and password for the gateway. If you don’t set them, all users on your network will be able to access the gateway.

You can authorize up to ﬁve users to access the router via telnet or console. There are two UI modes, menu driven mode and command mode to conﬁgure the router.

NB712 / NB714 User Guide 59 YML829 Rev1

Trusted Host address pool will setup the IP addresses from which authorized users can conﬁgure the gateway. This is the most secure way to setup and control authorised access to the router.

Conﬁgured 0.0.0.0 will allow all hosts on Internet or LAN to access the router.

Leaving blank the Trust Host List will block all PCs from WAN to access the router. I.e. only PCs on the LAN would be able to access the router.

If you type the exact IP address in the ﬁeld, only that host can access the router.

Click Finish to ﬁnish the setting.

The browser will display the conﬁgured parameters and check it before writing them to EPROM.

Press Restart to restart the gateway working with the new parameters and press Continue to setup other parameters.

60 NB712 / NB714 User Guide YML829 Rev1

9.2 SNMP

Simple Network Management Protocol (SNMP) provides for the exchange of messages between a network management client and a network management agent for remote management of network nodes. These messages contain requests to get and set variables that exist in network nodes in order to obtain statistics, set conﬁguration parameters, and monitor network events. SNMP communications can occur over the LAN or WAN connection.

The router can generate SNMP traps to indicate alarm conditions, and it relies on SNMP community strings to implement SNMP security. This router support MIB I and MIB II.

Click SNMP to conﬁgure the parameters.

In the table of current community pool, you can setup the access authority.

In the table of current trap host pool, you can setup the trap host.

Click on the Modify button to modify the community pool.

NB712 / NB714 User Guide 61 YML829 Rev1

SNMP status: Enable

Access Right: Deny for deny all access

Access Right: Read for access read only

Access Right: Write for access read and write.

Community: Serves as password for access right.

Click on the OK button to submit the changes.

62 NB712 / NB714 User Guide YML829 Rev1

SNMP trap is an informational message sent from an SNMP agent to a manager. Click Modify to modify the trap host pool.

Version: Select version for trap host (SNMP v1 or SNMP v2).

IP: Type the trap host IP

Community: Type the community password. The community is setup in

community pool.

Click on OK to ﬁnish the setup.

The browser will display the conﬁgured parameters.

Press Restart to restart the gateway with the new parameters or press Continue to setup other parameters.

NB712 / NB714 User Guide 63 YML829 Rev1

9.3 Time Sync

Time synchronization is an essential element for any business that relies on an IT system. The reason for this is that these systems all have clocks that are the source of time for ﬁles or operations they handle. Without time synchronization, time on these systems can vary and cause ﬁrewall packet ﬁltering schedule processes to fail, security to be compromised, and virtual servers to work in wrong schedule.

Click on TIME SYNC.

There are two synchronization modes: Simple Network Time Protocol (SNTP) and synchronization with PC. For synchronization with PC, select Sync with PC. The gateway will synchronize the time with the connecting PC.

SNTP is the acronym for Simple Network Time Protocol, which is an adaptation of the Network Time Protocol (NTP) used to synchronize computer clocks in the Internet. SNTP can be used to ensure the ultimate performance of full NTP implementation.

64 NB712 / NB714 User Guide YML829 Rev1

For SNTP, select SNTP v4.0.

SNTP service: Enable

Time Server: Any time server in the world can be used but it is suggested

that you use the nearest timeserver.

Time Zone: You have to choose the right time zone.

Click on Finish to ﬁnish the setup. The browser will display the conﬁgured parameters.

Press Restart to restart the gateway with the new parameters or press Continue to setup other parameters.

NB712 / NB714 User Guide 65 YML829 Rev1

10 Utility

This section describes the utility of the router including system information, loading the factory default conﬁguration, upgrading the ﬁrmware, logout and restarting the gateway.

66 NB712 / NB714 User Guide YML829 Rev1

10.1 System Info

Click on System Info to review the information.

The browser will display your system information on the screen.

NB712 / NB714 User Guide 67 YML829 Rev1

10.2 Conﬁg Tool

This conﬁguration tool has three functions: Load Factory Default, Restore Conﬁguration and Backup Conﬁguration.

Press Conﬁg Tool.

Choose the function and then click on Finish.

Load Factory Default function: Will reload the factory default parameters to the gateway.

Note: All of the settings will be changed to factory default. On the other hand you will

lose all the conﬁgured parameters.

Restore Conﬁguration: Will help you to recover your backup conﬁguration:

* Click Finish after selecting Restore Conﬁguration.

* Browse the router for the backup ﬁle and then click

Finish. The router will automatically restore the saved conﬁguration.

Backup Conﬁguration: Any changes to the default conﬁguration should be backed

up. Use this function to backup your router parameters on a

PC.

* Select Backup Conﬁguration and then press Finish.

* Browse the place of backup ﬁle named backup.

Press Finish. The router will automatically backup the conﬁguration.

68 NB712 / NB714 User Guide YML829 Rev1

10.3 Upgrade

You can upgrade the gateway using the upgrade function.

Press Upgrade.

Browse the ﬁle and press OK button to upgrade. The system will reboot automatically after ﬁnishing.

NB712 / NB714 User Guide 69 YML829 Rev1

10.4 Logout

To logout the router, press logout.

70 NB712 / NB714 User Guide YML829 Rev1

10.5 Restart

To restart the router, select Restart in UTILITY.

Click on the Restart button to reboot the router.

NB712 / NB714 User Guide 71 YML829 Rev1

11 Status

You can monitor the following:

• SHDSL status including mode, Tx power, Bitrate, and Performance information including SNR margin, attenuation and CRC error count.

• LAN status will display the MAC address, IP address, Subnet mask and DHCP client table.

• WAN status will display the WAN interface information.

• Route status will display the routing table of router.

• Interface status includes LAN and WAN statistics information.

• Firewall status display DoS protection status and dropped packets statistics.

72 NB712 / NB714 User Guide YML829 Rev1

12 LAN-to-LAN connection with bridge Mode

12.1 CO side

Click Bridge and CO Side to setup Bridging mode of the Router and then click Next.

LAN Parameters

NB712 / NB714 User Guide 73 YML829 Rev1

Enter IP: 192.168.1.1

Enter Subnet Mask: 255.255.255.0

Enter Gateway: 192.168.1.1

Enter Host Name: SOHO

WAN1 Parameters

Enter VPI: 0

Enter VCI: 32

Encap: Click LLC

Click Next

The screen will display the conﬁgured parameters. Check the parameters and click Restart . The router will reboot with the new settings.

74 NB712 / NB714 User Guide YML829 Rev1

12.2 CPE Side

Click Bridge and CO Side to setup Bridging mode of the Router and then click Next.

LAN Parameters

IP Address: Enter192.168.1.2

Subnet Mask: Enter 255.255.255.0

Gateway: Enter 192.168.1.2

Host Name: Enter SOHO

WAN1 Parameters

VPI: 0

VCI: 32

Encap: LLC

Click Next

The screen will display the conﬁgured parameters. Check the parameters and click Restart . The router will reboot with the new settings.

NB712 / NB714 User Guide 75 YML829 Rev1

13 LAN to LAN Connection with Routing Mode

13.1 CO side

Click ROUTE and CO Side then press Next.

LAN parameters:

IP Address: 192.168.20.1

Subnet Mask: 255.255.255.0

Host Name: SOHO

DHCP Service: For more DHCP service, review DHCP Service.

76 NB712 / NB714 User Guide YML829 Rev1

WAN Parameters

VPI: 0

VCI: 32

AAL5 Encap: LLC

Protocol: IPoA , EoA , IPoA + NAT or EoA + NAT

Note: The Protocol used in CO and CPE have to be the same.

Click Next to setup the IP parameters.

Refer to the section NAT/DMZ for more information.

IP Address: 192.168.30.1

Subnet mask: 255.255.255.0

Gateway: 192.169.30.2

Click Next

The screen will display the parameters that will be written to EPROM. Check the parameters before writing to EPROM.

Press Restart to restart the router with the new parameters or press continue to setup other parameters.

NB712 / NB714 User Guide 77 YML829 Rev1

13.2 CPE side

Click ROUTE and CPE Side then press Next.

LAN parameters:

IP Address: 192.168.10.1

Subnet Mask: 255.255.255.0

Host Name: SOHO

DHCP Service: For more DHCP service, review DHCP Service.

WAN Parameters

78 NB712 / NB714 User Guide YML829 Rev1

VPI: 0

VCI: 32

AAL5 Encap: LLC

Protocol: IPoA , EoA , IPoA + NAT or EoA + NAT

Note: The Protocol used in CO and CPE have to be the same.

Click Next to setup the IP parameters.

Refer to the section NAT/DMZ for more information.

IP Address: 192.168.30.2

Subnet mask: 255.255.255.0

Gateway: 192.168.30.1

Click Next

The screen will display the parameters that will be written to EPROM. Check the parameters and click the Restart button to restart the router with the new parameters or press continue to setup other parameters.

NB712 / NB714 User Guide 79 YML829 Rev1

14 Conﬁguration via Serial Console or Telnet with Menu Driven Interface

14.1 Serial Console

Check the connectivity of the RS-232 cable from your computer to the serial port of ROUTER. Start your terminal access program with VT100 terminal emulation. Conﬁgure the serial link with the following value:

Parameter Value

Baudrate 9600

Data Bits 8

Parity Check No

Stop Bits 1

Flow-control No

Press the SPACE key until the login screen appears. When you see the login screen, you can logon to Router.

Note: You have to use the SPACE key. Pressing other keys will not work.

User: admin

Password: *****

Note: The factory default user and passwords are both “admin”.

14.2 Telnet

Make sure the correct Ethernet cable is used to connect the LAN port of your computer to the Router. The LAN LNK indicator on the front panel will glow if the correct cable is used. Start your Telnet client with a VT100 terminal emulation and connect to the management IP of Router. When the login screen appears enter your User name and Password.

User: admin

Password: *****

Note: The default IP address is 192.168.1.1.

80 NB712 / NB714 User Guide YML829 Rev1

14.3 Operation Interface

For serial console and Telnet management, the Router implements two operational interfaces: command line interface (CLI) and menu driven interface. The CLI mode provides users with a simple command line interface. The menu driven interface is a more user-friendly interface for general operations. The command syntax for CLI is the same as that of the menu driven interface. The only difference is that the menu driven interface displays all available commands for you to select. This means that you don’t need to remember the command syntax and can save you time by not requiring you to type the whole command line.

The following ﬁgure gives you an example of the menu driven interface. In the menu, you scroll up/down by pressing key I / K, select one command by key L, and go back to a higher level of menu by key J. For example, to show the system information, just logon to the Router, move down the cursor by pressing key K twice and select “show” command by pressing key L, you shall see a submenu and select “system” command in this submenu, then the system will display the general information.

NB712 / NB714 User Guide 81 YML829 Rev1

14.4 Window structure

From top to bottom, the window will be divided into four parts:

1. Product name

2. Menu ﬁeld: Menu tree is prompted on this ﬁeld. “>>” symbol indicates the cursor place.

3. Conﬁguring ﬁeld: You will conﬁgure the parameters in this ﬁeld. < parameters > indicates the parameters you can choose and < more…> indicates that there have submenu in the title.

4. Operation command for help

The following table shows the parameters in the brackets.

Command Description

<ip> An item enclosed in brackets is required. If the item is shown

in lower case bold, it represents an object with special format. For example, <ip> may be 192.168.1.3.

<Route|Bridge> Two or more items enclosed in brackets and separated by

vertical bars means that you must choose exactly one of the items. If the item is shown in lower case bold with leading capital letter, it is a command parameter. For example, Route is a command parameter in <Route|Bridge>.

[1~1999] An item enclosed in brackets is optional.

[1~65534|-t] Two or more items enclosed in brackets and separated by

vertical bars means that you can choose one or none of the items.

82 NB712 / NB714 User Guide YML829 Rev1

14.5 Menu Driven Interface Commands

Before changing the conﬁguration, familiarize yourself with the operations list in the following table. The Keystroke list are also displayed on the window.

Menu Driven Interface Commands

Keystroke Description

[UP] or I Move to above ﬁeld in the same level menu.

[DOWN] or K Move to below ﬁeld in the same level menu.

[LEFT] or J Move back to previous menu.

[RIGHT] or L Move forward to submenu.

[ENTER] Move forward to submenu.

[TAB] To choose another parameters.

Ctrl + C To quit the conﬁguring item.

Ctrl + Q For help

NB712 / NB714 User Guide 83 YML829 Rev1

14.6 Menu Tree

The menu tree is shown below. All conﬁguration commands are included in the Enable directory and are protected by a supervisor password. Unauthorized users can view the status and conﬁguration of the router, but cannot change any conﬁguration information.

84 NB712 / NB714 User Guide YML829 Rev1

14.7 Conﬁguration

To setup the router, move the cursor “ >>” to Enable and press the enter key. When the screen appears, type the supervisor password. The default supervisor password is admin. The password will be prompted as a “ * “ symbol for system security.

---------------------------------------------------------------------Command: enable <CR> Message: Please input the following information. Supervisor password: ****

----------------------------------------------------------------------

In this sub menu, you can setup management features and upgrade software, backup the system conﬁguration and restore the system conﬁguration via utility tools.

Any changes will need to be written to EPROM and the router will need to be rebooted to work with the new settings.

The screen will prompt as follow.

>> enable Modify command privilege setup Conﬁgure system status Show running system status show View system conﬁguration write Update ﬂash conﬁguration reboot Reset and boot system ping Packet internet groper command admin Setup management features utility TFTP upgrade utility exit Quit system

The description of the commands are:

Command Description

enable Modify command privilege. When you login via serial

console or Telnet, the router defaults to a program execution (read-only) privileges. To change the conﬁguration and write changes to nonvolatile RAM (NVRAM), you must work in enable mode.

setup To conﬁgure the product, you have to use the setup

command.

status View the status of product.

show Show the system and conﬁguration of product.

write Update ﬂash conﬁguration. After you have completed all

necessary settings, write the new conﬁguration to NVRAM by the “write” command and reboot the system, or all of your changes will not take effect.

reboot Reset and boot system. After you have completed all

necessary changes, write the new conﬁguration to NVRAM and reboot the system by “reboot” command, or all of your changes will not take effect.

NB712 / NB714 User Guide 85 YML829 Rev1

Command Description

ping Packet internet groper command.

admin You can set management features with this command.

utility Upgrade software and backup and restore conﬁguration are

done via “utility” command.

exit Quit system

86 NB712 / NB714 User Guide YML829 Rev1

14.8 Status

You can view the status of SHDSL, WAN, route and interface via the status command.

Move cursor “ >> “ to status and press enter.

>> shdsl Show SHDSL status wan Show WAN interface status route Show routing table interface Show interface statistics status ﬁrewall Show ﬁrewall status

Command Description

shdsl The SHDSL status includes line rate, SNR margin, TX

power, attenuation and CRC error of the product, and SNR margin, attenuation and CRC error of remote side. The product access remote side information via EOC (embedded operation channel).

wan WAN status shows the 8 PVC information which are

conﬁgured.

route You can see the routing table via the route command.

interface The statistic status of WAN and LAN interface can be

monitor by interface command.

ﬁrewall The current and history status of ﬁrewall are shown in this

command.

NB712 / NB714 User Guide 87 YML829 Rev1

14.9 Show

You can view the system information, conﬁguration and conﬁguration via the show command.

Move cursor “ >> “ to show and press enter.

>> system Show general information conﬁg Show all conﬁguration script Show all conﬁguration in command script

Command Description

system The general information of the system is displayed.

conﬁg Conﬁg command displays detailed conﬁguration information.

script Conﬁguration information will display in the command script.

88 NB712 / NB714 User Guide YML829 Rev1

14.10 Write

Any changes to the router conﬁguration must be written to EPROM using the write command and the router needs to be rebooted for the changes to take affect.

Move cursor to “ >> “ to write and press enter.

---------------------------------------------------------------------Command: write <CR> Message: Please input the following information. Are you sure? (y/n): y

----------------------------------------------------------------------

14.11 Reboot

To reboot the router, use reboot command. Move cursor to “ >> “ to write and press enter.

---------------------------------------------------------------------Command: reboot <CR> Message: Please input the following information. Do you want to reboot? (y/n): y

----------------------------------------------------------------------

14.12 Ping

Ping command will be used to test the connection of the router. Move cursor “ >> “ to ping and press enter.

---------------------------------------------------------------------Command: ping <ip> [1~65534|-t] [1~1999] Message: Please input the following information. IP address <IP> : 10.0.0.1 Number of ping request packets to send (TAB select): -t Data size [1~1999]: 32

----------------------------------------------------------------------

There are 3 types of number of ping request packet to send, default, 1~65534 and –t. Default will send 4 packet and –t continuous packet until you key in Ctrl+c to stop.

14.13 Administration

You can modify the user proﬁle, telnet access, SNMP (Sample Network Management Protocol), supervisor information and SNTP (Simple Network Time Protocol) in admin. The route is enable ==> admin.

For conﬁguration the parameters, move the cursor “ >> “ to admin and press enter.

>> user Manage user proﬁle security Setup system security snmp Conﬁgure SNMP parameter passwd Change supervisor password id Change supervisor ID sntp Conﬁgure time synchronization

NB712 / NB714 User Guide 89 YML829 Rev1

14.13.1 User Proﬁle

You can use the user command to clear, modify and list the user proﬁles. You can deﬁne up to ﬁve users to access the router via console port or telnet in user proﬁle table however users who have the supervisor password can change the conﬁguration of the router. Move the cursor “ >> “ to user and press enter key.

>> clear Clear user proﬁle modify Modify the user proﬁle list List the user proﬁle

You can delete the user by number using the clear command. Make sure the number of the user is correct. You can use list command to check it. Modify command is to modify any user information or add a new user to user proﬁle.

To modify or add a new user, move the cursor to modify and press enter.

---------------------------------------------------------------------Command: admin user modify <1~5> <more...> Message: Please input the following information. Legal access user proﬁle number <1~5> : 2

----------------------------------------------------------------------

The screen will prompt as follow.

>> Attrib UI mode Proﬁle User name and password

There are two UI mode, command and menu mode, to setup the product. We will not discuss command mode in this manual.

14.13.2 Security

Security command can be conﬁgured sixteen legal IP address for telnet access and telnet port number.

Move the cursor “ >> “ to security and press enter. The default legal address is 0.0.0.0 which means that there is no IP restriction to access the router via telnet.

>> port Conﬁgure telent TCP port ip_pool Legal address IP address pool list Show security proﬁle

90 NB712 / NB714 User Guide YML829 Rev1

14.13.3 SNMP

Simple Network Management Protocol (SNMP) is the protocol not only governing network management, but also the monitoring of network devices and their functions.

The router can generate SNMP traps to indicate alarm conditions, and it relies on SNMP community strings to implement SNMP security. This router supports MIB I & II.

Move the cursor “ >> “ to snmp and press enter.

>> community Conﬁgure community parameter trap Conﬁgure trap host parameter

Up to 5 SNMP community entries can be conﬁgured in this system. Move the cursor to community and press enter.

---------------------------------------------------------------------Command: admin snmp community <1~5> <more...> Message: Please input the following information. Community entry number <1~5> : 2

----------------------------------------------------------------------

The screen will prompt as follow:

>> edit Edit community entry list Show community conﬁguration

Up to 5 SNMP trap entries can be conﬁgured in this system. Move the cursor to trap and press enter.

---------------------------------------------------------------------Command: admin snmp trap <1~5> <more...> Message: Please input the following information. Trap host entry number <1~5> : 2

----------------------------------------------------------------------

The screen will prompt as follow:

>> edit Edit trap host parameter list Show trap conﬁguration

NB712 / NB714 User Guide 91 YML829 Rev1

14.13.4 Supervisor Password and ID

The supervisor password and ID are the last door for security but the most important. Users who access the router via web browser have to use the ID and password to conﬁgure the router and users who access the router via telnet or console mode have to use the password to conﬁgure the router. Change the ID and password after conﬁguration and save it. When you access to the router again, you have to use the new password.

---------------------------------------------------------------------Command: admin passwd <pass_conf> Message: Please input the following information. Input old Supervisor password: **** Input new Supervisor password: ******** Re-type Supervisor password: ********

----------------------------------------------------------------------

---------------------------------------------------------------------Command: admin id <pass_conf> Message: Please input the following information. Legal user name (Enter for default) <root> : test

----------------------------------------------------------------------

92 NB712 / NB714 User Guide YML829 Rev1

14.13.5 SNTP

Time synchronization is an essential element for any business that relies on an IT system. The reason for this is that these systems all have clocks that are the source of time for ﬁles or operations they handle. Without time synchronization, time on these systems can vary and this can cause virtual server schedule processes to fail and system log exposures with wrong data.

There are two methods to synchronize time: synchronize with a PC or SNTPv4. If you choose synchronize with PC, the router will synchronize with a PC. If you choose SNTPv4, the router will use the protocol to synchronize with the time server. Synchronization with time server, SNTP v4, needs to conﬁgure service, time_server and time_zone. Synchronization with PC does not require the above parameters.

Move the cursor “ >> “ to sntp and press enter.

>> method Select time synchronization method service Tigger SNTP v4.0 service time_server1 Conﬁgure time server 1 time_server2 Conﬁgure time server 2 time_server3 Conﬁgure time server 3 updaterate Conﬁgure update period time_zone Conﬁgure GMT time zone offset list Show SNTP conﬁguration

To conﬁgure SNTP v4 time synchronization, follow the procedures detailed below:

Move the cursor to method and press enter.

---------------------------------------------------------------------Command: admin sntp method <SNTPv4|SyncWithPC> Message: Please input the following information. SYNC method (Enter for default) <SyncWithPC> : SNTPv4

----------------------------------------------------------------------

Move the cursor to service and press enter.

---------------------------------------------------------------------Command: admin sntp service <Disable|Enable> Message: Please input the following information. Active SNTP v4.0 service (Tab Select) <Enable> : Enable

----------------------------------------------------------------------

Move the cursor to time_server1 and press enter.

---------------------------------------------------------------------Command: admin sntp time_server1 <string> Message: Please input the following information. Time server address(Enter for default) <ntp-2.vt.edu> : ntp-2.vt.edu

----------------------------------------------------------------------

You can conﬁgure up to three time servers in this system.

Move the cursor to update_rate and press enter.

---------------------------------------------------------------------Command: admin sntp update_rate <10~268435455> Message: Please input the following information. Update period (secs) (Enter for default) : 86400

----------------------------------------------------------------------

NB712 / NB714 User Guide 93 YML829 Rev1

Move the cursor to time_zone and conﬁgure where your router is placed. The easiest way to know the time zone offset hour is from your PC clock. Double click the clock at the right corner of monitor and check the time zone.

---------------------------------------------------------------------Command: admin sntp time_zone <-12~12> Message: Please input the following information. GTM time zone offset (hours) (Enter for default) : -8

----------------------------------------------------------------------

Move the cursor to list and review the setting.

94 NB712 / NB714 User Guide YML829 Rev1

14.14 Utility

There are three utility tools, upgrade, backup and restore, embedded in the ﬁrmware. You can update the new ﬁrmware via TFTP upgrade tools and backup the conﬁguration via TFTP backup tool and restore the conﬁguration via TFTP restore tool. For upgrade, TFTP server with the new ﬁrmware will be supported by supplier but for backup and restore, you must have your own TFTP server to backup and restore the ﬁle.

Move the cursor “ >> “ to utility and press enter.

>> upgrade Upgrade main software backup Backup system conﬁguration Restore Restore system conﬁguration

14.15 Exit

If you want to exit the system without saving, use exit command to quit system.

14.16 Setup

All of the setup parameters are located in the subdirectories of setup. Move the cursor “ >> “ to setup and press enter.

>> mode Switch system operation mode shdsl Conﬁgure SHDSL parameters wan Conﬁgure WAN interface proﬁle bridge Conﬁgure transparent bridging vlan Conﬁgure virtual LAN paramters route Conﬁgure routing parameters lan Conﬁgure LAN interface proﬁle ip_share Conﬁgure NAT/PAT parameters ﬁrewall Conﬁgure Firewall parameters dhcp Conﬁgure DHCP parameters dns_proxy Conﬁgure DNS proxy parameters hostname Conﬁgure local host name default Restore factory default setting

14.16.1 Mode

The product can act as routing mode or bridging mode. The default setting is routing mode. You can change the system operation mode by using mode command. Move the cursor “ >> “ to mode and press enter.

---------------------------------------------------------------------Command: setup mode <Route|Bridge> Message: Please input the following information. System operation mode (TAB select) <Route>: Route

----------------------------------------------------------------------

NB712 / NB714 User Guide 95 YML829 Rev1

14.16.2 SHDSL

You can setup the SHDSL parameters by the command shdsl. Move the cursor “ >> “ to shdsl and press enter.

>> mode Conﬁgure SHDSL mode Link Conﬁgure SHDSL link n*64 Conﬁgure SHDSL data rate type Conﬁgure SHDSL annex type clear Clear current CRC error count margin Conﬁgure SHDSL SNR margin

There are two types of SHDSL mode, STU-R and STU-C. STU-R means the terminal of central ofﬁce and STU-C customer premises equipment.

Link type will be 2-wire or 4-wire mode according to the product. 4-wire product can be worked under 2-wire mode.

You can set the data rate in multiples of 64Kbps where n is from 0 to 32. If you conﬁgure n to 0, the product will perform in adaptive mode.

There are two types of SHDSL Annex type, Annex-A and Annex-B.

Clear command can clear CRC error count.

Generally, you do not need to change the SNR margin, which ranges from 0 to 10. The SNR margin is an index of line connection. You can see the actual SNR margin in STATUS SHDSL. The larger the SNR margin, the better the line connection. If you set SNR margin in the ﬁeld as 2, the SHDSL connection will drop and reconnect when the SNR margin is lower than 2. I.e., the device will reduce the line rate and reconnect for better line connection.

96 NB712 / NB714 User Guide YML829 Rev1

14.16.3 WAN

The router supports up to 8 PVCs, private virtual circuits, and so you can setup up to 8 WANs; WAN1 to WAN8. Move the cursor “ >> “ to wan and press enter. To setup WAN1, type 1.

---------------------------------------------------------------------Command: setup wan <1~8> Message: Please input the following information. Interface number <1~8>: 1

--------------------------------------------------------------------->> protocol Link type protocol address IP address and subnet mask vpi_vci Conﬁgure VPI/VCI value encap Conﬁgure encapsulation type qos Conﬁgure VC QoS isp Conﬁgure account name, password and idle time ip_type Conﬁgure IP type in PPPoA and PPPoE list WAN interface conﬁguration

There are four types of protocols, IPoA, EoA, PPPoA and PPPoE, which you can setup.

For dynamic IP of PPPoA and PPPoE, you do not need to setup the IP address and subnet mask.

There is an unique VPI and VCI value for Internet connection supported by ISP. The range of VIP is from 0 to 255 and VCI from 0 to 65535.

There are two types of encapsulation types, VC-Mux and LLC.

You can setup virtual circuit quality of service, VC QoS, using qos command. The product supports UBR, CBR, VBR-rt and VBR-nrt. The peak cell rate can be conﬁgured from 64kbps to 2400kbps. Move the cursor to qos and press enter.

>> class Conﬁgure QoS class pcr Conﬁgure peak cell rate (kbps) scr Conﬁgure sustainable cell rate (kbps) mbs Conﬁgure max. burst size (cell)

ISP command can conﬁgure account name, password and idle time. Idle time can be from 0 minute to 300 minutes.

Most ISPs use dynamic IP for PPP connection but some will use static IP. Conﬁgure the IP type, dynamic or ﬁxed, via ip_type command.

You can review the WAN interface conﬁguration via the list command.

NB712 / NB714 User Guide 97 YML829 Rev1

14.16.4 Bridge

You can setup the bridge parameters in bridge command. If the product is conﬁgured as a router, you do not want to setup the bridge parameters. Move the cursor “ >> “ to bridge and press enter.

>> gateway Default gateway static Static bridging table

You can setup default gateway IP via gateway command.

You can deﬁne 20 sets of static bridge in static command. After entering static menu, the screen will prompt as below:

>> add Add static MAC entry delete Delete static MAC entry modify Modify static MAC entry list Show static bridging table

After enter add menu, the screen will prompt as follow

>> mac Conﬁgure MAC address lan_port Conﬁgure LAN interface bridging type wan1_port Conﬁgure WAN1 interface bridging type wan2_port Conﬁgure WAN2 interface bridging type wan3_port Conﬁgure WAN3 interface bridging type wan4_port Conﬁgure WAN4 interface bridging type wan5_port Conﬁgure WAN5 interface bridging type wan6_port Conﬁgure WAN6 interface bridging type wan7_port Conﬁgure WAN7 interface bridging type wan8_port Conﬁgure WAN8 interface bridging type list Show static bridging table

98 NB712 / NB714 User Guide YML829 Rev1

14.16.5 VLAN

You can setup the Virtual LAN (VLAN) parameters in vlan command. The router support the implementation of VLAN-to-PVC only for bridge mode operation, i.e., the VLAN spreads over both the COE and CPE sides, where there is no layer 3 routing involved. The unit supports up to 8 active VLANs with shared VLAN learning (SVL) bridge out of 4096 possible VLANs speciﬁed in IEEE 802.1Q.

Move the cursor “ >> “ to vlan and press enter.

>> mode Trigger virtual LAN function modify Modify virtual LAN rule pvid Modify port default ID link_mode Modify port link type list Show VLAN conﬁguration

To active the VLAN function, move the cursor “ >> “ to mode and press enter. The router supports two types of VLAN, 802.11q and Port-Based. The IEEE 802.1Q deﬁnes the operation of VLAN bridges that permit the deﬁnition, operation, and administration of VLAN topologies within a bridged LAN infrastructure. Port-Based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port.

NB712 / NB714 User Guide 99 YML829 Rev1

14.16.6 802.11Q VLAN

Follow the following steps to conﬁgure 802.11q VLAN.

---------------------------------------------------------------------Command: setup vlan active <Disable|8021Q|Port> Message: Please input the following information. Tigger VLAN function (Tab select) <Disable>: 8021Q

----------------------------------------------------------------------

To modify the VLAN rule, move the cursor “ >> “ to modify and press enter.

---------------------------------------------------------------------Command: setup vlan modify <1~8> <1~4094> <string> Message: Please input the following information. Rule entry index <1~8>: 1 VLAN ID (Enter for default) <1>: 10 VLAN port status (Enter for default): 11001

----------------------------------------------------------------------

For each VLAN, VLAN ID is a unique number among 1~4095.

VLAN port status is a 12-digit binary number whose bit-1 location indicates the VLAN port membership in which 4MSBs and 8MSB represents LAN ports and WAN port, respectively. For example: the above setting means that the VID 20 member port includes LAN1, LAN2 and WAN. The member ports are tagged members. Use PVID command to change the member port to untagged members

To assign PVID (Port VID), move the cursor “>>” to PVID and press enter. The port index 1 to 4 represents LAN1 to LAN4 respectively and port index 5 to 12 represents WAN1 to WAN8. VID value is the group at which you want to assign the PVID of the port. PVID is

---------------------------------------------------------------------Command: setup vlan pvid <1~12> <1~4094> Message: Please input the following information. Port index <1~12>: 1 VID Value (Enter for default) <10>: 10

----------------------------------------------------------------------

To modify the link type of the port, move the cursor to link mode and press enter. There are two types of link: access and trunk. Trunk link will send the tagged packet form the port and access link will send un-tagged packet form the port. Port index 1 to 4 represents LAN1 to LAN4 respectively. According to the operation mode of the device, link type of WAN port is automatically conﬁgured. If the product operates in bridge mode, the WAN link type will be trunk, and in routing mode, access.

---------------------------------------------------------------------Command: setup vlan link_mode <1~12> <Access|Trunk> Message: Please input the following information. Port index <1~12>: 1 Port link type (Tab select) <Trunk>: Access

----------------------------------------------------------------------

To view the VLAN table, move the cursor to list and press enter.

100 NB712 / NB714 User Guide YML829 Rev1

NetComm NB712 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual